Agentic Thinking builds HookBus™ and CRE-AgentProtect Enterprise: the event bus and governance platform that captures every lifecycle action from autonomous agents and the coding assistants your developers already use, and enforces policy before any action reaches production.
Built for organisations with a CISO, a DPO, and regulators watching. Financial services. Insurance. Healthcare. Defence. Public sector. Internal IT departments where Claude Code, Cursor, Amp, and Copilot already touch regulated codebases. Anywhere agents or assistants now hold the keys.
A Claude Code agent calls a destructive shell command. CRE-AgentProtect runs through L1 deterministic rules and L2 semantic review, returns deny, and the action is stopped before it reaches production. One minute, start to finish.
CRE FLOW · CLICK TO PLAY WITH SOUND
AI agents run tool calls, write to production, handle customer data. Your developers have Claude Code, Cursor, Amp, and Copilot against regulated codebases. Your IT team runs coding assistants with access to secrets and infrastructure. They forget the rules. They skip policy. They act without review. Auditors and regulators now want the logs your stack is not producing. If you provide high-risk AI systems, your Article 12 event-logging obligation takes effect 2 August 2026.
HookBus captures every agent event across every AI runtime in your stack. CRE-AgentProtect Enterprise is the governance subscriber that sits on the bus and enforces policy before any dangerous action runs. Deploy one without the other, or both together.
Captures every lifecycle event from every AI agent and every coding assistant in your stack. Routes to subscribers for governance, audit, cost tracking, memory, DLP, and anything else you plug in. Vendor-neutral: works with Claude Code, Cursor, Amp, GitHub Copilot, Hermes, OpenClaw, Codex, Anthropic Agent SDK, OpenAI Agents SDK, and any HTTP-capable runtime.
When there is no human in the loop, CRE-AgentProtect Enterprise is the Agent in the Loop. L1 deterministic policy gate backed by Microsoft AGT. L2 semantic intent verification backed by IBM Granite 4, running locally. Sub-10ms decisions. Local CPU. No cloud. No exceptions. The AI never gets the choice to ignore your rules.
Agentic Thinking speaks to the people responsible for the agent-in-production problem. Every block below maps to a real deliverable in the product, not a marketing line.
Hash-chained audit trail across every agent runtime. Evidence your incident response team can actually subpoena.
DLP Filter subscriber redacts secrets and regulated data at envelope entry. GDPR / HIPAA / PCI scopes configurable.
Rules written once, enforced across Claude, GPT, Gemini, open-weights. Vendor portability built in.
Every decision, every override, every deny-wins consolidation, timestamped and exportable for the auditor.
Regulation language translates to deterministic rules. L1 blocks before the tool call, no LLM discretion.
AgentSpend tracks token usage per team, per agent, per session. Budget limits enforceable at the bus layer.
Every AI agent and every coding assistant fires lifecycle events. HookBus captures them and routes to subscribers in parallel. Sync subscribers return verdicts (allow / deny / ask) and context. The publisher injects the consolidated result into the next turn. Deny wins.
Full protocol specification, install commands, subscriber gallery, and developer documentation at hookbus.com.
If you build an AI runtime, coding assistant, or agent framework and need a governance story your enterprise customers can buy, Agentic Thinking licenses HookBus and CRE-AgentProtect Enterprise for embedding or resale. White-label, OEM, per-seat, per-deployment models available.
Your product ships with HookBus and CRE-AgentProtect Enterprise bundled under your brand. We supply the protocol, the bus, the subscribers, and the policy packs. You supply the distribution.
Relicense HookBus Enterprise to your enterprise customers as part of your own paid tier. Revenue share or flat licence. Audit-ready compliance evidence included.
Co-develop a publisher shim for your runtime. Your events become HookBus events. Enterprise customers who standardise on HookBus get your runtime for free.
Licensing enquiries: partnerships@agenticthinking.uk
Former enterprise architect with twenty-seven years across UK financial services, insurance, and defence. Core-systems modernisation, regulatory programmes, cloud platform transformation, and the controls layers auditors actually read.
Agentic Thinking exists because the enterprise architecture patterns that protect humans making tool calls do not yet exist for agents making tool calls. Agentic Thinking builds them.
HookBus ships publisher shims for the major AI runtimes and SDKs. CRE-AgentProtect Enterprise integrates with industry-standard policy engines. All integrations are public, documented, and use each vendor's supported APIs.
CRE-AgentProtect Enterprise uses Microsoft Agent Governance Toolkit (AGT) as its deterministic pattern engine.
CRE-AgentProtect Enterprise runs Granite 4 locally for semantic intent verification. No cloud calls.
Publisher shim for Claude Code via the native hook API. All four lifecycle events.
TypeScript plugin for Amp's lifecycle plugin API. Full five-event coverage.
Python plugin for Hermes-agent. Pre-tool-call, post-tool-call, post-API-request hooks.
Node.js plugin for OpenClaw's extension API.
Wraps HookBusRunHooks(RunHooksBase). Tool start / tool end / LLM end / agent end.
Pre- and post-tool events for the Anthropic Agent SDK.
HookBus Enterprise and CRE-AgentProtect Enterprise are built for the deployments where a CISO signs a DPIA before the tool goes live. Providers of high-risk AI systems have automatic-logging obligations under EU AI Act Article 12 from 2 August 2026. Our products are engineered to make those obligations easy to meet.
If you are a provider of a high-risk AI system, Article 12 requires automatic event logging from 2 August 2026. HookBus produces that log: tamper-evident, chained, exportable.
Produces the event-level audit trail your SOC 2 Type II assessor expects. Built to slot into your assurance programme.
Deployment, operation, incident-response, and review features map to ISO 42001 clauses. Built to support customers running an AI management system.
DLP Filter redacts API keys, PII, financial identifiers, and infrastructure strings at the envelope. Regulated data never leaves the agent boundary.
CRE-AgentProtect Enterprise runs locally, CPU-only. No external API calls at decision time. Deploy where your DPIA allows.
Agentic Thinking Limited does not currently hold third-party compliance certifications. The products are built to the evidence standards SOC 2 Type II and ISO/IEC 42001 require, and customers can use them inside their own compliance programmes today. Security posture documentation is available under NDA — see the Trust Center.
Built for organisations running AI agents in production or coding assistants across internal IT, targeting regulated-industry deployment. Typical annual engagement from £300,000 depending on scope, subscribers bundled, and deployment target. Not the right price point for a hobby project, exactly the right price point for a bank.