Glossary

The domain terms used across Provenant.

Agent
An autonomous AI program that takes real-world actions. It authenticates with a per-agent API key.
Mandate
An agent's scope of authority: allowed actions/resources, value caps, approval threshold, rate limit, hours.
Action
A single thing an agent wants to do (e.g. pay a vendor). Every action is authorized, held, or denied.
Policy
An org-wide rule layered over mandates that can allow, require approval, or deny matching actions.
Budget
A spend cap (org / agent / tag) over a time window that blocks or holds actions when exceeded.
Approval
A held action awaiting a human decision. Approving a brokered action executes it; denying blocks it.
Risk score
0–100 behavioral score from each agent’s own baseline and the fleet. High scores auto-hold actions.
Warrant
A short-lived, signed token proving Provenant authorized one specific action.
Connector
A downstream target an agent acts on through Provenant. Its credential is held server-side, never by the agent.
Gateway
The enforcing path: the agent acts through Provenant, which performs the call only after an allow.
Webhook
An HMAC-signed HTTP callback fired on events like denials, approvals, and anomalies.
Audit ledger
The append-only, hash-chained, tamper-evident record of every decision and change.