AI agent
Software that uses one or more language models to autonomously plan and execute multi-step tasks via tool calls.
reference
Glossary.
50 terms you'll meet again and again working with self-hosted AI agents. Concise definitions, with cross-references to related concepts and to our deeper guides.
A
Air-gap
Deployment with no network connection to untrusted networks — typically no internet access at all.
Approval flow
UI pattern requiring human confirmation before an agent's tool call executes.
B
BYOK (Bring Your Own Key)
Pricing pattern where a user supplies their own LLM API keys to a self-hosted or managed agent.
C
Caddy
Reverse proxy server with automatic HTTPS via Let's Encrypt. The easiest path to TLS on a self-hosted setup.
Cloudflare Workers
Edge serverless runtime running V8 isolates across 330+ Cloudflare data centres.
CVE-2026-25253
Critical 1-click remote code execution vulnerability in OpenClaw versions before 2026.2.10. CVSS 9.6.
D
Data residency
Regulatory or contractual requirement that data not leave a defined geographic or organisational boundary.
Docker Compose
Tool for defining and running multi-container Docker applications via a single YAML file.
Docker sandbox
Sandbox using a Docker container with filesystem mount and network policy controls.
E
Edge AI
AI workloads running close to where data is generated rather than in centralised cloud datacenters.
Embeddings
Numerical vector representations of text, images, or audio that capture semantic similarity.
EU AI Act
EU regulation classifying AI systems by risk level and imposing obligations on high-risk deployments.
G
GDPR
EU regulation governing personal data processing. Applies to most consumer-facing AI deployments touching EU users.
GGUF
File format for storing quantised LLM weights, used by llama.cpp and Ollama.
gVisor
User-space kernel that runs as a sandbox layer between containers and the host kernel.
H
Hermes Agent
Open-source self-hosted AI agent from Nous Research, released February 2026. Sandboxed by default, multi-LLM.
Hetzner
German VPS and dedicated server provider. The cheapest credible EU option for self-hosting in 2026.
I
IronClaw
Enterprise-grade self-hosted AI agent with gVisor sandboxing, RBAC and audit logging. Source-available.
L
Llama
Meta's family of open-weight large language models. Llama 3.3 70B is the leading open frontier model in 2026.
llama.cpp
C++ inference engine for LLMs. The runtime under most local-LLM setups, including Ollama.
Local LLM
Language model running on local hardware rather than via cloud API. Llama, Qwen, Mistral local variants.
M
Magic link
Passwordless authentication where the user clicks a one-time link sent to their email.
MCP (Model Context Protocol)
Open standard for connecting language models to external tools and data sources via a JSON-RPC interface.
MCP server
Process that exposes a set of tools to MCP-compatible AI agents over a JSON-RPC interface.
Mistral
European LLM developer. Mistral 7B is the canonical small open-weight model; Mistral Small 22B targets the mid-tier.
Moltworker
Cloudflare Workers-based self-hosted AI agent reference implementation.
N
Nanobot
4,000-line Python self-hosted AI agent from HKU. Designed to be auditable in an afternoon.
NanoClaw
macOS-only fork of OpenClaw using Apple's container framework for sandboxing. Claude-only.
O
Ollama
Local LLM runtime that exposes an OpenAI-compatible API over local model weights.
OpenClaw
Open-source autonomous AI agent created by Peter Steinberger in November 2025. Most-installed self-hosted agent of 2026.
OpenRouter
LLM API gateway providing a unified interface across Anthropic, OpenAI, Google, Mistral and many open models.
P
Phi-3
Microsoft's small-language-model family. Phi-3 mini 3.8B runs on a Raspberry Pi 5.
Pocket AI
Self-hosted AI agents and language models running on portable, low-power hardware you own.
Prompt injection
Attack technique where adversarial input embedded in a document or webpage hijacks an agent's behaviour.
Q
Quantisation
Reducing the numerical precision of model weights to shrink memory footprint and speed up inference, with quality tradeoff.
Qwen
Alibaba's open-weight LLM family. Qwen 2.5 Coder 7B is widely used for self-hosted code-focused agents.
R
RAG (Retrieval-Augmented Generation)
Pattern of augmenting LLM responses with retrieved external data, typically from a vector database.
RCE (Remote Code Execution)
Vulnerability class where an attacker can execute arbitrary code on a target system over a network.
S
Sandbox
Isolation layer that constrains what an agent's tool execution can access on the host.
Sandboxed tool execution
Running an agent's tool calls inside an isolated environment that limits filesystem, network and process access.
Self-hosted AI
AI software you install on hardware you control, rather than consuming as a hosted product.
T
Tailscale
Mesh VPN built on WireGuard. Common pattern for keeping self-hosted dashboards off the public internet.
Tool call
Structured invocation of an external function by a language model, typically as JSON conforming to a declared schema.
V
Vector database
Database optimised for similarity search over high-dimensional embeddings.
VPS
Virtual private server — a virtualised slice of a physical server, typically rented by the month.
W
Watchtower
Container that watches running containers and pulls/redeploys when new images ship.
WebSocket origin validation
Server-side check that an incoming WebSocket connection comes from an allowed origin domain.
Z
Zero trust
Security architecture that assumes no implicit trust and verifies every access request.
ZeroClaw
Privacy-first self-hosted AI agent. Local LLMs only, no cloud, AGPL-3.0.