AsplenzAsplenz

Product

How Knowledge Works

Knowledge is a decision registry that connects humans, AI agents, and CI pipelines to a single source of truth for organizational constraints.

The Core Idea

Organizations make decisions. Those decisions produce constraints. Constraints must be enforced. Today, decisions live in wikis, constraints live in people's heads, and enforcement is manual. Knowledge changes this by extracting what already exists, making decisions structured, constraints machine-readable, and enforcement automatic.

Four Entry Types, One Registry

Decisions

Immutable

A recorded choice with its context, reasoning, and author. Some decisions produce rules or constraints. Others are one-time actions or state changes - switching cloud providers, a technical choice for a specific case, a response to an incident. In all cases, the decision is an immutable historical fact: it documents what was decided, not what should be done next. If a decision needs to be revised, it can be superseded by a new decision linked to the original.

{
  "decision": "Use PostgreSQL for all transactional data stores",
  "context": "Evaluated PostgreSQL, DynamoDB, and CockroachDB",
  "reasoning": "ACID guarantees without distributed complexity",
  "author": "sarah.chen",
  "tags": ["database", "infrastructure"]
}

Knowledge does not block the creation of contradictory decisions - they are historical facts, recorded as-is. But a coherence check (on-demand or nightly) detects tensions and duplicates via semantic similarity, with actions to resolve each finding.

Invariants

Blocking

An absolute constraint - something that must never be violated. Invariants are blocking: if an action conflicts with an invariant, the action is stopped. Invariants are immutable like decisions. If a constraint needs to evolve, the current invariant is archived and a new invariant supersedes it via an explicit link. The old one remains available for audit. For exceptional cases, an override allows a temporary deviation without modifying the invariant itself.

"What must never happen?"

{
  "constraint": "All public API endpoints must require authentication",
  "rationale": "Security baseline - no exceptions without explicit approval",
  "requires_approval": true
}

Rules

Versioned

An active directive - something that should be followed. Rules are versioned: when requirements change, a new version is created while the history is preserved. Two severity levels: Mandatory (must be followed; violations block CI checks) and Advisory (should be followed; violations generate warnings).

"What should we do?"

{
  "directive": "All PRs must be reviewed by at least one team member",
  "severity": "MANDATORY"
}

Overrides

Governed

A governed exception - an explicit, approved deviation from a rule or invariant. Overrides are not workarounds. They are documented proof that the organization acknowledged a constraint, decided to deviate, and recorded why.

{
  "target": "rule:rul-9c2a",
  "justification": "Legacy payment gateway requires REST - gRPC migration planned for Q3",
  "conditions": "Applies only to payment-gateway-v2 service",
  "expires": "2026-09-30",
  "approved_by": "sarah.chen"
}

An override cannot be modified - it can be revoked and recreated if conditions change.

Scopes and Organization

Knowledge is organized into scopes - domains like Engineering, Product, Operations, or Security. Each scope contains its own decisions, invariants, and rules. Within a scope, namespaces allow further subdivision (e.g., payments, auth, infra). For multi-entity organizations, tenants provide isolation. A holding company can have subsidiary tenants, each with their own scopes and entries.

Scopes and namespaces

Agent Prompts

Your AI agent does not know your registry exists until you tell it. Asplenz provides ready-made system prompts that instruct the agent on how to use the Knowledge MCP tools: check compliance against your constraints, extract decisions and rules from your documents and codebase, or resolve the full normative state of a scope before acting. You add the relevant prompt file to your repository and pass it to your agent. The prompt is the link between your agent and your registry.

Start from What You Have

Your existing rules can be extracted automatically from your various documents such as README files, architecture docs, runbooks, source code, CLAUDE.md files, etc.

Extraction from Source Code

An Asplenz prompt enables your AI agent to analyze your codebase locally and record detected rules into Knowledge via MCP. The code never leaves your machine, only the extracted rules are sent to the registry.

Extraction from Documents

Upload your documents into Knowledge via the Ingestion API. Knowledge analyzes them and generates typed drafts.

Human Review

Nothing is published without validation. Each extraction generates a draft visible in the dashboard: approve, reject, or edit. Semantic deduplication filters out duplicates, so you can re-extract regularly without polluting the registry.

Five Interfaces, One Source of Truth

Web Dashboard

Humans browse scopes, read decisions, review pending drafts and approvals, and search the registry.

  • KPI cards (entry counts by type)
  • Extraction drafts with approve/reject workflow
  • Scope pages with tabs (Decisions, Invariants, Rules, Overrides, Approvals, Events, References)
  • Full-text search with type/scope filters
  • Compliance checker (test an intended action against constraints)

REST API

The direct programmatic interface to the registry. All other interfaces (MCP, Bot, CI Compliance Check) are clients of this API. Authentication via API key, with granular per-key permissions.

Example

curl -X POST https://api.asplenz.com/knowledge/v1/check \
  -H "Authorization: Bearer kn_..." \
  -d '{"scope_id": "scp-...", "intended_action": "Deploy on Friday evening"}'

MCP for AI Agents

AI agents connect via MCP and interact using natural language. Knowledge exposes a set of tools that agents call before, during, and after acting. When an agent requests an approval, Knowledge can notify the right people via webhook (Slack, Teams, or any external system) with an ECDSA signature to guarantee authenticity. The agent can provide a callback_url to be notified automatically when the approval is resolved - no polling needed.

Check before acting

User: "Can I deploy on Friday evening?"
Agent → knowledge_check(scope="Engineering", intended_action="Deploy on Friday evening")
Knowledge → Conflict: invariant inv-8a3f "No Friday deploys after 16:00 UTC"
Agent: "No - blocked by invariant inv-8a3f. The team has a no-Friday-deploy policy."

Resolve context before coding

Agent starts a task in the payments namespace
Agent → knowledge_resolve(scope="Engineering", namespace="payments")
Knowledge → Returns 14 applicable entries: 2 invariants, 5 decisions, 6 rules, 1 override
Agent now knows: PostgreSQL required, no AGPL deps, gRPC for new services,
  REST override active for payment-gateway-v2

Record a decision after making one

User: "Let's use Redis for session caching instead of Memcached"
Agent → knowledge_create_decision(scope="Engineering",
        decision="Redis for session caching",
        reasoning="Native pub/sub, better persistence options")
Knowledge → Created dec-4f2a, linked to existing rule rul-7b1c (caching strategy)

Slack & Teams Bot

The Knowledge Bot lets you capture entries directly from Slack or Teams:

  • Create a decision, rule, or invariant from any channel via a shortcut
  • Turn a message into a structured Knowledge entry in one click
  • Browse the registry entries in an integrated dashboard

CI Compliance Check

Your CI pipeline can invoke an AI agent with the PR diff. The agent fetches applicable invariants and rules from Knowledge, analyzes the diff against each constraint, and returns a verdict. The agent also detects implicit rules in the PR that are not yet in the registry and reports them as suggestions. Your CI acts on the verdict to allow or block the merge.

A PR that passes

PR #142: "Add health endpoint with JWT auth"
  → The agent resolves Engineering scope (3 invariants, 2 mandatory rules)
  → The agent analyzes the diff against each constraint
  → inv-a1b2 "All endpoints must require auth": RESPECTED
  → Verdict: PASS ✓

A PR that fails

PR #143: "Add AGPL-licensed PDF library"
  → The agent resolves Engineering scope
  → The agent detects a violation: inv-2b1c "No AGPL-licensed dependencies"
  → No active override for this invariant
  → Verdict: FAIL ✗

Three gating modes: report-only, fail-on-blocking, strict.

Security and Access Control

  • API keys: each key is tied to a principal (human or agent) with a role (developer → senior-dev → tech-lead → admin), granular permissions, and access restricted to specific scopes
  • Tenant isolation: complete data separation between organizations

Ready to Try?

Create your first scope and extract your first rules in 2 minutes.

Get Started →View Pricing →