Selah

Reference

Glossary

Every term that carries a specific meaning in Selah, defined once.

TermDefinition
AOP, Agent Operating ProcedureThe unit of governance. A structured, versioned, machine-enforceable statement of what an agent may do and say, and what happens otherwise. Authored as action policies across five layers, the response rules in the output configuration, and the packs you enable.
AOP RuntimeThe deterministic engine component that resolves and enforces AOPs on the hot path, returning permit, hold, or deny in well under ten milliseconds.
Shadow AOP LedgerThe record built in shadow mode of what your AOPs would have decided, without enforcing. Realized as the shadow-flagged decision records plus review items. Your proof and your raw material for authoring AOPs.
Shadow modeA per-tenant mode where decisions are computed and recorded but nothing is blocked, so you can calibrate before enforcing.
EnforcementWhen Selah moves from recording to acting: a deny stops something for real and a hold waits for a person.
The five layersThe precedence order for AOP resolution: compliance, jurisdiction, agent type, base, campaign, highest to lowest.
PackA versioned bundle of AOPs for an industry or jurisdiction that you enable. Compliance and jurisdiction packs are the first form of the AOP library.
Compliance LibraryThe universal baseline of AOPs plus the packs. The mechanism for reusing governance across tenants.
The three momentsInput, action, and response, the three points at which the engine governs, with endpoints gate/check, evaluate, and validate/output.
Permit, hold, denyThe three verdicts. Returned as allow, escalate, block for the input and response checks, which map to permit, hold, deny.
Inversion of controlThe model where the agent proposes, the engine decides, and connectors execute, so the agent never holds credentials or acts on its own.
ConnectorThe Selah-side component that executes a permitted action against an external system, only against a valid permit, with encrypted write-only credentials.
Fail-closed, fail-openFail-closed denies when it cannot decide, used on the action path and the hard response rules. Fail-open allows and records, used on the input check and the response model layer.
Tenant typeenterprise, platform, or private, which changes how escalations are handled, not the decision logic.
Sub-tenantFor a platform tenant, one of your customers, set up under your parent account with its own AOPs.
Nested tenancyThe model where one parent tenant holds many sub-tenants, each governed independently.
ActionEnvelopeThe structured action an agent proposes to the action check: agent, action, parameters, context.
Decision identifierThe reference returned with a permit, required by a connector to execute the permitted action.
Audit chainThe append-only, hash-chained decision record. Tamper-evident. Personal data is kept out of it by architecture.
ScopeWhat an API key may reach: evaluate for the data plane, manage for tenant configuration, admin for the administrative surface.