Glossary

Action — A record of an agent performing an operation (e.g., accessing a document, calling a tool). Part of a chain of custody linked to a mandate.

Agent — An AI system registered with Truss, identified by a name and Ed25519 public key.

Allowlist — IP-based access control restricting which IPs can reach the API.

Anomaly Score — A numerical score (0–1) indicating how unusual an action is compared to an agent's behavior baseline.

API Key — A tr_-prefixed token used for programmatic authentication. SHA-256 hashed at rest.

Baseline — A profile of an agent's normal behavior (action types, sizes, peak hours) used for anomaly detection.

Chain of Custody — The ordered sequence of actions recorded against a mandate.

Cross-Boundary Delegation — A delegation spanning organizations, jurisdictions, or regulatory frameworks.

Delegation — A transfer of authority from one mandate to another, with scope narrowing.

Dual-Signing — Two organizations cryptographically signing the same evidence package for cross-org verification.

Ed25519 — The elliptic curve digital signature algorithm used by Truss for cryptographic signing.

Evidence Package — A cryptographically signed bundle of action records, generated for a mandate.

HalluCase — Truss's system for detecting and tracking AI hallucination incidents.

Jurisdiction — A legal jurisdiction (country, state, regulatory body) with associated regulations.

Mandate — A signed authorization defining what actions an agent is permitted to perform, under what constraints.

Nonce — A unique number used once per delegation hop to prevent replay attacks.

RBAC — Role-Based Access Control. Truss has 5 roles: Owner, Admin, Compliance Officer, Developer, Read-only.

RegGraph — The regulatory knowledge graph powering jurisdiction evaluation (761+ obligations, 139 jurisdictions).

Scope Narrowing — Each delegation hop restricts the previous mandate's scope further.

TAP — Trust Accountability Protocol, the open standard underlying Truss.

Verification — The process of validating mandate authenticity, evidence chain integrity, or cryptographic signatures.

PreviousAPI Key ManagementNextTroubleshooting