Glossary

An AI system that acts on behalf of a human across the internet. It receives a task, executes it autonomously, and returns the result.

The internet restructured around agents as primary participants. Instead of humans browsing websites, agents interact with services programmatically on behalf of humans.

The infrastructure layer between an agent and the internet. It manages browser state, handles authentication, enforces supervision, routes requests, and settles payments.

Any website or service that an agent interacts with. Some are optimized for agents; most currently aren’t.

A specific action a provider can perform: "search flights," "send email," "check account balance." Capabilities are the atomic units of what providers offer.

A machine-readable file a provider publishes to declare its capabilities, pricing, and payment address. The equivalent of a menu for agents.

What the user actually wants accomplished. The runtime matches intents to provider capabilities.

The economic model where providers are paid for successful task completion, not for capturing attention. Replaces advertising as the primary value exchange.

The payment a provider receives for successfully completing an agent’s request. Flows from the user (via the runtime) to the provider.

The process of tracking, attributing, and transferring value between parties after a task is completed.

Cost Per Action. Pricing model where payment is tied to successful outcomes, not impressions or clicks.

The infrastructure cost of running an agent: LLM inference, browser orchestration, network requests. Separate from the bounty paid to the provider.

Human oversight of agent actions. Not binary (on/off) but graduated — some actions proceed automatically, others require review or explicit approval.

The act of a human authorizing an agent to act on their behalf, within defined constraints.

A cryptographic proof from the runtime that an agent is authorized to act for a specific user, with specific permissions, until a specific time.

A complete, immutable log of every action an agent takes. Cannot be altered after the fact.

A public list of trusted runtimes, similar to how browsers maintain a list of trusted Certificate Authorities for HTTPS.

The principle that agents never hold the user’s passwords or tokens directly. The runtime manages credentials; the agent only receives scoped attestations.

Proof of where an agent’s authorization comes from. Not "I have this user’s password" but "a verified runtime is vouching for my authorization."

The specific actions an attestation authorizes. "Read email" is a scope. "Send email" is a different scope.

A privacy technique where each service sees a different identifier for the same user, preventing cross-service tracking.

A programmable balance that agents draw from to pay for services, with user-defined spending limits.

The constraints a user sets on agent spending: maximum per transaction, maximum per day, approved categories.

The payment infrastructure for agent-to-provider transactions. Uses stablecoins on low-fee networks for near-zero transaction costs.

A cryptocurrency designed to maintain a stable value (e.g., 1 USDC = $1). Used for settlement because it combines programmability with price stability.

Agent Engine Optimization. The practice of making a service discoverable and preferred by agents. Replaces SEO.

The runtime’s decision about which provider to use for a given task. Based on capability match, quality signals, and price — not advertising spend.

Metrics that determine provider routing: success rate, response time, consistency, completion quality.

The gradual, often invisible drift toward fully unsupervised agent action. Each individual decision to relax oversight seems reasonable, but the cumulative effect is consequential.

The scope of damage when an agent error occurs. Unlike human errors, agent errors can be systematic — affecting every user simultaneously.

Deliberately routing some traffic to non-dominant providers to prevent monopoly and discover better alternatives.

Categories of action that always require human approval regardless of the agent’s track record: large financial transactions, communications sent as the user, legal commitments.

The principle that infrastructure design decisions determine how power distributes, often more durably than laws or policies.

A capability that enables all other capabilities. Payment, identity, and communication are the three meta-capabilities.

The ability of systems built by different providers to work together through shared open standards.

Any provider can publish an agent.json and be discovered by agents, without needing approval from a gatekeeper.

Governance that remains structurally sound as agent intelligence scales. Because the architecture constrains the interface between agents and the world — not the agents themselves — trust, accountability, and human authority hold whether an agent is narrow or general-purpose.