Glossary

XEM

Xerotier Execution Manager. The execution agent role: a headless host that runs infrastructure tools dispatched by an inference model. This glossary entry is the canonical expansion; other XEM pages link here.

XIM

Xerotier Inference Microservice. The inference agent role: a GPU-resident host that pairs a model with vLLM and produces tokens.

agent

Any host enrolled against the Xerotier router. Either an XIM (inference role) or an XEM (execution role).

registration_name

Operator-chosen handle for an enrolled agent (for example xem-jumphost-01). Stable, meaningful, and unique per project.

join key

A short-lived JWT minted by the router and scoped to a specific agent role and TTL. Consumed on the agent's first boot; not reusable. Mint with xeroctl agents join-keys --create.

capability manifest

JSON document the XEM publishes at enrollment and on every lease_renewal, naming every workspace it serves and every tool it can execute.

manifest_hash

Digest of the capability manifest that the XEM recomputes on each renewal. The router uses the hash to detect drift between declared and actual capability.

manifest_version

Integer version field on the capability manifest. Bumped by the XEM when the declared tool set or workspace bindings change. Lets operators correlate manifest_hash drift with intentional capability revisions.

lease_renewal

Heartbeat frame the XEM emits by default every 10 seconds (configurable via lease_renewal_interval_ms). Carries the in-flight invocation list so the router can reconcile after an unplanned restart on either side.

conflict_pill alias: poison pill

Agent state entered when two distinct CURVE keys claim the same registration_name. Both agents have their dispatch surface revoked until an operator runs xeroctl agents recover. See ADR 0004.

config discovery

Boot-time probes the XEM runs to surface candidate workspace bindings. Each candidate must be explicitly approved with xeroctl agents candidates approve before the agent binds it.

workspace

A named operational-scope binding. Either of kind chat (knowledge only) or operational (bound to XEM agents and capable of running tool calls).

operational workspace

A workspace of kind operational, bound to one or more XEM agents. Promotion from chat to operational is supported; demotion is not.

three-model binding

Every operational workspace binds three model roles (planner plus two execution-side roles validated by WorkspaceModelBindingValidator). Unavailability of any of the three fails the workspace closed. See ADR 0002.

tool

A named unit of execution declared in the capability manifest. A XEM exposes tools; the inference model calls them.

invocation

A single tool-call lifecycle: creation, optional approval, dispatch, execution on an agent, completion.

idempotency_key

Client-supplied JSON body field on POST /v1/exec/invocations that lets the router deduplicate retries. The same key within the retention window returns the original invocation's result.

ambiguous mutation

A tool invocation whose success the router cannot confirm because the agent went offline mid-operation. Requires explicit operator resolution; see Offline Recovery.

learnings

Post-execution observations recorded on successful tool calls so future invocations can short-circuit known-good parameter sets. Stored by the router under the /v1/exec/learnings route family and read back into agentic loops at planning time.

request_subplan alias: sub-agentic

Agentic primitive that spawns a nested agentic loop with a restricted tool scope and a capped iteration count, both drawn from the sub_agentic_tool_scope and sub_agentic_max_iterations entries on the parent capability manifest.

auto-fork-branch

Router behavior that forks the chat branch before any destructive or irreversible tool call; on failure, the operator can roll back to the pre-fork branch.

approval policy

A per-workspace document declaring, for each risk level, whether approval is required and what the SLA and escalation chain look like.

approval request

A pending decision created by the router when an approval policy gates a tool invocation. Resolves to approved, rejected, timeout, or escalated. The agent treats escalated identically to rejected for the purpose of releasing the invocation slot.

risk level

Per-tool classification: read, write, destructive, or irreversible. Drives the approval policy lookup.

chat template

A JSON document scoped to platform, project, or workspace. Pins the system prompt, the allowed tool set, and the approval cadence for a given procedure.

template scope

The visibility tier of a chat template. platform templates are visible to every project; project templates are visible only within the owning project; workspace templates are visible only within the owning workspace. More specific scopes override less specific ones at resolution time.

service tier

The pricing and rate-limit class assigned to a model endpoint. Tiers govern what a given API key may dispatch and at what cost; see the models-and-tiers reference for the full table.

self_hosted

The service tier assigned to endpoints backed by operator-owned XIM agents. Routed without platform-side rate limits and billed against compute the operator already pays for.

CurveZMQ

ZeroMQ's Curve25519-based authenticated encryption layer. Every frame between router and agent is CurveZMQ-encrypted.

dispatch queue

The SQLite-backed outbound queue on the XEM agent. Persists frames until router acknowledgement so an unplanned restart does not lose in-flight work. See ADR 0003.

scope

Two distinct meanings.

1. API-key scope (inference, execution, management, research) gating route access; see Authentication.
2. Per-workspace scope narrowing what resources the workspace's tools may touch; see Workspaces.

trace_context

W3C trace-context value carried on every ZMQ frame (wire field trace_context) so distributed traces span router, agent, and vLLM boundaries. The equivalent HTTP-surface header is traceparent.