Every AI agent fires lifecycle events. HookBus™ captures them from any platform and routes them to subscribers. Governance. Memory. Cost. Compliance. Data protection. Or anything you build. One bus. Every agent.
Publishers. Bus. Subscribers. One bus captures every agent action and routes it to plugins that govern, enrich, protect, and audit.
1 MIN 45 SEC · CLICK TO PLAY WITH SOUND
Twenty seven years of senior enterprise architecture across Aviva, The Co-operative Bank, AXA, and BAE Systems. TOGAF certified. AWS certified. Architect of HookBus™ and CRE.
"I have spent two decades watching regulated enterprises wait for the technology they could safely adopt. AI agents are the moment they have been waiting for. The infrastructure layer is what makes adoption possible."
Uber blew $3.4B on Claude Code in four months. 15 weeks from the EU AI Act deadline. HookBus Light launches today: open-source runtime governance and cost tracking for every autonomous AI agent. CRE-AgentProtect + AgentSpend, free, MIT.
Four autonomous-agent product launches in thirteen days. None shipped with runtime governance. The EU AI Act applies from 2 August 2026. Every one of them is now a procurement blocker for regulated industries.
Per-tool permissions are a nice feature for coding assistants. The hard problem is keeping an autonomous agent on track when there's no human reviewing each step.
HookBus™ captures every AI agent lifecycle event and routes it to subscribers in parallel. Sync subscribers block dangerous actions before execution. Async subscribers observe without slowing anything down. The bus has no opinion on policy. It routes. You build the subscribers.
The central router between AI agents and their actions. Every lifecycle event flows through HookBus™. It routes to subscribers, consolidates decisions, and returns allow/deny/ask. The bus has no opinion on content. It routes. Developers build their own subscribers: memory systems, token monitoring, fine-tuning pipelines, cost controls, anomaly detection. All via the bus.
Drop a shim into any supported agent runtime. It hooks the lifecycle events, posts envelopes to HookBus™, enforces consolidated verdicts. Install via your runtime's plugin mechanism.
hermes-agent plugin. PreToolUse, PostToolUse, PostLLMCall with token usage. Nous Research runtime.
OpenClaw CRE plugin. Pre + post tool-call + LLM output. Fail-mode configurable.
Hooks PreToolUse / PostToolUse / UserPromptSubmit / Stop. Plus emit_post_llm_call helper for real token metadata.
HookBusRunHooks subclass. on_tool_start enforces, on_llm_end carries tokens + cost.
Delegate-permissions gate. Reads AGENT_TOOL_NAME + stdin JSON, exits 0 / 1 / 2 (allow / ask / deny).
Two free subscribers ship with HookBus™ Light. Drop them in via docker compose up. Production-ready.
Apache 2.0 on the bus itself (where our routing patent applies). MIT on everything else, shims, subscribers, for maximum permissive adoption. Both allow commercial use.
A thin HookBus subscriber that adapts Microsoft Agent Governance Toolkit (AGT, MIT) to the HookBus envelope. Sub-10ms deterministic decisions, AGT threat categories, deny-wins consolidation. Our adapter is MIT. It matches the AGT upstream.
Token-cost monitor for autonomous AI agents. Tracks spend in real time so runaway Hermes, OpenClaw, or Claude Code agents can't rack up bills. Per-agent, per-model, per-session. Built-in dashboard on :8883. SQLite-persisted. Bundled price table for 16 models (Claude, GPT, Gemini, MiniMax, DeepSeek, GLM, more).
One HookBus™ Enterprise licence bundles all five subscribers below: CRE Enterprise, Auditor, DLP Filter, KB Injector, and Session Memory. SLA, dedicated support, and escalation path included. Closed-source, on-premise or VPC, air-gap compatible.
Built for regulated industries. No cloud dependency. Your data never leaves the host.
Two-layer policy engine. L1 deterministic (sub-10ms) + L2 Granite LLM reasoning. Organisation-specific rules, KB override, PIN escalation. Our flagship enforcement subscriber.
SHA-256 hash-chain event log. Tamper-evident. Export bundles for SOC 2, ISO 27001, ISO 42001, EU AI Act Article 12 compliance evidence.
PAN, NI, API key, JWT, session-token redaction on egress. Bidirectional (prompt and response). 20+ curated patterns maintained by us.
Inject organisation-specific policy and compliance context into every prompt before it hits the LLM. Rule-authoring UI, deterministic matching, sub-ms overhead.
Durable cross-session context recall. Dual sync + async subscriber. Postgres-backed. Per-agent isolation, per-team retention, audit-trail linked.
Every AI agent action is a lifecycle event. HookBus™ captures them all and routes them to subscribers. Governance subscribers enforce rules. Observability subscribers track cost and usage. Memory subscribers record history. Intelligence subscribers learn and adapt. Add a subscriber, every agent's events flow to it.
HookBus™ is the platform, CRE is subscriber #1. Build memory, cost monitoring, anomaly detection, compliance gates, or anything that reacts to AI agent lifecycle events. One JSON envelope, any language.
CRE Enterprise is the flagship enforcement subscriber on HookBus™. Every tool call passes through both layers before execution. Layer 1 is deterministic and runs in under ten milliseconds. Layer 2 is semantic and runs locally on CPU. No cloud. No exceptions. The AI never gets the choice to ignore your rules.
HookBus™ Light ships with CRE-AgentProtect (Layer 1 only, MIT, free). HookBus™ Enterprise adds Layer 2 intent verification plus Auditor, DLP Filter, KB Injector, and Session Memory under one commercial licence.
Microsoft Agent Governance Toolkit (MIT) provides semantic threat classification across destructive, exfiltration, and privilege escalation categories. Combined with our proprietary regex pattern engine for your organisation's policies. Configurable per team, project, or environment. Audit-ready.
IBM Granite 4 (Apache 2.0) runs locally on your hardware. Verifies the AI's action matches what the user actually asked for. Catches substitutions, shortcuts, and creative reinterpretations. Zero data leaves the machine.
HookBus™ works with any AI assistant or SDK that exposes lifecycle hooks. The thin client normalises events from different hook formats into one standard protocol. As long as the hooks CRE needs are available (PreToolUse, UserPromptSubmit), the full enforcement solution works out of the box.
Each assistant exposes hooks at different lifecycle points. HookBus™ connects to whatever hooks are available. The more hooks an assistant exposes, the more subscribers can do. CRE only needs PreToolUse to enforce rules. Add UserPromptSubmit and CRE injects knowledge base context. Add PostToolUse and async subscribers can log, count, and learn.
Think of it as a plugin marketplace. Developers build subscribers. Organisations subscribe to the ones they need. HookBus™ routes the events. No vendor lock-in. No monolithic platform.
One requirement: the platform exposes a pre-execution hook. Every major AI assistant and SDK now does. HookBus™ normalises different hook formats into one standard protocol. The more lifecycle hooks a platform exposes, the more subscribers can do, but a single pre-execution hook is enough for full CRE enforcement.
Both layers run on your hardware. No API keys. No external calls. Air-gap compatible.
Every tool call, every decision, every override logged. SOC2-ready, ISO 27001-ready, ISO 42001-ready.
Layer 2 decisions automatically promote to Layer 1 patterns. Faster and more accurate over time.
Searches your organisation's knowledge base and injects context into the AI automatically.
Prevents agents from encoding commands, lateral movement, or writing scripts to bypass enforcement.
Rules live outside the agent's context window. No governance tokens per inference call. The more rules you add, the more you save versus prompt-based enforcement.
Add governance, observability, or intelligence subscribers without touching the bus or other subscribers.
Every agent SDK ships tools without lifecycle management. Agentic Thinking adds governance, observability, and intelligence to any framework.
License the enforcement architecture for your AI agent platform.
One hook, full governance. Coding assistants, trading bots, autonomous agents.
Ship HookBus™ + CRE under your brand as part of your enterprise offering.
Start free with HookBus™ Light in 60 seconds. Upgrade to HookBus™ Enterprise when you need audit evidence, DLP, durable memory, two-layer policy, or SLA-backed support.
Apache 2.0 · open source · self-hosted
Commercial licence + SLA · bundled subscribers · air-gap ready
For agent platforms and SDK builders
Confidential demos, technical deep-dives, partnership and licensing discussions. All by appointment.
Book a Demo