Glossary
Glossary
Definitions for key terms used throughout the specification. Where a term has a precise technical meaning that differs from common usage, the technical meaning takes precedence within the spec.
Term Definitions
- agent runtime
- An execution environment that hosts one or more AI agents and mediates their access to tools, model APIs, and external resources.
- ATR engine
- An implementation that consumes ATR rules and emits matches. A conforming engine MUST satisfy the requirements in /conformance §1.
- ATR rule
- A single YAML document declaring an attack pattern, the field it inspects, its test cases, and its cross-framework mappings.
- canary
- A 24-hour observation window during which a newly generated rule runs in shadow mode before being eligible for production status.
- conformance level
- One of L1 (Engine), L2 (Publisher), or L3 (Sub-range Authority). Defined normatively in /conformance.
- crystallization
- The Threat Cloud pipeline that converts an observed attack into a candidate ATR rule and routes it through review.
- detection.conditions
- The array of field/operator/value triples in a rule body that determine whether the rule matches.
- fixture
- A YAML file under spec/conformance/ pairing a rule with its expected evaluation outcome on a fixed event.
- Implementer Report
- A self-declared public record of an organization's ATR integration, listed on /implementers.
- informative
- Content that provides context but does not define conformance requirements.
- maturity
- The promotion stage of a rule: experimental → test → stable. Promotion rules are defined in RFC-001.
- MCP exchange
- A single request/response pair between an MCP client and an MCP server. ATR rules with scan_target: mcp_exchange evaluate against this shape.
- normative
- Content that defines requirements for conformance. Engines and rules MUST follow normative sections.
- provenance
- Metadata on a rule describing who authored it, from what source (e.g., garak probe, CVE), and when.
- RFC-001
- The internal numbering of ATR's quality standard for rule promotion. See /quality-standard.
- scan_target
- A required field on every rule declaring what shape of event the rule expects: skill, mcp_exchange, agent_config, etc.
- severity
- One of {informational, low, medium, high, critical} declared on every rule.
- SKILL.md
- A Markdown manifest format used by some MCP skill ecosystems (OpenClaw, Skills.sh, ClawHub) to declare an agent skill's tools, prompts, and metadata.
- status
- A required field on every rule: draft, stable, deprecated. Rules with status: draft MUST NOT participate in production matching without explicit opt-in.
- sub-range
- A contiguous segment of the ATR-YYYY-NNNNN identifier space reserved for a specific publisher (e.g., ATR-TW-2026-NNNNN for Taiwan).
- Technical Steering Committee (TSC)
- The body that governs ATR's evolution. Currently in BDFL transition; see /charter.
- Threat Cloud
- ATR's auto-review backend for community-submitted rules. Runs the crystallization pipeline and safety gates.