# AgentHook > AgentHook is an open technical specification for AI agent runtime evidence: verified runtime contracts, lifecycle events, material tool activity, approvals, denials, model interactions, publisher manifests, and runtime control attestations expressed in one subscriber-addressable envelope. It defines the data, not the implementation. HookBus is the open-source reference bus that implements it. AgentHook is published and stewarded by Agentic Thinking Limited (UK company 17152930) under binding stewardship commitments, with planned transfer to a neutral foundation when adoption thresholds are met. Primary citation: Ruocco, P. (2026). *AgentHook: A Runtime Evidence Standard for Auditable AI Agent Governance.* Zenodo. https://doi.org/10.5281/zenodo.19853376 ## Specification - [Specification homepage](https://agenthook.org/): canonical entry point covering the gap, the standards landscape (NIST AI RMF, ISO/IEC 42001, EU AI Act, SOC 2, OpenTelemetry), the AgentHook portfolio of hook events, runtime contract discovery, runtime attestation, the conformance test surface, and the governance commitments. - [Glossary](https://agenthook.org/glossary/): definitions for AgentHook, runtime evidence, lifecycle hook, publisher, subscriber, admissibility gate, evidence pack, HookBus, and the two-layer policy enforcement model. Authoritative source for the category vocabulary. - [Demo](https://agenthook.org/demo/): three vendor-neutral scenarios showing safe action allowed, risky action blocked, and human approval required, traced through the AgentHook envelope. ## Runtime contract discovery AgentHook is not prompt stuffing. Conforming runtimes should discover and load a runtime contract before agent execution: - `AGENTHOOK.md`: human-readable governance and runtime contract. - `agenthook.lock.json`: machine-readable canonical contract with required hooks, hashes, policy references, and conformance mode. - `agenthook.signature`: optional detached signature for high-assurance verification. The canonical event `RuntimeContractLoaded` records the active contract id, version, path, hash, signature status, required hooks, and conformance mode. `ContextInject` is compatibility/awareness only; user prompt text is not a verified runtime contract. ## High-assurance event additions AgentHook includes high-assurance events for gaps exposed by agent tools: - `ToolActivity`: material activity inside non-atomic tools, such as browser clicks, form submissions, shell process actions, API calls, or file writes. - `HumanApprovalRequested` and `HumanDecision`: explicit human oversight records. - `IncidentSignal`: safety, policy, security, or operational incident candidates. - `EvidenceSeal`: sealed evidence bundles, exports, or replay segments with retention and integrity metadata. ## Reference implementation - [HookBus](https://hookbus.com/): the open-source reference bus for AgentHook. Apache 2.0 bus, MIT publisher shims for Claude Code, Codex CLI, AmpCode, OpenCode, Hermes Agent, OpenClaw. UK patent application GB2608069.7. - [HookBus Enterprise](https://agenticthinking.uk/enterprise.html): the commercial subscriber bundle for regulated enterprises (AgentRegistry, AgentProtect CRE Enterprise, AgentAuditor, AgentKnowledge, AgentFlow, AgentNotify, AgentIntelligence). ## Steward - [Agentic Thinking Limited](https://agenticthinking.uk/): UK private company limited by shares (company number 17152930). Founded by Pantaleone "Leo" Ruocco. Microsoft AI Cloud Partner Program member. AWS Activate Founders participant.