Glossary¶
Plain-language definitions of every recurring term, in alphabetical order.
- Agent
- A long-lived process (usually the OpenTelemetry Collector) that speaks OpAMP and is managed by Ampora. Identified by mTLS fingerprint after bootstrap. See Concepts.
- ADR
- Architecture Decision Record. A short document recording why a technical decision was made, what alternatives were considered, and the trade-offs. See ADR index.
- Apply
- The act of an agent activating an assigned configuration. Reported back as
RemoteConfigStatus = APPLYING / APPLIED / FAILED. - Approval flow
- A four-eyes mechanism where one operator authors a change and a different operator approves it before it goes live. See Approval flows.
- Assigned config
- The configuration version Ampora has assigned to an agent (via group membership or direct push).
- Audit event
- An immutable record of who did what, when, against which entity, with what before/after values. See Audit log.
- Backplane
- The cross-instance coordination layer for HA deployments —
InProcess,Postgres, orRedis. See Dispatch backplane. - Batch
- A subset of agents in a rollout that receives the change together. In Batch strategy, the batch size is fixed; in Percentage and Canary strategies, batch size is computed.
- Bootstrap token
- A short-lived, single-use token authenticating an agent's first connection. Replaced by mTLS afterward.
- Canary
- A rollout strategy with percentage steps and time-based dwell between them. The default safe choice for production.
- Capability
- A flag the agent advertises to say what it can do (
AcceptsRemoteConfig,ReportsHealth, …). Ampora gates pushes on capability. - Configuration / Configuration Version
- A named container for a sequence of versions. A version is the actual YAML at a point in time, with a content hash. Published versions are immutable.
- CRL
- Certificate Revocation List. Ampora publishes one per active CA signing key.
- Dispatch
- Sending a message from Ampora to an agent (or, in HA, from one Ampora instance to another instance that owns the agent's session).
- Drift
- When an agent's
EffectiveConfigdoes not match its assigned version. - Effective config
- The YAML the agent reports it is actually running.
- Federation
- A mutual, mTLS-+-shared-secret-authenticated, read-only aggregation between two or more Ampora servers. See Federation.
- Fingerprint
- SHA-256 of an agent's mTLS leaf cert. The agent's identity from the server's perspective.
- Group
- A collection of agents targeted by a rollout. Static (explicit membership) or Dynamic (label-selector). Each agent belongs to exactly one group at a time.
- GitOps source
- A registered Git repository whose YAMLs become Ampora draft configurations. See GitOps.
- Handover
- Moving an agent from one Ampora server to another with identity continuity. See Cross-cluster handover.
- Health gate
- A rule that auto-pauses a rollout when too many agents fail to apply, disconnect, or report unhealthy.
- Identity
- A cert + agent record pair. Created at bootstrap-token issuance, bound to an agent on first connect.
- Instance UID
- An identifier the agent picks for itself. Not a trust anchor — the fingerprint is.
- Lint
- Tenant-policy-style checks on top of validation. Default rules ship, custom rules use the same DSL as policies.
- Master key
- 32-byte CSPRNG key that wraps every encryption-at-rest field. Stored in your secret manager, never in the database.
- OpAMP
- Open Agent Management Protocol — the wire protocol Ampora implements as a server.
- Pipeline
- One of
traces/metrics/logs/profilesinside a collector configuration. - Policy
- A rule the rollout engine evaluates before pushing to an agent. Built-in or custom.
- Pool (token pool)
- An issuance endpoint that mints short-lived bootstrap tokens for high-throughput onboarding.
- RBAC
- Role-Based Access Control. Three roles: Viewer / Operator / Admin.
- Rollout
- The act of pushing a configuration version to a target group with a strategy and gates.
- Single-group invariant
- An agent belongs to exactly one group at a time. A schema-level rule, not a UI convention.
- Snapshot + history
- How agent state is stored: a current snapshot for fast reads, a separate event-history table for time-travel and audit.
- Soft delete
- Setting
DeletedAtUtcrather than running a hardDELETE. Keeps audit trails consistent. - Trust bundle
- PEM chain of
Active + TrustedCA leaves; agents pull this on bootstrap.