ArmorIQ LogoArmorIQ Docs

Glossary

Definitions of every ArmorIQ-specific term — IAP, CSRG, MCP, OPA, ArmorClaw, AIQraph, intent token, and more. The single vocabulary reference for humans and AI agents.

Single source of truth for ArmorIQ-specific terminology. Every term here is also linked from the page where it's first used.

A

Agent

An AI software entity that calls tools — typically an LLM-backed program (Claude, ChatGPT, a custom agent, a framework like Google ADK / CrewAI / LangChain) invoking external functionality. In ArmorIQ, every agent is registered with an agent_id and is bound by a policy.

AIQraph

ArmorIQ's interactive topology visualization of agents, MCP servers, tools, and policies — how they connect and what's allowed to call what. See AIQraph.

API Key

The authentication credential the SDK and CLI use to talk to the ArmorIQ platform. Prefixed ak_live_ (production), ak_test_ (sandbox), or ak_claw_ (ArmorClaw standalone). See API Keys.

ArmorClaude

ArmorIQ's integration product for Claude — installation and configuration to wire Claude agents through the ArmorIQ proxy. See ArmorClaude.

ArmorClaw

ArmorIQ's standalone product for detecting installations, scanning agent vulnerabilities, and dispatching remediation policies. Uses its own ak_claw_-prefixed API keys. See ArmorClaw.

ArmorCodex

ArmorIQ's integration for code-generation agents and editors. See ArmorCodex.

ArmorCopilot

ArmorIQ's integration for GitHub Copilot–style agents. See ArmorCopilot.

ArmorHealth

ArmorIQ's health-insurance-compliance product — coverage rules, claims processing, provider networks, and PHI access controls for AI agents. See ArmorHealth.

ArmorPay

ArmorIQ's financial-compliance product for AI payment agents — amount thresholds, velocity limits, and transaction controls. See ArmorPay.

armoriq.yaml

The config-as-code manifest for an ArmorIQ-protected agent. Declares identity, MCP servers, policy, and intent settings. Has a published JSON Schema — point your editor at it for IntelliSense. See the YAML reference.

C

CSRG (Canonical Structured Reasoning Graph)

Cryptographic proof that the tool an agent actually invoked matches the tool the LLM reasoned about. Enforced by default; can be disabled per-config via intent.require_csrg: false (not recommended in production). See Intent Intelligence — How It Works.

D

Drift

The condition where an agent's runtime tool invocation diverges from its signed Intent Assurance Plan. The proxy detects drift and refuses the call. See Intent Intelligence.

I

IAP (Intent Assurance Plan)

ArmorIQ's core security primitive. The proxy intercepts every tool call between an agent and an MCP server, derives a cryptographically signed plan of what the agent intends to do, and refuses to forward any call that doesn't match the plan. See Intent Intelligence.

Intent Token

A short-lived token (default ttl_seconds: 300) issued by the proxy after a plan is accepted. The SDK passes it on every invoke() call; the proxy refuses calls without a valid, matching token. Get one via client.get_intent_token(plan).

M

MCP (Model Context Protocol)

The open JSON-RPC protocol AI agents use to call external tools (file systems, databases, APIs, etc.). ArmorIQ's proxy speaks MCP on both sides — agents talk to the proxy, the proxy talks to your MCP servers. See MCP Servers.

MCP Server

A server that exposes tools to AI agents over MCP. ArmorIQ registers each MCP server under a short id (used in policy refs like travel.book_flight).

Merkle Tree

A hash tree the CSRG uses to commit to an agent's reasoning steps; the proxy verifies a Merkle proof on every tool call.

O

OPA (Open Policy Agent)

A third-party policy engine (openpolicyagent.org) that ArmorIQ integrates for context-aware enforcement analytics. Runs alongside ArmorIQ's native policy engine. See OPA Engine.

Organization

The top-level tenancy unit in ArmorIQ. All agents, MCP servers, policies, API keys, and audit logs belong to exactly one org. See Organizations.

P

Policy

A set of allow / deny rules over <mcp_id>.<tool_name> pairs that determines which tools an agent can invoke. Deny always wins over allow. Authored either in armoriq.yaml or via Policy Studio.

Policy Studio

The form-based dashboard editor for authoring policies with a live YAML preview. See Policy Studio.

Proxy

The ArmorIQ service that sits between agents and MCP servers, enforces policy, validates intent tokens, and forwards approved calls. Hosted at https://proxy.armoriq.ai by default; self-hosting is possible by overriding proxy.url in armoriq.yaml.

Q

Quick Scan

Ad-hoc URL vulnerability scanning — paste a URL, get a security report. Useful for evaluating an MCP server before registering it. See Quick Scan.

R

Reasoning Graph

See CSRG.

S

Skill

A reusable, named capability an agent can be configured with. ArmorClaw scans skills for vulnerabilities. See ArmorClaw.

Product Preferences

Enable or disable optional ArmorIQ products in your sidebar - OPA Engine, ArmorClaw, ArmorHealth, and ArmorPay.

On this page

AAgentAIQraphAPI KeyArmorClaudeArmorClawArmorCodexArmorCopilotArmorHealthArmorPayarmoriq.yamlCCSRG (Canonical Structured Reasoning Graph)DDriftIIAP (Intent Assurance Plan)Intent TokenMMCP (Model Context Protocol)MCP ServerMerkle TreeOOPA (Open Policy Agent)OrganizationPPolicyPolicy StudioProxyQQuick ScanRReasoning GraphSSkill