Key Terms Glossary

Quick reference for CitadelMesh concepts and terminology

Core Concepts

Agent

A software program that perceives its environment, reasons about what to do, acts to achieve goals, and learns from results. CitadelMesh has Security, Energy, and Orchestrator agents.

Multi-Agent System

Multiple specialized agents working together, each expert in their domain, coordinated by an orchestrator.

Policy

A rule that agents must follow, enforced by OPA. Example: "Cannot lock emergency exits when building is occupied."

Zero-Trust Safety

Security principle where every agent action must be validated by policies - nothing is trusted by default.

Technologies

OPA (Open Policy Agent)

Policy engine that validates every agent action. Uses Rego language for policies. Ensures agents can't perform unsafe operations.

MCP (Model Context Protocol)

Standard interface for integrating vendor systems. Allows agents to control doors, cameras, HVAC regardless of manufacturer.

SPIFFE/SPIRE

Zero-trust identity system. Gives each service a cryptographic identity (SVID). No passwords or API keys.

CloudEvents

Standard format for events. Describes what happened (type, source, data) in a consistent way.

LangGraph

State machine framework for building agents. Defines how agents transition between MONITOR → ANALYZE → DECIDE → ACT states.

NATS

Message bus for event-driven communication. Agents publish events, subscribe to events from other agents.

Architecture Terms

Edge-First

Running software at the building (edge) rather than in the cloud. Provides low latency, privacy, and works offline.

Orchestrator

The "conductor" that coordinates multiple agents. Resolves conflicts using priority hierarchy (Safety > Security > Comfort > Cost).

State Machine

A model of agent behavior showing states (MONITOR, ANALYZE, etc.) and transitions between them.

Workload Identity

Cryptographic identity for software services. Each agent has an SVID proving who they are.

Building Systems

HVAC

Heating, Ventilation, and Air Conditioning system. Controls building temperature and air quality.

BMS (Building Management System)

Software that controls building systems (HVAC, lighting, access control). Examples: Schneider EcoStruxure, Johnson Controls.

Access Control

System managing who can enter which areas. Includes badge readers, door locks, visitor management.

Demand Response (DR)

Utility program paying buildings to reduce electricity during peak times. Energy Agent can participate automatically.

Time-of-Use (TOU) Rates

Electricity pricing that varies by time of day. Peak hours cost more than off-peak.

Safety & Security

Fail-Safe Default

When something goes wrong or is uncertain, default to the safe option. Example: If policy check fails, deny the action.

Audit Trail

Complete log of all agent actions. Required for compliance, debugging, and accountability.

Policy Violation

When an agent attempts an action that breaks a policy rule. Action is denied and logged.

Threat Score

Numerical rating (0-100) of security threat severity. Calculated by Security Agent based on multiple factors.

Integration Terms

MCP Adapter

Software component that translates between MCP standard and vendor-specific APIs. Allows CitadelMesh to work with any vendor.

Tool Server

MCP service that provides tools (actions) agents can invoke. Example: "lock_door" tool from Schneider adapter.

Vendor-Neutral

Not locked into one manufacturer. Works with equipment from Schneider, Avigilon, Honeywell, Siemens, etc.

Events & Communication

CloudEvent

Standardized event format with type, source, ID, timestamp, and data payload.

Event Bus

Message broker (NATS) that routes events from publishers to subscribers.

Communication pattern where publishers send events to topics, subscribers receive events they're interested in.

Correlation ID

Unique identifier linking related events across multiple services. Enables distributed tracing.

Observability

OpenTelemetry

Standard for collecting metrics, traces, and logs from distributed systems.

Distributed Tracing

Following a request across multiple services. Shows how Security Agent → OPA → MCP Adapter flows.

Metrics

Numerical measurements over time. Example: agent response time, energy consumption, threat detection count.

Structured Logging

Log messages in JSON format with consistent fields. Makes logs searchable and analyzable.

Development

.NET Aspire

Microsoft development stack for orchestrating microservices locally. Provides dashboard, hot reload, service discovery.

Hot Reload

Updating code while services run, no restart needed. Speeds up development iteration.

Protobuf (Protocol Buffers)

Google's data serialization format. Type-safe, compact, fast. Used for all CitadelMesh events.

gRPC

Google's RPC framework using Protobuf. Efficient communication between services.

Agent Behavior

Perceive

Agent gathers information from environment (sensors, cameras, meters).

Reason

Agent analyzes information and decides what action to take.

Act

Agent executes decision (lock door, adjust HVAC, send alert).

Learn

Agent improves behavior based on past results.

State Transition

Moving from one state to another in state machine. Example: MONITOR → ANALYZE when threat detected.

Coordination

Conflict Resolution

When two agents want contradictory things, orchestrator decides which takes priority.

Priority Hierarchy

Life Safety (100) > Security (80) > Comfort (50) > Cost (30). Higher number wins conflicts.

Resource Allocation

Assigning shared resources (doors, HVAC zones) to agents that need them.

Escalation

When orchestrator can't resolve conflict automatically, it asks humans for guidance.

Performance

Latency

Time from event detection to action execution. Target: under 200ms for security responses.

Throughput

Number of events processed per second. Target: 30+ events/second.

Response Time

How long agent takes to analyze and decide. Measured in milliseconds.

Deployment

K3s

Lightweight Kubernetes for edge deployment. Runs CitadelMesh at the building.

Container

Packaged software with all dependencies. Docker/Podman format.

Service Mesh

Network infrastructure connecting microservices. Handles routing, security, observability.

Quick Reference

Term	Short Definition
Agent	Software that perceives, reasons, acts, learns
OPA	Policy engine validating agent actions
MCP	Standard vendor integration interface
SPIFFE	Zero-trust identity for services
CloudEvents	Standard event format
Edge-First	Running at building, not cloud
Orchestrator	Coordinates multiple agents
Demand Response	Utility paying to reduce power
Fail-Safe	Default to safe option when uncertain
Distributed Tracing	Following requests across services

Need deeper explanations?

Core Concepts​

Agent​

Multi-Agent System​

Policy​

Zero-Trust Safety​

Technologies​

OPA (Open Policy Agent)​

MCP (Model Context Protocol)​

SPIFFE/SPIRE​

CloudEvents​

LangGraph​

NATS​

Architecture Terms​

Edge-First​

Orchestrator​

State Machine​

Workload Identity​

Building Systems​

HVAC​

BMS (Building Management System)​

Access Control​

Demand Response (DR)​

Time-of-Use (TOU) Rates​

Safety & Security​

Fail-Safe Default​

Audit Trail​

Policy Violation​

Threat Score​

Integration Terms​

MCP Adapter​

Tool Server​

Vendor-Neutral​

Events & Communication​

CloudEvent​

Event Bus​

Pub/Sub (Publish-Subscribe)​

Correlation ID​

Observability​

OpenTelemetry​

Distributed Tracing​

Metrics​

Structured Logging​

Development​

.NET Aspire​

Hot Reload​

Protobuf (Protocol Buffers)​

gRPC​

Agent Behavior​

Perceive​

Reason​

Act​

Learn​

State Transition​

Coordination​

Conflict Resolution​

Priority Hierarchy​

Resource Allocation​

Escalation​

Performance​

Latency​

Throughput​

Response Time​

Deployment​

K3s​

Container​

Service Mesh​

Quick Reference​