These terms appear across the Proxy, Platform API, and Console docs. Where a definition could vary by component, the version below is the canonical one.
Action
A single request the proxy handles end-to-end: the agent’s call, the proxy’s policy and DLP evaluation, the upstream forward (or rejection), and the recorded outcome. Every action ends in one of five statuses.
Agent
A registered identity that calls the proxy. An agent has a name, an upstream provider configuration, an associated set of API keys, and per-agent rate limits. Every trace is anchored to an agent.
API key (agent)
A tenant-scoped credential that an agent uses to authenticate to the proxy. Distinct from an operator JWT used against the Platform API. See authentication.
Audit log
An append-only, tenant-scoped record of every operator action in the console (created an agent, edited a policy, revealed a body). Distinct from the trace stream, which records agent actions.
DLP (data-loss prevention)
The content-scanning layer that inspects requests and responses for PII, secrets, source code, and custom-defined patterns. See proxy DLP.
Detector
An individual DLP rule (built-in or custom) that produces findings. Each detector has a class (pii.email, secret.aws_access_key, etc.) and a severity mapping.
Finding
A single match produced by a detector on one request or response. Findings are attached to traces and aggregated in the console DLP page.
Operator
A human user of the console. Authenticates with an OTP-issued JWT (or via SSO). Distinct from an agent.
Policy
A rule the proxy evaluates inline to decide whether a request is ALLOWed, FLAGged, or DENYed. Policies have match conditions, an action, a priority, and a scope. See proxy policies.
Proxy
The Rust + Axum reverse proxy that sits between agents and upstream providers. The enforcement layer of RenLayer. See proxy overview.
Rate limit
A quota, requests per minute / hour / day or tokens per minute / hour / day, applied at one of three scopes: per-agent, per-user, or per-tenant. See rate limits.
Session
A logical grouping of traces from the same agent run, identified by the X-RenLayer-Session header. The unit of investigation in the console. See console sessions.
Status
The terminal outcome of an action: ALLOWED, FLAGGED, DENIED, DLP_BLOCKED, or DLP_WARNED. See action statuses.
Tenant
The top-level isolation boundary. Every other resource is owned by exactly one tenant. See multi-tenancy.
Trace
A single recorded action: tenant, agent, action type, status, latency, token counts, redacted bodies, DLP findings, policies that fired. The atomic unit of audit and observability.
Upstream
The destination the proxy forwards an allowed request to: OpenAI, Anthropic, an internal vLLM endpoint, an MCP server, or an arbitrary HTTP API.
User (end user)
The human (or system) the agent is acting on behalf of, identified by the X-RenLayer-User header. Per-user rate limits and the audit log use this identifier.