SynOI

Glossary

Plain English. No black boxes.

Every term we use on this site, defined without the jargon. New here? Start at the top.

Gateway

The SynOI runtime your AI traffic flows through.

The single runtime every model call and tool action passes through. It is where governance, memory, caching, and Decision Receipts happen. Open-source and self-hostable: run it on your own machine and your data never leaves. Everything else on this site is a feature of, or talks to, the Gateway.

HITL: Human-in-the-Loop

A checkpoint where a person approves an AI action before it runs.

A gate that pauses a risky AI action and asks a human to approve or deny it. The surface is programmable - it doesn't have to be a phone notification. With GAP you choose how the human is asked: a phone tap, an SMS “Y/N”, a Slack button, a desktop prompt, an email magic-link, or something custom, like dim the room lights and have a speaker say “the agent wants to wire $5,000 - approve?” then wait for your spoken answer. Same approval, any channel, your rule.

GAP: Governed Action Protocol

The open rules engine that decides what an AI action may do.

The open protocol that evaluates every AI action and returns one of five outcomes: allow, deny, modify, defer, or require-approval. It's what lets a single rule - “nothing destructive after 11pm without asking me” - apply across every agent and tool at once, instead of being re-implemented per app.

Decision Receipt

A signed, tamper-proof record of every governed AI decision.

A cryptographically signed record of an AI action (who/what/when, the policy that applied, and the outcome) that anyone can verify offline, with no SynOI account. Think of it as notarized, portable proof of what your AI was permitted to do. The audit trail you hand a regulator.

SCG: Supply Chain Guard

Protection against malicious software packages.

Defense against compromised software dependencies (npm/PyPI worms, stolen-token releases, propagation attacks). It has two sides: package consumers (you install dependencies safely, with malicious versions caught before they reach you) and package publishers (see Verified Publisher).

Verified Publisher

SCG for people who publish packages.

The SCG offering for maintainers who publish packages: every release requires out-of-band human approval, so a stolen publish token alone cannot ship a release. Each release carries a signed provenance attestation and a receipt-anchored history.

OID Resolver

The DNS-like trust lookup for signed objects.

SynOI's answer to “is this signed thing still trusted right now?”: a content-addressed lookup served over HTTPS / DoH (DNS-over-HTTPS), much as DNS resolves a name to an address. It backs SCG install-time package checks (the Registry Mirror verifies each install against it) and carries the signed revocation feed, so a release later found compromised can be blocked everywhere and its users alerted.

Vault

Your encrypted, content-addressed store for memory, persona, and skills.

Where your AI memory, persona, and captured skills live: encrypted to you, content-addressed, and portable across every model. The host only ever sees ciphertext; only your key decrypts it. This is what lets your context follow you when you switch models.

OSS: Open-Source Software

Software whose source code is public and free to inspect, run, and modify.

Software you can read, run, and change yourself: no black box, no lock-in. The SynOI Gateway binary is OSS: you can self-host the entire thing for free and verify exactly what it does.

Cache & body-shrink

Gateway features that cut cost and latency.

Two efficiency features of the Gateway: a cache reuses answers to near-identical requests (no second LLM bill), and body-shrink trims redundant bytes out of a prompt before it's sent. Together they lower cost and speed up responses without changing the result.

SRAID / SRAID-Core

Self-Routing Addressable Identity Data: the L0 content-addressed provenance layer.

The canonical name for the open L0 object layer (OID + signatures + history + OID Resolver). The public open-source layer is called SRAID-Core. “SOF” (SynOI Object Fabric) was a former internal alias retired on 2026-05-22; if you see SOF in older docs it means SRAID. Customer-facing: “open, content-addressed provenance.”

OID: Object Identifier

A content hash that names an object. Same content, same OID, anywhere.

The SHA-256 of an object's canonical bytes, used as its identity. Because it's derived from content, the same object has the same OID on any machine, which is what lets memory and trust be portable and host-independent. Looked up via the OID Resolver.

Ed25519 · ML-DSA-65 · Canonical JSON

The open, standards-based signature scheme and wire format.

SynOI doesn't invent crypto. Ed25519 (RFC 8032) and ML-DSA-65 (NIST FIPS 204, post-quantum) form the hybrid signature pair on every Decision Receipt. The wire format is canonical JSON (null-dropping, keys sorted lexicographically). CBOR (RFC 8949) and COSE (RFC 8152) are reserved for a future binary profile. Standard, auditable, implementable by anyone.

Evidence Journal

The append-only, tamper-evident record of governed decisions.

The authoritative log where Decision Receipts are filed: append-only and point-in-time queryable, so you can prove what was decided and when. The thing an auditor reads.