Glossary

Quick reference for terms used across the docs. Links point to detailed pages.

Full systems approach paper — https://www.arxiv.org/abs/2601.17744

Action -> A single effectful operation an agent wants to perform (e.g. stripe.refund, shell.run, http.get). Submitted as JSON with agent_id, tool, operation, params, and optional context. Every action passes through the authorization boundary and execution gate.

ABSTAIN -> Decision outcome meaning “require human approval.” The action does not run until a human approves or denies. See Execution gate.

Authorization boundary -> The single, non-bypassable point where every tool execution is evaluated. Nothing runs until the boundary returns allow or approved. See Authorization boundary.

CAR (Canonical Action Representation) -> The normalized, deterministic form of an action used for hashing and policy evaluation. Same logical action ⇒ same CAR ⇒ same request_hash. Defined in Faramesh Core Spec v1.0 §4 and summarized in CAR.

Decision -> The authorization result for an action: EXECUTE, ABSTAIN, or HALT. One decision per action; version-bound (policy_hash, profile_hash, provenance_id) for audit and replay.

Default deny -> If no policy rule matches an action, the outcome is HALT. There is no “allow by default.” See Policies overview and Execution gate.

DPR (Decision Provenance Record) -> An immutable record for each decision, with request_hash, policy_hash, decision, and hash chaining (prev_hash, record_hash) for tamper-evident audit. See Cryptographic provenance and Core Spec §11.

EXECUTE -> Decision outcome meaning “allowed.” The action proceeds to execution (or to approval flow if your setup requires it).

Execution gate -> The component that produces the decision (EXECUTE / ABSTAIN / HALT) from CAR, policy, and optional profile. See Execution gate.

Execution profile -> Optional allowlist of tools/operations and per-tool constraints. If enabled, tools not in the profile yield HALT. See Core Spec §6.

Fail-closed -> When the policy engine or gateway is unreachable or errors, the action is denied (HALT). No execution on ambiguity or failure. See Concepts and Security & compliance.

HALT -> Decision outcome meaning “denied.” The action must not execute.

High-risk upgrade -> If risk scoring returns “high” and the policy would otherwise allow (EXECUTE), the final decision is upgraded to ABSTAIN (require approval). See Core Spec §8.3 and Execution gate.

Horizon -> Faramesh’s managed cloud offering: dashboard, API, approvals, billing. Use your Horizon URL and API key to connect agents.

policy_hash -> SHA-256 of the normalized policy program used for a decision. Stored with the action for version binding and replay.

profile_hash -> SHA-256 of the execution profile (if used). Otherwise zero. See Core Spec §6.2.

Provenance -> The chain of evidence for why a decision was made: request_hash, policy_hash, profile_hash, DPR, and optional Merkle proof and replay. See Cryptographic provenance.

provenance_id -> Unique identifier tying a decision to its request, policy, and profile versions. Used for audit and replay.

request_hash -> SHA-256 of the canonical JSON of the action (CAR). Same action ⇒ same hash. Used in DPR, permits, and replay. See CAR and Core Spec §5.

Replay -> Re-evaluating a past decision with the same (or overridden) policy/state, without executing again. Used for audit and compliance. See Provenance and Core Spec §15.

Risk scoring -> Independent rule set that assigns risk_level (low, medium, high). Can upgrade EXECUTE to ABSTAIN when risk is high. See Core Spec §8.

Status -> Lifecycle state of an action: e.g. pending_decision, allowed, denied, pending_approval, approved, executing, succeeded, failed. No execution until approved (or allowed for immediate EXECUTE). See Core Spec §10.2–10.3.