Integration Overview
| Field | Value |
|---|---|
| Document ID | ASCEND-SDK-008 |
| Version | 1.0.0 |
| Last Updated | December 19, 2025 |
| Author | Ascend Engineering Team |
| Publisher | OW-KAI Technologies Inc. |
| Classification | Enterprise Client Documentation |
| Compliance | SOC 2 CC6.1/CC6.2, PCI-DSS 7.1/8.3, HIPAA 164.312, NIST 800-53 AC-2/SI-4 |
Reading Time: 5 minutes | Skill Level: Beginner
Overview
ASCEND provides multiple integration paths to match your architecture. This guide helps you choose the right approach for your deployment.
Integration Matrix
| Integration | Best For | Effort | Code Changes |
|---|---|---|---|
| Python SDK | LangChain, custom Python agents | Low | Minimal |
| Node.js SDK | TypeScript/JavaScript agents | Low | Minimal |
| REST API | Any language, microservices | Low | Moderate |
| Boto3 Wrapper | AWS operations in AI pipelines | Very Low | One line |
| Lambda Authorizer | API Gateway protection | Low | None (config) |
| Kong Plugin | Kong Gateway users | Very Low | None (config) |
| Envoy ext_authz | Istio/Envoy service mesh | Low | None (config) |
Decision Flowchart
┌────────────────────────────────────────────────────────────────────┐
│ CHOOSE YOUR INTEGRATION │
├────────────────────────────────────────────────────────────────────┤
│ │
│ ┌─────────────────────┐ │
│ │ Is your agent in │ │
│ │ Python or Node.js? │ │
│ └─────────┬───────────┘ │
│ │ │
│ ┌───────┴───────┐ │
│ │ │ │
│ YES NO │
│ │ │ │
│ ▼ ▼ │
│ ┌───────────┐ ┌───────────────┐ │
│ │ Use SDK │ │ API Gateway? │ │
│ │ (Python │ │ or Service │ │
│ │ or │ │ Mesh? │ │
│ │ Node.js) │ └───────┬───────┘ │
│ └───────────┘ │ │
│ ┌──────┴──────┐ │
│ │ │ │
│ YES NO │
│ │ │ │
│ ▼ ▼ │
│ ┌───────────┐ ┌───────────┐ │
│ │ Use │ │ Use REST │ │
│ │ Gateway │ │ API │ │
│ │ Plugin │ │ │ │
│ └───────────┘ └───────────┘ │
│ │
└────────────────────────────────────────────────────────────────────┘
SDK Integrations
Direct integration for AI agent code.
Python SDK
Best for Python-based AI agents including LangChain, custom agents, and automation scripts.
# Source: sdk/ascend-sdk-python/ascend/client.py:64
from ascend import AscendClient, AgentAction
client = AscendClient(
api_key="owkai_your_key_here",
base_url="https://pilot.owkai.app"
)
action = AgentAction(
agent_id="my-agent",
agent_name="My AI Agent",
action_type="database_read",
resource="Read customer data",
tool_name="postgresql"
)
result = client.submit_action(action)
Features:
- Automatic retry with exponential backoff
- Circuit breaker pattern
- Dual authentication headers
- Request correlation IDs
- TLS certificate validation
📖 Full Guide: Python SDK
Node.js SDK
Best for TypeScript/JavaScript agents in Node.js environments.
// Source: sdk/nodejs/src/index.ts:22
import { AscendClient, FailMode, Decision } from '@ascend/sdk';
const client = new AscendClient({
apiKey: 'owkai_your_key_here',
agentId: 'my-agent',
agentName: 'My AI Agent',
failMode: FailMode.CLOSED,
});
const decision = await client.evaluateAction({
actionType: 'database.query',
resource: 'production_db',
parameters: { query: 'SELECT * FROM users' },
});
Features:
- TypeScript types included
- Fail mode configuration
- Circuit breaker with configurable thresholds
- Structured JSON logging
- Webhook support
📖 Full Guide: Node.js SDK
Boto3 Wrapper
Zero-code governance for AWS SDK operations.
# Source: sdk/ascend-boto3-wrapper/ascend_boto3/wrapper.py:349
from ascend_boto3 import enable_governance
# Enable governance globally - one line!
enable_governance(api_key="owkai_your_key_here")
# All boto3 operations now go through ASCEND
import boto3
s3 = boto3.client('s3')
s3.delete_bucket(Bucket='my-bucket') # Requires approval
Features:
- Transparent monkey-patching
- Auto-classification of AWS operation risk
- Configurable bypass rules
- Dry-run mode for testing
📖 Full Guide: Boto3 Wrapper
Gateway Integrations
Protect APIs without code changes.
AWS Lambda Authorizer
Integrate ASCEND governance with Amazon API Gateway.
# CloudFormation configuration
Resources:
AscendAuthorizer:
Type: AWS::ApiGateway::Authorizer
Properties:
RestApiId: !Ref MyApi
Type: REQUEST
AuthorizerUri: !Sub arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${AscendAuthorizerFunction.Arn}/invocations
Features:
- FAIL SECURE design
- Policy caching for performance
- CloudWatch metrics
- Multi-format support (REQUEST, TOKEN, HTTP API v2)
📖 Full Guide: AWS Lambda Authorizer
Kong Plugin
Native Kong Gateway plugin for AI governance.
# Kong declarative config
plugins:
- name: ascend
config:
api_key: owkai_your_key_here
environment: production
fail_open: false
cache_ttl: 60
Features:
- FAIL SECURE by default
- Decision caching
- Custom action type mappings
- Path exclusions
📖 Full Guide: Kong Plugin
Envoy/Istio ext_authz
External authorization for Envoy proxy and Istio service mesh.
# Source: ascend-envoy-authz/deploy/kubernetes/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: ascend-authz
spec:
template:
spec:
containers:
- name: ascend-authz
image: owkai/ascend-envoy-authz:latest
env:
- name: ASCEND_API_KEY
valueFrom:
secretKeyRef:
name: ascend-secrets
key: api-key
Features:
- gRPC ext_authz service
- Decision caching
- Agent ID header extraction
- Configurable fail modes
📖 Full Guide: Envoy/Istio
REST API
Direct HTTP integration for any platform.
curl -X POST https://pilot.owkai.app/api/v1/actions/submit \
-H "Authorization: Bearer owkai_your_key_here" \
-H "Content-Type: application/json" \
-d '{
"agent_id": "my-agent",
"agent_name": "My AI Agent",
"action_type": "database_read",
"description": "Read customer data",
"tool_name": "postgresql"
}'
📖 Full Guide: REST API
Framework Integrations
MCP Server Governance
Govern Model Context Protocol servers.
// Source: sdk/nodejs/src/mcp.ts
import { mcpGovernance, requireGovernance } from '@ascend/sdk';
// Apply governance middleware
const tools = {
execute_sql: mcpGovernance({
actionType: 'database.query',
riskLevel: 'high'
})(originalTool)
};
📖 Full Guide: MCP Server Governance
LangChain Integration
Wrap LangChain tools with governance.
from langchain.tools import BaseTool
from ascend import AscendClient
class GovernedTool(BaseTool):
def _run(self, query: str):
# Check governance before executing
result = self.client.submit_action(self.action)
if result.is_approved():
return self.original_tool._run(query)
📖 Full Guide: LangChain Integration
Common Configuration
All integrations share these configuration options:
| Option | Description | Default |
|---|---|---|
api_key | Your ASCEND API key | Required |
base_url | API endpoint URL | https://pilot.owkai.app |
timeout | Request timeout (seconds) | 30 |
environment | Deployment environment | production |
fail_mode | Behavior when unavailable | closed |
Environment Variables
Set these environment variables to configure integrations:
# Required
export ASCEND_API_KEY="owkai_your_key_here"
# Optional
export ASCEND_API_URL="https://pilot.owkai.app"
export ASCEND_ENVIRONMENT="production"
export ASCEND_DEBUG="false"
Next Steps
Choose your integration path:
- Python SDK — Full Python SDK documentation
- Node.js SDK — Full Node.js SDK documentation
- REST API — Direct HTTP API reference
- Gateway Overview — API Gateway integrations
Document Version: 1.0.0 | Last Updated: December 2025