Glossary

This glossary defines key terms used throughout the ASCEND documentation. Terms are organized alphabetically for easy reference.

A

Action

An operation that an AI agent attempts to perform that requires authorization from ASCEND. Actions have a type, target resource, and parameters.

Example: A database query, financial refund, or file write operation.

decision = client.evaluate_action(
    action_type="database.query",  # The action
    resource="customer_db",
    parameters={"sql": "SELECT * FROM users"}
)

Action ID

A unique identifier assigned to each action when it is submitted for evaluation. Used for audit trails and completion logging.

Format: act_ followed by alphanumeric characters (e.g., act_abc123xyz)

Action Type

A categorized identifier for the kind of operation being performed. Uses a hierarchical naming convention.

Examples:

• database.query
• financial.refund
• file.write
• api_call

Agent

An autonomous or semi-autonomous system that performs actions on behalf of users or processes. In ASCEND, agents are the primary actors requiring governance.

Types:

• supervised: Operates under human oversight
• autonomous: Fully automated with minimal intervention
• mcp_server: MCP server providing tools

Agent ID

A unique identifier for an agent within an organization. Used for policy matching, audit logging, and metrics.

Best Practice: Use descriptive, consistent naming (e.g., customer-service-bot-001)

API Key

A secret credential used to authenticate SDK and API requests. API keys are hashed (SHA-256) and never stored in plaintext.

Format: Prefix owkai_ followed by random characters

Approval

The act of a human reviewer authorizing a pending action. Required for high-risk operations or when mandated by policy.

Approval Request ID

A unique identifier for a pending approval. Used to track the approval status and notify when decisions are made.

Format: apr_ followed by alphanumeric characters

Audit Trail

An immutable record of all actions, decisions, and system events. Required for compliance with SOC 2, HIPAA, and other frameworks.

Characteristics:

• Immutable (cannot be modified)
• Hash-chained (tamper-evident)
• WORM storage compliant

ASCEND

AI Security & Compliance ENterprise Defense. The platform name.

B

Boto3 Wrapper

The ASCEND SDK component that provides zero-code governance for AWS SDK (boto3) operations in Python.

from ascend_boto3 import enable_governance
enable_governance(api_key="ascend_prod_xxx")

BYOK

Bring Your Own Key. A feature allowing organizations to use their own encryption keys (via AWS KMS) for data encryption.

C

Capabilities

A list of what an agent can do, declared during registration. Used for policy matching and risk assessment.

Standard Capabilities:

• data_access
• data_modification
• transaction
• file_operations
• communication

Circuit Breaker

A fault tolerance pattern that prevents cascading failures by failing fast when ASCEND appears to be down.

States:

• CLOSED: Normal operation
• OPEN: Failing fast, rejecting requests
• HALF_OPEN: Testing if service recovered

CMK

Customer Managed Key. An encryption key managed by the customer in AWS KMS, used with BYOK.

Compliance

Adherence to regulatory requirements and standards. ASCEND supports:

• SOC 2 Type II
• HIPAA
• PCI-DSS
• GDPR
• NIST 800-53

Conditions

The criteria in a policy that determine when the policy applies. Written as JSON expressions.

{
    "action_type": "financial.refund",
    "parameters.amount": {"$gt": 500}
}

Context

Additional information provided with an action to help with risk assessment and decision-making.

context={
    "user_request": "Process refund for order 123",
    "session_id": "sess_abc123",
    "ip_address": "192.168.1.100"
}

D

Decision

ASCEND's response to an action evaluation request. One of three values:

Decision	Meaning
allowed	Proceed with the action
denied	Block the action
pending	Awaiting human approval

Deny

A policy action that blocks the requested operation. The agent should not proceed.

E

Environment

The deployment context (production, staging, development) where an agent operates. Used for policy matching and risk assessment.

Escalation

The process of routing a pending approval to higher-level approvers when the initial timeout is reached.

Evaluate

The process of checking an action against ASCEND policies and returning a decision.

decision = client.evaluate_action(...)

F

Fail Mode

Configuration that determines behavior when ASCEND is unreachable:

Mode	Behavior
CLOSED	Block all actions (fail-secure)
OPEN	Allow all actions (fail-open)

Flag

A policy action that allows the operation but creates an alert for monitoring purposes.

G

Governance

The system of rules, practices, and processes for controlling AI agent behavior. ASCEND provides governance through policies, approvals, and audit logging.

H

Hash Chain

A security mechanism where each audit record includes a hash of the previous record, making the chain tamper-evident.

Human-in-the-Loop

A pattern where certain actions require human review and approval before execution.

I

Immutable

Data that cannot be changed after creation. Audit logs in ASCEND are immutable for compliance.

J

JWT

JSON Web Token. A token format used for authentication in ASCEND, signed with RS256 algorithm.

M

MCP

Model Context Protocol. A protocol for AI model interaction with tools and resources. ASCEND provides governance for MCP servers.

MCP Governance

The @mcp_governance decorator that wraps MCP server tools with ASCEND authorization.

@mcp_server.tool()
@mcp_governance(client, action_type="database.query", resource="prod_db")
async def query_database(sql: str):
    return await db.execute(sql)

Multi-tenant

An architecture where a single platform serves multiple organizations (tenants) with complete data isolation.

O

Organization

A tenant in ASCEND representing a company or business unit. All data is isolated per organization.

Organization ID

A unique identifier for an organization, used for data isolation (org_id).

P

Parameters

Action-specific details provided when evaluating an action.

parameters={
    "sql": "SELECT * FROM customers",
    "limit": 100
}

Pending

A decision status indicating the action requires human approval before proceeding.

Policy

A rule that defines how ASCEND should evaluate and respond to specific actions.

Components:

• Name
• Description
• Conditions
• Action
• Priority

Policy Engine

The ASCEND component that evaluates actions against policies and determines decisions.

Policy Violation

An instance where an action matches a policy's deny conditions.

Priority

A numeric value determining the order in which policies are evaluated. Higher numbers are evaluated first.

R

Rate Limit

The maximum number of API requests allowed per time period. Prevents abuse and ensures fair usage.

RBAC

Role-Based Access Control. A security model where permissions are assigned to roles, not individuals.

ASCEND Roles:

• Viewer
• Analyst
• Operator
• Manager
• Admin
• Super Admin

Registration

The process of declaring an agent to ASCEND, including its identity, capabilities, and allowed resources.

client.register(
    agent_type="supervised",
    capabilities=["data_access"],
    allowed_resources=["customer_db"]
)

Resource

An asset that an agent accesses or modifies. Can be a database, file path, API, or service.

Risk Indicators

Hints provided to help ASCEND assess risk more accurately.

risk_indicators={
    "pii_involved": True,
    "financial_data": False,
    "data_sensitivity": "high"
}

Risk Level

A categorical assessment of risk:

Level	Score Range
Low	0-44
Medium	45-69
High	70-84
Critical	85-100

Risk Score

A numeric value (0-100) quantifying the potential impact of an action. Higher scores indicate higher risk.

RLS

Row-Level Security. A database feature that restricts access to rows based on the user's organization.

RS256

RSA Signature with SHA-256. The algorithm used to sign JWT tokens in ASCEND.

S

SDK

Software Development Kit. Libraries for integrating with ASCEND:

• Python SDK (ascend-ai-sdk)
• Node.js SDK (@ascend-ai/sdk)
• Boto3 Wrapper (ascend-boto3-wrapper)

SIEM

Security Information and Event Management. Systems like Splunk and QRadar that aggregate security logs.

Smart Rules

An ASCEND feature that automatically suggests policies based on observed action patterns.

SSO

Single Sign-On. Authentication that allows users to log in once and access multiple systems.

Supervised Agent

An agent type that operates under human oversight, typically with lower risk assessment.

T

Tenant

An organization in a multi-tenant system. Each tenant has isolated data and configuration.

Timeout

A configured time limit for operations:

• API request timeout (default: 5 seconds)
• Approval timeout (configurable per policy)
• Session timeout (configurable per organization)

Trust Level

A score assigned to agents based on their history and behavior. Higher trust may result in lower risk scores.

W

Webhook

An HTTP callback that ASCEND sends when specific events occur.

Event Types:

• action.approved
• action.denied
• alert.triggered
• policy.violation

WORM

Write Once Read Many. A storage pattern where data cannot be modified after writing. Required for compliant audit logs.

Acronyms Reference

Acronym	Full Form
ASCEND	AI Security & Compliance ENterprise Defense
BYOK	Bring Your Own Key
CMK	Customer Managed Key
GDPR	General Data Protection Regulation
HIPAA	Health Insurance Portability and Accountability Act
JWT	JSON Web Token
MCP	Model Context Protocol
MFA	Multi-Factor Authentication
PCI-DSS	Payment Card Industry Data Security Standard
PII	Personally Identifiable Information
RBAC	Role-Based Access Control
RLS	Row-Level Security
SDK	Software Development Kit
SIEM	Security Information and Event Management
SOC	Service Organization Control
SSO	Single Sign-On
WORM	Write Once Read Many

See Also

• Core Concepts - Detailed explanation of key concepts
• Architecture - Platform architecture overview
• API Reference - Complete API documentation

---

Last Updated: 2026-01-20