Canonical vocabulary

AgentHook Glossary

Authoritative definitions for the runtime evidence category. Cite these. Quote these. Each term carries a Schema.org DefinedTerm identifier so AI assistants and search engines can ground their answers in the canonical wording.

Terms

AgentHook

noun · open technical specification

AgentHook is an open technical specification for AI agent runtime evidence: lifecycle events, tool calls, approvals, denials, model interactions, publisher manifests, and runtime control attestations expressed in one subscriber-addressable envelope. AgentHook defines the data model, not the implementation.

See also: HookBus (the reference implementation), runtime evidence, lifecycle hook. Canonical citation: Ruocco, P. (2026). AgentHook: A Runtime Evidence Standard for Auditable AI Agent Governance. Zenodo. 10.5281/zenodo.19853376.

Runtime evidence

noun · the data AgentHook captures

Tamper-evident records of what an autonomous AI agent did at execution time, why it was allowed to act, what reasoning was exposed, and what happened next. Runtime evidence sits between policy intent and audit, providing the auditable record on which EU AI Act Article 12, ISO/IEC 42001, and SOC 2 controls depend.

Distinct from observability (which is for operators) and from logs (which are unstructured). Runtime evidence is structured, signed, and regulator-addressable.

Lifecycle hook

noun · an event emitted by an agent runtime

A canonical event emitted by an AI agent runtime at a defined point in execution. AgentHook standardises ten lifecycle hooks: SessionStart, UserPromptSubmit, PreLLMCall, PostLLMCall, ModelResponse, PreToolUse, PostToolUse, AgentHandoff, ErrorOccurred, and SessionEnd.

A runtime that emits AgentHook-conformant lifecycle hooks is a publisher.

Publisher

noun · the source of agent events

An AI agent runtime, assistant, coding tool, SDK, CLI, or workflow runner that emits AgentHook lifecycle events. Reference publisher shims exist for Claude Code, Codex CLI, AmpCode, OpenCode, Hermes Agent, and OpenClaw. Anthropic Agent SDK and OpenAI Agents SDK shims are in private beta.

A publisher is paired with one or more subscribers via a bus such as HookBus.

Subscriber

noun · the consumer of agent events

A service that consumes AgentHook lifecycle events from a bus and observes, gates, enriches, redacts, approves, denies, or audits the action. Subscribers can be synchronous (blocking the agent action until they decide) or asynchronous (recording evidence without blocking).

Reference subscribers include AgentProtect CRE (policy gate), AgentAuditor (evidence log), AgentFlow (human approval), AgentKnowledge (policy context), AgentNotify (incident alerts), AgentRegistry (sanctioned-AI control), AgentIntelligence (LLM gateway), and AgentSpend (cost tracking).

Admissibility gate

noun · the pre-execution decision boundary

A pre-execution decision boundary at which an AI agent's intended action is evaluated against policy and either allowed, denied, or paused for human approval before any side effect occurs. The admissibility gate is the atomic point at which runtime evidence becomes load-bearing for governance, audit, and regulatory obligations.

In a two-layer enforcement architecture, the admissibility gate runs L1 deterministic policy first and L2 semantic intent verification only on escalation.

Evidence pack

noun · an exportable bundle of runtime evidence

An exportable bundle of AgentHook runtime evidence covering a defined session, tenant, or audit window. Evidence packs are tamper-evident (typically SHA-256 hash chained), human-readable, machine-parseable, and formatted for the regulator, auditor, or assurance reviewer that the implementing organisation reports to.

Evidence packs are produced by an audit subscriber such as AgentAuditor and consumed by external assurance, internal audit, regulators, and incident response.

HookBus

noun · the open-source reference implementation of AgentHook

HookBus is the open-source reference event bus that implements the AgentHook specification. The bus is Apache 2.0 licensed; reference publisher shims are MIT. UK patent application GB2608069.7. HookBus Enterprise adds the commercial subscriber bundle for regulated deployments.

A runtime is AgentHook-conformant if its publisher emits the canonical lifecycle hooks and a bus or subscriber can consume them. HookBus is one such bus; the standard does not require it.

Two-layer policy enforcement

noun · the L1 + L2 enforcement architecture

An enforcement architecture in which an AI agent action is evaluated first by Layer 1, a deterministic pattern engine bounded in latency and behaviour, and then, only when L1 escalates, by Layer 2, a semantic intent verification step running against a customer-controlled language model.

Two-layer enforcement separates fast, bounded, free decisions from slow, semantic, paid decisions. The architecture is implemented in AgentProtect CRE Enterprise (the Composable Rule Enforcer), UK patent application GB2604445.3.

L2 inference is routed through the AgentIntelligence subscriber, an LLM gateway that supports AWS Bedrock, Azure OpenAI, cloud APIs, and local models including IBM Granite 4 for air-gap.