KDCube Glossary

Canonical definitions of platform and agent-runtime terms. Use this when reading the docs, the API reference, or the SDK — every term here maps to something in the code. A few of them — marked coined here — are words we invented because the existing vocabulary didn't quite fit.

KDCube concepts

Technosystem Coined here: A self-contained technical environment that hosts everything one or more AI applications need to live, evolve, and serve users: agents, tools, surfaces (chat, API, MCP, dashboards, cron), runtime, storage, identity, governance, and economics. A technosystem is deployed on infrastructure you own and is where your agents live their entire lifecycle — from prototype to production, across customers and configurations. Distinct from a framework (which gives you a loop and leaves the rest to you), a platform in the SaaS sense (which hosts something for you, elsewhere), and a stack (a list of components, not an environment). We coined the word while building KDCube because the existing terms each carried baggage that misdescribed what we kept rebuilding underneath every customer. See Why KDCube and What is KDCube.
Surface: A user-visible or system-visible exposure point of a bundle: chat widget, embedded copilot, smart API, full UI, MCP endpoint, scheduled @cron job, real-time dashboard. A single bundle typically exposes several surfaces, all sharing the same backend logic, agents, tools, and storage. "Where does this AI feature live?" is answered with a surface; "what runs it?" is answered with a bundle on a runtime; "what hosts everything together?" is answered with a technosystem. We use the term throughout the docs because the existing words — endpoint (too HTTP-specific), integration (too generic), channel (overloaded) — each missed something.

Runtime & agent loop

ReAct loop: Reason, Act, Observe. The core decision cycle in which the agent generates a reasoning step, executes exactly one action (a tool call or final answer), observes the result, and iterates. The ReAct loop is what turns a language model from a text predictor into an agent. See ReAct v2.
Timeline-first architecture: Every tool call, artifact, plan update, reasoning block, and final answer is recorded as an ordered block in a single conversation timeline (conv.timeline.v1). The timeline is the single source of truth for in-turn context, history, and compaction — replacing message buses and ad-hoc state.
Bundle: A hot-loadable unit of agent definition: Python code, tools, skills, prompts, widgets, and config. Bundles are versioned, can be rolled forward or back without restarting the platform, and carry their own entrypoint. See Application SDK.
Supervisor: The trusted process that mediates every tool call from the executor. Runs outside the sandbox, receives tool invocations over a UID-verified Unix socket, resolves the callable, and executes it with full privileges and network access. Returns results to the executor.
Executor: The sandboxed subprocess where user or agent code runs. In Docker ISO mode the executor has its network namespace unshared, runs as UID 1001, and has a read-only root filesystem. It cannot reach external systems directly — only through the supervisor.
ISO runtime: The five-layer isolation model KDCube applies to Docker-mode execution: read-only FS, unshared network namespace, dropped privileges (UID 1001), supervisor-only tool mediation via Unix socket, and deployment-level resource constraints.

Data & provenance

Source pool: A per-conversation registry of canonical source rows. Each source has a stable source ID (SID) that is referenced by citations and artifacts. The pool survives across turns so retrieval and provenance stay consistent within a conversation.
SID (source ID): A stable identifier assigned to a source row in the source pool. Citation tokens in generated text resolve to SIDs; produced artifacts record sources_used as a list of SIDs. Enables reviewers to reconstruct exactly which inputs influenced any response.
Citation token: An inline marker in generated text that resolves to a SID. At render time the UI replaces the token with a numbered reference linking back to the canonical source. The citation is preserved through compaction and replay.
Artifact: A typed, durable output produced inside a turn: a file, a plan snapshot, a code block, a rendered diagram. Artifacts are indexed in the timeline and carry their own provenance (tool, inputs, sources_used).
Knowledge space: A logical namespace (ks: URI) that resolves to file, database, or graph-backed knowledge without changing the ReAct protocol. Lets bundles declare semantic knowledge pools the agent can query directly.

Economics & admission

Budget reservation: The reserve-then-commit pattern used before every tool call and model request: budget is reserved at admission, the request executes, and the reservation is committed with actual cost (or released if the request was cheaper or failed). Prevents TOCTOU overspend under concurrency.
Tenant boundary: The logical perimeter around a tenant's data, config, budgets, and audit trail. Enforced across five layers: gateway admission, runtime context, database queries, file storage paths, and Redis/queue namespaces. Cross-tenant access is blocked structurally, not by convention.
Admission chain: The pre-execution sequence every agent request passes through: session resolution, rate limit, backpressure, circuit breakers, economics reservation, atomic enqueue. Each step either admits or rejects; no request reaches an LLM or tool without clearing the chain.
Channeled streaming: The output protocol that splits a single agent response into discrete named channels (thinking, answer, followup, tool, etc.). Clients and auditors can subscribe to the channels relevant to their role; sensitive channels (thinking) can be role-filtered at the relay.

Security & governance

ToolStub: The executor-side proxy object that represents a tool. When the agent "calls" a tool, the ToolStub serializes the request over the Unix socket to the supervisor, which executes it and returns the result. The executor never sees the tool's network or filesystem access.
Decision log: The append-only record of admission outcomes: budget, rate limit, and throttling decisions with request context (tenant, user, timestamp, reason). Pairs with versioned turn snapshots for full timeline replay.
Named secret: A credential referenced by logical name in bundle config; resolved at runtime in priority order: environment variable → settings store → secrets manager. Supports the Kubernetes *_FILE pattern for file-backed secrets and rotation without restart.
Session ownership validation: When a request carries a User-Session-ID header, the gateway verifies it belongs to the authenticated user. Mismatches are rejected with 401/403 before any processing — prevents request injection across user sessions.