Glossary
Precise definitions for the terms used throughout the Fibric documentation. Where a term names a type or field in the kernel or the connector SDK, the definition matches the source, and the linked concept page is the authoritative treatment. Terms are alphabetical.
A–C
| Term | Definition |
|---|---|
| action | One governed step of a plan: a PlannedAction naming a connector role, a tool, args, an optional value, an entity_key, and an idempotency_key. Side-effecting actions pass the trust gate before running. See Data model. |
| agent_id | Envelope field identifying the operator that produced an event, when one did. Null for events from external sources. |
| ALERT | The trust decision meaning permitted, contingent on human approval. The plan pauses; the approval or veto is receipted with the approver's identity. See Trust tiers. |
| ALLOW | The trust decision meaning permitted without a human in the loop. The executor runs the action once and receipts it. |
| at-least-once | The ingestion delivery guarantee: an event may be delivered to Fibric multiple times, and duplicates collapse on the caller's idempotency key. See Reliability. |
| backfill | Paging historical events through GET /v1/events before tailing the live stream from the final cursor, so a consumer starts with no gap. See Streaming events. |
| BLOCK | The trust decision meaning refused. Returned when no policy matches an action (the fail-closed default), a maxValue is exceeded, or a predicate returns false. Approval cannot override a BLOCK. |
| capability | A named ability an operator requests, such as orders.hold, fulfilled at runtime by whichever installed connector is bound to it. The indirection that makes swapping connectors configuration rather than code. See Capabilities. |
| capability binding | The tenant-level mapping from a capability role to an installed connector, created with fibric connectors add <connector> --as <role>. |
| connector | A typed integration built with the connector SDK: declared auth, tools, event sources, and a probe. SaaS systems, hardware, and operators all take this one shape, and all are MCP-based. See Connectors. |
| connector credential | The secret a tenant grants a connector to reach a source system. Stored encrypted at rest, keyed per tenant, injected into the runtime's HTTP client, never visible to connector code or models. See Secrets and credentials. |
| ConnectorCtx | The context a tool handler receives: tenant_id, reseller_id, non-secret config, a log function, and in production a pre-authenticated per-tenant HTTP client. |
| correlation_id | The identifier that ties an envelope to everything downstream of it, plans, actions, receipts, so a ledger entry can be walked back to the event that caused it. |
| cursor | An opaque token naming a position in the tenant's event log, returned by list pagination (next_cursor) and carried on every stream frame. Presenting a cursor resumes from that position. |
D–F
| Term | Definition |
|---|---|
| DEDUP | The disposition the executor assigns to a side-effecting action whose idempotency_key was already consumed: the action does not run again, and the result is ok: true because the intended state already holds. |
| disposition | How the executor resolved one action: ALLOW, ALERT, BLOCK, or DEDUP. Every disposition is receipted, including refusals. |
| DurableExec | The kernel seam for durable at-most-once execution: once(key, fn) runs a function at most once per key, surviving retries and restarts. MVP: Postgres outbox; scale-up: Temporal. See Deployment architecture. |
| early access | The status of marketplace listings not yet generally installable; provisioned with your team during onboarding. Contrast live. Installing an early-access listing directly fails with listing_early_access. |
| entity | The real-world thing actions must not trample concurrently, one order, one conversation, one HVAC zone. Exists in the data model only as the entity_key actions carry. |
| entity_key | The caller-defined key identifying an action's entity, for example order:magento:SO-10884. Actions sharing an entity_key are serialized by single-flight; the Events API also indexes events by it. |
| envelope (EventEnvelope) | The one canonical event shape everything becomes at ingest: identity, tenancy pair, source, event_type, correlation_id, payload, and operator attribution. See The event envelope. |
| event bus | The kernel seam that carries envelopes from ingest to subscribers: publish(env) / subscribe(sub). MVP: in-process / EventBridge; scale-up: MSK/Kafka. |
| event_type | The dot-delimited classification of an envelope, for example order.created. Operator triggers and stream filters match it by glob. |
| executor (DeterministicExecutor) | The kernel component that disposes plans: it evaluates the trust gate, enforces single-flight and idempotency, invokes connector tools, and receipts every disposition. The LLM proposes; the executor disposes. |
| fail-closed | The platform's default-safe stance: no matching policy blocks the action, no tenant context returns zero rows, no binding means a capability is unusable. Reaching an unsafe state requires an explicit grant. See Security model. |
G–O
| Term | Definition |
|---|---|
| glob trigger | The pattern an operator registers against event_type, where * matches a single dot-delimited segment: order.* matches order.created but not order.refund.issued. |
| guardrail | Informal name for an operator's trust policies taken together: the ALLOW/ALERT/BLOCK rules, value ceilings, and predicates that bound what its proposals can do. |
| idempotency key | A caller-defined key that makes an operation safe to repeat. On ingest, the Idempotency-Key header collapses duplicate deliveries; on execution, each action's idempotency_key is consumed at most once, with replays disposing as DEDUP. See Single-flight & idempotency. |
| ingestion | The act of delivering events into Fibric, via webhook, poll, gateway, or POST /v1/events. At-least-once with deduplication. |
| listing | A marketplace entry for a connector or operator pack, with a status of live or early access. |
| model router | The kernel's only model entry point. Which model serves a request is policy: a defaultModel plus optional perTenant overrides, keyed by verified tenant identity. See Deployment architecture. |
| operator | A named AI worker that senses envelopes matching its trigger, reasons with a model, and proposes an ExecutionPlan. Operators never make raw side-effecting calls; the executor disposes their plans. See Operators. |
| operator pack (pack) | A packaged, installable operator for a vertical use case, distributed through the marketplace, from $49/operator/mo. See Operator packs. |
P–R
| Term | Definition |
|---|---|
| plan (ExecutionPlan) | An operator's entire output: optional reasoning plus an ordered list of actions. Proposals only; nothing in a plan has happened until the executor disposes it. See Data model. |
| probe | A connector's declared health check: a cheap authenticated call proving the credential works, optionally returning a headline metric. Backs the connector status shown in the console and CLI. |
| promotion | Moving an operator from sandbox to production by rebinding its capabilities to real connectors and reviewing guardrails; the operator definition itself does not change. See Environments. |
| receipt | The immutable, tenant-scoped record of one disposition: what was proposed, what the gate decided, what ran, what came back, and who approved or vetoed. See Receipts & audit. |
| replay | Re-offering stored envelopes to operators, safely, because identity-derived idempotency keys make already-executed actions dispose as DEDUP. Also the local fibric dev replay workflow. |
| reseller | A partner running its own branded tenants on Fibric. reseller_id travels on every envelope and row; null means Fibric-direct. Branding is jsonb data, not a fork. |
| resume token | The cursor a stream consumer persists after its last fully processed frame; presented via the cursor parameter or Last-Event-ID header to continue without a gap. See Streaming events. |
| row-level security (RLS) | The Postgres mechanism enforcing the tenant wall: a forced policy compares each row's tenancy columns against transaction-local settings from a verified identity. No context, no rows. See Tenancy & isolation. |
S–W
| Term | Definition |
|---|---|
| sandbox connector | A connector whose tools act on a simulated system while speaking the same capability interface as the real one, so the full governed loop runs with no live side effects and no real credential (auth: none()). |
| seam | A kernel infrastructure dependency defined as an interface, with a cheap MVP implementation and a named scale-up target that drops in behind the same interface: DurableExec, EventBus, ModelRouter, VectorStore, BlobStore. See Deployment architecture. |
| side-effecting tool | A connector tool declared with sideEffecting: true, meaning it changes state in a source system. Only side-effecting tools pass the trust gate and consume idempotency keys; reads need neither. |
| single-flight | The executor primitive serializing side effects per entity_key: work on an entity waits for in-flight work on that entity to dispose. Over HTTP, contention surfaces as 409 entity_locked. |
| source | Envelope field naming where an event came from: a connector ("shopify"), a gateway ("bacnet-gw-7"), the scheduler ("cron"), or an operator ("operator:jenny"). |
| tenant | One customer organization; the hard isolation boundary. Every envelope and row carries tenant_id, and RLS enforces the wall. A tenant may sit under a reseller or be Fibric-direct. |
| tool | One typed operation on a connector: an input validator, a sideEffecting flag, and a handler receiving a ConnectorCtx. See Tools & auth. |
| trust policy | One rule in the trust gate: an optional connector/tool match, optional maxValue and predicate constraints, and a decision. Evaluation is default-closed: no matching policy means BLOCK. |
| trust tier | The decision class a policy places an action in, ALLOW, ALERT, or BLOCK, and the escalation model between them: trust is widened per tool with receipt evidence, not granted wholesale. See Trust tiers. |
| undo | Reversing an executed action through the inverse its tool declares, itself a receipted action. Actions with no declared inverse fail undo with action_not_undoable. See Receipts & audit. |
| veto | A human rejecting a plan awaiting approval. The veto is receipted with the identity and reason, becoming part of the audit trail. |
| workspace | A tenant-scoped partition, a team, a site, an environment. workspace_id travels on envelopes and rows for scoping; the security guarantee stays at the tenant level. See Environments. |
i
Missing a term?
If the documentation uses a term this page does not define, that is a documentation bug. The concept pages, starting from the architecture overview, are the authoritative treatments behind every definition here.