Reference · Glossary
Glossary.
Definitions for the language Ellul uses: agent workstation, sovereign shield, passkey approval, parallel agents, MCP, vibe coding. Citation-friendly entries with synonyms and cross-links.
agent-workstation
Agent workstation
A persistent, isolated computer that exists for an AI coding agent to live on. Always on, with its own filesystem, processes, and network. Privileged actions are gated at the boundary so the agent must request human approval before touching real credentials. The agent runs there instead of on a developer's laptop.
Also called: agent computer, persistent agent environment, agent VM, remote agent workstation
agentic-workflow
Agentic workflow
A development pattern where an AI agent drives a multi-step task end-to-end (planning, file edits, terminal commands, test runs, and revisions) with the human approving privileged actions and steering high-level direction. Distinct from one-shot prompts: agentic workflows run for minutes to days and produce diffs, PRs, or deployed changes rather than chat replies.
Also called: agent loop, agent-driven workflow, autonomous agent task, agent task loop
always-on-agent
Always-on agent
An AI coding agent that runs continuously rather than starting and stopping with a developer's session. Always-on agents handle background work (overnight refactors, long test runs, multi-step migrations, dependency upgrades) and notify the human only when an action requires approval. They live on a server, not a laptop.
Also called: always-on AI agent, persistent agent, background agent, ambient agent, 24/7 agent
ironclad-tier
Ironclad tier
Ellul's hardened security tier. Each agent runs inside an isolated VPS image with LUKS2-encrypted persistent storage, a locked-down init chain that disables `su` after provisioning, kernel-level ptrace restrictions, and seccomp/AppArmor profiles around every adapter. The agent has no path to its own credential broker, the host network, or other tenants' data.
Also called: Ellul Ironclad, ironclad mode, hardened tier, full ironclad, partial ironclad
long-running-agent
Long-running agent
An AI coding agent that operates for hours or days without continuous human supervision. Long-running agents survive lid closes, network changes, and laptop reboots because they live on a persistent server. They check in for approval on privileged actions and continue otherwise. The human reviews progress at their own cadence rather than babysitting every step.
Also called: always-on agent, overnight agent, unattended agent, background agent
mcp
MCP (Model Context Protocol)
An open protocol introduced by Anthropic in late 2024 that lets AI agents connect to external tools, data sources, and APIs through a standardized interface. MCP servers expose capabilities (file access, database queries, search, custom APIs); MCP clients (agents) call them. The protocol decouples agent code from tool integrations, so any MCP-compatible agent can use any MCP server.
Also called: Model Context Protocol, MCP protocol, MCP server, MCP client
parallel-agents
Parallel agents
Multiple AI coding agents working at the same time, each in its own isolated workstation, with read-only peering between them. One agent codes, another reviews, a third documents: all running simultaneously, none stepping on the others' state. Coordination is read-only by default; write operations stay scoped to a single agent per resource.
Also called: multi-agent, concurrent agents, agent fleet, multi-agent orchestration
passkey-approval
Passkey approval
A FIDO2 / WebAuthn confirmation that gates privileged actions. When an AI agent on Ellul attempts a sensitive operation (git push, deploy, database write, secret read), execution pauses and the action queues for approval. The user receives a notification, taps Touch ID, Face ID, or a hardware key, and the action proceeds only on approval.
Also called: passkey gate, passkey confirmation, FIDO2 approval, WebAuthn approval, passkey-gated action
sovereign-shield
Sovereign Shield
Ellul's authentication and credential-brokering layer. Runs in a separate process from the agent, holds session keys and OAuth tokens, and enforces passkey approval for privileged actions. The agent never sees credentials directly. It asks the shield to broker the action, and the shield pauses until a human taps a passkey to approve.
Also called: credential broker, shield process, auth boundary, Ellul shield
vibe-coding
Vibe coding
A development style where a human describes intent in natural language and an AI agent implements, tests, and iterates without the human writing code line-by-line. Coined by Andrej Karpathy in early 2025. The human reviews diffs, runs the result, and steers the next iteration: closer to direction than authorship. Useful for prototypes; risky for production without gating.
Also called: AI-driven development, intent-driven coding, natural-language coding, LLM-driven coding