Summary
Drops all eleven Kinetic Gain Protocol Suite specs plus DefenseTech tooling into your MCP client as 71 callable tools. You get read-side validation and inspection for AEO declarations, Prompt Provenance lineage, Agent Cards, AI Evidence hashes, MCP Tool Cards, plus the EdTech trio (AI Tutor Cards, Student AI Disclosure, Classroom AUP). The DefenseTech 6-pack adds CUI distribution-statement checks, ITAR us-person verification, DFARS 72-hour clock auditing, and CMMC evidence-bundle summarization. Cross-spec workflows are atomic: pull tool URIs from an Agent Card, then inspect the Tool Card in the same conversation. Also ships a standalone CLI validator for CI pipelines. Reach for this when you're building agents that need to reason about AI governance documents or enforce compliance invariants across the Suite.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
mcp-kinetic-gain
One MCP server, all eleven Kinetic Gain Protocol Suite specs + the v0.1.0 implementation tooling + the DefenseTech 6-pack. Drop into Claude Desktop, Cursor, or any MCP-compatible client with a single config entry. The agent gains 71 tools (47 spec + 16 implementation-preview + 8 DefenseTech, v0.8.0): AEO Protocol, Prompt Provenance, Agent Cards, AI Evidence Format, MCP Tool Cards, AI Tutor Cards, Student AI Disclosure, Classroom AI AUP, Clinical AI Disclosure, AI Incident Card, AI Procurement Decision Card - plus hash attestation (ed25519), audit-stream event composition + chain verification (offline AND live against a running audit-stream-py via AUDIT_STREAM_URL), cross-spec drift detection, Decision Intelligence preview (Decision Card → PolicyBundle, rubric status inference, incident remediation planning), and DefenseTech 3-axis vault resolver + invariant checkers (CUI distribution-statement, ITAR us-person, DFARS 72-hour wall-clock) + CMMC evidence-bundle summarizer + Incident Card event-type classifier. New in v0.8.0: defensetech_vault_resolve_3axis, defensetech_audit_event_check_invariants, defensetech_check_dfars_72h_clock, defensetech_check_cui_distribution_statement, defensetech_check_itar_us_person, defensetech_incident_classify_event_type, defensetech_summarize_cmmc_evidence_bundle, defensetech_vault_contract_cross_binding_check.
This is the unified read-side companion to kinetic-gain-visualizer: the visualizer renders any of the 11 specs for humans, this server exposes them as callable tools for agents.
Tools
71 tools
aeo_fetch- Fetch the full AEO Protocol declaration at an origin'saeo_inspect- Return a structured summary of an AEO declaration: entityaeo_get_claim- Extract a single AEO claim by IDaeo_well_known_url- Compute the canonical AEO well-known URL for an originprompt_provenance_validate- Validate a Prompt Provenance JSON document against the v0.1prompt_provenance_inspect- Structured summary of a Prompt Provenance document: promptprompt_provenance_eval_result- Extract a single evaluation suite's result from a Promptagent_card_well_known_url- Compute the canonical Agent Card well-known URL for a givenagent_card_inspect- Structured summary of an Agent Card documentagent_card_tool_disclosure- Return the list of tools an agent declares, with side-effectagent_card_validate- Validate an Agent Card JSON document against the v0.1 schema.ai_evidence_validate- Validate an AI Evidence object against the v0.1 schema.ai_evidence_inspect- Structured summary of an AI Evidence object: claim textai_evidence_verify_hash- Compute SHA-256 over the canonical UTF-8 form oftool_card_well_known_url- Compute the canonical MCP Tool Card well-known URLtool_card_inspect- Structured summary of an MCP Tool Card: tool identity, safetytool_card_tested_with- Return the tested-LLM entries for a tool, optionally filteredtool_card_validate- Validate an MCP Tool Card JSON document against the v0.1tutor_card_well_known_url- Compute the canonical AI Tutor Card well-known URLtutor_card_fetch- Fetch a Tutor Card from a URLtutor_card_validate- Validate an AI Tutor Card JSON document against the v0.1tutor_card_inspect- Structured summary of a Tutor Card: tutor identity, audiencetutor_card_subject_check- Classify a topic against the tutor's subject scopetutor_card_coppa_check- Enforce the spec's COPPA conditional rule: ifdisclosure_validate- Validate a Student AI Disclosure JSON document against thedisclosure_inspect- Structured summary of a Student AI Disclosure: assignmentdisclosure_verify_artifact_hash- Recompute SHA-256 over a candidate artifact and compare todisclosure_verify_prompt_hash- Verify a single prompt hash in a hashed-mode disclosuredisclosure_aup_check- Surface the disclosure's policy posture: whether an aup_uriaup_well_known_url- Compute the canonical Classroom AI AUP well-known URLaup_fetch- Fetch a Classroom AI AUP from a URLaup_validate- Validate a Classroom AI AUP JSON document against the v0.1aup_inspect- Structured summary of a Classroom AI AUP: policy identityaup_check_compliance- HEADLINE TOOL, joins an AUP with a Student AI Disclosure andclinical_ai_well_known_url- Compute the canonical Clinical AI Card well-known URLclinical_ai_fetch- Fetch a Clinical AI Card from a URLclinical_ai_validate- Validate a Clinical AI Card JSON document against the v0.1clinical_ai_inspect- Structured summary of a Clinical AI Card: system identityincident_well_known_url- Compute the canonical AI Incident Card well-known URLincident_fetch- Fetch an AI Incident Card from a URLincident_validate- Validate an AI Incident Card JSON document against the v0.1incident_inspect- Structured summary of an AI Incident Card: incident identityincident_index_fetch- HEADLINE TOOL, fetch a vendor'sdecision_card_well_known_url- Compute the canonical AI Procurement Decision Card well-knowndecision_card_fetch- Fetch an AI Procurement Decision Card from a URLdecision_card_validate- Validate an AI Procurement Decision Card JSON documentdecision_card_inspect- Structured summary of an AI Procurement Decision Card: buyerdecision_card_infer_status- Given a rubric, infer the right decision.statusdecision_card_to_policy_bundle- Translate a Decision Card into the PolicyBundle thatdecision_card_signature_check- Structural check on a Decision Card's signatures[] blockincident_affected_walk- Walk an Incident Card's affected block and return everyincident_remediation_plan- Map each affected URI in an Incident Card to a recommendedattestation_canonical_hash- Compute the SHA-256 canonical-JSON hash of an arbitrary valueattestation_verify- Verify an ed25519 Attestation envelopeattestation_inspect- Pretty-print an Attestation envelope with structuralaudit_event_compose- Build a ready-to-POST audit-stream-py GovernanceEventaudit_chain_verify- Walk an array of GovernanceEvents top-to-bottom and verifyaudit_event_inspect- Pretty-print one GovernanceEvent with structural validationaudit_event_emit- POST one governance event to a running audit-stream-pyaudit_events_query- GET recent governance events from a running audit-stream-pyaudit_chain_verify_live- Ask a running audit-stream-py instance to walk its own chainsuite_doc_detect_spec- Detect which Kinetic Gain Suite spec a JSON document is bysuite_doc_drift- Structural diff between two versions of the same Suitedefensetech_vault_resolve_3axis- Resolve a (CUI tier, export-control status, foreign-persondefensetech_audit_event_check_invariants- Run all 3 DefenseTech audit-stream invariants against adefensetech_check_dfars_72h_clock- Check DFARS 252.204-7012(c)(1)(ii) 72-hour cyber-incidentdefensetech_check_cui_distribution_statement- Check that a CUI-Specified+ tier event carries the requireddefensetech_check_itar_us_person- Check that an ITAR resource event has US-PERSON-VERIFIED (ordefensetech_incident_classify_event_type- Given a freeform description of a defense-AI incidentdefensetech_summarize_cmmc_evidence_bundle- Summarize a CMMC L2/L3 readiness evidence bundle: targetdefensetech_vault_contract_cross_binding_check- Verify the cross_binding_refs block on a DefenseTech vault
Specs with a well-known URL convention (AEO, Agent Cards, Tool Cards) get fetch tools. Specs without one (Prompt Provenance, AI Evidence - these usually travel inline with answers or in repos, not at fixed paths) get parse tools that take a document_json string.
Install
npm install -g mcp-kinetic-gain
Or run without installing via npx:
npx mcp-kinetic-gain
Claude Desktop config
Add to your claude_desktop_config.json (macOS: ~/Library/Application Support/Claude/, Windows: %APPDATA%\Claude\):
{
"mcpServers": {
"kinetic-gain": {
"command": "npx",
"args": ["-y", "mcp-kinetic-gain"]
}
}
}
Restart Claude. All 71 tools appear in the tools panel. Try:
"Use aeo_inspect on https://mizcausevic-dev.github.io to summarize the entity declaration, then use ai_evidence_verify_hash to check the content_hash of an evidence object against my candidate text."
CLI mode (v0.5.1+)
The same binary doubles as a Suite JSON validator outside any MCP host. Useful in CI, pre-commit hooks, or local sanity-checks.
# Validate a single document
npx mcp-kinetic-gain validate path/to/ai-entity.json
# Validate a tree of well-known files
npx mcp-kinetic-gain validate ".well-known/**/*.json"
# Multiple paths or globs
npx mcp-kinetic-gain validate cards/clinical-*.json cards/incident-*.json
# Other commands
npx mcp-kinetic-gain --version
npx mcp-kinetic-gain --help
The CLI auto-detects which Suite spec each file belongs to via its top-level version field (aeo_version, clinical_ai_card_version, aup_version, etc.) and validates it against the same zod schemas the MCP tools use. Output is GitHub-Actions-aware: when GITHUB_ACTIONS=true, failures emit ::error:: workflow commands so they surface as PR annotations.
Exit codes:
| Code | Meaning |
|---|---|
0 | Every matched file passed validation |
1 | At least one file failed validation, failed to parse, or hit a config error |
2 | No file in the input matched a known Suite spec |
3 | Usage error (missing arg, unknown flag) |
Running mcp-kinetic-gain with no arguments still launches the stdio MCP server - existing Claude Desktop / Cursor configs are unaffected.
Why one server instead of five?
- One Claude Desktop config entry instead of five
- Cross-spec workflows are atomic - an agent can
agent_card_tool_disclosureto find a Tool Card URI, then calltool_card_inspecton that URI in the same conversation, all through one server - Shared schemas + utilities keep the implementation cohesive
- Deprecation path - if mcp-aeo-server (the AEO-only predecessor) gets retired, the AEO tools live on here with the same names and contracts
Architecture
src/
├── server.ts # MCP entrypoint, handler dispatch
├── tools.ts # 71 tool descriptors (JSON Schema inputs)
├── schemas.ts # zod schemas for every spec
├── common.ts # fetchJson, canonicalSha256, pretty
└── handlers/
├── aeo.ts
├── prompt-provenance.ts
├── agent-card.ts
├── ai-evidence.ts
└── tool-card.ts
Each handler module is independent and could be split into a separate package if needed.
Hash canonicalization
ai_evidence_verify_hash follows the AI Evidence Format spec's canonical SHA-256 rules:
- Read content as UTF-8
- Normalize line endings to
\n - Strip a single trailing newline
- SHA-256, lowercase hex, prefixed
sha256:
If your candidate_text produces an unexpected mismatch, check CRLF vs LF and trailing newlines first.
Tests
126 unit tests against an in-process Node HTTP server (no external network). Every tool's happy path + at least one error path, plus a live local-HTTP synthetic-index test for incident_index_fetch:
npm install
npm run typecheck
npm test
npm run build
License
This server: AGPL-3.0. Reference implementation. Commercial SaaS hosts must share modifications back.
The specs themselves: MIT. Maximally permissive. Anyone may implement, validate against, or extend any Kinetic Gain Protocol Suite specification. The dual-license split is deliberate: the protocol stays open, the reference server is copyleft.
Kinetic Gain Protocol Suite
71 tools total across the eleven specs below plus cross-cutting ops (hash attestation, audit-stream events, cross-spec drift) and the DefenseTech tooling. See the Tools catalog above for the full per-tool list (47 spec + 16 implementation-preview + 8 DefenseTech).
| Spec | Vertical |
|---|---|
| AEO Protocol | Core |
| Prompt Provenance | Core |
| Agent Cards | Core |
| AI Evidence Format | Core |
| MCP Tool Cards | Core |
| AI Tutor Cards | EdTech |
| Student AI Disclosure | EdTech (FERPA/COPPA) |
| Classroom AI AUP | EdTech |
| Clinical AI Disclosure | HealthTech (FDA SaMD + HIPAA) |
| AI Incident Card | Cross-cutting (EU AI Act Article 73) |
| AI Procurement Decision Card | Cross-cutting (buyer-side, OMB M-24-10 / NIST AI RMF rubric-friendly) |
Suite hub: suite.kineticgain.com Companion visualizer: kinetic-gain-visualizer Red-team bench: prompt-injection-bench
Connect: LinkedIn · Kinetic Gain · Medium · Skills
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →Configuration
AUDIT_STREAM_URLOptional URL of a running audit-stream-py instance to enable the live audit-stream tools (audit_event_emit, audit_events_query, audit_chain_verify_live).