Skip to main content

Key Concepts

A quick glossary of the terms you'll see across the Endpoints surface and these docs. If you've read How it works, this formalizes the vocabulary.

Device & identity

  • Managed device — a Mac or Windows machine running the Waxell agent, whether deployed by MDM or installed manually.
  • Tenant CA — your tenant's private root certificate authority. Trusted on each device so the agent can attribute traffic and, when capture is enabled, terminate TLS for catalog AI hosts without breaking trust.
  • Enrollment — the first-run handshake where a device proves itself and receives a per-device intermediate cert chained to the tenant CA.
  • Device → agent map — on the Devices tab you map each device's AI apps to a governed agent, so intercepted traffic and on-device tools resolve to that agent for policy and reporting.

AI apps

  • AI app — any application the on-device scanner identifies as talking to an AI provider: Claude Desktop, Cursor, Claude Code, GitHub Copilot, ChatGPT desktop, Perplexity, browser assistants, and more.
  • App type — the class of an AI app (e.g. a CLI coding agent vs. a desktop chat app vs. a browser). Guards can be set per app type, not just per app.
  • Governance level — how fully Waxell can govern an app type. You'll see values like full, transcript, or muted, depending on the app's runtime and whether it pins TLS.
  • Capture ceiling — the maximum capture an app can support given how it works (for example, an app that pins TLS can't be payload-captured by the proxy). The ceiling is an upper bound; your Guard policy chooses how much of it to use, and the default is none.

Observe vs. capture

  • Metadata flow — the default signal: which process, which AI host, when, how much. No payload, no TLS termination. Shown in the Flow stream / AI Activity.
  • Payload capture (Layer-0 / L0) — the opt-in signal: the actual request/response content for an enabled host, TLS-terminated and DLP-redacted on-device before upload. Shown in the Captures tab.
  • Catalog AI host — a host on Waxell's curated list of AI providers (e.g. api.openai.com, api.anthropic.com). Capture can only target catalog AI hosts — never banking, health, or mail.
The cardinal rule

Capture is off by default. It is enabled deliberately, per host, on the Guard cascade. See Privacy & DLP for what that means for data handling.

Guard & policy

  • Guard — the policy that controls what the agent observes, blocks, or captures on a device.
  • Guard cascade — a layered policy resolved in precedence order Global → App type → User group → Device → Agent group → Agent. More-specific layers override less-specific ones field by field. See Guard cascade overview.
  • Layer / override — a partial config set at one scope of the cascade. You only specify the fields you want to change; everything else inherits from the layer above.
  • Resolve — the Guard tab's simulator: pick an app type / user group / device / agent and see the effective config and which layer each field came from.

Detective vs. preventive

  • Detective — observe and record after the fact (the default posture for metadata and capture).
  • Preventive — actively block a connection (process/app blocking via the network monitor) before it completes.

Surfaces

  • AI Endpoints — the control-plane area (Governance → Connect → AI Endpoints) with the Apps, Devices, Guard, Captures, Flow, and Setup tabs.

Next: deploy to a fleet or a single machine, then set up Guard.