Agent Trust Levels
| Field | Value |
|---|---|
| Document ID | ASCEND-AGENT-006 |
| Version | 1.0.0 |
| Last Updated | December 19, 2025 |
| Author | Ascend Engineering Team |
| Publisher | OW-KAI Technologies Inc. |
| Classification | Enterprise Client Documentation |
| Compliance | SOC 2 CC6.1/CC6.2, PCI-DSS 7.1/8.3, HIPAA 164.312, NIST 800-53 AC-2/SI-4 |
Reading Time: 10 minutes | Skill Level: Intermediate
Overview
ASCEND implements a trust-level model where different agent types receive different levels of autonomy. This ensures appropriate governance for various use cases.
Agent Types
# Source: models_agent_registry.py:29
class AgentType(str, enum.Enum):
"""Classification of AI agent types for governance policies."""
AUTONOMOUS = "autonomous" # Fully autonomous decision-making
SUPERVISED = "supervised" # Requires human approval for actions
ADVISORY = "advisory" # Provides recommendations only
MCP_SERVER = "mcp_server" # Model Context Protocol server
CUSTOM = "custom" # Custom agent type
Trust Level Matrix
┌─────────────────────────────────────────────────────────────────────────────────────┐
│ TRUST LEVEL MATRIX │
├─────────────────────────────────────────────────────────────────────────────────────┤
│ │
│ LOW TRUST HIGH TRUST │
│ ◄────────────────────────────────────────────────────────────────────────► │
│ │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ AUTONOMOUS │ │ MCP_SERVER │ │ SUPERVISED │ │ ADVISORY │ │
│ │ │ │ │ │ │ │ │ │
│ │ Auto: <40 │ │ Auto: <30 │ │ Auto: <30 │ │ Auto: <50 │ │
│ │ Max: 60 │ │ Max: 80 │ │ Max: 80 │ │ Max: 90 │ │
│ │ │ │ │ │ │ │ │ │
│ │ • Rate │ │ • Tool │ │ • Human-in │ │ • Suggest │ │
│ │ limits │ │ govern │ │ loop │ │ only │ │
│ │ • Budget │ │ • Per-tool │ │ • Approval │ │ • No exec │ │
│ │ • Time │ │ risk │ │ workflow │ │ │ │
│ │ windows │ │ │ │ │ │ │ │
│ └─────────────┘ └─────────────┘ └─────────────┘ └─────────────┘ │
│ │
│ More Restrictions ──────────────────────────────────────────► Fewer Restrictions│
│ │
└─────────────────────────────────────────────────────────────────────────────────────┘
Type Details
Autonomous Agents
Use Case: AI systems that make independent decisions without human intervention.
# Autonomous agent configuration
{
"agent_type": "autonomous",
# Stricter risk thresholds
"auto_approve_below": 40, # Higher bar for auto-approve
"autonomous_auto_approve_below": 40, # Explicit autonomous threshold
"max_risk_threshold": 60, # Lower ceiling
"autonomous_max_risk_threshold": 60, # Explicit autonomous ceiling
# Mandatory controls
"max_actions_per_minute": 100,
"max_actions_per_hour": 1000,
"max_actions_per_day": 10000,
"max_daily_budget_usd": 100.00,
# Time restrictions
"time_window_enabled": true,
"time_window_start": "09:00",
"time_window_end": "17:00",
"time_window_days": [1, 2, 3, 4, 5], # Mon-Fri only
# Auto-suspension
"auto_suspend_enabled": true,
"auto_suspend_on_error_rate": 0.10, # 10% error rate
"auto_suspend_on_budget_exceeded": true,
# Escalation path (required for autonomous)
"autonomous_escalation_webhook_url": "https://hooks.company.com/escalate",
"autonomous_escalation_email": "ai-ops@company.com"
}
Governance Behavior:
# Source: services/agent_registry_service.py:1319
# Autonomous agents use stricter thresholds
if is_autonomous:
effective_auto_approve = min(
agent.auto_approve_below,
agent.autonomous_auto_approve_below
)
effective_max_threshold = min(
agent.max_risk_threshold,
agent.autonomous_max_risk_threshold
)
Escalation Handling:
# Source: services/agent_registry_service.py:1374
# Autonomous agents cannot wait for interactive approval
if is_autonomous and final_decision == "require_approval":
escalation_result = handle_autonomous_escalation(
db, agent, action_context, risk_score
)
if escalation_result:
return escalation_result
# No escalation configured - deny
return {
"decision": "deny",
"reason": "Autonomous agents cannot wait for approval. Configure escalation path.",
"is_autonomous": True,
"escalation_available": False
}
Supervised Agents
Use Case: AI systems that require human approval for high-risk actions.
# Supervised agent configuration (default type)
{
"agent_type": "supervised",
# Standard risk thresholds
"auto_approve_below": 30,
"max_risk_threshold": 80,
"requires_mfa_above": 70,
# Optional rate limits
"max_actions_per_day": null, # No limit by default
# Approval workflow
"alert_on_high_risk": true,
"alert_recipients": ["security@company.com"],
"webhook_url": "https://hooks.company.com/approvals"
}
Governance Behavior:
- Actions with risk < 30: Auto-approved
- Actions with risk 30-80: Require human approval
- Actions with risk > 80: Escalated to security team
- MFA required for risk > 70
Advisory Agents
Use Case: AI systems that provide recommendations but don't execute actions.
# Advisory agent configuration
{
"agent_type": "advisory",
# Relaxed thresholds (recommendations only)
"auto_approve_below": 50,
"max_risk_threshold": 90,
# No rate limits needed
"max_actions_per_minute": null,
# Informational alerts only
"alert_on_high_risk": false
}
Governance Behavior:
- Most actions auto-approved (advisory only)
- No execution blocking
- Audit trail maintained for recommendations
MCP Server Agents
Use Case: Model Context Protocol servers exposing tools to AI models.
# MCP server configuration
{
"agent_type": "mcp_server",
"is_mcp_server": true,
# Server details
"mcp_server_url": "http://localhost:3000",
"mcp_capabilities": {
"tools": ["query_database", "read_file", "write_file"],
"prompts": ["sql_query", "code_review"],
"resources": ["database://main", "file://docs"]
},
# Tool-level governance
"auto_approve_tools": ["list_tables", "describe_schema"],
"blocked_tools": ["drop_table", "delete_all"],
"tool_risk_overrides": {
"execute_query": 70,
"write_file": 60,
"delete_file": 85
}
}
Governance Behavior:
- Each tool call evaluated separately
- Tool-specific risk scores applied
- Blocked tools always denied
- Auto-approve tools skip governance
Custom Agents
Use Case: Special requirements not covered by standard types.
# Custom agent with specific configuration
{
"agent_type": "custom",
# Fully configurable thresholds
"auto_approve_below": 25,
"max_risk_threshold": 70,
"requires_mfa_above": 50,
# Custom policies
"policies": [
{
"policy_name": "PII Access",
"conditions": {"data_classification": "pii"},
"policy_action": "require_approval"
},
{
"policy_name": "Production Changes",
"conditions": {"environment": "production"},
"policy_action": "escalate",
"action_params": {"team": "platform-team"}
}
]
}
Threshold Comparison
| Configuration | Autonomous | Supervised | Advisory | MCP Server |
|---|---|---|---|---|
| auto_approve_below | 40 | 30 | 50 | 30 |
| max_risk_threshold | 60 | 80 | 90 | 80 |
| requires_mfa_above | N/A | 70 | 80 | 70 |
| Rate Limits | Required | Optional | None | Per-tool |
| Budget Limits | Required | Optional | None | Optional |
| Time Windows | Recommended | Optional | None | Optional |
| Auto-Suspend | Enabled | Optional | Disabled | Optional |
| Human Approval | Escalation | Interactive | None | Per-tool |
Configuration Examples
High-Security Financial Agent
{
"agent_id": "finance-processor-001",
"agent_type": "supervised",
"display_name": "Financial Transaction Processor",
# Very strict thresholds
"auto_approve_below": 15, # Only lowest risk auto-approved
"max_risk_threshold": 50, # Escalate early
"requires_mfa_above": 30, # MFA for most actions
# Limited capabilities
"allowed_action_types": [
"transaction.read",
"transaction.process"
],
"blocked_resources": [
"admin_api",
"user_credentials"
],
# Strict rate limiting
"max_actions_per_minute": 10,
"max_actions_per_hour": 100,
"max_daily_budget_usd": 50000.00,
# Comprehensive alerting
"alert_on_high_risk": true,
"alert_recipients": [
"finance-security@company.com",
"compliance@company.com"
]
}
Development/Testing Agent
{
"agent_id": "dev-assistant-001",
"agent_type": "advisory",
"display_name": "Development Assistant",
# Relaxed thresholds (dev environment)
"auto_approve_below": 60,
"max_risk_threshold": 95,
# Broad capabilities
"allowed_action_types": [
"database.query",
"file.read",
"file.write",
"api.read",
"api.write"
],
# No production access
"blocked_resources": [
"production_*",
"customer_data_*"
],
# Minimal restrictions
"max_actions_per_day": null,
"time_window_enabled": false
}
Autonomous Data Pipeline
{
"agent_id": "etl-pipeline-001",
"agent_type": "autonomous",
"display_name": "ETL Data Pipeline",
# Strict autonomous thresholds
"auto_approve_below": 35,
"autonomous_auto_approve_below": 35,
"max_risk_threshold": 55,
"autonomous_max_risk_threshold": 55,
# Focused capabilities
"allowed_action_types": [
"database.read",
"database.write",
"file.read"
],
# Rate and budget limits
"max_actions_per_hour": 500,
"max_daily_budget_usd": 200.00,
# Business hours only
"time_window_enabled": true,
"time_window_start": "02:00", # ETL runs overnight
"time_window_end": "06:00",
"time_window_timezone": "UTC",
# Auto-suspension on issues
"auto_suspend_enabled": true,
"auto_suspend_on_error_rate": 0.05, # 5% threshold
# Escalation path
"autonomous_escalation_webhook_url": "https://pagerduty.com/ascend",
"autonomous_escalation_email": "data-ops@company.com"
}
Changing Agent Type
Changing an agent's type requires re-activation:
# 1. Update agent type
curl -X PUT "https://pilot.owkai.app/api/agents/registry/my-agent-001" \
-H "Authorization: Bearer owkai_..." \
-d '{
"agent_type": "autonomous",
"version_notes": "Upgrading to autonomous operation"
}'
# Agent is automatically moved to pending_approval
# 2. Admin must re-approve
curl -X POST "https://pilot.owkai.app/api/agents/registry/my-agent-001/activate" \
-H "Authorization: Bearer owkai_..."
Best Practices
1. Start with Supervised
# Default to supervised for new agents
{
"agent_type": "supervised"
}
# Only upgrade to autonomous after proving reliability
2. Use Advisory for Development
# Use advisory type in development environments
{
"agent_type": "advisory",
"metadata": {"environment": "development"}
}
3. Configure Escalation for Autonomous
# Always configure escalation paths
{
"agent_type": "autonomous",
"autonomous_escalation_webhook_url": "https://hooks.company.com/escalate",
"autonomous_escalation_email": "ai-ops@company.com",
"autonomous_allow_queued_approval": true
}
4. Document Type Selection
# Include reasoning in metadata
{
"agent_type": "autonomous",
"metadata": {
"type_justification": "24/7 data pipeline requires autonomous operation",
"approved_by": "security-review-2025-12",
"review_date": "2025-12-01"
}
}
Next Steps
- Health Monitoring — Metrics and alerts
- Kill-Switch — Emergency procedures
- Smart Rules — Agent-specific policies
Document Version: 1.0.0 | Last Updated: December 2025