How ASCEND Works
| Field | Value |
|---|---|
| Document ID | ASCEND-CORE-001 |
| Version | 2026.04 |
| Last Updated | April 2026 |
| Author | Ascend Engineering Team |
| Publisher | OW-KAI Technologies Inc. |
| Classification | Enterprise Client Documentation |
| Compliance | SOC 2 CC6.1/CC6.2, PCI-DSS 7.1/8.3, HIPAA 164.312, NIST 800-53 AC-2/SI-4 |
Reading Time: 8 minutes | Skill Level: Beginner
Overview
ASCEND is an AI governance platform that sits between your AI agents and their actions. Every action an agent wants to take is evaluated, risk-assessed, and either approved or denied before execution.
note
Every action flows through risk assessment, policy evaluation, and audit logging in sequence. If any layer fails, the platform defaults to DENY to maintain security posture.
Core Workflow
+---------------------------------------------------------------------------------+
| ASCEND GOVERNANCE WORKFLOW |
+---------------------------------------------------------------------------------+
| |
| 1. AGENT SUBMITS ACTION |
| +-------------------------------------------------------------------------+ |
| | | |
| | Agent: "I want to execute a $50,000 trade on AAPL" | |
| | | |
| | { | |
| | "agent_id": "trading-bot-001", | |
| | "action_type": "trade_execution", | |
| | "parameters": {"symbol": "AAPL", "amount": 50000} | |
| | } | |
| | | |
| +-------------------------------------------------------------------------+ |
| | |
| v |
| 2. RISK ASSESSMENT |
| +-------------------------------------------------------------------------+ |
| | | |
| | ASCEND evaluates the action: | |
| | - Financial impact: $50,000 (+25 points) | |
| | - Operation type: Write (+15 points) | |
| | - Agent history: Good (+0 points) | |
| | - Time of day: Business hours (+0 points) | |
| | | |
| | Risk Score: 40/100 (MEDIUM) | |
| | | |
| +-------------------------------------------------------------------------+ |
| | |
| v |
| 3. POLICY CHECK |
| +-------------------------------------------------------------------------+ |
| | | |
| | Smart Rule: "Trades over $25,000 require manager approval" | |
| | Result: REQUIRE_APPROVAL (Level 3) | |
| | | |
| +-------------------------------------------------------------------------+ |
| | |
| v |
| 4. APPROVAL WORKFLOW |
| +-------------------------------------------------------------------------+ |
| | | |
| | Action queued for manager review | |
| | Notification sent to approval channel | |
| | Manager reviews and approves | |
| | | |
| +-------------------------------------------------------------------------+ |
| | |
| v |
| 5. EXECUTION & AUDIT |
| +-------------------------------------------------------------------------+ |
| | | |
| | Action executed | |
| | Full audit trail recorded | |
| | Evidence pack generated | |
| | | |
| +-------------------------------------------------------------------------+ |
| |
+---------------------------------------------------------------------------------+
Key Concepts
1. Actions
An action is any operation an AI agent wants to perform. Actions are the fundamental unit of governance in ASCEND.
{
"agent_id": "my-agent",
"action_type": "database_query",
"description": "Query customer records",
"parameters": {
"query": "SELECT * FROM customers WHERE region='US'"
}
}
2. Risk Score
Every action receives a risk score from 0-100:
| Score Range | Level | Treatment |
|---|---|---|
| 0-30 | Low | Usually auto-approved |
| 31-60 | Medium | May require approval |
| 61-80 | High | Requires manager approval |
| 81-100 | Critical | Requires admin approval |
3. Smart Rules
Smart Rules are conditional policies that determine how actions are handled:
{
"conditions": {
"action_type": "financial_transaction",
"amount_above": 10000
},
"action": "REQUIRE_APPROVAL",
"approval_level": 3
}
4. Approval Workflow
When an action requires approval:
- Queued - Action enters pending state
- Notified - Approvers are notified
- Reviewed - Human reviews details
- Decision - Approved or denied
- Executed - If approved, action runs
5. Audit Trail
Every action is logged immutably:
- Who submitted it
- What was requested
- Risk assessment results
- Approval decisions
- Execution outcome
- Timestamp and context
Decision Flow
┌─────────────────┐
│ Action Submitted │
└────────┬────────┘
│
v
┌─────────────────┐
│ Risk Assessment │
└────────┬────────┘
│
┌──────────────┼──────────────┐
│ │ │
v v v
┌─────────┐ ┌─────────┐ ┌─────────┐
│ LOW │ │ MEDIUM │ │ HIGH │
│ 0-30 │ │ 31-60 │ │ 61+ │
└────┬────┘ └────┬────┘ └────┬────┘
│ │ │
v v v
┌────────────┐ ┌────────────┐ ┌────────────┐
│ Auto │ │ Check │ │ Require │
│ Approve │ │ Policies │ │ Approval │
└─────┬──────┘ └─────┬──────┘ └─────┬──────┘
│ │ │
│ ┌────┴────┐ │
│ │ │ │
│ v v │
│ ┌─────────┐ ┌─────────┐ │
│ │ Auto │ │ Pending │ │
│ │ Approve │ │ Approval│ │
│ └────┬────┘ └────┬────┘ │
│ │ │ │
v v v v
┌─────────────────────────────────────┐
│ Execute Action │
└─────────────────────────────────────┘
│
v
┌─────────────────────────────────────┐
│ Immutable Audit Log │
└─────────────────────────────────────┘
Security Model
Defense in Depth
ASCEND implements multiple security layers:
- Authentication - API keys + JWT tokens
- Authorization - Role-based access control
- Evaluation - Risk assessment
- Policies - Smart rules
- Approval - Human oversight
- Audit - Immutable logging
Multi-Tenancy
Each organization's data is completely isolated:
- Row-Level Security (RLS) at database level
- Separate encryption keys
- Independent policies
- Isolated audit trails
Fail-Closed Design
When errors occur, ASCEND defaults to deny:
try:
result = evaluate_action(action)
except Exception:
return {"decision": "DENY", "reason": "Evaluation failed"}
Integration Points
SDK Integration
from ascend import AscendClient
client = AscendClient(api_key="owkai_...")
# Every action goes through ASCEND
result = client.submit_action(
agent_id="my-agent",
action_type="data_access",
parameters={"table": "customers"}
)
if result.decision == "approved":
# Safe to execute
execute_action()
Webhook Integration
# Receive real-time notifications
@app.route('/webhooks/ascend')
def handle_webhook():
event = request.json
if event['type'] == 'action.approved':
trigger_downstream_action(event['data'])
Real-World Examples
Example 1: Trading Bot
Agent: Trading bot wants to execute $100K trade
↓
Risk Assessment: Score 75 (HIGH)
- Large transaction (+30)
- Market hours (+0)
- Verified agent (+0)
- Financial operation (+25)
- No unusual patterns (+0)
↓
Policy Check: "Trades > $50K need VP approval"
↓
Decision: PENDING_APPROVAL
↓
VP reviews and approves
↓
Trade executes with full audit trail
Example 2: Customer Data Access
Agent: Support bot wants to access customer PII
↓
Risk Assessment: Score 85 (CRITICAL)
- PII data (+40)
- Read operation (+10)
- Sensitive table (+20)
- Business justification required (+15)
↓
Policy Check: "PII access requires manager + reason"
↓
Decision: PENDING_APPROVAL with reason required
↓
Manager approves with documented reason
↓
Access granted, logged to compliance trail
Next Steps
- Quick Start - Get started
- Risk Assessment - Understand scoring
- Smart Rules - Configure policies
Document Version: 2026.04 | Last Updated: April 2026