Nexus Terminology Reference
This section defines the standard terminology used throughout Nexus documentation. Terms reference each other to build understanding from high-level concepts down to implementation details.
Environment Types
Secure Environment
A Secure Environment has a single Nexus Pod configured as vault-only: - One Docker container running Redis - Password protected - requires authentication for ALL access (reads AND writes) - No operational replica exposed - Credentials retrieved from Locker at runtime (no hardcoded passwords) - Use case: Sensitive data that should never be readable without auth
Current Secure Environments: - User (6610) - User profiles, preferences, authentication, AI persona settings - Locker (6720) - Credentials and secrets storage
Standard Environment
A Standard Environment has dual Nexus Pods: - Vault Pod: Docker container, password protected, port XX0 (writes) - Operational Pod: Docker container, no password, port XX1 (reads) - Vault → Operational replication keeps data in sync - AI tools read from operational (fast, no auth), write through vault (secure) - Port pattern: 66XX range
Current Standard Environments: - Workflow (6615/6616), Context (6620/6621), KB (6625/6626) - Contact (6630/6631), Links (6635/6636), Track (6640/6641) - Session (6645/6646), Document (6650/6651), Transcript (6655/6656) - Corpus (6660/6661), Temp (6665/6666), Web (6670/6671), Voice (6675/6676)
MCP Server Classification
Interactive Environment
An environment with an MCP Server attached, providing AI tool access:
- AI can read, write, search, and manipulate data
- Tools exposed through Gateway MCP
- Located at /opt/mcp-servers/{name}/
Storage-Only Environment
An environment without an MCP Server: - Data storage only, no direct AI tool access - May be accessed indirectly through other servers - Used for specialized or internal purposes
Environment Matrix
| Environment | Type | Ports | MCP Server | Purpose |
|---|---|---|---|---|
| User | SECURE | 6610 | ✅ user | User profiles, preferences, auth |
| Workflow | Standard | 6615/6616 | ✅ workflow | Protocols, AI instructions |
| Context | Standard | 6620/6621 | ✅ context | Knowledge, notes, summaries |
| KB | Standard | 6625/6626 | ✅ kb | Hierarchical documentation |
| Contact | Standard | 6630/6631 | ✅ contact | CRM, contacts, leads |
| Links | Standard | 6635/6636 | ✅ links | URL bookmarks, metadata |
| Track | Standard | 6640/6641 | ✅ track | Projects, tasks |
| Session | Standard | 6645/6646 | ✅ session | Session management |
| Document | Standard | 6650/6651 | ✅ document-v2 | Hierarchical documents |
| Transcript | Standard | 6655/6656 | ✅ transcript | Audio/video transcripts |
| Corpus | Standard | 6660/6661 | ✅ corpus | Document ingestion |
| Temp | Standard | 6665/6666 | ✅ temp | Staging area (24hr expiry) |
| Web | Standard | 6670/6671 | ❌ DOWN | Web content cache |
| Voice | Standard | 6675/6676 | ✅ voice | TTS (reads user env) |
| Locker | SECURE | 6720 | ✅ locker | Credentials, secrets |
MCP Servers Without Dedicated Environments
Some MCP servers provide functionality without their own Redis storage:
| Server | Purpose | Storage Used |
|---|---|---|
| Chrono | Time, weather, reminders | Uses its own Redis (reminders) |
| Search | Cross-environment search | Indexes all environments |
| Delegate | Agentic AI delegation | Orchestration only |
| Docs | File/PDF management | CDN filesystem |
| SMS | SMS messaging | Twilio API only |
| Gateway | MCP router | No storage |
Core Concepts
Nexus Pod
An individual Redis instance serving one role: - Vault Pod: Docker container with password auth, handles writes - Operational Pod: Docker container, no auth, handles reads (Standard only)
Port Allocation
- 66XX range: Standard environments (vault=XX0, operational=XX1)
- 67XX range: Secure environments (vault only)
Multi-Tenant Architecture
Nexus supports multiple users. Each user has a stable ID (format: u_XXXX) embedded in ALL data across ALL environments, enabling complete data isolation.
Redis Architecture
All Nexus data is stored in NVMe-backed Redis instances (persistent, not RAM-only). Data survives restarts and is backed up regularly.
Credentials Security
Secure environments retrieve passwords from Locker at runtime via credentials_helper.py. No hardcoded passwords in MCP server files. The only exception is Locker's bootstrap password.