Glossary
Product & governance
Section titled “Product & governance”Agent — A configured identity that sends requests to TapPass. Has an agent_id, one or more tp_ keys, and a policy binding. Not the LLM itself; the caller.
Audit event — A single row in audit_events. Hash-chained and Ed25519-signed. Represents one decision the system made (chat call, tool call, detection, policy block, …).
Audit trail — The full, append-only sequence of audit events. Customer compliance evidence is derived from it.
Capability token — An Ed25519-signed, time-bound token that says “agent X can call tools A, B under constraints Y”. Verified offline at tool executors. Replaces long-lived tool-access keys.
Clearance — A label on a capability token (UNTRUSTED, EXTERNAL, PARTNER, INTERNAL, PRIVILEGED, SYSTEM) derived from the agent’s trust score. Gates which tools can be embedded.
Control plane — Admin APIs (agents, policies, keys, audit). Auth via SSO session.
Data plane — Governed LLM calls. Auth via tp_ API key.
Detection — A finding from a pipeline step. Has category (e.g. pii.email, injection), severity, optional offset + replacement.
Detection backend — A pluggable engine that implements scan() (Llama Guard, LLM Guard, NeMo, Azure Content Safety). Multiple can run per step; findings aggregate.
Gateway — The HTTP surface that terminates customer requests and routes them through the pipeline, then to providers. Lives at src/tappass/gateway/.
Governance flag — A per-request override (mode=observe, pii=mask, etc.) set in a header or SDK parameter. One of several named parameters in our product, all enumerated at docs.tappass.ai/governance/flags.
Observability plane — Outbound streams of audit events to customer SIEMs (Splunk, Sentinel, webhooks).
Pipeline — The ordered sequence of steps each request flows through. 49 steps at time of writing, split into pre-LLM and post-LLM phases.
Pipeline step — A single unit of logic (detect_pii, rate_limit, call_llm, …). One file per step in src/tappass/pipeline/steps/. See Pipeline step anatomy.
Policy — Rego (OPA) rules that map detections → actions. Per-customer via config/policies/rego/<customer>.rego.
Posture check — A pipeline step that verifies the agent is registered, has an active key, and hasn’t been flagged.
Provider — An LLM vendor (OpenAI, Anthropic, Google, Azure, Bedrock). Credentials live in the vault, keys never leave the server.
Proxy pattern — Our core architecture: agent → TapPass → provider. The agent never sees the provider key; TapPass does all the talking.
Tenant — A customer organisation. Top-level isolation unit. Everything in the data path scopes by tenant_id.
Trust score — 0–1000 per agent, computed from five dimensions (compliance, data safety, security, stability, efficiency) using the audit trail as input. Feeds clearance.
Vault — Server-side secret store for provider keys and per-tenant config. Backend-pluggable (Postgres default, HashiCorp/AWS/Azure/GCP planned).
Engineering
Section titled “Engineering”ADR — Architecture Decision Record. A short markdown document describing a non-trivial decision. Template in How we work.
Break-glass — Emergency override that temporarily widens an agent’s policy. Every use is logged and reviewed.
Contract test — A test that hits a live external API (OpenAI, Stripe, …) to ensure our client still works. Runs nightly, not on every PR.
Fail-open / Fail-closed — How the SDK behaves when the server is unreachable. Cached policies + buffered audit → fail-open-cached; reject the call → fail-closed. See public docs Resilience.
Feature flag — Config-driven toggle. See Feature flags.
Hash chain — Linked sequence where each event contains the hash of the previous event. Breaks if any event is altered.
Idempotency key — Header we set on provider calls so retries don’t produce duplicates. Derived from audit event ID.
Mental model — The picture of the system you carry in your head. If someone says “what’s your mental model of X?”, they mean “describe how you think it works.”
Pre/Post-LLM phase — Whether a pipeline step runs before or after the LLM call. Pre steps can block/redact the request; post steps scan the response.
Rego — The policy language OPA speaks. We use it for routing, authz, tool decisions, break-glass approval.
Runbook — A specific, step-by-step doc for handling a known scenario. Lives under Runbooks.
Snapshot test — A test that stores a reference output and compares on future runs. syrupy is our tool.
SPIFFE / SPIRE — Workload identity via short-lived mTLS certs. Replaces long-lived API keys for agent-to-agent auth.
Three-phase migration — Add → backfill → remove. Pattern for zero-downtime schema changes. See Database & migrations.
Commercial
Section titled “Commercial”ACV — Annual Contract Value.
MRR / ARR — Monthly / Annual Recurring Revenue.
OEM — A partner reselling TapPass under their own brand. See OEM overview.
QBR — Quarterly Business Review. Joint meeting with key customers on usage, roadmap, issues.
SLA — Service Level Agreement. Uptime and response-time commitments. See Support SLAs.
TAM — (1) Total Addressable Market; (2) Technical Account Manager (Enterprise-tier support role).
Trust Center — Public site (trust.tappass.ai) listing DPA, subprocessors, security posture. Customers point their procurement teams here.
Cloudflare-specific
Section titled “Cloudflare-specific”Access — Cloudflare Access. Zero-trust proxy that gates apps behind SSO. We use it on internal-docs.tappass.ai and all internal surfaces.
Pages — Cloudflare Pages. Static hosting with Git-based deploys. We use it for docs.tappass.ai, internal-docs.tappass.ai, tappass.ai, trust.tappass.ai.
Tunnel — Cloudflare Tunnel (cloudflared). Outbound-only connection from a private origin to Cloudflare’s edge. We use it for ssh.tappass.ai and some legacy demos. Being phased out where Pages can replace it.
Zero Trust — Cloudflare’s umbrella product for Access + Gateway + WARP. We mainly use Access.