Skip to content
View jw-ond's full-sized avatar
🏠
Working from home
🏠
Working from home

Organizations

@OndCo

Block or report jw-ond

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
.github/profile/README.md

Zexun Wang (JW)
Founder of Ond Holdings Inc. Building OSuite, the governed action layer for AI agents.

Ond website OSuite Studio PCAA paper LinkedIn


About

I am the founder of Ond Holdings Inc., based in Toronto, and I am building OSuite: a runtime security and governance control plane for AI agents.

My work sits at the intersection of enterprise AI, agentic systems, security governance, and cross-border commercialization. Before Ond, I worked in Apple environments and helped bring AI products into real enterprise conversations across North America and Asia, including early market development work around Dify in Japan.

The question I keep coming back to is simple:

If AI agents are going to touch real systems, who controls what they are allowed to do?

OSuite is my answer to that question. It is not another dashboard for watching AI after the fact. It is infrastructure for turning agent behavior into structured, reviewable, approvable, and replayable action records before risk becomes consequence.

What I Am Building

OSuite is designed for teams deploying AI agents into environments where actions matter: production systems, customer workflows, internal tools, data operations, compliance reviews, and business decision processes.

The product is built around several research-backed primitives:

  • PCAA: Proof-Carrying Agent Actions A model-agnostic governance model for determining who has final authority over an agent action.

  • CAVA: Canonical Action Vector Analysis A structure for converting raw agent behavior into a governance object that can be scored, reviewed, and approved.

  • BAF: Bounded Action Firewall A boundary mechanism for turning approval into a scoped, non-reusable action lease.

  • AREG: Agent Runtime Exposure Graph A runtime exposure map for understanding which agents, systems, policies, and evidence objects are connected.

The goal is practical: help enterprises understand what an agent is trying to do, why it is allowed to do it, who approved it, whether that approval can be reused, and what happened afterward.

Current Focus

  • Agent runtime security and governance.
  • Action approval, audit replay, and evidence records.
  • Policy-to-runtime enforcement for enterprise AI.
  • Model-agnostic agent control across heterogeneous runtimes.
  • External verification for signed verdicts and committed evidence hashes.
  • Developer integrations through SDKs, CLIs, MCP, ChatGPT Apps, Dify, n8n, and workflow platforms.

Selected Work

  • OSuite Studio Product workspace for governing AI agent actions, approvals, runtime exposure, and decision replay.

  • PCAA paper on arXiv Proof-Carrying Agent Actions: model-agnostic runtime governance for heterogeneous agent systems.

  • OSuite Governed Agent Examples Reference examples for adding OSuite checkpoints to agent and workflow environments.

  • CAVA A developer-facing reference implementation for canonical action analysis.

  • Ond / OSuite website Product narrative, research notes, blog posts, customer scenarios, and reference architecture.

How I Think About AI Governance

I do not think enterprise AI governance should be reduced to slogans like "human in the loop" or "responsible AI." Those phrases can be useful at the policy level, but they are too vague when an agent can publish, deploy, move data, update records, or trigger business workflows.

My view is that governance has to become runtime structure:

  • The action must be represented before it executes.
  • The policy must apply to the action, not just the agent.
  • Approval must be bound to a specific action envelope.
  • Evidence must be reconstructable after the fact.
  • The organization must retain authority over its systems, data, and operational knowledge.

That is the product direction behind OSuite.

Background

  • Based in Toronto, Canada.
  • Founder of Ond Holdings Inc.
  • Ex-Apple.
  • University of Pennsylvania and University of Toronto background.
  • Experience in enterprise AI commercialization across North America and Asia.
  • Interested in AI governance, runtime security, industrial systems, enterprise adoption, and institutional sovereignty.

Contact


I am always open to serious conversations with enterprise buyers, security leaders, agent framework builders, researchers, and early partners working on the next layer of AI infrastructure.

Pinned Loading

  1. Health-Habit-Assistant Health-Habit-Assistant Public

    A simple health assistant app built in Swift5 for iPhone πŸ“±

    Swift 465 91

  2. TTPMLPPmoon TTPMLPPmoon Public

    A simple photo editor

    Objective-C 216