Obsta Labs

We don't block agents. We arrange the work so overreach is hard to reach.

AI agents are powerful and useful — and one wrong step drops a database, leaks a key, or quietly fabricates "done." The usual answer is friction: block, deny, nag, make humans remember the rules. We take the opposite path. We shape the environment so the safe path is the path of least resistance, and the dangerous one is no longer the natural one.

Principiis obsta — resist the beginnings. Not by obstructing the work, but by arranging reality so there is almost nothing to trip over.

Make the safe path the path of least resistance.

Obsta does not block agents. It shapes their environment so useful work happens without accidental overreach.

We are not model vendors. The models are becoming beautiful and useful. Obsta Labs builds the other side: the context operating system around them. Hiveram keeps the shared truth. NeuroRouter decides what slice enters the live model window. Hivebus keeps intake and evidence explicit before execution begins. tokencontrol runs ready work through the execution layer. Verdict enforces policy at action boundaries. VectorCourt stress-tests decisions before they become expensive.

The context operating system

This stack exists for teams that refuse to choose between one giant fragile session and total amnesia. The system promise is simple: architect once, move bounded truth when needed, execute with the cheapest capable surface, and apply results back without making authority ambiguous.

The four promises

No forced migration as sessions age. No transcript replay when a fresh agent takes over. No hidden sync magic that confuses local experiments with shared truth. No premium-model spend on work that cheaper execution could handle.

1. Architect the work A senior model or operator frames the task once, captures the constraints, and locks the reporting contract into the shared graph.
2. Rehydrate with a mission briefing Fresh sessions start from the current work contract instead of replaying the entire conversation that led there.
3. Execute on the right tier Focused execution can happen on a cheaper or more specialized agent without rediscovering the project from scratch.
4. Return bounded results Bundles, checkpoints, and provenance keep what flew out, what came back, and what was applied visible.
NR-only Local focus shaping, continuity protection, and session mobility for teams that need better live context before they need a shared work graph.
Hiveram-only Shared truth, portable bundles, checkpoints, provenance, and handoff across agents, machines, and disconnected environments.
Combined Hiveram stores the graph and portable bundles. NeuroRouter decides what slice of that graph enters the live model window. The other layers add intake, execution, and policy without collapsing the boundaries.

Products

Obsta Labs' projects group into four areas: regulated agent control (CoreGate), agent security (Bulwark, Verdict), context & work memory (NeuroRouter, Hiveram, Hivebus), and cloud & decision operations (SpectreHub, VectorCourt, ANCC).

Regulated agent control

CoreGate ↗

Control plane for agentic banking. CoreGate lets AI agents interface with legacy bank systems through deterministic permissioning, audit, kill-switch governance, and bounded action controls — so every action is attributable, non-destructive by default, audited, and instantly stoppable. obsta.ai

Cloud Infrastructure

SpectreHub

Cloud waste detection platform. 20+ open-source CLI scanners across AWS, GCP, Azure, Kubernetes, and databases — unified into one system of record.

Agent & Reasoning Control

Verdict

Enforcement runtime for autonomous agents. Policy at execution boundaries — kernel-level on Linux, system-level on macOS, API-level on Windows. Works with Claude Code and Codex.

Bulwark

Open-source, policy-driven consent for AI agents at the filesystem boundary. A protected file read is paused at the Linux/macOS kernel and approved out-of-band by a human before bytes reach the agent. Available now for Linux and macOS (v0.7.x).

NeuroRouter

Context operating system for live model windows. It shapes the active slice of work for Claude and Codex, preserves continuity, and keeps long sessions from rotting into expensive guesswork.

Hivebus

Typed coordination fabric for issue intake, evidence, clarification, and promotion gating. Keeps why work exists explicit before execution begins and hands off cleanly into the canonical ledger when teams enable downstream execution.

Hiveram

Shared AI work graph and portable handoff layer. Canonical work orders, mission briefings, checkpoints, provenance, and authority-aware bundles for agent fleets.

VectorCourt

Decision governance engine. The Council turns ambiguous problems into structured decisions — surfacing risks, alternative paths, and failure modes before execution begins. Pre-release adversarial pass: point it at a release bundle or stored vector state and it asks whether the change contradicts a locked decision or violates a persisted constraint.

ANCC

Agent-Native CLI Convention. Build CLI tools agents can discover and compose without plugins, registries, or custom integrations.

Selected writing

Short technical notes on agent boundaries, provenance, context, and decision safety.

A Signature Says Who Spoke

It does not prove what world they observed. Why authorship signatures manufacture false confidence between AI agents, and what to bind into the claim instead.

The False-Positive Tax

Safety tools classify the words and ignore everything around them. Harm is not a property of text alone — it is a property of text, actor, object, and authority. Classify the environment before you classify intent.

Your AI Session Costs $400

Where the money goes in long Claude Code sessions, and why reasoning hygiene matters more than bigger context windows.

View all research notes →