Glossary

Same terms as in Introduction → Concepts, plus operator-specific terminology and cross-links to where each concept is configured or used.

Identity & access

Term	Definition	Where it appears
Identity	A unique entity (user, agent, runner, app) with a platform-wide UUID.	Operate → Identity
User	Human identity, provisioned on first OIDC login.	Operate → Identity
Agent	AI identity, configured as an Agent resource and run as a workload on demand.	Administer → Agents
Runner	Identity that hosts workloads. Cluster- or org-scoped.	Administer → Runners, Operate → Runners
App	Independently deployed service that participates in conversations as itself.	Administer → Apps, Build & extend → Apps
Organization	Multi-tenant boundary grouping users, agents, models, secrets, runners, apps.	Administer → Organizations
Cluster admin	Platform-wide administrative role.	Self-host install → First admin, Administer → Cluster administration
Organization owner	Per-organization administrative role.	Administer → Organizations
Organization member	Non-owner participant. No Console access.	Administer → Members
Agent role	Per-agent grant: `owner`, `maintainer`, `participant`.	Administer → Agent roles
API token	Long-lived credential for programmatic access. Format `agyn_<44 chars>`.	Use → API tokens
OIDC subject	The IdP-issued `sub` claim that uniquely identifies a user.	Operate → Identity

Conversation

Term	Definition	Where it appears
Conversation	Persistent exchange between participants. Lifecycle: open → resolved.	Use → Chat
Thread	The storage record behind a conversation.	Use → Chat, Operate → Architecture
Chat	The platform's user-facing communication interface.	Use → Chat
Participant	User, agent, or app in a conversation.	Use → Chat
Reminder	Agent-scheduled follow-up.	Use → Reminders, Administer → Reminders app
Conversation status	User-controlled state: `Open` or `Resolved`.	Use → Chat
Activity status	System-derived state: `Running`, `Pending`, `Finished`.	Use → Chat
Degraded thread	Unrecoverable state — read-only conversation.	Use → Chat

Agent

Term	Definition	Where it appears
Agent availability	`internal` (any org member) or `private` (role-restricted).	Administer → Agents
Runtime image	Container image the agent CLI runs in.	Administer → Agents
Init image	Container image that bootstraps `agynd` and the agent CLI.	Administer → Agents, Build & extend → Agent CLIs
Idle timeout	Duration of CLI silence after which the workload stops.	Administer → Agents
MCP server	Model Context Protocol server providing tools. Sidecar in the agent pod.	Administer → MCP servers, Build & extend → MCP servers
Tool	A capability exposed by an MCP server.	Build & extend → MCP servers
Skill	Prompt fragment placed on the agent's filesystem.	Administer → Skills
Hook	Event-driven sidecar.	Administer → Hooks
Volume	Persistent disk attached to an agent or sub-resource.	Administer → Volumes
Init script	Shell script run before the agent CLI starts.	Administer → Init scripts
Environment variable	Plain or secret-backed value injected into a container.	Administer → Environment variables

Run & observability

Term	Definition	Where it appears
Run	A single execution cycle of an agent processing unacknowledged messages.	Use → Run Timeline
Run event	A discrete step within a run (message, LLM call, tool execution, summarization).	Use → Run Timeline
Workload	A running agent pod.	Administer → Monitoring, Operate → Runners
Container	Individual container within a workload.	Administer → Monitoring
Context	Items assembled into a prompt for an LLM call.	Use → Run Timeline
Summarization	Run event compressing context to stay under token limits.	Use → Run Timeline
Trace	Recorded sequence of events for a run.	Use → Run Timeline
Span	A single unit in the trace; OTLP-style.	Operate → Architecture

Models & secrets

Term	Definition	Where it appears
LLM provider	Configured upstream model provider (OpenAI, Anthropic, etc.).	Administer → LLM providers
Model	Platform-side identifier (`gpt-4o`) mapped to a provider and remote model name.	Administer → Models
Secret	Credential value, stored locally or by reference to an external provider.	Administer → Secrets
Secret provider	External secret store the platform reads at workload start.	Administer → Secret providers
Image pull secret	Registry credentials for pulling private images.	Administer → Image pull secrets

Infrastructure

Term	Definition	Where it appears
Gateway	External API entry point speaking ConnectRPC / gRPC.	Build & extend → Gateway API, Operate → Architecture
OpenZiti	Zero-trust overlay network for agents, apps, runners, devices.	Operate → Networking
Istio	Service mesh for in-cluster mTLS and authorization.	Operate → Networking
OpenFGA	ReBAC engine backing the Authorization service.	Operate → Authorization
Device	Personal endpoint enrolled into OpenZiti.	Use → Devices
Port exposure	Reachable endpoint for a service inside an agent container. URL `http://exposed-<id>.ziti:<port>`.	Use → Port exposure
Notification	Real-time event delivered to UIs via WebSocket.	Operate → Architecture

Components & repositories

Term	Definition
agynd	Wrapper daemon running inside every agent pod. Bridges any agent CLI with the platform.
agyn CLI	Platform CLI for interactive and scripting access.
agn CLI	Agyn's native agent loop implementation.
Codex	OpenAI's agent loop, supported via `agent-init-codex`.
Claude Code	Anthropic's agent loop, supported via `agent-init-claude`.
files-mcp	Platform-provided MCP server exposing `read_file`.
Console app	Browser management UI.
Chat app	Browser chat UI.
Tracing app	Browser run-inspection UI.
k8s-runner	Default Kubernetes runner implementation.
bootstrap	Install path — `agynio/bootstrap`. k3d cluster + Terraform stacks for every platform service.
platform-charts	Centralized umbrella Helm chart at `agynio/platform-charts`. In preparation; will replace per-service deployment in bootstrap once stable.
terraform-provider-agyn	Terraform provider for the Gateway API.
agynio/api	Protobuf schemas for every service.

Introduction → Concepts — the same set, organized for first-time readers.
Service catalog — every service component.