Interactive playground · browser-only

Try the whole KGE flow without installing anything.

Edit a buyer-issued Decision Card. Paste a sample customer record. Apply the vault contract — watch the fields get tokenized, masked, hashed, or dropped per the card. Emit a hash-chained audit event. Append more events. Verify the entire chain replays correctly. Then break the chain on purpose and watch verification fail. All of this runs in your browser. No backend, no signup, no telemetry. Open DevTools and check the Network tab if you don't trust me.

🔒 Privacy: This page makes zero network requests after the initial HTML+CSS load. Everything below runs against WebCrypto SHA-256 + an in-memory chain. No data ever leaves this tab. Close the tab and it's gone.
1

The buyer's Decision Card

In production, this JSON is issued by your customer's compliance team and lives at a stable canonical_url. Their security team can change it any time; old audit events stay valid because every event carries the decision_card_ref in force at emission time. Edit below — the playground will use whatever you've typed when you click Apply vault contract. Supported actions per field: tokenize (replaces with deterministic token), mask (replaces with ****), hash (replaces with SHA-256 prefix), drop (removes the field entirely), or no entry at all (field passes through).

Decision Card JSON
2

A customer record arrives

This is the raw record your application would normally hand straight to an AI tool — patient record, customer profile, member file, whatever. The vault contract sits between this record and the AI tool. Edit below to test different field shapes.

Customer record JSON
3

Tokenized payload (this is what the AI tool sees)

Note the contrast: original record on the left, tokenized payload on the right. The chip row below shows every redaction that was applied — this list becomes the redaction_applied field on the audit event.

Original (sensitive)
— click Apply vault contract above —
Tokenized payload (safe)
— payload appears here —
Click multiple times to build a chain.
4

The hash-chained audit stream

Every event gets a UUID v4 event_id, copies the previous event's hash into prev_hash (genesis = 64 zeros), then computes its own hash = SHA-256 over the canonical JSON of all fields except the hash itself. Replay the chain end-to-end and any insertion, deletion, or in-place edit breaks it.

# event_id prev_hash hash redactions
No events yet. Click Emit audit event above.

When you're ready to do this for real

The playground reimplements the vault-contract + audit-chain behavior client-side for demonstration. The actual SDK does the same thing in your Node 20+ server, plus optional ed25519 signing, plus pluggable sinks (NDJSON file, HTTP, in-memory, write-your-own).

npm install kinetic-gain-embedded 5-minute integration walkthrough Hosted tiers Start a conversation

Reference scaffolding for audit evidence — not a HIPAA / FERPA / SOC 2 / GDPR / ISO 27001 / NIST AI RMF / EU AI Act / ISO 42001 compliant or certified product. Compliance posture depends on the embedder's full control environment and external attestation specific to each regulatory regime.