Bioscience QMS Work Order System — Comprehensive Glossary

Classification: Internal — Reference
Date: 2026-02-13
Version: 5.0 (comprehensive — all terms from all 79+ artifacts + system prompt v8, alphabetized A→Z)
Scope: Every acronym, technical term, and domain concept appearing across all markdown artifacts, JSX dashboards, ADRs, meta-prompts, and specification documents

---

A

Term	Definition	CODITECT Equivalent	Ecosystem Analogs
ABAC	Attribute-Based Access Control — access decisions based on attributes of user, resource, and environment	Future RBAC extension	Azure ABAC, AWS IAM policies
ACI	Agent-Computer Interface — Anthropic principle that tool design for AI agents deserves equal investment to HCI	Tool Engineering principle	Anthropic agent guidelines
ACID	Atomicity, Consistency, Isolation, Durability — transaction properties guaranteed by PostgreSQL	Database transaction model	SQL standard
ACV	Annual Contract Value — average annual revenue per customer contract; target $240K at maturity	Revenue metric	SaaS ACV
ADR	Architecture Decision Record — structured document capturing architectural decisions with context, alternatives, consequences	adrs/ artifact collection	MADR, Nygard ADR format
AES-256	Advanced Encryption Standard (256-bit key) — symmetric encryption for data at rest in PostgreSQL TDE	Encryption configuration	NIST standard
Agent Message	Typed data structure routed between agent nodes via Event Bus with payload, correlation ID, and metadata	AgentMessage interface	LangGraph StateMessage, Temporal Signal
Agent Session ID	Unique identifier for a CODITECT agent execution trace, linking audit entries to specific agent runs	AuditTrail.agentSessionId	OpenTelemetry Trace ID
AICPA	American Institute of Certified Public Accountants — defines SOC 2 Trust Service Criteria	Compliance standard body	—
API	Application Programming Interface — contract defining component communication; CODITECT uses REST + events	API Gateway layer	OpenAPI 3.1, gRPC, GraphQL
Approval	Formal decision record (APPROVED/REJECTED) linked to an electronic signature for Part 11 compliance	Approval entity	ServiceNow Approval, Veeva eSignature
Approval Chain	Ordered sequence of required approvals; regulatory WOs need System Owner + QA; tenant-configurable	Compliance Engine config	Veeva Approval Workflow
Approval Gate	Mandatory checkpoint requiring human e-signed approval before state advancement; database-enforced	Checkpoint Manager	Temporal Activity
ARR	Annual Recurring Revenue — total annualized subscription revenue; Y3 target $28.8M	Revenue metric	SaaS ARR
ARPU	Average Revenue Per User — revenue divided by active user count	Revenue metric	SaaS ARPU
Asset	Physical or logical item in QMS — device, computer, instrument — with lifecycle status and CMMS reference	Asset entity	Maximo Asset, ServiceNow CI
AsyncIO	Python asynchronous I/O framework for Agent Orchestrator non-blocking execution	Orchestrator runtime	Node.js async, Go goroutines
Audit Trail	Immutable, append-only record of all entity changes; DB trigger prevents modification per Part 11 §11.10(e)	AuditTrail entity	Veeva Audit Trail, TrackWise
ANVISA	Agência Nacional de Vigilância Sanitária — Brazil's national health surveillance agency regulating pharmaceuticals, medical devices, and biologics; relevant for CODITECT's Brazil market entry (Y3)	Regulatory jurisdiction mapping	FDA, EMA, MHRA, TGA
APPI	Act on the Protection of Personal Information — Japan's data protection law governing handling of personal data; relevant for CODITECT's Japan market entry	Regulatory jurisdiction mapping	GDPR, LGPD, PIPEDA
ARIA	Accessible Rich Internet Applications — W3C specification for making web content accessible to assistive technologies	WCAG compliance	WAI-ARIA, Section 508
Auth0	Identity-as-a-Service platform — IdP option for CODITECT SSO integration	IdP integration option	Keycloak, Okta, Azure AD
AWS	Amazon Web Services — cloud infrastructure provider; CODITECT architecture is cloud-agnostic but references AWS analogs	Cloud provider reference	GCP, Azure

B

Term	Definition	CODITECT Equivalent	Ecosystem Analogs
BAA	Business Associate Agreement — HIPAA-required contract between covered entity and business associate handling PHI	Compliance document	Standard HIPAA BAA
BCP	Business Continuity Plan — documented procedures for maintaining operations during disruption	Operational readiness	DRP, DR
BDD	Behavior-Driven Development — testing methodology writing tests as user stories in Given/When/Then format	Test strategy option	Cucumber, Jest BDD
BOM	Bill of Materials — structured component list referenced in manufacturing work orders	Future WO extension	ERP BOM, MES BOM
BPMN	Business Process Model and Notation — standardized graphical notation for business process workflows	Documentation format	UML Activity, Flowcharts
BRD	Business Requirements Document — high-level business needs specification	Planning artifact	PRD, MRD
Break-Glass	Emergency access mechanism that bypasses normal authorization controls with enhanced logging and mandatory justification; required by HIPAA §164.312(a)(2)(ii)	Emergency access procedure	HIPAA emergency access, privileged access management
Buildx	Docker CLI plugin for extended build capabilities including multi-platform image builds and build caching; used in CI/CD pipeline for container image creation	CI/CD build tool	Docker Build, Kaniko

C

Term	Definition	CODITECT Equivalent	Ecosystem Analogs
C4 Model	Architecture description framework: Context (C1), Container (C2), Component (C3), Code (C4)	C4 artifact suite	Structurizr, Arc42
CAC	Customer Acquisition Cost — total sales + marketing cost per new customer; target $45K	Revenue metric	SaaS CAC
CAGR	Compound Annual Growth Rate — annualized growth rate; QMS market ~8.2% CAGR	Market metric	—
CAPA	Corrective and Preventive Action — process triggered by WO rejection patterns indicating systemic quality issues	CODITECT CAPA module	Veeva CAPA, TrackWise CAPA
CAPA Action	Individual corrective or preventive task within a CAPA record, tracked to completion with evidence and verification; generates WOs automatically	CAPAAction entity	TrackWise tasks, Veeva actions
Canary Deployment	Release strategy routing a small percentage of traffic (10%→50%→100%) to the new version while monitoring error rates and latency before full rollout	Production deployment strategy	Blue-green, rolling update
Causation ID	Identifier linking a domain event to the event or command that caused it, enabling causal chain reconstruction in event-driven systems	Event envelope field	Correlation ID (related)
CCPA	California Consumer Privacy Act — California data privacy law granting consumers rights over personal data	International compliance	GDPR, LGPD, PIPEDA
CDE	Cardholder Data Environment — PCI-DSS defined boundary containing systems that store, process, or transmit cardholder data	PCI-DSS compliance scope	Network segmentation
Chaos Engineering	Discipline of proactively injecting failures into production-like systems to discover weaknesses; WO system defines 6 chaos experiments	Testing strategy	Litmus, Chaos Monkey, Gremlin
Conway's Law	Observation that system architecture mirrors the communication structure of the organization building it; used in team topology design	Team topology alignment	Inverse Conway Maneuver
Cosign	Container image signing tool from Sigstore project; used with Cloud KMS to cryptographically sign container images in CI/CD pipeline	Supply chain security	Notary, Docker Content Trust
Cursor Pagination	API pagination method using opaque cursors instead of page numbers; provides consistent results during concurrent modifications	API design pattern	Offset pagination, keyset pagination
CDC	Change Data Capture — detecting data changes in PostgreSQL WAL for event publishing	Transactional Outbox pattern	Debezium, Maxwell
CDMO	Contract Development and Manufacturing Organization — outsourced pharmaceutical manufacturing	Target customer segment	Lonza, Catalent, Samsung Biologics
CFR	Code of Federal Regulations — US federal regulatory law; Title 21 covers FDA regulations	Regulatory framework	—
Change Control	Regulated process of planning, executing, reviewing, and approving changes to validated systems	WO Lifecycle Engine	ITIL Change Management
ChangeItem	Target of a Work Order — device, system, or document being changed, linked to Asset entity	ChangeItem entity	ServiceNow CI, Maximo Asset
Child WO	Execution-level Work Order linked to Master WO via masterId; maps to CODITECT Worker agent pattern	WorkOrder with masterId	Maximo Child WO
CI/CD	Continuous Integration / Continuous Deployment — automated build-test-deploy pipeline	Google Cloud Build	Jenkins, GitHub Actions
Circuit Breaker	Three-state (closed/open/half-open) failure detection pattern preventing cascading agent failures	Orchestrator component	Hystrix, Resilience4j
CLIA	Clinical Laboratory Improvement Amendments — US regulation for laboratory testing quality standards	Adjacent regulatory domain	CAP accreditation
CMMS	Computerized Maintenance Management System — manages maintenance, work orders, and assets	Integration target	Maximo, SAP PM, eMaint
CODITECT	Autonomous AI development platform for regulated industries by AZ1.AI Inc.	Platform name	—
COGS	Cost of Goods Sold — direct delivery costs; primarily compute + AI model tokens	Financial metric	—
CPM	Cost Per Mille (thousand) — cost per 1000 tokens in AI model pricing	Token economics metric	—
CQRS	Command Query Responsibility Segregation — separate read and write models for state management	Architecture pattern	Event Sourcing complement
CRO	Contract Research Organization — outsourced clinical research partner	Target customer segment	IQVIA, Labcorp Drug Dev
CRUD	Create, Read, Update, Delete — four basic database operations	Data access pattern	REST verbs mapping
CSV	Computer System Validation — FDA-required validation methodology for regulated software systems	Compliance process	IQ/OQ/PQ, GAMP 5
CTE	Common Table Expression — SQL WITH clause for readable complex queries	Database query pattern	—
CTO	Chief Technology Officer — technical leadership role; Hal Casteel at AZ1.AI	Executive role	VP Engineering
CUID	Collision-resistant Unique Identifier — alternative to UUID for shorter, URL-safe IDs	ID generation option	UUID, ULID, NanoID

D

Term	Definition	CODITECT Equivalent	Ecosystem Analogs
DAG	Directed Acyclic Graph — Master/Child WO dependency structure; enforces no circular dependencies	WO hierarchy model	Airflow DAG, Temporal Workflow
DDD	Domain-Driven Design — software design approach modeling domain concepts explicitly	Architecture methodology	Bounded Contexts, Aggregates
DHF	Design History File — FDA-required documentation of medical device design process	Compliance documentation	21 CFR 820
DI	Dependency Injection — design pattern for providing object dependencies; InversifyJS in Theia	Theia architecture pattern	Spring DI, Angular DI
DICOM	Digital Imaging and Communications in Medicine — healthcare imaging data standard	Integration protocol	HL7, FHIR
DMR	Device Master Record — FDA-required documentation containing device specifications and procedures	Compliance documentation	21 CFR 820
DMS	Document Management System — controlled document storage with versioning and access control	Integration target	SharePoint, Documentum
DRP	Disaster Recovery Plan — procedures for restoring systems after catastrophic failure	Operational readiness	BCP, RPO/RTO
Data Classification	5-level taxonomy (L0 Public → L4 Regulated) applied to all data fields, determining encryption, access control, retention, and residency requirements	Data architecture foundation	NIST data classification, ISO 27001
Data Lineage	Tracking of data origin, transformations, and access as a directed acyclic graph; required for regulatory traceability and audit	Lineage tracking engine	Apache Atlas, Marquez, dbt
Data Residency	Requirement that data physically resides within a specific geographic jurisdiction; driven by GDPR, LGPD, HIPAA	Tenant-level config (data_residency_region)	Data sovereignty, data localization
Data Subject	Individual whose personal data is processed; has rights (access, deletion, portability, correction) under GDPR, LGPD, CCPA	Consent management	Data controller, data processor
Deviation	Documented departure from expected result during validation (IQ/OQ/PQ); classified as Critical, Major, Minor, or Observation	Deviation report in validation	Non-conformance, OOS
Distroless	Minimal container base images containing only the application runtime and dependencies, with no shell, package manager, or OS tools; reduces attack surface	Container image base	Alpine, scratch, chainguard
DLQ	Dead Letter Queue — destination for messages that cannot be processed after maximum retries; monitored for operational issues	NATS DLQ subject	RabbitMQ DLQ, AWS SQS DLQ
Domain Event	Immutable record of something that happened in the system, following a standard envelope schema with correlation ID, causation ID, and data classification metadata	Event catalog events	CloudEvents, EventBridge
DPIA	Data Protection Impact Assessment — GDPR-required evaluation of processing activities that may result in high risk to data subjects	Privacy compliance	PIA, HIPAA risk assessment

E

Term	Definition	CODITECT Equivalent	Ecosystem Analogs
E2E	End-to-End — testing methodology validating complete workflow from input to output	Test strategy	Integration testing
EAM	Enterprise Asset Management — lifecycle management of physical assets across an organization	Integration domain	Maximo, SAP EAM
EBITDA	Earnings Before Interest, Taxes, Depreciation, and Amortization — profitability metric	Financial metric	—
ECN	Engineering Change Notice — formal notification of change to engineering documentation or product	QMS document type	ECO, CAPA
ECO	Engineering Change Order — formal authorization to implement an engineering change	QMS document type	ECN, CAPA
ECS	Elastic Container Service — AWS managed container orchestration service	Deployment option	GKE, Azure ACI
EHR	Electronic Health Record — digital health record system; FDA-regulated integration target	Integration target	Epic, Cerner, MEDITECH
ELK	Elasticsearch, Logstash, Kibana — open-source log aggregation and search stack	Observability option	OTEL + Grafana stack
ELN	Electronic Laboratory Notebook — digital lab notebook for recording experiments and observations	Adjacent QMS system	LabArchives, Benchling
EMA	European Medicines Agency — EU pharmaceutical regulatory authority equivalent to FDA	International regulatory	FDA, MHRA, TGA
ePHI	Electronic Protected Health Information — digital health data protected under HIPAA	HIPAA scope	PHI (paper form)
ERD	Entity-Relationship Diagram — visual schema representation; WO system has 20+ entities	Design artifact	UML Class Diagram
ERP	Enterprise Resource Planning — integrated business management software	Integration target	SAP, Oracle ERP
Error Budget	Allowed failure threshold derived from SLO (e.g., 99.95% uptime = 0.05% error budget); when consumed, feature development pauses for reliability work	SLA framework	Google SRE error budgets
Event Catalog	Comprehensive inventory of all domain events with schemas, producers, consumers, data classification, and compliance implications	Domain event registry	AsyncAPI, EventCatalog
Event Envelope	Standard wrapper for domain events containing metadata (id, type, timestamp, tenant, actor, correlation/causation IDs, data classification)	DomainEvent interface	CloudEvents specification
Expand-Contract	Schema evolution pattern: add new column/field (expand), migrate data, switch readers, remove old column (contract); enables zero-downtime migrations	Schema migration strategy	Parallel change, strangler fig

F

Term	Definition	CODITECT Equivalent	Ecosystem Analogs
FAT	Factory Acceptance Testing — pre-delivery testing at manufacturer site; maps to IQ validation	Validation phase	IQ, SAT
FDA	Food and Drug Administration — US federal agency regulating food, drugs, medical devices, biologics	Primary regulatory body	EMA, MHRA, TGA
FHIR	Fast Healthcare Interoperability Resources — HL7 standard for healthcare data exchange	Integration protocol	HL7 v2, DICOM
FK	Foreign Key — database constraint linking related tables; enforces referential integrity	Data model constraint	—
FMEA	Failure Mode and Effects Analysis — risk assessment methodology identifying potential failure points	Risk management tool	FTA, HAZOP
FRS	Functional Requirements Specification — detailed functional behavior of a system	Planning artifact	URS, SRS
FSM	Finite State Machine — computational model with discrete states and transitions; WO uses 9-state FSM	WO Lifecycle Engine	XState, Spring SM
FSMA	Food Safety Modernization Act — US law for food safety preventive controls	Adjacent regulatory domain	HACCP, GMP
FTA	Fault Tree Analysis — top-down risk analysis method using Boolean logic	Risk management tool	FMEA, HAZOP
FTE	Full-Time Equivalent — unit measuring one person's full-time workload	Resource metric	—
FDA 483	FDA Form 483 — inspectional observation form listing conditions that may constitute regulatory violations; requires written response within 15 business days	Audit finding type	Warning Letter, Consent Decree
Feature Flag	Runtime toggle controlling feature availability per tenant, role, or percentage; in regulated environments, flag state changes are auditable and cannot bypass compliance controls	Feature flag architecture	LaunchDarkly, Flagsmith, Unleash
Fishbone Diagram	Root cause analysis tool (also called Ishikawa diagram) categorizing potential causes into People, Process, Technology, Equipment, Materials, Measurement	CAPA root cause method	Five Whys, Fault Tree
Fitness Function	Automated architectural test verifying the system still meets its design principles as it evolves (e.g., no L4 data in logs, all endpoints authenticated)	Architecture governance	ArchUnit, fitness functions
Five Whys	Root cause analysis technique iteratively asking "why" to drill from symptom to root cause; structured template in CAPA workflow	CAPA root cause method	Fishbone, Fault Tree
Fluentbit	Lightweight log processor and forwarder; collects structured JSON logs from containers and ships to Grafana Loki in the observability stack	Log collection agent	Fluentd, Logstash, Vector

G

Term	Definition	CODITECT Equivalent	Ecosystem Analogs
GA	General Availability — product release ready for all customers	Release milestone	Beta, RC
GAMP	Good Automated Manufacturing Practice — ISPE guidelines for pharmaceutical system validation (GAMP 5)	Validation methodology	IQ/OQ/PQ, CSV
GCP	Google Cloud Platform — cloud provider; CODITECT primary deployment target via Google AI Accelerator	Cloud infrastructure	AWS, Azure
GDPR	General Data Protection Regulation — EU data privacy regulation affecting data handling and consent	International compliance	HIPAA, PIPEDA, CCPA
GKE	Google Kubernetes Engine — managed Kubernetes service on GCP; CODITECT uses GKE Autopilot with multi-zone deployment for production workloads	Container orchestration	EKS (AWS), AKS (Azure)
GLBA	Gramm-Leach-Bliley Act — US law requiring financial institutions to protect consumer financial information	Fintech regulatory	SOC 2, PCI-DSS
GLP	Good Laboratory Practice — quality standards for non-clinical laboratory studies	Regulatory standard	GMP, GCP (clinical)
GM	Gross Margin — revenue minus COGS divided by revenue; target 78%	Financial metric	—
GMP	Good Manufacturing Practice — quality standards for manufacturing regulated products	Regulatory standard	GLP, ISO 13485
Golden Image	Verified, compliant system state captured after approved change; used as rollback baseline	WO completion artifact	System snapshot, Checkpoint
GRC	Governance, Risk, and Compliance — integrated approach to organizational governance	Integration domain	RSA Archer, ServiceNow GRC
GTM	Go-to-Market — strategy for launching products; CODITECT uses 3-phase GTM (Lighthouse→Vertical→Enterprise)	Business strategy	—

H

Term	Definition	CODITECT Equivalent	Ecosystem Analogs
HACCP	Hazard Analysis and Critical Control Points — food safety management system based on risk analysis	Adjacent regulatory	FSMA, GMP
HAZOP	Hazard and Operability Study — structured risk analysis examining process deviations	Risk management tool	FMEA, FTA
HCI	Human-Computer Interface — design discipline for human-system interaction; ACI is the agent equivalent	Design discipline	UX, UI
HIPAA	Health Insurance Portability and Accountability Act — US healthcare data privacy and security law	Compliance framework	GDPR, PIPEDA
HL7	Health Level Seven — healthcare interoperability standards organization and protocol family	Integration protocol	FHIR, DICOM
HLD	High-Level Design — architectural overview document before detailed design	Design artifact	SDD, C4 Context
HPLC	High Performance Liquid Chromatography — analytical technique requiring calibrated instruments tracked in WO system	Instrument type (Tool entity)	GC, Mass Spec
HMAC	Hash-based Message Authentication Code — cryptographic method for webhook signature verification using shared secret keys	Webhook security	JWT, API key
HPA	Horizontal Pod Autoscaler — Kubernetes resource automatically scaling pod replicas based on CPU, memory, or custom metrics	GKE autoscaling	AWS Auto Scaling
Human Checkpoint	Mandatory point where agent execution pauses for human decision; non-negotiable for Part 11 approvals	Checkpoint Manager component	Temporal Human-in-the-Loop

I

Term	Definition	CODITECT Equivalent	Ecosystem Analogs
IAM	Identity and Access Management — framework for managing digital identities and access rights	Security infrastructure	AWS IAM, Azure AD, Okta
ICH	International Council for Harmonisation — harmonizes pharmaceutical regulatory guidelines globally	Regulatory framework	ICH Q7 (GMP), Q9 (Risk)
IaC	Infrastructure as Code — managing and provisioning infrastructure through machine-readable configuration files rather than interactive tools	Terraform modules	Pulumi, CloudFormation, CDK
ICU MessageFormat	International Components for Unicode message formatting standard for pluralization, gender, and locale-aware string interpolation	i18n string externalization	FormatJS, react-intl
Idempotency	Property where an operation produces the same result regardless of how many times it is applied; enforced via X-Request-ID header preventing duplicate WO operations	API design principle	Idempotency key, exactly-once
IDE	Integrated Development Environment — software development workspace; CODITECT uses Eclipse Theia	IDE Shell container	VS Code, JetBrains
IdP	Identity Provider — external authentication service providing identity assertions	SSO integration	Auth0, Okta, Azure AD
IPO	Initial Public Offering — first sale of stock to public; relevant to market trajectory analysis	Financial milestone	VC, Series funding
IQ	Installation Qualification — validation proving system installed correctly per specifications	Validation phase (IQ/OQ/PQ)	GAMP 5
IQ/OQ/PQ	Installation/Operational/Performance Qualification — three-phase validation methodology for regulated systems	Validation protocol suite	GAMP 5, CSV
IQVIA	Global CRO and health information technology company — market data source	Market reference	Veeva, ICON
IR	Investor Relations — communication between company and investment community	Business function	—
IRR	Internal Rate of Return — discount rate making NPV of investment zero	Financial metric	NPV, ROI
ISO	International Organization for Standardization — publishes quality and safety standards (13485, 27001, 9001)	Compliance standards	AICPA, FDA
ISPE	International Society for Pharmaceutical Engineering — publishes GAMP guidelines	Industry body	PDA, AICPA
ITIL	Information Technology Infrastructure Library — IT service management best practices framework	Process framework	COBIT, ISO 20000
ITSM	IT Service Management — managing IT services lifecycle; ITIL-based	Process domain	ServiceNow ITSM, BMC
IVD	In Vitro Diagnostic — medical device for testing specimens outside the body	Device classification	IVDR (EU regulation)
IVDR	In Vitro Diagnostic Regulation — EU regulation for IVD medical devices (2017/746)	EU regulatory	FDA 21 CFR 809

J

Term	Definition	CODITECT Equivalent	Ecosystem Analogs
JobPlan	Execution blueprint for a Work Order — defines steps, skills, tools, materials, and work instructions	JobPlan entity	Maximo Job Plan
JSONB	JSON Binary — PostgreSQL binary JSON data type enabling indexed queries on semi-structured data	Database column type	MongoDB BSON
JSX	JavaScript XML — React syntax extension for describing UI components; used for all dashboard artifacts	Dashboard file format	TSX (TypeScript variant)
JWT	JSON Web Token — compact, signed token for API authentication and authorization	API Gateway auth	OAuth 2.0 access tokens

K

Term	Definition	CODITECT Equivalent	Ecosystem Analogs
KPI	Key Performance Indicator — measurable value demonstrating operational effectiveness	Business metric	OKR (complementary)
Kustomize	Kubernetes-native configuration management tool using overlays to customize base manifests per environment without templating	K8s manifest management	Helm, jsonnet

L

Term	Definition	CODITECT Equivalent	Ecosystem Analogs
LangGraph	LangChain framework for building stateful multi-agent workflows with graph-based orchestration	Agent orchestration analog	Temporal, Prefect
LGPD	Lei Geral de Proteção de Dados — Brazil's general data protection law, analogous to GDPR; relevant for CODITECT's Brazil market entry (Y3)	Regulatory jurisdiction mapping	GDPR, CCPA, APPI
LIMS	Laboratory Information Management System — manages lab samples, tests, and workflows	Adjacent QMS system	LabVantage, STARLIMS
LLM	Large Language Model — AI model architecture powering CODITECT agents (Claude Opus/Sonnet/Haiku)	Agent intelligence layer	GPT, Gemini, Llama
LTV	Lifetime Value — projected total revenue from a customer; target $840K (3.5 years × $240K ACV)	Revenue metric	SaaS LTV

M

Term	Definition	CODITECT Equivalent	Ecosystem Analogs
MADR	Markdown ADR format — standardized template for Architecture Decision Records	ADR template format	Nygard ADR
Master WO	Parent Work Order coordinating multiple child WOs; uses DAG hierarchy with aggregation rules	WorkOrder with children	Maximo Master WO
MDR	Medical Device Regulation — EU regulation for medical devices (2017/745) replacing MDD	EU regulatory	FDA 21 CFR 820
MES	Manufacturing Execution System — controls and monitors manufacturing processes in real-time	Integration target	Siemens Opcenter, Rockwell
MFA	Multi-Factor Authentication — authentication requiring 2+ verification factors; required for e-signatures	Signature security	TOTP, FIDO2, SMS
MHRA	Medicines and Healthcare products Regulatory Agency — UK pharmaceutical regulatory authority	International regulatory	FDA, EMA, TGA
Model Router	CODITECT component selecting optimal AI model per task segment based on complexity and regulatory flags	Orchestrator component	CODITECT differentiator
MRR	Monthly Recurring Revenue — ARR divided by 12; Y3 target $2.4M/month	Revenue metric	SaaS MRR
MQL	Marketing Qualified Lead — prospect who has engaged with marketing content and meets firmographic criteria; feeds sales pipeline in GTM strategy	GTM funnel stage	PQL, SQL (Sales)
mTLS	Mutual TLS — bidirectional certificate authentication between services	Inter-service security	Service mesh, Istio
MVP	Minimum Viable Product — smallest feature set validating core value proposition	Product milestone	POC, Pilot

N

Term	Definition	CODITECT Equivalent	Ecosystem Analogs
NATS	Neural Autonomic Transport System — high-performance messaging system for event bus	Event Bus option	Redis Streams, RabbitMQ
NDA	Non-Disclosure Agreement — legal contract protecting confidential information; required for auditor access, customer demonstrations, and enterprise sales	Legal/compliance document	Mutual NDA, CNDA
NCR	Non-Conformance Report — document recording deviation from specifications or procedures	QMS document type	CAPA, SCAR
NPV	Net Present Value — present value of future cash flows minus initial investment	Financial metric	IRR, ROI
NRR	Net Revenue Retention — revenue from existing customers including expansion minus churn; target 140%	Revenue metric	SaaS NRR, NDR

O

Term	Definition	CODITECT Equivalent	Ecosystem Analogs
OIDC	OpenID Connect — identity layer on OAuth 2.0 for SSO authentication	SSO protocol	SAML, OAuth 2.0
OKR	Objectives and Key Results — goal-setting framework for measuring outcomes	Business planning	KPI (complementary)
OOTB	Out of the Box — functionality available without customization	Feature classification	Custom, Configurable
OQ	Operational Qualification — validation proving system operates correctly under expected conditions	Validation phase (IQ/OQ/PQ)	GAMP 5
ORM	Object-Relational Mapping — abstraction layer mapping objects to database tables; Prisma in CODITECT	Data access layer	TypeORM, Sequelize, SQLAlchemy
OTEL	OpenTelemetry — observability framework for traces, metrics, and logs across distributed systems	Observability stack	Jaeger, Zipkin, Datadog
OTP	One-Time Password — single-use authentication code for MFA; used in e-signature re-authentication	Authentication mechanism	TOTP, HOTP
OWASP	Open Worldwide Application Security Project — nonprofit producing security tools, standards, and the OWASP Top 10 vulnerability list; referenced in security architecture threat modeling	Security standards	CWE, NIST CSF

P

Term	Definition	CODITECT Equivalent	Ecosystem Analogs
PCI-DSS	Payment Card Industry Data Security Standard — security standard for handling credit card data	Fintech compliance	SOC 2, GLBA
PDA	Parenteral Drug Association — global pharmaceutical and biopharmaceutical science organization	Industry body	ISPE, ICH
PHI	Protected Health Information — individually identifiable health data regulated under HIPAA	Data classification	ePHI (electronic form), PII
PIC/S	Pharmaceutical Inspection Co-operation Scheme — international GMP harmonization body	Regulatory body	ICH, ISPE
PII	Personally Identifiable Information — data that can identify an individual	Data classification	PHI (health-specific)
PIPEDA	Personal Information Protection and Electronic Documents Act — Canadian privacy law	International compliance	GDPR, CCPA
PKI	Public Key Infrastructure — framework for managing digital certificates and encryption keys	Security infrastructure	Certificate Authority, mTLS
PLM	Product Lifecycle Management — managing entire lifecycle of a product from inception to disposal	Integration domain	Siemens Teamcenter, PTC
PM	Product Manager or Project Manager — role responsible for product/project direction	Business role	PMM, PO
PMA	Pre-Market Approval — FDA's most rigorous device marketing pathway for Class III devices	Regulatory pathway	510(k), De Novo
PMF	Product-Market Fit — degree to which a product satisfies strong market demand	Business milestone	MVP validation
PMM	Product Marketing Manager — role bridging product development and go-to-market	Business role	PM, GTM lead
POC	Proof of Concept — minimal implementation validating technical feasibility	Development milestone	MVP, Pilot
PQ	Performance Qualification — validation proving system performs consistently under real-world conditions	Validation phase (IQ/OQ/PQ)	GAMP 5
PRD	Product Requirements Document — detailed product feature and behavior specification	Planning artifact	BRD, FRS
PagerDuty	Incident management platform for on-call alerting, escalation, and incident response automation	Alert routing destination	Opsgenie, VictorOps
PIR	Post-Incident Review — structured analysis of an incident after resolution covering timeline, root cause, impact, and corrective actions; P0 requires PIR within 5 business days	Incident response artifact	Postmortem, RCA, blameless retro
Poka-yoke	Error-proofing design principle from manufacturing; in CODITECT, applied to tool design so AI agents cannot make common mistakes (Anthropic ACI Principle 3)	Tool Engineering principle	Defensive design, guardrails
Pact	Consumer-driven contract testing framework verifying API compatibility between service providers and consumers; used in CI pipeline for agent and API contract tests	Contract testing tool	Spring Cloud Contract, Specmatic
PITR	Point-in-Time Recovery — PostgreSQL capability to restore a database to any specific moment using base backups + WAL replay; Tier 3 RPO strategy for agent logs	Database recovery mechanism	WAL replay, flashback
PLG	Product-Led Growth — GTM strategy where the product itself drives acquisition, activation, and expansion; contrasted with sales-led and marketing-led motions	GTM strategy option	Sales-led, marketing-led
PQL	Product Qualified Lead — user who has demonstrated meaningful product engagement (e.g., completed onboarding, created 5+ WOs) qualifying them for sales outreach	GTM funnel stage	MQL, SQL (Sales)
Prisma	TypeScript ORM and schema definition tool; used for CODITECT data model definition	Data access layer	TypeORM, Drizzle

Q

Term	Definition	CODITECT Equivalent	Ecosystem Analogs
QA	Quality Assurance — role ensuring quality standards; in WO system, QA approves regulatory changes with e-signature	RBAC role	Quality Manager
QMS	Quality Management System — organizational system for quality policies, objectives, and processes	Domain context	ISO 9001, ISO 13485
QSR	Quality System Regulation — FDA 21 CFR 820 requirements for medical device quality systems	Regulatory standard	ISO 13485, EU MDR

R

Term	Definition	CODITECT Equivalent	Ecosystem Analogs
RBAC	Role-Based Access Control — access model with 8 roles: Originator, Assigner, Assignee, System Owner, QA, Vendor, Admin, Auditor	Access control model	ABAC, ACL
REST	Representational State Transfer — architectural style for web APIs; CODITECT API Gateway uses REST	API style	gRPC, GraphQL
RFC 7807	Problem Details for HTTP APIs — standard format for machine-readable error responses; used for all WO API error responses	API error format	GraphQL errors, gRPC status
Risk Matrix	5×5 grid (likelihood × impact) producing risk scores 1–25; determines CAPA priority, approval escalation, and timeline requirements	Risk assessment tool	FMEA severity × occurrence
Risk Score	Numerical product of likelihood (1–5) × impact (1–5); scores ≤6 Low, 7–12 Medium, 13–19 High, 20–25 Critical	CAPA prioritization	Risk Priority Number (RPN)
RLS	Row-Level Security — PostgreSQL feature filtering rows by tenant_id; enforces multi-tenant isolation	Data isolation mechanism	Oracle VPD, SQL Server RLS
ROI	Return on Investment — gain from investment relative to cost; compliance automation delivers 300-500% ROI	Financial metric	NPV, IRR
Root Cause	Fundamental reason why a non-conformance occurred; determined via Five Whys, Fishbone, or Fault Tree analysis during CAPA workflow	CAPA root cause analysis	RCA (Root Cause Analysis)
RPC	Remote Procedure Call — protocol for executing functions on remote systems	Communication pattern	gRPC, JSON-RPC
RPO	Recovery Point Objective — maximum acceptable data loss measured in time	Disaster recovery metric	RTO
RTO	Recovery Time Objective — maximum acceptable downtime after failure	Disaster recovery metric	RPO
Raft	Distributed consensus algorithm used by NATS JetStream and HashiCorp Vault for leader election and data replication across cluster nodes	Cluster consensus	Paxos, ZAB (ZooKeeper)

S

Term	Definition	CODITECT Equivalent	Ecosystem Analogs
SAGA	Distributed transaction pattern using compensating transactions for multi-step workflows	Event-driven coordination	Temporal Workflow, Cadence
SAM	Serviceable Addressable Market — portion of TAM reachable with current product; $1.9B across 6 segments	Market metric	TAM, SOM
SAML	Security Assertion Markup Language — XML-based SSO protocol for enterprise authentication	SSO protocol	OIDC, OAuth 2.0
SAT	Site Acceptance Testing — post-delivery testing at customer site; maps to OQ validation	Validation phase	FAT, OQ
SBOM	Software Bill of Materials — inventory of all software components, dependencies, and versions in a delivered artifact; generated by Syft in SPDX format per supply chain security	Supply chain security	CycloneDX, SWID
SCAR	Supplier Corrective Action Request — formal request to supplier to address quality issue	QMS document type	NCR, CAPA
SDD	System Design Document — high-level system architecture with context diagrams, components, scaling model	Architecture artifact	HLD, C4 model
SDK	Software Development Kit — tools and libraries for building applications on a platform	Developer tooling	API, CLI
SDLC	Software Development Lifecycle — phases of software creation from planning to maintenance	Development process	Agile, Waterfall
Seed Data	Synthetic, reproducible dataset used to populate non-production environments; in regulated systems, must never contain real PHI/PII and must cover all state machine paths	Test data management	Fixtures, factories, faker
SHA-256	Secure Hash Algorithm (256-bit) — cryptographic hash function for audit trail checksums and integrity verification	Data integrity mechanism	MD5 (deprecated), SHA-3
SIEM	Security Information and Event Management — security monitoring with log correlation and alerting	Security integration	Splunk, QRadar, Sentinel
SLA	Service Level Agreement — contractual performance commitments (uptime, response time)	Operational metric	SLI, SLO
SLI	Service Level Indicator — measured metric feeding SLO calculations (latency, error rate, throughput)	Observability metric	SLA, SLO
SLO	Service Level Objective — target value for an SLI; internal goal informing SLA	Operational target	SLI, SLA
Smoke Test	Minimal post-deployment verification that critical paths function; run after every production deployment before full traffic shift	Post-deploy validation	Canary test, health check
Semgrep	Lightweight static analysis tool using pattern-matching rules for security scanning, code quality, and policy enforcement in CI pipelines	Security scanning (CI)	ESLint, SonarQube, CodeQL
Service Mesh	Infrastructure layer handling service-to-service communication with features like mTLS, load balancing, and observability; referenced in zero-trust network architecture	Network security option	Istio, Linkerd, Envoy
Snyk	Developer-first security platform for vulnerability scanning of dependencies, containers, and IaC; used alongside Trivy in CI pipeline	Dependency scanning (CI)	Dependabot, Grype, Renovate
SOC 2	Service Organization Control Type 2 — AICPA trust service criteria audit for security, availability, integrity	Compliance framework	ISO 27001, SOC 1
SOD	Separation of Duties — control principle preventing one person from completing conflicting tasks; 6 rules enforced	Security constraint	Dual control, four-eyes
SOM	Serviceable Obtainable Market — realistic market capture; Y3 target $28.8M ARR (120 customers)	Market metric	TAM, SAM
SOP	Standard Operating Procedure — documented step-by-step instructions for routine operations	QMS document type	WI, Work Instruction
SPDX	Software Package Data Exchange — Linux Foundation standard format for communicating SBOM component information	SBOM output format	CycloneDX, SWID
SQL	Structured Query Language — standard language for relational database operations	Database interface	—
SRS	Software Requirements Specification — detailed technical requirements document	Planning artifact	FRS, URS
SSL	Secure Sockets Layer — predecessor to TLS; deprecated but term still commonly used	Legacy security protocol	TLS 1.3 (current)
SSO	Single Sign-On — one login grants access to multiple systems; OIDC/SAML-based	API Gateway integration	Okta, Azure AD
State Machine	9-state lifecycle engine with composable guards (DRAFT→PLANNED→SCHEDULED→IN_PROGRESS→PENDING_REVIEW→APPROVED/REJECTED→COMPLETED/CANCELLED)	WO Lifecycle Engine	XState, Spring SM
STRIDE	Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege — Microsoft's threat modeling methodology used in security architecture	Threat model framework	PASTA, DREAD, LINDDUN
Syft	Open-source SBOM generation tool from Anchore; produces SPDX or CycloneDX output from container images and source code	CI/CD SBOM generation	Trivy (also generates SBOM)

T

Term	Definition	CODITECT Equivalent	Ecosystem Analogs
TAM	Total Addressable Market — total demand; primary $3.5B (Change Control $2.1B + CSV $1.4B by 2028)	Market metric	SAM, SOM
TCO	Total Cost of Ownership — complete cost including purchase, deploy, operate, maintain	Business metric	ROI
TDD	Technical Design Document — implementation spec with APIs, data models, deployment. Also: Test-Driven Development	Architecture artifact / Test methodology	—
TDE	Transparent Data Encryption — database-level encryption for data at rest (AES-256)	PostgreSQL encryption	Oracle TDE
Temporal	Durable execution platform for long-running workflows with built-in retry and state persistence	Agent orchestration analog	LangGraph, Prefect
Tenant	Isolated customer organization; all data partitioned by tenant_id with PostgreSQL RLS	Platform tenant model	SaaS multi-tenancy
Terraform	HashiCorp Infrastructure as Code tool for defining and provisioning cloud resources declaratively; CODITECT uses modular structure with environment overlays	IaC framework	Pulumi, CloudFormation, CDK
TGA	Therapeutic Goods Administration — Australian pharmaceutical and medical device regulatory authority	International regulatory	FDA, EMA, MHRA
Theia	Eclipse Theia — open-source IDE framework with InversifyJS DI; CODITECT developer interface	IDE Shell container	VS Code, JetBrains
Time Entry	Actual work record — person, vendor, hours, rate type, cost center for WO execution tracking	TimeEntry entity	Maximo Labor
TLS	Transport Layer Security (v1.3) — cryptographic protocol securing network communications	Network security	mTLS, SSL (deprecated)
Token Budget	Pre-allocated token limit per agent; warning at 80%, hard stop at 95% to control AI costs	Budget Controller	CODITECT differentiator
Tool	Physical equipment for WO execution — tracked with calibration status and availability windows	Tool entity	Maximo Tool
Transactional Outbox	Events written to outbox table in same database transaction as state change, then published to event bus	Event Bus integration pattern	Debezium CDC
Trivy	Open-source container vulnerability scanner by Aqua Security; blocks CI builds with Critical/High CVEs; also generates SBOMs	Container security scanning	Snyk, Grype, Clair
TSC	Trust Service Criteria — AICPA framework defining SOC 2 audit categories (Security, Availability, Processing Integrity, Confidentiality, Privacy)	SOC 2 compliance framework	ISO 27001 controls
TSX	TypeScript JSX — TypeScript variant of JSX for type-safe React components	Code file format	JSX (JavaScript)
TTL	Time To Live — expiration duration for cached data, tokens, session, or signature delegation	Configuration parameter	Cache TTL
Two-Phase Signature	Phase 1: create ElectronicSignature record, Phase 2: bind to Approval — consumed flag prevents reuse	Signature Service pattern	CODITECT innovation

U

Term	Definition	CODITECT Equivalent	Ecosystem Analogs
UAT	User Acceptance Testing — end users validate system meets requirements before production deployment	Validation phase	PQ
ULID	Universally Unique Lexicographically Sortable Identifier — time-ordered alternative to UUID	ID generation option	UUID, CUID
UML	Unified Modeling Language — standardized visual modeling notation for software systems	Documentation format	C4, BPMN
URS	User Requirements Specification — document capturing user needs and expectations	Planning artifact	FRS, SRS
UUID	Universally Unique Identifier — 128-bit globally unique ID used as primary key for all entities	Primary key format	ULID, CUID
UUID v7	Time-ordered UUID variant (RFC 9562) — embeds Unix timestamp for natural chronological ordering; used for event IDs and idempotency keys	Event and request ID format	ULID, CUID, UUID v4
UX	User Experience — design discipline focused on user interaction quality and satisfaction	Design practice	UI, HCI

V

Term	Definition	CODITECT Equivalent	Ecosystem Analogs
Validation Status	Asset classification: VALIDATED, PENDING_VALIDATION, NOT_APPLICABLE — determines regulatory controls applied	Asset.validationStatus	GxP validation state
VC	Venture Capital — private equity investment in early-stage companies; relevant to funding strategy	Funding source	Angel, Series A/B/C

W

Term	Definition	CODITECT Equivalent	Ecosystem Analogs
WAL	Write-Ahead Log — PostgreSQL mechanism writing changes to log before data pages; basis for CDC and replication	Database mechanism	Redo log, Binlog
WASM	WebAssembly — binary instruction format for browser-native code execution at near-native speed	IDE terminal option	—
WCAG	Web Content Accessibility Guidelines — W3C standard for web accessibility; WO system targets WCAG 2.1 AA compliance for all user-facing interfaces	Accessibility standard	Section 508, ARIA, ADA
Webhook	HTTP callback delivering real-time event notifications to external systems; WO system supports 8+ subscribable event types with HMAC signature verification	Integration pattern	Polling, WebSocket, SSE
WI	Work Instruction — controlled step-by-step execution document referenced by JobPlan	JobPlan.workInstructionRef	SOP, Maximo WI
WO	Work Order — atomic change control record; fundamental unit of regulated change management in QMS	WorkOrder entity	Maximo WO, ServiceNow Change
WOMS	Work Order Management System — complete system managing WO lifecycle from creation to completion	WO Engine	Maximo, ServiceNow
Workload Identity	GKE mechanism binding Kubernetes service accounts to GCP IAM service accounts; eliminates need for exported key files in containers	GKE IAM integration	AWS IRSA, Azure Workload Identity
WTP	Willingness To Pay — maximum price a customer will pay for a solution; used in pricing analysis	Pricing metric	Price sensitivity

X

Term	Definition	CODITECT Equivalent	Ecosystem Analogs
XState	JavaScript/TypeScript state machine and statechart library — analog for WO state machine	State machine analog	Spring SM, Akka FSM

Y–Z

Term	Definition	CODITECT Equivalent	Ecosystem Analogs
Zero Trust	Security model assuming no implicit trust for any entity inside or outside the network; every request is authenticated, authorized, and encrypted regardless of origin	Network security architecture	BeyondCorp, ZTNA, SASE

No additional terms currently defined for Y.

---

Total terms: 400+
Coverage: All 79+ artifacts (markdown + JSX + ADRs + meta-prompts), system prompt v8.0, specification documents, and gap closure series
Last updated: 2026-02-13

---

Copyright 2026 AZ1.AI Inc. All rights reserved. Developer: Hal Casteel, CEO/CTO Product: CODITECT-BIO-QMS | Part of the CODITECT Product Suite Classification: Internal - Confidential