Glossary

Plain-English definitions for the terms, acronyms, and concepts used across Codifide's projects. If something on the site confused you, it's probably here.

Codifide Language

intent: A required string on every Codifide function that declares why it exists — not what it does. Unlike a comment, it's part of the function's structure and included in the content hash. Two functions with different intents have different identities even if their code is identical.
effects: A declaration of what side effects a function is allowed to produce — for example {io.write} or {http.fetch}. Enforced transitively: a function that calls another function inherits its effects. A pure function (effects {}) cannot call an impure one without declaring the effect.
contracts (pre / post): Preconditions and postconditions attached to a function that the runtime actually evaluates at call time — not documentation. A precondition must be true before the function runs; a postcondition must be true after. Contracts run with an empty effect budget, meaning they can only read state, not change it.
confidence / conf(): A numeric score between 0.0 and 1.0 attached to a value indicating how certain the system is about it. conf(label) retrieves the score. Confidence is a first-class value in Codifide — you can dispatch on it, gate on it, and refuse when it's too low.
believe / belief dispatch: A Codifide keyword that routes program flow based on the confidence score of a value. believe label ge(conf(label), 0.85) => label else => bottom means "if confidence is at least 85%, return the label; otherwise refuse." This is belief dispatch — making decisions based on probability, not just value.
bottom: A Codifide value — not an exception — meaning "I don't know enough to answer." A function returns bottom instead of guessing. As of v3.0, it can carry a reason: bottom "confidence below threshold". The runtime propagates bottom and raises a RefusalError if it escapes unhandled.
sig: Short for "signature." Declares a function's input and output types, e.g. sig (message: String) -> Label. As of v4.0, these are enforced at runtime — passing the wrong type raises a TypeViolation.
cand: Short for "candidates." The body of a Codifide function — a list of expressions the runtime evaluates in order to produce a result. Each candidate can have a when guard that controls whether it runs.
content-addressed / content addressing: A system where code is identified by the cryptographic hash of its contents, not by a name or version number. If the code changes, the hash changes — so the hash is the identity. Two agents with the same hash are guaranteed to be looking at the same code.
canonical form: The single, deterministic byte representation of a Codifide function. The same function always serializes to the same bytes, which always produce the same SHA-256 hash. This is what gets stored in the registry and verified on every fetch.
pure function: A function with no side effects — it only reads its inputs and returns a value. Declared with effects {}. Codifide enforces this: a pure function cannot call an impure one without declaring the effect.
call graph: The map of which functions call which other functions. Codifide enforces effect declarations transitively across the entire call graph — you can't hide an effect by burying it in a helper function.
RPC / RPC API: Remote Procedure Call. A way to call functions over a network as if they were local. The Codifide server exposes an RPC API so agents can publish and fetch symbols over HTTP using standard POST and GET requests.
capability manifest: A machine-readable JSON document (capability.json) describing what the Codifide runtime can do — its primitives, effects, error types, and links to human-readable docs. Agents fetch this to understand the runtime without reading source code.

Data & Formats

CBOR: RFC 8949 — Concise Binary Object Representation. A compact binary data format — think of it as a binary version of JSON that's smaller and faster to parse. Codifide uses CBOR to serialize functions for storage and transmission. The same data that JSON represents in ~200 bytes, CBOR often represents in ~80 bytes. RFC 8949 ↗
SHA-256: A cryptographic hash function that produces a 256-bit (64 hex character) fingerprint of any data. Used as the identity of every Codifide symbol. The same input always produces the same hash; any change to the input produces a completely different hash. Appears throughout the registry as sha256:<64 hex chars>.
JSON: JavaScript Object Notation. A human-readable text format for structured data. The Codifide registry returns CBOR by default but JSON on request (Accept: application/json). Most developers are already familiar with JSON.
Bearer token: An HTTP authorization mechanism: Authorization: Bearer <token>. Required to publish symbols to the Codifide registry. Anyone can read; only holders of the write token can publish.
TLS: Transport Layer Security. The protocol behind HTTPS — it encrypts data in transit so it can't be read or tampered with between client and server. When you see https://, TLS is running underneath.
CDN: Content Delivery Network. A distributed network of servers around the world that caches content close to users. When you fetch a symbol from the Codifide registry, you're hitting a CDN edge node near you — not a single server in one location.
AST: Abstract Syntax Tree. The internal tree structure a parser builds from source code. When Codifide parses a .cod file, it produces an AST before executing or serializing the code.
OAuth: Open Authorization. An industry-standard protocol for delegated access — letting one application access resources on behalf of a user without sharing passwords. Used in Codifide Health for SMART on FHIR integrations.

Healthcare (Codifide Health)

HIPAA: Health Insurance Portability and Accountability Act. U.S. federal law governing the privacy and security of patient health data. Any system that stores or processes protected health information (PHI) must comply. Non-compliance carries significant fines.
SOC 2: Service Organization Control 2. An auditing standard for cloud service providers that evaluates security, availability, processing integrity, confidentiality, and privacy controls. A SOC 2 report is evidence that a vendor takes data security seriously.
FHIR: Fast Healthcare Interoperability Resources (pronounced "fire"). The modern standard for exchanging healthcare data between systems — EHRs, apps, payers, and analytics platforms. "FHIR-native" means the platform speaks this standard natively rather than requiring translation layers.
SMART on FHIR: A standard that layers OAuth 2.0 authorization on top of FHIR, allowing third-party apps to securely access EHR data with patient or provider consent. SMART = Substitutable Medical Applications, Reusable Technologies. It's how apps like Codifide Health connect to Epic or Cerner without storing credentials.
EHR: Electronic Health Record. A digital version of a patient's medical chart — diagnoses, medications, lab results, visit notes, and more. The major EHR vendors are Epic, Cerner, athenahealth, and eClinicalWorks.
MIPS: Merit-based Incentive Payment System. A U.S. Medicare program that adjusts physician payments up or down based on performance on quality, cost, and improvement measures. Providers must report MIPS data annually.
HEDIS: Healthcare Effectiveness Data and Information Set. Standardized performance measures used by health plans to evaluate care quality — for example, "what percentage of diabetic patients had an A1C test this year?" Used by nearly every major U.S. health plan.
Tuva: An open-source healthcare data transformation framework that standardizes claims and clinical data into a common data model. "Tuva-aligned" means Codifide Health's data model follows Tuva's conventions, making it interoperable with other Tuva-based tools. thetuvaproject.com ↗
Federated ML: Federated Machine Learning. A technique where AI models are trained across multiple data sources — for example, multiple hospitals — without raw patient data ever leaving each site. Each site trains locally and shares only model updates, not data. Enables collaborative AI while preserving patient privacy.
ABAC: Attribute-Based Access Control. A fine-grained authorization model where access decisions are based on attributes of the user, the resource, and the environment — not just their role. More flexible than simple role-based access (RBAC). Example: "a nurse can read records for patients in their unit, during their shift."
zero-trust security: A security model that assumes no user, device, or network is inherently trusted — every access request must be verified, regardless of where it comes from. "Never trust, always verify." Contrast with perimeter security, which trusts everything inside the firewall.
fail-closed: A safety design principle: when something is uncertain or missing, deny access rather than allow it. The opposite is "fail-open" (allow by default). "No implicit tenant fallbacks" means if a user's organization can't be determined, they get nothing — not a default view.

Infrastructure & Technology

Kafka: Apache Kafka. An open-source distributed event streaming platform designed for high-throughput, real-time data pipelines. Used in Codifide Health to stream clinical events (lab results, admissions, etc.) between systems without data loss.
ClickHouse: An open-source columnar database optimized for fast analytical queries over very large datasets. Where a traditional row-based database might take minutes to aggregate millions of records, ClickHouse does it in seconds. Used in Codifide Health for MIPS/HEDIS quality measure calculations.
Keycloak: An open-source identity and access management server. Handles authentication (who are you?), authorization (what can you do?), and single sign-on (SSO). Used in Codifide Health to implement ABAC policies and SMART on FHIR OAuth flows.
Next.js: A React-based web framework for building fast, server-rendered web applications. Used for the Decode The Sign companion web app (the version that works on Android and desktop).
Supabase: An open-source backend-as-a-service built on PostgreSQL. Provides a database, authentication, and file storage with a simple API. Used in Decode The Sign for storing parking sign data and user sessions.
Expo: A framework for building React Native mobile apps that run on both iOS and Android from a single codebase. Decode The Sign uses a "native iOS app with Expo shell" — native iOS code for performance-critical features, Expo for cross-platform convenience.
OCR: Optical Character Recognition. Technology that converts images of text into machine-readable text. Decode The Sign uses OCR to read parking sign text from photos. "Semantic OCR" goes further — it interprets what the sign means, not just what it says.
multi-tenant: A software architecture where a single system serves multiple independent customers ("tenants"), each isolated from the others. A hospital using Codifide Health cannot see another hospital's patient data, even though they share the same underlying infrastructure.

AI Governance

Stage-Gate® framework: A product development process invented by Robert Cooper that divides a project into stages separated by "gates" — explicit go/kill decision points where a project must demonstrate evidence before proceeding. The Agentic Stage-Gate Governance project adapts this for software built by AI agents.
agentic AI / agent era: AI systems that autonomously take sequences of actions to complete goals — writing code, running tests, deploying software — rather than just answering single questions. "The agent era" refers to the period we're entering where AI agents are active participants in software development, not just assistants.
adversarial review: A review conducted by a party whose explicit job is to find problems, not validate the work. In the Stage-Gate framework, the B-Team reviewer uses a different AI model with a hostile persona — its job is to break the work, not approve it.
Zero-Context auditor: A reviewer who reads the work with no prior context about the project — simulating how a regulator, external auditor, or new team member would approach it. If the work can't be understood cold, it fails the gate.
gate pass: Approval to proceed from one stage to the next. Requires concrete evidence — test coverage reports, security sign-offs, accessibility audits. "We think it's fine" is not a gate pass.

General

idempotent: An operation that produces the same result whether you do it once or many times. Publishing the same symbol to the Codifide registry twice is idempotent — the second publish returns the same identity as the first, with no duplicates or errors.
hash-verified: After fetching a symbol from the registry, the client recomputes the SHA-256 hash of the received bytes and confirms it matches the requested hash. If they don't match, the bytes are rejected. This means the registry cannot serve tampered code — any change to the bytes changes the hash.
footgun: Developer slang for a feature or behavior that makes it easy to accidentally cause a hard-to-debug error. "Shooting yourself in the foot." The bind-before-when pattern in Codifide was a footgun — fixed in v2.0 by making it a parse error with a clear fix message.
liveness check: A simple health endpoint (/health) that returns {"status":"ok"} to confirm a server is running and reachable. Used by monitoring systems to detect outages.
audit trail: An immutable log of who accessed or changed what, and when. Required for HIPAA compliance. If a clinician views a patient record, that access is logged and cannot be altered retroactively.