Vibe code with confidence

A new web framework designed for the era of coding agents.

You set the guardrails — what the software can do and who can perform each action. AI writes the code.

Get Started See Example

The Problem

AI coding agents ship features in minutes. But with that speed comes risk.

Architecture Drifts

Your system architecture changes without you noticing. What was once a clean design becomes tangled.

Permission Bugs in Production

You discover access control issues after deployment — when users find them first.

Review Fatigue

You spend hours reviewing thousands of lines of AI-generated code, missing the changes that matter.

Agents Forget Constraints

New context windows forget earlier rules. The agent optimizes for "make it work" not "respect boundaries."

The Solution

Ontology is a web framework where you define guardrails around what the software can do and who can perform each action. AI handles implementation within those guardrails.

Changes to the guardrails trigger review that agents can't bypass — it's built into the framework.

Built-in Enforcement

Not suggestions — the framework won't run if guardrails change without review.

Reduced Review Surface

Review the architecture visually, not 7,000 lines of code.

Runtime Validation

Entire call chain validated at runtime with provenance-based security.

TypeScript Integration

Compiles to types. Your IDE shows errors if code violates the ontology.

How It Works

You define the ontology — what operations exist and who can perform them.

1

Functions

The actions your system can perform

2

Access Groups

The roles and agents that exist

3

Connections

Which groups can call which functions

Coding agents (Claude Code, Cursor, etc.) can edit implementations freely.

Changes to the guardrails generate a new ont.lock file with a cryptographic hash. The framework refuses to start if the hash doesn't match — agents physically cannot bypass this.

Every change is visible in your PRs via the ont.lock file.

See It In Action

Building a support ticket system? Here's how Ontology protects your architecture.

The Ontology Defines:

  • Functions: assignTicket, addComment, getUser
  • Access groups: public, support, admin
  • Connections: which groups can call which functions
import { defineOntology, z } from 'ont-run';

export default defineOntology({
  name: 'Support System',

  accessGroups: {
    public: { description: 'End users' },
    support: { description: 'Support agents' },
    admin: { description: 'Administrators' },
  },

  functions: {
    assignTicket: {
      description: 'Assign ticket to agent',
      access: ['admin'],  // Only admins
      inputs: z.object({
        ticketId: z.string(),
        agentId: z.string(),
      }),
    },
    addComment: {
      access: ['public', 'support', 'admin'],
      // ...
    },
  },
});

What Happens When Guardrails Change:

AI

Claude Code tries to let public users call assignTicket (currently admin-only)

Δ

The graph changes, ont.lock detects it

Process exits — framework refuses to start

Developer reviews the visual diff and rejects

Visual Architecture Map

Access Groups
public
support
admin
Functions
addComment
assignTicket

The blocked connection (public → assignTicket) is caught before it can run

Why Not Just Use Prompts?

"Why not just use prompts or Claude.md?" — here's the difference.

Prompts (Instructions)

  • Agents don't reliably preserve instructions from Claude.md
  • New context windows forget earlier constraints
  • The agent optimizes for "make it work" not "respect boundaries"
  • Can be ignored or forgotten

Ontology (Enforcement)

  • Framework-level enforcement can't be ignored
  • The ontology is the source of truth
  • The framework won't run if it changes without review
  • Built into the system, not bolted on

Prompts are instructions. Guardrails are enforcement.

How Does This Compare to AI Code Review?

They're complementary, not competitive.

AI Code Review Tools

Greptile, CodeRabbit, etc.

  • Analyze implementation quality
  • Ask: "Is this code correct?"
  • Provide suggestions you can ignore

Ontology

Architectural enforcement

  • Enforces architectural contracts
  • Asks: "Should this code be allowed to exist?"
  • Built into the framework — cannot be bypassed

Use AI review for implementation quality. Use Ontology for guardrails around what the system can do and who can do it.

How You Know It Works

The ontology compiles to TypeScript types and runtime validators.

IDE

Your IDE shows type errors if code violates the ontology

RT

At runtime, function calls are checked against the access control model

Git

The lock file is git-tracked, so you see every change in your PR

Sec

Provenance-based security validates the entire call chain at runtime

Get Started

Initialize your project

bun recommended 
$ bunx ont-run init my-api
npm 
$ npx ont-run init my-api
Coming Soon

AI-Powered Analysis

Instead of just detecting changes, these features will explain what changed, why it matters, and what security implications it has.

AI

AI Ontology Reviewer

Semantic analysis that explains what changed and why it matters

RT

Red Team Agent

Tests blast radius per access group by simulating a malicious agent

RS

Risk Summary

Automatically flags permission drift, capability gaps, and security holes

The Bigger Vision

As the cost of software production trends toward the cost of compute, every firm will encode itself as a software system — through autonomous agents and business process orchestration.

Ontology is the orchestration layer that keeps AI agents aligned with your business rules as they automate your operations.

The guardrails are a contract. The framework enforces it.

Your Job as Developer

Your job shifts: instead of writing every line of code, you encode and maintain the definition of everything the business is able to do and who is allowed to perform each action.

You remain fully accountable for these changes.

By reducing the review surface area to just the architecture, you review a visual map of what the system can do and who can do it — not 7,000 lines of code.

Frequently Asked Questions

Why not just use Claude.md or agentic prompts?

Prompts are instructions that agents can forget or ignore across iterations. Ontology is framework-level enforcement. The system won't run if guardrails changed without review.

Does this replace AI code review?

No, it's complementary. AI code review analyzes implementation quality. Ontology enforces what the system is allowed to do. Use both.

What if I want to change the guardrails?

You can! Changes generate a new ont.lock file. Run npx ont-run review to see the visual diff, approve the changes, and continue.

Does this work with existing projects?

Yes. Define your existing architecture as the ontology, then the framework enforces it going forward.

How does this help me "vibe code with confidence"?

You can let AI agents move fast because you know they can't violate your architectural boundaries. The framework enforces the guardrails, so you focus on what the system should do, not how to implement it.

When will the Pro features be available?

AI-powered review and red-teaming features are currently in development. Join the waitlist to be notified when they launch.

Ready to vibe code with confidence?

Define your guardrails. Let AI handle the rest.

Get Started View on GitHub