mcp-kinetic-gain
One MCP server, all twelve Kinetic Gain Protocol Suite specs + the v0.1.0 implementation tooling + the DefenseTech 6-pack. Drop into Claude Desktop, Cursor, or any MCP-compatible client with a single config entry. The agent gains 75 tools (47 spec + 16 implementation-preview + 8 DefenseTech + 4 AI Claims Decision Card, v0.9.0): AEO Protocol, Prompt Provenance, Agent Cards, AI Evidence Format, MCP Tool Cards, AI Tutor Cards, Student AI Disclosure, Classroom AI AUP, Clinical AI Disclosure, AI Incident Card, AI Procurement Decision Card, AI Claims Decision Card - plus hash attestation (ed25519), audit-stream event composition + chain verification (offline AND live against a running audit-stream-py via AUDIT_STREAM_URL), cross-spec drift detection, Decision Intelligence preview, and the DefenseTech vault resolver + invariant checkers. New in v0.9.0: the AI Claims Decision Card (InsurTech, claims_card_version) - claims_card_validate, claims_card_inspect, claims_card_sign, claims_card_chain.
This is the unified read-side companion to kinetic-gain-visualizer: the visualizer renders any of the 12 specs for humans, this server exposes them as callable tools for agents.
Tools
<!-- BEGIN TOOL CATALOG (generated by scripts/gen-readme-tools.mjs from src/tools.ts - do not hand-edit) --> <details> <summary>75 tools</summary>aeo_fetch- Fetch the full AEO Protocol declaration at an origin'saeo_inspect- Return a structured summary of an AEO declaration: entityaeo_get_claim- Extract a single AEO claim by IDaeo_well_known_url- Compute the canonical AEO well-known URL for an originprompt_provenance_validate- Validate a Prompt Provenance JSON document against the v0.1prompt_provenance_inspect- Structured summary of a Prompt Provenance document: promptprompt_provenance_eval_result- Extract a single evaluation suite's result from a Promptagent_card_well_known_url- Compute the canonical Agent Card well-known URL for a givenagent_card_inspect- Structured summary of an Agent Card documentagent_card_tool_disclosure- Return the list of tools an agent declares, with side-effectagent_card_validate- Validate an Agent Card JSON document against the v0.1 schema.ai_evidence_validate- Validate an AI Evidence object against the v0.1 schema.ai_evidence_inspect- Structured summary of an AI Evidence object: claim textai_evidence_verify_hash- Compute SHA-256 over the canonical UTF-8 form oftool_card_well_known_url- Compute the canonical MCP Tool Card well-known URLtool_card_inspect- Structured summary of an MCP Tool Card: tool identity, safetytool_card_tested_with- Return the tested-LLM entries for a tool, optionally filteredtool_card_validate- Validate an MCP Tool Card JSON document against the v0.1tutor_card_well_known_url- Compute the canonical AI Tutor Card well-known URLtutor_card_fetch- Fetch a Tutor Card from a URLtutor_card_validate- Validate an AI Tutor Card JSON document against the v0.1tutor_card_inspect- Structured summary of a Tutor Card: tutor identity, audiencetutor_card_subject_check- Classify a topic against the tutor's subject scopetutor_card_coppa_check- Enforce the spec's COPPA conditional rule: ifdisclosure_validate- Validate a Student AI Disclosure JSON document against thedisclosure_inspect- Structured summary of a Student AI Disclosure: assignmentdisclosure_verify_artifact_hash- Recompute SHA-256 over a candidate artifact and compare todisclosure_verify_prompt_hash- Verify a single prompt hash in a hashed-mode disclosuredisclosure_aup_check- Surface the disclosure's policy posture: whether an aup_uriaup_well_known_url- Compute the canonical Classroom AI AUP well-known URLaup_fetch- Fetch a Classroom AI AUP from a URLaup_validate- Validate a Classroom AI AUP JSON document against the v0.1aup_inspect- Structured summary of a Classroom AI AUP: policy identityaup_check_compliance- HEADLINE TOOL, joins an AUP with a Student AI Disclosure andclinical_ai_well_known_url- Compute the canonical Clinical AI Card well-known URLclinical_ai_fetch- Fetch a Clinical AI Card from a URLclinical_ai_validate- Validate a Clinical AI Card JSON document against the v0.1clinical_ai_inspect- Structured summary of a Clinical AI Card: system identityincident_well_known_url- Compute the canonical AI Incident Card well-known URLincident_fetch- Fetch an AI Incident Card from a URLincident_validate- Validate an AI Incident Card JSON document against the v0.1incident_inspect- Structured summary of an AI Incident Card: incident identityincident_index_fetch- HEADLINE TOOL, fetch a vendor'sdecision_card_well_known_url- Compute the canonical AI Procurement Decision Card well-knowndecision_card_fetch- Fetch an AI Procurement Decision Card from a URLdecision_card_validate- Validate an AI Procurement Decision Card JSON documentdecision_card_inspect- Structured summary of an AI Procurement Decision Card: buyerdecision_card_infer_status- Given a rubric, infer the right decision.statusdecision_card_to_policy_bundle- Translate a Decision Card into the PolicyBundle thatdecision_card_signature_check- Structural check on a Decision Card's signatures[] blockincident_affected_walk- Walk an Incident Card's affected block and return everyincident_remediation_plan- Map each affected URI in an Incident Card to a recommendedattestation_canonical_hash- Compute the SHA-256 canonical-JSON hash of an arbitrary valueattestation_verify- Verify an ed25519 Attestation envelopeattestation_inspect- Pretty-print an Attestation envelope with structuralaudit_event_compose- Build a ready-to-POST audit-stream-py GovernanceEventaudit_chain_verify- Walk an array of GovernanceEvents top-to-bottom and verifyaudit_event_inspect- Pretty-print one GovernanceEvent with structural validationaudit_event_emit- POST one governance event to a running audit-stream-pyaudit_events_query- GET recent governance events from a running audit-stream-pyaudit_chain_verify_live- Ask a running audit-stream-py instance to walk its own chainsuite_doc_detect_spec- Detect which Kinetic Gain Suite spec a JSON document is bysuite_doc_drift- Structural diff between two versions of the same Suitedefensetech_vault_resolve_3axis- Resolve a (CUI tier, export-control status, foreign-persondefensetech_audit_event_check_invariants- Run all 3 DefenseTech audit-stream invariants against adefensetech_check_dfars_72h_clock- Check DFARS 252.204-7012(c)(1)(ii) 72-hour cyber-incidentdefensetech_check_cui_distribution_statement- Check that a CUI-Specified+ tier event carries the requireddefensetech_check_itar_us_person- Check that an ITAR resource event has US-PERSON-VERIFIED (ordefensetech_incident_classify_event_type- Given a freeform description of a defense-AI incidentdefensetech_summarize_cmmc_evidence_bundle- Summarize a CMMC L2/L3 readiness evidence bundle: targetdefensetech_vault_contract_cross_binding_check- Verify the cross_binding_refs block on a DefenseTech vaultclaims_card_validate- Validate an AI Claims Decision Card (InsurTech) JSON documentclaims_card_inspect- Structured summary of an AI Claims Decision Card: claim typeclaims_card_sign- Compute the canonical SHA-256 hash of an AI Claims Decisionclaims_card_chain- Link a new AI Claims Decision Card to its predecessor: sets
Specs with a well-known URL convention (AEO, Agent Cards, Tool Cards) get fetch tools. Specs without one (Prompt Provenance, AI Evidence - these usually travel inline with answers or in repos, not at fixed paths) get parse tools that take a document_json string.
Install
npm install -g mcp-kinetic-gain
Or run without installing via npx:
npx mcp-kinetic-gain
Claude Desktop config
Add to your claude_desktop_config.json (macOS: ~/Library/Application Support/Claude/, Windows: %APPDATA%\Claude\):
{
"mcpServers": {
"kinetic-gain": {
"command": "npx",
"args": ["-y", "mcp-kinetic-gain"]
}
}
}
Restart Claude. All 75 tools appear in the tools panel. Try:
"Use aeo_inspect on https://mizcausevic-dev.github.io to summarize the entity declaration, then use ai_evidence_verify_hash to check the content_hash of an evidence object against my candidate text."
CLI mode (v0.5.1+)
The same binary doubles as a Suite JSON validator outside any MCP host. Useful in CI, pre-commit hooks, or local sanity-checks.
# Validate a single document
npx mcp-kinetic-gain validate path/to/ai-entity.json
# Validate a tree of well-known files
npx mcp-kinetic-gain validate ".well-known/**/*.json"
# Multiple paths or globs
npx mcp-kinetic-gain validate cards/clinical-*.json cards/incident-*.json
# Other commands
npx mcp-kinetic-gain --version
npx mcp-kinetic-gain --help
The CLI auto-detects which Suite spec each file belongs to via its top-level version field (aeo_version, clinical_ai_card_version, aup_version, etc.) and validates it against the same zod schemas the MCP tools use. Output is GitHub-Actions-aware: when GITHUB_ACTIONS=true, failures emit ::error:: workflow commands so they surface as PR annotations.
Exit codes:
| Code | Meaning |
|---|---|
0 | Every matched file passed validation |
1 | At least one file failed validation, failed to parse, or hit a config error |
2 | No file in the input matched a known Suite spec |
3 | Usage error (missing arg, unknown flag) |
Running mcp-kinetic-gain with no arguments still launches the stdio MCP server - existing Claude Desktop / Cursor configs are unaffected.
Why one server instead of five?
- One Claude Desktop config entry instead of five
- Cross-spec workflows are atomic - an agent can
agent_card_tool_disclosureto find a Tool Card URI, then calltool_card_inspecton that URI in the same conversation, all through one server - Shared schemas + utilities keep the implementation cohesive
- Deprecation path - if mcp-aeo-server (the AEO-only predecessor) gets retired, the AEO tools live on here with the same names and contracts
Architecture
src/
├── server.ts # MCP entrypoint, handler dispatch
├── tools.ts # 75 tool descriptors (JSON Schema inputs)
├── schemas.ts # zod schemas for every spec
├── common.ts # fetchJson, canonicalSha256, pretty
└── handlers/
├── aeo.ts
├── prompt-provenance.ts
├── agent-card.ts
├── ai-evidence.ts
└── tool-card.ts
Each handler module is independent and could be split into a separate package if needed.
Hash canonicalization
ai_evidence_verify_hash follows the AI Evidence Format spec's canonical SHA-256 rules:
- Read content as UTF-8
- Normalize line endings to
\n - Strip a single trailing newline
- SHA-256, lowercase hex, prefixed
sha256:
If your candidate_text produces an unexpected mismatch, check CRLF vs LF and trailing newlines first.
Tests
126 unit tests against an in-process Node HTTP server (no external network). Every tool's happy path + at least one error path, plus a live local-HTTP synthetic-index test for incident_index_fetch:
npm install
npm run typecheck
npm test
npm run build
License
This server: AGPL-3.0. Reference implementation. Commercial SaaS hosts must share modifications back.
The specs themselves: MIT. Maximally permissive. Anyone may implement, validate against, or extend any Kinetic Gain Protocol Suite specification. The dual-license split is deliberate: the protocol stays open, the reference server is copyleft.
Kinetic Gain Protocol Suite
75 tools total across the twelve specs below plus cross-cutting ops (hash attestation, audit-stream events, cross-spec drift) and the DefenseTech tooling. See the Tools catalog above for the full per-tool list (47 spec + 16 implementation-preview + 8 DefenseTech + 4 AI Claims Decision Card).
| Spec | Vertical |
|---|---|
| AEO Protocol | Core |
| Prompt Provenance | Core |
| Agent Cards | Core |
| AI Evidence Format | Core |
| MCP Tool Cards | Core |
| AI Tutor Cards | EdTech |
| Student AI Disclosure | EdTech (FERPA/COPPA) |
| Classroom AI AUP | EdTech |
| Clinical AI Disclosure | HealthTech (FDA SaMD + HIPAA) |
| AI Incident Card | Cross-cutting (EU AI Act Article 73) |
| AI Procurement Decision Card | Cross-cutting (buyer-side, OMB M-24-10 / NIST AI RMF rubric-friendly) |
Suite hub: suite.kineticgain.com Companion visualizer: kinetic-gain-visualizer Red-team bench: prompt-injection-bench
Connect: LinkedIn · Kinetic Gain · Medium · Skills