Reference

Glossary

Plain-English explanations for the technical terms used on this dashboard. Auto-extracted from the build documentation; updated Apr 26, 2026, 11:48 AM.

194 terms type to filter

194 terms

Acronyms & abbreviations

APT: Advanced Package Tool. The package manager for Debian Linux systems used to install and update software.
AW: Anthropy Works. The system being built to manage and orchestrate OpenClaw instances across multiple organizations.
BS0: Build Sequence 0. The first approved work package that establishes fresh provisioning of a single OpenClaw Instance for testing purposes.
BS1: Build Sequence 1. The second planned work package that adds a stable control path and Fleet Watchdog status monitoring on top of the BS0 foundation.
BS2: Build Sequence 2. A future work package for operator-driven onboarding workflows and credential collection, currently in draft status.
DPA: Data Processing Agreement. Required legal document detailing how AW processes personal data on behalf of Orgs.
EdDSA: Edwards-curve Digital Signature Algorithm. An alternative asymmetric signing method approved for AW tokens.
FedRAMP: Federal Risk and Authorization Management Program. Out of scope for AW v1.
GDPR: General Data Protection Regulation. AW includes design hooks for European privacy law compliance.
GHCR: GitHub Container Registry. The container image storage service hosted by GitHub.
GPG: GNU Privacy Guard. A tool used to verify the authenticity of software packages by checking cryptographic signatures.
HIPAA: Health Insurance Portability and Accountability Act. AW includes design hooks to support HIPAA compliance but does not target full certification in v1.
HS256: HMAC SHA-256. A cryptographic algorithm used to sign tokens. HS256 is rejected in favor of asymmetric algorithms to prevent shared secrets across the platform.
MFA: Multi-factor authentication. Required for MSP Admin and MSP Engineer roles; available as an option for all other users.
MSP: Managed Service Provider. The operator role responsible for running the Anthropy Works platform and managing multiple customer organizations.
OWASP: Open Web Application Security Project. Framework for general application security posture. AW includes AI-specific threat modeling in addition to OWASP coverage.
PCI-DSS: Payment Card Industry Data Security Standard. Out of scope for AW; handled by Stripe for card processing.
Q1-Q7: Architectural questions 1 through 7, which have been locked and decided, covering the core principles and decisions for Anthropy Works.
RLS: Row-Level Security. A database or application feature that restricts data access based on the user or organization context, ensuring Orgs cannot read each other's data.
RPC: Remote Procedure Call. A method for one program to request an action or data from another program over a network, typically with authentication required.
RS256: RSA Signature with SHA-256. The asymmetric token signing algorithm mandated for AW (not HS256).
SBOM: Software Bill of Materials. A detailed list of all software components and dependencies included in a container image.
SOC 2 Type II: Service Organization Control framework auditing. AW targets readiness for this compliance posture (design-compliant, not yet certified).

Project concepts

Agent A: A separate Claude Code session that will implement Build Sequence items after architecture phase is complete. Inventories the Spawn repo and implements features.
apparmor: A Linux security module that enforces mandatory access controls to restrict what processes can do.
Audit Log Service: An Anthropy Works service that records and maintains immutable logs of all operations, access, and configuration changes for compliance and forensics.
Build Sequence: A phased construction plan for delivering incrementally tested slices of the AW platform with explicit approval gates.
Build Sequence 0: The first execution package for Anthropy Works, focused on fresh-provisioning a single OpenClaw Instance for a test Org and verifying it works end-to-end.
Cloudflare: Vendor locked for v1. Provides DNS and tunnel services. AW Gateway uses Cloudflare tunnels for secure outbound connectivity.
Composio: The OAuth integration broker hidden behind AW's Integration Broker abstraction. Not exposed in the user-facing UI.
containerd: A container runtime that manages the low-level operations of running and monitoring containerized applications.
Control Plane Worker: A build team member responsible for Anthropy Works data model, provisioning records, operator UI, and service boundaries.
Control Portal: A web-based user interface that displays the live state of provisioning runs, instance status, evidence links, and readiness classification.
cosign: A tool used to verify the authenticity and integrity of container images through cryptographic signatures and supply-chain attestations.
Debian: A stable Linux distribution used as the base for the AW infrastructure and fixtures.
Debian 13 (trixie): A development version of the Debian Linux operating system on which the host and container runtime are based.
Docker: A containerization platform that packages applications and their dependencies into isolated, portable runtime environments.
Doppler: Candidate vendor for secrets management in AW. Open decision between Doppler and Supabase Vault.
Feature Contract: The inventory of every feature the existing Spawn system claims. AW must achieve feature parity with this contract during rebuild.
Fleet Watchdog: A monitoring system that performs recurring status checks on provisioned instances, classifies their health state (ready, blocked, unreachable), and records audit events for state changes.
Integration Broker: An internal abstraction layer that mediates all third-party integrations (e.g., OAuth, API calls). Hides vendor implementations from the AW UI.
local-forward control path: A way of sending control commands through a secure private pipe — specifically an SSH tunnel started locally — so the traffic stays encrypted end to end and never travels in the open.
OpenClaw: A provisioning and control system that manages instances and gateways. It can run as a containerized service or native application and provides status/readiness checking via CLI or API.
OpenClaw Gateway: The WebSocket-based control interface that allows remote management and communication with an OpenClaw Instance.
Phase 1: The first research phase on OpenClaw architecture, completed and locked in ground-truth documentation. Not to be rerun unless source drift requires it.
Phase 2: The second parallel research phase that closes research gaps deferred from Phase 1. Outputs three worker briefs to be executed by subagents in parallel.
Projection Engine: An Anthropy Works service responsible for securely surfacing credentials and configuration to OpenClaw Instances without exposing plaintext secrets.
Provisioning Worker: A build team member responsible for SSH host setup, OpenClaw installation, Gateway configuration, and readiness verification.
reverse-connectivity path: A connection that's started by the remote machine reaching out to the platform, rather than the platform reaching in. The remote machine "calls home," which means firewalls and locked-down networks usually don't need to be touched.
RUN-ISOLATION-MANIFEST: A document that specifies workspace paths for an isolated build run, allowing multiple orchestrators to execute in parallel without interference.
sandbox: An optional isolation feature that restricts the container's access to host resources and capabilities.
sandbox/tool/elevated: OpenClaw's security policy model that classifies and controls agent execution permissions, tool access, and privilege escalation.
Security Worker: A build team member responsible for credentials, audit events, policy enforcement, and ensuring no shared secrets across Orgs.
Sequence 0: The foundational provisioning sequence that establishes the clean target model and registration contract before other work begins.
Sequence 3: The Spawn ingestion dry run that proves discovery, classification, and evidence generation on a controlled fixture without touching real systems.
Sequence 4: The channel onboarding parity sequence that adds controlled setup workflows for external platforms while maintaining credential security.
Sequence 5: The operations, upgrades, and disaster recovery sequence that formalizes operational readiness, upgrade policy, and incident procedures.
Spawn: The existing shared-OpenClaw system built by Jason (steipete) that AW replaces. It runs six partitioned agents on a single OpenClaw instance; AW unwinds this into six separate Orgs during migration.
Spawn ingestion: The process of importing existing legacy agents and their runtime state from an older system into Anthropy Works, scheduled as a future work package after fresh provisioning is proven.
Stable Control Path: The reliable, ongoing connection that lets the platform send commands to a remote machine and get answers back. It replaces the temporary setup the team used during early testing.
Stripe: Vendor locked for v1. Handles payment processing and card management. PCI-DSS compliance is Stripe's responsibility.
Supabase: Vendor locked for v1. Provides database and potentially vault services for AW's control plane.
Sync-From-Spawn Tool: Core AW service that migrates existing Spawn deployments into AW. One of the 12 core services.
Task Worker: Core AW service that replaces Spawn's PaperClip component. Handles asynchronous job execution. One of the 12 core services.
Telemetry Service: An Anthropy Works service that collects metrics, usage data, and health signals from Instances and the control plane.
Vault Access Service: An Anthropy Works service that manages the storage and retrieval of encrypted credentials and secrets for Orgs and Instances.
Vercel: Vendor locked for v1. Hosts the AW Control Portal admin interface at admin.anthropy.works.
Verification Worker: A build team member responsible for writing tests, running the end-to-end validation, collecting evidence, and preparing independent review.
Watchdog: A piece of software whose only job is to keep an eye on other software and raise an alarm (or restart it) when something goes wrong. Think smoke detector, not firefighter.
Watchdog Service: An Anthropy Works service that monitors fleet health, detects failures, and triggers automated or operator-assisted remediation.
Webhook Receiver: Core AW service that accepts incoming webhooks from OpenClaw Instances and third-party integrations. One of the 12 core services.
WebSocket: A two-way always-on connection between two computers over the web. Once it's open, either side can send messages instantly without re-asking — useful for live status, controls, and events.
Works Agent: An in-product AI assistant for operating the AW control plane. Tenancy-scoped and role-scoped. Distinct from OpenClaw itself.

Things & entities

Agent: OpenClaw's native automation brain concept. Runs within a Gateway Instance. One Instance typically hosts one Agent, but multiple Agents per Instance is a documented OpenClaw pattern.
appanage: The non-root Linux user account used to run the OpenClaw container and manage related operations.
audit event: A record of a significant action (login, credential access, status change, configuration apply) that is logged for security and compliance traceability.
audit logs: Complete record of who accessed what, when, and with what action in the control plane. Required for compliance and forensics.
binding: A configuration that connects an agent to a resource, service, or external system.
capability coverage matrix: A table that maps each feature or requirement to the task packet that owns it, the tests that verify it, and the evidence that proves it works.
channel: An external platform or service (like Slack, email, or a custom API) that AW can integrate with and route messages through.
cloudflared: A small Cloudflare program that runs on a remote server and opens a secure outbound tunnel back to Cloudflare. It lets the team reach the server without opening any public ports on it.
compose.override.yml: An optional Docker Compose file that merges additional configuration on top of the main docker-compose.yml file.
credential: Authentication material such as tokens, API keys, or passwords used to access external systems.
docker-compose.yml: A YAML file that specifies the services, networking, volumes, and configuration for a Docker Compose application.
DRIFT-CONTROL: A document or process that tracks unexpected changes in OpenClaw behavior or contracts found during implementation, requiring analysis before proceeding.
fixture: A test or staging environment (such as a Docker container, test database, or synthetic Org) used for development and verification without impacting real customers.
fixture host: A dedicated test machine or container used to provision and verify an OpenClaw Instance during development and testing.
Gateway: A network endpoint managed by OpenClaw that handles bidirectional RPC communication and status queries. It must be protected by authentication and not exposed directly to the public internet.
Instance: A provisioned OpenClaw service unit that belongs to an Org. It has a Gateway endpoint, readiness state, and can be monitored by the Watchdog.
jump box: An intermediate SSH host with a static public IP used to reach internal or non-public hosts. All traffic to the OpenClaw host must route through the jump box.
manifest: A listing of all artifacts in an evidence bundle, including run IDs, commit hashes, versions, known gaps, and reviewer status.
openclaw.json: OpenClaw's configuration file. Contains agents.list structure used for deterministic multi-tenant detection during ingestion.
Org: An organizational boundary for data isolation. Each Org owns its own instances, credentials, and secrets; Orgs cannot read or modify each other's data.
packet: A discrete work unit in a build sequence, representing a deliverable slice with defined inputs, tasks, and acceptance criteria.
plugin: An optional module that extends agent or system capabilities for specific integrations or behaviors.
research-output: Folder containing the three markdown files produced by Phase 2 subagents after completing their assigned research briefs.
SecretRef: A reference to a secret value (password, API key, token) that is stored in a vault or fixture provider instead of being stored directly in the application or environment variables.
session: A connection or authenticated interaction between an agent and the control plane or between a user and the system.
systemd: A Linux service manager that starts, stops, restarts, and monitors long-running services. It is used to supervise containerized OpenClaw Gateway processes on production-like Debian hosts.
task: A unit of work that an agent executes, such as a deployment, configuration change, or data collection.
task packet: A self-contained work unit (P1, P2, etc.) that owns a specific capability, defines its implementation, and specifies verification steps and acceptance criteria.
telemetry: Data collected about system behavior, performance, and state transitions (such as watchdog checks and status changes) used for monitoring and debugging.
Tenant: A subdivision or context within an Org. The exact relationship between Tenant and Org is defined in contracts that must be published after BS0.
vault: Secure storage for platform and per-Tenant secrets in Zone 2 (the control plane). Protects API keys, credentials, and sensitive configuration data.
Zone 1: Customer external systems outside Anthropy Works' control, such as a customer's own cloud infrastructure or on-premises systems.

Technical phrases

acceptance gate: A concrete requirement that must be demonstrably met (with evidence) before a build sequence can be marked complete and handed off for review.
anti-fabrication: Constraint requiring all factual claims to cite specific source files or documentation URLs. No unsourced statements about OpenClaw or AW.
approval record: Documentation of when and by whom a build sequence packet was approved for execution, including the specific approval wording.
authoritative-source decision: A documented determination of which repository and image version is officially trusted and will be used going forward.
Bootstrap: The process of initializing and preparing an environment or service to be ready for operation, typically starting from minimal infrastructure.
bootstrapping SSH: Using SSH as the initial and emergency access mechanism to a host or service, reserved for setup and recovery, not as the normal steady-state control path.
Boundary A: The first major phase of the checkpoint process, covering read-only preparation and host-side setup before the actual container is pulled and started.
Boundary B: The second major phase where the container image is pulled from the registry and the container is started using Docker Compose.
Boundary C: The third major phase where host-level systemd supervisor integration is configured and applied.
break-glass: An emergency access mechanism that bypasses normal authorization checks in case of system failure or incident.
bridge port: A port used internally by Docker Compose for communication between containers within the same network, not exposed to the host.
canary: A controlled deployment strategy where a new version is tested on a small subset before full rollout to all Instances.
cap_drop: A Docker security setting that removes specific Linux capabilities from the container to limit what it can do on the host.
cgroup: Control groups. A Linux kernel feature that limits and isolates resource usage for processes or containers.
checkpoint: A scheduled pause in execution for review, approval, or status assessment, typically occurring at milestones or after consuming a portion of the execution budget.
containerized supervisor: Using systemd or a similar service manager to automatically start, restart, and monitor a Docker container running OpenClaw, ensuring it persists through restarts.
context compaction: Reduction in document and briefing size as research progresses. Target threshold is 70% reduction before completion of brief-building phase.
cosign tree: A cosign command that queries the registry for any supply-chain artifacts (signatures, SBOMs, provenance) attached to a container image.
cosign verify: A cosign command that cryptographically validates the signature on a container image to confirm its authenticity.
Debian systemd host: A Linux server running Debian and systemd that can host Docker containers and supervise long-running OpenClaw processes.
digest: A cryptographic hash (SHA-256) that uniquely identifies a specific version of a container image. It ensures the exact image pulled matches what was inspected.
docker compose: A tool that defines and runs multi-container Docker applications using a YAML configuration file.
docker exec: A command that runs a command inside a running container without needing to restart it.
docker image inspect: A command that displays detailed metadata about a container image, including its digest, layers, and configuration.
docker pull: The command that downloads a container image from a registry onto the local machine.
Dockerized: Packaged and running as a Docker container instead of as a native process on the host operating system.
doctor: OpenClaw's diagnostic command that checks the health and readiness of an Instance, returning status and any configuration issues.
drift: Unplanned divergence from documented architecture, decisions, or approved scope. Drift must be detected, classified, and resolved before work proceeds.
evidence bundle: A collection of test results, logs, screenshots, and documented verification that proves a build sequence's deliverables meet acceptance criteria.
fixture token: A randomly generated secret string used to authenticate the OpenClaw gateway service on its first boot.
fresh provisioning: Creating and bootstrapping a new OpenClaw Instance from scratch on an SSH-reachable host, including installation, configuration, and readiness verification.
GDPR design hook: A placeholder in the architecture to ensure data residency and regional compliance can be enforced without requiring later rework.
healthcheck: An automated test built into the container that periodically verifies the service is running and responding correctly.
host-systemd supervisor: A systemd service unit configured on the host machine to monitor and restart the OpenClaw container if it fails.
image labels: Metadata key-value pairs embedded in a container image that provide information about its source, version, creation date, and other details.
independent review: A mandatory checkpoint where a separate reviewer examines evidence and makes a verdict on whether work is ready to close or requires rework.
ingestion: The process of adopting an existing OpenClaw deployment into AW management. Involves discovery, admin handshake, and incremental state synchronization.
init: true: A Docker setting that runs a lightweight init process inside the container to properly handle signals and child processes.
invariant: An architectural constraint that must always be true. Examples: one Org per Instance, absolute cross-Tenant isolation, no shared API keys across Orgs.
keyless identity: A verification method that uses OpenID Connect tokens instead of traditional key files to verify container image signatures.
locked decision: An architectural choice documented and approved that binds all future work and cannot be changed without explicit user approval.
loopback interface: The local network interface (127.0.0.1 on Linux) used only for localhost connections, ensuring the Gateway is not reachable from outside the host.
loopback port: A network port bound to the localhost address (127.0.0.1), making it accessible only from the local machine, not from external networks.
managed SSH local-forward: An explicit SSH tunnel created using `ssh -L` that forwards a local port to a remote service. The connection originates from outside the target host and is controlled by the operator.
managed ssh local-forward: An SSH tunnel (ssh -L) that the control plane opens and manages to provide secure access to a remote resource.
manifest unknown: A registry error indicating that the requested container image tag does not exist or is not recognized.
manifest-list digest: The hash of a multi-architecture container image wrapper that contains multiple platform-specific versions (e.g., linux/amd64 and linux/arm64).
multi-tenant: Supporting multiple isolated Tenants or Orgs within a single system. AW enforces hard isolation between Tenants and between Orgs.
neutral-technical register: Writing style requirement: no marketing language, no slang, no euphemism. Precision and clarity for technical and operational audiences.
no-new-privileges: A Docker security flag that prevents the container process from gaining additional privileges beyond those granted at startup.
non-blocking finding: A reviewer comment or requirement that must be addressed in a later build sequence but does not prevent the current sequence from closing.
Observe → Managed → Authoritative state model: A progression where discovered systems move from read-only observation, to managed control with audit, to full authoritative ownership.
operator-facing: Features, workflows, or interfaces designed for the MSP operator team rather than customer Orgs.
orchestrator: The agent or operator role responsible for coordinating execution, enforcing constraints, assigning work, and reviewing evidence.
Org isolation: The guarantee that data and operations for one Org cannot leak to or be accessed by another Org. Verified through security tests and RLS checks.
Org-visible: User-facing features and workflows that are presented to the customer organization rather than remaining hidden in internal operations.
Phase 2 integrated: OpenClaw research and documentation that has been incorporated into the Anthropy Works architecture decision files as ground truth.
platform manifest: The hash of a container image configured for a specific architecture, such as linux/amd64 or linux/arm64.
provisioning: The process of creating a new Instance: SSH in, install prerequisites, deploy OpenClaw, configure, and register to the control plane.
ProxyCommand: An SSH configuration option that specifies a custom command to establish the connection instead of a direct TCP connection. Often used to route through intermediate hosts.
ProxyJump: An SSH option that chains multiple SSH hops together so that a connection first reaches a jump box and then proceeds to the final target, without exposing intermediate hosts.
Q8 and beyond: Open architectural questions remaining after the Phase 2 research, to be answered iteratively with user approval before implementation.
readiness probe: A health check that verifies a service is ready to accept requests. For OpenClaw, this is run via the Docker/containerized runtime, not the host-native CLI.
redaction: The process of removing or masking sensitive values (passwords, keys, tokens, customer data) from logs and evidence before sharing with reviewers.
residual risk: A known security or operational concern that remains even after mitigation steps, tracked for future attention.
residual-access policy: A decision about what SSH keys or credentials remain available after a fixture is set up, and whether they should be rotated, removed, or kept for recovery.
restart: unless-stopped: A Docker restart policy that automatically restarts a stopped container unless it was explicitly stopped by the user.
reverse connector: A network path where the internal service initiates an outbound connection to a relay or reverse proxy, rather than accepting inbound connections. This is out of scope for BS1.
rollback: The process of reverting to a previous version of software or configuration when a deployment introduces problems.
rootless: Running a service or container without requiring root or administrator privileges for improved security isolation.
seccomp: Secure computing mode. A Linux feature that restricts which system calls a process is allowed to make.
secrets audit: OpenClaw's verification command that checks whether sensitive values are stored securely without plaintext exposure.
socket.io / WebSocket: Bidirectional communication protocols. WebSocket is the steady-state protocol for OpenClaw Gateway control; Socket.io is a fallback abstraction.
SSH bootstrap: The primary secure access path for initial setup and recovery. SSH is used to install prerequisites, deploy OpenClaw, and gain entry to Instances before WebSocket control takes over.
stop condition: A list of situations (missing resources, failed tests, security issues, scope expansion) that require immediately halting work and seeking new approval before continuing.
supervisor: OpenClaw's process management layer that keeps the Gateway running continuously and handles automatic restart and health monitoring.
supervisor persistence: The ability of a service manager to automatically restart and keep a service running through restarts and failures. On Linux, systemd handles this for containerized services.
supply-chain attestations: Cryptographic records that certify the origin, build process, and integrity of a container image from the publisher.
synthetic Org: A test organization created only for the purpose of proving provisioning and isolation, with no connection to real customers or production systems.
tabletop: A simulation exercise where team members walk through a disaster scenario or incident response procedure without executing real changes.
unwind plan: A non-destructive sequence of steps showing what state can be safely managed, what requires manual action, and what is unsupported.
vault-backed provider: A system for storing and retrieving secrets that uses an external vault service (such as a custom vault provider) rather than plaintext environment variables.
version bump: An upgrade to a newer release of the software, requiring re-verification of the image's identity and signatures.
version drift: A situation where different components or instances have different software versions, potentially causing compatibility issues.
view-as-Org: A first-class capability that allows MSP staff to see and operate an Org's resources with full audit trail, without having residual access after viewing ends.
webhook: An HTTP callback that an external system sends to notify AW of events, often used for notifications or integrations.
working directory tree: A set of subdirectories (config, workspace, compose, evidence) created on the host to organize files and data for the OpenClaw deployment.
Zone 2: Control Plane custody zone. AW-owned components storing user auth, tenancy metadata, configs, secrets vault, and audit logs.
Zone 3: Instance Runtime custody zone. OpenClaw's own state on each host, including ephemeral projected credentials for Agents.

No matches.