{
  "id": "HRN-013",
  "slug": "glossary",
  "title": "Glossary",
  "category": "Reference",
  "status": "Draft",
  "summary": "A canonical glossary of Harness Engineering and agentic-systems terminology—harness, agent, tool, orchestration, evaluation, span, RAG, MCP, guardrail, and more—with crisp, citable definitions.",
  "updated": "Sun Jun 21 2026 00:00:00 GMT+0000 (Coordinated Universal Time)",
  "url": "https://santismm.com/en/handbook/glossary",
  "evidence": {
    "evidenceLevel": "theoretical",
    "confidenceLevel": "high",
    "sourceType": [
      "industry_observation"
    ]
  },
  "related": [
    "HRN-001"
  ],
  "tags": [
    "glossary",
    "reference",
    "terminology"
  ],
  "headings": [
    "Executive Summary",
    "Definition",
    "FAQs"
  ],
  "markdown": "# Glossary\n\n## Executive Summary\n\nThis glossary is the canonical reference for terms used across the Harness Engineering handbook and the wider Santismm Knowledge Platform. Definitions are crisp, machine-extractable, and intended to be cited directly. Where a term has a dedicated chapter, the entry points to it.\n\n## Definition\n\nThe following are the canonical definitions of terms used throughout this corpus. Terms are grouped for readability; within groups they are roughly ordered from foundational to specialized.\n\n### Core concepts\n\n- **Agent:** a system that uses a language model in a loop to pursue a goal, deciding which actions (tool calls) to take based on observations until a stopping condition is met.\n- **Agentic system:** a software system whose behavior is driven by one or more agents, including all the surrounding scaffolding required to make them reliable.\n- **Harness:** the engineered scaffolding around a model — memory, tools, planning, orchestration, observability, evaluation, governance, and security — that turns a raw model into a reliable agentic system.\n- **Harness Engineering:** the discipline responsible for building reliable agentic systems for enterprise environments by designing and operating the harness.\n- **Model / LLM:** the underlying large language model that performs reasoning and generation; in the harness it is treated as a powerful but non-deterministic, manipulable component.\n- **Autonomy gradient:** the spectrum of control modes from fully autonomous to human-in-the-loop, assigned per action class by policy.\n- **Blast radius:** the maximum harm an action (or a compromised agent) can cause; a core quantity to bound.\n\n### Tools and actions\n\n- **Tool:** a function or capability the agent can invoke to observe or affect the world (search, code execution, API call, database query).\n- **Tool call / function call:** a structured request from the model to invoke a tool with arguments.\n- **Effector:** a tool that produces a side effect in an external system (sends, writes, transfers).\n- **Idempotency:** the property that performing an operation multiple times has the same effect as performing it once; essential for safe retries and resumes.\n- **Side effect:** an externally visible change produced by a tool call.\n- **Allowlist:** an explicit set of permitted items (tools, egress destinations); the safe default for security-sensitive choices.\n\n### Memory and context\n\n- **Context window:** the bounded span of tokens the model can attend to in a single inference.\n- **Memory:** the harness layer that persists and retrieves information across steps and sessions (short-term, long-term, episodic, semantic).\n- **RAG (Retrieval-Augmented Generation):** supplying the model with relevant retrieved content at inference time so its output is grounded in a corpus rather than parametric memory alone.\n- **Embedding:** a vector representation of text used for semantic similarity search in retrieval.\n- **Vector store:** a database optimized for nearest-neighbor search over embeddings.\n- **Grounding:** anchoring generated claims in retrieved, citable evidence.\n- **Context engineering:** the practice of deciding precisely what information enters the context window for each step.\n\n### Planning\n\n- **Goal:** the desired end-state with explicit success criteria.\n- **Plan:** an ordered or partially-ordered set of tasks expected to achieve a goal.\n- **Decomposition:** breaking a goal into sub-tasks (see PAT-010, HRN-009).\n- **DAG (Directed Acyclic Graph):** a plan representation that captures task dependencies and exposes parallelism.\n- **Replanning:** revising a plan in response to failure, new information, or changed constraints.\n- **Termination criteria:** the budgets and conditions (steps, time, cost) that stop an agent safely.\n\n### Orchestration\n\n- **Orchestration:** the harness layer that drives execution across agents and tools (see HRN-010).\n- **Topology:** the arrangement of agents — single, pipeline, supervisor/worker, or network.\n- **Supervisor (orchestrator) agent:** an agent that plans and delegates to worker agents (see PAT-002).\n- **Worker agent:** a specialized agent that executes a delegated sub-task (see PAT-005).\n- **Routing:** selecting the next agent, tool, or branch based on state.\n- **Handoff:** transfer of control and context from one agent to another.\n- **State machine:** an explicit graph of states and governed transitions controlling execution.\n- **Durable execution:** workflow semantics where progress is checkpointed and resumable across failures.\n- **Saga:** a sequence of operations with compensating actions to undo partial work on failure.\n\n### Governance and security\n\n- **Governance:** the runtime harness layer enforcing policy, approvals, and guardrails (see HRN-008).\n- **Policy-as-code:** governance rules expressed in a declarative, versioned, testable format.\n- **PEP / PDP:** Policy Enforcement Point (intercepts actions) and Policy Decision Point (evaluates policy).\n- **Guardrail:** a runtime check on inputs or outputs that constrains agent behavior.\n- **Approval gate:** a control that suspends execution pending a human or higher-authority decision (see PAT-001).\n- **Least privilege:** granting each agent the minimum permissions required for its task.\n- **Agent identity:** a distinct, attributable, scoped, revocable principal for each agent.\n- **Prompt injection:** untrusted content that hijacks an agent's instructions or goals.\n- **Indirect prompt injection:** injection delivered via data the agent retrieves.\n- **Data exfiltration:** unauthorized egress of sensitive data through agent outputs or tool arguments.\n- **Lethal trifecta:** the dangerous combination of private-data access, untrusted-content exposure, and external communication ability.\n- **Sandbox:** an isolated, resource- and network-constrained environment for executing untrusted tools/code.\n- **DLP (Data Loss Prevention):** controls that detect and block sensitive data in outbound payloads.\n\n### Observability and evaluation\n\n- **Observability:** the harness layer that makes agent behavior inspectable via traces, logs, and metrics (see HRN-006).\n- **Trace:** the end-to-end record of a single agent run.\n- **Span:** a single timed unit of work within a trace (one tool call, one model call), the building block of distributed tracing.\n- **Evaluation (eval):** the systematic measurement of agent quality, safety, and reliability (see HRN-007).\n- **LLM-as-judge:** using a model to score another model's outputs against a rubric.\n- **Groundedness:** the degree to which generated claims are supported by provided evidence.\n- **Regression suite:** a fixed set of evaluation cases run on every change to catch quality regressions.\n- **Eval-driven development:** building and changing agents against a measurable evaluation harness.\n\n### Protocols and standards\n\n- **MCP (Model Context Protocol):** an open protocol for connecting models/agents to tools and data sources through a standardized interface.\n- **Tool schema:** the typed declaration of a tool's name, arguments, and description that the model uses to call it.\n- **llms.txt:** a proposed convention for a site-level Markdown file that surfaces a curated, agent-friendly index of content.\n- **JSON-LD:** structured data format used to make documents machine-readable in the discovery layer.\n- **NIST AI RMF / ISO 42001 / EU AI Act:** the principal AI risk, management-system, and regulatory frameworks an enterprise harness must satisfy (see HRN-014, GOV-001).\n\n## FAQs\n\n**Q: Where do I cite a definition from?**\nA: Cite the term by name plus `HRN-013`. Where a term has a dedicated chapter, prefer citing that chapter for depth.\n\n**Q: A term I need is missing — what do I do?**\nA: Add it here in the appropriate group with a crisp one-sentence definition, and link the dedicated chapter if one exists."
}