Ond Holdings Inc.
Building OSuite, the governed action layer for AI agents.
Ond builds infrastructure for enterprises that want AI agents to operate inside real business systems without turning governance into a dashboard ritual.
Our main product is OSuite: a runtime security and governance control plane for AI agents. OSuite connects to agent runtimes, developer tools, workflow platforms, and enterprise systems so teams can answer a practical set of questions before and after an agent acts:
- What is the agent trying to do?
- Which system, data, user, or business process can it affect?
- Which policy applies at runtime?
- Who has authority to approve the action?
- Is the approval bound to this specific action, or can it be replayed?
- What evidence exists after the action completes?
We describe this as a governed action layer: the place where AI intent becomes a structured, reviewable, approvable, and replayable action record.
OSuite is built around a small set of research-backed primitives:
Agent / Runtime
|
v
Action Envelope
|
v
CAVA
Canonical Action Vector Analysis
Turns raw agent behavior into structured action meaning.
|
v
Policy Profile
Applies workspace, agent, and use-case-specific governance posture.
|
v
PCAA
Proof-Carrying Agent Actions
Defines who has final governance authority over an action.
|
v
BAF
Bounded Action Firewall
Binds approval to a narrow, non-reusable action lease.
|
v
AREG
Agent Runtime Exposure Graph
Maps runtime exposure across agents, systems, policies, and evidence.
|
v
Decision Record / Replay
Produces an audit-ready record of what happened, why, and under whose authority.
The customer-facing output is intentionally simple: what the agent can do, why it can do it, who approved it, whether the approval can be reused, and what systems would be affected if something goes wrong.
OSuite is developed as a research-driven product. The current research program includes:
-
PCAA: Proof-Carrying Agent Actions A model-agnostic runtime governance model for heterogeneous agent systems.
-
CAVA: Canonical Action Vector Analysis A structured action-analysis layer for converting agent behavior into reviewable governance objects.
-
BAF: Bounded Action Firewall A boundary mechanism for turning approval into scoped, time-bound, non-transferable action leases.
-
AREG: Agent Runtime Exposure Graph A runtime exposure map for understanding blast radius, agent posture, and operational risk.
We publish selected research artifacts, implementation notes, and reference examples when they can help the broader agent infrastructure community without exposing OSuite production internals.
OSuite is designed to work where agents already run.
-
SDK and CLI Install OSuite in local agent environments and governed workflows from the terminal.
-
MCP and ChatGPT Apps Bring OSuite review, approval checks, outcome recording, and runtime exposure summaries into assistant-driven workflows.
-
Workflow Integrations Use OSuite checkpoints in workflow tools such as Dify and n8n.
-
Runtime Adapters Connect OSuite to shell-based agents, coding agents, custom runtimes, and enterprise automation surfaces.
-
External Verifiers Support external verification layers for signed verdicts, committed evidence hashes, and independently challengeable records.
Key public repositories include:
-
OSuite-Governed-Agent-ExamplesReference examples for governed agent workflows, runtime checkpoints, and OSuite integrations. -
CAVAA developer-facing reference implementation for canonical agent-action analysis. OSuite Studio extends this foundation with managed policy, scoring, runtime security, approval workflow, and audit replay. -
osuite-sitePublic website, research index, blog, customer stories, and product narrative for Ond and OSuite.
Some repositories in this organization are historical research prototypes or solution accelerators from earlier Ond work in manufacturing, ESG intelligence, industrial data foundations, and knowledge systems. They remain useful as context, but OSuite is now focused on agent runtime security and governance.
OSuite is most relevant for teams deploying AI agents into environments where actions matter:
- Security and governance teams evaluating AI agent risk.
- Platform teams connecting agents to internal systems.
- Compliance teams that need replayable evidence.
- AI product teams that need approval and policy controls without rebuilding their runtime.
- Enterprises that want model flexibility without losing operational sovereignty.
If an agent can publish, deploy, move data, update records, call tools, trigger workflows, or influence business decisions, OSuite is designed to make that action governable.
We are interested in collaboration with:
- Agent framework maintainers.
- Workflow and automation platforms.
- Security, audit, and compliance teams.
- External verifier and cryptographic evidence projects.
- Researchers working on agent safety, runtime governance, and enterprise AI controls.
For substantial integration work, please open an issue first so we can align on the governance boundary, API surface, and evidence model before implementation.
- Website: https://ond.cc
- OSuite Studio: https://studio.osuite.ai
- Product domain: https://osuite.ai
- Email: jw@nd.im
- LinkedIn: Ond Holdings Inc.
- X: @Ond_cc
Ond Holdings Inc. builds OSuite. The Ond & Co mark appears in selected visual identity assets as a reference to the company's early founding culture.