Glossary
Short definitions for terms that appear across PlanVault documentation, security review, and enterprise evaluation. Each definition explains what the term means in the PlanVault context and points to deeper pages when you need the API contract or architecture detail.
How to read this glossary
Core concepts
The baseline concepts that explain what PlanVault is solving and where the boundary sits between AI reasoning and real execution.
Governed AI execution
An approach where AI can propose or start actions, but real API calls pass through policy, permissions, runtime approval gates, hard-deny constraints, audit, idempotency, and controlled recovery.
Read more: ArchitectureAI execution boundary
The boundary between what a model proposes and what actually runs in your systems. PlanVault holds this boundary through plan validation, tool policy, secrets handling, and event history.
Read more: ArchitectureTool boundary
The contract around tools AI may call: schema, permissions, secrets, approval rules, outbound policy, and audit. It limits side effects even when the model proposes a broader plan.
Read more: API & dataPlan
A structured set of steps that a model or planner proposes to execute. In PlanVault, the plan is validated and run by the runtime rather than trusted as arbitrary model text.
Read more: Sessions & tool routingTool
A tool is an invocable capability the planner can add to a plan: an HTTP endpoint, MCP tool, native function, or webhook. In PlanVault, a tool has schema, policy, integration context, and audit footprint.
Read more: API & dataTool catalog
The catalogue of tools available to an organisation and project. It is the source of truth for schemas, aliases, integrations, and routing signals used to build the planner shortlist.
Read more: Sessions & tool routingScenario
A saved or automatically generated pattern that helps select relevant tools for similar requests. Scenarios are merged with retrieval and usage signals before planning.
Read more: Sessions & tool routingSemantic routing
Selecting relevant tools through semantic similarity, scenarios, and usage signals so the model sees a shortlist instead of the full catalogue. This reduces noise, token cost, and wrong-tool risk.
Read more: Sessions & tool routingRuntime, sessions, and planning
Concepts for the session lifecycle, execution progress, planner modes, and controlled pauses.
Runtime
The server-side layer that accepts a session, selects tools, executes a plan, publishes events, and stores state. In PlanVault, runtime is not a prompt template; it is the controlled execution layer.
Read more: Sessions & tool routingSession
The context for one AI run or conversation: history, project binding, state machine, events, selected tools, and related runtime actions. A session is the main unit for audit and replay.
Read more: Sessions & tool routingFSM
A finite-state machine that models a session as controlled states and transitions. It helps recover execution, handle pauses, and avoid hidden state living only in the prompt.
Read more: Sessions & tool routingReplay
The ability to inspect or reproduce an execution path from saved events and state. Replay supports debugging, audit review, and safer recovery after failure.
Read more: ArchitectureIdempotency
The property that retrying a request does not create a duplicate action. In PlanVault this matters for retries, callbacks, webhooks, and API calls where network failures can cause repeated delivery.
Read more: API & dataSSE
Server-Sent Events, an HTTP event stream from the runtime to the client. In PlanVault, SSE shows plan progress, tool events, pauses, errors, and final results without constant polling.
Read more: API & dataStructured JSON
A mode where the planner returns a plan as JSON that matches the expected schema. It is the recommended path for models that reliably support strict JSON Schema.
Read more: Sessions & tool routingPython DSL
A Python-like DSL for describing an execution plan, useful when strict structured JSON is unavailable or unreliable for a model. It is not arbitrary Python execution inside customer infrastructure.
Read more: Sessions & tool routingHITL
Human-in-the-loop means a person must approve, complete, or reject a step. In PlanVault, HITL is used for plan approval, slot filling, and runtime tool approval when live call parameters make automatic execution too risky.
Read more: Sessions & tool routingSlots
Fields the runtime asks a user or operator to fill before continuing. Slots are used when the plan lacks structured data needed for safe execution.
Read more: Sessions & tool routingIntegrations and API surface
Terms for teams connecting REST APIs, MCP servers, webhooks, keys, and model backends to PlanVault.
MCP
Model Context Protocol - a way to connect external tools and context to AI systems. In PlanVault, MCP servers can become governed tools under the same audit, RBAC, and secret-boundary controls.
Read more: API & dataOpenAPI import
Importing an OpenAPI 3.x specification to turn REST endpoints into typed tool definitions. This lets teams connect existing APIs without writing a custom SDK wrapper for every operation.
Read more: API & dataRuntime API key
A project-level secret for protected Runtime API routes. Plaintext is shown only at creation or rotation; the server stores a hash/preview and checks that the key belongs to the target projectId and has matching scopes.
Read more: API & dataAdmin API
The administrative API for organisations, projects, tool catalogues, integrations, members, audit logs, and data operations. Unlike the Runtime API, it usually requires a user/session JWT with organisation permissions.
Read more: API & dataInbound webhook
A public trigger endpoint that lets an external system start a session or send an event into PlanVault. It should be protected with HMAC or another configured authentication type.
Read more: API & dataLifecycle webhook
An outbound webhook PlanVault sends after session lifecycle changes: completion, failure, human-action pauses, interruption, or recovery-required states. It is a push signal for your backend or workflow systems.
Read more: API & dataOutbound URL policy
A policy that validates URLs before outbound HTTP calls, webhook delivery, or OpenAPI spec retrieval. Its job is to reduce SSRF risk and prevent unintended access to internal networks.
Read more: API & dataLiteLLM
A compatible proxy layer for connecting different LLM providers and local models. In PlanVault it is useful for deployment scenarios where teams want to control the model backend or run local models.
Read more: Stack & deploymentSecurity and control plane
Terms used in security architecture review, threat modeling, secret handling, and operational audit.
Audit trail
An ordered record of events, decisions, and state transitions that helps reviewers understand what happened during an AI run. It is more than chat text; it is operational evidence around execution.
Read more: Security & complianceApproval gate
A point where execution waits for explicit human or policy approval before continuing. In PlanVault, approval gates apply to plans and concrete tool calls after runtime parameter evaluation; hard-deny policies can block an action without approval.
Read more: Sessions & tool routingRBAC
Role-based access control limits who can manage organisations, projects, integrations, keys, audit logs, and data operations. RBAC works together with tenant isolation; it does not replace it.
Read more: Security & complianceEnvelope encryption
A pattern where data is encrypted with data keys, and those keys are protected by a separate master or key-management layer. In PlanVault this reduces risk when storing secrets and sensitive values.
Read more: Security & complianceDEK
A Data Encryption Key used to encrypt sensitive values at the application layer. DEK rotation must be controlled so new writes use the current version while older values can still be read and re-encrypted.
Read more: Security & complianceSecret boundary
The rule that secrets should not appear in prompts or logs as plaintext. PlanVault uses scoped references and late binding so the runtime injects secrets only during controlled tool calls.
Read more: Security & complianceSBOM
A Software Bill of Materials lists software components and dependencies. For enterprise review, SBOM publication helps teams assess supply-chain risk and known vulnerabilities.
Read more: Security & compliancePenetration-test readiness
Penetration-test readiness means architecture, configuration, SBOMs, network boundaries, and security controls can be provided for review. It is not the same as holding a published certification.
Read more: Security & complianceCompliance, privacy, and procurement
Terms that most often come up during procurement, legal review, privacy review, and vendor risk assessment.
Customer-controlled deployment
A deployment model where the customer controls the environment, network perimeter, access policies, and integrations. For PlanVault, this includes self-hosted and VPC-ready deployments that fit existing infrastructure.
Read more: Stack & deploymentSubprocessor
A third-party provider that may process personal data within the service or customer deployment. For enterprise review, these providers should be transparent and connected to privacy and security materials.
Read more: SubprocessorsData retention
Rules for how long sessions, logs, events, secrets, and operational data are kept. In PlanVault, retention should be an explicit part of deployment and security review, not hidden runtime behaviour.
Read more: Security & complianceGDPR export/delete
Mechanisms for exporting or deleting data for a data subject or organisation in privacy workflows. In PlanVault, use stable external identifiers or filters that match your data model.
Read more: Security & complianceSOC 2
An audit framework for controls around security, availability, confidentiality, processing integrity, and privacy. PlanVault is designed for security review and penetration-test readiness, but does not yet hold or publish SOC 2 certification.
Read more: Security & complianceISO 27001
An international standard for an information security management system. PlanVault is designed for security review and penetration-test readiness, but does not yet hold or publish ISO 27001 certification.
Read more: Security & compliance