Engineering · Platform Architecture · B2B SaaS Technologist Boston, MA · ~30 years across IBM, CyberArk, Alteryx, Digital.ai, Gryphon.ai
I ship platform infrastructure for production AI: the layer between agent fleets and the people who run them. Reliability primitives, identity governance, AI observability, decision intelligence. I also author open specifications for the answer-engine era — see the Kinetic Gain Protocol Suite below. Polyglot by choice: the language fits the problem, not the resume.
Publication note: many of the repos below were published in a concentrated May 2026 portfolio sprint. The dates reflect public packaging, CI, screenshots, and repo hardening, not the first moment the ideas or workstreams existed.
Twenty productized open-source properties live at kineticgain.com subdomains. All push-to-deploy via GitHub Actions FTP CI/CD. Front door: suite.kineticgain.com · Quickstart hub: docs.kineticgain.com.
| Property | What it does | Buyer |
|---|---|---|
| suite.kineticgain.com | Kinetic Gain Protocol Suite — canonical front door for all 10 open AI governance specs | Recruiters / investors / generalist |
| docs.kineticgain.com | Quickstart hub — per-role guides (CISO / district / healthcare vendor / answer engine) + canonical /.well-known/ path map |
New visitors / implementers |
| directory.kineticgain.com | Vendor directory — curated list of domains publishing Kinetic Gain documents | Procurement reviewers |
| examples.kineticgain.com | Examples gallery — pick a spec, see its canonical example with JSON highlight | Developers / spec authors |
| walker.kineticgain.com | well-known-walker — paste any domain, see every Kinetic Gain disclosure it publishes | Procurement / Risk reviewers |
| bench.kineticgain.com | prompt-injection-bench — visual harness, paste a JSONL transcript, see pass rates | CISO / Red-team / Trust & Safety |
| Property | Spec | Buyer |
|---|---|---|
| aeo.kineticgain.com | AEO Protocol — interactive visualizer | Platform Eng / AEO |
| prompts.kineticgain.com | Prompt Provenance | LLM Platform / SRE |
| agents.kineticgain.com | Agent Cards | Platform Eng / Procurement |
| evidence.kineticgain.com | AI Evidence Format | RAG / Search / Answer engines |
| toolcards.kineticgain.com | MCP Tool Cards | MCP authors / Platform Sec |
| tutor.kineticgain.com | AI Tutor Cards | EdTech / District Procurement |
| student.kineticgain.com | Student AI Disclosure | Academic integrity / LMS |
| aup.kineticgain.com | Classroom AI AUP | District / school / instructor |
| clinical.kineticgain.com | Clinical AI Disclosure (HIPAA / FDA / SaMD) | Hospital CMIO / Compliance |
| incidents.kineticgain.com | AI Incident Card — "CVE for AI agents" | CISO / Trust & Safety |
| Property | What it does | Buyer |
|---|---|---|
| gv.kineticgain.com | GitVisualizer — visual portfolio intelligence for any GitHub user | Engineering / Hiring |
| mcp.kineticgain.com | MCP Sentinel — governance dashboard for Model Context Protocol servers | CISO / Platform Security |
| rag.kineticgain.com | RAG Sentinel — hallucination, drift, and citation quality monitoring | ML / AI Ops |
| observe.kineticgain.com | AgentObserve — operator console for AI agent fleets | SRE / Platform |
All twenty: mix of AGPL-3.0 and Apache-2.0, CI green, push-to-deploy via FTP Action. 8 React 19 + TypeScript apps · 12 hand-written static HTML landings.
A family of ten open JSON specifications for the answer-engine and agent era — five core (AEO, Prompt Provenance, Agent Cards, AI Evidence Format, MCP Tool Cards), a three-spec EdTech trio (vendor / district / student), a HealthTech vertical extension (Clinical AI Disclosure — HIPAA / FDA / SaMD posture), and a cross-cutting AI Incident Card that ties everything together post-hoc. Two regulated verticals covered. All AGPL-3.0, all v0.1 draft, all kinetic-gain-protocol-suite tagged. Single landing: kinetic-gain-protocol-suite.
| Spec | What it declares | Detect via |
|---|---|---|
aeo-protocol-spec |
AEO Protocol — entity declaration at /.well-known/aeo.json |
aeo_version |
prompt-provenance-spec |
Prompt Provenance — versioned, lineaged, reviewable LLM prompt records | provenance_version |
agent-cards-spec |
Agent Cards — declarative agent capability + refusal disclosure | agent_card_version |
ai-evidence-format-spec |
AI Evidence Format — structured citations for LLM-generated claims | evidence_version |
mcp-tool-card-spec |
MCP Tool Cards — per-tool disclosure for Model Context Protocol servers | tool_card_version |
ai-tutor-card-spec |
AI Tutor Cards — EdTech vendor-side: pedagogy, FERPA/COPPA/GDPR posture | tutor_card_version |
student-ai-disclosure-spec |
Student AI Disclosure — student-side: roles, prompt evidence (full/hashed/omitted), artifact-hash binding | disclosure_version |
classroom-ai-aup-spec |
Classroom AI AUP — district / school / course-side policy (closes the EdTech trio) | aup_version |
clinical-ai-disclosure-spec |
Clinical AI Disclosure — HealthTech vendor-side: HIPAA / FDA / SaMD posture, bias audits, EHR (FHIR / CDS Hooks) | clinical_ai_card_version |
ai-incident-card-spec |
AI Incident Card — "CVE for AI agents," cross-references every other affected document in the Suite | incident_card_version |
The canonical depth example — every layer needed to consume the spec, across five languages:
| Layer | Repos |
|---|---|
| SDKs | aeo-sdk-python (live on PyPI) · aeo-sdk-typescript · aeo-sdk-rust · aeo-sdk-go · aeo-sdk-swift |
| CLI | aeo-cli — aeo validate / fetch / inspect / claim, colored output, end-to-end against the live well-known URL |
| Crawler | aeo-crawler — BFS over AEO graphs, JSON Lines output, configurable depth + concurrency |
| Repo | What it does |
|---|---|
mcp-aeo-server |
AEO-only MCP server — 4 tools, one Claude Desktop config entry |
mcp-kinetic-gain |
Unified MCP server — 34 tools across 8 specs (v0.4.0, git-tagged), one Claude Desktop config entry, 61 tests passing. Headline tool: aup_check_compliance joins an AUP + Student AI Disclosure into a single allow/deny call. |
| Live | Repo | What it does |
|---|---|---|
aeo.kineticgain.com |
aeo-visualizer |
Dedicated AEO Protocol web visualizer |
kinetic-gain-visualizer |
kinetic-gain-visualizer |
Unified visualizer — auto-detects the spec from the top-level *_version field and renders the appropriate view. Eight specs auto-detected; five views: Visualize / Editor / Architecture / Tools / About |
examples.kineticgain.com |
kinetic-gain-examples-gallery |
Examples gallery — sidebar of 10 specs, click any to see its canonical example rendered with JSON syntax highlighting |
walker.kineticgain.com |
well-known-walker-web |
well-known-walker — paste any domain, see every Kinetic Gain disclosure document it publishes |
bench.kineticgain.com |
prompt-injection-bench-web |
prompt-injection-bench visual harness |
The unified visualizer + unified MCP server give the Suite a complete read-side (human) and tool-side (agent) entry point. Ten specs, two front doors, twenty live properties.
| Repo | What it does |
|---|---|
prompt-injection-bench |
30-attack prompt-injection corpus + Python harness. Every record back-references the Agent Card refusal_taxonomy[].category it tests, so a vendor can mechanically verify declared refusals hold under attack. Failed runs feed AI Incident Cards. Not a 10th spec — the testing-counterpart to the disclosure layer. |
A four-piece set. Each independent. All designed to compose:
| Repo | Surface | Buyer |
|---|---|---|
rate-limit-shield |
Token bucket + circuit breaker + jittered retry, HTTP 429 / Retry-After awareness | SRE |
identity-mesh |
SPIFFE-style JWT-SVID broker — short-lived tokens, audience binding, zero long-lived keys | CISO |
agent-canary |
Progressive rollout, shadow mode, sticky-percent routing, auto-rollback | Platform / SRE |
model-registry-pro |
Model lifecycle catalog: lineage, stage promotion, approval gates | Platform / MLOps |
Identity at the edge → rate limits at the model → canary at deploy → registry as source of truth. Defense-in-depth for the agent era.
Production-shaped backend services in the right language for the problem. 15+ languages across one coherent platform.
| Language | Repo | What it does |
|---|---|---|
| Go | edge-policy-enforcer |
Edge request governance, bot handling, redirect control |
| Go | latency-budget-enforcer |
Latency budget enforcement, dependency drag review |
| Rust | crawl-anomaly-detector |
Crawl log anomaly scoring, indexing risk review |
| Rust | support-escalation-router |
Support queue escalation, SLA pressure scoring |
| Java | compliance-event-ledger |
Spring Boot immutable compliance event history |
| C# | tenant-isolation-guard |
ASP.NET Core tenant-boundary policy evaluation |
| C# | approval-workflow-orchestrator |
ASP.NET Core approval routing, SLA-aware escalation |
| Kotlin | release-readiness-gatekeeper |
Release gate evaluation, dependency readiness scoring |
| Kotlin | reliability-policy-coordinator |
Dependency drag review, error-budget policy |
| Scala | policy-decision-simulator |
Policy simulation for governance scenarios, launch gates |
| Elixir | incident-handoff-broker |
Incident routing, SLA-aware handoff scoring |
| Ruby | message-retention-guardian |
Retention policy enforcement, legal hold protection |
| PHP | entitlement-request-portal-api |
Entitlement requests, approval routing, access review |
| Dart | mobile-briefing-companion |
Flutter mobile app for executive briefings, signal summaries |
| Terraform | platform-foundation-blueprint |
Multi-environment networking, IAM blueprint |
| Go | grpc-mesh-shadow |
gRPC shadow traffic mirroring, divergence detection, sampling |
| Go | miz-otel-pack |
OpenTelemetry SpanProcessor — GenAI spans → business cost/latency spans |
| Rust | wasm-policy-gateway |
WASI policy engine — geo + rate-limit + A/B routing, ~128 KB module |
| Rust | bls-attestation-broker |
BLS12-381 aggregate signatures for multi-signer attestation |
| Zig | zig-agent-graph-db |
In-memory directed graph for agent context, stdlib only |
| Haskell | haskell-policy-engine |
Type-safe policy DSL with Hspec + QuickCheck properties |
| Python | embedding-drift-graph |
Track cosine drift of entity embeddings across encoder versions, GraphQL API |
| Python | audit-graph-explorer |
Neo4j + Cypher relationship-driven audit analysis |
| Python | secret-rotation-scheduler |
Secret rotation windows, owner prompts, stale-secret detection |
| Python | warehouse-reconciliation-engine |
Source-to-warehouse drift detection, finance-grade reconciliation |
| Python | data-quality-guardrail |
Schema drift, freshness lag, null spike detection |
| dbt + DuckDB | dbt-search-observatory |
Search console, crawl, index coverage, freshness modeling |
| SQL Warehouse | search-observability-warehouse |
Crawl analytics, indexation, technical SEO observability |
Production-shaped governance and observability for AI / LLM workloads:
mcp-sentinel— MCP server observability + security auditrag-sentinel— RAG quality / drift / hallucination signalsagentobserve— Datadog-shaped operator surface for agent fleetsagent-codex— governance-as-code: SOC 2 / EU AI Act / ISO 27001 / NIST mappingsagent-eval-arena— eval harness with regression detection + CI gatesagent-router— LLM router with provider-aware routing and breakersllm-redaction-gateway— PII + secret redaction for LLM API callsshadow-ai-detector— unauthorized LLM usage detectionai-finops-radar— token-level cost attribution + anomaly detectionkinetic-flightdeck— unified AI Platform Engineering ops console
| Repo | What it does |
|---|---|
briefing-intelligence-engine |
Executive briefing scoring, narrative generation, risk ranking |
signal-orchestration-lab |
Dependency-aware signal routing, escalation sequencing |
Executive dashboards, control planes, decision studios — organized by domain:
Executive & Portfolio
executive-briefing-studio · portfolio-command-center · executive_operations_dashboard · scenario-planning-atlas
Revenue & Growth
customer-intelligence-graph · growth-systems-control-room · revenue-forecasting-workbench · attribution-intelligence-studio · pricing-experiment-studio · conversion-funnel-intelligence-hub · deal-desk-workspace
AI Governance & Risk
ai-governance-review-studio · model-risk-oversight-hub · vendor-risk-operations-center · compliance-workflow-hub · ai-operations-console
Identity & Security
identity-command-center · identity-lifecycle-workbench · security-posture-control-room
Workflow & Operations
workflow-orchestration-studio · feature-flag-rollout-studio · ab-testing-command-center · customer-journey-control-plane
Spec-first OpenAPI services:
Identity-Access-Audit-API · observability-incident-command-api · customer-health-churn-api · partner-lead-distribution-engine · content-workflow-intelligence-platform · experimentation_insights_kpi · seo-governance-platform · webhook-ingestion-pipeline · kinetic-api-gateway · revenue-ops-ai-assistant
revops-database-lab · revenue-intelligence-db · cloud-cost-intelligence-dashboard
PostgreSQL revenue modeling, attribution analysis, forecast and renewal risk reporting, cloud cost intelligence.
| Layer | Tools |
|---|---|
| Languages | Python · TypeScript · Go · Rust · Java · C# · Kotlin · Scala · Elixir · Ruby · PHP · Dart · Swift · Zig · Haskell · SQL · HCL · dbt |
| Backend | FastAPI · Express · Spring Boot · ASP.NET Core · Javalin · Cowboy/Plug · WEBrick |
| Frontend | React 19 · Vue 3 · Flutter · TypeScript · Vite · Tailwind · Recharts · Motion |
| Data | PostgreSQL · DuckDB · dbt · Neo4j · Pandas · Pydantic |
| AI / Platform | SPIFFE zero-trust identity · governance-as-code · LLM routing · token-cost attribution · OpenAPI specs · MCP servers · OpenTelemetry GenAI · BLS aggregate signatures · WASI · spec authorship |
| CI/CD | GitHub Actions · FTP auto-deploy · Hostinger · AGPL-3.0 licensing |
Open to Director / Principal-level Platform Engineering, Web Engineering, or AI Platform roles at enterprise B2B SaaS companies. East Coast time zone. Remote-friendly.
"Long-lived credentials are tomorrow's incident reports. Build short-lived. Audit always. Document once."
All active repositories · Career one-pager
Connect: LinkedIn · Kinetic Gain · Medium · Skills