Glossary, Fuze Docs

Annex III, The list of high-risk AI use cases in the EU AI Act. Domains include: biometrics, critical infrastructure, education, employment, essential services, law enforcement, migration, administration of justice. Encoded as the annexIIIDomain field on defineAgent. Non-'none' triggers AI Act Art. 14 oversight, Art. 26 deployer obligations, and Annex IV technical-file generation.

Art. 6 (GDPR), Lawfulness of processing. Six bases: consent, contract, legal obligation, vital interests, public task, legitimate interests. Encoded as lawfulBasis on defineAgent. Checked against each tool's retention at run start.

Art. 9 (GDPR), Special-category data. Health, biometric for identification, genetic, racial/ethnic origin, political opinions, religious beliefs, trade-union membership, sex life, sexual orientation. Encoded as art9Basis on tools defined with defineTool.specialCategory.

Art. 14 (AI Act), Human oversight requirement for high-risk systems. Implemented by the HITL primitive: a tool returns Suspend(...), the loop persists state, an overseer approves/denies, the loop resumes. The human.oversight.decision span is the audit-grade record.

Art. 22 (GDPR), Solely automated decision-making with legal or similarly significant effects. Encoded as producesArt22Decision: boolean on defineAgent. Setting it true requires HITL.

Art. 26 (AI Act), Deployer obligations: maintain logs, document use, monitor for serious incidents. The evidence bundle export satisfies the logs/traceability requirement.

Bundle hash, SHA-256 of the compiled Cerbos policy bundle (bundle.wasm). Included in the evidence export so the auditor can confirm the policy in force at run time.

Ctx, Per-run request context passed to every tool. Carries tenant, principal, subjectRef, secrets (opaque SecretRef), invoke, the restricted model handle (for guardrails), the run id.

Discriminated union (FuzeTool), TypeScript pattern: a union of variants tagged by dataClassification. Each variant has a different required-field set. The compiler statically refuses constructions missing required fields.

Egress domains, 'none' (no network), 'eu', 'eea', allowlist of hostnames, or 'any'. Field on ThreatBoundary. Combined with model residency to enforce Art. 6/9 cross-border rules.

Evidence record, One element in the hash-chained log. Shape: { sequence, prevHash, payload, hash }. Payload contains the span name, attributes, run id, and timestamp.

Fail-stop, Behavior where a specific failure halts the run rather than continuing. Cerbos engine error is fail-stop. Hash-chain validation on resume is fail-stop. Lawful-basis mismatch at run start is fail-stop.

Fingerprint, SHA-256 of an MCP server's identity material (binary, manifest, signing key). Used by the MCP host's admission policy to allowlist connections.

Hash chain, Forward-linked hash stream over the evidence records. Each record's prevHash is the hash of the canonical serialization of the prior record.

HITL, Human-in-the-loop. The Art. 14 primitive. Suspend(...), resumeAgent(...), evaluateApproval.

Lawful basis, See Art. 6.

MCP, Model Context Protocol. The Anthropic-led standard for tool-server interfaces. @fuze-ai/agent-mcp is the host; @fuze-ai/agent-mcp-server exposes Fuze tools as a server.

RFC 8785, JSON Canonicalization Scheme. Deterministic JSON serialization. Required for the hash chain so byte-for-byte equality is preserved across implementations.

Run-root, The final hash in the chain for a run. Equal to result.evidenceHashChainHead. Signed by the Signer and anchored to the transparency log.

Sovereign tier, Customer-operated deployment with no Fuze-hosted control plane. See the sovereign guide.

Special category, See Art. 9.

Subject reference, Stable identifier for the natural person whose data is being processed. Field subjectRef: string on Ctx. Required for non-public classifications. Indexed in the evidence backend so Art. 15/17 queries can find every span by subject.

Suspend store, @fuze-ai/agent-suspend-store. SQLite locally; Postgres in Sovereign. Holds run state across human-oversight pauses.

Threat boundary, Per-tool declaration of capability surface: trustedCallers, observesSecrets, egressDomains, readsFilesystem, writesFilesystem. Drives both the policy engine input and the runtime sandbox configuration.

Transparency anchor, The inclusion proof issued by the transparency log when a run-root is published. Lets an auditor verify the run-root was committed to a write-once log before any decision was acted upon.