AI Model Registry
| Field | Value |
|---|---|
| Document ID | ASCEND-GOV-MR-001 |
| Version | 2026.04 |
| Last Updated | April 2026 |
| Author | Ascend Engineering Team |
| Publisher | OW-KAI Technologies Inc. |
| Classification | Enterprise Client Documentation |
| Compliance | EU AI Act Art. 9, NIST AI RMF MAP-1, SOC 2 CC8.1 |
Reading Time: 8 minutes | Skill Level: Intermediate
Overview
The AI Model Registry (FEAT-001) is the system of record for every AI/ML model deployed in your organization. Each model has a lifecycle (register → approve → wire to agents → deprecate), an immutable audit trail, and per-framework compliance flags (GDPR, SOX, HIPAA, PCI-DSS).
FEAT-001B extends the registry by linking agents to specific models, gating agent registration on model compliance status.
Model lifecycle
REGISTER ──► PENDING_REVIEW ──► PARTIALLY_APPROVED ──► APPROVED ──► (in service)
│
▼
DEPRECATED
| Status | Meaning |
|---|---|
PENDING_REVIEW | Just registered; awaiting compliance approval |
PARTIALLY_APPROVED | Approved for one or more frameworks but not all four |
APPROVED | Approved for GDPR + SOX + HIPAA + PCI-DSS |
DEPRECATED | Soft-deleted; cannot be newly wired to agents |
REST endpoints
All endpoints require admin auth. Base prefix: /api/v1/models.
| Action | Endpoint |
|---|---|
| Register model | POST /api/v1/models |
| List models | GET /api/v1/models |
| Get model details | GET /api/v1/models/{model_id} |
| Update model metadata | PUT /api/v1/models/{model_id} |
| Deprecate model | DELETE /api/v1/models/{model_id} |
| Approve compliance frameworks | POST /api/v1/models/{model_id}/approve |
| Model history (audit trail) | GET /api/v1/models/{model_id}/history |
| Fleet summary | GET /api/v1/models/stats |
Register a model
curl -X POST "https://pilot.owkai.app/api/v1/models" \
-H "Authorization: Bearer <admin_jwt>" \
-H "Content-Type: application/json" \
-d '{
"model_id": "claude-3-5-sonnet-prod",
"model_name": "Claude 3.5 Sonnet",
"version": "2025-10-01",
"environment": "production",
"model_owner": "governance-team@example.com",
"risk_level": "HIGH",
"data_classification": "restricted",
"business_unit": "Enterprise AI",
"model_type": "llm",
"framework": "anthropic-api",
"description": "Primary LLM for production customer-facing agents",
"contains_pii": true,
"contains_phi": false,
"contains_pci": false
}'
Required fields: model_id, model_name, version, environment, model_owner.
Approve compliance frameworks
A model needs framework-specific approval before agents can be wired to it. Approve one or more in a single call:
curl -X POST "https://pilot.owkai.app/api/v1/models/claude-3-5-sonnet-prod/approve" \
-H "Authorization: Bearer <admin_jwt>" \
-H "Content-Type: application/json" \
-d '{
"frameworks": ["gdpr", "sox"],
"approval_notes": "Reviewed DPA + vendor SOC 2 report. HIPAA/PCI-DSS pending BAA."
}'
Valid frameworks: gdpr, sox, hipaa, pci_dss.
The backend recalculates compliance_status:
- All four approved →
APPROVED - Some approved →
PARTIALLY_APPROVED
Each approval writes a MODEL_COMPLIANCE_APPROVED event to the immutable audit log.
FEAT-001B — Link an agent to a model
SDK 2.3.0
from ascend import AscendClient
client = AscendClient(api_key="owkai_...")
response = client.link_model_to_agent(
agent_id="financial-advisor-prod",
model_id=42, # DeployedModel.id returned from /api/v1/models
)
The SDK method is a thin wrapper over PUT /api/registry/agents/{agent_id} with {"model_id": <int>}.
Server-side enforcement
Before setting RegisteredAgent.model_id, the backend validates:
| Check | Failure response |
|---|---|
| Model exists in caller's organization | HTTP 400, "Model not found or belongs to a different organization" |
Model is in APPROVED or PARTIALLY_APPROVED state | HTTP 400, "Cannot link agent to model with status '<status>'. Model must be approved or partially approved." |
Successful links emit an AGENT_MODEL_LINKED event with compliance tags FEAT-001B, EU-AI-ACT-ART9, NIST-AI-RMF-MAP4, SOC2-CC8.1.
Retrieve a model's audit history
curl "https://pilot.owkai.app/api/v1/models/claude-3-5-sonnet-prod/history?limit=50" \
-H "Authorization: Bearer <admin_jwt>"
Returns hash-chained entries: MODEL_REGISTERED, MODEL_UPDATED, MODEL_COMPLIANCE_APPROVED, MODEL_DEPRECATED — one row per lifecycle event.
Compliance mapping
| Concern | Standard |
|---|---|
| Model risk classification | EU AI Act Art. 9 |
| Documentation + map of AI system | NIST AI RMF MAP-1 |
| Change management audit | SOC 2 CC8.1 |
| Approval chain evidence | SOC 2 CC6.1, AU-6 |
Related docs
Enforcement at Submit Time (G-P0-02)
From SDK 2.5.1, ASCEND enforces model registry compliance at every action submit.
How it works:
- SDK caller passes
model_idinevaluate_action() - ASCEND checks the model against your organization's Model Registry
compliance_statusmust beapprovedorpartially_approvedto proceed- Non-compliant or unregistered models return HTTP 403
Compliance standards: SR-11-7, EU AI Act Art. 9/28
Response fields:
| Field | Description |
|---|---|
| registry_checked | true when model_id was provided |
| compliance_status | approved / partially_approved / denied |
| enforcement | SR-11-7/EU-AI-ACT-ART9 |
| source | payload (explicit) or agent_link (registered agent) |
SDK example:
result = client.evaluate_action(
action_type="model_inference",
resource="ml_pipeline",
model_id="gpt-4-production",
wait_for_decision=False,
)
print(result.model_governance)
# {
# "registry_checked": True,
# "compliance_status": "approved",
# "enforcement": "SR-11-7/EU-AI-ACT-ART9",
# "source": "payload"
# }
Document Version: 2026.04 | Last Updated: April 2026