Agentic Thinking Limited
⚠ EU AI Act Article 12 · 2 August 2026 · automatic event logging for providers of high-risk AI systems

Runtime governance for AI agents and coding assistants in regulated enterprises.

Agentic Thinking builds HookBus and CRE-AgentProtect Enterprise: the event bus and governance platform that captures every lifecycle action from autonomous agents and the coding assistants your developers already use, and enforces policy before any action reaches production.

Built for organisations with a CISO, a DPO, and regulators watching. Financial services. Insurance. Healthcare. Defence. Public sector. Internal IT departments where Claude Code, Cursor, Amp, and Copilot already touch regulated codebases. Anywhere agents or assistants now hold the keys.

Watch CRE block a dangerous action.

A Claude Code agent calls a destructive shell command. CRE-AgentProtect runs through L1 deterministic rules and L2 semantic review, returns deny, and the action is stopped before it reaches production. One minute, start to finish.

CRE FLOW · CLICK TO PLAY WITH SOUND

Agents and coding assistants are drifting in production.

AI agents run tool calls, write to production, handle customer data. Your developers have Claude Code, Cursor, Amp, and Copilot against regulated codebases. Your IT team runs coding assistants with access to secrets and infrastructure. They forget the rules. They skip policy. They act without review. Auditors and regulators now want the logs your stack is not producing. If you provide high-risk AI systems, your Article 12 event-logging obligation takes effect 2 August 2026.

Article 12
EU AI Act record-keeping obligations
In force 2 Aug 2026
SOC 2
Auditable agent decision trail required
Enterprise procurement gate
ISO 42001
AI management system standard
Published December 2023

Two products. One governance architecture.

HookBus captures every agent event across every AI runtime in your stack. CRE-AgentProtect Enterprise is the governance subscriber that sits on the bus and enforces policy before any dangerous action runs. Deploy one without the other, or both together.

Product 1

HookBus

The agent event bus.

Captures every lifecycle event from every AI agent and every coding assistant in your stack. Routes to subscribers for governance, audit, cost tracking, memory, DLP, and anything else you plug in. Vendor-neutral: works with Claude Code, Cursor, Amp, GitHub Copilot, Hermes, OpenClaw, Codex, Anthropic Agent SDK, OpenAI Agents SDK, and any HTTP-capable runtime.

  • HookBus Light: Apache 2.0, self-host, free forever
  • HookBus Enterprise: hot-reload, advanced consolidation, failover groups, commercial licence
  • On-premise, VPC, or air-gap deployment
Product 2

CRE-AgentProtect Enterprise

The Agent in the Loop.

When there is no human in the loop, CRE-AgentProtect Enterprise is the Agent in the Loop. L1 deterministic policy gate backed by Microsoft AGT. L2 semantic intent verification backed by IBM Granite 4, running locally. Sub-10ms decisions. Local CPU. No cloud. No exceptions. The AI never gets the choice to ignore your rules.

  • L1 + L2: deterministic patterns plus Granite 4 intent verification
  • Self-learning: L2 decisions promote to L1 patterns over time
  • Ships as a HookBus subscriber, governed on the bus

Who this is for.

Agentic Thinking speaks to the people responsible for the agent-in-production problem. Every block below maps to a real deliverable in the product, not a marketing line.

CISO

Know every action every agent takes.

Hash-chained audit trail across every agent runtime. Evidence your incident response team can actually subpoena.

DPO

Stop PII leaving the agent boundary.

DLP Filter subscriber redacts secrets and regulated data at envelope entry. GDPR / HIPAA / PCI scopes configurable.

Head of AI Governance

One governance layer across every LLM vendor.

Rules written once, enforced across Claude, GPT, Gemini, open-weights. Vendor portability built in.

Internal Audit

Evidence on demand.

Every decision, every override, every deny-wins consolidation, timestamped and exportable for the auditor.

Compliance

Map policy to the enforcement layer.

Regulation language translates to deterministic rules. L1 blocks before the tool call, no LLM discretion.

Finance

Agents at predictable cost.

AgentSpend tracks token usage per team, per agent, per session. Budget limits enforceable at the bus layer.

Publishers emit. The bus routes. Subscribers enforce.

Every AI agent and every coding assistant fires lifecycle events. HookBus captures them and routes to subscribers in parallel. Sync subscribers return verdicts (allow / deny / ask) and context. The publisher injects the consolidated result into the next turn. Deny wins.

Publishers
Claude, Amp, Hermes, OpenClaw, SDKs
HOOKBUS
Agent event bus
Subscribers
CRE-AgentProtect, Auditor, DLP, KB, Memory

Full protocol specification, install commands, subscriber gallery, and developer documentation at hookbus.com.

Open to licensing HookBus & CRE-AgentProtect Enterprise to AI companies.

If you build an AI runtime, coding assistant, or agent framework and need a governance story your enterprise customers can buy, Agentic Thinking licenses HookBus and CRE-AgentProtect Enterprise for embedding or resale. White-label, OEM, per-seat, per-deployment models available.

White-label embedding

Your product ships with HookBus and CRE-AgentProtect Enterprise bundled under your brand. We supply the protocol, the bus, the subscribers, and the policy packs. You supply the distribution.

OEM relicensing

Relicense HookBus Enterprise to your enterprise customers as part of your own paid tier. Revenue share or flat licence. Audit-ready compliance evidence included.

Joint engineering

Co-develop a publisher shim for your runtime. Your events become HookBus events. Enterprise customers who standardise on HookBus get your runtime for free.

Licensing enquiries: partnerships@agenticthinking.uk

Built by someone who has spent 27 years inside regulated enterprises.

LR

Leo Ruocco

Founder · Agentic Thinking Ltd

Former enterprise architect with twenty-seven years across UK financial services, insurance, and defence. Core-systems modernisation, regulatory programmes, cloud platform transformation, and the controls layers auditors actually read.

Agentic Thinking exists because the enterprise architecture patterns that protect humans making tool calls do not yet exist for agents making tool calls. Agentic Thinking builds them.

Financial services · Insurance · Defence
Company
Agentic Thinking Ltd
UK Companies House
17152930
Incorporated
13 April 2026
Patent: HookBus
GB2608069.7
Patent: CRE
GB2604445.3
Trademark
HookBus™

Works with the tools enterprise AI teams already run.

HookBus ships publisher shims for the major AI runtimes and SDKs. CRE-AgentProtect Enterprise integrates with industry-standard policy engines. All integrations are public, documented, and use each vendor's supported APIs.

Microsoft
L1 policy engine

CRE-AgentProtect Enterprise uses Microsoft Agent Governance Toolkit (AGT) as its deterministic pattern engine.

IBM Granite 4
L2 intent model

CRE-AgentProtect Enterprise runs Granite 4 locally for semantic intent verification. No cloud calls.

Anthropic
Claude Code hook

Publisher shim for Claude Code via the native hook API. All four lifecycle events.

Amp
Plugin API

TypeScript plugin for Amp's lifecycle plugin API. Full five-event coverage.

Nous Research
Hermes-agent plugin

Python plugin for Hermes-agent. Pre-tool-call, post-tool-call, post-API-request hooks.

OpenClaw
Extension API

Node.js plugin for OpenClaw's extension API.

OpenAI Agents SDK
Python shim

Wraps HookBusRunHooks(RunHooksBase). Tool start / tool end / LLM end / agent end.

Anthropic Agent SDK
Python shim

Pre- and post-tool events for the Anthropic Agent SDK.

Designed for organisations whose procurement starts with a questionnaire.

HookBus Enterprise and CRE-AgentProtect Enterprise are built for the deployments where a CISO signs a DPIA before the tool goes live. Providers of high-risk AI systems have automatic-logging obligations under EU AI Act Article 12 from 2 August 2026. Our products are engineered to make those obligations easy to meet.

EU AI Act Article 12

Supports your audit-trail obligation

If you are a provider of a high-risk AI system, Article 12 requires automatic event logging from 2 August 2026. HookBus produces that log: tamper-evident, chained, exportable.

SOC 2

Evidence for Type II audits

Produces the event-level audit trail your SOC 2 Type II assessor expects. Built to slot into your assurance programme.

ISO / IEC 42001

Aligned to AIMS controls

Deployment, operation, incident-response, and review features map to ISO 42001 clauses. Built to support customers running an AI management system.

GDPR · HIPAA · PCI

Boundary-level data protection

DLP Filter redacts API keys, PII, financial identifiers, and infrastructure strings at the envelope. Regulated data never leaves the agent boundary.

No cloud dependencies

On-prem, VPC, air-gap

CRE-AgentProtect Enterprise runs locally, CPU-only. No external API calls at decision time. Deploy where your DPIA allows.

Agentic Thinking Limited does not currently hold third-party compliance certifications. The products are built to the evidence standards SOC 2 Type II and ISO/IEC 42001 require, and customers can use them inside their own compliance programmes today. Security posture documentation is available under NDA — see the Trust Center.

On-premise VPC Air-gap No cloud dependency

Book 30 minutes. Walk out knowing whether we fit.

Built for organisations running AI agents in production or coding assistants across internal IT, targeting regulated-industry deployment. Typical annual engagement from £300,000 depending on scope, subscribers bundled, and deployment target. Not the right price point for a hobby project, exactly the right price point for a bank.