AI Governance · Agentic Development · Workflow Automation

Deploy AI agents you can actually answer for.

Governed AI. Compounding work.

Teams adopt AI faster than they govern it. Agents work — until they don't — and then there's no audit trail, no defined responsibility, and no way to explain what happened to a regulator, a client, or a board. Obizworks builds the alternative: a governed environment your agents run inside.

YOUR AI AGENTS ENFORCED GOVERNANCE LAYER ACCOUNTABLE OUTPUT
Get early access → Talk to us

Governance isn't paperwork. It's architecture.

Most consultants add governance after the build. We design it into the substrate — so it's enforced by code, not trusted on paper.

BOLTED ON governance a label you point to BUILT IN GOVERNANCE the layer the system stands on
Governance bolted on

The usual approach

  • Added after the system is built
  • A document, not a control
  • Fails the first real audit
  • Quietly weakened when it's inconvenient
Governance built in

The Obizworks approach

  • Designed from the substrate up
  • Enforced by the system itself, not by trust
  • Survives audit, scrutiny, and staff turnover
  • Loaded into every agent, on every run
Operational Operational rules. Sensible defaults that adapt to each client contract — how an agent works day to day.
Bedrock Bedrock rules. Can never be overridden — not by a contract, not by a client, not by the President of Obizworks. This is what makes the governance real instead of decorative.

The four pillars

Built around an honest fact: the human in the loop is usually an executive, not a technical reviewer.

Pillar 01

Governed agent platform

Every agent runs against a ratified Constitution — four supervision modes, substrate-level audit, access rules enforced by code.

Pillar 02

Decision support for non-technical leaders

Proposals pass deterministic checks, then an adversarial agent hunts the failure mode. Multi-step decisions are shown as trajectories — so drift is visible.

Pillar 03

Auditability that respects subject rights

Append-only records, never edited or deleted. Exercise a deletion right and the content goes — the fact of the action stays in the audit log.

Pillar 04

Workflow automation under the same governance

Recruitment, screening, client engagement, reporting — every output that affects a person's outcome carries a disclosure that AI was involved.

Safe agent development & hosting

How your agent is kept safe

When Obizworks develops or hosts an AI agent for you, it doesn't run loose. It runs inside a layered environment — every layer a control the system enforces, not a policy you have to trust.

Layered containment environment for a client agent Concentric layers around the client's agent: Constitution, identity and capability contract, budget cap and egress allowlist, append-only audit trail, with human override able to reach in at any layer. 1 · CONSTITUTION Ratified rules every agent loads on every run. Bedrock rules cannot be overridden — by any contract or person. 2 · IDENTITY & CAPABILITY CONTRACT A named agent that may do only what its signed contract declares — nothing more. 3 · BUDGET CAP & EGRESS ALLOWLIST A hard spend ceiling, and a list of the only endpoints it is allowed to reach. 4 · APPEND-ONLY AUDIT TRAIL Every action recorded — never edited, never deleted. The answer to "what happened?" YOUR AGENT does the work — inside all of it HUMAN OVERRIDE a person can pause or stop it at any time
1Constitution. The rulebook your agent is born into. Bedrock rules can't be weakened — not by a client contract, not by us.
2Identity & capability contract. A known, named agent, allowed to do exactly what its contract declares.
3Budget cap & egress allowlist. A hard ceiling on spend, and a fixed list of where it's allowed to connect.
4Append-only audit trail. Everything it does, written down permanently — so any action can be explained, later, to anyone.

Every layer is enforced by the substrate itself. Exceed a budget, reach an endpoint that wasn't granted, act outside the contract — the system stops it, and the attempt is in the audit trail. That's governance that holds, not governance you point to.

What we operate today

Not a slide deck. The governed platform is operational — proven on our own systems before a client's agent ever runs on it.

Substrate

Hardened production foundation

Azure VM in West Europe · Caddy + Cloudflare WAF · Postgres 16 · tested encrypted daily backups. Running on it: the governance API, a per-agent metering proxy, and an append-only audit substrate.

Governed Platform

Two agents live under governance

Two business agents run on it today — each with a ratified contract, a budget cap, an egress allowlist, and a full audit trail. AI traffic across three model providers flows through one metering proxy.

Consulting Practice

Active US SME advisory

Today's clients include a leading US dental technology enterprise and a New Jersey-based human resources firm serving dental practices across North America.

Learner Pipeline · Live Proof

NHCC Career Coach — running fully governed

NHCC is a live career-coaching platform — and the first full application onboarded onto the governed platform. Every AI call routed through the metering proxy; every significant output recorded. Visit NHCC ↗

Technical infrastructure

Governance is only as solid as what it runs on.

The whole platform runs on a hardened Microsoft Azure virtual machine in West Europe — chosen for data residency, built-in security tooling, and a clean vertical scaling path. Every component below is a named, monitored part of the stack.

Obizworks technology infrastructure stack Public traffic enters through Cloudflare, then a hardened Microsoft Azure D2s_v3 virtual machine in West Europe running Caddy, the governance API, the metering proxy, the governance MCP, PgBouncer and PostgreSQL 16 with pgvector. Backups are GPG-encrypted to Azure Blob Storage and logs stream to Azure Monitor. FROM THE PUBLIC INTERNET CLOUDFLARE WAF · CDN · DDoS shield · TLS at the edge MICROSOFT AZURE VM Standard D2s_v3 · 2 vCPU / 8 GiB RAM · West Europe · Trusted Launch (Secure Boot + vTPM) obz-caddy reverse proxy · Let's Encrypt TLS · /v1/* + /governance/* routing governance-api Constitution · contracts · records :8000 · FastAPI obz-llm-proxy per-agent metering · budget caps · egress :8002 · Anthropic-compatible governance-mcp agent tool surface MCP server PgBouncer connection pooler — apps never hit the database directly PostgreSQL 16 + pgvector obz_audit · obz_workflow · obz_context — append-only audit substrate Azure Monitor Log Analytics syslog + alert rules obz-backup daily 17:00 UTC GPG-encrypted Azure Blob Storage off-VM · GPG-encrypted · tested restores
Standard D2s_v3 · 2 vCPU / 8 GiB West Europe region Trusted Launch · Secure Boot + vTPM Premium SSD · daily encrypted backups

Cloudflare absorbs hostile traffic at the edge; Caddy terminates TLS and routes only known paths; the governed app containers never touch the database directly — they go through PgBouncer into PostgreSQL 16 with pgvector. Backups leave the VM nightly, GPG-encrypted, to Azure Blob Storage, and the whole machine streams its logs to Azure Monitor. Scaling up is a VM-size change, not a re-architecture.

By the numbers

7,800
Pre-screened talent reservoir
2
Business agents running fully governed
3
Model providers metered through one proxy
Bedrock
Governance rules no contract can override

Honest disclosures

Most vendors paper over the gaps. We list them — the listing itself signals the kind of operator we intend to be.

Security posture

✓ In place
  • Substrate hardened — kernel, logging, firewall tuned
  • Secrets isolated outside the web root, rotated on a discipline
  • Per-agent credentials, budget caps, egress allowlists
  • Cloudflare WAF · TLS end-to-end · backups tested

Scalability posture

✓ In place
  • Single Azure VM, sized with significant headroom
  • Scales vertically to several times current load
  • A documented expansion path, not improvisation

Why we build it this way

AI governance today sits at the same inflection point database management hit decades ago — and the operators who build rigour early earn the trust the rest spend years chasing.

RIGOUR ↑ TIME → 1980s · databases WE BUILD HERE 2026 · AI governance

AI governance in 2026 is roughly where database management was in the 1980s — every team rolling its own discipline, most deployments destined to fail audit. The few that build rigour from the start quietly earn the trust the rest spend years trying to manufacture.

We chose to build the rigour in from the start. Slower to ship than vendors who add governance later — but when it ships, the audit log answers honest questions, the bedrock rules can't be quietly weakened, and the system survives the role-holder changes every business eventually goes through.

Get early access → Talk to us
Early Access

Bring your AI agents under governance.

The governed platform is operational and proven on our own systems. We're opening it to a small number of US businesses that treat AI as infrastructure. Leave your email — we'll reach out directly.

Held under our Constitution No third-party sharing Launch & milestones only

Updates only on launch and major milestones — no marketing newsletters. Your email is operated under our Constitution's subject data rules. No third-party sharing.