Every AI agent fires lifecycle events. HookBus captures them from any platform and routes them to subscribers. Governance. Memory. Cost. Compliance. Distillation. Or anything you build. One bus. Every agent. Any subscriber.
Every governance tool, every audit logger, every cost tracker, every memory system has to integrate with every AI agent platform separately. Claude Code has one hook format. Cursor has another. OpenAI Agents SDK has a third. LangChain has callbacks. Anthropic Managed Agents has SSE streams. An organisation running three agents and five tools writes fifteen integrations. That does not scale.
HookBus reduces N × M to N + M. Each publisher integrates once with the bus. Each subscriber integrates once with the bus. Done.
Publishers emit lifecycle events. The bus routes them. Subscribers react. That is the entire architecture.
HookBus is not one-directional. It operates in two directions simultaneously on the same architecture.
On PreToolUse and UserPromptSubmit, subscribers inject organisational context into the agent's working memory before execution. Knowledge base lookups, compliance context, recent incidents, team ownership.
On PostToolUse, subscribers remove sensitive content before it leaves the agent's trust boundary. PII scrubbing, credentials filtering, licence detection, export control.
CRE is subscriber #1 and proves governance. The rest prove the marketplace model. Each is a standalone service that reads the JSON envelope and returns a decision. No SDK. Any language.
Composable Rule Enforcer. Two-layer governance: Microsoft AGT semantic classification plus regex for org policy (L1). IBM Granite 4 local LLM intent verification (L2). Sub-10ms L1. Sub-1s L2. No cloud. Licensed.
L1-only governance. Microsoft AGT semantic threat classification plus 15 regex rules for org policy. No LLM. No GPU. No API key. Sub-10ms. 306 lines of Python. The free tier that catches 80% of violations. Upgrade to CRE Full for L2 intent verification.
Coming soon. Open source.
Knowledge base context injection. SQL-backed keyword lookup against organisational metadata (servers, teams, runbooks, policies). Sub-millisecond. No LLM required. The agent receives rich context it was never trained on, without asking for it. One Python file. Zero dependencies.
Coming soon. Open source.
Cross-session recall. Captures every agent interaction (prompts, tool calls, outputs) into SQLite. Injects recent history as preprompt on new sessions. The agent remembers what it did last time without being told. Dual mode: records everything, injects on demand.
Coming soon. Open source.
SOC2/ISO compliance evidence generator. Captures every event-decision pair into a tamper-evident SQLite log with SHA-256 hash chain. Immutable records (no UPDATE, no DELETE). Generates branded HTML compliance reports mapped to SOC2 CC7, ISO 27001 A.12.4, and ISO 42001. CSV export. Hash chain verification. Retention policy.
Coming soon. Open source.
Data Loss Prevention for AI agents. 15 detection patterns across credentials, PII, financial data, and infrastructure. Inspects tool call arguments and outputs. Blocks or redacts before data leaves the trust boundary. Bidirectional on PreToolUse + PostToolUse. Regex-only. No LLM. Sub-millisecond.
Coming soon. Open source.
Per-agent, per-team cost tracking. Budget enforcement. Real-time dashboards.
Behavioural baselines per agent. Alert on deviations from normal tool-use patterns.
PCI, SOX, HIPAA gates as sync subscribers. Regulatory enforcement with audit-grade logging.
Capture full agent trajectories as training data. Fine-tune cheaper models from production traces. Zero data leaves your environment.
Tamper-evident event log. Every tool call, every decision, every override. SOC2/ISO 27001/ISO 42001-ready.
Slack, Teams, PagerDuty, email, SIEM. Route critical events to the right people in real time.
Detect conflicts between concurrent agents. Knowledge handoff. Workflow orchestration. Only possible with a multi-publisher bus.
Actuarial risk scoring per tool call. Liability assignment. Insurance underwriting data for the AI agent market.
Any service that can read JSON from a Unix socket, HTTP endpoint, or in-process Python class can be a HookBus subscriber. No SDK. No framework. Any language.
Register it: six lines of YAML in subscribers.yaml. Name, transport, address, event filter, timeout, fail mode. The bus hot-reloads. Zero downtime.
The bus normalises events from every publisher into a single standard format. Subscribers never deal with platform-specific hook formats.
The bus is event-type agnostic. When an agent platform adds a new lifecycle event, the bus routes it automatically without code changes. The event_type field is an opaque string used only for subscriber filter matching.
The same architecture. Three deployment models. Your choice.
Your hardware. Your trust boundary. Air-gap compatible. No data leaves your environment. Unix socket transport.
Your VPC on AWS, Azure, or GCP. HTTPS transport. Container-native. Same isolation, cloud-native operations.
Managed by Agentic Thinking. Per-tenant isolation at the event envelope level. Trial, evaluate, and scale without operating infrastructure.
The bus and the first enforcement subscriber are covered by separate UK patent applications. The subscriber marketplace and reference implementations (KB Injector, Session Memory, DLP Filter) are released as open source to accelerate ecosystem adoption.
30-minute confidential demo. Live HookBus + CRE enforcement. KB injection. Audit dashboard. Your questions answered.
Book a Demo