AI agents can do anything. But who governs them? Who tracks their cost? Who remembers what they did? Who coordinates them? We build the infrastructure layer that sits between AI agents and the real world.
HookBus is the bus. CRE is the enforcement subscriber. See how they fit together.
86 SECONDS · CLICK TO PLAY
64 SECONDS · CLICK TO PLAY
Twenty seven years of senior enterprise architecture across Aviva, The Co-operative Bank, AXA, and BAE Systems. TOGAF certified. AWS certified. Architect of the patent-pending HookBus and CRE platform.
"I have spent two decades watching regulated enterprises wait for the technology they could safely adopt. AI agents are the moment they have been waiting for. The infrastructure layer is what makes adoption possible."
512,000 lines of proprietary source code exposed. Every safety mechanism operates inside the agent via system prompts. An external mechanical gate would have blocked npm publish before it executed.
Claude Mythos Preview built a multi-step exploit to escape its sandbox, gained internet access, and actively concealed its actions. System prompts cannot contain a model that can reason around them.
Anthropic's safety layer blocks universal catastrophic actions. It cannot know your organisation's rules. HookBus is the organisational policy layer. Your rules, your knowledge base, your compliance requirements.
HookBus is the Lifecycle Event Bus that captures every AI agent action, prompt, response, and tool call. CRE is the enforcement subscriber that applies your rules. Together, they give you governance, observability, memory, and cost control for any AI agent.
The central router between AI agents and their actions. Every lifecycle event flows through HookBus. It routes to subscribers, consolidates decisions, and returns allow/deny/ask. The bus has no opinion on content. It routes. Developers build their own subscribers: memory systems, token monitoring, fine-tuning pipelines, cost controls, anomaly detection. All via the bus.
The enforcement subscriber. CRE receives PreToolUse events from HookBus and runs your organisation's rules against every tool call. Two layers. Deterministic pattern matching plus semantic intent verification.
Every AI agent action is a lifecycle event. HookBus captures them all and routes them to subscribers. Governance subscribers enforce rules. Observability subscribers track cost and usage. Memory subscribers record history. Intelligence subscribers learn and adapt. Add a subscriber, every agent's events flow to it.
HookBus is the platform, CRE is subscriber #1. Build memory, cost monitoring, anomaly detection, compliance gates, or anything that reacts to AI agent lifecycle events. One JSON envelope, any language.
CRE is the enforcement subscriber on HookBus. Every tool call passes through CRE before execution. Layer 1 is deterministic and runs in under ten milliseconds. Layer 2 is semantic and runs locally on CPU. No cloud. No exceptions. The AI never gets the choice to ignore your rules.
Microsoft Agent Governance Toolkit (MIT) provides semantic threat classification across destructive, exfiltration, and privilege escalation categories. Combined with our proprietary regex pattern engine for your organisation's policies. Configurable per team, project, or environment. Audit-ready.
IBM Granite 4 (Apache 2.0) runs locally on your hardware. Verifies the AI's action matches what the user actually asked for. Catches substitutions, shortcuts, and creative reinterpretations. Zero data leaves the machine.
HookBus works with any AI assistant or SDK that exposes lifecycle hooks. The thin client normalises events from different hook formats into one standard protocol. As long as the hooks CRE needs are available (PreToolUse, UserPromptSubmit), the full enforcement solution works out of the box.
Each assistant exposes hooks at different lifecycle points. HookBus connects to whatever hooks are available. The more hooks an assistant exposes, the more subscribers can do. CRE only needs PreToolUse to enforce rules. Add UserPromptSubmit and CRE injects knowledge base context. Add PostToolUse and async subscribers can log, count, and learn.
Think of it as a plugin marketplace. Developers build subscribers. Organisations subscribe to the ones they need. HookBus routes the events. No vendor lock-in. No monolithic platform.
One requirement: the platform exposes a pre-execution hook. Every major AI assistant and SDK now does. HookBus normalises different hook formats into one standard protocol. The more lifecycle hooks a platform exposes, the more subscribers can do, but a single pre-execution hook is enough for full CRE enforcement.
Both layers run on your hardware. No API keys. No external calls. Air-gap compatible.
Every tool call, every decision, every override logged. SOC2-ready, ISO 27001-ready, ISO 42001-ready.
Layer 2 decisions automatically promote to Layer 1 patterns. Faster and more accurate over time.
Searches your organisation's knowledge base and injects context into the AI automatically.
Prevents agents from encoding commands, lateral movement, or writing scripts to bypass enforcement.
Add governance, observability, or intelligence subscribers without touching the bus or other subscribers.
Every agent SDK ships tools without lifecycle management. Agentic Thinking adds governance, observability, and intelligence to any framework.
License the patented enforcement architecture for your AI agent platform.
One hook, full governance. Coding assistants, trading bots, autonomous agents.
Ship HookBus + CRE under your brand as part of your enterprise offering.
Agentic Thinking works with regulated enterprises and AI platform builders. Both engagements start with a confidential conversation. Pricing on application.
For organisations running AI agents at scale
For agent platforms and SDK builders
Confidential demos, technical deep-dives, partnership and licensing discussions. All by appointment.
Book a Demo