/ · trust · signing-policy

How we sign our own attestations

Every page in the Kinetic Gain estate claims a methodology that depends on cryptographic signatures. If we don't sign our own documents and verify those signatures in CI, the methodology is theater. This page documents how we sign, how anyone can verify, and the deploy-time defense that prevents silent drift — including the discovery we made on 2026-06-01 that prompted writing it.

The keypair

One ed25519 keypair, used to sign every machine-readable document at kineticgain.com/.well-known/ plus AI Procurement Pulse receipts. The public key is published at a stable URL so anyone can fetch + verify without out-of-band coordination.

Algorithm
ed25519 (RFC 8032)
Public key URL
https://kineticgain.com/.well-known/pulse-signing.json
Public key (base64 SPKI-DER)
MCowBQYDK2VwAyEARxsDtZsl4R481NdBerN2RlCF74VZdQhqRHpgvAIJoTo=
Published
2026-05-28
Private key
Held offline by Miz Causevic (PKCS#8 PEM, mode 0600). Never committed, never transmitted, never copied to any cloud key store. Signing happens manually on a trusted local machine via scripts/sign-suite-docs.mjs in the procurement-pulse-engine repo.
Rotation policy
Annual or on compromise. New keypair published at the same URL with a signing_key_version bump; old verifiable signatures remain valid against the old key (kept in archive). Compromise → revocation note at the same URL within 24 hours.

What we sign

All 11 KG Suite specification documents at /.well-known/<spec>.json. Each carries an embedded signature block (top-level key) that verifies against the public key above.

PathWhat it declares
/.well-known/aeo.jsonAEO entity card — Kinetic Gain's answer-engine identity
/.well-known/agents/index.jsonAgent cards we publish
/.well-known/prompts/index.jsonPrompt provenance index
/.well-known/evidence/index.jsonAI evidence bundles index
/.well-known/tool-cards/index.jsonMCP tool cards
/.well-known/tutor-cards/index.jsonAI tutor cards
/.well-known/student-ai/index.jsonStudent AI disclosure
/.well-known/aup.jsonClassroom AI acceptable-use policy
/.well-known/clinical-ai/index.jsonClinical AI disclosure
/.well-known/incidents/index.jsonAI incident cards
/.well-known/decisions/index.jsonAI procurement decision cards

The same key signs the /.well-known/pulse-receipt.json attestation that publishes the locked AI Procurement Pulse baseline.

Verification procedure

To verify any signed document, fetch it, separate the signature block, canonicalize the rest, and ed25519-verify with the published public key. Three implementations agree byte-for-byte:

1. Node.js (built-in, zero deps)

// signature.mjs lives in procurement-pulse-engine; vendor-able into your project.
import { verifyDocument } from "./signature.mjs";

const doc = await (await fetch("https://kineticgain.com/.well-known/aeo.json")).json();
const result = await verifyDocument(doc);
console.log(result);  // { status: "verified", keySource: "embedded" }

2. Python (cryptography lib)

import json, requests
from base64 import b64decode
from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PublicKey
from cryptography.hazmat.primitives.serialization import load_der_public_key

def canonical(v):
    if isinstance(v, list): return "[" + ",".join(canonical(x) for x in v) + "]"
    if isinstance(v, dict):
        return "{" + ",".join(json.dumps(k, ensure_ascii=False) + ":" + canonical(v[k])
                              for k in sorted(v.keys())) + "}"
    return json.dumps(v, ensure_ascii=False)

doc = requests.get("https://kineticgain.com/.well-known/aeo.json").json()
sig = doc.pop("signature")
pk = load_der_public_key(b64decode(sig["public_key"]))
pk.verify(b64decode(sig["value"]), canonical(doc).encode())   # raises on failure
print("verified")

3. Shell (openssl)

curl -s https://kineticgain.com/.well-known/aeo.json > doc.json
# (separate body + signature with jq, base64-decode pubkey + value, openssl pkeyutl -verify)
# Full one-liner in the GitHub Action below; recommended for CI rather than ad-hoc.

The canonicalization is JCS-style with one important detail: do not escape non-ASCII. Python's json.dumps defaults to ensure_ascii=True and would produce different bytes than Node's JSON.stringify. We caught this bug ourselves on 2026-06-01 — see the incident below.

Deploy-time defense

Every apex deploy now runs a Python step that verifies all 11 Suite documents pass ed25519 verification before the FTP step ships them. If any document is unsigned, has an invalid signature, or fails canonical-form verification, the deploy fails loudly with the exact command to re-sign:

node scripts/sign-suite-docs.mjs --apex . --key /path/to/kg-pulse-signing-key.pem

This means a developer who edits a Suite document without re-signing cannot accidentally ship the unsigned version. The error message links back to this page.

The check itself is in .github/workflows/deploy.yml in the apex repo. It uses the same canonical-JSON algorithm the production Node signer uses, so a passing check in CI means the doc would also verify against any external Node, Python, or Go consumer.

The 2026-06-01 incident — why this page exists

Caught by dry-run, fixed before publication

On 2026-06-01 we dry-ran the AI Procurement Pulse Issue #5 workflow (scheduled cron fires Aug 15, 2026). The dry-run reported 0/11 verified Suite documents, against the locked baseline's 11/11 verified.

Root cause: between the original signing on 2026-05-28 and the dry-run on 2026-06-01, one or more documents had been edited (content updates, spec bumps) without re-signing. Ed25519 verification correctly failed — and would have failed publicly when the August cron published the issue.

Fixes shipped same day:

  1. Wrote a reusable batch signer at procurement-pulse-engine/scripts/sign-suite-docs.mjs.
  2. Re-signed all 11 documents in-place; verified each roundtrip before writing.
  3. Re-ran the dry-run → 11/11 verified.
  4. Added the deploy-time verify step described above so this drift cannot silently recur.

We're publishing this because honesty about the failure mode is part of the methodology. If we'd noticed in August instead of June we'd have published "0/11 verified" in the very issue that talks about how few vendors sign their docs. The dry-run discipline + the deploy-time defense are how that doesn't happen again.

Discipline going forward

The workflow we ourselves follow, in order:

  1. Edit a Suite document in kineticgain-com-apex/.well-known/.
  2. Re-run node scripts/sign-suite-docs.mjs --apex /path/to/apex --key /path/to/private-key.pem in the procurement-pulse-engine repo.
  3. Commit the re-signed document to apex.
  4. Push. The CI verify-step will fail the deploy if step 2 was skipped.
  5. The quarterly AI Procurement Pulse cron will independently catch any drift the deploy-time check missed.

Three independent safety nets: the human discipline, the deploy-time check, and the quarterly drift report. No single human, machine, or schedule is the sole gate.

Coordinated disclosure

If you find a way to forge a signature, demonstrate two distinct documents that hash to the same canonical form, or otherwise break the verification chain, report it to miz@kineticgain.com. We follow standard coordinated disclosure (acknowledge within 72 hours, fix-and-publish within 90 days, credit the reporter in the fix release).

The full scope is at /.well-known/security.txt (RFC 9116).

Reference scaffolding for cryptographic methodology disclosure — not a SOC 2 / ISO 27001 / NIST AI RMF / EU AI Act certified or compliant attestation. Compliance posture depends on your organization's full control environment and external attestation specific to each regulatory regime.