Skip to main content

Smart Rules Overview

Overview

Smart Rules are AI-powered policy rules that automatically govern AI agent behavior within your organization. They combine pattern recognition, risk assessment, and compliance requirements to create dynamic governance controls that adapt to your security needs.

Unlike static policies, Smart Rules learn from agent behavior patterns and can be generated automatically using natural language descriptions or manually configured through a JSON editor.

Key Features

  • AI-Powered Generation: Create rules from natural language descriptions using LLM technology
  • Risk-Based Actions: Automatically determine actions (block, approve, monitor) based on risk levels
  • Multi-Agent Support: Apply rules to specific agents or all agents using wildcards
  • Performance Tracking: Monitor rule effectiveness with built-in analytics
  • Compliance Integration: SOC 2, PCI-DSS, and HIPAA compliance framework support
  • Real-Time Evaluation: Rules evaluated instantly when agent actions are submitted

Rule Types and Categories

By Risk Level

Risk LevelScore RangeTypical Actions
Critical90-100Immediate block, security team alert
High70-89Require approval, enhanced monitoring
Medium50-69Flag for review, standard monitoring
Low0-49Auto-approve, basic logging

By Action Type

  • File Operations: file_access, file_delete, file_write
  • Network Operations: network_request, api_call, network_scan
  • System Operations: system_command, privilege_escalation
  • Data Operations: data_access, data_query, database_write

By Scope

  • Agent-Specific: Rules that apply to a single agent ID
  • Universal: Rules with agent_id: "*" that apply to all agents
  • Department-Scoped: Rules filtered by organizational department

How It Works

Rule Evaluation Flow

Agent Action Submitted
        |
        v
+------------------+
| Load Smart Rules |
+------------------+
        |
        v
+------------------+
| Match Conditions |
| - agent_id       |
| - action_type    |
| - risk_level     |
+------------------+
        |
        v
+------------------+
| Execute Action   |
| - require_approval|
| - auto_block     |
| - monitor        |
+------------------+
        |
        v
    Decision

Rule Matching

Rules are evaluated in priority order. When an agent action is submitted:

  1. Condition Matching: The system checks if the action matches the rule's condition (agent_id, action_type)
  2. Risk Assessment: The action's risk score is compared against the rule's risk level
  3. Action Execution: The specified action is applied (block, approve, escalate, or monitor)

Configuration

Basic Rule Structure

{
  "id": 1,
  "agent_id": "*",
  "action_type": "database_write",
  "description": "Validates database modifications",
  "condition": "action_type == 'database_write'",
  "action": "require_approval",
  "risk_level": "high",
  "enabled": true,
  "priority": 10
}

Configuration Options

FieldTypeDescription
agent_idstringTarget agent ID or * for all
action_typestringAction type to match
conditionstringEvaluation condition expression
actionstringAction to take when matched
risk_levelstringlow, medium, high, critical
enabledbooleanWhether rule is active
priorityintegerEvaluation priority (higher = first)

Usage Examples

List All Smart Rules

curl -X GET "https://api.ascend.ai/api/smart-rules" \
  -H "Authorization: Bearer $TOKEN"

Create a Smart Rule

curl -X POST "https://api.ascend.ai/api/smart-rules" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "agent_id": "code-assistant",
    "action_type": "file_delete",
    "description": "Block file deletions from code assistant",
    "action": "auto_block",
    "risk_level": "critical"
  }'

Generate Rule from Natural Language

curl -X POST "https://api.ascend.ai/api/smart-rules/generate" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "description": "Block any agent from making network requests to external APIs without approval"
  }'
Last updated on