How ASCEND Works
| Field | Value |
|---|---|
| Document ID | ASCEND-CORE-001 |
| Version | 1.0.0 |
| Last Updated | December 19, 2025 |
| Author | Ascend Engineering Team |
| Publisher | OW-KAI Technologies Inc. |
| Classification | Enterprise Client Documentation |
| Compliance | SOC 2 CC6.1/CC6.2, PCI-DSS 7.1/8.3, HIPAA 164.312, NIST 800-53 AC-2/SI-4 |
Reading Time: 8 minutes | Skill Level: Beginner
Overview
ASCEND is an AI governance platform that sits between your AI agents and their actions. Every action an agent wants to take is evaluated, risk-assessed, and either approved or denied before execution.
Core Workflow
| Step | What Happens | Details |
|---|---|---|
| 1. Agent Submits Action | Agent requests a $50,000 trade on AAPL | agent_id: trading-bot-001, action_type: trade_execution, parameters: symbol AAPL, amount 50000 |
| 2. Risk Assessment | ASCEND evaluates the action and calculates a risk score | Financial impact: +25 pts, Operation type (write): +15 pts, Agent history (good): +0, Business hours: +0. Score: 40/100 (MEDIUM) |
| 3. Policy Check | Smart rules are matched against the action | Rule: Trades over $25,000 require manager approval. Result: REQUIRE_APPROVAL (Level 3) |
| 4. Approval Workflow | Action queued for human review | Notification sent to approval channel; manager reviews and approves |
| 5. Execute + Audit | Action executed with full traceability | Audit trail recorded, evidence pack generated |
Key Concepts
1. Actions
An action is any operation an AI agent wants to perform. Actions are the fundamental unit of governance in ASCEND.
{
"agent_id": "my-agent",
"action_type": "database_query",
"description": "Query customer records",
"parameters": {
"query": "SELECT * FROM customers WHERE region='US'"
}
}
2. Risk Score
Every action receives a risk score from 0-100:
| Score Range | Level | Treatment |
|---|---|---|
| 0-30 | Low | Usually auto-approved |
| 31-60 | Medium | May require approval |
| 61-80 | High | Requires manager approval |
| 81-100 | Critical | Requires admin approval |
3. Smart Rules
Smart Rules are conditional policies that determine how actions are handled:
{
"conditions": {
"action_type": "financial_transaction",
"amount_above": 10000
},
"action": "REQUIRE_APPROVAL",
"approval_level": 3
}
4. Approval Workflow
When an action requires approval:
- Queued - Action enters pending state
- Notified - Approvers are notified
- Reviewed - Human reviews details
- Decision - Approved or denied
- Executed - If approved, action runs
5. Audit Trail
Every action is logged immutably:
- Who submitted it
- What was requested
- Risk assessment results
- Approval decisions
- Execution outcome
- Timestamp and context
Decision Flow
Security Model
Defense in Depth
ASCEND implements multiple security layers:
- Authentication - API keys + JWT tokens
- Authorization - Role-based access control
- Evaluation - Risk assessment
- Policies - Smart rules
- Approval - Human oversight
- Audit - Immutable logging
Multi-Tenancy
Each organization's data is completely isolated:
- Row-Level Security (RLS) at database level
- Separate encryption keys
- Independent policies
- Isolated audit trails
Fail-Closed Design
When errors occur, ASCEND defaults to deny:
try:
result = evaluate_action(action)
except Exception:
return {"decision": "DENY", "reason": "Evaluation failed"}
Integration Points
SDK Integration
from ascend import AscendClient
client = AscendClient(api_key="owkai_...")
# Every action goes through ASCEND
result = client.submit_action(
agent_id="my-agent",
action_type="data_access",
parameters={"table": "customers"}
)
if result.decision == "approved":
# Safe to execute
execute_action()
Webhook Integration
# Receive real-time notifications
@app.route('/webhooks/ascend')
def handle_webhook():
event = request.json
if event['type'] == 'action.approved':
trigger_downstream_action(event['data'])
Real-World Examples
Example 1: Trading Bot
| Step | Details |
|---|---|
| $100K Trade Request | Trading bot wants to execute $100K trade |
| Score: 75 — HIGH | Large transaction (+30), Market hours (+0), Verified agent (+0), Financial operation (+25), No unusual patterns (+0) |
| Policy Check | Trades over $50K need VP approval |
| PENDING_APPROVAL | Action queued for VP review |
| VP Approves | VP reviews and approves the trade |
| Execute + Audit | Trade executes with full audit trail |
Example 2: Customer Data Access
| Step | Details |
|---|---|
| PII Access Request | Support bot wants to access customer PII |
| Score: 85 — CRITICAL | PII data (+40), Read operation (+10), Sensitive table (+20), Business justification required (+15) |
| Policy Check | PII access requires manager approval + documented reason |
| PENDING_APPROVAL | Reason required before approval |
| Manager Approves | Manager approves with documented reason |
| Access + Audit | Access granted, logged to compliance trail |
Next Steps
- Quick Start - Get started
- Risk Assessment - Understand scoring
- Smart Rules - Configure policies
Document Version: 1.0.0 | Last Updated: December 2025