Skip to content

Glossary

This page is a quick reference for the key terms used across the book. It does not replace the chapters, but it makes it easier to recall a term and jump to the right section.

Canonical glossary routes

Use the glossary as a fast route through the three canonical cases. Support triage starts with Tool gateway, Approval gate, Policy gate, Capability catalog, Trace, and Eval dataset. Internal knowledge assistant starts with Retrieval, Long-term memory, Profile memory, Provenance, Trust boundary, and Egress policy. Incident coordination starts with Agent runtime, Control plane, Rollout gate, Trace, Span, and Approved inventory.

Agent runtime

The execution environment of the agent: the place where the run loop, context assembly, tool calls, policy checks, memory, and telemetry live.

Read next:

Control plane

The governance layer of the platform. This usually includes policies, the capability catalog, approvals, rollout checks, and audit logic.

Read next:

Trust boundary

A boundary between zones with different levels of trust and control. Examples include the edges between user input, memory, tools, and external systems.

Read next:

Policy gate

A decision point where the system determines whether it may execute an action, read data, write memory, or call a tool.

Read next:

Capability catalog

The registry of what an agent can do: which tools exist, who owns them, what risk they carry, which transport they use, and what restrictions apply.

Read next:

Approved inventory

The explicit set of capabilities approved for a specific agent or agent class. This prevents teams from confusing “exists in the catalog” with “allowed for use.”

Read next:

Tool gateway

The control point before a tool call. It checks the actor, policy, risk tier, approval requirements, and egress rules before the call is allowed to continue.

Read next:

Sandbox execution

Running a tool in an isolated environment to limit side effects and reduce access to the network, filesystem, and other sensitive resources.

Read next:

Egress policy

The rules that define where an agent or tool may connect outward: which domains, services, and types of network access are allowed.

Read next:

Short-term memory

Short-lived memory for the current session or run. It helps maintain near-term context and usually should not be retained forever.

Read next:

Long-term memory

Persistent memory that survives beyond a single session. It requires stronger discipline because a bad write can persist and spread.

Read next:

Profile memory

A dedicated memory layer for user preferences, stable traits, or working profile information. It is not the full interaction archive, but a curated set of validated facts.

Read next:

Retrieval

The selection of relevant records from memory or the knowledge layer for a specific run. Good retrieval brings in a small amount of highly relevant context.

Read next:

Compaction

Background memory maintenance: merging, summarizing, deduplicating, and rebuilding records so the memory layer does not turn into a dump.

Read next:

Provenance

The origin of a piece of data: where it came from, how it entered memory, which rule allowed it, and how much it should be trusted.

Read next:

Approval gate

A stage where the system does not execute a risky action automatically, but instead routes it to a human or other trusted role for confirmation.

Read next:

Trace

The connected history of a single agent run: what steps happened, which policy decisions were made, which tools were called, and how the run ended.

Read next:

Span

A single segment inside a trace. Examples include a retrieval span, a tool execution span, or an approval span.

Read next:

Rollout gate

A readiness check before launch or traffic expansion. It typically considers safety, evals, observability, ownership, and operational controls.

Read next:

Eval dataset

A set of examples, runs, or sessions used for regression checks and quality evaluation before rollout or after changes.

Read next: