Glossary
Use this page when product labels, workflow names, status text, or common IT acronyms in the Pharaoh documentation need a quick definition.
Action Builder
The endpoint-scoped Start Session flow for preparing a safety-first session launch. It is also described by the page header Session Launch Wizard.
Administration
The navigation group for organization-level administrative surfaces such as billing.
Active endpoint
An endpoint with a deployed Pharaoh agent instance that has recently checked in. For billing, an endpoint becomes or remains active after a successful heartbeat; if it has no successful heartbeat for 14 days, billing can close the active interval as inactive.
Active session
A currently open endpoint, local assistant, or Remote KVM session that can still receive work, publish state, or be closed by the operator when permissions and state allow.
Agent Core
The shared agent-thread and reasoning layer behind user-facing Pharaoh workspaces. Operators usually encounter it through linked agent threads or Playbook insertion in supported composers.
Agent Thread
A user-facing thread record that stores conversation and execution history for an Agent Core workflow. Some endpoint and Remote KVM workflows link to an agent thread for transcript review.
Agent worklog
The session workspace region that shows turn-grouped conversation history, execution output, recovery banners, and composer controls for endpoint session work.
Android Remote KVM
The Android runtime path for Remote KVM work. In the current docs, Android supports Remote KVM prompt and Playbook insertion, while native Android Playbook management remains deferred.
Anthropic
The AI provider used by the documented BYO key flow. In BYO mode, your organization supplies an Anthropic API key and pays provider usage through its Anthropic account.
API key
A secret credential used to call a provider or external integration. Pharaoh docs treat API keys as secrets that must not appear in support tickets, screenshots, traces, markdown docs, or chat.
Approval gate
A policy-controlled stop point where Pharaoh cannot continue the requested work until an authorized reviewer approves that specific action. Self-healing escalations are one operator-facing approval gate.
Audit trail
The durable record of what happened during Pharaoh work: transcripts, action trails, evidence, policy snapshots, approval decisions, repair outcomes, and escalation records.
Autoheal
The self-healing mode that lets Pharaoh attempt authorized repairs automatically after Sentinel detects an issue. Autoheal remains governed by Sentinel settings, guardrails, and escalation rules.
Bearer token
A secret access token used by some external integrations. Treat bearer tokens like API keys: store them only through intended credential flows and keep them out of docs, screenshots, traces, and chat.
Billing
The organization-level product area for setup, recovery, usage mode, spend limit, invoices, payment, and endpoint charge explanations.
Billing currency
The currency selected during billing setup for subscription, endpoint, and usage records. After Stripe setup starts, currency changes require support so subscription and invoice state can stay consistent.
Billing Invoices
The billing page for invoice summaries, invoice status, and Stripe-hosted invoice detail handoff.
Billing Payment
The billing recovery route for updating payment details through Stripe-hosted flows.
Billing recovery
The workflow for resolving setup, payment, subscription, spend-limit, provider credential, or unknown billing states that block billable work.
Billing status
The backend-owned billing state for an organization. Documented statuses include setup_required, payment_action_required, subscription_blocked, spend_limit_reached, active, and billing_state_unknown_fail_closed.
Billing Setup
The route and workflow for completing the billing foundation before billable Pharaoh work can run.
Billing Usage
The billing view for usage analytics, provider-native units, spend-limit progress, and usage-mode history.
Breadcrumbs
The path shown near the top of the page. In the current shell it starts at Home and ends with the page you are viewing.
BYO Anthropic key
See BYO key.
BYO key
The billing usage mode where your organization provides its own Anthropic API key. Pharaoh charges base and endpoint fees, while provider usage is paid through your Anthropic account. The UI may also call this BYO Anthropic key.
Computer ID
An endpoint identity value reported by the endpoint and shown on endpoint detail pages. Use it with hostname, OS, and Last Seen to confirm you are looking at the intended machine.
Composer
The text-entry area where an operator prepares a prompt, follow-up, or Playbook-backed message before sending it into a session or thread.
Connect a computer
The guided endpoint enrollment flow in the Endpoints area. Operators use it to create an install code, send download instructions, and verify that a computer connected.
Control plane
Pharaoh’s central backend and web-console side of the system. It coordinates policy, identity, endpoint inventory, sessions, billing, knowledge, and reporting while endpoint agents do local work.
Current Organization
The organization attached to your active session. It appears in the user menu and determines the context for organization-scoped pages.
Diagnostics
The endpoint detail tab and local status concept for collector freshness, domain status, runtime state, and error summaries. Diagnostics help distinguish stale data, connectivity issues, and live endpoint problems.
EDR
Endpoint detection and response. EDR tools monitor endpoint security signals, detect suspicious activity, and support investigation or response. Pharaoh is designed to work alongside security tooling rather than replace it.
Endpoint
An enterprise-managed workstation, laptop, or other supported computer represented in Pharaoh inventory. Endpoint records show facts such as hostname, operating system, architecture, agent version, Last Seen, sessions, and self-healing context.
Endpoint agent
The Pharaoh software installed on an endpoint. It checks in with the control plane, reports inventory and health, supports guarded endpoint sessions, serves Endpoint Local Web, and performs local investigation or remediation only within policy.
Endpoint Charge
The prorated monthly fee for a deployed Pharaoh agent instance during the intervals when it was billable and active.
Endpoint Charges
The billing page that explains endpoint active intervals, proration, and monthly endpoint charges.
Endpoint details
The endpoint page that shows identity, operating system, architecture, agent version, Last Seen, Sentinel context, and detail tabs before an operator starts live work.
Endpoint ID
Pharaoh’s stable identifier for an endpoint record. Operators use it in URLs, self-healing lookup, escalation filters, and support handoffs.
Endpoint inventory
The Endpoints list where operators search, filter, sort, and open endpoint records before starting investigations or enrollment work.
Endpoint Local Web
The local-only browser control panel served by the endpoint agent on loopback after an explicit tray or taskbar open action. It includes enrollment recovery, Status, Logs, and Settings.
Endpoint overage
The additional monthly endpoint fee charged for active endpoints above the number included in the current package.
Endpoint Self-Healing
The endpoint-specific self-healing page at /self-healing/endpoints/<endpoint-id>. It contains Sentinel, Sessions, Knowledge, and Escalations tabs.
Endpoint session
A guarded endpoint-scoped workspace where an operator can start or continue a session, send follow-up turns, review the agent worklog, and inspect live endpoint intelligence.
Endpoint setup
The optional onboarding step for connecting a first endpoint during organization onboarding.
Endpoints
The main navigation area for endpoint inventory, endpoint details, enrollment, and live endpoint session handoff.
Enrollment
The process of connecting a computer to Pharaoh so it appears as an endpoint. The primary operator path uses Connect a computer, an install code, and endpoint-local confirmation.
Enterprise / MSP
A custom commercial package for larger fleets, annual commitments, invoicing, priority support, optional hardware bundles, procurement review, or managed service provider needs.
Escalation
A record that asks a human to make a decision before Pharaoh continues work. Escalations preserve request, endpoint, category, status, policy, timing, and decision context.
Evidence ledger
The live session area that summarizes screen, session, policy, and other evidence chips used to understand the current endpoint session state.
Fail closed
A safety posture where Pharaoh blocks work when it cannot prove eligibility, policy, billing state, or required configuration. This is intentional for sensitive or expensive actions.
Fleet
The collection of endpoints an organization or team manages through Pharaoh. Fleet views summarize broad operational health, while endpoint pages keep machine-specific detail.
Follow-up
The composer field for sending another operator request in an active or writable session.
Freshservice
An external ITSM or support source that Pharaoh can use as an imported IT knowledge provider when configured in the IT Knowledge Base.
Guardrail
A policy boundary that defines what Pharaoh can inspect, change, or ask to do. Guardrail templates help operators reuse safe limits for sessions, local assistant policy, and self-healing review context.
Guardrail template
A reusable guardrail record selected by operators for sessions, local assistant policy, and self-healing policy context. Templates keep common safety boundaries consistent across repeated work.
Guardrails
The security product area for creating, cloning, editing, and deleting reusable guardrail templates.
Home
The default page after a successful sign-in. It includes the Operations Snapshot health card.
Import Source
An IT Knowledge Base integration that syncs read-only content from an external provider such as SharePoint or Freshservice.
Install code
A short-lived enrollment code created by an operator and entered on the endpoint-local Connect this computer screen to connect a computer to Pharaoh.
IT Knowledge Base
The organization-wide knowledge area for native documents and imported support content. Endpoint-specific self-healing knowledge remains on the endpoint self-healing page.
ITSM
IT service management. In Pharaoh docs, ITSM usually means ticketing or service-desk systems where incidents, approvals, requests, and handoffs may already live.
Knowledge
Endpoint-specific self-healing memory shown on the Knowledge tab of Endpoint Self-Healing, or the broader support content managed in the IT Knowledge Base depending on context.
Knowledge document
A document in the IT Knowledge Base. Native documents are edited in Pharaoh; imported documents remain read-only and should be changed in their source system.
Knowledge proposal
A proposed endpoint-specific fact that needs reviewer approval before it becomes accepted endpoint self-healing knowledge.
KVM
Keyboard, video, and mouse access. In Pharaoh, KVM appears most often as Remote KVM, a hardware-assisted remote inspection and recovery path.
Last Seen
The latest successful check-in or observed freshness timestamp shown for an endpoint or device. Operators compare Last Seen with Sentinel and diagnostics timestamps when judging stale or offline behavior.
Lifecycle controls
Session actions such as start, send, stop, close, reopen, or refresh. Pharaoh enables or disables these controls based on session state and policy.
Live endpoint intelligence
The session workspace region that shows live frame state, transport state, evidence ledger, safety posture, and lifecycle controls for an endpoint session.
LLM
Large language model. Billing docs use this term for provider-backed AI work that can consume Anthropic or Pharaoh-managed provider usage.
Local assistant
The guarded assistant experience available from Endpoint Local Web when organization policy allows it and the endpoint has a valid policy cache.
Local Assistant Policy
The security page where admins enable or disable the local assistant, choose a default execution guardrail template, and configure offline cached-policy behavior.
Loopback
A local-only network address on the endpoint computer. Endpoint Local Web is served on loopback so it is not a public web console route.
Managed AI
The billing usage mode where Pharaoh provides hosted AI access and bills approved provider usage through Stripe. Current billing docs may also call this Managed usage.
Managed usage
See Managed AI.
MDM
Mobile device management or modern device management. MDM tools apply device policies, enrollment, configuration, and compliance controls. Pharaoh complements MDM by investigating live endpoint state and verifying repairs under policy.
MSP
Managed service provider. An MSP operates IT services for client organizations and may use Pharaoh to manage recurring endpoint issues across customer fleets.
Native document
An IT Knowledge Base document created and edited directly in Pharaoh, unlike imported content that remains read-only.
Open Sessions
The endpoint detail action that opens the endpoint session workspace for live investigation or prior-session review.
Operations
The navigation group for day-to-day fleet work such as Endpoints, Remote KVM, Playbooks, Self-Healing, and IT Knowledge Base.
Operations Snapshot
The health panel on Home. It shows current service status, environment, database state, and the time of the last successful check.
Organization Onboarding
The full-page authenticated setup flow for incomplete organizations. It collects mandatory profile and billing setup before the organization can enter the main console.
Organization Settings
The account-context page that shows organization details and the member table for the active organization.
Organization Members
The organization settings area for reviewing member access and inviting additional members.
Payment recovery
The Stripe-hosted handoff for updating payment details or resolving payment action requirements. Pharaoh docs should not ask operators to paste card details into Pharaoh artifacts.
Pilot
The guided 30-day launch package for a small number of active endpoints before a broader Production or Enterprise / MSP rollout.
Playbook
A reusable Markdown prompt that operators can load into supported Pharaoh composers. Playbooks help standardize repeated investigation, handoff, or recovery prompts, but they do not grant approval or replace policy.
Policy cache
The endpoint-local copy of policy delivered by the control plane. Cached policy can let bounded local work continue when configured, but stale or missing policy should fail closed.
Policy snapshot
The policy and grant context recorded with an escalation or session so a reviewer can understand the boundary that applied when Pharaoh requested or performed work.
Production package
A billing package intended for ongoing fleet operations, with a base subscription, included active endpoints, endpoint overage fees, and either BYO key or Managed AI usage.
Provider credential
A billing or integration credential used to access an external provider. Provider credentials should be stored through Pharaoh’s intended secret-handling flows and shown back only as secret-free metadata.
Provider usage
LLM or external-provider consumption measured in provider-native units such as tokens, model, feature, endpoint, session, prompt, and cost.
Redaction
The process of removing or masking sensitive values before displaying, exporting, screenshotting, or storing logs, diagnostics, traces, or proof artifacts.
Remediation
The repair work intended to return an endpoint to an expected state. In Pharaoh, remediation includes choosing a bounded fix, executing it under policy, verifying the result, and escalating when automation should not continue alone.
Remote KVM
The operator surface and runtime path for Android-hosted keyboard, video, and mouse access. It supports hardware-assisted remote inspection and recovery when ordinary endpoint remote tooling may be unavailable or insufficient.
Remote KVM Details
The Remote KVM page for managing one KVM device’s display name, labels, status, endpoint context, and session entry points.
Remote KVM Session
The Remote KVM workspace for monitoring the shared transcript and live frame for one KVM session.
RMM
Remote monitoring and management. RMM tools monitor and administer endpoints remotely. Pharaoh is not a generic RMM replacement; it adds controlled endpoint investigation, remediation, verification, and self-healing context.
Runbook
An organization-owned procedure, checklist, or support reference that explains how a recurring operational task should be handled. Runbooks usually belong in the IT Knowledge Base; a runbook is not automatically a Playbook or an approval.
Self-Healing
The product loop and operator area for detecting endpoint issues, investigating local state, repairing within policy, verifying results, and escalating exceptions. The Self-Healing page also reviews pending escalations and opens endpoint-specific self-healing context.
Self-Healing Escalation
A self-healing request that needs operator review. Pending escalations can be approved or rejected by reviewers from the Self-Healing Escalation detail page.
Self-Healing Settings
The settings page for shared Sentinel and Autoheal defaults such as enabled state, policy template IDs, cadence, and execution intervals.
Security
The navigation group for policy-control surfaces such as Guardrails and Local Assistant Policy.
Sentinel
Endpoint-specific health logic that reports the latest self-healing projection for an endpoint. The endpoint detail page shows a Sentinel panel, and the endpoint self-healing page has a Sentinel tab for version and execution history.
Sentinel status
The latest outcome label for a Sentinel execution. Documented statuses include Passed, Failed, Timeout, Invalid output, Policy denied, Runner error, Stale, and Not configured.
Session Launch Wizard
See Action Builder.
Session workspace
The endpoint-scoped page for starting sessions, reviewing the agent worklog, sending follow-up turns, and watching live endpoint intelligence.
SharePoint
An external content source that Pharaoh can use as an imported IT knowledge provider when configured in the IT Knowledge Base.
SIEM
Security information and event management. SIEM tools collect and correlate security events. Pharaoh may coexist with SIEM workflows, but its main role is endpoint investigation, governed repair, and verified recovery.
Soft Policies
The Action Builder step for natural-language AI constraints that guide a session launch without replacing deterministic hard guardrails.
Spend limit
The monthly usage limit that blocks expensive LLM work when reached. It does not include the base subscription fee or endpoint overage fees.
SSO
Single sign-on. Pharaoh’s vision expects coexistence with identity and SSO providers, even when a specific end-user workflow uses Pharaoh account credentials.
Stripe
The payment and subscription platform used by the documented billing setup, invoice, portal, and payment recovery handoffs.
Transcript
The conversation and execution history for an endpoint session, Remote KVM session, local assistant session, or agent thread.
Team invite
The optional onboarding step for inviting another operator into the current organization.
Transport state
The live-session signal that describes whether endpoint communication or frame publishing is live, stale, waiting, degraded, unavailable, or otherwise blocked.
Turn
One operator request and the corresponding agent response or execution sequence inside a session workspace or agent thread.
Usage mode
The billing choice that determines whether provider usage is paid through your own provider account (BYO key) or billed through Pharaoh (Managed AI).
User Menu
The menu in the authenticated shell that shows the signed-in user, current organization, organization switch targets, and links to the account pages.
User Profile
The account-context page that shows your display name, email, user ID, active organization ID, and session state.