Agentic Thinking Limited
⚠ Runtime governance readiness · EU, UK, US, SOC 2, ISO/IEC 42001 · pilots should start before enforcement pressure arrives

Runtime governance for AI agents and coding assistants in regulated enterprises.

Agentic Thinking builds AgentHook-aligned runtime governance software: HookBus routes agent evidence, AgentProtect enforces policy, and approval/audit subscribers prove what happened before and after consequential actions.

Built for organisations with a CISO, a DPO, and internal audit watching. Financial services. Insurance. Healthcare. Defence. Public sector. Internal IT departments where Claude Code, Cursor, Amp, Codex, and Copilot already touch regulated codebases. Anywhere agents or assistants now hold the keys.

Book a Demo → See the products
Watch the control loop

Runtime governance for coding assistants and autonomous workflow agents.

See HookBus capture an agent action, AgentProtect apply hard block, allow, or ask, the human-approval workflow route a reviewer decision, and AgentAuditor preserve the evidence trail. Fixed-price validation sprints are typically three days and can launch into a full pilot.

72 seconds · click to play with sound

Book a 30-minute demo → See the products
The category

Agents and coding assistants are drifting in production.

AI agents run tool calls, write to production, handle customer data, browse admin systems, and execute CLI actions. Your developers have Claude Code, Cursor, Amp, Codex, and Copilot against regulated codebases. Your IT team runs coding assistants with access to secrets and infrastructure. Governance cannot wait for a final enforcement date: enterprises need pilots now so runtime evidence, approval, and control are already working when regulators, auditors, insurers, or procurement teams ask.

Readiness
Runtime evidence before enforcement pressure
EU, UK, US, internal audit
SOC 2
Auditable agent decision trail required
Enterprise procurement gate
ISO 42001
AI management system standard
Published December 2023
Products

Three products. One AgentHook-aligned governance architecture.

AgentHook is the open runtime evidence standard. Agentic Thinking implements it in working software. HookBus is the reference runtime router for AgentHook-compatible events. HookBus Agent is the governed runtime for teams that need hooks surfaced from day one. HookBus Enterprise is the central control plane, including AgentProtect CRE as the policy enforcement product inside it.

Product 1

HookBus

The AgentHook-aligned runtime router.

Routes AgentHook-compatible lifecycle evidence from AI agents and coding assistants to subscribers for governance, audit, cost tracking, memory, DLP, approval, and anything else you plug in. Vendor-neutral: works with Claude Code, Cursor, Amp, GitHub Copilot, Hermes, OpenClaw, Codex, Anthropic Agent SDK, OpenAI Agents SDK, and any HTTP-capable runtime.

  • HookBus Light: Apache 2.0, self-host, free for any organisation. See hookbus.com for the open-source subscribers.
  • Feeds HookBus Agent and HookBus Enterprise with the same AgentHook-compatible event model.
  • On-premise, VPC, or air-gap deployment
HookBus site → HookBus Agent runtime → Talk to sales
Product 2

HookBus Agent

The hook-complete governed agent runtime.

HookBus Agent is the commercial runtime for teams whose existing agents cannot expose the control points governance needs. It executes work while surfacing request, plan, tool, approval, notification, evidence, replay, and audit hooks from day one.

  • Local governed execution for individuals and teams
  • Built-in HookBus Light event path and evidence capture
  • Designed to connect into HookBus Enterprise when central policy is required
  • Aligned to AgentHook.org lifecycle events
HookBus Agent site → Talk to sales
Product 3

HookBus Enterprise

The central governance control plane.

HookBus Enterprise centralises governance across teams, agents, systems, approvers, and auditors. It includes AgentProtect CRE for policy enforcement, plus the enterprise subscriber bundle for approval, audit, DLP, notification, registry, and evidence workflows.

  • Includes AgentProtect CRE: patent-pending L1 deterministic patterns plus L2 probabilistic patterns
  • Fleet-wide policy, approvals, audit aggregation, SIEM and DLP integration
  • Commercial licence, SLA, support, and regulatory update packs
  • On-premise, VPC, or air-gap deployment
HookBus Enterprise site → Talk to sales
Standards alignment

Aligned with standards. Not trying to replace them.

Agentic Thinking does not ask enterprises or runtime vendors to abandon their existing stack. We implement the AgentHook evidence model and align with OpenTelemetry pipelines for observability-aligned evidence.

AgentHook

Open runtime evidence standard.

AgentHook defines the vendor-neutral event and evidence contract. HookBus is one reference implementation, not a required dependency.

OpenTelemetry

Observability-aligned evidence.

AgentHook evidence can map into traces, spans, events, and logs while preserving agent-specific semantics such as authority, approval, policy decision, and nested tool activity.

Vendor runtimes

Opportunity for native support.

OpenAI, Anthropic, Cursor, Windsurf, and other runtimes can expose AgentHook-compatible evidence without adopting HookBus or any Agentic Thinking product.

Solutions by role

Who this is for.

Agentic Thinking speaks to the people responsible for the agent-in-production problem. Every block below maps to a real deliverable in the product, not a marketing line.

CISO

Know every action every agent takes.

Hash-chained audit trail across every agent runtime. Evidence your incident response team can actually subpoena.

DPO

Stop PII leaving the agent boundary.

DLP Filter subscriber redacts secrets and regulated data at envelope entry. GDPR / HIPAA / PCI scopes configurable.

Head of AI Governance

One governance layer across every LLM vendor.

Rules written once, enforced across Claude, GPT, Gemini, open-weights. Vendor portability built in.

Internal Audit

Evidence on demand.

Every decision, every override, every deny-wins consolidation, timestamped and exportable for the auditor.

Compliance

Map policy to the enforcement layer.

Regulation language translates to deterministic rules. L1 blocks before the tool call, no LLM discretion.

Finance

Agents at predictable cost.

AgentSpend tracks token usage per team, per agent, per session. Budget limits enforceable at the bus layer.

LLM strategy

Bring your own LLM.

HookBus sits at the hook layer, not the inference layer. Governance runs at the bus; your models keep running wherever your enterprise has already standardised.

Private cloud

AWS Bedrock, Azure OpenAI, Google Vertex AI, IBM watsonx.ai

Self-hosted

Ollama, vLLM, llama.cpp, NVIDIA NIM

Provider-direct

Anthropic, OpenAI, Google, Mistral, Moonshot

1.
Only the AgentProtect L2 adapter ever calls the LLM. The LLM adapter is a separate, isolated service. AgentProtect holds no LLM keys and opens no outbound HTTPS to a provider. Your compliance team keeps one perimeter, not many.
2.
Every LLM call the governance layer makes is itself audited on the bus. PreLLMCall, PostLLMCall, reasoning content, model, provider, token counts. Hash-chained. Exportable. Runtime evidence by construction, not by effort.

Built and tested, not just theorised. HookBus and AgentProtect were built and tested with small enterprise-friendly models regulated teams can self-host, proving the L2 probabilistic pattern path does not require a frontier model or public-cloud dependency. The same patent-pending L2 path can use the enterprise's approved LLM, whether local, private cloud, or provider-hosted.

Partnerships

Open to partnerships with AI runtime companies.

If you build an AI runtime, coding assistant, or agent framework and need a governance story your enterprise customers can buy, Agentic Thinking can help you implement AgentHook-compatible evidence, route it through HookBus where useful, and add AgentProtect policy and approval flows where customers need enforcement. White-label, OEM, per-seat, per-deployment, and native-standard-support models available.

White-label embedding

Your product ships with HookBus Enterprise under your brand, including AgentProtect, approval workflows, audit evidence, and policy packs. You supply the distribution.

OEM relicensing

Relicense HookBus Enterprise to your enterprise customers as part of your own paid tier. Revenue share or flat licence. Audit-ready runtime evidence included.

Joint engineering

Co-develop native AgentHook-compatible evidence or a publisher shim for your runtime. Enterprise customers get the governance evidence they need without you becoming a governance vendor.

Licensing enquiries: partnerships@agenticthinking.uk

Integration partners

Works with the tools enterprise AI teams already run.

HookBus ships publisher shims for the major AI runtimes and SDKs. AgentProtect integrates with industry-standard policy engines. All integrations are public, documented, and use each vendor's supported APIs.

AgentProtect CRE
Patent-pending L1 + L2

Agentic Thinking's enterprise policy system combines L1 deterministic patterns with L2 probabilistic patterns using the customer's approved model path.

Anthropic
Claude Code hook

Publisher shim for Claude Code via the native hook API. All four lifecycle events.

Amp
Plugin API

TypeScript plugin for Amp's lifecycle plugin API. Full five-event coverage.

Nous Research
Hermes-agent plugin

Python plugin for Hermes-agent. Pre-tool-call, post-tool-call, post-API-request hooks.

OpenClaw
Extension API

Node.js plugin for OpenClaw's extension API.

OpenAI Agents SDK
Python shim

Wraps HookBusRunHooks(RunHooksBase). Tool start / tool end / LLM end / agent end.

Anthropic Agent SDK
Python shim

Pre- and post-tool events for the Anthropic Agent SDK.

The company

Agentic Thinking Limited.

A UK company building the runtime-governance infrastructure regulated enterprises need to adopt AI agents safely. Three products, patent-pending architecture, pilot-ready.

Leo Ruocco
Built by Agentic Thinking.

Founded by Leo Ruocco, on 30 years across UK financial services, insurance, and defence, building the controls layers auditors actually read.

Agentic Thinking turns enterprise-grade engineering into runtime governance that regulated organisations can deploy with confidence.

Company
Agentic Thinking Ltd
Patent: HookBus
GB2608069.7
Patent: CRE
GB2604445.3
Trademark
HookBus™
Compliance posture

Designed for organisations whose procurement starts with a questionnaire.

HookBus Enterprise is built for the deployments where a CISO signs a DPIA before the tool goes live. Regulation may arrive on different timelines in different jurisdictions, but enterprises deploying agents into real workflows need runtime evidence, approval, and control now.

EU AI Act readiness

Supports runtime evidence preparation

Where AI regulation requires record keeping, oversight, or auditability, HookBus and AgentHook-compatible evidence help produce the runtime trail: tamper-evident, chained, exportable.

SOC 2

Evidence for Type II audits

Produces the event-level audit trail your SOC 2 Type II assessor expects. Built to slot into your assurance programme.

ISO / IEC 42001

Aligned to AIMS controls

Deployment, operation, incident-response, and review features map to ISO 42001 clauses. Built to support customers running an AI management system.

GDPR · HIPAA · PCI

Boundary-level data protection

DLP Filter redacts API keys, PII, financial identifiers, and infrastructure strings at the envelope. Regulated data never leaves the agent boundary.

No cloud dependencies

On-prem, VPC, air-gap

AgentProtect runs locally, CPU-only. No external API calls at decision time. Deploy where your DPIA allows.

Agentic Thinking Limited does not currently hold third-party compliance certifications. The products are built to the evidence standards SOC 2 Type II and ISO/IEC 42001 require, and customers can use them inside their own compliance programmes today. Security posture documentation is available under NDA — see the Trust Center.

Deployment targets
On-premise VPC Air-gap No cloud dependency
Talk to sales

Book 30 minutes. Walk out knowing whether we fit.

Built for organisations running AI agents in production or coding assistants across internal IT, targeting regulated-industry deployment. Call for details. Not the right price point for a hobby project, exactly the right price point for a bank.

Book a Demo → Email sales
Sales
sales@agenticthinking.uk
Partnerships & licensing
partnerships@agenticthinking.uk
Security disclosure
security@agenticthinking.uk