Reference · Glossary
Glossary.
Definitions for vocabulary used across the Axiom platform — operational, AI, cloud, and ReleaseOps terms.
- Agent Run
- A single end-to-end pass of the 12-step reasoning loop — observe, interpret, reason, plan, verify, execute. Each run produces findings, recommendations, and an execution plan.
- Approval Gate
- A policy enforcement point that requires explicit human approval before an execution plan item can be applied. Multi-party approval triggers for broad blast-radius changes.
- Assume-Role
- AWS's credential model where Axiom calls sts:AssumeRole in your account to receive temporary 1-hour credentials. Axiom never holds long-lived access keys.
- Audit Event
- An immutable record of every cloud mutation — actor, resource, before-state, after-state, status. Powers SOC 2 / ISO 27001 audit evidence.
- Blast Radius
- Quantitative classification of how many resources a change affects. Classifications: contained (1–5 resources), moderate (6–20), broad (20+). Approval rules cascade.
- Composite Readiness Score
- A 0–100 score per service in ReleaseOps, computed from 9 operational dimensions. Below threshold (default 75) blocks releases at the governance gate.
- Confidence Calibration
- The agent's self-assessment of how reliable its reasoning is for a given action class. Outcome of every executed action feeds back into confidence per-class, per-service.
- Connector
- An integration adapter for a specific external system (AWS, Azure, GCP, GitHub, GitLab, Jenkins, ServiceNow). Connectors are read-only by default and never store credentials.
- Drift
- Configuration that has diverged from its declared/desired state. Axiom detects drift continuously and can either alert, auto-correct (with approval), or block downstream releases until resolved.
- Execution Plan
- A phased, dependency-aware sequence of changes Axiom proposes after a scan. Each item includes Terraform, blast radius, pre-verified rollback, and approval requirements.
- External ID
- A unique secret per Axiom connection used in the AWS trust policy condition. Prevents confused-deputy attacks across tenants.
- Finding
- A discrete issue detected during a scan — categorized (cost, security, drift, performance, compliance) and severity-scored (info, low, medium, high, critical).
- Operational Memory
- Persistent 90-day history of scans, recommendations, executions, approvals, and outcomes. Powers the agent's per-service confidence calibration.
- Plan Item
- An atomic unit within an execution plan — typically one resource modification with its own approval, rollback, and verification.
- Pre-Flight Snapshot
- A state capture taken immediately before any execution begins. Used to construct the verified rollback path.
- Reasoning Trace
- The auditable per-step record of how the agent reached a recommendation — observe → interpret → reason → plan → verify — with evidence and confidence per step.
- Recommendation
- A specific suggested action attached to one or more findings. Includes rationale, risk level, monthly impact, and approval requirements.
- Recurring Analysis
- A scheduled workflow that runs at a configured cadence (hourly, daily, weekly). Produces an Agent Run each cycle.
- Rollback RTO
- Recovery Time Objective — the measured time required to restore prior state if an execution fails. Pre-verified before approval.
- Service Principal
- Azure's analog of an IAM role — Axiom's recommended Azure onboarding model.
- Service Account
- GCP's analog of an IAM role — Axiom's recommended GCP onboarding model.
- Trust Ladder
- The governance model that lets agent autonomy escalate per action class only after a configured run of successful outcomes. The agent cannot self-escalate.
Need a human?
Most flows are documented — but we'll help if anything is unclear.