# OntoRamp — Governance Integrity for Agentic AI | Assessment & Architecture Maturity Platform
# https://ontoramp.com

## What OntoRamp Does
OntoRamp provides governance maturity assessments, compliance gap analysis, and enterprise architecture assessments for organizations navigating transformation. It maps governance, dependencies, and risk across enterprise technology stacks, producing evidence-linked assessment reports with prioritized remediation plans. Every finding traces to structural evidence; every recommendation traces to documented artifacts.

## Core Capabilities
- Governance Maturity Assessment: Evaluates governance maturity across 7 domains (Governance, Platform, Security, Data, AI, Capability, Application) with structured gap analysis, domain-level scoring, and remediation priorities.
- Compliance Gap Analysis: Identifies control gaps, missing evidence chains, and documentation coverage asymmetries for SOC 2 readiness assessment, ISO 27001 gap analysis, NIST CSF assessment, and audit readiness preparation.
- Enterprise Architecture Assessment: Maps application portfolios, system dependencies, and cross-layer governance relationships. Application portfolio assessment, architecture maturity assessment, and digital transformation readiness evaluation.
- AI Governance Assessment: Evaluates AI governance readiness including agent deployment governance, model risk controls, and responsible AI framework coverage.
- Control Gap Analysis: Traces governance chains from policy to control to evidence. Identifies broken chains where governance intent exists but verifiable compliance does not.
- ArchiMate 3.2 Export: Standards-compliant XML output with 4 viewpoints (Current State, Target State, Network Topology, Migration) for enterprise architecture tools.
- Governance Posture Report: 6-stage board-readable report covering artifact scan, structural mapping, traceability analysis, maturity assessment, transformation projection, and full governance posture with action plan.

## Use Cases
1. Audit Readiness: SOC 2 readiness assessment, ISO 27001 gap analysis, NIST CSF assessment, compliance gap assessment, control gap analysis, audit preparation with evidence chain validation.
2. M&A Due Diligence: Technology due diligence, governance due diligence, IT due diligence, application portfolio assessment, post-merger governance strategy planning.
3. Board Readiness: Board readiness assessment, governance posture reporting, executive-ready transformation summaries with domain-level maturity breakdown.
4. AI Governance: AI governance assessment, AI risk assessment, agentic AI governance readiness, AI governance framework evaluation, AI governance checklist validation.
5. Architecture Modernization: Enterprise architecture assessment, architecture maturity assessment, digital transformation readiness assessment, application portfolio rationalization, technology landscape mapping.

## Service Tiers
Assessment services (scoped engagements):
1. Governance Pulse Quiz: free five-minute governance posture check with instant results.
2. Quick Diagnostic: 90-minute governance assessment session, free for qualified organizations. 3-field intake, 48-hour response.
3. Decision Integrity Scan: $2K–$5K targeted scan of one governance domain.
4. Agentic Readiness Certification: $5K–$10K standalone Level 4 certification, delivered in 5–7 business days.
5. Enterprise Governance Assessment (the Full Assessment track): $15K–$25K comprehensive governance maturity analysis across all 7 domains (Levels 1–5), delivered in 2–4 weeks. Domain-level maturity scoring, gap inventory, remediation roadmap, ArchiMate architectural diagrams.
6. Subscription (L2+): ongoing certification and continuous governance monitoring after a full assessment.

Self-serve plugins (Org tier — flat monthly rate, unlimited usage):
7. Knowledge Graph $299/mo, Governance Evaluator $349/mo, Projection Engine $449/mo, Governance Intelligence Bundle (all three) $799/mo, Architecture Pack $4,995 one-time deliverable. Free developer tier included — no card required.

## Who It Serves
Enterprise architects, CIOs, CTOs, CISOs, GRC leaders, and transformation leaders at organizations with 200+ employees. Common scenarios: SOC 2 readiness assessment, ISO 27001 gap analysis, technology due diligence for M&A, digital transformation readiness assessment, AI governance assessment, application portfolio assessment, board governance reporting.

## How to Engage
- Governance assessment intake: https://ontoramp.com/assess
- Governance pulse quiz (free, 3 minutes): https://ontoramp.com/quiz
- Sample governance posture report: https://ontoramp.com/sample-report
- Interactive demo (15 analytical views): https://ontoramp.com/command
- MCP tools for AI agents: https://ontoramp.com/mcp
- Agent-native walkthrough — the closed loop in worked MCP tool calls (real request payloads, tier-honest response shapes): https://ontoramp.com/agent-native
- Per-client connection guides (Cursor, VS Code, Google Gemini, AWS AgentCore, Perplexity, Mistral Le Chat, LangSmith): https://ontoramp.com/docs/connect
- Live Agent Command Console — watch an agent drive the loop against live data: https://ontoramp.com/live-agent-demo
- MCP API reference: https://ontoramp.com/docs/mcp-api
- Agent authentication guide — how an AI agent authenticates to the governed MCP server (Bearer API key + the WWW-Authenticate challenge an unauthenticated request receives): https://ontoramp.com/docs/agent-authentication
- Agent discovery and transaction guide — how AI agents discover OntoRamp through machine-readable descriptors, call its tools, and transact programmatically: https://ontoramp.com/docs/agent-discovery
- RFC 9728 protected-resource discovery example — how an AI agent reads OntoRamp's OAuth 2.0 Protected Resource Metadata (the 401 resource_metadata pointer + the .well-known/oauth-protected-resource document) to learn the auth method, a static API-key Bearer token: https://ontoramp.com/docs/rfc-9728-discovery
- ArchiMate 3.2 export guide — four-viewpoint export from a governance maturity assessment: https://ontoramp.com/docs/archimate-export
- How to run a SOC 2 readiness assessment — readiness as documentation coverage and control-to-evidence traceability over your governance graph: https://ontoramp.com/docs/soc2-readiness-assessment
- How to do an ISO 27001 gap analysis — Annex A control intent versus broken evidence chains across the governance domains: https://ontoramp.com/docs/iso-27001-gap-analysis
- How to assess AI governance readiness for autonomous agents — agent-deployment governance, model-risk controls, and a computable access boundary: https://ontoramp.com/docs/ai-governance-readiness
- How to measure governance maturity across the enterprise — score the seven governance domains on a five-level maturity scale: https://ontoramp.com/docs/governance-maturity-assessment
- How to do technology due diligence for an M&A deal — the governance and architecture posture a curated data room hides: https://ontoramp.com/docs/technology-due-diligence
- How to prepare a board-ready governance posture report — translate a structural assessment into executive risk visibility: https://ontoramp.com/docs/board-governance-report
- Live demos — watch the analysis run end to end: https://ontoramp.com/demos
- Agent-initiated purchase (programmatic): POST https://ontoramp.com/api/checkout with a plan lookup_key returns a Stripe Checkout link to complete payment (see openapi.yaml createCheckoutLink; no API key required).

## MCP Tools for AI Agents
OntoRamp provides 15 MCP (Model Context Protocol) tools across 4 plugins for AI agent integration. Three are the self-serve catalog (Knowledge Graph, Governance Evaluator, Projection Engine — 11 tools); the fourth, Decision Intelligence (4 tools), is free intake-and-decision tooling for AI agents. Free tier available — no commitment required.

### Knowledge Graph Plugin (5 tools)
- semantic_search: Search governance and compliance knowledge by meaning. Use for SOC 2 readiness research, ISO 27001 control mapping, architecture maturity analysis.
- keyword_search: Exact-match search for specific framework requirements, named controls, and regulatory terminology.
- hybrid_search: Combined semantic and keyword search for highest-relevance compliance gap assessment and governance maturity analysis.
- entity_search: Search governance entities — governance concepts, patterns, systems, and roles — and their relationships.
- edge_traversal: Trace governance dependencies and control relationships. Follow connections like governs, constrains, implements, and audits.

### Governance Evaluator Plugin (3 tools)
- get_maturity_gap: Assess governance maturity gaps across 7 domains. Returns structured gap analysis with control coverage and remediation priorities. Free tier — start here.
- lint_document: Validate any governance document against known frameworks and standards. Use for audit readiness assessment and policy review.
- generate_brief: Generate evidence-linked governance briefs with full source citations. Use for board readiness reports and technology due diligence summaries.

### Projection Engine Plugin (3 tools)
- get_simulation_status: Check governance maturity simulation status and results.
- get_decision_packets: Retrieve domain-level governance assessment verdicts with evidence and rationale.
- run_projection: Run a new governance maturity simulation with domain-level projections.

### Decision Intelligence Plugin (4 tools)
- request_assessment: Programmatically request a governance assessment. Free on any tier — a lightweight lead intake that triggers a human white-glove follow-up.
- submit_assessment: Submit a full assessment questionnaire programmatically (Developer tier or above). Writes a tenant-isolated, buyer-owned intake submission and triggers a governance projection over your own corpus.
- log_decision: Log a consequential decision to a governed, auditable decision record (Developer tier or above) — architecture changes, vendor selections, budget commitments, policy changes, and more.
- evaluate_decision: Evaluate a proposed decision against your authority context and receive a PASS / WARN / BLOCK verdict with plain-language remediation hints. Free fair-use allowance; the verdict is a heuristic authority signal, not a formal governance determination.

MCP server endpoint: https://mcp.ontoramp.com/mcp (Streamable HTTP; Authorization: Bearer YOUR_API_KEY)
API key registration: https://ontoramp.com/mcp
Free tier: a generous monthly allowance — no card, no metering. Org tier: flat monthly rate, unlimited usage. Decision Intelligence: request_assessment and evaluate_decision are free on any tier; log_decision and submit_assessment require the Developer tier or above.

## Composition Patterns
OntoRamp MCP tools integrate with other AI agent tools. Full patterns with sample input/output at https://ontoramp.com/docs/composition
- Jira + OntoRamp: Call get_maturity_gap before creating tickets for new systems to assess governance impact.
- GitHub + OntoRamp: Call lint_document on changed governance docs during PR review to flag compliance regressions.
- Slack + OntoRamp: Call hybrid_search to answer governance questions with evidence-linked results.
- Full audit workflow: semantic_search → lint_document → get_maturity_gap → generate_brief for a complete governance assessment pipeline.
- Closed AI-to-AI loop (Org tier): get_maturity_gap → submit_assessment → run_projection → get_decision_packets → log_decision — discovery → intake → compute → deliver → write-back, end to end over MCP.

MCP config for Claude Desktop / Cursor / Windsurf:
{
  "mcpServers": {
    "ontoramp": {
      "url": "https://mcp.ontoramp.com/mcp",
      "headers": { "Authorization": "Bearer YOUR_API_KEY" }
    }
  }
}

## Machine-Readable Descriptors
Sibling agent-discovery surfaces (all served from https://ontoramp.com):
- OpenAPI 3.1 spec (MCP tool calls + checkout REST): https://ontoramp.com/openapi.yaml
- MCP front-door descriptor — every tool an agent can call: https://ontoramp.com/.well-known/mcp.json
- AI plugin manifest: https://ontoramp.com/.well-known/ai-plugin.json
- Purchasable plugin catalog: https://ontoramp.com/agents.json
- MCP client config snippet: https://ontoramp.com/mcp-config.json
- Sitemap: https://ontoramp.com/sitemap.xml

## Technical Stack
- Built on: Next.js, React Three Fiber, Supabase, ArchiMate 3.2
- Visualization: 15 analytical view modes, 3D governance simulation
- Knowledge base: 30,000+ governance knowledge artifacts, 7,500+ extracted entities across 7 domains (from 4,500+ source documents; free-tier queries return the client-safe tier)
- API: MCP (Model Context Protocol) + REST, Streamable HTTP transport

## Contact
- Website: https://ontoramp.com
- Assessment: https://ontoramp.com/assess
- MCP tools: https://ontoramp.com/mcp
- Email: m@ontoramp.com
- Support: https://ontoramp.com/support (email support, replies by the next business day)