This document defines terms used throughout the Kernels specification and documentation.
An entity that submits requests to the kernel. Actors are identified by string identifiers and are subject to jurisdiction policy.
A condition where a request cannot be unambiguously interpreted. Ambiguous requests are denied under fail-closed semantics.
A property of the audit ledger where entries can only be added, never modified or removed.
The process of evaluating a request against jurisdiction policy to determine whether it should be allowed or denied.
A single record in the audit ledger documenting a kernel operation.
The append-only, hash-chained log of all kernel operations.
The initialization process that transitions a kernel from BOOTING to IDLE state.
The layer that governs execution without performing execution itself. The kernel is a control plane for AI systems.
The outcome of request arbitration: ALLOW, DENY, or HALT.
A property where identical inputs always produce identical outputs. All kernel operations are deterministic.
An exportable package containing the full audit ledger with verification data.
The phase where a tool call is dispatched and its result captured.
A security posture where uncertainty results in denial rather than allowance. The kernel operates fail-closed by default.
The initial hash value (64 zeros) used as the prev_hash for the first audit entry.
An irrevocable transition to the terminal HALTED state.
A sequence of entries where each entry includes the hash of the previous entry, enabling tamper detection.
A description of what a request aims to accomplish. Part of every KernelRequest.
A property that must always hold true. The kernel defines ten core invariants.
The boundaries within which requests are permitted. Defined by JurisdictionPolicy.
A configuration specifying allowed actors, tools, and constraints.
The central component that governs AI agent execution through state machine, jurisdiction, and audit.
Configuration parameters for initializing a kernel instance.
One of the defined states in the kernel state machine.
A human with authority who defines policy and reviews audit. Operators are in the trusted zone.
See Jurisdiction Policy.
The outcome of policy evaluation, including whether the request is allowed and any violations.
The response returned by the kernel after processing a request.
The process of recomputing the hash chain to verify audit ledger integrity.
A KernelRequest submitted to the kernel for processing.
The hash of the last entry in the audit ledger, representing the current state of the chain.
The component that manages kernel state and enforces valid transitions.
A change from one kernel state to another, always producing an audit entry.
A state with no outgoing transitions. HALTED is the only terminal state.
A registered function that can be invoked through the kernel.
A specification of which tool to invoke and with what parameters.
The component that manages registered tools and dispatches invocations.
See State Transition.
The line separating trusted components (operator, kernel, tools) from untrusted components (agents, requests).
The process of checking request structure and required fields.
A kernel implementation with specific enforcement characteristics.
A deterministic clock that can be controlled for reproducible behavior.