Shared Vocabulary
Canonical terminology used across all AGF documents.
AGF uses precise terminology throughout. When a term is used in a concept document, profile, or white paper, it carries the meaning defined here.
System Properties
| Term | Meaning |
|---|---|
| Safe | The system does not cause unintended harm |
| Secure | The system resists adversarial attack |
| Durable | The system survives failures, maintains state, and preserves governance guarantees over time |
| Auditable | The system produces evidence trails sufficient for compliance and forensic review |
| Observable | The system emits structured events that enable monitoring, detection, and response |
Architecture Terms
| Term | Meaning |
|---|---|
| Ring | A logical governance layer in the Rings Model (0=Execution, 1=Verification, 2=Governance, 3=Learning) |
| Fabric | Cross-cutting infrastructure: events, identity, provenance, structured output, error handling |
| Substrate | The agent operating environment: context, instructions, tools, workspace, memory |
| Primitive | A named pattern for governed agentic systems (#1–#19) |
| Gate | An explicit decision point where execution pauses for authorization |
| Adaptive gate | A gate that relaxes as the system proves reliability through Trust Ladders |
| Mandatory gate | A gate that never relaxes (irreversible actions, regulatory requirements) |
Signal Protocol
| Signal | Meaning |
|---|---|
| PASS | Output accepted, move to next ring |
| REVISE(quality) | Ring 1 says "not good enough, try again" |
| REVISE(context) | Ring 2 says "the world changed, re-execute" |
| HALT | Something is fundamentally wrong, stop execution |
| GATE | Pause for human authorization |
| DELEGATE | Hand off to another agent with depth tracking |
| ERROR | Something broke; retry, degrade, or halt |
Confidence Levels
Used throughout the framework to mark certainty:
| Level | Meaning |
|---|---|
| Established pattern | Proven across multiple domains. Strong evidence. |
| Informed proposal | Based on our synthesis, not yet battle-tested at scale in agentic systems. |
| Open question | We don't have great answers yet and say so. |
Deployment Modes
| Mode | Description |
|---|---|
| Wrapper | Rings literally wrap execution. Sequential. |
| Middleware/Interrupt | Rings fire at decision points (tool calls, data access). |
| Graph-Embedded | Rings run concurrently with execution. |
Positioning Terms
| Term | Meaning |
|---|---|
| Agentic Governance | AGF's category. Governance of systems with agency, autonomy, memory, tool use, and inter-agent collaboration. Narrower than AI governance. |
| Four verbs | What AGF does: Synthesizes / Unifies / Prescribes / Operationalizes. |
| OTAA invariant | Every AGF primitive must be Observable, Traceable, Auditable, Agent-operable. |
| Dual-form principle | "Machine-consumable, human-decidable." Every primitive exists in human and machine form simultaneously. |
| Tempo taxonomy | Wire-speed enforcement (<1ms) / near-realtime supervision (sec–min) / human-speed governance (hours–weeks). |
| Wire-speed | Sub-millisecond governance enforcement — deterministic policy, identity, tool allowlists, sandbox. |
| Architectural substrate | AGF's position at Layer 0 of the seven-layer stack. The shared model onto which other governance layers project. |
Harness Terms
| Term | Meaning |
|---|---|
| Harness | The governance envelope around an AI agent — declarative source plus runtime enforcement adapters. Industry formula: Agent = Model + Harness. |
| Tier 0 / 1 / 2 | Harness tiers: Provider (model vendor), Agent (per-agent, maps to AGF Security Fabric), Orchestration (cross-agent, maps to AGF Security Governance). |
| Source → Build → Runtime | Harness workflow: YAML/Markdown source → harness build → SDK adapters enforce at call time. Terraform analogy. |
| Hard / Adaptive / Behavioral constraints | Hard = machine-enforced, never relaxes. Adaptive = machine-enforced, trust-dependent. Behavioral = instruction-based, not mechanically enforced. Only hard and adaptive are citable as controls. |
Governance: Five Distinct Senses
"Governance" carries five distinct senses across AGF material. Qualifiers are required whenever any sense other than #1 is meant.
| Sense | Canonical qualified form | Example |
|---|---|---|
| 1. The framework | AGF (never "governance" alone) | "AGF synthesizes NIST, OWASP, CSA…" |
| 2. Ring 2 | the Governance ring or Ring 2 | "Ring 2 (Governance) evaluates policy before release." |
| 3. Program maturity (AGF L1–L5) | AGF program maturity | "The organization's AGF program maturity is L2 Foundation." |
| 4. Primitive #8 gates | Governance Gates (capitalized) | "Governance Gates fire when a release requires authorization." |
| 5. NIST CSF Govern function | NIST CSF Govern | "AGF's Ring 2 aligns to NIST CSF Govern at program scope." |
Bare "governance" as a noun is reserved for sense #1 or deliberate adjectival use ("governance posture"). Decision: D10.
Observability: Three Distinct Layers
"Observability" appears in three places in AGF. The three are not synonyms — they compose.
| Layer | Canonical name | Role |
|---|---|---|
| Emission | Primitive #10 — Event-Driven Observability | Fabric primitive. Every ring emits structured events through a canonical envelope. |
| Concept | Agentic Observability | Unified correlation layer. One event stream, three detection perspectives (quality, security, governance). |
| Profile | Observability Profile | Role-based implementation guide for observability engineers and SREs. |
Primitive #10 emits. Agentic Observability correlates. The Profile implements. Decision: D10.
Gate Vocabulary
AGF's gate-related vocabularies form a four-part vocabulary of distinct, scoped enums. They are NOT alternative spellings of one concept. See DECISIONS.md #8 (Gate Vocabulary Disambiguation).
| Term | Definition |
|---|---|
| Gate Boundary | Where a Gate Resolution or Domain Outcome occurs. Dual-form (DECISIONS.md #5) and GDR emission (#9) are required at every gate boundary. |
| Ring Control Signal | The Composability Interface enum: PASS / REVISE / HALT / GATE / DELEGATE / ERROR. How primitives in adjacent rings signal each other. Emits observability events (Primitive #10), not GDRs. |
| Gate Resolution | The Primitive #8 (Governance Gates) enum: APPROVE / REJECT / MODIFY / DEFER / ESCALATE. The authorizer's response when a gate fires. Also the return value of the GATE Ring Control Signal. Emits a GDR. |
| Domain Outcome | Domain-specific gate decision enums. Each domain application defines its own outcome vocabulary that maps onto Gate Resolutions. Tool Gate's Authorized / Conditionally Authorized / Denied is the first reference application. Emits a GDR. |
| Governance Decision Record (GDR) | AGF's canonical audit artifact at gate boundaries. A single record format that serializes any Gate Resolution or Domain Outcome into an auditable record. See Governance Decision Record. |
Composition Patterns
Four progressive architectures built from primitives. Canonical count: four. "Phase 1–5" language previously used on the Rings Model page is retired — use pattern names. Ring activation is a consequence of pattern selection.
| Pattern | Rings active | Adds |
|---|---|---|
| Minimum Viable Control | Ring 0 + Fabric (minimal) | #7, #14, #6, #10, #19 (minimal) |
| Validation Pipeline | + Ring 1 | #1, #2, #5, #13 |
| Governed Decision Flow | + Ring 2 | #8, #9, #16, #17 |
| Full Governed Agentic System | + Ring 3 (Learning) | all 19 |
Hardening posture (a modifier, not a fifth pattern): Adversarial Robustness (#15) + Evaluation & Assurance (#18) + Trust Ladders (#11) applied within GDF, or as a precondition for entering Full Governed. Express as posture language — "a production-hardened Governed Decision Flow applying #11/#15/#18" — never as a named step.
See Composition Patterns for full detail. Decision: D10.
Maturity Levels
AGF L1–L5 is a program-level scale. Complementary to CSA ATF's per-deployment scale (Intern → Junior → Senior → Principal).
| Level | Label | State |
|---|---|---|
| L1 | Non-existent | Agents deployed, no formal governance. Most orgs today. |
| L2 | Foundation | Inventory + classification; Ring 0 + Ring 1 operational. |
| L3 | Governed | Full R0+R1+R2; observability at correlation; Trust Ladders calibrating. |
| L4 | Adaptive | Ring 3 operational; self-improving cycles. |
| L5 | Optimized | Full framework; governance as competitive advantage. |
For the complete vocabulary — including positioning pillars, harness terms, identity & credentialing terms (DIDs, VCs, NHIs, JIT credentials, behavioral attestation), and standards abbreviations — see the canonical source.