How ASCEND Works
| Field | Value |
|---|---|
| Document ID | ASCEND-CORE-001 |
| Version | 1.0.0 |
| Last Updated | December 19, 2025 |
| Author | Ascend Engineering Team |
| Publisher | OW-KAI Technologies Inc. |
| Classification | Enterprise Client Documentation |
| Compliance | SOC 2 CC6.1/CC6.2, PCI-DSS 7.1/8.3, HIPAA 164.312, NIST 800-53 AC-2/SI-4 |
Reading Time: 8 minutes | Skill Level: Beginner
Overview
ASCEND is an AI governance platform that sits between your AI agents and their actions. Every action an agent wants to take is evaluated, risk-assessed, and either approved or denied before execution.
Core Workflow
+---------------------------------------------------------------------------------+
| ASCEND GOVERNANCE WORKFLOW |
+---------------------------------------------------------------------------------+
| |
| 1. AGENT SUBMITS ACTION |
| +-------------------------------------------------------------------------+ |
| | | |
| | Agent: "I want to execute a $50,000 trade on AAPL" | |
| | | |
| | { | |
| | "agent_id": "trading-bot-001", | |
| | "action_type": "trade_execution", | |
| | "parameters": {"symbol": "AAPL", "amount": 50000} | |
| | } | |
| | | |
| +-------------------------------------------------------------------------+ |
| | |
| v |
| 2. RISK ASSESSMENT |
| +-------------------------------------------------------------------------+ |
| | | |
| | ASCEND evaluates the action: | |
| | - Financial impact: $50,000 (+25 points) | |
| | - Operation type: Write (+15 points) | |
| | - Agent history: Good (+0 points) | |
| | - Time of day: Business hours (+0 points) | |
| | | |
| | Risk Score: 40/100 (MEDIUM) | |
| | | |
| +-------------------------------------------------------------------------+ |
| | |
| v |
| 3. POLICY CHECK |
| +-------------------------------------------------------------------------+ |
| | | |
| | Smart Rule: "Trades over $25,000 require manager approval" | |
| | Result: REQUIRE_APPROVAL (Level 3) | |
| | | |
| +-------------------------------------------------------------------------+ |
| | |
| v |
| 4. APPROVAL WORKFLOW |
| +-------------------------------------------------------------------------+ |
| | | |
| | Action queued for manager review | |
| | Notification sent to approval channel | |
| | Manager reviews and approves | |
| | | |
| +-------------------------------------------------------------------------+ |
| | |
| v |
| 5. EXECUTION & AUDIT |
| +-------------------------------------------------------------------------+ |
| | | |
| | Action executed | |
| | Full audit trail recorded | |
| | Evidence pack generated | |
| | | |
| +-------------------------------------------------------------------------+ |
| |
+---------------------------------------------------------------------------------+
Key Concepts
1. Actions
An action is any operation an AI agent wants to perform. Actions are the fundamental unit of governance in ASCEND.
{
"agent_id": "my-agent",
"action_type": "database_query",
"description": "Query customer records",
"parameters": {
"query": "SELECT * FROM customers WHERE region='US'"
}
}
2. Risk Score
Every action receives a risk score from 0-100:
| Score Range | Level | Treatment |
|---|---|---|
| 0-30 | Low | Usually auto-approved |
| 31-60 | Medium | May require approval |
| 61-80 | High | Requires manager approval |
| 81-100 | Critical | Requires admin approval |
3. Smart Rules
Smart Rules are conditional policies that determine how actions are handled:
{
"conditions": {
"action_type": "financial_transaction",
"amount_above": 10000
},
"action": "REQUIRE_APPROVAL",
"approval_level": 3
}
4. Approval Workflow
When an action requires approval:
- Queued - Action enters pending state
- Notified - Approvers are notified
- Reviewed - Human reviews details
- Decision - Approved or denied
- Executed - If approved, action runs
5. Audit Trail
Every action is logged immutably:
- Who submitted it
- What was requested
- Risk assessment results
- Approval decisions
- Execution outcome
- Timestamp and context
Decision Flow
┌─────────────────┐
│ Action Submitted │
└────────┬────────┘
│
v
┌─────────────────┐
│ Risk Assessment │
└────────┬────────┘
│
┌──────────────┼──────────────┐
│ │ │
v v v
┌─────────┐ ┌─────────┐ ┌─────────┐
│ LOW │ │ MEDIUM │ │ HIGH │
│ 0-30 │ │ 31-60 │ │ 61+ │
└────┬────┘ └────┬────┘ └────┬────┘
│ │ │
v v v
┌────────────┐ ┌────────────┐ ┌────────────┐
│ Auto │ │ Check │ │ Require │
│ Approve │ │ Policies │ │ Approval │
└─────┬──────┘ └─────┬──────┘ └─────┬──────┘
│ │ │
│ ┌────┴────┐ │
│ │ │ │
│ v v │
│ ┌─────────┐ ┌─────────┐ │
│ │ Auto │ │ Pending │ │
│ │ Approve │ │ Approval│ │
│ └────┬────┘ └────┬────┘ │
│ │ │ │
v v v v
┌─────────────────────────────────────┐
│ Execute Action │
└─────────────────────────────────────┘
│
v
┌─────────────────────────────────────┐
│ Immutable Audit Log │
└─────────────────────────────────────┘
Security Model
Defense in Depth
ASCEND implements multiple security layers:
- Authentication - API keys + JWT tokens
- Authorization - Role-based access control
- Evaluation - Risk assessment
- Policies - Smart rules
- Approval - Human oversight
- Audit - Immutable logging
Multi-Tenancy
Each organization's data is completely isolated:
- Row-Level Security (RLS) at database level
- Separate encryption keys
- Independent policies
- Isolated audit trails
Fail-Closed Design
When errors occur, ASCEND defaults to deny:
try:
result = evaluate_action(action)
except Exception:
return {"decision": "DENY", "reason": "Evaluation failed"}
Integration Points
SDK Integration
from ascend import AscendClient
client = AscendClient(api_key="owkai_...")
# Every action goes through ASCEND
result = client.submit_action(
agent_id="my-agent",
action_type="data_access",
parameters={"table": "customers"}
)
if result.decision == "approved":
# Safe to execute
execute_action()
Webhook Integration
# Receive real-time notifications
@app.route('/webhooks/ascend')
def handle_webhook():
event = request.json
if event['type'] == 'action.approved':
trigger_downstream_action(event['data'])
Real-World Examples
Example 1: Trading Bot
Agent: Trading bot wants to execute $100K trade
↓
Risk Assessment: Score 75 (HIGH)
- Large transaction (+30)
- Market hours (+0)
- Verified agent (+0)
- Financial operation (+25)
- No unusual patterns (+0)
↓
Policy Check: "Trades > $50K need VP approval"
↓
Decision: PENDING_APPROVAL
↓
VP reviews and approves
↓
Trade executes with full audit trail
Example 2: Customer Data Access
Agent: Support bot wants to access customer PII
↓
Risk Assessment: Score 85 (CRITICAL)
- PII data (+40)
- Read operation (+10)
- Sensitive table (+20)
- Business justification required (+15)
↓
Policy Check: "PII access requires manager + reason"
↓
Decision: PENDING_APPROVAL with reason required
↓
Manager approves with documented reason
↓
Access granted, logged to compliance trail
Next Steps
- Quick Start - Get started
- Risk Assessment - Understand scoring
- Smart Rules - Configure policies
Document Version: 1.0.0 | Last Updated: December 2025