ASE — Control plane

Agentic engineering
with operational discipline.

AI agents are writing production code today. ASE is the self-hosted operational control plane that defines their boundaries, supervises their execution in real time, and produces an immutable evidence trail to prove compliance.

Built for engineering leaders, security teams, and compliance officers responsible for the code AI ships into production.

Contact us Book a 30-min walkthrough See capabilities

See ASE running against a real repo. No deck.

Why ASE exists

A fleet of ungoverned agents loose on your codebase is an operational risk.

ASE brings to agentic delivery what regulated workflow automation brought to business operations: identity boundaries, versioned definitions, approvals, immutable audit, evidence reporting, and recovery paths — in one product surface your engineering and compliance teams can both stand behind.

01 · The reality

Agents are already writing your code.

Copilot, Cursor, Claude Code, and custom agent scripts are writing and refactoring code in your codebase right now. None of that activity is captured in your existing change-control database.

02 · The status quo

Improvised prompts, missing evidence.

Prompts are ad-hoc. Reviews are manual and best-effort. Event logs are scattered across vendors. There is no single, chain-hashed record of what the agents decided, which models were invoked, and who approved the changes.

03 · The ASE answer

Govern agentic workflows with structural discipline.

ASE establishes the central control plane for multi-agent execution. It captures work definitions, approval gates, runtime leases, and tamper-evident audit trails that map directly to your existing IT controls and regulatory requirements.

Positioning

ASE is not a prompt-chain runner. It sits above your code-intelligence providers, your live coordination service, your graph evidence store, and your model-specific coding agents — and gives the engineering lead one product surface for the full lifecycle of an agent constellation working on a real codebase.

What ASE owns

  • Project & problem definition — guided, LLM-assisted intake captured as versioned definitions.
  • Design elaboration — architecture, interface, and compliance plans, version-tracked.
  • Compliance control matrix — mapped to your regulatory regime, with exception/approval workflows.
  • Agent constellation configuration — capability inventory, launch profiles, work distribution policy.
  • Live orchestration dashboards — claims, leases, gates, branches, work items, failures, compliance state.
  • Change control — human approval gates around merges and exceptions.
  • Tamper-evident audit — immutable evidence and compliance reports you can hand to auditors.

What ASE delegates

  • Identity to Keycloak — secure OIDC authentication, MFA, passkeys, and role-based access control.
  • Live claim arbitration to CLAiR — real-time agent coordination, transient claim leases, and gate enforcement using the Agentic Code Orchestration Protocol (ACOP).
  • Code intelligence to the Planning boundary — code parsing, symbol analysis, and dependency mapping (with Bo as the default provider).
  • Durable graph evidence to CLAiR Graph powered by BogDB — storing immutable, chain-hashed run records in our embeddable, in-process graph database.
  • Model-specific code editing to individual agent processes — executed via secure harness catalogs (like Codex, Claude, Gemini, or custom adapters) integrated with Keycloak credentials.

Each authority boundary is a contract, not a black box — you can swap providers without rewriting your control plane.

A realistic first slice

The first useful ASE slice lets an operator stand up a small agent constellation against a single repository — with the controls and evidence you'd expect for production work.

  1. Define a software system or problem through a guided, LLM-assisted interface.
  2. Produce versioned problem, compliance, and constellation definitions.
  3. Connect to your CLAiR Keycloak realm, CLAiR coordination service, Planning provider (Bo), and CLAiR Graph (BogDB) store.
  4. Launch a small agent constellation against one repository.
  5. Observe live claims, leases, work state, and failures in real time.
  6. Export an audit and compliance report for the run.

Built for self-hosting

  • .NET 10
  • Blazor Server / Blazor Web App for real-time interaction
  • SignalR-backed live updates
  • SQL-backed operational store
  • CLAiR Graph / BogDB integration for graph evidence
  • Keycloak OIDC with MFA and passkey support
  • Self-hosted first — Docker Compose for local and dev operation

Why self-hosted

Your source code, your compliance posture, your identity authority. ASE deploys inside your network alongside the rest of your engineering stack — no agentic activity, evidence, or definitions leave your perimeter unless you choose to export them.

For regulated workloads, this is not a nice-to-have. Auditors need to see who approved what, what evidence was captured, and what the agent constellation actually did — with the same trust model you already apply to humans on the same codebase.

See it on your stack

Bring agentic delivery into your engineering org — without losing control.

ASE is in active development at Beyond Ordinary. If you’re trying to operationalize coding agents against a real, regulated codebase, the 30-minute walkthrough is the fastest way to see whether ASE fits your stack.

Contact us Book a 30-min walkthrough See other products

Cookie Compliance

We use cookies to ensure you get the best experience on our website. By continuing to use our site, you accept our use of cookies, privacy policy and terms of service.