Glossary¶

Key terms used across Xybern documentation.

A¶

A2A Delegation Agent-to-Agent delegation. A mechanism where one AI agent grants a subset of its permissions to another agent for a specific task. The delegating agent cannot grant more than it holds. All delegation events are recorded in the Provenance Vault.

Action Interception The process of intercepting an AI agent's intended action before it executes, evaluating it against active policies, and returning a decision (allow, block, or escalate). Performed by POST /v1/enforce/intercept.

Agent An autonomous AI process that performs actions on behalf of users or systems. In Xybern, every agent is registered with an agent_id and governed by policies tied to that identity.

Agent Identity A unique, cryptographically stable identifier (agent_id) assigned to each registered AI agent. Used to associate actions, policies, decisions, and audit records with a specific agent.

Agent RBAC Role-Based Access Control applied to AI agents. Agents are assigned roles (e.g. finance-reader, ops-executor) and policies are attached to roles rather than individual agents.

Allow A decision returned by the enforcement engine when an action passes all applicable policies. The agent may proceed with the action.

B¶

Block A decision returned by the enforcement engine when an action violates one or more active policies. The action is prevented from executing.

Breakglass An emergency override mechanism that allows a designated human operator to bypass normal authorisation for a specific agent and action. Every breakglass event is logged with justification and triggers a mandatory post-incident review. Subject to a per-agent cooldown (max 3 per 30 minutes).

C¶

Chain ID An identifier grouping multiple related enforcement decisions into a single multi-step workflow. Allows the Provenance Vault to reconstruct the full sequence of actions taken by an agent in one operation.

Credential Lifecycle The end-to-end management of agent credentials, issuance, rotation, expiry, and revocation, handled automatically by Xybern so agents never hold long-lived secrets.

Custom Policy A user-defined policy built using the Custom Policy Builder or the Policy-as-Code SDK. Custom policies extend Xybern's default rule set with organisation-specific logic.

D¶

Decision The outcome of an enforcement check: allow, block, or escalate. Each decision is immutable, assigned a unique decision_id, and recorded in the Provenance Vault.

Decision Path Indicates whether a decision was made by the fast path (cached, low-latency) or the full evaluation path (all policies evaluated). Returned as fast or full in the enforcement response.

Dry-Run Mode See Observe Mode.

E¶

Enforcement The act of evaluating an agent action against active policies and returning a decision before the action executes. The core capability of Xybern.

Enforcement Client The SDK component that wraps the enforcement API, providing automatic interception, retry logic, escalation polling, and credential injection.

Escalate A decision returned when an action cannot be automatically approved or blocked and requires human review. The agent is paused until a human operator resolves the escalation.

Escalation A pending human review request created when the enforcement engine returns an escalate decision. Visible in the Sentinel dashboard. Resolved with approved or rejected.

F¶

Fast Path The low-latency decision path used for actions with cached policy results. Typically returns in under 5 ms. Indicated by decision_path: "fast" in the response.

Federation The ability to connect multiple Xybern workspaces or external identity providers, enabling cross-organisation policy enforcement for agents operating across trust boundaries.

H¶

Human-in-the-Loop (HITL) A governance pattern where certain high-risk agent actions require explicit human approval before proceeding. Implemented via the escalation flow in Xybern.

J¶

JIT Access Just-In-Time access. A pattern where permissions are granted only for the duration they are needed, then automatically revoked. Implemented in Xybern via Temporal Permission Windows.

L¶

Latency The time in milliseconds taken to return an enforcement decision. Returned as latency_ms in every enforcement response. Xybern targets under 10 ms for the fast path.

LLM Gateway Xybern's proxy layer that sits between your application and LLM providers (OpenAI, Anthropic, etc.), enforcing policies on every prompt and completion before it reaches the model or your system.

M¶

Metadata Policy A policy type that evaluates arbitrary key-value metadata attached to an action (e.g. amount, recipient, region) against defined rules, without requiring code changes.

MCP Server Model Context Protocol server. Xybern's MCP integration exposes enforcement, policy management, and audit tools directly to MCP-compatible AI clients (Claude Desktop, etc.).

O¶

Observe Mode A non-blocking enforcement mode where decisions are evaluated and logged but never enforced. Used for safely testing new policies in production before activating them. Also called Dry-Run Mode or Shadow Mode.

P¶

Policy A rule that defines what an agent is permitted or forbidden to do, under what conditions. Policies are evaluated against every action at enforcement time.

Policy-as-Code Defining Xybern policies as version-controlled Python code, deployed atomically via the SDK. Changes are diffed against current state and applied with full Provenance Vault tracking.

Policy Enforcement Point (PEP) The point in a system where enforcement decisions are applied. In Xybern, the PEP is the enforce/intercept call in your agent code or the SDK auto-capture layer.

Provenance Vault Xybern's immutable audit log. Every enforcement decision, escalation, breakglass event, policy change, and credential rotation is recorded here with a cryptographic trail.

R¶

Reasoning A human-readable explanation of why a particular decision was made. Returned as reasoning in every enforcement response.

S¶

SDK Auto-Capture A feature where the Xybern SDK automatically intercepts agent tool calls without requiring manual intercept calls at each action site.

Sentinel Xybern's enforcement dashboard. Used by security teams and operators to review decisions, manage escalations, monitor agent activity, and configure policies.

Shadow Mode See Observe Mode.

T¶

Temporal Permission Window A time-bounded authorisation grant that automatically expires. Grants an agent specific scopes and action types for a defined duration (e.g. 30 minutes), after which permissions are revoked automatically.

Trust Score A numeric score (0–100) returned with every enforcement decision, indicating the confidence level of the decision based on policy evaluation, agent history, and context.

W¶

Webhook An HTTP callback triggered by Xybern authorisation events (decisions, escalations, policy changes). Used to integrate enforcement events with SIEM tools, Slack, PagerDuty, or custom systems.