Glossary¶

A single source of truth for the vocabulary used across Joch documentation. Where a term has a dedicated resource or page, the glossary entry links to it.

A¶

A2A (Agent-to-Agent) — A protocol for inter-agent communication. Joch persists A2A interactions as Handoff events and exposes them through AOS-compliant hooks.

AgBOM (Agent Bill of Materials) — A machine-readable inventory of every component a Joch agent depends on: models, tools, MCP servers, knowledge sources, memory stores, policies, secrets, and deployments. Joch's AgBOM extends OWASP AgBOM and emits CycloneDX, SPDX, and SWID. See AgBOM.

Agent (Joch resource) — The Joch record of an agent. The agent record is framework-agnostic; the actual agent code lives in OpenAI Agents SDK, Claude Agent SDK, Google ADK, Microsoft Agent Framework, LangGraph, CrewAI, or custom code, and is connected via a FrameworkAdapter. See Agent.

AgBOM — See AgBOM.

AOS (Agent Observability Standard) — The OWASP standard Joch implements for inspect, instrument, and trace. See AOS Conformance.

Approval — A policy-required human review of a side-effecting action (e.g., email.send, github.create_issue). See Approval.

Artifact — Any durable output of an execution (report, dataset, file, image). Stored by reference. See Artifact.

B¶

Budget — A cost or usage cap that the policy engine enforces before model calls, tool calls, or executions exceed it. See Budget.

C¶

Control plane — The Joch services that own desired state, policy, inventory, approvals, and release gates. Counterpart to the data plane. See Control Plane.

Conversation — A vendor-neutral, durable record of an agent's dialog. Survives provider migration. See Conversation.

CycloneDX — An OWASP-related BOM standard supported by Joch's AgBOM emitter. See CycloneDX Mapping.

D¶

Data plane — The Joch services that execute model calls, tool calls, memory reads/writes, RAG retrievals, and trace emission. Counterpart to the control plane. See Data Plane.

Deployment — How many instances of an agent run, where, and at what scale. See Deployment.

E¶

Environment — A namespace + policy bundle that segments dev / staging / prod. See Environment.

Eval — A scored evaluation of an agent against a dataset, with metrics, thresholds, and an optional release gate. See Eval.

Execution — One concrete run of an agent. Owns model calls, tool calls, memory writes, traces, costs, and artifacts. See Execution.

F¶

FrameworkAdapter — The Joch resource that connects an agent record to a specific SDK or framework runtime (OpenAI Agents SDK, Claude Agent SDK, Google ADK, Microsoft Agent Framework, LangGraph, CrewAI, custom). See FrameworkAdapter.

G¶

Guardian Agent — In OWASP AOS terminology, the policy enforcement entity that receives hook calls and returns allow, deny, or modify. In Joch, the Guardian Agent role is filled by the policy engine.

H¶

Handoff — A transfer of control between agents (A2A). See Handoff.

Hook — In AOS, a synchronous interception point in the agent loop (e.g., agentTrigger, toolCallRequest, toolCallResult, message, memoryContextRetrieval, memoryStore, knowledgeRetrieval). Joch implements all standard AOS hooks at its gateways. See Hooks.

I¶

Inspect — One of the three AOS pillars: agents publish a current AgBOM that auditors and runtime systems can fetch. Implemented in Joch by the AgBOM service.

Instrument — One of the three AOS pillars: agents expose hooks that a Guardian Agent can use to allow, deny, or modify decisions. Implemented in Joch by the policy engine and the tool / MCP gateways.

Inventory (pillar) — See Inventory.

K¶

KnowledgeSource — A pointer to a corpus that feeds RAG indices (file, URL, S3, database). See KnowledgeSource.

M¶

MCP (Model Context Protocol) — The protocol used by SDKs to expose tools, resources, and prompts to agents. See the MCP gateway and MCPServer.

Memory — A bound, durable scratchpad for an agent (working, semantic, episodic). See Memory.

Model — A model record describing a backend capability (provider, name, capabilities, limits, pricing). See Model.

ModelRoute — A capability-aware, cost-aware routing policy for selecting and falling back across providers. See ModelRoute.

O¶

OCSF — Open Cybersecurity Schema Framework. Joch trace events extend the OCSF event taxonomy. See OCSF Mapping.

OpenTelemetry — The CNCF observability standard. Joch trace events extend OTel semantic conventions. See OpenTelemetry Mapping.

P¶

Policy — A versioned, portable set of rules enforced by the policy engine before model, tool, memory, or network calls. See Policy.

R¶

RAG — Retrieval-Augmented Generation. Joch tracks RAG indices, the knowledge sources that feed them, and every retrieval as part of the trace. See RAG.

S¶

Secret — An external secret reference (Vault, Kubernetes secret, AWS Secrets Manager, env). Joch never stores secret values directly. See Secret.

SPDX — A Linux Foundation BOM standard supported by Joch's AgBOM emitter.

StateCheckpoint — A vendor-neutral snapshot of agent state used during provider migration. See StateCheckpoint.

SWID — A NIST software identification standard supported by Joch's AgBOM emitter.

T¶

Team / Namespace — A multi-tenant boundary in Joch. See Team / Namespace.

Tool — A single callable function exposed through the tool gateway. See Tool.

ToolCall — One concrete invocation of a tool, with side-effect classification, idempotency key, approval status, inputs, and outputs. See ToolCall.

Trace — The structured event log of an execution. See Trace and Events.

Trace (pillar) — One of the three AOS pillars: every agent decision is captured as an event in OpenTelemetry / OCSF format.