This glossary defines Roster terms for production platform users and
integrators.
| Term | Definition |
|---|
| Roster | API-first, MCP-native platform that resolves workflow routing questions against project, participant, directory, and provider data. |
| Platform | Web dashboard for admins, project owners, and users. It is one Roster surface alongside the REST API, CLI, and MCP server. |
| Dashboard | Platform overview page for high-level project, participant, request, and activity data. |
| Project | Logical container for participants. It can map to a process, enterprise project, customer program, or domain-specific grouping. |
| Participant | Business role or workflow actor that can resolve to users, agents, groups, organization units, roles, or external emails. |
| Label | Reusable global tag for grouping and finding participants. Labels are readable by active authenticated users, are not namespaced by project or owner, and management is limited to admins and effective project owners. |
| Metadata | Structured business context attached to a participant or directory record, such as amount limits, region, department, or review type. |
| Membership | Relationship that lets a participant resolve to one or more directory records. |
| Delegation | Runtime overlay that lets one user delegate participant membership to another active user. |
| Delegator | User whose participant membership is being delegated. |
| Delegate | User who receives delegated participant membership. |
| Term | Definition |
|---|
| Identity | Roster authorization actor used for ownership, token access, audit attribution, and platform roles. |
| Roster Auth user | Human authentication record for sessions, credentials, and login accounts. |
| Team member | Human identity that can authenticate through Roster Auth. |
| AI agent | Non-human identity used for agent-owned work or audit attribution. |
| Service account | Non-human identity used by external services, automation, or workload integrations. |
| Identity provider | Admin-configured login provider such as Microsoft Entra ID, Okta, SAML, Google, or generic OAuth. |
| API key | Bearer token owned by an active identity. Effective access is limited to the key scopes, owner rights, and resource rules. |
| Admin | Platform role with global management access. |
| Project owner | Platform role that allows project creation. Existing project access still comes from project ownership rows. |
| Member | Default authenticated identity role without platform administration or project management rights by default. |
| Project ownership | Per-project management access granted through project membership with the owner role. |
| Project membership | Per-project row granting either owner management access or member read-only access. |
| Project status | Project lifecycle stored as status: draft, test, live, or archived. Normal readers can access only live projects. |
| Read access mode | Project setting stored as read_access_mode; authenticated_users allows all active authenticated identities to read and resolve a live project, while selected_members limits that access to admins and project members. |
| Term | Definition |
|---|
| Directory | Platform navigation group for external roster data integrations. |
| Provider | External source of identity, organization, HR, ERP, or directory data, such as Entra ID, Active Directory, Okta, Workday, SAP, or CSV files. |
| Connector | Roster-owned integration code and configuration that talks to a provider. |
| Provider connection | One configured provider instance in Roster, including non-secret settings and references to secret material. |
| Provider secret | Credential material for a provider connection. Provider secrets are separate from Roster API keys. |
| Directory record | Consolidated Roster representation of an external user, group, organization unit, role, or external email. |
| Source record | Provider-specific data behind a directory record, retaining provenance, canonical source fields, refresh timing, and metadata links. |
| Field mapping | Connector mapping from provider-specific fields into Roster directory record fields or metadata. |
| Primary directory | Provider connection used for source lookup when adding records to participants. |
| Secondary directory | Directory connection that enriches records after a primary result is selected. |
| Term | Definition |
|---|
| Resolver | Query path for answering who or what should handle a workflow action. |
roster.resolve | MCP tool exposed by Roster for natural-language resolution requests. |
| Resolve request | Product and audit record for one roster.resolve attempt. |
| Resolution status | Resolver outcome when technical execution succeeds: success, not_found, or out_of_scope. |
| Success | Request was in scope and matching roster data was found. |
| Not found | Request was in scope, but no users were resolved. |
| Out of scope | Prompt was not a roster resolution request. |
| MCP server | /mcp endpoint that exposes Roster tools to MCP clients. |
| MCP client | External agent or tool environment that calls the Roster MCP server. |
| REST API | /api/v1 surface for CRUD operations, external integrations, automation, and generated SDKs. |
| CLI | MCP-first command-line client. Human users authenticate through browser login; automation can authenticate with API keys. |
| Scope | Surface capability for a resolver or API request. Scopes do not elevate the credential owner’s role or project access. |
| Mode | Distinguishes live execution from test execution for resolver and agent flows. |
| Term | Definition |
|---|
| Model run | Execution record for one model invocation, including model, provider, token usage, cost, latency, and agent name. |
| Audit event | Append-only platform event recording actor, resource, credential, action, and time. |
| Log | Runtime diagnostic output. Roster writes structured JSONL journal logs. |
| Journal | Structured JSONL log file for durable platform activity and runtime diagnostics. |
| Event | Stored activity data such as resolve usage or platform audit activity. |
| Worker | Background job runtime that refreshes provider-backed directory data and materialized Roster state. |
| Job | Queued unit of worker work. |
| Sync state | Durable checkpoint for incremental provider sync streams. |
| Observability | Instrumentation surface for metrics, traces, logs, and operational health. |
- A
provider is the external system; a connector is Roster’s integration
with that system.
- An
identity provider is a login provider, separate from directory data
sources.
- An
identity is a Roster authorization actor; a Roster Auth user is a
Roster Auth-owned authentication record.
- Team members, AI agents, and service accounts are distinct identity types.
Project owner is a platform role; project ownership grants access to a
specific project.
