Glossary

Generated 2026-05-15 18:17. 796 term(s). Source: REQQA's definitions table.

This page is generated by the help-build pipeline. Edit definitions in REQQA's glossary UI; changes appear here at the next release.

Index

• A (117)
• B (60)
• C (87)
• D (56)
• E (17)
• F (22)
• G (15)
• H (25)
• I (37)
• J (2)
• K (2)
• L (19)
• M (24)
• N (11)
• O (28)
• P (75)
• Q (5)
• R (57)
• S (72)
• Symbols (1)
• T (39)
• U (14)
• V (5)
• W (6)

Symbols

32-byte value

A sequence of 32 bytes (256 bits) of data, typically represented as 64 hexadecimal characters or 43 base64 characters (with padding). In the context of API tokens, this refers to the raw random data generated before encoding into a human-readable token string format.

A

abandoned cart recovery campaigns

Automated marketing communications (typically emails or push notifications) sent to users who have added items to their basket but not completed checkout, designed to encourage them to return and complete their purchase. Recovery campaigns may include reminders, incentives (discounts, free shipping), or product recommendations, and are typically triggered after a defined abandonment period.

abandonment detection job

A scheduled background process that identifies registered user baskets with no activity (basket_viewed, item_added, item_removed, quantity_modified, or checkout_initiated events) for 30 days and marks them as abandoned. The job queries BasketAuditLog to determine the last activity timestamp and transitions qualifying baskets from 'active' to 'abandoned' status, triggering analytics events for marketing campaigns.

abnormal heart rate

A heart rate measurement that falls outside the normal physiological range for a soldier during operational activity, indicating potential cardiac distress or medical emergency. Abnormality thresholds are defined based on age, fitness level, activity state, and medical guidance, with separate bounds for resting, moderate activity, and vigorous activity states.

abuse correlation

The process of identifying patterns of malicious or fraudulent access requests by analyzing IP addresses, email domains, submission timing, and request content to detect coordinated spam campaigns, bot activity, or repeated attempts from blocked sources. Correlation enables proactive filtering and helps distinguish legitimate requests from abuse.

abuse patterns

Repeated or systematic misuse of the OAuth authentication system, including but not limited to: high-frequency sign-in attempts from the same IP or email, credential stuffing attacks, automated bot traffic, or attempts to exploit OAuth flows for unauthorized access. Abuse patterns are detected through analysis of authentication logs and may trigger rate limiting, account lockout, or security alerts.

acceptable timeframe (verified)

The maximum elapsed time between a user initiating an action (such as a search query or page navigation) and the system delivering a complete response, measured in milliseconds or seconds. This threshold defines the boundary between acceptable and unacceptable user experience for performance-sensitive operations.

acceptance criteria

A set of verifiable conditions that must be satisfied to confirm successful implementation of a feature, requirement, or system component. These criteria establish measurable thresholds for functionality, performance, security, and compliance, providing an objective basis for validating that delivered capabilities meet stakeholder expectations and operational needs.

acceptance-criteria coverage

A measure of the extent to which a user story's acceptance criteria comprehensively specify all testable conditions and scenarios required to verify the story's functionality, including normal flows, edge cases, error conditions, and non-functional requirements.

accepted

A developer confirmation status indicating that the developer has tested the build deliverables, verified they meet the scope requirements, and formally accepted the build as complete and ready for closure. ACCEPTED status is a prerequisite for executing the /close-build skill and represents the developer's sign-off that the build phase is successfully concluded.

access control

A security mechanism that regulates which users, systems, or API clients can access specific resources, operations, or data within the platform. In the context of API integration, it provides granular permission management through custom API keys, ensuring that external systems can only perform authorized actions and access permitted information while maintaining audit trails of all access attempts.

access-request flow

The user journey and sequence of interactions through which a prospective user requests access to the REQQA platform, beginning from an entry point (login page, OAuth rejection page, or marketing site) and culminating in submission of an access request via the /requestAccess endpoint. The flow encompasses discovery of the request mechanism, navigation to the request form, and submission of the access request.

account balance

The total monetary amount owed by a member to the library, calculated as the sum of all outstanding fines minus any payments or credits applied. The account balance is updated in real-time as fines are assessed or payments are received, and is used to determine whether borrowing privileges should be suspended.

account dashboard

A personalized web page or interface section accessible to registered users after authentication, providing an overview of their account information and quick access to key features such as order history, current orders, saved addresses, payment methods, preferences, and account settings. The dashboard serves as the primary navigation hub for account-related functions.

account information

Personal and transactional data associated with a user's account, including profile details, contact information, booking history, preferences, payment methods on file, loyalty program status, and any other data that identifies or relates to the user's relationship with the system.

account lockout

A security mechanism that temporarily or permanently disables a user account after a specified number of consecutive failed authentication attempts, preventing brute-force password attacks. The lockout includes the duration of the lock, the method for unlocking (automatic after time period, manual by administrator, or user-initiated password reset), and whether the counter resets after successful login.

accurate

Conforming to the true state of disruption events, passenger data, and policy rules without error or distortion. In the context of this platform, accuracy ensures that detected irregularities, executed decisions, and communicated information faithfully represent actual operational conditions and regulatory requirements, enabling reliable re-accommodation and compliance outcomes.

acknowledgement latency

The elapsed time between when an alert is first raised by the system and when the squad leader acknowledges the alert, measured in seconds or minutes, used as a performance metric to assess squad leader responsiveness and identify training needs or system usability issues.

acquisition date

The calendar date on which an investment holding was purchased or otherwise acquired by the user. The acquisition date is used to calculate holding period for tax purposes (short-term vs long-term capital gains), track investment performance over time, and determine the applicable cost basis for specific lot identification methods. The date must be in the past and not later than the current date.

acting user

The user identity resolved from the API token used to authenticate a write request, representing the person or system performing the operation. The acting user is recorded in audit logs and as the created_by or updated_by value for all write operations, enabling traceability of who made each change.

action bar

A user interface component displayed in the backlog list view that presents available batch operations (such as 'Attach to Scope' or 'Create New Scope') that can be performed on the currently selected backlog items. The action bar typically appears when one or more items are selected and provides buttons or menu options for bulk actions.

action menu

A contextual menu or dropdown control displayed in association with a list item or entity that presents available operations (such as 'Attach to Scope', 'Edit', 'Delete') that can be performed on that item. Action menus typically appear on hover, click, or through a dedicated button (often represented by three dots or similar icon).

action option

A user interface element (button, link, or menu item) displayed on the triage page that represents an available operation the analyst can perform on the backlog item, such as 'Promote to requirement' or 'Decline'. Action options are enabled for open backlog items and trigger specific triage workflows when selected.

active holdings

Investment holdings that are currently owned by the user and included in portfolio calculations. Active holdings exclude deleted holdings, sold positions (quantity = 0), or holdings marked as inactive. Only active holdings contribute to total portfolio value and asset allocation calculations.

active loans

Book borrowing transactions that are currently in progress, where a library member has checked out a copy and has not yet returned it or been marked as overdue beyond the final grace period. Active loans represent outstanding obligations that must be resolved before certain administrative actions (such as book deletion) can be performed.

active members

Library members who currently have valid borrowing privileges and are not suspended or expired. This may include members with current loans, recent activity within a defined period, or simply all members in good standing regardless of recent usage.

active memberships

Memberships that are currently in good standing and have not been suspended or deactivated. Active memberships allow the member to use all library services for which they are entitled based on their membership type. This status excludes suspended memberships (temporarily restricted due to policy violations) and deactivated memberships (permanently closed).

active reservations

Reservations that are currently in a pending state in the queue, excluding those that have been fulfilled (converted to loans), cancelled by the member, or expired due to non-collection. Active reservations are visible to the member and can be cancelled by them.

active session

A user session where the user has performed a basket-related action (basket_viewed event) within the last 5 minutes, indicating ongoing interaction with the basket. Active sessions are detected by the expiry batch job to defer basket expiry while the user is actively viewing or modifying their basket, preventing expiry during active use.

active_panel_key

An identifier representing the currently active tab, modal, or sub-view within a page template, used in conjunction with template_key to resolve panel-specific help content. The value is NULL when no panel is active or when the page has no panel structure. The active_panel_key is determined by client-side state (active tab selection, open modal) and passed to the help resolution logic.

ad-hoc reports

Custom reports generated on-demand by library managers with user-specified parameters including date ranges, filtering criteria, and data dimensions, as opposed to pre-scheduled or standardized reports. Ad-hoc reports allow flexible exploration of data without requiring predefined report templates.

adaptive power and routing

A mesh network capability where radio transmission power and message routing paths are dynamically adjusted based on link quality, network topology, battery state, and operational requirements. Adaptive power reduces energy consumption and RF signature when conditions permit, while adaptive routing selects optimal paths around failed nodes or poor links to maintain connectivity.

adjustment

A modification to a passenger's booking, entitlements, or compensation resulting from a disruption event, executed according to policy-compliant re-accommodation workflows. These changes are recorded in the Case timeline with full auditability, including the rules applied, the previous state, and the deterministic decision that triggered the modification.

admin record

A database record in the access request management table that stores submitted access request details, accessible through the administrative interface at the path /adminInfoRequest/<id> for review and processing by REQQA team members with administrative privileges.

admin triage

The administrative process of reviewing candidate FAQ topics from the candidate queue and making a disposition decision: publish as FAQ entry (creating new content), improve existing content (updating related help pages), merge with existing FAQ (consolidating duplicates), or dismiss (marking as not requiring FAQ coverage). Triage includes evaluating signal strength (volume, recency), assessing whether existing content addresses the topic, and recording the decision rationale for audit purposes.

administrative changes

Modifications to system records performed by authorized staff members (as opposed to automated system processes or member self-service actions), typically requiring elevated privileges and subject to additional audit scrutiny. Examples include manual fine adjustments, account status overrides, or catalog corrections.

administrative functions

System operations and capabilities reserved for staff users that involve managing other users' data, configuring system settings, viewing reports across multiple accounts, performing bulk operations, managing inventory or resources, and other privileged actions that affect the system or multiple users beyond one's own account.

administrative review workflow

A manual approval process triggered when a bulk order would reduce stock below the safety threshold, requiring an authorized administrator to review the order details, assess current inventory levels and incoming replenishment, and make a decision to approve, reject, or modify the order before it proceeds to fulfillment. The workflow includes notification to designated reviewers, a review interface displaying relevant inventory and order data, and audit logging of the decision and rationale.

administrator dashboard

A web-based user interface accessible to system administrators that displays aggregated help system metrics and analytics in a visual format, including top search queries, zero-result queries, page view statistics, and user feedback ratings, enabling administrators to identify content gaps, monitor help system effectiveness, and prioritize content improvements.

advance notice

A notification provided to users before scheduled maintenance or service interruption, delivered within a specified minimum timeframe (e.g., 24 hours, 48 hours, one week) through designated communication channels. The notice period allows users to plan around the maintenance window and complete time-sensitive activities.

adversary jamming

Intentional transmission of radio frequency signals by hostile forces designed to disrupt, deny, or degrade the mesh network's wireless communications. Jamming may involve broadcasting noise on the mesh's operating frequency, transmitting deceptive signals, or using directional antennas to target specific devices or areas. The mesh must detect jamming conditions and adapt transmission parameters (frequency, power, modulation) to maintain communications under jamming, potentially with reduced data rates or coverage.

advisory criteria

A set of quality or completeness checks that are evaluated when transitioning a scope to handover_ready status, including conditions such as 'all stories analysed' and 'no HIGH issues'. Advisory criteria provide guidance and warnings to developers but do not block status transitions in v1, allowing developers to proceed with handover despite unmet criteria while being informed of potential quality concerns.

aes-256

Advanced Encryption Standard with a 256-bit key length - a symmetric block cipher approved by NIST (FIPS 197) that encrypts data in 128-bit blocks using a 256-bit encryption key. AES-256 provides a high security margin (approximately 128 bits of security strength against brute force) and is widely approved for protecting classified information up to TOP SECRET level in US and UK government systems.

aes-256-gcm

Advanced Encryption Standard with 256-bit key in Galois/Counter Mode — a symmetric encryption algorithm that provides both confidentiality (encryption) and integrity/authenticity (authentication tag) in a single operation. AES-256 uses a 256-bit encryption key, and GCM mode combines counter mode encryption with Galois field multiplication to produce an authentication tag, enabling authenticated encryption with associated data (AEAD). Widely used in secure communications and approved by NIST and NCSC for protecting classified information.

age

A computed display value representing the elapsed time since a backlog item was created, calculated as the difference between the current timestamp and the item's created_at timestamp, and rendered in human-readable relative time format (e.g., '2 days ago', '3 weeks ago', '1 month ago') to help analysts quickly assess item recency.

age indicator

A visual element displayed on the tablet interface that shows the elapsed time since the last successful communication with an out-of-contact device, indicating how stale the displayed data is. The age indicator may be expressed as a timestamp ('last contact: 14:32'), elapsed time ('2 minutes ago'), or visual cue (color coding, icon) to help the squad leader assess the reliability of displayed information for devices that are currently unreachable.

agenda_sequence

An integer field on the help_pages table that defines the display order of pages within the demo agenda, with lower numbers appearing earlier in the walk-through. The sequence is editorially assigned (not derived) and applies only to pages with demo_inclusion != 'none'. Pages with NULL agenda_sequence or demo_inclusion='none' are excluded from the demo agenda rendering.

aggregated current squad state

A consolidated data structure containing the current operational status of all soldiers in a squad, including location, physiological status, equipment status, and tactical posture, aggregated from individual soldier device reports by the squad-leader tablet. The aggregated state provides a squad-level summary suitable for transmission to HQ within bandwidth constraints.

aggregated squad-state data structure

A summary representation of squad status transmitted to higher echelons, containing squad identifier, timestamp, squad leader location, count of soldiers (total, operational, casualties, missing), aggregate physiological status (all normal, one or more distress alerts), aggregate equipment status (all equipped, one or more equipment alerts), and optionally individual soldier locations and states. The aggregated structure reduces bandwidth requirements on long-range radio bearers while providing HQ with actionable squad-level situational awareness.

aggregated state model

A data architecture pattern where the HQ client receives and processes squad-level summary data rather than individual soldier-level data. This approach reduces network bandwidth and processing load at the HQ level by having each squad-leader tablet pre-aggregate soldier data into squad-level summaries before transmission to HQ. The aggregated state model enables sub-linear scaling at the HQ level as the number of squads increases.

aggregation logic

The algorithm and business rules used to compute squad-level summary statistics from individual soldier reports, including how to count members in each health state, handle missing or stale data, determine squad position from squad leader location, and calculate the aggregation timestamp.

ai-assisted api documentation

No definition yet.

ai-driven chatbot

No definition yet.

ai-driven gap analysis

No definition yet.

ai-driven insights

No definition yet.

ai-driven risk assessment

No definition yet.

ai-generated recommendations

No definition yet.

ajax

Asynchronous JavaScript and XML - a web development technique that allows web pages to update content dynamically by making asynchronous HTTP requests to the server in the background, without requiring a full page reload. In the context of basket badge updates, AJAX is used to fetch the current basket item count from the Basket API after page load and update the badge display without refreshing the entire page.

alert acknowledgement

The action by which a soldier confirms receipt and awareness of a device-generated alert (physiological warning, casualty detection, or operational notification) by performing a defined physical interaction with the device (button press, gesture, or other input). Acknowledgement stops the alert signal and may trigger status updates to monitoring systems.

alert condition

A state where a squad member's health status, equipment status, or communication status has degraded to a level requiring immediate squad leader attention and potential intervention. Alert conditions include: physiological distress (red health status indicator), critical equipment loss or failure (red equipment status indicator), and loss of contact (no status update received within a defined timeout period). Alert conditions are visually highlighted on the tactical display using additional cues (flashing, bold outline, audible alert) to ensure the squad leader notices them promptly.

alert condition detection

The process by which the SQUAD-STATE application analyzes incoming device reports to identify situations requiring immediate squad leader attention, such as casualty indicators (abnormal physiological readings, lack of movement, device impact), equipment failures (low battery, ammunition depletion), or tactical events (soldier separation from squad, boundary violations). Detection involves applying predefined rules to report data and triggering visual/audible alerts when thresholds are exceeded.

alert fatigue

A psychological desensitization effect where squad leaders become less responsive to casualty alerts due to excessive false alarms, leading to delayed or ignored responses to genuine casualties. Alert fatigue increases with higher false-positive rates and is a key operational risk factor in the design of alert thresholds.

alert generation

The automated detection and notification process that identifies abnormal conditions requiring squad leader or HQ attention, including physiological distress (abnormal heart rate, prolonged immobility in prone/supine posture), equipment loss (weapon or radio separation), and mesh fragmentation (loss of communication with one or more soldiers). Alerts are displayed on the squad leader tablet with visual and audible indicators, logged with timestamp and soldier identifier, and may be escalated to higher echelons depending on severity and acknowledgement status.

alert precision

The percentage of generated casualty alerts that are correctly classified by alert type (immobility versus physiological distress), calculated as (alerts correctly classified by type ÷ total alerts generated) × 100. Precision measures the system's ability to distinguish between different casualty causes, not just detect that a casualty has occurred.

allocated

The system action of assigning a specific book copy to a member who has a reservation, changing the book's status to 'reserved' and making it unavailable to other members. Allocation triggers a notification to the member and starts the hold period timer. The book remains allocated until the member checks it out (converting to a loan) or the hold period expires.

ambient display

A user interface design pattern where information is continuously visible in the user's peripheral vision without requiring active query or interaction, enabling awareness of system state without diverting attention from primary tasks. In SQUAD-STATE context, the squad leader tablet provides ambient display of squad state through the real-time roster, allowing the squad leader to monitor soldier status at a glance without conducting voice checks or navigating through menus.

analyser

A software component or module within REQQA that executes a specific type of analysis (such as R-D Definitions, R-F Functional, R-C Completeness) on a requirement or story, applying predefined rubrics to identify issues, assess quality, and generate structured feedback. Each analyser corresponds to a step-code and produces analysis results stored in the analyses and analysis_issues tables.

analyser step-code

A short alphanumeric identifier (e.g., 'R-D', 'R-F', 'R-C') that uniquely identifies a specific requirement analysis step or procedure within the REQQA analysis framework. Step-codes follow a consistent naming convention and are registered in the system's analyser registry, enabling references to analysis types in templates, requirements, and audit trails.

analyser step-code registry

A system-maintained reference data store containing all valid analyser step-codes (such as R-D, R-F, R-C) with their descriptions and metadata, used to validate recommended_analyses field values during template creation and updates. The registry serves as the authoritative source for determining which step-codes are recognized by the system and available for configuration on requirement templates.

analysis engine

The core REQQA subsystem responsible for executing requirement analyses by orchestrating AI calls, managing analysis workflows, detecting issues, tracking progress, and persisting results to the analyses and analysis_issues database tables. Located in the modules/ and harness/ directories, it implements the step-code taxonomy (R-D, R-F, R-C, etc.) and coordinates worker processes to perform asynchronous analysis operations.

analyst

A user role in REQQA with permissions to create and manage requirements, stories, scopes, and backlog items within their organization. Analysts are responsible for requirements specification, scope definition, and responding to builder feedback during the Dark Factory lifecycle.

analyst repository

A version-controlled file system directory structure (typically a Git repository) where analysts store requirements documentation, review artifacts, and legacy backlog files. The repository follows a standardized directory structure including 'documentation/reviews/YYYYMMDD-Review/' paths for organizing review-dated content. The migration script reads markdown backlog files from this repository to populate the backlog_items database table.

anonymized

The process of irreversibly transforming personal data such that it can no longer be attributed to a specific individual without the use of additional information kept separately. Anonymization techniques may include data masking, aggregation, generalization, or pseudonymization with key destruction, ensuring that re-identification is not reasonably possible even with computational effort.

api

Application Programming Interface - a set of defined methods, protocols, and tools that allow different software applications to communicate and exchange data. In this context, REST APIs expose HTTP endpoints that accept requests in a specified format (typically JSON) and return structured responses, enabling integration between the order management system and external services (payment gateway, fulfillment system, carrier tracking).

api endpoints

Specific URLs or URI paths exposed by the REST API that represent distinct resources or operations, each supporting one or more HTTP methods (GET, POST, PUT, DELETE). Each endpoint defines a contract specifying request parameters, payload structure, response format, status codes, and error conditions for a particular API function.

api rate limits

Restrictions imposed by external ISBN lookup services on the number of API requests that can be made within a specified time period (e.g., requests per second, per minute, or per day). Rate limits may include quotas, throttling thresholds, and associated HTTP status codes (e.g., 429 Too Many Requests) that indicate when limits are exceeded.

api token

A unique, cryptographically secure string issued to a user that serves as a credential for authenticating API requests. API tokens are scoped to the user's organisation, inherit the user's permissions, and are used in place of session-based authentication for programmatic access. Tokens can be generated, regenerated, and revoked by the user, and each token is associated with metadata including creation timestamp, last usage timestamp, and active status.

append-only

A data structure or storage pattern where records can only be added (appended) but never modified or deleted. This ensures immutability and provides a complete audit trail of all events in chronological order.

application

A software system or product being specified and developed, serving as the top-level organizational container for requirements, stories, and scopes. Each application represents a distinct development effort with its own set of specifications, and scopes cannot span multiple applications. Applications provide the context within which requirements are authored and scopes are defined.

appropriate indexing

Database index structures strategically applied to columns frequently used in query WHERE clauses, JOIN conditions, or ORDER BY operations to optimize query performance. Appropriateness is determined by query patterns, data volume, update frequency, and the trade-off between read performance and write overhead.

appropriate justification

A documented reason for waiving a fine that meets library policy requirements, such as system error, extenuating circumstances, member hardship, or other acceptable grounds. The justification must be recorded in the audit log and may be subject to review by library management.

appropriate normalization

The application of database normalization principles (typically to Third Normal Form or higher) to eliminate data redundancy and update anomalies, while balancing the trade-offs between normalization benefits and query performance. Appropriate normalization considers the specific access patterns and business requirements of the library system to determine the optimal level of decomposition.

approved training materials

The official set of instructional resources (instructor guide, quick-reference card, demonstration device, visual aids) that have been validated and authorized for use in device training. Approved materials ensure consistent training content and quality across all training sessions.

appview

The primary landing page or dashboard displayed to authenticated users after successful login, serving as the main entry point for accessing REQQA application features and navigation.

architectural fitness functions

Automated tests that verify architectural characteristics and design principles are maintained as the codebase evolves. Fitness functions check properties such as module dependencies (ensuring no circular dependencies), layer violations (e.g., presentation layer directly accessing data layer), component coupling metrics, and adherence to architectural patterns. These tests run as part of the CI pipeline and fail the build if architectural constraints are violated.

archived

A data state where records are moved from active operational storage to long-term retention storage, remaining accessible for authorized queries and reporting but excluded from routine transactional processing. Archived data maintains integrity and auditability while optimizing active system performance.

area of responsibility

A defined geographic region or operational zone assigned to a military unit (company, battlegroup, or higher echelon) within which that unit has authority and responsibility for military operations, force protection, and situational awareness. In the context of this system, the area of responsibility determines which squads are displayed in the HQ client interface and which squad state summaries are routed to a particular HQ instance.

aria

Accessible Rich Internet Applications - a set of attributes that can be added to HTML elements to improve accessibility for users of assistive technologies (such as screen readers). ARIA attributes provide semantic information about UI components, their states, and their relationships, enabling assistive technologies to convey the purpose and behavior of interactive elements to users with disabilities. Examples include aria-label, aria-describedby, and role attributes.

aria labels

Accessible Rich Internet Applications (ARIA) label attributes that provide accessible names for UI components, enabling assistive technologies like screen readers to announce the purpose and function of interactive elements to users with disabilities. ARIA labels include attributes such as aria-label, aria-labelledby, and aria-describedby that supplement or override visible text labels for accessibility purposes.

artifact

A generic term for any primary entity in the REQQA system that can have associated analyses and issues, including requirements, stories, scopes, and applications. Artifacts are identified by a combination of artifact_type (e.g., 'requirement', 'story', 'scope') and artifact_id (the entity's unique identifier), enabling polymorphic querying of analyses and issues across different entity types.

as-built snapshot

A JSON-serialized, immutable record of all stories and requirements in a scope at the moment it transitions to 'accepted' status. The snapshot captures the final state of artifacts after implementation, including any changes made during the build phase, enabling comparison with the as-scoped snapshot to identify scope drift, measure change impact, and provide an auditable record of what was actually delivered versus what was originally specified.

as-planned vs as-built delta

A comparison report showing the differences between the original scope plan (as-planned snapshot taken at scope creation or approval) and the final delivered state (as-built snapshot taken at build closure). The delta identifies: artifacts added or removed from scope, artifacts with changed revisions or status, work items deferred to backlog, and any other deviations from the original plan. This delta provides transparency into scope changes and helps stakeholders understand what was delivered versus what was originally committed.

as-scoped

The original planned state of a scope as defined at scope creation or approval, capturing the initial set of artifacts, requirements, and work items intended for delivery. The as-scoped state serves as the baseline for comparison with the as-built state to identify scope changes, additions, deferrals, or deviations during the build phase.

as-scoped snapshot

A JSON-serialized, immutable record of all stories and requirements included in a scope at the moment it transitions to 'handover_ready' status. The snapshot captures the exact content, structure, and revision numbers of all artifacts as they were specified, providing the baseline against which the builder will work and enabling comparison with the as-built snapshot to measure scope drift or changes during implementation.

asset allocation

The distribution of a portfolio's total value across different asset categories, typically expressed as percentages. Asset allocation shows what proportion of the portfolio is invested in equities, index funds, and precious metals, calculated as (category_value / total_portfolio_value) × 100 for each category.

asset category

A classification grouping of investment instruments into one of three types: precious metals (gold and silver measured in ounces), index funds (measured in units), or equities (measured in shares). Asset categories determine the unit of measurement, validation rules, and pricing mechanisms applied to holdings.

asset identifier

A unique code or symbol used to identify a specific investment instrument in the system, which may be either a ticker symbol (for equities and index funds) or a standard metal designation (for precious metals). Asset identifiers must be validated against the list of supported instruments and are used to retrieve current market prices and instrument metadata.

asynchronous

A processing pattern where email sending operations are decoupled from the user request-response cycle, allowing the system to accept the notification request, queue it for later processing, and immediately return control to the calling operation without waiting for email delivery completion. This prevents slow email operations from blocking user-facing transactions and improves system responsiveness.

atak

Android Team Awareness Kit - a geospatial situational awareness application developed by the U.S. Air Force Research Laboratory that runs on Android smartphones and tablets. ATAK provides mapping, friendly force tracking, mission planning, and communication capabilities for tactical users. ATAK uses the Cursor on Target (CoT) protocol for data exchange and is widely adopted across military and civilian tactical operations. In the context of this requirement, ATAK represents one of the existing BMS systems with which the HQ client must integrate.

attach

The action of linking an open backlog item to a scope by populating the backlog_items.scope_id field with the target scope's identifier, indicating that the item is planned for inclusion in that scope's delivery. Attaching does not change the backlog item's status and is reversible while the scope remains in draft state.

attaching user

The authenticated analyst who performed the action of linking a backlog item to a scope, recorded for audit trail purposes. The attaching user is captured from the current session context and stored immutably with the attachment record to support accountability and change tracking.

attachment timestamp

The date and time (with timezone) when a backlog item was linked to a scope, recorded in UTC format with microsecond precision to support audit trails and chronological ordering of scope composition changes. This timestamp is immutable once recorded and is used to track when items were added to scope planning.

authentication mechanisms

Security protocols and methods used to verify the identity of API clients before granting access to system resources. This may include OAuth 2.0, API keys, JWT tokens, mutual TLS, or other industry-standard authentication schemes that ensure only authorized external systems can interact with the API endpoints.

authoring worklist

A filtered view or queue of help pages that require human review or editing, including pages flagged as stale, pages in draft status, or pages identified by GUIDE skills as having gaps or inconsistencies. The authoring worklist provides a prioritized task list for help content maintainers and surfaces pages needing attention.

authorised redirect uri

A URL registered in Google Cloud Console that Google's OAuth service is permitted to redirect users to after authentication, serving as a security measure to prevent authorization code interception by ensuring callbacks only go to pre-approved endpoints controlled by the application owner.

authorization header

An HTTP request header field (as defined in RFC 7235) that contains credentials for authenticating the client with the server. In this system, it carries the Bearer token in the format 'Authorization: Bearer <token>', where the token is the API authentication credential.

auth_user

The database table or model in py4web that stores user account records, including authentication credentials, profile information, and account status, serving as the primary user identity store for the application.

auto-increment

A database column attribute that automatically generates sequential integer values for new records, typically used for primary keys. The database management system increments the value by 1 for each new insert, ensuring uniqueness without requiring application-level value generation.

autocomplete

A user interface feature that predicts and suggests possible completions for partially-typed input, displaying a dropdown list of matching options as the user types. In this context, autocomplete queries the definitions.term field to show matching glossary terms after the user enters 2 or more characters, enabling faster term lookup without requiring exact spelling or full term entry.

automated backup procedures

Systematic, scheduled processes that create and store copies of system data, configurations, and state without manual intervention. These procedures include backup frequency, retention policies, storage locations, verification mechanisms, and recovery testing protocols to ensure data can be restored in the event of system failure.

automated backups

Scheduled, unattended processes that create complete or incremental copies of database contents and transaction logs, stored in secure locations separate from the primary database. Automated backups run at predetermined intervals without manual intervention, include verification of backup integrity, and support point-in-time recovery capabilities.

automated database backups

Scheduled, system-initiated processes that create complete or incremental copies of all database contents, including transaction logs, configuration data, and metadata, stored in a separate location to enable recovery in case of data loss, corruption, or system failure. Backups are performed without manual intervention and include verification of backup integrity.

automatic conversion

A system capability that transforms ISBN-10 format identifiers to ISBN-13 format (or vice versa) using the standard conversion algorithm, enabling searches and lookups to succeed regardless of which format is provided by the user or returned by external services. The conversion follows the official ISBN standard, preserving the check digit validity.

availability status

The current state of a library item indicating whether it can be borrowed by members. Possible states include: available (on shelf and borrowable), checked out (currently borrowed), in processing (being catalogued or repaired), damaged (flagged for assessment), reserved (held for a specific member), or withdrawn (removed from circulation).

available

A book status indicating that the item is not currently on loan, not on hold for another member, and is physically present in the library or digitally accessible for immediate borrowing. An available book can be checked out by any eligible member or allocated to the first member in the reservation queue.

available status

A book status indicating that a copy is physically present in the library, not currently on loan, not reserved for a specific member, and can be immediately borrowed by any eligible member. Books in available status appear in search results as borrowable and can be checked out without waiting.

available stock

The quantity of a product that is physically present in inventory, not allocated to other orders or baskets, and can be immediately reserved for purchase. Available stock is calculated as total inventory minus committed quantities (pending orders, reserved items, damaged goods) and is updated in real-time as transactions occur.

average order value

The mean monetary value of completed orders over a specified time period, calculated as total revenue divided by number of orders. Average order value (AOV) is a key e-commerce metric used to measure customer spending patterns and the effectiveness of upselling, cross-selling, and basket optimization strategies.

B

ba-5590

A military-standard rechargeable lithium battery pack providing 15 volts DC output, commonly used to power tactical radio equipment and portable military electronics. The BA-5590 is a NATO-standard battery type with defined physical dimensions, connector interface, capacity (typically 10-15 amp-hours), and environmental operating range. It is the standard power source for Bowman radio equipment and other squad-level tactical systems.

back-reference

An automatically derived reverse relationship displayed on a context page that lists all how-to guides referencing that page. Back-references are computed from the help_references index when a how-to is saved, enabling context pages to show 'Related how-tos' sections without manual authoring. The system maintains back-references as the single source of truth for reverse relationships, preventing stale or orphaned links.

back-reference index

A system-maintained data structure that maps context help pages to the how-to articles that reference them, derived automatically from forward links authored in how-to content (per FR-17.2). The index is updated when how-tos are saved and enables context pages to display a 'Related how-tos' section without manual curation. The index structure and update mechanism are defined in FR-17.2.

backlog item

A structured work item representing a future task, enhancement, defect, or change that has been identified during scope review, design, or build phases but falls outside the current scope. Backlog items are stored per organization and application, linked to source artifacts, prioritized for future implementation, and may be promoted to requirements or stories in subsequent scopes through manual workflow.

backlog items

Work items stored in the project backlog that represent future work to be prioritized, planned, and executed in subsequent iterations or phases. Backlog items include a description, priority, origin (source of the item), status, and any relevant metadata. Items can be created from various sources including deferred work from closed scopes, new feature requests, or identified technical debt.

backlog list view

A tabular or list-based user interface displaying multiple backlog items with key attributes (title, status, priority, scope attachment) in a scannable format, supporting sorting, filtering, bulk selection, and access to item-level actions through action menus or inline controls. The list view serves as the primary interface for browsing and managing multiple backlog items simultaneously.

backward compatibility

The property of a software update that allows it to interoperate with previous versions without requiring simultaneous upgrades of all system components. Backward compatible changes maintain existing interfaces, message formats, and behaviors while adding new capabilities, ensuring that updated components can communicate with non-updated components. This enables incremental deployment and avoids the need for coordinated fleet upgrades.

backward-compatible

A property of a system upgrade where new hardware or software versions can interoperate with older versions without requiring simultaneous replacement of all components. In the context of SQUAD-STATE, backward compatibility means that arctic/jungle-capable soldier devices can communicate with existing squad-leader tablets and HQ clients without requiring those systems to be upgraded simultaneously.

badge

A small visual indicator (typically a colored label or tag) displayed alongside or within a UI element to convey status, category, or other metadata at a glance. In the context of backlog items, a priority badge would visually represent the priority level (mvp, dependency, valuable, nice-to-have) using color coding or iconography.

base currency

The default currency selected by a user for displaying all monetary values throughout the application, including portfolio valuations, gains/losses, and transaction amounts. The base currency preference is stored in the user profile and applies consistently across all views and reports. Currency conversion is applied automatically when displaying assets denominated in other currencies.

base plugin

The parent OAuth authentication plugin class provided by the web framework (py4web/pydal) that implements standard OAuth 2.0 authentication flow including token exchange, user profile retrieval, and account creation. The base plugin is delegated to by provider-specific subclasses after the invite-gating logic passes, allowing the standard authentication flow to proceed.

basic computer literacy

The foundational computing skills expected of system users, including the ability to use a mouse and keyboard, navigate web browsers, understand common UI patterns (buttons, links, forms, menus), read and follow on-screen instructions, and perform simple text entry and selection tasks. Basic computer literacy does not assume knowledge of technical concepts, command-line interfaces, or advanced software features.

basket abandonment

The event where a user adds products to their shopping basket but exits the session or platform without completing the checkout process, resulting in an unconverted basket. Abandonment is typically measured as a rate (abandoned baskets / total baskets created) and is tracked for analytics and recovery campaign purposes.

basket badge

A visual indicator (typically a small circular overlay with a number) displayed on the basket icon in the persistent header, showing the total item count (sum of BasketItem.quantity for all items in the active basket). The badge updates asynchronously after page load and does not provide real-time synchronization across browser tabs or devices in the current phase.

basket capacity

The maximum number of distinct products (50) and total item quantity (9,999) that a single basket can contain, enforced to prevent performance degradation and ensure reasonable basket sizes. Basket capacity limits apply to both guest and registered user baskets and are validated before item addition or quantity modification operations.

basket merge

The process of combining a guest user's basket with their registered account basket when they log in or register, requiring user selection of merge strategy (merge, replace, or discard) and conflict resolution for duplicate products. The merge operation is atomic and creates a BasketMerge audit record tracking the outcome.

basketauditlog

A database entity that records an immutable, chronological audit trail of all basket-related events and state changes. Each log entry captures the event type, timestamp, user context, and event-specific details to support compliance, debugging, and analytics requirements. Audit logs are retained according to NFR-01 retention policies and support GDPR audit requirements.

basketitem

A database entity representing a single product entry within a shopping basket, including the product reference, quantity, pricing, and metadata. Each BasketItem belongs to exactly one Basket and references one Product. The entity enforces uniqueness per product per basket and supports quantity aggregation when the same product is added multiple times.

basketmerge

A database entity that records the outcome of merging a guest user's basket with a registered user's basket during login or registration. Each BasketMerge record captures the source baskets, merge strategy chosen, conflict resolution details, and timestamp to support audit requirements and user support inquiries.

basket_db

The MySQL database instance dedicated to storing basket-related data including Basket, BasketItem, BasketAuditLog, and BasketMerge entities. This database is subject to replication topology as defined in TR-01 and backup procedures as defined in TR-02.

batch

A collection of related builder feedback issues submitted together in a single API request or transaction, typically representing all feedback identified during a single builder review of a scope. Batches enable atomic submission and efficient processing of multiple related issues.

batch job

A scheduled, automated process that executes a specific task (such as data purging, expiry checking, or report generation) at predetermined intervals without user interaction. Batch jobs typically run during off-peak hours to minimize impact on system performance and are monitored for completion status, execution time, and error conditions.

battery management algorithm

A software algorithm that monitors battery voltage and current draw to estimate remaining battery capacity as a percentage, accounting for factors such as discharge curves, temperature effects, and load variations. The algorithm provides the basis for battery state reporting and triggers low-battery and critical-battery warnings at defined capacity thresholds.

battery management ic

Battery Management Integrated Circuit - a specialized microchip that monitors battery voltage, current, and temperature, and provides battery state information to the main processor via I2C or analog interfaces. The IC may include features such as fuel gauging, charge control, and protection circuitry to prevent over-discharge or over-temperature conditions.

bearer scheme

An HTTP authentication scheme defined in RFC 6750 where the client includes an access token in the Authorization header using the format 'Authorization: Bearer <token>', indicating that the bearer (holder) of the token is authorized to access the requested resource without additional proof of identity.

best discount wins

A discount prioritization rule where, when multiple discounts are applicable to the same item or basket, the system automatically selects and applies the discount that provides the greatest monetary benefit to the customer, measured as the largest absolute reduction in price. Other eligible discounts are not applied (discounts do not stack).

bibliographic data

Standardized descriptive metadata about a published work, including but not limited to title, author(s), publisher, publication date, edition, language, page count, and subject classification. In the context of ISBN lookup services, this refers to the subset of catalogue fields that can be automatically populated from external sources.

bibliographic metadata

Structured information about a book publication retrieved from external services, including but not limited to: title, author(s), publisher, publication date, edition, page count, language, subject classifications, and description. This metadata is used to populate catalogue records and provide search and discovery capabilities.

blocker issue

An issue with severity or priority classification indicating that it prevents progress on a scope and must be resolved before the scope can transition to the next lifecycle state. Blocker issues typically represent critical defects, missing information, or unresolved conflicts that would make it impossible or inadvisable to proceed with handover, review, or acceptance.

blocker issues

Critical problems or unresolved questions identified during scope review that prevent the design phase from proceeding. Blocker issues represent gaps in requirements, unresolved stakeholder conflicts, or missing information that must be addressed before technical design decisions can be made. The system tracks blocker status and warns users when attempting to design a scope with unresolved blockers.

blockers

Critical issues identified during builder's review that prevent the scope from proceeding to design and implementation, such as missing essential requirements, fundamental contradictions, or undefined critical terms. Blockers must be resolved by the analyst before the scope can exit in_review status and continue through the Dark Factory pipeline.

bms family

Battle Management System family — a suite of military command and control software applications used at headquarters level for situational awareness, mission planning, and force tracking, with which the HQ client software must maintain protocol compatibility.

body hash

A cryptographic hash (such as SHA-256) computed from the JSON request payload body, used in conjunction with the Idempotency-Key header to detect when the same idempotency key is reused with different request content. The body hash enables the system to distinguish between legitimate retries (same key, same body) and conflicting requests (same key, different body), with the latter returning a 409 Conflict error.

body hash comparison

The process of computing a cryptographic hash of the current request body and comparing it against the stored hash from a previous request with the same Idempotency-Key, to determine whether the requests are identical (same key, same body - valid retry) or conflicting (same key, different body - invalid reuse). The comparison enables the system to distinguish legitimate retries from erroneous key reuse and return appropriate responses (200 for match, 409 for mismatch).

book

A physical or digital item in the library's collection that can be borrowed by members, identified by a unique catalog identifier. Books have attributes including availability status, loan history, and classification (e.g., reference vs circulating material).

book catalogue

A comprehensive inventory of all books and materials available in the library system, containing bibliographic information (title, author, ISBN, publisher, publication date), physical details (location, copy number, condition), availability status, and categorization metadata. The catalogue serves as the authoritative source for searchable library holdings.

book category

A classification assigned to books for organizational and policy purposes, such as 'reference', 'fiction', 'non-fiction', 'children's', or 'new release'. Book categories may affect loan periods, borrowing restrictions, and circulation policies.

booking reference

No definition yet.

bootstrap script

A one-time executable program or database script that creates the initial demo organisation and application by cloning content (requirements, stories, personas, analyses) from an existing production application. The script runs once during initial setup to populate the demo data, after which the fixture file becomes the authoritative source for subsequent re-seeding operations.

bot-style traffic

Automated or scripted authentication attempts from non-human actors, such as web crawlers, security scanners, or malicious bots that attempt to create accounts using random or harvested OAuth credentials. Bot-style traffic is characterized by high volume, lack of valid invitations, and attempts to create accounts without legitimate user intent.

brand

The manufacturer or trademark name associated with a tennis ball product (e.g., Wilson, Penn, Dunlop, Babolat). Brand is a primary organizational dimension in the catalogue and a filterable/sortable attribute used for product discovery and comparison.

browser sessions

Independent instances of user interaction with the web application, typically corresponding to separate browser tabs, windows, or devices, each maintaining its own authentication state, cookies, and local storage. Browser sessions may share authentication if using the same browser profile, or be completely isolated if using different browsers or incognito/private modes.

browser storage

Client-side data storage mechanisms provided by web browsers, including localStorage (persistent across sessions), sessionStorage (cleared when tab closes), and cookies. Browser storage allows the application to maintain state on the user's device without server-side session management, subject to storage quotas and user privacy settings.

build assertion

An automated verification check executed during the build or CI/CD pipeline that validates a specific condition must be true before the build can succeed. If the assertion fails (condition evaluates to false), the build process terminates with an error, preventing deployment of the artifact. In this context, a build assertion verifies that help content version stamps match the application version being released.

build phase

The active code generation and implementation stage where the builder creates executable artifacts based on approved requirements and scope definitions. Feedback issues with source 'build_phase' are raised during actual code generation when the builder encounters implementation blockers, discovers runtime constraints, or identifies issues not visible during earlier review phases.

build plan

A versioned document or structured record created by the builder that outlines the technical approach, implementation sequence, dependencies, and estimated effort for delivering the stories in a scope. Build plans are stored against the scope and may be updated as implementation progresses, providing visibility into the builder's strategy and enabling tracking of plan vs actual execution.

build report

A structured document summarizing completed implementation work for a scope, including deliverables produced, test results, deviations from the build plan, issues encountered and resolved, and confirmation that acceptance criteria have been met. The build report is posted to REQQA as part of scope closure and serves as the final artifact of the build phase.

build step

A discrete operation or task executed as part of an automated build pipeline, typically defined in a build script or CI/CD configuration file, that performs a specific function such as compiling code, running tests, or generating documentation. Build steps execute sequentially or in parallel according to dependency rules and can fail independently, halting the build if critical.

build-coupling

A deployment strategy where help documentation is compiled and versioned in lockstep with application code during the build process, ensuring that the help content displayed to users always matches the exact version of the application they are running. Build-coupling prevents version drift between code and documentation by making help content an integral part of the release artifact.

builder

The AI-powered system (Claude Code) or human development team responsible for implementing the stories and requirements defined in a scope. The builder receives the formal handover package, creates build plans, implements the specified functionality, and provides feedback through the issue mechanism. In the Dark Factory context, the builder is expected to operate with high autonomy, guided by structured specifications and automated quality gates.

builder feedback

Structured comments, questions, or issue reports submitted by external AI tools or developers during the implementation process, typically including references to specific requirements, proposed changes, identified ambiguities, or implementation challenges. Builder feedback is posted via the API and stored as part of the requirement audit trail, enabling asynchronous communication between automated builders and human stakeholders.

builder review

A systematic evaluation phase where the builder (AI code generation agent) analyzes a defined scope to identify specification gaps, implementation risks, ambiguities, and missing requirements before code generation begins. The review produces a batch of feedback issues that are submitted to the issue management system for analyst resolution.

builder token

An API authentication token issued to automated builder systems (such as Claude Code agents) that grants permission to create backlog items and submit builder feedback, distinguished from regular user tokens by having builder-specific permissions and rate limits. Builder tokens are scoped to an organization and application, and are used to authenticate API requests from automated build processes.

builder's review

A structured evaluation performed by a builder (automated agent or human developer) during the handover stage, assessing whether a scope's requirements are complete, clear, testable, and ready for design and implementation. The review produces findings, questions, and a readiness assessment that determines whether the scope can proceed to the design phase.

built_for_version

A database column in the help_pages table that stores the application version number (in semantic versioning format X.Y.Z) for which the help content row was compiled and released. This column enables runtime verification that displayed help content matches the running application version and supports detection of version mismatches.

bulk orders

Customer orders that request quantities of a product exceeding a defined threshold (e.g., more than 50 units of a single SKU, or total order value exceeding a monetary limit), typically indicating wholesale, corporate, or reseller purchases rather than individual consumer orders. Bulk orders may be subject to special pricing, approval workflows, and inventory allocation rules to ensure adequate stock remains for regular retail customers.

bulk pricing tiers

A pricing structure where the unit price decreases based on the quantity purchased, defined as a set of quantity thresholds and corresponding discounted prices. For example: 1-5 units at $10 each, 6-20 units at $9 each, 21+ units at $8 each. Bulk pricing tiers are configured per product and displayed to customers to encourage larger purchases.

bulk select

A user interface capability that allows the analyst to select multiple backlog items simultaneously from the list view using checkboxes or similar selection controls, enabling batch operations (such as attach to scope or create new scope) to be performed on all selected items in a single action. The system supports up to 100 items per bulk selection.

bulk-propagation admin action

An administrative operation that applies template changes (specifically recommended_analyses updates) to multiple existing requirements in a single transaction, typically performed by system administrators when a template's analysis recommendations are updated and need to be synchronized across all requirements using that template.

business hours

The designated time periods during which the e-commerce platform is expected to provide full service availability for order placement and tracking, typically defined as specific hours in a specific timezone (e.g., 06:00-23:00 UTC). Business hours may vary by region or be defined as 24/7 for global e-commerce operations.

C

cache ttl

Cache Time To Live - the duration for which cached data is considered valid before it must be refreshed from the authoritative source. After the TTL expires, the cache entry is either automatically purged or marked as stale, triggering a refresh on the next access. TTL values balance data freshness requirements against system performance and load on upstream services.

callback

An HTTP endpoint in the application that receives the authorization response from an OAuth2 provider after user authentication, processes the authorization code or error, exchanges the code for an access token, retrieves user profile information, and completes the sign-in flow by creating or updating the user session.

callback handler

A server-side endpoint or function that receives the OAuth authorization response from an OAuth provider after a user completes authentication. The callback handler processes the authorization code, exchanges it for an access token, retrieves user profile information, and completes the sign-in flow by creating or updating the user's session in REQQA.

caller context

The set of authentication and authorization metadata associated with an API request or user action, including the authenticated user identity, authentication method (UI session, builder token, AI system credentials), user role, organization membership, and permissions, used by the system to determine access rights and automatically populate audit fields.

candidate queue

A prioritized list of potential FAQ topics awaiting admin review, populated from three signal sources: high-volume search terms (frequently queried), zero-result search terms (queries returning no results), and low-rated pages (content receiving negative feedback via FR-17.11). Each candidate includes the source signal, frequency/volume metrics, and timestamp, enabling admins to triage and decide whether to create an FAQ entry, improve existing content, or dismiss the signal.

canonical event schema

No definition yet.

canonical master

The authoritative, reference version of a data entity (such as a template) that serves as the source of truth for replication or inheritance across multiple instances. A canonical master defines the standard structure and content that derivative instances should follow, and changes to the canonical master may propagate to dependent instances according to system rules.

canonical metadata

The authoritative, reference version of template configuration data (specifically recommended_analyses values) that serves as the source of truth for inheritance by requirements created from those templates. Canonical metadata is established through the population process and represents the reviewed, approved default analysis selections that will be propagated to new requirements, ensuring consistency across the organization's requirement creation workflow.

canonical template inventory

A structured dataset generated by the guide-exit skill at phase completion that provides a per-template record containing template_key, panel_key, help_page_status, last_touched_at, last_touched_by_phase, and demo_inclusion fields, serving as the authoritative source for coverage reporting (FR-17.17), PDF export (FR-17.15), and demonstration-agenda rendering.

caps

Commercial Product Assurance Scheme — an NCSC certification program that evaluates and approves commercial cryptographic products for use in UK government systems. CAPS provides assurance that products meet security requirements for protecting OFFICIAL-SENSITIVE and SECRET information. Products on the CAPS list have undergone security evaluation and are approved for use without additional accreditation for their cryptographic functionality.

capture errors

Failures that occur during Playwright screenshot capture, including: HTTP 500 errors when navigating to pages, authentication failures preventing login, missing UI elements that the script expects to find, browser crashes, timeout errors waiting for page load, filesystem errors writing screenshot files, or any other exception that prevents successful screenshot generation. Capture errors are distinguished from warnings or non-critical issues and cause the script to fail the build.

carried forward

The action of including a story from a previous scope (typically one that was deferred or not completed) into a new scope, allowing work to continue on the story in a subsequent delivery cycle. Carried forward stories may appear in multiple scopes over time, with each scope capturing the story at a different revision.

carrier tracking webhook

An HTTP callback mechanism where a shipping carrier's system sends real-time delivery status updates to the e-commerce platform's API endpoint when package status changes occur (e.g., out for delivery, delivered, delivery exception). The webhook payload contains tracking number, status code, timestamp, and location information, enabling automated order status updates without polling the carrier's API.

cascade delete

A database referential integrity constraint that automatically deletes child records when their parent record is deleted. In the context of basket management, when a Basket record is deleted, all associated BasketItem records are automatically deleted by the database due to the foreign key constraint with ON DELETE CASCADE, ensuring data consistency without requiring explicit application-level deletion logic.

cascade deletion

A database referential integrity behavior where deleting a parent record automatically triggers deletion of all related child records in dependent tables. Cascade deletion is typically configured through foreign key constraints with ON DELETE CASCADE, ensuring that orphaned records are not left in the database when their parent entity is removed. This maintains referential integrity but carries data loss risk if not carefully managed.

Case

A stateful record representing a single disruption event affecting one or more passengers, tracking the lifecycle from detection through resolution. It maintains an append-only timeline of all state changes, decisions, and actions (including signal reconciliation, severity assessment, notifications, and escalations), with versioned references to the rules applied, ensuring full auditability and traceability of the disruption handling process.

Case timeline

An append-only, chronological record of all state changes, decisions, actions, and events associated with a Case, including signal reconciliation, severity assessments, notifications, re-accommodation adjustments, and escalations. Each entry captures the timestamp, the versioned ruleset or policy applied, the previous state, and the deterministic decision that triggered the change, ensuring complete auditability and traceability throughout the disruption handling lifecycle.

category

A hierarchical classification scheme used to organize library materials by subject area, genre, or topic (e.g., Fiction > Science Fiction, Non-Fiction > History > Ancient History). Categories follow a controlled vocabulary or standard classification system (such as Dewey Decimal or Library of Congress) and allow members to browse related materials systematically.

category breakdown

A summary display showing the count of holdings and total cost basis subtotal for each asset category (equities, index funds, precious metals) that contains at least one holding. The breakdown provides users with a categorized view of their portfolio composition by asset type, calculated by summing (quantity × cost_basis_per_unit) for all holdings within each category.

change password feature

A system function that allows users to request a password reset by sending a secure link to their registered email address. The link either confirms the user's identity and allows them to set a new password, or provides access to a specially authenticated page where they can change their password without logging in with the old password.

checkbox control

A user interface input element that allows users to select or deselect multiple options independently by clicking on small boxes that display a checkmark when selected. In the context of template editing, checkbox controls enable Template Administrators to select multiple analyser step-codes simultaneously for the recommended_analyses field, with each step-code represented by its own checkbox that can be toggled on or off.

checkout

The multi-step process where a user finalizes their purchase by providing delivery information, selecting payment method, reviewing order details, and submitting payment authorization. Checkout converts a shopping basket into a confirmed order and initiates fulfillment workflows.

checkout initiation

The event triggered when a user clicks the 'Proceed to Checkout' button or equivalent action, marking the transition from basket management to the checkout process. At this point, stock reservation occurs, the basket status may change to prevent further modifications, and basket contents are transferred to the Checkout Service for payment processing.

checksum

A computed value derived from data content using a mathematical algorithm, used to verify data integrity during transmission or storage. In the context of event processing and audit trails, checksums ensure that disruption events, passenger records, and policy rules have not been corrupted or tampered with, supporting the system's auditability requirements.

circuit breaker

A design pattern that prevents cascading failures in distributed systems by detecting when a downstream service is failing and temporarily stopping requests to that service (opening the circuit). After a timeout, the circuit breaker allows test requests (half-open state) and closes the circuit if the service has recovered, restoring normal operation.

claude code conversation

An interactive dialogue session between a user and the Claude AI assistant within the Claude Code interface, used for collaborative design work. The conversation maintains context across multiple exchanges, allowing iterative refinement of design decisions through natural language discussion. In this system, Claude Code conversations serve as the primary interface for generating and refining design records.

claude-code skills

Executable workflow automation capabilities in Claude Code that are defined as markdown files in the .claude/commands/ directory and invoked via slash commands to perform specific development tasks such as generating documentation, creating stubs, or producing reports. Skills encapsulate reusable logic that can be triggered independently during the development lifecycle.

clickwrap

A digital agreement method where users indicate acceptance of terms by clicking a button or checkbox, typically with the terms displayed or linked nearby. Clickwrap agreements are legally binding when properly implemented, with evidence of acceptance (timestamp, IP address, user ID) stored for audit purposes.

client

The user-facing application or interface (such as a web browser, mobile app, or desktop application) that initiates requests to the server and presents information to the end user. The client runs on the user's device and communicates with the server over a network.

client-supplied value

A field value provided in an API request payload or form submission by the calling client (user interface, API consumer, or external system), which may be subject to validation, sanitization, or override by server-side business logic to enforce security and data integrity constraints.

clock skew

The difference in time between two or more system clocks that should theoretically be synchronized. Clock skew can occur due to network latency, system time drift, or misconfigured time synchronization services (NTP). In distributed systems, clock skew can cause timestamps to appear out of order, with events appearing to occur before their actual time or in the future relative to other system components.

closable state

A scope status that indicates all required build phase activities have been completed and the scope is eligible for closure. A closable state typically requires that the build plan has been executed, acceptance criteria have been met, a build report has been generated, and no blocking issues remain open.

close their accounts

A member-initiated or system-initiated action that terminates an active membership, revoking borrowing privileges and triggering data retention and purging workflows. Account closure requires settlement of all outstanding loans and fines, and initiates a retention period after which personal information is purged according to data protection regulations.

closing the loan record

The process of marking an active loan as completed by recording the return date, changing the loan status from active to closed/returned, and updating the book's availability. A closed loan record remains in the system for historical tracking but no longer represents an outstanding borrowing obligation.

cloud hosting platform

A third-party infrastructure service (such as AWS, Azure, or Google Cloud Platform) that provides on-demand computing resources, storage, and networking capabilities with elastic scaling, high availability guarantees, and pay-per-use pricing models. The platform must support containerized deployments, automated scaling policies, and meet the system's uptime and performance SLAs.

cmt

Combat Medical Technician - a trained military medic embedded with combat units who provides immediate trauma care, triage, and casualty stabilization in the field. CMTs are notified of physiological alerts and casualty detections to enable rapid medical response. The CMT notification pathway is a critical integration point for the casualty alerting system.

cold visitor

A prospective user who arrives at the REQQA login page without a pre-existing invitation, account, or prior relationship with the system. Cold visitors are not authorized to create accounts directly but can submit an access request via the public /requestAccess form (FR-20.6), which is reviewed by system administrators who may issue an invitation if approved.

cold visitors

Users who attempt to access REQQA without a pending invite or existing account. Cold visitors are individuals who have not been pre-authorized to use the system and arrive via direct URL access, search engines, or other discovery mechanisms. In an invite-only system, cold visitors are redirected to an informational page (FR-20.6) explaining that REQQA is invite-only and providing instructions for requesting access.

collect

The action of a member physically retrieving a held book from the library or initiating a digital checkout, which converts the hold into an active loan and removes the member's reservation from the queue. Collection is recorded with a timestamp and staff/system identifier.

comma-separated values

A text format for representing multiple values in a single string by separating each value with a comma character, optionally with whitespace trimming. In configuration contexts, comma-separated values allow specifying multiple email addresses (e.g., 'user1@example.com, user2@example.com, user3@example.com') in a single configuration parameter, which the application parses into a list for processing.

common.py

A Python module in the py4web application that contains shared initialization code executed during application startup, including authentication configuration, OAuth provider registration, and other common setup tasks. The file is located in the application root directory and is imported by py4web's initialization process. OAuth provider plugins are conditionally registered in common.py based on the presence of credentials in settings.py.

communication tool

No definition yet.

completed loan records

Loan transaction records where the borrowed item has been returned, all associated fines have been settled or waived, and no further action is required. A completed loan represents a closed transaction in the lending lifecycle, eligible for archival according to retention policies.

compliance purposes

The set of regulatory, legal, and policy requirements that mandate retention and availability of audit records, including financial regulations, data protection laws, industry standards, and organizational governance policies. Defines retention periods, access controls, and audit trail completeness requirements.

comprehensive

In the context of audit trails, capturing all relevant details necessary to reconstruct the complete state and history of a transaction or change, including who performed the action, when it occurred, what was changed (before and after values), why it was changed (if applicable), and the context in which it occurred.

computed hash

The hash value generated by applying the system's hashing algorithm to a provided plaintext token during authentication. The computed hash is created on-demand for each authentication request and compared against stored token_hash values to verify token authenticity. The computed hash is never stored and exists only in memory during the authentication process.

concurrent loans

The number of books that a library member has checked out simultaneously at any given point in time, counting all active loans that have not yet been returned or marked as lost. This count is used to enforce borrowing limits defined by member type policies.

concurrent users

The number of authenticated users actively interacting with the system simultaneously within a defined time window (typically measured as users with active sessions performing transactions within a 1-minute interval). This differs from total logged-in users, as it counts only those actively generating system load through requests or operations.

conditional fields

Database entity attributes whose validity, requirement status, or allowed values depend on the state of other fields in the same record. In the context of backlog items, conditional field validation ensures that linked_requirement_id must be null when status is 'declined', and that declined_reason is required when status is 'declined'. Conditional field rules are enforced during create and update operations.

confidence

A numeric score (typically 0.0 to 1.0) assigned to an inbound disruption signal indicating the reliability or certainty of the event data, used to determine whether automatic correlation should proceed or the event should be routed to the Unmatched Queue for manual review. Confidence thresholds are configurable, and the score is stored with the normalized event to support explainable correlation decisions and audit trails.

configurable period of inactivity

A system-configurable duration (measured in months or years) during which a member account shows no activity, after which automated data retention policies are triggered. Inactivity is measured from the last of: membership expiration date, last login, last transaction, or last communication with the library. The period is configurable by library managers to accommodate different jurisdictional data protection requirements.

configurable time periods

User-selectable time intervals for report generation, allowing library managers to specify the temporal scope of analysis through predefined options (e.g., daily, weekly, monthly, quarterly, yearly) or custom date ranges. The system stores the selected period with each report for reproducibility and comparison.

configuration files

Structured data files (such as JSON, YAML, XML, or INI format) stored separately from application code that contain environment-specific settings and parameters. These files are read by the application at startup or runtime to configure behavior, connections, and features without requiring code changes or recompilation.

configured fine rates

System-maintained monetary amounts charged per day (or other time unit) for overdue books, which may vary by book type, member category, or other factors. Fine rates are configurable by library administrators and are applied during the overdue fine calculation process.

configured token

An authentication credential (API key or bearer token) stored in the Dark Factory's configuration that grants the handover skill permission to access REQQA API endpoints. The token is obtained through REQQA's authentication mechanism and must be securely stored and rotated according to security policies.

confirmation dialog

A modal dialog or UI overlay that appears when an analyst initiates a promotion action, requiring explicit user confirmation before proceeding with the operation. The dialog typically displays a summary of the action to be performed, provides 'Confirm' and 'Cancel' buttons, and blocks interaction with the underlying page until the user makes a selection.

confirmation email

An automated email message sent to a newly registered member's provided email address, confirming successful account creation and typically containing the assigned membership number, welcome information, and next steps for using library services.

confirmation link

A unique, time-limited URL sent to a newly registered user's email address that, when clicked, verifies the user's email ownership and activates their account. The link contains a secure token that identifies the registration and expires after 2 hours.

confirmation message

No definition yet.

conflict

No definition yet.

conflict resolution

The process of determining the final quantity for a product that exists in both guest and registered baskets during a merge operation. Resolution options include: keep guest quantity, keep account quantity, or sum both quantities (default). The chosen resolution is recorded in the BasketMerge.conflict_resolution JSON field for audit purposes.

consent state

No definition yet.

consent_state

No definition yet.

console output

Text written to the standard output stream (stdout) of a command-line process, typically displayed in the terminal or command prompt window where the script was executed. Console output can be redirected to files or piped to other processes using shell operators.

constraint violation

A database error condition that occurs when an INSERT or UPDATE operation attempts to violate a defined database constraint such as primary key uniqueness, foreign key referential integrity, NOT NULL requirements, CHECK constraints, or UNIQUE constraints. In the context of backlog migration, this typically refers to violations of the backlog_items table's constraints during bulk insert operations.

contact details

The set of communication information associated with a library member, including email address, phone number, and residential address, used by the library to reach the member for notifications, overdue notices, and service communications.

content shape

The expected structure, format, and metadata requirements for markdown files within a content surface, including required frontmatter fields (title, date, author, tags), heading hierarchy conventions, use of Docusaurus-specific features (admonitions, tabs, code blocks), and any surface-specific formatting rules that ensure consistency and enable proper rendering and indexing.

content surfaces

Distinct categories or sections of documentation content within the Docusaurus site, such as how-to guides, FAQ entries, manual pages, and other organized content directories that are indexed separately but searchable through a unified interface.

conversation context

The ephemeral state and history of an interactive session between a user (typically a developer) and the builder system, including messages exchanged, decisions made, and intermediate artifacts generated. Conversation context is maintained during active sessions but is not persisted as permanent records in REQQA.

conversion rate

The percentage of shopping sessions or baskets that result in a completed purchase transaction, calculated as (completed checkouts / total baskets created) × 100. Conversion rate is a key e-commerce performance metric used to measure the effectiveness of the shopping experience and basket functionality.

cookies

Small text files stored by a web browser on the user's device, containing data sent by the web server. Cookies are used to maintain session state, store user preferences, and track user behavior. In this context, cookies are used to persist guest user baskets for a minimum of 24 hours, subject to browser settings and user privacy controls.

copy to clipboard

A user interface action that programmatically copies text or data to the operating system's clipboard memory, making it available for pasting into other applications or fields. Implemented using browser APIs (navigator.clipboard.writeText() or document.execCommand('copy')), this feature requires user interaction or permission in modern browsers for security reasons.

core reqqa entities

The primary data objects managed by REQQA that represent the fundamental building blocks of requirements management, including but not limited to: requirements, acceptance criteria, business rules, issues, plans, scope definitions, organisations, users, and audit logs. Core entities are distinguished from supporting or metadata entities and represent the minimum set of resources that must be exposed via the API for external tools to interact meaningfully with REQQA.

correlation

No definition yet.

correlation_id

A unique identifier that links related records across the system, enabling tracing of a disruption event from ingestion through normalization, correlation, Case creation, and notification dispatch. Used for distributed tracing and audit purposes.

cost basis

The original purchase price per unit of an asset, used to calculate capital gains or losses when the asset is sold. Cost basis includes the purchase price plus any associated fees or commissions. For tax purposes, cost basis may be adjusted for corporate actions (stock splits, dividends) and must be tracked per acquisition lot to support various accounting methods (FIFO, LIFO, specific identification).

coupon

A segment of an airline ticket representing a single flight leg or journey component. Each coupon has a status (open, used, refunded, exchanged, void) and tracks whether that portion of the journey has been completed. Multi-leg tickets contain multiple coupons that must be reconciled during rebooking and refund calculations.

coupon codes

Alphanumeric codes that customers can enter during the shopping or checkout process to receive discounts or special offers. Coupon codes are validated against active promotional campaigns and may have restrictions on usage (expiration dates, minimum purchase amounts, product eligibility, single-use vs multi-use).

create

The action of adding a new investment holding record to the user's portfolio by specifying all required attributes (asset identifier, quantity, acquisition date, cost basis). Creation establishes a new holding that did not previously exist in the system and immediately affects portfolio calculations.

cryptographically secure

A property of random number generation or cryptographic operations where the output is computationally infeasible to predict or reproduce without knowledge of the secret key or seed, meeting standards for cryptographic applications such as token generation, encryption, or digital signatures. Typically implemented using cryptographically secure pseudo-random number generators (CSPRNGs) that pass statistical randomness tests and resist cryptanalysis.

csp

Content Security Policy - an HTTP response header that allows web site administrators to control which resources (scripts, styles, images, etc.) the browser is allowed to load for a given page. CSP helps prevent Cross-Site Scripting (XSS) attacks by restricting the sources from which content can be loaded and blocking inline scripts unless explicitly allowed. CSP headers define directives such as default-src, script-src, and style-src to specify allowed content sources.

cta

Call To Action - a button, link, or instruction in a user interface or message that prompts the user to take a specific action, such as 'Rebook Now', 'View Options', or 'Accept Compensation'. CTA placement and wording significantly affect user engagement and conversion rates.

current loans

The total count of active loan transactions at the present moment, representing books currently checked out to members that have not yet been returned. This is a real-time snapshot metric equivalent to the count of active loans as defined in the glossary.

current loans list

A collection of all active loans associated with a specific member, displaying book details, loan dates, and due dates. This list is updated in real-time as loans are processed and books are returned, providing members and librarians visibility into outstanding borrowing obligations.

current market price

The most recent trading price or valuation for a financial instrument, retrieved from an external market data service. For equities and index funds, this is the last traded price or closing price from the relevant exchange. For precious metals, this is the current spot price per troy ounce. Market prices are updated periodically and used to calculate the current value of holdings in portfolio calculations.

current orders

Orders that are in active fulfillment states (confirmed, processing, dispatched, out for delivery) and have not yet reached a terminal state (delivered, cancelled, returned, refunded). Current orders represent ongoing transactions that require customer attention or tracking, as opposed to completed historical orders.

customer segment membership

The classification of a customer into one or more predefined groups based on attributes such as purchase history, loyalty program tier, geographic location, or demographic characteristics. Customer segment membership determines eligibility for segment-specific discounts, promotions, or pricing rules.

D

daily rate

The monetary amount charged per day for each day a borrowed item remains overdue. Daily rates may vary based on item type (e.g., regular books, reference materials, media), member category, or other policy factors. The rate is applied to calculate total fines owed for overdue items.

damaged

A condition of a returned item where physical or functional integrity has been compromised beyond normal wear and tear, requiring assessment by library staff. Damaged items may be flagged for repair, replacement, or withdrawal from circulation, and may result in additional charges to the member responsible for the damage.

dark factory

A software development methodology or process framework that defines a structured workflow from specification through to acceptance, consisting of the phases: specify → scope → review → design → plan → build → accept. The term suggests an automated or lights-out approach to requirement processing and delivery.

dark factory lifecycle

The end-to-end process by which requirements are formally specified, handed over to an AI builder, reviewed, designed, planned, built, and accepted with full traceability. The lifecycle operates with minimal human intervention ('dark factory' metaphor from manufacturing), relying on structured handovers, automated quality gates, and versioned snapshots to ensure repeatable, auditable delivery from specification to working software.

dashboard view

A visual interface displaying key performance indicators and operational metrics in a consolidated, at-a-glance format, typically using charts, graphs, and numeric displays. The dashboard provides real-time or near-real-time updates and serves as the primary monitoring interface for library managers.

data exchange

The bidirectional transfer of structured information between the platform and external systems through API requests and responses. Data exchange encompasses request payloads sent to the API, response data returned by the API, error messages, and any metadata required for successful communication and data synchronization.

database column

A vertical data field in a database table that stores a specific attribute for all records in that table, identified by a column name and defined with a data type, constraints, and other metadata. In this context, 'req_templates.recommended_analyses' refers to the column named 'recommended_analyses' in the 'req_templates' table that stores the comma-separated list of analyser step-codes for each requirement template.

de&s

Defence Equipment & Support — the UK Ministry of Defence's procurement organization responsible for acquiring, supporting, and managing military equipment and services. DE&S acts as the MOD's acquisition authority, managing contracts with suppliers, defining requirements, and ensuring delivered systems meet operational needs and comply with MOD standards and policies.

dead-letter queue

A message queue that stores messages that cannot be processed successfully after multiple retry attempts, preventing them from blocking the main processing queue. Dead-letter queues enable manual inspection, debugging, and remediation of failed messages while maintaining system throughput for valid messages.

decision

A discrete technical choice made during the design, review, planning, or build phase that addresses a specific aspect of system implementation. Each decision documents: (1) the decision made, (2) alternative options considered, (3) rationale for the chosen approach, (4) requirements affected, and (5) current status (proposed, accepted, rejected). Decisions are logged individually within a scope and require developer approval before being considered final.

decision record

A structured document or database record that captures the rationale, context, and justification for a specific design or operational decision, including the decision made, alternatives considered, reasons for the chosen approach, and any constraints or trade-offs. In the context of template analyses, a decision record documents why certain templates receive no recommended analyses, providing audit trail and knowledge preservation.

declined

A terminal status for a backlog item indicating that the analyst has decided not to act on the item, with a documented reason for rejection. Declined items remain in the backlog for audit purposes but are excluded from active consideration. Once declined, the item cannot be reopened; if reconsideration is needed, a new backlog item must be created.

decline_note

A mandatory text field (maximum 2,000 characters) that captures the analyst's explanation for declining a backlog item, documenting the business rationale for not pursuing the proposed work. The note is required when transitioning an item to 'declined' status and becomes part of the permanent audit record, providing context for future reference and stakeholder communication.

deep link

No definition yet.

def stan 00-055

UK Ministry of Defence Standard 00-055: Requirements for Safety Related Software in Defence Equipment. A mandatory standard specifying software development, verification, and validation requirements for safety-critical defence systems, defining software integrity levels, development processes, verification methods (including structural coverage requirements like MC/DC), and documentation requirements based on risk classification.

def stan 00-056

UK Ministry of Defence Standard 00-056: Safety Management Requirements for Defence Systems. A mandatory standard specifying safety management processes, hazard analysis methods, risk assessment procedures, safety case requirements, and independent safety assessment criteria for defence equipment throughout its lifecycle. Defines risk classes (A-E) and acceptable risk levels for different hazard severities and likelihoods.

default filtered list view

The backlog list view displayed when no explicit filter parameters are applied, configured to show only backlog items with status 'open', excluding items with terminal statuses ('promoted' or 'declined'). This is the primary view analysts use to identify pending work requiring triage decisions.

default option

The pre-selected choice in a prompt or form that will be applied if the user dismisses the prompt without making an explicit selection, or that is visually indicated as the recommended choice. In the merge options prompt, 'Keep' is the default option, preserving the current recommended_analyses when the user dismisses the prompt or does not make an active selection.

default value

A pre-populated value automatically inserted into a form field when the form is first displayed, derived from system logic, user context, or related data. Default values can be accepted as-is or modified by the user before submission. In the context of scope creation, the default scope name may be generated from patterns like 'New Scope [timestamp]' or derived from selected backlog item titles.

default values

Pre-populated or system-assigned values automatically applied to form fields when creating a new entity, based on business rules, user preferences, or system configuration. Default values reduce data entry effort and ensure consistency, but can be overridden by the user before submission.

deferred scope

A scope that was planned for delivery but postponed to a later time, typically due to resource constraints, priority changes, or dependencies on other work. Deferred scopes may have stories carried forward to new scopes, and the deferral decision is typically recorded in the scope's audit trail or status history.

deferred work

Work items, features, or requirements that were originally included in a scope's plan but were not completed during the build phase and have been postponed for future implementation. Deferred work is explicitly identified during build closure, documented with a reason for deferral, and converted into backlog items to ensure it is not lost. Deferral may occur due to time constraints, priority changes, technical blockers, or scope adjustments agreed with stakeholders.

defined timeout period

The maximum duration (measured in minutes) that stock can remain reserved for items in a customer's shopping basket before the reservation automatically expires and the stock is released back to available inventory. The timeout period begins when an item is added to the basket and resets with each basket modification. Typical values range from 10-30 minutes for e-commerce systems, balancing customer convenience against inventory availability for other shoppers.

delete

The action of removing an investment holding record from the user's active portfolio, making it no longer visible in current holdings or included in portfolio calculations. Deletion may be logical (marking as inactive while preserving historical data) or physical (permanent removal), depending on audit and tax reporting requirements.

delivered

An order status indicating that the package has been successfully handed over to the customer or an authorized recipient at the delivery address, or left in a secure location according to delivery instructions. This status is typically confirmed by carrier delivery confirmation (signature, photo, or GPS verification) and represents the terminal successful state of an order.

delivery receipt

No definition yet.

demo agenda

An ordered subset of the template inventory consisting only of help pages flagged with demo_inclusion values other than 'none' (initially 'core' and 'optional'), sequenced by the agenda_sequence field to define a walk-through path for product demonstrations. The demo agenda is used to guide live demonstrations, generate demo-only PDF exports, and provide a curated tour of key REQQA features for prospects, conference presentations, or internal training.

demo organisation

A dedicated organisations table record marked with is_demo=true that contains curated demonstration content for screenshot capture and product demonstrations. The demo organisation is isolated from production customer data, excluded from production reports and listings, and its content is reset from a canonical fixture file during each release deployment to maintain consistency.

demo user

A pre-configured user account in the demo application (FR-17.10) with credentials, permissions, and seeded data designed to enable navigation of all help-relevant pages without requiring manual setup. The demo user has access to representative features, sample data, and UI states needed for screenshot capture, and is created as part of the demo application fixture.

demo-only pdf

A filtered PDF export containing only help pages, how-to guides, and glossary entries marked with demo_inclusion != 'none', designed to provide a self-contained demonstration manual for prospects and pre-meeting briefing materials. The demo-only PDF excludes production-specific content and focuses on features relevant to the demonstration agenda.

demonstration-agenda rendering

A system capability referenced in FR-17.17 that generates structured demonstration scenarios or training agendas by consuming the canonical template inventory and filtering templates based on demo_inclusion flags, producing a sequenced presentation of help content for product demonstrations or user onboarding.

demo_inclusion

A field in the canonical template inventory that indicates whether a template should be included in demonstration scenarios or training materials, used by demonstration-agenda rendering (FR-17.17) to filter which templates are presented in product demonstrations or onboarding workflows.

demo_inclusion enum

An enumerated database column type on the help_pages table with three possible values (none, demo_only, both) that controls whether a help page is included in demonstration materials. 'none' excludes the page from demos, 'demo_only' includes it only in demo exports, and 'both' includes it in both production help and demo materials. Used in conjunction with agenda_sequence to construct demonstration agendas.

dependency

A priority classification for backlog items indicating that the item is required as a prerequisite for other planned work or represents technical infrastructure needed to support future features. Dependency items may not deliver direct user value but are necessary to unblock or enable other development efforts. This is the second-highest priority classification in the product backlog taxonomy.

derived requirements

Requirements that are generated or decomposed from user stories, representing the formal specification of functionality described in story format. The term suggests a bidirectional relationship where stories can produce requirements, complementing the more common pattern of requirements producing stories.

descriptive terms

Natural language words or phrases that characterize product attributes, features, or qualities, such as 'durable', 'high-visibility', 'extra duty', 'championship', or 'all-weather'. Descriptive terms may appear in product names, descriptions, or metadata and are searchable to help customers find products matching their needs.

design decision

A discrete technical choice made during the design phase that addresses a specific aspect of the system implementation. Each design decision documents: (1) the decision made, (2) alternative options considered, (3) rationale for the chosen approach, and (4) current status (proposed, approved, rejected, superseded). Design decisions are logged individually within the design record and require developer approval before being considered final.

design record

A structured document capturing design decisions, architectural choices, implementation approach, and technical rationale for a scope. The design record includes individual design decisions with their context and alternatives considered, and serves as the authoritative design artifact for the scope, posted to REQQA via API for traceability and audit purposes.

detach

The action of removing the linkage between a backlog item and a scope by setting the backlog_items.scope_id field to null, indicating that the item is no longer planned for that scope's delivery. Detaching is only permitted while the scope is in draft status and does not change the backlog item's status.

deterministically

In a manner that produces the same output given the same input, with no randomness or variability. Deterministic correlation ensures that re-processing the same event will always produce the same correlation result.

developer

In the context of scope management, the user role responsible for creating and defining scopes, analyzing requirements, and preparing scopes for handover to builders. The developer (scope creator or organization member with appropriate permissions) has exclusive authority to transition scope status and revise scopes based on builder feedback. This role is distinct from software developers who write code.

device

A distinct computing endpoint (computer, tablet, smartphone, or browser instance) from which a user accesses the application, identified for session management purposes. In the context of single-session enforcement, different devices are distinguished to ensure only one active session exists per user, with new logins from a different device invalidating previous sessions.

discounts

Price reductions applied to products or orders based on promotional rules, coupon codes, customer loyalty status, or other business logic. Discounts may be percentage-based or fixed amounts, and can apply to individual items, categories, or entire orders. The system must track which discounts are applied and ensure they combine correctly according to business rules.

dismisses

A user action that closes a prompt or dialog without making an explicit selection from the presented options, typically performed by clicking outside the prompt area, pressing the ESC key, or clicking a close/cancel button. When a merge options prompt is dismissed, the system applies the default 'Keep' option, preserving the current recommended_analyses while updating the template.

dispatched

An order status indicating that the order has been picked, packed, and handed over to a shipping carrier for delivery to the customer. At this stage, the order has left the warehouse or fulfillment center and is in transit. A tracking number from the carrier is typically available at this point.

display name

A user-chosen label shown in the application interface to identify the authenticated user, typically displayed in the navigation bar, profile page, and user-specific messages. The display name may be the user's real name, a nickname, or any preferred identifier, and can be updated by the user at any time through the profile page. It is distinct from the email address used for authentication and does not need to be unique across users.

Disruption Orchestrator

No definition yet.

disruption signal

No definition yet.

docusaurus

An open-source static site generator built with React that converts Markdown files into a documentation website with built-in search, versioning, and theming capabilities. Docusaurus is maintained by Meta (Facebook) and is commonly used for technical documentation sites.

docusaurus tree

The directory structure and file hierarchy of a Docusaurus documentation site, typically rooted at a 'docs/' or 'website/' directory, containing markdown content files, configuration files (docusaurus.config.js), static assets, and generated output. The tree follows Docusaurus conventions for organizing content into versioned docs, blog posts, and pages, with the file system structure determining URL routing and navigation hierarchy.

docusaurus-prince-pdf

A plugin for the Docusaurus documentation framework that generates PDF output from documentation content using the PrinceXML rendering engine. The plugin processes Docusaurus markdown content and produces a single consolidated PDF document with preserved formatting, navigation structure, and styling.

dompurify

A JavaScript library that sanitizes HTML and prevents Cross-Site Scripting (XSS) attacks by removing malicious code from user input before it is inserted into the DOM or stored in browser storage. DOMPurify is used to sanitize product names, quantities, and other user input before storing in localStorage, mitigating XSS risks in guest basket storage.

dormant

A state where an OAuth provider plugin is registered in the system but inactive and non-functional due to missing credentials (client_id or client_secret). A dormant plugin does not appear in the user interface, does not expose any login buttons or OAuth endpoints, and cannot process authentication requests. The plugin code remains loaded but is effectively disabled until valid credentials are configured.

dosr

Defence Ordnance Safety Regulator - the UK Ministry of Defence authority responsible for regulating safety aspects of defence ordnance, munitions, and explosives throughout their lifecycle. In the context of this requirement, DOSR may have oversight of safety-critical systems deployed in combat environments, though the specific regulatory role for soldier-worn electronics requires clarification.

draft status

A scope state indicating that the scope definition is incomplete or under construction, typically occurring when a scope has been created but contains no stories. Draft status allows scopes to be saved and edited before they are ready for use in development planning or implementation, with a warning displayed to indicate incompleteness.

dsar

Data Subject Access Request - a formal request under GDPR (Article 15) or similar privacy regulations where an individual asks an organization to provide a copy of all personal data held about them, including the purposes of processing, categories of data, recipients, retention periods, and the source of the data. Organizations must respond within one month.

E

ecdh p-384

Elliptic Curve Diffie-Hellman key agreement using the P-384 curve — a cryptographic protocol that allows two parties to establish a shared secret key over an insecure channel without prior shared secrets. P-384 refers to the NIST P-384 elliptic curve (also known as secp384r1), which provides approximately 192 bits of security strength. ECDH is used for key agreement in scenarios where parties need to establish encryption keys dynamically.

edifact

Electronic Data Interchange For Administration, Commerce and Transport - a legacy international EDI standard widely used in the travel industry for booking, ticketing, and reservation messages. EDIFACT messages use a structured text format with segments and data elements, predating modern XML/JSON APIs.

editorial workflow

The process by which release-notes entries are created, reviewed, approved, and published, including role assignments (who can create, who can approve), approval gates, draft/published state transitions, and the requirement that authors explicitly set visibility flags before publication. The workflow ensures quality control and intentional visibility decisions for release communications.

email service provider

A third-party service (such as SendGrid, Mailgun, or Amazon SES) that handles the technical delivery of transactional emails on behalf of the Order Service. The provider accepts email requests via API, manages sending infrastructure (SMTP servers, IP reputation, bounce handling), provides delivery status tracking, implements retry logic for transient failures, and reports delivery metrics. The provider is responsible for final delivery to recipient mail servers but not for recipient inbox placement (which depends on recipient spam filters).

emcon

Emission Control - a military operational security measure that restricts or minimizes electromagnetic emissions (radio, radar, etc.) to reduce the risk of detection, targeting, or electronic warfare by adversaries. In EMCON mode, the squad leader may reduce location reporting frequency to decrease the squad's RF signature and make it harder for enemy forces to detect or locate the unit through radio direction finding.

emcon mode

Emission Control mode — an operational state where radio frequency transmissions are minimized or eliminated to reduce the electromagnetic signature of military forces, making them harder to detect, locate, or target by adversary electronic surveillance and direction-finding systems. In EMCON mode, communication systems reduce transmission power, frequency, or duration, or cease transmitting entirely while maintaining receive capability.

empty array

A JSON array with zero elements, represented as [], returned in API responses when a query matches no records. An empty array indicates successful query execution with no results, distinct from null (which indicates absence of data) or error responses.

equities

Shares of ownership in individual publicly-traded companies, identified by ticker symbols and measured in whole or fractional shares. Equities are valued based on current market prices from stock exchanges, and may generate dividends or undergo corporate actions (splits, mergers) that affect holding quantities and cost basis.

error message

A user-facing notification displayed when an operation fails or encounters an invalid state, providing a clear explanation of what went wrong and actionable guidance for resolution. Error messages must be non-technical, specific to the failure context (e.g., 'Basket storage limit reached. Please remove items or proceed to checkout.'), and include an error code for support reference where applicable.

error report

A structured output generated by the population process when failures occur, containing diagnostic information including the nature of the error, which template(s) were affected, the state of the system at failure, and sufficient detail to enable troubleshooting and remediation. The error report format, delivery mechanism (log file, console output, database record, notification), and required content fields should be specified by operational requirements.

escalation

No definition yet.

escalation policy

No definition yet.

estimated delivery date

A calculated date representing the expected day when an order will be delivered to the customer's specified address, based on factors including order processing time, shipping method selected, carrier transit times, destination location, and current fulfillment capacity. The estimate may be expressed as a specific date or a date range, and should account for weekends, holidays, and known delays. Accuracy of estimates affects customer satisfaction and support volume.

eu261

EU Regulation 261/2004 - the European Union regulation establishing common rules on compensation and assistance to passengers in the event of denied boarding, flight cancellations, or long delays. It mandates specific compensation amounts (€250-€600) based on flight distance and delay at arrival, with exemptions for extraordinary circumstances beyond the airline's control.

expiry batch job

A scheduled background process that runs every 15 minutes to identify guest baskets that have exceeded their 72-hour retention period and mark them as expired. The job calculates expiry based on (current_time - last_modified_at) > 72 hours, skips baskets in active sessions (basket_viewed event within last 5 minutes), and defers expiry for baskets in checkout status. Expired baskets are subsequently purged by the scheduled purge process.

exponential backoff

A retry strategy where the wait time between retry attempts increases exponentially (e.g., 1s, 2s, 4s, 8s) to avoid overwhelming a failing service while giving it time to recover. Often combined with jitter (random variation) to prevent synchronized retry storms from multiple clients.

extraordinary circumstances

Events beyond an airline's control that exempt the carrier from paying compensation under EU261/UK261, including severe weather, air traffic control restrictions, security threats, political instability, and strikes external to the airline. The burden of proof lies with the carrier to demonstrate the disruption was caused by extraordinary circumstances and that all reasonable measures were taken to avoid the delay or cancellation.

F

faq entry

A published question-and-answer pair in the Frequently Asked Questions surface, created by admin review of candidate signals (search terms, feedback, support questions), containing a user-facing question, detailed answer, metadata (source signal, publication date, admin author), and searchable via the unified search interface (FR-17.4). FAQ entries are first-class help content distinct from auto-generated responses.

feeder

A source system or data repository that provides input to another system without replacing its functionality. In this context, the backlog serves as a feeder to project management tools by supplying prioritized work items that can be imported, synchronized, or referenced, while the project management tool retains responsibility for sprint planning, team assignment, and execution tracking.

field-level detail

Error response information that identifies which specific input fields failed validation and provides a descriptive error message for each field, enabling API clients to present targeted error feedback to users. Field-level detail typically includes the field name, the invalid value provided, and a human-readable explanation of why the value was rejected.

filtered list view

A display mode of the backlog list that shows only items matching specified filter criteria, such as status (open, promoted, declined), priority level, or source. The filtered view dynamically updates to exclude items that no longer match the active filter criteria, providing analysts with a focused view of relevant backlog items.

final housekeeping

The last set of administrative and cleanup tasks performed after a scope transitions to 'accepted' status, including: archiving artifacts, cleaning up temporary resources, finalizing audit logs, sending closure notifications, and updating project metrics. Final housekeeping ensures the scope is fully closed and all related data is properly stored or disposed of according to retention policies.

first login

The initial authentication event for a user account, occurring when a user successfully authenticates to REQQA for the first time after account creation. First login is detected by checking whether the user has any prior login history in the authentication audit log, and serves as the trigger for onboarding workflows.

fixture

A predefined data file or script used to populate database tables with initial or reference data during system deployment or testing. In the context of help content, a fixture contains the canonical set of help_pages table entries that are loaded at release time to establish the baseline help content structure.

fixture build

An automated process or script that validates database schema integrity and referential constraints during system initialization or deployment, ensuring that required baseline data structures and relationships exist before the application becomes operational. In the context of help system validation, the fixture build asserts that every role-tagged help entry has a corresponding generic (role_tag = NULL) fallback entry to prevent resolution failures.

fixture file

A version-controlled data file stored in the application repository (typically in JSON, YAML, or SQL format) that contains a canonical snapshot of demo organisation content including requirements, stories, personas, and analyses. The fixture serves as the authoritative source for re-seeding the demo application during release deployments, ensuring consistent and reproducible demo data across environments.

fk

Foreign Key - a database constraint that establishes a relationship between two tables by requiring that values in one table's column must exist in another table's primary key column, enforcing referential integrity and preventing orphaned records.

flash message

A temporary notification message displayed to users on the next page load, typically stored in session state and automatically cleared after being shown once. Flash messages are commonly used to communicate the result of an action (success, error, warning) across HTTP redirects, such as displaying 'Session expired. Please log in again.' after redirecting to the login page.

force majeure

Unforeseeable circumstances beyond a party's control that prevent fulfillment of a contract, such as natural disasters, war, terrorism, or government actions. In the context of passenger rights, force majeure events may exempt carriers from certain compensation obligations, though duty-of-care requirements typically remain in effect.

foreign key constraints

Database integrity rules that enforce referential relationships between tables by requiring that values in a foreign key column must exist in the referenced table's primary key column. Foreign key constraints prevent orphaned records and maintain data consistency by rejecting operations that would violate the relationship (e.g., inserting a record with a non-existent parent ID) or by cascading changes (deletes/updates) to dependent records.

form-level error

An error message displayed at the top or bottom of a form (rather than adjacent to a specific field) that indicates a validation failure affecting the entire form submission or multiple fields. Form-level errors typically appear in a distinct visual container (error banner or alert box) and remain visible until the user corrects the issue and resubmits the form.

forward link

An explicitly authored hyperlink within a how-to guide that references a specific context page using a canonical template key (e.g., 'help://template/reqsList'). Forward links are written by how-to authors and are extracted by the system when the how-to is saved to populate the help_references index, which enables automatic generation of back-references on the referenced context pages.

fr-20.1 dormancy rule

A configuration rule (defined in requirement FR-20.1) that determines when an OAuth provider is considered dormant or inactive based on the absence of required credentials (client ID, client secret, redirect URI). Dormant providers do not render sign-in buttons in the user interface, preventing users from attempting authentication with unconfigured providers.

free-text search

A search capability that accepts unstructured natural language input from users and matches it against product attributes (names, descriptions, brands, codes) using techniques such as keyword matching, stemming, fuzzy matching, or full-text indexing. Free-text search allows flexible product discovery without requiring users to know exact terminology or navigate structured filters.

freshness window

A configurable time period or version delta that defines the maximum acceptable age for screenshots and diagrams in help pages before they are flagged as potentially stale and requiring review. The freshness window is measured as the difference between the current system version (or date) and the image's version stamp (or last-reviewed date). When an image's age exceeds this threshold, it appears in the authoring worklist for manual verification. The window may be expressed in days, system versions, or other units depending on the versioning scheme used.

front door

The primary, direct registration path where users create accounts by providing email and password credentials through the /auth/register endpoint. This is the traditional self-service registration flow that is being disabled in the invite-only enforcement requirement. The term contrasts with 'side door' (OAuth-based registration) to distinguish between the two account creation mechanisms that must be gated.

fulfillment system

An external or integrated software system responsible for managing the physical order fulfillment process, including order picking, packing, shipping, and inventory management. The fulfillment system communicates order status changes to the e-commerce platform via API integration and may be operated by an internal warehouse team or a third-party logistics provider (3PL).

fully in scope

A status indicating that all stories derived from a particular requirement have been included in the scope. When a requirement is fully in scope, every story linked to that requirement appears in the scope's story collection, providing complete coverage of the requirement's functionality within the scope definition.

fx

Foreign Exchange - the conversion of one currency to another using an exchange rate. In the context of compensation calculations, FX rates are used to convert statutory compensation amounts (often defined in EUR) to the passenger's local currency or the carrier's settlement currency.

G

gap detection

The process of identifying user-reachable templates that lack help-page coverage by comparing the template registry (all templates discovered by the phase-exit skill) against the help_pages table. Gaps are templates with help_page_status='none' or 'stub', indicating missing or incomplete documentation. Gap detection is performed automatically by the phase-exit skill and surfaced in the template inventory for admin review.

gap list

A structured output from the guide-entry skill identifying templates in the current phase scope that lack help pages or have incomplete help content, provided to Claude Code to highlight documentation gaps that should be addressed during the phase, enabling prioritization of help authoring work.

gate check

A validation checkpoint executed during a scope status transition that evaluates whether specific preconditions are satisfied before allowing the transition to proceed. Gate checks enforce business rules (such as ensuring all attached backlog items are triaged) and reject transitions that fail validation, returning the scope to its previous state with an explanatory error message.

gherkin content

The structured text content of a user story written in Gherkin syntax, a business-readable domain-specific language used for behavior-driven development (BDD). Gherkin content consists of scenarios with Given-When-Then steps that describe system behavior in a format that can be understood by both business stakeholders and automated testing tools.

github developer settings

A section of GitHub's web interface (accessible at github.com/settings/developers) where users can create and manage OAuth Apps, configure application credentials, set callback URLs, and manage API access permissions for third-party integrations.

gitignored

A file or directory pattern listed in a .gitignore file that instructs Git version control to exclude matching files from tracking, staging, and commits. Gitignored files are not included in the repository history, are not pushed to remote repositories, and are typically used for generated artifacts, build outputs, local configuration, or sensitive credentials that should not be version-controlled.

given/when/then

A structured format for writing user story acceptance criteria or scenarios, where 'Given' establishes preconditions or context, 'When' describes the action or event, and 'Then' specifies the expected outcome or result. This format is part of Behavior-Driven Development (BDD) and Gherkin syntax, enabling clear, testable specifications.

gold template

A canonical, authoritative template record that serves as the master reference for a particular requirement type across all organizations in the system. Gold templates define the standard structure, recommended analyses, and metadata that should be replicated when organizations create their own template instances. In the current system, the REQQA org's template set (orgid = 1) serves as the de-facto Gold template collection.

gptlog

A logging and accounting subsystem within REQQA that records all calls made to OpenAI's API, capturing request parameters, response data, token consumption (prompt tokens, completion tokens, total tokens), timestamps, costs, and call outcomes. The gptlog provides an audit trail of AI interactions, enables token usage monitoring and cost tracking, and supports debugging of analysis quality issues by preserving the full context of each AI invocation.

gtid

Global Transaction Identifier - a unique identifier assigned to each transaction committed on a MySQL master database, used to track transaction replication across master and replica servers. GTIDs enable precise replication monitoring and ensure that a replica has replicated a specific transaction before allowing reads, supporting read-after-write consistency guarantees.

guest homepage

The public-facing landing page of REQQA accessible to unauthenticated visitors, which displays a subset of help content flagged with visibility='public' (such as feature overviews and release notes) to provide product information and marketing content without requiring login. The guest homepage is distinct from the authenticated user's home page.

guest shopper

A user who interacts with the e-commerce platform without creating an account or authenticating, identified only by a browser session. Guest shoppers can browse products and add items to a temporary basket stored in browser storage, but have limited persistence (24-72 hours) and no cross-device synchronization.

guest users

Users who interact with the system without creating an account or authenticating. Guest users can browse products and add items to a shopping basket, but their data is stored temporarily using browser-based storage mechanisms and is subject to shorter retention periods than registered user data.

guide skills

Two Claude Code development skills (phase-entry and phase-exit) that automate the maintenance of REQQA's help system by reading existing help content at the start of a development phase, detecting gaps or staleness, and writing or updating help pages and glossary entries at phase completion. GUIDE skills are the primary authoring mechanism for help content, supplemented by human editing.

guided orientation

A structured introduction to REQQA's core concepts and navigation presented to new users, consisting of sequential informational screens, interactive prompts, or contextual help that explains applications, requirements, stories, analyses, and help resources. The orientation guides users through key concepts without requiring them to read comprehensive documentation.

H

handover

The formal transfer of a scope from the specification phase (REQQA) to the build phase (Claude Code builder), occurring when a scope transitions to 'handover_ready' status. The handover includes the as-scoped snapshot of all included stories and requirements, establishing the baseline against which the builder will work and creating an auditable record of what was specified at the point of transfer.

handover_ready

A scope status indicating that the developer has completed initial scoping work and the scope is ready to be handed over to builders for review and implementation planning. At this transition, an as-scoped JSON snapshot is captured to preserve the scope definition at handover. This status represents the completion of the 'scope' phase in the Dark Factory process.

hash collision

An event where two different input values produce the same hash output when processed by a hash function. For cryptographic hash functions like SHA-256, collisions are computationally infeasible to find intentionally, but the possibility exists due to the pigeonhole principle (infinite possible inputs mapping to finite hash space). Collision resistance is a key security property of cryptographic hash functions.

hashed comparison

A secure authentication technique where a provided plaintext credential is hashed using the same algorithm used for storage, and the computed hash is compared against the stored hash value to verify authenticity. This approach ensures that plaintext credentials are never stored in the database and cannot be recovered even if the database is compromised. The comparison is performed using constant-time comparison functions to prevent timing attacks.

hashing algorithm

A cryptographic function that transforms input data of arbitrary size into a fixed-size output (hash value) in a one-way, deterministic manner. Secure hashing algorithms (such as bcrypt, Argon2, or SHA-256) are designed to be computationally expensive to reverse, making them suitable for password and token storage. The same input always produces the same hash, but the original input cannot be feasibly recovered from the hash.

help analytics

A system capability that collects, aggregates, and reports metrics on help system usage including search queries, result counts, page views, and user feedback, enabling identification of content gaps, popular topics, and areas requiring improvement through quantitative analysis of user interaction patterns.

help build

The process of generating the complete help documentation artifact, including running the Playwright screenshot capture script, compiling Docusaurus content, generating PDFs, and producing the final help system deliverable. The help build is a stage within the release build (FR-17.13) and must complete successfully before the release can proceed.

help content types

The distinct categories of help documentation available in the system, including help pages (general documentation), how-to guides (procedural instructions), FAQ entries (frequently asked questions with answers), and help-scoped glossary terms (terminology definitions relevant to help content). Each type has specific formatting, structure, and presentation characteristics that determine how search results are grouped and displayed.

help control

The user interface element (button, link, or icon) rendered by layout.html that users activate to access context-sensitive help. The control is placed in a fixed position on every page and triggers the help resolution logic based on the current template_key and active_panel_key. Referred to as 'help button' elsewhere in the requirement.

help glossary

A scoped view over the existing definitions and termindex tables that presents only terms relevant to REQQA's help system and user-facing documentation, distinguished from project-specific requirement terms by a scope column value of 'help' or 'both'. The help glossary reuses the project glossary engine but filters content for end-user consumption.

help index

A navigable catalog or directory of all help content (context pages and how-to guides) organized by topic, category, or hierarchy, providing users with a browsable alternative to search-based discovery. The help index serves as a structured entry point for users to explore available help resources and locate relevant documentation.

help machinery

The collective set of help system components and processes including help page authoring, screenshot capture, Docusaurus site generation, fixture management, and the help_pages database table that together provide user-facing documentation and context-sensitive help in REQQA.

help page

A discrete unit of help content in the GUIDE system, keyed to a specific user-visible template or template-plus-panel combination, containing documentation that explains the purpose, usage, and behavior of that interface element. Each help page has metadata including visibility scope, role restrictions, staleness indicators, and lifecycle status.

help-relevant pages

The subset of REQQA application pages that are documented in help content (Docusaurus how-tos, manual, or context-sensitive help) and require screenshot illustrations. Help-relevant pages are identified by their template_key or URL pattern and represent user-facing features that need visual documentation. The set is defined by a configuration file consumed by the Playwright script and may correspond to pages with help_page entries in the help system.

help-scoped entries

Glossary definition records in the definitions table where the scope column is set to 'help' or 'both', distinguishing application-level help terminology from project-specific requirements terminology. Help-scoped entries are managed through the same glossary editor interface but serve the help system rather than project requirements documentation.

help-scoped glossary terms

A subset of the application glossary containing only terms that are relevant to help documentation, user assistance, and system usage guidance. Help-scoped glossary terms are distinguished from the full application glossary (which includes technical, implementation, and domain-specific terms) and are specifically curated for end-user comprehension. These terms are searchable within the unified help search and presented as a distinct result group.

help_activity log

A database table or audit trail that records all automated help content maintenance operations performed by the guide-entry and guide-exit skills, including timestamps, phase identifiers, templates processed, pages created or updated, and any errors encountered, providing traceability and debugging capability for the automated help authoring process.

high-resolution images

Product photographs with sufficient pixel dimensions and quality to allow customers to clearly evaluate product appearance and details, typically with minimum dimensions of 800x800 pixels, supporting zoom functionality, and optimized for web delivery. Images should accurately represent product color, texture, and branding while maintaining reasonable file sizes for performance.

highlighted

A visual emphasis applied to a UI element to draw user attention, typically implemented through distinctive background color, border styling, icon, or text formatting that differentiates the element from surrounding content. In the context of backlog items, highlighting indicates items requiring user action or attention.

holding

A record representing a specific quantity of a financial asset owned by a user in their investment portfolio, including the asset identifier, quantity held, acquisition date, and cost basis per unit. Holdings are the fundamental unit of portfolio composition and are used to calculate total portfolio value, performance metrics, and tax implications.

home page

The primary landing page of the library system that serves as the entry point for authenticated library members. This page provides navigation to key features, displays personalized information (such as current loans and notifications), and serves as the reference point for measuring navigation depth to other system functions.

honeypot

An anti-spam technique where a hidden form field is added to the access request form that is invisible to human users but visible to automated bots. Legitimate users leave the field empty, while bots typically fill all fields. Submissions with the honeypot field populated are silently rejected as bot traffic. This provides basic bot protection without requiring user interaction like CAPTCHA.

how-to guide

A task-oriented instructional article that provides step-by-step guidance for completing a specific user goal or workflow spanning multiple pages or system components. How-to guides are discoverable through search and help index, contain forward links to referenced context pages, and are versioned with staleness metadata to ensure accuracy over time.

http 200

An HTTP status code indicating that a request has succeeded. In the context of web page rendering, HTTP 200 means the server successfully processed the request and returned the requested content (HTML page) to the client's browser. The status code is part of the HTTP response header and indicates successful completion of the request-response cycle.

human ops

No definition yet.

I

i18n

Internationalization (abbreviated as i18n, where 18 represents the number of letters between 'i' and 'n') - the process of designing software to support multiple languages, locales, and cultural conventions without requiring code changes. i18n includes support for translated text, date/time formats, number formats, currency, and text direction.

idempotency

A property of an operation where executing it multiple times with the same input produces the same result as executing it once, with no additional side effects. In the context of basket operations, idempotency ensures that duplicate API requests (e.g., due to network retries) do not create duplicate basket items or apply duplicate discounts. Implemented using idempotency keys or request deduplication mechanisms.

idempotency key

A unique identifier used to ensure that duplicate requests or events do not result in duplicate processing or side effects. In the context of notifications, it is computed from Case ID, channel, and template to prevent sending the same notification multiple times.

idempotency-key header

An HTTP request header field that contains a unique client-generated identifier used to ensure idempotent processing of API requests. When the same Idempotency-Key is provided with identical request body content, the API returns the cached response from the original request without creating duplicate resources. If the same key is reused with different request content, the API returns a 409 Conflict error. The header enables safe retry of failed requests without risk of duplicate operations.

idempotent

A property of an operation where executing it multiple times with the same input produces the same result as executing it once, with no additional side effects. In the context of plugin registration, idempotent means that registering the same OAuth provider plugin multiple times (e.g., across py4web restarts or repeated calls to the registration function) does not create duplicate registrations, does not cause errors, and leaves the system in the same state as a single registration would.

immutable

A data attribute or record that cannot be modified after creation. Immutable fields are write-once, ensuring data integrity and supporting audit requirements by preventing tampering with historical records. Attempts to update immutable fields should be rejected by the system with an error.

immutable fields

Database entity attributes that cannot be modified after the record is created, ensuring data integrity and supporting audit requirements by preventing tampering with historical records. In the context of backlog items, immutable fields include source, orgid, and appid. Attempts to update immutable fields are rejected with a 422 status code.

in-app help footer

A UI component displayed at the bottom of the help content popover (as defined in FR-17.2) that shows metadata about the help content being viewed, including the built_for_version value from the resolved help_pages row. The footer provides transparency about which version of help documentation the user is viewing.

inactivity

A period during which no basket-related events occur for a registered user, measured as the absence of basket view, item add, item remove, quantity modification, or checkout initiation events. Used to determine when a basket transitions to 'abandoned' status after 30 days. Does not include non-basket activities such as browsing products or account management.

inactivity timer

A server-side or client-side countdown mechanism that tracks the elapsed time since the user's last activity, automatically expiring the session when the configured timeout threshold (e.g., 30 minutes) is reached. The timer resets to zero whenever qualifying user activity occurs (page navigation, API request, form submission). The timer may be implemented as a session attribute updated on each request or as a background process checking last activity timestamps.

index funds

Investment funds that track a specific market index (e.g., S&P 500, FTSE 100) by holding a portfolio of securities that replicate the index composition. Index funds are measured in units (shares of the fund) and are identified by ticker symbols. Their value is calculated based on the Net Asset Value (NAV) published by the fund provider.

indexed

A database optimization where a separate data structure is created to enable fast lookup of records based on the indexed column's values. Indexed columns support efficient WHERE clause filtering, JOIN operations, and sorting, reducing query execution time from linear scans to logarithmic lookups. Indexes incur storage overhead and slow down write operations.

indicator

A UI element that displays status, state, or metadata information to users, typically through visual cues such as icons, colors, text labels, or symbols. In the context of backlog items, a source indicator would show whether the item originated from an analyst, builder, or AI system.

industry-standard hashing algorithms

Cryptographic hash functions widely accepted by security professionals and standards bodies for password storage, such as bcrypt, Argon2, or PBKDF2, which are designed to be computationally expensive and resistant to brute-force attacks, rainbow tables, and other cryptographic attacks.

info-icon

A small graphical symbol (typically a lowercase 'i' inside a circle) displayed adjacent to a UI control that, when clicked or hovered over, reveals contextual help information through a tooltip or popup. Info-icons serve as visual indicators that additional explanatory content is available for the associated control.

info_requests

A database table that stores access request submissions from prospective users, containing fields for requester contact information, submission timestamp, processing status (new, approved, declined, spam), and any associated notes or follow-up actions. Each row represents a single access request and serves as the authoritative record for tracking and processing user access inquiries.

inline actions

Action buttons or links displayed directly within a list item row, allowing users to perform operations on that specific item without navigating away from the list view. Inline actions provide quick access to common operations (view, edit, delete, triage) and are typically represented as buttons, icon buttons, or dropdown menus positioned at the end of each row. The availability of inline actions may vary based on item state, user permissions, or business rules.

inline error

A validation error message displayed directly adjacent to or below the form field that failed validation, providing immediate contextual feedback to the user without requiring navigation to a separate error summary. Inline errors appear in real-time (on blur or submit) and remain visible until the field is corrected.

intended use

The recommended playing context or purpose for which a tennis ball product is designed, such as 'hard court', 'clay court', 'grass court', 'all court', 'high altitude', 'junior players', or 'ball machines'. Intended use helps customers select appropriate products for their specific playing conditions and skill level.

interline

An agreement between two or more carriers (airlines, rail operators) that allows a passenger to travel on a single ticket across multiple carriers' services. Interline agreements enable through-ticketing, baggage transfer, and coordinated rebooking when disruptions occur, with revenue-sharing and liability arrangements between participating carriers.

inventory artefact

A queryable, derived data structure (implemented as a database view, materialized view, or computed result set) that presents the canonical template inventory by joining the help_pages table against the template registry discovered by the phase-exit skill. The artefact is regenerated on every phase close and provides a unified view of template_key, panel_key, help_page_status, last_touched_at, last_touched_by_phase, and demo_inclusion for all user-reachable templates. It is not a stored table but a computed representation of the current state.

inventory records

No definition yet.

invest

An acronym representing six quality criteria for well-formed user stories: Independent (can be developed separately), Negotiable (details can be discussed), Valuable (delivers user/business value), Estimable (size can be estimated), Small (fits within an iteration), and Testable (can be verified). INVEST is an industry-standard framework for evaluating story quality.

investment holdings

A record representing an asset owned by a user in their investment portfolio, including the asset type, quantity, acquisition details, and cost basis. Holdings are the fundamental unit of portfolio composition and are used to calculate total portfolio value, performance, and tax implications.

invite

A pre-authorized permission record stored in the system that grants a specific email address the right to create an account in REQQA. An invite is created by an existing user with appropriate permissions, contains the invitee's email address and target organization, and transitions from 'pending' to 'consumed' state when the invitee completes registration. Invites may have expiration timestamps and can be revoked before use.

invite-acceptance

The process by which a user who has received an email invitation to join REQQA completes their account setup by providing a password and accepting the invitation, creating an email/password authentication credential. This is the only remaining path for creating email/password users after the /auth/register endpoint was disabled.

invite-acceptance flow

A registration workflow where users can only create accounts by accepting an invitation sent by an administrator or authorized user, typically involving a unique invitation token or link that pre-authorizes account creation and may pre-populate certain account attributes (email, role, organization). This flow bypasses the standard self-service registration process and ensures controlled user onboarding.

invite-acceptance page

A web page displayed when a user follows an invitation link, allowing them to accept the invitation and create an account or join an organization. The page typically displays invitation details (inviter name, organization, role), provides authentication options (including OAuth provider buttons), and validates the invitation token before allowing account creation or association.

invite-only page

A web page displayed to users who attempt to register or authenticate without a valid invitation, explaining that REQQA operates on an invitation-only basis and providing instructions for requesting an invitation or contacting support.

invited org

An organization in REQQA to which a user has been explicitly invited through the invitation system defined in FR-20.5, granting them authorization to register and access that organization's resources upon successful authentication.

in_review

A scope status in REQQA indicating that the Dark Factory builder's review has been completed and feedback issues have been posted, awaiting analyst resolution before the scope can proceed to design. This status prevents duplicate handover attempts and signals that the scope is in a feedback-remediation cycle.

isbn

International Standard Book Number - a unique numeric commercial book identifier assigned to each edition and variation of a publication. ISBNs may be in 10-digit (ISBN-10) or 13-digit (ISBN-13) format. The system must support searching and matching against both formats and handle formatting variations (with/without hyphens).

iso 4217

An international standard published by the International Organization for Standardization (ISO) that defines three-letter alphabetic codes for currencies (e.g., USD for United States Dollar, EUR for Euro, GBP for British Pound Sterling). The standard also defines three-digit numeric codes and the number of decimal places for each currency. ISO 4217 codes are widely used in financial systems, e-commerce platforms, and international transactions to unambiguously identify currencies.

issue detection pipeline

The sequence of processing stages within the analysis engine that identifies, classifies, and records requirement quality issues. The pipeline includes: (1) AI-based analysis of requirement text against step-specific criteria, (2) parsing of AI responses to extract issue records, (3) application of severity and confidence scoring models, (4) deduplication and consolidation of similar issues, (5) validation of issue structure and content, and (6) persistence to the analysis_issues table. The pipeline ensures consistent issue detection and recording across all analysis types.

is_demo

A boolean flag on the organisations table that marks an organisation record as containing demonstration or test data rather than production customer data. When true, the organisation is excluded from production listings, reports, and analytics, and its data may be reset or overwritten during release deployments without affecting real customer information.

item count

The total number of items in a basket, calculated as the sum of BasketItem.quantity for all items in the basket. Item count is displayed in the basket badge, used for capacity validation (maximum 9,999 per BR-08), and included in basket summary displays. Distinct from product count (number of unique products).

itemised order details

A line-by-line breakdown of all products included in an order, displaying for each item: product name, SKU or product code, quantity ordered, unit price, any discounts applied, line total, and product-specific attributes (size, color, variant). The itemised list provides transparency into what was purchased and at what cost, supporting customer verification and dispute resolution.

J

jitter

Random variation added to retry intervals or scheduled tasks to prevent synchronized behavior across multiple clients or processes. In the context of exponential backoff, jitter prevents all failed requests from retrying at exactly the same time, which could cause a thundering herd effect and overwhelm a recovering service.

journey

No definition yet.

K

kickoff ui

The user interface component or page where an analyst initiates an analysis run by selecting which requirements or artifacts to analyze, choosing which analysis steps to execute (via checkboxes or similar controls), and configuring analysis parameters. The kickoff UI is the entry point for triggering the analysis workflow and consumes recommended-analyses metadata to pre-select applicable analysis checkboxes.

kyc

Know Your Customer - regulatory requirements and processes for verifying the identity of customers to prevent fraud, money laundering, and terrorist financing. KYC typically involves collecting and validating identity documents, proof of address, and other information. 'KYC-lite' refers to simplified verification for lower-risk or lower-value transactions.

L

large number of titles

A database volume threshold representing the upper bound of expected book catalogue entries that the system must handle while maintaining acceptable search performance. This quantifies the scale requirements for database design, indexing strategy, and query optimization.

last modification

The most recent timestamp when a basket's contents or state were changed, including item additions, removals, quantity updates, or price recalculations. Used to determine basket expiration periods and retention eligibility. Excludes read-only operations such as basket views.

last write wins

A conflict resolution strategy for concurrent modifications where the most recent update (based on timestamp) overwrites any previous changes, without attempting to merge or reconcile conflicting edits. In the context of basket management, when the same basket is modified simultaneously from multiple sessions or devices, the last modification to be committed to the database becomes the authoritative state, and earlier modifications are discarded.

lead contact

No definition yet.

leg

No definition yet.

library operating hours

The designated time periods during which the library facility is open to the public and the system is expected to provide full service availability. These hours define the window for measuring uptime requirements and distinguish operational periods from maintenance windows.

lifecycle transitions

The valid state changes that a scope can undergo as it progresses through its workflow, defined as a state machine with permitted transitions between status values. Invalid transitions are rejected with a 400 error listing the valid next states from the current state. The lifecycle ensures scopes follow a controlled progression through analysis, planning, implementation, and completion phases.

linked to scope

The state where a backlog item has an active association with a scope, represented by a non-null scope_id foreign key reference in the backlog_items table. A linked item appears in the scope's backlog item collection and is considered part of the scope's planned work, though it remains in 'open' status until triaged. The link can be removed (detached) while the scope is in draft status.

linkedin developer portal

LinkedIn's web-based developer console (https://www.linkedin.com/developers/) where developers register OAuth2 applications, obtain client credentials (client ID and client secret), configure authorized redirect URIs, and manage API access permissions for LinkedIn authentication and data access.

linked_requirement

A foreign key field on a backlog item that references the requirement to which the item has been promoted, establishing a formal relationship between the backlog item and the requirement it has been incorporated into. This field is populated when a backlog item transitions to 'promoted' status and enables traceability from backlog items to their corresponding requirements in the formal requirements model.

linter

An automated code analysis tool that examines source code, templates, or configuration files to detect potential errors, enforce coding standards, and identify deviations from established conventions. Linters typically run as part of the development workflow or CI/CD pipeline and report violations as warnings or errors. In this context, a linter would scan template files to detect non-sanctioned HTML title attributes that violate the inline help conventions.

loading indicator

A visual UI element (such as a spinner, progress bar, or animated icon) displayed to users during asynchronous operations to indicate that the system is processing their request and they should wait. In the context of basket persistence failures, shown during retry attempts to provide feedback that the system is attempting to save changes.

loan status

The detailed borrowing state of a specific book copy, including whether it is currently on loan, the due date if borrowed, any holds or reservations, and loan history. This provides more granular information than availability status, showing not just if a book can be borrowed but the complete lending context including who has it, when it's due back, and the queue of waiting members.

locale

A language and regional formatting code (e.g., 'en-GB' for British English) that determines which message templates, quiet hours rules, and cultural conventions are applied when composing and dispatching passenger notifications. The locale ensures that communications are delivered in the appropriate language and format for the recipient's region, and is stored with each outbound message for audit and compliance purposes.

location block

An nginx configuration directive that defines how to process requests for specific URL paths or patterns. A location block specifies the document root, proxy settings, or other handling rules for URLs matching its pattern. Location blocks enable serving multiple sites or applications from different paths under a single domain (e.g., example.com/docs, example.com/app).

lock price

The action of fixing the unit price of a basket item at the value that was current when the item was added to the basket, preventing automatic price updates when the product's current price changes. Price locking protects customers from price increases but may also prevent them from benefiting from price decreases during their shopping session.

log file

A persistent text file stored on disk that records events, operations, and messages generated by a system or application, typically including timestamps and severity levels. Log files support debugging, audit trails, and operational monitoring by preserving a chronological record of system activity.

logged

Recorded in a persistent audit trail or transaction history for compliance, security monitoring, or troubleshooting purposes. In the context of payment transactions, this refers to capturing transaction details, timestamps, and associated metadata in a traceable format. For access control, it refers to recording all attempts to access sensitive member data, creating an audit trail that documents who accessed what information and when.

lunr

Lunr.js - a lightweight, client-side full-text search library for JavaScript that enables search functionality in static websites without requiring a server-side search backend. Lunr builds an inverted index from document content at build time, which is then loaded in the browser to perform fast, offline-capable searches. Commonly used in static site generators like Docusaurus to provide search over documentation content.

M

markdown backlog file

A text file in Markdown format stored in the analyst repository following the naming convention 'Backlog_vN.md' (where N is a version number) within a review-dated directory structure 'documentation/reviews/YYYYMMDD-Review/'. Each file contains backlog items structured as level-2 headings with priority tags in square brackets (e.g., '## [MVP] Item title') followed by multiline description text. These files represent the legacy storage format for backlog items prior to the introduction of the backlog_items database table.

market data service

An external system or API that provides real-time or delayed pricing information for financial instruments including equities, index funds, and precious metals. The service supplies current market prices, historical price data, and instrument metadata used for portfolio valuation and performance calculations. The service must support all asset types in the supported instruments list.

marketing-site owner

The individual or team responsible for maintaining and updating the REQQA marketing website hosted at reqqa.ai, including content management, design updates, and CTA link configuration. This role has authority to implement changes to the marketing site independently of the main application development team.

marquetry

A decorative technique involving the assembly of small pieces of wood veneer to create patterns or images, not applicable to this disruption operations platform. This term appears to have been included in error and does not relate to event-driven systems, passenger re-accommodation, policy engines, or any technical component of the requirements domain.

mct

Minimum Connection Time - the shortest interval between an arriving flight/train and a departing connection that an airline or station considers operationally feasible for passenger transfer, including time for deplaning, terminal navigation, security re-screening (if required), and boarding. MCT values vary by airport/station, carrier, passenger type (e.g., PRM requiring assistance), and whether the connection is domestic or international.

merge action

The user-selected strategy for combining guest and registered baskets during login/registration, with three possible values: 'merge' (combine both baskets with conflict resolution), 'replace' (discard guest basket and keep registered basket), or 'discard' (discard guest basket and keep registered basket). The merge action determines how basket contents are consolidated and is recorded in the BasketMerge audit record.

merge modal

A modal dialog user interface component displayed when a guest user logs in or registers and both their guest basket and registered account basket contain items. The modal prompts the user to choose a merge action (merge, replace, or discard) and, for the merge action, presents conflict resolution options for duplicate products. The modal blocks interaction with the underlying application until the user makes a selection or dismisses it.

merge options prompt

A specific type of prompt displayed when a requirement's template is changed and the new template's recommended_analyses differ from the current value. The prompt presents three mutually exclusive options: 'Replace' (adopt new template defaults), 'Keep' (retain current values), or 'Merge' (union of current and new values), with 'Keep' as the default selection.

message queue

A middleware component that enables asynchronous communication between system components by temporarily storing messages until they can be processed. Messages are added to the queue by producers and consumed by workers in FIFO order (or priority order). Message queues provide decoupling, load leveling, and reliability through features like persistence, acknowledgments, and dead-letter queues. Examples include RabbitMQ, Apache Kafka, AWS SQS.

message template

No definition yet.

metadata

A section of an API response containing supplementary information about the result set rather than the data itself, including pagination details (page, page_size, total_count, total_pages), query parameters applied, and response generation timestamp. Metadata is typically returned in a separate JSON object alongside the data array.

mha

Master High Availability Manager for MySQL - an automated master failover and monitoring tool that detects MySQL master failures, promotes a replica to new master, and reconfigures other replicas to follow the new master. MHA minimizes downtime during failover (typically 10-30 seconds) by performing fast master promotion and supports both automatic and manual failover modes. It is commonly used in MySQL replication environments to improve availability.

microsecond precision

A timestamp format that includes time measurement down to one millionth of a second (microseconds), typically represented as YYYY-MM-DD HH:MM:SS.mmmmmm in databases. Microsecond precision enables accurate ordering of events that occur in rapid succession and supports high-resolution audit trails for systems processing multiple transactions per second.

microsoft teams

No definition yet.

migration cycle

The process of planning, testing, and deploying database schema changes in a controlled manner, typically involving: (1) generating migration scripts using tools like /pydal-migrate, (2) testing migrations in development and staging environments, (3) scheduling deployment during maintenance windows, (4) executing migrations on production databases, and (5) verifying schema changes and data integrity post-migration. Migration cycles ensure database changes are applied safely without data loss or service disruption.

migration report

A structured summary document generated by the migration script upon completion (successful or failed) that contains execution metrics including files_processed count, items_created count, duplicates_skipped count, validation_errors count, execution_time_ms, and detailed listings of any duplicate items skipped or validation errors encountered. The report format (JSON, text, log file) and delivery mechanism (console output, file, database record) are implementation-specific.

migration script

A one-time executable program or database script that reads legacy markdown backlog files from the analyst repository, parses their content, validates the extracted data, and inserts backlog items into the backlog_items database table while enforcing transactional semantics and duplicate detection rules. The script is invoked manually by a system administrator with specified application_id and organisation_id parameters, and produces a migration report summarizing execution results.

mission

The overarching purpose and strategic objective of the disruption operations platform: to detect journey irregularities in near real time, orchestrate passenger communications, and execute policy-compliant re-accommodation and compensation workflows with full auditability. It defines the system's core value proposition of translating carrier policies and consumer-rights regimes into deterministic, explainable outcomes for affected passengers.

mit-licensed

Software distributed under the MIT License, a permissive open-source license that allows free use, modification, and distribution of the software with minimal restrictions. The MIT License requires only that the original copyright notice and license text be included in copies or substantial portions of the software. This license is considered business-friendly as it permits commercial use without copyleft requirements.

modal

A modal window or dialog box - a UI overlay that appears on top of the main application content, requiring user interaction before they can return to the underlying page. Modals typically dim or disable the background content, focus user attention on a specific task or message, and are dismissed through explicit user action (clicking a button, pressing ESC, or clicking outside the modal area).

modal dialog

A UI overlay window that appears on top of the main application content, requiring user interaction before they can return to the underlying page. Modal dialogs block interaction with the rest of the application until the user makes a choice or dismisses the dialog, ensuring critical decisions are not overlooked.

monetary displays

Any UI element throughout the application that presents currency values to users, including portfolio valuations, holding values, cost basis amounts, gains/losses, and transaction amounts. Monetary displays are formatted according to the user's selected base currency preference, including appropriate currency symbols, decimal precision, and thousands separators.

mutable fields

Database entity attributes that can be modified after the record is created, as opposed to immutable fields which are write-once. In the context of backlog items, mutable fields include title, description, priority, and scope_id, which can be updated while the item is in open status.

mvp

Minimum Viable Product - a priority classification for backlog items indicating that the item represents core functionality required for the initial product release. MVP items are essential features that must be delivered to meet the minimum threshold for product viability and user value. This is the highest priority classification in the product backlog taxonomy.

N

naming conventions

A documented set of rules governing how files and directories within a content surface should be named, including patterns for file extensions (.md, .mdx), use of hyphens vs underscores, capitalization rules, date formats for time-series content (e.g., release notes), and any required prefixes or suffixes that enable proper sorting, discovery, and automated processing.

navigation bar

A persistent UI component displayed at the top or side of the application interface that provides navigation links to key application sections and displays user context information such as the authenticated user's display name and logout option. The navigation bar is present across all authenticated pages and updates dynamically when user profile information changes.

ndc

New Distribution Capability - an XML-based data transmission standard developed by IATA to enable airlines to distribute rich content and ancillary services directly to travel agents and customers. NDC provides more detailed product information and personalization than legacy EDIFACT systems, supporting modern retailing capabilities.

negative stock

No definition yet.

negotiation round

A structured exchange cycle in the builder feedback workflow where: Round 1 consists of the builder posting a batch of feedback issues and the analyst resolving or rejecting each issue; Round 2 allows the builder one follow-up response to unclear rejections. After two rounds, the analyst's decision is final, and unresolved disagreements are moved to Accepted status with a risk-acknowledgement comment.

nginx

A high-performance open-source web server and reverse proxy server that handles HTTP requests, serves static files, and can route traffic to application servers. In REQQA's context, nginx is the existing web server infrastructure that will host the Docusaurus-generated documentation site alongside the main application.

nice-to-have

A priority classification for backlog items indicating that the item represents optional functionality that would be pleasant to have but provides minimal business value or user impact. Nice-to-have items are the lowest priority and are typically implemented only if time and resources permit after higher-priority work is complete. This is the lowest priority classification in the product backlog taxonomy.

no-op updates

Update requests that specify field values identical to the current stored values, resulting in no actual data modification. No-op updates are rejected with a 422 status code and 'No changes detected' error message to prevent unnecessary database writes, audit log entries, and timestamp updates when no meaningful change has occurred.

normalization

No definition yet.

notification provider

No definition yet.

notification providers

No definition yet.

O

oal

Other Airline/Operator - a carrier different from the one that issued the original ticket or operates the disrupted service. OAL rebooking involves transferring a passenger to a competitor's service, typically requiring interline agreements, endorsement of the ticket, and commercial settlement between carriers.

oauth callback

An HTTP endpoint in the REQQA application that receives the authorization response from an OAuth2 identity provider after the user has authenticated and granted permissions. The callback receives an authorization code or access token, validates it, and completes the authentication process by creating or updating the user session. In py4web, this is typically handled by the framework's OAuth plugin at a URL like /auth/plugin/google/callback.

oauth code

A short-lived authorization code returned by an OAuth provider to the callback URL after successful user authentication. The code is exchanged by the application for an access token through a server-to-server request, following the OAuth 2.0 authorization code grant flow. The code typically expires within minutes and can only be used once.

oauth dance

The multi-step OAuth2 authorization code flow sequence where: (1) the user clicks a provider login button, (2) REQQA redirects to the provider's authorization page, (3) the user authenticates and grants permissions, (4) the provider redirects back to REQQA's callback URL with an authorization code, (5) REQQA exchanges the code for an access token, and (6) REQQA retrieves the user's profile information. The term 'dance' refers to the back-and-forth redirects between REQQA and the identity provider.

oauth flow

The sequence of HTTP redirects and token exchanges that occur when a user authenticates via an OAuth 2.0 provider, including: (1) redirecting the user to the provider's authorization page, (2) the provider authenticating the user and requesting consent, (3) the provider redirecting back to the application with an authorization code, (4) the application exchanging the code for an access token, and (5) the application using the token to retrieve user profile information and establish a session.

oauth provider

A third-party authentication service (such as Google, GitHub, or LinkedIn) that implements the OAuth 2.0 protocol and allows users to authenticate to REQQA using their existing account credentials from that service. The provider handles user authentication and returns user profile information (including email address) to REQQA after successful authentication.

oauth rejection page

A web page displayed to users when their OAuth authentication attempt is rejected or fails, typically because they attempted to log in with an OAuth provider (such as Google or Microsoft) but do not have an existing REQQA account or invitation. The page explains why access was denied and provides alternative options for gaining access, such as requesting an invitation from a colleague or submitting an access request to the REQQA host.

oauth sign-in

An authentication event where a user successfully authenticates to REQQA using credentials from an external identity provider (Google, GitHub, LinkedIn) via the OAuth 2.0 or OpenID Connect protocol, resulting in the creation or update of a user session without requiring REQQA-managed credentials.

oauth-returned email

The email address provided by an OAuth provider in the user profile response after successful authentication. This email is extracted from the provider's user info endpoint (e.g., Google's userinfo API, GitHub's /user API) and is used by REQQA to match against pending invites or existing auth_user records. The email may or may not be verified by the provider, and REQQA must handle cases where the provider does not return an email address.

oauth2

An authorization framework (RFC 6749) that enables applications to obtain limited access to user accounts or API resources without exposing credentials. OAuth2 uses access tokens with defined scopes and expiration times, supporting various grant types for different use cases (authorization code, client credentials, etc.).

oauth2 plugin

A modular software component that implements the OAuth2 authentication protocol for a specific identity provider (such as LinkedIn), encapsulating the authorization flow, token exchange, and user profile retrieval logic. In py4web, OAuth2 plugins subclass the framework's OAuth2 base class and configure provider-specific endpoints and credential handling.

oauth2github

A py4web authentication plugin class that implements OAuth 2.0 authentication flow with GitHub as the identity provider, handling authorization requests, token exchange, and user profile retrieval according to GitHub's OAuth API specification.

oauth2google

A py4web authentication plugin that implements OAuth 2.0 authentication flow with Google as the identity provider, handling the authorization redirect, token exchange, and user profile retrieval from Google's authentication services.

oidc

OpenID Connect - an identity layer built on top of OAuth2 that adds authentication capabilities and standardized user identity claims. OIDC provides ID tokens (JWTs) containing user information and supports single sign-on, enabling applications to verify user identity and obtain profile information securely.

onboarding

A guided first-run experience presented to new users on their initial login that introduces key system concepts (applications, requirements, stories, analyses), navigation patterns, and help resources. Onboarding is user-dismissible, can be re-launched from the help menu, and is tracked per user to prevent automatic re-display after dismissal.

opentelemetry

An open-source observability framework that provides vendor-neutral APIs, SDKs, and tools for collecting distributed traces, metrics, and logs from applications. OpenTelemetry enables end-to-end tracing of requests across microservices, helping diagnose performance issues and understand system behavior.

optimistic locking

A concurrency control strategy that assumes conflicts are rare and allows multiple transactions to proceed without locking resources. Before committing a write operation, the system checks whether the data has been modified by another transaction since it was read (typically by comparing a version number or timestamp). If a conflict is detected, the transaction is rolled back and the user is prompted to retry with the latest data.

orchestrator

An open-source MySQL high availability and replication management tool that monitors MySQL topologies, detects failures, and performs automatic failover. Orchestrator provides a web interface for visualizing replication topology, supports automated master promotion during failures, and can reconfigure replicas to follow a new master. It is commonly used to automate database failover and reduce recovery time.

order confirmation

The process and artifacts that acknowledge a customer's purchase transaction has been successfully recorded in the system, consisting of: (1) persistence of the order record to the database, (2) display of a confirmation page to the customer with order details, and (3) sending of a confirmation email. An order is considered confirmed when the order record is persisted and the confirmation page is displayed, even if email delivery fails.

order confirmation page

A web page displayed immediately after successful payment authorisation that confirms the order has been accepted and provides a summary of the transaction. The page includes the order reference number, itemised product details with quantities and prices, delivery address, estimated delivery date, payment method used, and total amount charged. This page serves as the immediate acknowledgment of purchase and may be the only confirmation if email delivery fails.

order history

A chronological record of all orders placed by a registered user, displaying key order attributes including order reference number, order date, total amount, delivery address, current status, and itemised product details. Order history provides users with access to past transactions for reference, reordering, returns, and support inquiries. The retention period, level of detail preserved, and whether cancelled or failed orders are included must be specified.

order reference number

A unique, system-generated alphanumeric identifier assigned to each completed order transaction, used to track the order through fulfillment, customer service inquiries, and financial reconciliation. The reference number format, uniqueness guarantees (globally unique vs unique per customer), generation algorithm, and whether it is human-readable or optimized for system processing must be specified.

order status

The current state of an order in its fulfillment lifecycle, represented as a discrete value from a defined set of possible states (e.g., confirmed, processing, dispatched, out for delivery, delivered, cancelled, returned). Each status represents a milestone in order processing, has defined entry/exit conditions, determines which operations are permitted, and triggers specific customer notifications. Status transitions follow a defined state machine with validation rules.

organization context

The set of organization-specific metadata (primarily orgid) loaded from an authenticated API token that determines the scope of data access for the current request. The organization context is derived exclusively from the token's stored orgid value and is automatically applied as a filter to all database queries, ensuring tenant isolation. The organization context cannot be overridden by request parameters and remains constant for the duration of the request.

orgid

Organisation Identifier - a unique identifier assigned to each organisation (tenant) in the REQQA system, used to scope database queries and enforce tenant isolation. The orgid is derived from the authenticated user's token and is automatically applied as a filter to all API queries to ensure users can only access data belonging to their organisation.

out for delivery

An order status indicating that the package is currently on a delivery vehicle and scheduled for delivery to the customer's address on the current day. This status typically means the package is with the final-mile carrier's local delivery driver and delivery is imminent (usually within hours).

outbound message

A notification message prepared by the system and sent to a passenger through a specific channel (email, SMS, etc.), containing disruption information, Case details, and actionable guidance. Each outbound message is tracked with metadata including template version, locale, idempotency key, and correlation ID.

overselling

The condition where the system accepts and confirms orders for a quantity of product that exceeds available physical inventory, resulting in an inability to fulfill all confirmed orders. Overselling occurs when inventory tracking fails to account for concurrent order placement, basket reservations are not enforced, or stock quantities are not decremented atomically with order confirmation. Preventing overselling requires real-time stock reservation, transactional inventory updates, and enforcement of stock availability checks before order confirmation.

P

pack sizes

Different quantity configurations in which the same tennis ball product is sold, such as 3-ball cans, 4-ball cans, 12-ball boxes, or 60-ball cases. Each pack size represents a distinct purchasable variant with its own SKU, price, and inventory level, though all variants share the same core product attributes (brand, type, specifications).

page

A query parameter specifying which page of results to return in a paginated API response, using 1-based indexing where page=1 returns the first set of results. Used in conjunction with 'page_size' to calculate the offset into the result set (offset = (page - 1) * page_size).

page_size

A query parameter specifying the maximum number of records to return in a single API response page. Valid values range from 1 to a system-defined maximum (typically 100), with a default value (typically 50) applied when not specified. Used in conjunction with 'page' parameter to implement pagination.

pagination

A technique for dividing large result sets into smaller, manageable pages that can be retrieved incrementally through sequential API requests. Pagination is implemented using limit (maximum number of records per page) and offset (number of records to skip) query parameters, allowing clients to retrieve data in chunks and improving API performance and user experience when dealing with large datasets.

pagination controls

UI elements that enable users to navigate between pages of a paginated result set, typically including buttons or links for next/previous page, first/last page, direct page number selection, and display of current page position. Pagination controls provide the interface for interacting with paginated data.

pan

Primary Account Number - the unique payment card number (typically 13-19 digits) embossed on a credit or debit card that identifies the card issuer and cardholder account. Under PCI DSS, PAN must be protected through encryption or tokenization and cannot be stored in plain text after transaction authorization.

pandoc

A universal document converter command-line tool that translates between multiple markup formats including Markdown, HTML, LaTeX, and PDF. Pandoc is widely used in documentation pipelines to generate PDF output from structured text sources, supporting customizable templates, bibliographies, and cross-references.

panel

A distinct section or container within a web page user interface that groups related information or functionality, typically with a visible border, heading, and consistent styling. Panels organize content into logical units and may be collapsible, scrollable, or fixed depending on design requirements.

panel key

An optional identifier for a sub-view or embedded component within a user-visible template, used to provide context-sensitive help for specific panels or sections of a page rather than the entire page. Panel keys enable granular help targeting when a single template contains multiple distinct functional areas that warrant separate documentation.

partial completion

A migration execution state where some operations succeeded and were committed before an error occurred, resulting in a database state that reflects incomplete migration progress. Partial completion requires the migration report to document which operations succeeded and which failed, enabling manual remediation or rollback decisions.

partially in scope

A status indicating that only some stories derived from a particular requirement have been included in the scope, while others have been excluded. A partially in-scope requirement provides incomplete coverage of the requirement's functionality within the scope definition, signaling that selective story inclusion has occurred.

passenger

No definition yet.

passive home page

The public-facing landing page of the system that is accessible without authentication, typically displaying general information about the system and providing links to login and registration features. This page contains no user-specific data or functionality requiring authentication.

pathway 1

The invitation flow where a REQQA system administrator creates a new organization and issues the first invitation to that organization's initial user via the adminOrgCreate function. This pathway is used for onboarding new organizations to REQQA and grants the invited user administrative privileges within their organization. Pathway 1 invitations are issued by the REQQA host, not by existing users.

pathway 1 flow

An existing user onboarding workflow in REQQA where an administrator with appropriate permissions sends an invitation to a prospective user, granting them access to create an account and join an organization. The pathway includes invitation generation, email delivery, recipient acceptance, and account creation steps, and is referenced as the mechanism through which approved access requests are converted into actual user accounts.

pathway 2

The invitation flow where an existing organization member invites a colleague to join their organization via the teamInvite function. This pathway is used for growing an existing organization's user base and is available to any member with invitation privileges. Pathway 2 invitations are issued by organization members, not by the REQQA host, and the invited user joins the inviting member's organization.

payment authorisation

The confirmation received from a payment service provider (PSP) that a customer's payment method has been validated, funds have been reserved or captured, and the transaction has been approved for processing. Authorisation includes a unique transaction identifier, approval code, and timestamp, and may be followed by separate capture or settlement processes depending on the payment flow.

payment authorization

The confirmation received from a payment service provider (PSP) that a customer's payment method has been validated, funds have been reserved or captured, and the transaction has been approved for processing. Authorization includes a unique transaction identifier, approval code, and timestamp, and may be followed by separate capture or settlement processes depending on the payment flow.

payment authorization timeout

The maximum elapsed time the Order Service will wait for a payment gateway to return an authorization response (success, failure, or pending) before treating the authorization attempt as failed and aborting order creation. Measured from the moment the payment request is sent to the gateway until a response is received or the timeout threshold is reached.

payment gateway

A third-party service that processes payment transactions by securely transmitting payment information between the merchant, customer's bank, and payment networks. The gateway validates payment credentials, authorizes transactions, and returns success/failure responses with transaction identifiers. Examples include Stripe, PayPal, Authorize.Net.

payment is authorised

The confirmation received from a payment service provider (PSP) that a customer's payment method has been validated, funds have been reserved or captured, and the transaction has been approved for processing. Payment authorisation includes a unique transaction identifier, approval code, and timestamp, and represents the point at which the order transitions from pending to confirmed status, triggering inventory decrement and fulfillment workflows.

pci dss

Payment Card Industry Data Security Standard - a set of security requirements designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment. PCI DSS prohibits storing sensitive authentication data (e.g., full magnetic stripe, CVV2, PIN) after authorization and requires encryption, access controls, and regular security testing.

pdflatex

A LaTeX typesetting engine that directly produces PDF output from LaTeX source files. pdflatex is commonly used in conjunction with pandoc to generate high-quality PDF documents with professional typography, supporting mathematical notation, cross-references, and complex layouts.

pending invite

An invitation record in the 'invitations' table with status='pending' that has been sent to a specific email address but not yet accepted or expired. A pending invite grants the recipient authorization to create a REQQA account using that email address through OAuth authentication. The invite remains pending until the recipient completes sign-in (transitioning to 'accepted') or the invitation expires.

persistent header icon

A visual indicator (icon or button) displayed in the page header that remains visible across all pages of the application, providing quick access to the shopping basket. The icon displays a badge or counter showing the current number of items in the basket and serves as a clickable link to view basket contents.

phase closure protocol

A standardized sequence of housekeeping and finalization steps executed when closing any project phase, including: validating all phase exit criteria are met, archiving phase artifacts, updating project status and metrics, notifying stakeholders, releasing resources, and transitioning to the next phase or terminal state. The protocol ensures consistent and complete phase closure across all project types and phases.

phase entry

The beginning of a development phase in the Dark Factory lifecycle, at which point the GUIDE phase-entry skill executes to read existing help content, identify gaps or stale pages for the templates affected by the upcoming phase, and prepare a gap report for developers. Phase entry establishes the baseline help state before implementation work begins.

phase exit

The completion of a development phase in the Dark Factory lifecycle, at which point the GUIDE phase-exit skill executes to update or create help pages for all templates touched during the phase, re-index the help glossary, and mark pages with last_touched_at timestamps and phase markers. Phase exit ensures help content remains synchronized with implementation changes.

phase-entry skill

A Claude Code skill named 'guide-entry' that executes at the beginning of a development phase to read existing help content for templates in scope, identify templates lacking help pages, and generate a reading list and gap list to provide Claude with context about the current help system state before implementation work begins.

phase-exit skill

A Claude Code skill named 'guide-exit' that executes at the completion of a development phase to update or create help pages for templates modified during the phase, set last_touched_at and last_touched_by_phase metadata, trigger glossary re-indexing, flag stale screenshots, and generate the canonical template inventory for coverage reporting.

pinned

The action of creating an immutable reference to a specific revision of a story at the time it is added to a scope. A pinned story maintains its association with that exact revision number, ensuring that subsequent modifications to the story do not automatically update the scope's definition. The scope continues to reference the original revision unless explicitly updated.

pipeline

An automated build and deployment workflow (typically implemented in a CI/CD system such as GitHub Actions, GitLab CI, or Jenkins) that executes a sequence of steps to compile, test, package, and deploy the application and its help documentation. In this context, the pipeline is responsible for writing version stamps to help artifacts and performing build assertions to validate version consistency.

placeholder file

A minimal markdown file placed in a content directory to satisfy build requirements and demonstrate directory structure, typically containing stub content, a title, and explanatory text indicating that real content will be added later. The file ensures the Docusaurus build process completes successfully even when substantive content has not yet been authored.

plain text

Unformatted text content stored and displayed exactly as entered, without interpretation or rendering of markup languages (HTML, Markdown, BBCode, etc.). Plain text preserves special characters and formatting syntax as literal characters rather than converting them to styled output, ensuring that user input is stored safely without risk of code injection and displayed predictably without formatting transformations.

plaintext

The original, unhashed, human-readable form of the API token as generated by the system, displayed to the user only once at creation time before being irreversibly hashed for storage. The plaintext token is the actual credential that must be included in API requests and cannot be recovered from the stored hash.

plaintext token

The original, unhashed, human-readable form of an API token as generated by the system and provided to the user. The plaintext token is the actual credential that must be included in API requests (in the Authorization header) and is hashed before storage in the database. It is displayed to the user only once at creation time and cannot be recovered from the stored hash.

platform skills

Claude Code skills that interact with a specific development platform or technology stack (e.g., /pydal-migrate for database migrations, /py4web-shell for framework console access). Platform skills are environment-specific, operate on local development resources, and are defined by the customer or development team rather than being part of REQQA's core skill set.

playwright

An open-source browser automation framework developed by Microsoft that enables automated testing and screenshot capture across Chromium, Firefox, and WebKit browsers. Playwright provides APIs for controlling browsers programmatically, capturing screenshots, and simulating user interactions, commonly used for end-to-end testing and documentation screenshot generation.

playwright script

A Python or JavaScript automation script using the Playwright browser automation framework that programmatically controls a web browser to navigate pages, interact with UI elements, and capture screenshots. The script runs in a headless or headed browser mode, executes navigation sequences, waits for page load completion, and saves rendered page images to disk.

plugin

A modular software component in py4web that extends the authentication framework to support a specific OAuth2 identity provider. Each plugin (e.g., Google, GitHub, LinkedIn) implements the provider-specific OAuth2 flow including authorization URL construction, token exchange, user profile retrieval, and email extraction. Plugins are registered in settings.py and invoked by the py4web Auth system when users select a provider on the login page.

plugin registration

The process by which an OAuth provider plugin is initialized and made available to the py4web authentication system. Registration involves loading the provider's configuration (client_id, client_secret, callback URLs), instantiating the provider's authentication handler, and making the provider available for user authentication flows. Registration occurs conditionally in common.py based on the presence of required credentials in settings.py.

plugin subclasses

Python classes that inherit from a base OAuth authentication plugin class and override specific methods to implement provider-specific authentication logic. Plugin subclasses for Google and GitHub extend the base plugin's callback handling to add the invite-gating logic before delegating to the parent class for account creation and session establishment.

PNR

No definition yet.

popover

A small overlay UI component that appears adjacent to a triggering element (such as a button) when activated, displaying contextual information or actions without navigating away from the current page. Popovers typically include a close mechanism, position themselves automatically relative to the trigger, and dismiss when the user clicks outside or presses ESC. Distinguished from tooltips (which show on hover) and modal dialogs (which block the entire page).

popular products

A curated or algorithmically selected set of tennis ball products that have high customer demand, strong sales performance, or editorial recommendation. Popular products are suggested to users when their search or filter criteria return no results, serving as a fallback to maintain engagement.

popularity

A calculated metric representing the relative demand or customer interest in a product, typically derived from factors such as sales volume, page views, add-to-cart frequency, customer ratings, or a weighted combination thereof. Popularity is used as a sort criterion to help customers discover trending or best-selling products.

population process

The execution workflow that assigns recommended_analyses values to requirement templates, including validation of template existence, determination of appropriate step-codes based on template type, assignment of values to the database, error detection and reporting, and rollback on failure. The process operates transactionally to ensure data integrity and provides idempotent behavior when re-executed.

portfolio calculations

The set of financial computations performed on investment holdings to determine total portfolio value, asset allocation percentages, unrealized gains/losses, performance metrics (returns, volatility), and other analytics. Portfolio calculations aggregate data across all holdings, apply current market prices, and may include currency conversions, fee adjustments, and tax considerations.

portfolio summary page

A web page displayed to authenticated users after login that presents an aggregated view of their investment holdings, showing total cost basis, category breakdowns, and top holdings by value. This page serves as the primary landing destination and navigation hub for portfolio management functions, displaying static cost-basis calculations without live market pricing.

pre-handover gate

A validation checkpoint that must be satisfied before a scope can transition from draft to handover_ready status, enforcing business rules and quality criteria. In the context of backlog item attachment, the pre-handover gate checks that all attached backlog items have been triaged (promoted to requirements or detached), blocking the transition if any attached items remain in open status.

pre-ticked

A checkbox UI state where the checkbox is initially rendered in a selected/checked state when the form or interface is first displayed, indicating a default or recommended selection. The user can modify this state by clicking to uncheck the checkbox. Also referred to as 'pre-selected' or 'default-checked'.

precious metals

Physical commodities including gold and silver that are held as investment assets, measured in troy ounces. In this system, precious metals are identified by standard metal designations (e.g., 'XAU' for gold, 'XAG' for silver) and valued based on spot market prices.

prm

Passenger with Reduced Mobility - a passenger whose mobility is reduced due to physical incapacity (sensory or locomotory), intellectual disability, age, illness, or any other cause of disability when using transport, and whose situation needs special attention and adaptation of services to meet their needs. PRMs may require wheelchair assistance, extra time for connections, accessible seating, or other accommodations.

proactive check

A validation performed before executing an operation to determine whether the operation will succeed, allowing the system to prevent the operation and provide immediate feedback rather than attempting the operation and handling failure afterward. In the context of browser storage quota, the system calculates whether adding an item would exceed the 5MB limit before attempting to store it.

process skills

Platform-agnostic Claude Code skills that implement lifecycle stages by interacting with REQQA's API rather than with local development environments. Process skills (such as /handover, /design, /submit-plan) are provided by REQQA and work consistently across different technology stacks, focusing on workflow automation and artifact management rather than code generation or platform-specific operations.

product availability status

An indicator displayed with each product showing whether the item can currently be purchased, with possible values such as 'In Stock', 'Out of Stock', 'Low Stock', 'Pre-Order', or 'Discontinued'. This status is derived from current inventory levels and determines whether users can add the product to their cart.

product code

A unique alphanumeric identifier assigned to each distinct tennis ball product in the catalogue, used for inventory management, search, and reference purposes. Product codes may follow manufacturer SKU formats, internal catalogue numbering schemes, or standardized industry codes.

product detail page

A dedicated web page displaying comprehensive information about a single tennis ball product, including images, descriptions, specifications, pricing, availability, and purchase options. This page is accessed by selecting a product from search results or catalogue listings and serves as the primary interface for customers to evaluate and purchase a specific product.

product thumbnail

A small preview image of a tennis ball product displayed in search results and catalogue listings, typically sized between 100x100 and 300x300 pixels. Thumbnails provide visual product identification and are clickable to navigate to the full product detail page.

profile form

A web form interface displayed on the profile page that allows authenticated users to view and modify their profile settings including display name and base currency. The form includes input fields, validation logic, error message display areas, and a submit mechanism to persist changes to the user's profile record.

profile page

A dedicated user interface within the library system where members can view and modify their personal information, including contact details, communication preferences, and account settings, accessible after authentication.

promoted

A terminal status for a backlog item indicating that the analyst has decided to act on the item by linking it to a formal requirement or incorporating it into a release scope. Promotion represents acceptance of the backlog item's value and commitment to address it in the requirements model. Once promoted, the item cannot be reopened or modified.

promotional campaigns

Time-limited marketing initiatives that offer discounts, special pricing, or other incentives to customers, typically targeting specific products, categories, or customer segments. Promotional campaigns are configured with start/end dates, eligibility rules, discount amounts or percentages, and may be automatically applied to qualifying baskets or require customer action (e.g., entering a code).

prompt

A modal dialog or inline UI element that interrupts the user's workflow to request a decision or input before proceeding with an operation. In the context of template changes, a prompt displays available merge options (Replace, Keep, Merge) and requires explicit user selection or dismissal before the template change is finalized.

prospective users

Individuals who are interested in using REQQA but do not currently have an account or invitation, and who may submit an access request to be considered for onboarding. Prospective users are unauthenticated visitors to the platform who represent potential future customers or team members, and their access requests are evaluated by the REQQA host before granting access.

prospective-user

An individual who has expressed interest in using REQQA by submitting an access request form but has not yet been granted an account or authenticated access to the system. Prospective users are in a pre-registration state awaiting triage and approval by REQQA administrators.

protected pages

Web pages or application routes that require active user authentication to access, enforcing authorization checks before rendering content. Protected pages redirect unauthenticated users to the login page and may preserve the originally requested URL for post-authentication redirection. Examples include portfolio dashboard, holdings page, and transactions page.

provenance

No definition yet.

provider plugin

A software module or component that implements OAuth 2.0 authentication integration with a specific identity provider (Google, GitHub, LinkedIn, etc.). Each provider plugin encapsulates provider-specific configuration (client credentials, endpoints), implements the OAuth authorization code flow, handles provider-specific API responses, and extracts standardized user profile information (email, name) for use by REQQA's authentication system. Provider plugins are referenced in FR-20.2 (Google), FR-20.3 (GitHub), and FR-20.4 (LinkedIn).

provider-supplied verified email flag

A boolean claim or attribute returned by an OAuth identity provider (such as 'email_verified' in OpenID Connect ID tokens or user info responses) indicating that the provider has independently verified the user owns the email address through their own verification process (typically email confirmation link). When true, REQQA trusts this verification and skips its own email verification workflow.

proxysql

A high-performance MySQL proxy that sits between application servers and database servers, providing features such as connection pooling, query routing, query caching, and automatic failover. ProxySQL can route read queries to replica servers and write queries to the master server, monitor replication lag, and automatically redirect traffic during database failures. It is commonly used to implement read/write splitting and improve database scalability.

psd2

Payment Services Directive 2 - a European regulation governing electronic payment services that mandates Strong Customer Authentication (SCA) for online transactions to reduce fraud. PSD2 requires multi-factor authentication for most card payments, with exemptions for low-value or low-risk transactions.

psp

Payment Service Provider - a third-party company that enables merchants to accept electronic payments (credit cards, digital wallets, bank transfers) by providing payment gateway services, fraud detection, PCI DSS compliance, and settlement processing. PSPs handle the technical complexity of payment processing and regulatory compliance on behalf of merchants.

purge process

A scheduled batch job that runs daily at 02:00 UTC to permanently delete expired and abandoned baskets from the database. The process identifies baskets where retention period has been exceeded, deletes associated BasketItem records (cascade delete), retains BasketAuditLog records per retention policy, and deletes Basket records. Purge operations are batched, monitored, and include retry logic for transient failures.

py4web mailer

A built-in email sending component of the py4web framework that provides a simplified interface for composing and sending email messages via SMTP. The Mailer class handles SMTP connection management, message formatting, and delivery, and is typically configured through framework settings with SMTP server credentials and connection parameters.

Q

quality gate

A set of criteria or checks that must be satisfied before a scope can transition from one lifecycle state to another. Quality gates may include validation of completeness (all required fields populated), consistency (no unresolved blocker issues), or compliance (all stories have acceptance criteria). In v1, quality gates are advisory only, providing warnings but not preventing transitions.

quantity per pack

The number of individual tennis balls included in a single purchasable product unit, typically sold in packs of 3, 4, 12, 24, or 60 balls. Quantity per pack is a filterable attribute that affects pricing and is displayed in product listings to help customers compare value.

queued for delivery

The state where an email message has been accepted by the email service provider's API and placed in a sending queue for asynchronous delivery, but has not yet been transmitted to the recipient's mail server. A queued email is considered successfully submitted from the application's perspective, even though final delivery is not yet confirmed.

quiet hours

No definition yet.

quotaexceedederror

A JavaScript exception thrown by the browser when an attempt to write to localStorage exceeds the available storage quota (typically 5-10MB per origin). QuotaExceededError indicates that the storage limit has been reached and no additional data can be stored until existing data is removed. The error is caught and handled by displaying a user-facing error message and preventing further basket additions.

R

rate limit

A restriction on the number of API requests a client can make within a specified time window (e.g., requests per minute or per hour), enforced to prevent abuse, ensure fair resource allocation, and protect system stability. When exceeded, the API returns HTTP 429 Too Many Requests with a Retry-After header indicating when the client can resume requests.

rate limiting

A throttling mechanism that restricts the number of API requests a client can make within a specified time window (e.g., 100 requests per minute, 1000 requests per hour) to prevent abuse, ensure fair resource allocation, and protect system stability. Rate limits may be enforced per API token, per user, or per organisation, and exceeded limits result in HTTP 429 Too Many Requests responses with headers indicating when the client can retry.

rbac

Role-Based Access Control - a security model that restricts system access based on a user's role within an organization. Users are assigned roles (e.g., agent, supervisor, auditor), and each role has defined permissions for specific operations or data. RBAC simplifies permission management and supports separation of duties.

re-seeded

The process of deleting all existing content in the demo application (requirements, stories, personas, analyses) and repopulating it from the canonical fixture file, restoring the demo data to a known, consistent state. Re-seeding occurs automatically during release deployments to ensure screenshot capture scripts always operate against predictable, up-to-date demonstration content.

read-only access

A restricted permission level that allows a user to view resources within an organisation and application but prevents them from creating, modifying, or deleting those resources. Users with read-only access can view backlog items, requirements, and other artifacts but cannot perform triage operations or make changes to the system state.

reading list

A structured output from the guide-entry skill containing references to existing help pages for templates in the current phase scope, provided to Claude Code to establish context about available help content before implementation work begins, enabling Claude to understand what documentation already exists and what gaps need to be filled.

real-time

A system response characteristic where inventory updates, availability status changes, and stock level modifications are reflected across all system components and user-facing interfaces within milliseconds to low seconds of the triggering event, without perceptible delay from the user's perspective. In the context of inventory management, real-time means that stock decrements from order confirmation, stock reservations from basket additions, and availability status updates are immediately visible to all concurrent users and system processes, preventing race conditions and ensuring data consistency.

real-time inventory levels

The current count of available units for each product SKU, updated synchronously within the same transaction as order confirmation and payment authorization, ensuring that inventory queries always reflect the most recent committed state without perceptible delay. Real-time updates occur within milliseconds of the triggering event and are immediately visible to all system components and user-facing interfaces.

reason codes

A predefined set of standardized codes or categories that administrators must select when manually adjusting stock quantities, documenting the business justification for the adjustment. Examples include: 'DAMAGED' (goods damaged in warehouse), 'THEFT' (inventory shrinkage), 'RECOUNT' (physical inventory correction), 'RETURN' (customer return processed), 'SUPPLIER_CREDIT' (supplier adjustment), 'DATA_CORRECTION' (system error fix). Reason codes enable audit trail analysis and inventory variance reporting.

recommended-analyses metadata

A structured field stored on each requirement entity that contains a list of analysis step codes (e.g., R-D, R-F, R-C) indicating which analyses are most applicable to that requirement based on its format, content type, or domain. This metadata is used to pre-populate analysis selection checkboxes in the kickoff UI, providing guidance to operators while remaining advisory rather than prescriptive.

reconnaissance traffic

Malicious or suspicious authentication attempts where an attacker systematically probes the OAuth sign-in endpoints with various email addresses to discover which accounts exist in the system, identify valid user emails, or map the organization's user base without legitimate authorization. Logging rejected OAuth attempts helps detect such reconnaissance patterns for security monitoring.

redirect uri

A pre-registered URL endpoint in an OAuth2 application configuration that specifies where the authorization server should redirect the user's browser after authentication completes, carrying an authorization code or error response. The redirect URI must exactly match the value registered with the OAuth2 provider to prevent authorization code interception attacks.

registered customer

A user who has completed the account registration process, provided authentication credentials (email and password), verified their email address, and has a persistent user profile in the system. Registered customers have a unique user_id and can access enhanced features including persistent baskets across sessions and devices.

registered user

A person who has completed the registration process by providing email, first name, surname, and password, but whose email address has not yet been confirmed through the confirmation link. Registered users cannot access the system until they become confirmed users.

registered users

Users who have completed the account registration process, provided authentication credentials, and have a persistent user profile in the system. Registered users can log in across sessions and devices, and benefit from features like persistent shopping baskets, order history, and saved preferences.

reject

To refuse or decline a requested operation, transaction, or state change due to validation failure, business rule violation, or system constraint. The system returns an error code and message explaining the reason for refusal, logs the attempt to the audit trail, and leaves the entity's state unchanged.

rejected oauth attempt

An OAuth authentication attempt that REQQA refuses to complete because the user's email address does not have a pending invitation in the system (per FR-20.5.2). The OAuth flow with the provider may succeed, but REQQA rejects the sign-in and does not create or update a user session. The rejection is logged with the reason 'no pending invite' for security monitoring.

rejection page

A web page displayed to users who attempt to sign in via OAuth without a valid invitation or existing account, explaining that REQQA is invite-only and providing instructions for obtaining an invitation. The page includes explanatory text, a call-to-action link to request access, and prevents any account creation from occurring.

relative time

A human-readable time format that expresses elapsed duration from a reference point (typically 'now') using natural language units such as 'just now', 'X minutes ago', 'X hours ago', 'X days ago', 'X weeks ago', 'X months ago', or 'X years ago'. Relative time provides intuitive temporal context without requiring users to calculate elapsed time from absolute timestamps.

release artefact

The packaged deliverable produced by the releaseReqQA.sh script, containing the compiled application code, database migrations, configuration files, and all assets required for deployment to production or staging environments. The artefact format may be a Docker image, tarball, or deployment package depending on the deployment strategy.

release build

An automated build process executed as part of the software release workflow that compiles, packages, and publishes all release artifacts including documentation, binaries, and deployable assets. The release build runs in a CI/CD pipeline and must complete successfully for a release to be published.

release pipeline

An automated continuous integration/continuous deployment (CI/CD) workflow that executes a sequence of build, test, and deployment steps when releasing a new version of REQQA. The pipeline includes stages for code compilation, automated testing, database migrations, and deployment to staging and production environments. In the context of demo data, the pipeline includes a re-seeding step that restores the demo organisation's content from the canonical fixture file.

release scope

A scope that represents a planned release or delivery increment, containing a collection of requirements, stories, and optionally backlog items that will be implemented together. Release scopes can be created by attaching backlog items to an existing scope or by combining multiple backlog items to form a new scope. Release scopes follow the standard scope lifecycle defined in FR-13.

release tag

A Git tag or version control system marker that identifies a specific commit as a release candidate or published release, typically following semantic versioning format (e.g., v1.2.3). The release tag serves as the authoritative source of the application version number during the build process and is used to stamp all release artifacts including help documentation.

release-notes entry

A structured record in the release notes system containing a description of a feature, change, or update, along with metadata including publication date, visibility flag (public or authenticated), author, and optional version number. Each entry represents a discrete piece of information about system changes or capabilities that can be displayed to users based on their authentication status.

reorder thresholds

A configurable minimum stock quantity for each product SKU that, when reached or fallen below, triggers an automated alert to administrators indicating that replenishment inventory should be ordered from suppliers. Reorder thresholds are set per product based on factors such as lead time, demand velocity, and desired safety stock levels, and may vary by warehouse location.

repeat purchase rate

The percentage of customers who make more than one purchase within a defined time period, calculated as (customers with 2+ orders / total customers) × 100. Repeat purchase rate measures customer retention and loyalty, indicating the effectiveness of the shopping experience and customer satisfaction.

reqqa branding

The visual identity and design elements that distinguish REQQA's user interface and documentation, including the REQQA logo, color palette (primary and accent colors), typography choices, footer content, and any other brand-specific styling that ensures consistent appearance across the application and documentation site.

reqqa host

The organization or team responsible for operating and administering the REQQA platform instance, who receives and processes access requests from prospective users. The REQQA host has a configurable email address for receiving access request notifications and is responsible for reviewing submissions, sending admin invitations to approved requesters, and managing spam or declined requests.

reqqa's own email-verification step

REQQA's internal email verification process where the system sends a confirmation email containing a unique, time-limited verification link to a newly registered user's email address. The user must click this link to verify email ownership before gaining full account access. This process is bypassed for OAuth users when the identity provider has already verified the email address.

requirement artifact

A formal specification document or record in REQQA that describes a system capability, constraint, or quality attribute. Requirements are a specific type of artifact (as defined in the glossary) that can have associated analyses and issues. Distinguished from other artifact types such as stories, scopes, and applications.

requirement grouping

A user interface organization pattern in the story selector where stories are visually grouped and labeled by their parent requirement, allowing users to see which stories belong to which requirement and facilitating bulk selection of all stories from a single requirement.

requirement seeding feature

A system capability that automatically populates initial values or metadata on newly created requirements based on their parent template's configuration, including inheriting recommended_analyses values from the template's canonical metadata. The seeding feature reduces manual data entry, ensures consistency with organizational standards, and provides sensible defaults that users can override if needed.

requirement template

A reusable structural pattern that defines the format, sections, and default metadata for creating requirements of a specific type (e.g., 29148-full, user story, technical specification). Each template specifies which analyser steps are recommended by default for requirements created from it, and serves as a blueprint ensuring consistency in requirement structure across the organization.

requirements picker

A user interface component (typically a modal dialog, dropdown, or searchable list) that allows analysts to browse, search, and select an existing requirement from the current application when promoting a backlog item. The picker displays requirement reference, title, and status, supports text search by reference or title, implements pagination for large result sets, and filters to show only requirements in active or draft status within the current application context.

requirements_affected

A comma-separated list of requirement identifiers (requirement refs) that are impacted by or related to a design decision. This field documents which requirements' implementation approach is influenced by the decision, enabling traceability between design choices and functional specifications. The format and validation rules for requirement refs should align with the requirement identification scheme used in REQQA.

requirements_history table

A database table that maintains an audit trail of all changes to requirement records, storing historical versions of requirement attributes including previous and new values, timestamps of changes, and the user who made each modification. This table enables version tracking, rollback capabilities, and compliance with audit requirements by preserving the complete change history for each requirement.

reserved stock

Inventory units that have been temporarily allocated to a customer's shopping basket but not yet committed through order confirmation and payment authorization. Reserved stock is unavailable for allocation to other customers during the reservation period, preventing overselling. Reservations expire and stock is released if checkout is not completed within the defined timeout period. Reserved stock is tracked separately from available stock and committed stock.

resolver

A software component or function that determines which help content to display by matching the current page context (template_key and panel_key) against the help_pages table and returning the appropriate help_pages record or NULL if no match exists. The resolver encapsulates the lookup logic and applies role-based filtering (per FR-17.3) to ensure users only see help content appropriate to their permissions.

resolver query

A database query executed by the FR-17.2 help content resolver to locate the appropriate help_pages record for a given template_key, active_panel_key, and viewer role combination. The query implements a prioritized matching strategy that first attempts to find a role-specific entry (role_tag = viewer's role), then falls back to a generic entry (role_tag IS NULL), returning the first match according to this precedence order.

response body

The main content payload of an HTTP response, typically containing JSON-formatted data, error messages, or other structured information. The response body is distinct from HTTP headers and status codes, and its structure varies based on the endpoint and response status.

rest api endpoint

A specific URL path exposed by the RESTful API that represents a resource or operation, supporting one or more HTTP methods (GET, POST, PUT, DELETE). Each endpoint defines a contract specifying request parameters, payload structure (JSON), response format, authentication requirements (API token), status codes, and error conditions. Endpoints enforce tenant isolation by automatically scoping queries to the authenticated user's organisation.

retention period

The duration for which a basket is preserved in the system before being eligible for automatic deletion, measured from the last_modified_at timestamp. Retention periods vary by user type: 72 hours for guest baskets (from last modification), 90 days for registered user baskets (from last modification), and 30 days for abandoned baskets (from abandonment detection). After the retention period expires, baskets are marked for purge and deleted by the scheduled purge process.

retro-placeholder

A requirement record origin classification (origin='retro-placeholder') indicating that the requirement serves as an anchor point for existing functionality that has not yet been formally documented to current standards. Retro-placeholder requirements have intentionally thin bodies and are excluded from default analyses, reports, and exports until they are retrofitted with complete documentation. They enable tracking of known-existing features awaiting formal specification.

retro-placeholder requirements

Requirements created retrospectively to document functionality that was already implemented without formal specification, serving as placeholders in the requirements model to maintain traceability and completeness. These requirements typically have minimal content, reference existing implementation artifacts, and are marked to indicate their retrospective nature. They are generally excluded from quality analysis runs since they document past decisions rather than specify future work.

retrofit

The process of creating or updating formal requirement documentation for existing functionality that was previously implemented without complete specification. Retrofitting involves analyzing the implemented system, extracting its behavior and rules, and documenting them as properly structured requirements that meet current documentation standards. Retrofitted requirements replace retro-placeholder records and enable full analysis coverage.

retry logic

An automated error-handling mechanism that re-attempts failed email delivery operations after temporary failures (such as network timeouts, rate limiting, or recipient server unavailability). Retry logic includes configurable parameters for maximum retry attempts, backoff intervals between attempts (e.g., exponential backoff), and criteria for distinguishing temporary failures (retryable) from permanent failures (non-retryable).

retry policy

A set of rules governing how the analysis engine handles transient failures when calling the OpenAI API, including: maximum number of retry attempts, backoff strategy (linear, exponential, or exponential with jitter), conditions that trigger retries (network timeouts, rate limits, server errors), conditions that abort retries (authentication failures, invalid requests), and timeout thresholds. The retry policy balances reliability (completing analyses despite transient failures) against resource consumption and latency.

retry-after header

An HTTP response header (defined in RFC 7231) that indicates how long the client should wait before making a follow-up request, typically returned with 429 Too Many Requests or 503 Service Unavailable responses. The value can be expressed as either a number of seconds (integer) or an HTTP-date timestamp, informing clients when rate limits will reset or when a temporarily unavailable service is expected to recover.

reviewed_by_human flag

A boolean field on the help_pages table that indicates whether a machine-authored help page has been subsequently reviewed, edited, or approved by a human author through the standard help-page edit UI, distinguishing AI-generated content from human-verified content and supporting quality assurance workflows.

revision number

A sequential integer identifier assigned to each version of a story, incrementing with each modification. The revision number enables point-in-time references to specific versions of a story, allowing scopes to pin to a particular revision at the time of inclusion, ensuring that subsequent story changes do not automatically affect the scope's definition.

risk-acknowledgement comment

A mandatory comment added by the analyst when moving an unresolved builder feedback issue to Accepted status after the negotiation period expires. The comment documents that the analyst acknowledges the builder's concern as a valid risk but has decided to proceed with implementation despite the unresolved disagreement, accepting the identified risk.

risks

Potential problems identified during builder's review that could cause implementation difficulties, quality issues, or project delays if not addressed, but do not completely prevent progress. Risks are advisory findings that should be considered by analysts and may be accepted, mitigated, or resolved before proceeding to design.

role visibility

A field on help_pages that specifies which user roles (e.g., analyst, builder, admin) are permitted to view a particular help page, enabling role-based filtering of help content so that admin-only topics are hidden from ordinary users. Role visibility is distinct from the public/authenticated visibility flag and provides finer-grained access control within authenticated users.

role_tag column

A database column (likely on the help_pages table) that stores role-based visibility metadata, enabling help content to be filtered or displayed based on the authenticated user's role. The column may store a single role identifier or a comma-separated list of roles, and is used by the contextual help layer to enforce role-aware visibility without requiring a separate role visibility engine.

rq workers

Background worker processes based on the Python RQ (Redis Queue) library that execute asynchronous analysis jobs from a Redis-backed job queue. RQ workers run as systemd services (defospam-worker@*.service) and process analysis tasks independently of the main web application, enabling concurrent analysis execution, improved responsiveness, and horizontal scaling. Each worker polls the job queue, executes assigned analysis tasks, updates progress, and handles failures according to configured retry policies.

rubrics

Structured evaluation criteria and scoring guidelines used by analysers to assess requirements or stories against quality standards. Rubrics define what to check, how to score findings, and what constitutes pass/fail conditions for each analysis type. In the context of FR-18.3.3, template-heading-specific rubrics would provide tailored evaluation criteria based on the requirement template section being analyzed.

S

safety threshold

A configurable minimum stock quantity that must be maintained for each product SKU to prevent complete stock depletion and ensure availability for high-priority orders or emergency fulfillment. When a bulk order would reduce stock below this threshold, the system triggers an administrative review workflow to assess whether the order should be approved, partially fulfilled, or require supplier confirmation before processing. Safety thresholds are typically set higher than reorder thresholds.

saga

A design pattern for managing distributed transactions across multiple services by breaking a long-running transaction into a sequence of local transactions, each with a compensating action that can undo its effects if a later step fails. In the context of booking orchestration, a saga ensures that partial booking failures (e.g., seat assignment succeeds but payment fails) can be rolled back consistently.

sca

Strong Customer Authentication - a security requirement under PSD2 that mandates two-factor authentication for electronic payments using at least two of three elements: something the customer knows (password/PIN), something the customer has (phone/token), or something the customer is (biometric). SCA aims to reduce payment fraud while maintaining user experience.

scheduled purge process

An automated background job that runs at predetermined intervals (e.g., hourly, daily) to identify and permanently delete expired guest baskets from the system. The process queries for baskets where the expiration time has been reached, removes them from active storage, and may archive audit logs according to retention policies. Execution schedule, error handling, and monitoring are defined in system operations documentation.

scope

A named collection of user stories and their derived requirements that form a cohesive unit of work for development purposes. A scope belongs to exactly one application and serves as the bridge between specification (REQQA) and implementation (Claude Code), capturing what will be built in a particular development effort along with constraints and exclusions.

scope closure

The formal completion phase of a defined scope where all planned work items have been delivered, reviewed, and accepted. During scope closure, any identified out-of-scope work, technical debt, or deferred items are captured as backlog items for future consideration. Scope closure triggers the generation of backlog items from build-phase outputs and marks the scope as complete in the system.

scope form

A user interface component (modal dialog, page, or panel) that collects scope metadata during scope creation, including required fields (scope name) and optional fields (scope description). The form validates input, displays pre-filled values derived from selected backlog items, and provides save/cancel actions. The form is presented after the 'Create Scope from Selection' action is invoked and dismissed upon successful save or explicit cancellation.

scope package

A collection of related requirements, acceptance criteria, business rules, and supporting documentation that defines a discrete unit of work to be implemented. Scope packages are fetched by external tools (such as Claude Code) via the API to understand what needs to be built, and may include metadata such as priority, dependencies, and current status. The package format and structure are defined by the Scope Management feature (FR-13).

scope picker

A user interface component (typically a dropdown, modal dialog, or searchable list) that allows the analyst to select an existing scope from the current application when attaching backlog items. The scope picker displays only scopes in draft or handover_ready status and provides search/filter capabilities to help locate the target scope.

scope reference

An identifier used to locate a specific scope in REQQA, which may be either a scope ID (unique numeric or alphanumeric identifier) or a scope name (human-readable string). Scope references are provided as parameters to slash commands to specify which scope the command should operate on.

scope-id

A unique identifier for a scope in REQQA, used as a parameter to the /handover skill to specify which scope should be fetched and reviewed. The identifier format, uniqueness guarantees, and validation rules are defined by the REQQA API specification.

secure deep link

No definition yet.

securityerror

A JavaScript exception thrown by the browser when an attempt to access localStorage is blocked due to security restrictions, such as third-party cookie blocking, private browsing mode, or browser security policies. SecurityError indicates that localStorage is unavailable and the application must fall back to alternative storage mechanisms or notify the user.

seeding operation

A one-time or periodic administrative process that populates empty or missing field values in existing database records by copying values from related reference records (such as templates), typically executed by system administrators to backfill data for records created before a feature was implemented or to synchronize derived values with their authoritative sources.

serializable isolation level

The highest transaction isolation level in SQL databases that ensures complete isolation between concurrent transactions by preventing dirty reads, non-repeatable reads, and phantom reads. SERIALIZABLE transactions execute as if they were run sequentially, one after another, preventing any concurrent modifications to data being read or written. This level provides the strongest consistency guarantees but may impact performance due to increased locking and potential for transaction conflicts.

server-sent events

A web technology that allows servers to push updates to clients over HTTP using a unidirectional event stream. Unlike WebSockets (which are bidirectional), Server-Sent Events (SSE) provide one-way communication from server to client, suitable for scenarios where the client only needs to receive updates without sending data back. In the context of basket synchronization, SSE could enable real-time basket updates across multiple browser tabs or devices, but this capability is explicitly out of scope for the current phase.

service-critical

No definition yet.

service_type

No definition yet.

session

A server-side or client-side state management mechanism that maintains user authentication and context across multiple HTTP requests. A session is created upon successful login, identified by a session token (typically stored in a cookie or local storage), and expires after a defined period of inactivity or when explicitly terminated by logout. The session stores the authenticated user's identity and may cache user preferences to avoid repeated database queries.

session stickiness

A load balancing strategy where requests from the same user session are consistently routed to the same server instance, ensuring session state consistency and enabling read-after-write consistency for database operations. In the context of basket management, session stickiness ensures that after a basket modification (write to master database), subsequent reads within the same session are routed to the master for a defined period (e.g., 2 seconds) to guarantee the user sees their own changes.

session token

A unique, cryptographically secure identifier generated upon successful authentication that represents an active user session. The token is typically stored in a secure HTTP-only cookie or local storage and is transmitted with each request to verify the user's authenticated state. Session tokens have a defined lifetime and are invalidated upon logout or session expiry.

sessions

A period of continuous interaction between a user and the system, typically bounded by login/logout events for authenticated users or by browser session lifecycle for guest users. Sessions maintain user state and context across multiple requests, and may expire after a period of inactivity or when explicitly terminated.

sessionstorage

A browser-based storage mechanism that stores key-value pairs for the duration of a browser session (until the tab or window is closed). Unlike localStorage (which persists across sessions), sessionStorage is cleared when the session ends. In the context of basket badge caching, sessionStorage is used to store the last known basket item count with a TTL equal to the session duration, providing a fallback when the Basket API is unavailable.

settings_private.py

A Python configuration file that contains sensitive or environment-specific settings (such as OAuth client secrets, API keys, and database credentials) that should not be committed to version control. This file is excluded from Git via .gitignore and must be created manually in each deployment environment. The file is imported by settings.py and its values override or supplement the default configuration. In production environments, settings_private.py contains the actual OAuth2 client credentials for enabled providers.

severity

No definition yet.

sha-256

Secure Hash Algorithm 256-bit - a cryptographic hash function that produces a fixed 256-bit (32-byte) hash value from input data of any size. SHA-256 is part of the SHA-2 family, designed by the NSA, and is widely used for data integrity verification, password hashing, and digital signatures. The algorithm is deterministic (same input always produces same output) and computationally infeasible to reverse or find collisions.

shopping basket

A temporary collection of products and quantities that a user has selected for potential purchase, maintained in system memory or storage until the user completes checkout, abandons the session, or explicitly clears the basket. The basket tracks product identifiers, quantities, pricing, and any applied discounts or promotions.

side door

The OAuth-based registration path where users create accounts by authenticating with a third-party identity provider (Google, GitHub, LinkedIn) instead of providing email and password credentials directly to REQQA. This is the alternative account creation mechanism that must also be gated by invite-only enforcement. The term contrasts with 'front door' (direct email/password registration) to distinguish between the two account creation mechanisms.

sidebar

A navigation component in the Docusaurus documentation site that displays a hierarchical list of documentation pages and sections, defining the order and structure in which content is presented. The sidebar configuration determines the sequence of sections in generated PDF output and provides the canonical ordering for documentation content.

sidebar entry

A navigation item in Docusaurus's sidebars.js configuration file that defines how a content directory or document appears in the site's left-hand navigation menu, including its label, position, and hierarchical relationship to other entries.

SITREP

A status report providing a concise summary of the current operational state, typically used in incident management or disruption handling contexts to communicate the situation, impact, and response actions to stakeholders. In this system, it would capture key information about ongoing Cases, affected members or resources, and resolution progress.

skill

A reusable, configurable capability in Claude Code that encapsulates a specific workflow or operation, invoked via slash commands and defined in .claude/commands/*.md files. Skills can be process skills (platform-agnostic, interacting with external APIs) or platform skills (specific to a development environment).

slash command

A command-line style instruction prefixed with a forward slash (/) that triggers specific functionality within Claude Code's conversational interface, enabling programmatic actions such as API calls, file operations, or workflow automation without leaving the conversation context.

slo

Service Level Objective - a target value or range for a service level indicator (SLI) that defines the expected performance or reliability of a system. SLOs are measurable goals (e.g., 'p95 latency < 500ms' or '99.9% availability') used to track whether a service is meeting user expectations and to trigger alerts when performance degrades.

smtp

Simple Mail Transfer Protocol - an Internet standard communication protocol for electronic mail transmission, used by mail servers and clients to send email messages over TCP/IP networks. SMTP defines the message format and transfer process for delivering email from sender to recipient mail servers, typically operating on port 25, 587, or 465.

sod

Segregation of Duties - a security principle that requires critical tasks to be divided among multiple people to prevent fraud, errors, or abuse of authority. In the context of this system, SoD ensures that the person who creates a rule cannot also approve it, and payout approvers are separate from rule authors.

soft-close

A scope closure operation that marks the scope as closed without physically deleting the scope record or its associated data from the database. Soft-closed scopes remain in the system for audit and historical reference but are excluded from active scope lists and cannot be reopened or modified. This preserves traceability while indicating the scope is no longer active.

source

A classification attribute on issues indicating the origin or context in which the issue was identified, with valid values including 'builder_review' (identified during automated analysis) and 'build_phase' (identified during implementation). The source is specified by the API caller during issue creation and is used for reporting and filtering.

source precedence rules

No definition yet.

sso

Single Sign-On - an authentication mechanism that allows users to access multiple applications or services with one set of credentials, typically by authenticating once with a central identity provider (such as Google, GitHub, or LinkedIn) and then being automatically authenticated to other integrated applications without re-entering credentials. In this context, SSO enables REQQA users to log in using their existing accounts at external identity providers rather than creating separate REQQA-specific passwords.

sso_id

A field in the auth_user table that stores the unique identifier assigned by an OAuth2 identity provider to a user account, enabling py4web to link multiple authentication methods (password, Google, GitHub, LinkedIn) to the same REQQA user record. When a user authenticates via OAuth, py4web matches the provider's user ID and email against existing auth_user records to determine whether to log in to an existing account or create a new one.

ssr

Special Service Request - a code used in airline reservation systems to communicate passenger-specific needs or requests, such as wheelchair assistance (WCHR), meal preferences (VGML), extra legroom (EXST), bassinet (BSCT), or unaccompanied minor service (UMNR). SSRs ensure that ground staff and cabin crew are aware of and can accommodate special requirements.

stable directory

A filesystem directory path that remains constant across releases and build executions, ensuring that generated screenshot files are written to a predictable location that Docusaurus content can reference without path changes. The directory is version-controlled or mounted at a fixed location in the build environment, and its structure (subdirectories, naming conventions) is consistent across runs.

stable id

A fixed, unchanging identifier (typically a UUID or integer primary key) assigned to the demo application record that remains constant across re-seeding operations and release deployments. The stable ID allows screenshot capture scripts (FR-17.11) to reliably reference the demo application without needing to query by name or discover the ID dynamically.

stale screenshots

Screenshot images embedded in help pages that depict UI elements or templates that have been modified since the screenshot was captured, making the image no longer accurately represent the current system state. The guide-exit skill flags these for human review or regeneration to maintain help content accuracy.

staleness metadata

Timestamp and versioning information associated with help content (context pages and how-to guides) that indicates when the content was last reviewed, updated, or verified against the current system state. Staleness metadata enables the system to flag outdated help content and prompt authors to review and update documentation when referenced features change.

staleness model

A time-based and change-based mechanism for identifying help pages that may be outdated and require review. A help page is flagged as stale if: (1) the template it documents has changed since the page's last_touched_at timestamp, or (2) a configurable staleness window (default 180 days) has elapsed without review. Stale pages surface in an authoring worklist for human or AI review.

standard metal designation

An internationally recognized code used to identify precious metals in financial systems, typically following ISO 4217 currency codes (e.g., 'XAU' for gold, 'XAG' for silver, 'XPT' for platinum, 'XPD' for palladium). These designations are used in market data feeds, pricing systems, and trading platforms to uniquely identify metal commodities.

static-site generator

A build tool that transforms source content (typically Markdown files, templates, and assets) into a complete set of static HTML, CSS, and JavaScript files that can be served by any web server without requiring server-side processing or databases at runtime. Static site generators enable fast page loads, simple hosting, and improved security compared to dynamic content management systems.

step-code taxonomy

A classification system for requirement analysis steps using alphanumeric codes (e.g., R-D for Definitions, R-F for Functional completeness, R-C for Consistency) that categorizes different types of analysis performed by the REQQA analysis engine. Each step-code represents a distinct analysis dimension with specific evaluation criteria, AI prompts, and issue detection rules. The taxonomy defines the complete set of analysis types the system can perform and governs the structure of analysis results.

step-codes

Short alphanumeric identifiers (such as R-D, R-F, R-C, S-A) that uniquely identify specific analysis types within REQQA. Step-codes are used to reference analysers in metadata, UI selections, and database records, providing a compact notation for analysis types. The 'R-' prefix typically denotes requirement analyses, while 'S-' denotes story analyses.

stock

The total quantity of a product SKU physically present in the warehouse or fulfillment center, including units that are available for sale, reserved for baskets, committed to confirmed orders, and held as safety stock. Stock is the gross inventory count before any allocations or reservations are subtracted.

stock availability status

An indicator displayed with each product showing whether the item can currently be purchased, with possible values such as 'In Stock', 'Out of Stock', 'Low Stock', 'Pre-Order', or 'Discontinued'. This status is derived from current inventory levels and determines whether users can add the product to their cart.

stock item

A pre-configured template or reusable component (such as message templates, policy rule sets, or workflow playbooks) maintained in the system's repository for consistent application across disruption cases. These standardized assets ensure deterministic outcomes and support auditability by providing versioned, immutable references that can be applied to multiple cases without modification.

stock level

No definition yet.

stock quantities

The numeric count of available units for a specific product SKU that can be allocated to customer orders, calculated as total physical inventory minus committed quantities (reserved in baskets, allocated to confirmed orders, damaged goods, safety stock). Stock quantities are maintained per SKU and per warehouse location if multi-location inventory is supported.

stock reservation

The process of temporarily allocating inventory quantity to a specific basket during checkout initiation, preventing the reserved stock from being sold to other customers until checkout completes or is cancelled. Stock reservation is requested from the Inventory System when basket status transitions to 'checked_out' and is released when checkout completes or basket is unlocked.

story

A user story or functional specification unit that describes a discrete piece of functionality from an end-user perspective. Stories are derived from requirements, can be versioned through revisions, and represent the atomic units of work that can be included in or excluded from a scope. Each story belongs to a parent requirement and can appear in multiple scopes simultaneously.

story analyser

A software component or module within REQQA that evaluates user stories against quality criteria, applying specific rubrics to assess completeness, clarity, testability, and adherence to story-writing standards such as INVEST principles and Given/When/Then format.

story revision

A version number or timestamp that uniquely identifies a specific version of a story's content at a point in time. Story revisions enable tracking of changes to stories over time and ensure that the scope_stories association captures which version of the story was included in the scope, supporting accurate as-scoped snapshots and change impact analysis.

story-staleness

A state indicator for user stories that have not been updated or reviewed within a defined time period, or whose parent requirement has been modified since the story was last generated, suggesting the story may no longer accurately reflect current requirements and may need regeneration or review.

strong password

A password that meets minimum security requirements, typically including a minimum length (e.g., 8-12 characters), and a combination of uppercase letters, lowercase letters, numbers, and special characters. The specific criteria should be defined by security policy and enforced during registration.

structured outputs

Data produced by slash commands in a defined format (such as JSON, YAML, or a specific document schema) that can be programmatically parsed, validated, and posted to REQQA's API. Structured outputs ensure consistency, enable automation, and support audit trails by providing machine-readable artifacts of skill execution.

stub

A minimal help page record that reserves a template key in the help system but contains placeholder or incomplete content, indicating that full documentation has not yet been authored. Stub pages ensure every user-reachable template has a help entry (satisfying coverage requirements) while signaling that the content needs expansion or review.

stub message

A placeholder message displayed to users when they request help for a page or panel that does not yet have authored help content. The stub message informs the user that help is not yet available (rather than showing a 404 error) and logs the template_key to support gap detection analytics (FR-17.12). The message content and format should be consistent across all stub instances.

subclass

In object-oriented programming, a class that inherits properties and methods from a parent class (superclass) while adding or overriding specific functionality. In this context, creating a new Python class that extends OAuth2Github to customize its callback behavior while retaining its core OAuth flow implementation.

subpath

A URL path segment that appears after the domain name, used to organize content under a single domain. For example, in 'reqqa.ai/docs', '/docs' is a subpath. Serving content via subpath (using nginx location blocks) is an alternative to using a subdomain (vhost) and affects URL structure, routing configuration, and cookie/session scope.

suggestions

Recommendations for improvement identified during builder's review that would enhance requirement quality, clarity, or testability but are not essential for proceeding to implementation. Suggestions are optional enhancements that analysts may choose to incorporate based on time, priority, and value considerations.

superseded

A status indicating that a design record or design decision has been replaced by a newer version and is no longer the current authoritative reference. Superseded records are retained for audit and history purposes but are not used for active development. When a new design version is created, the previous version's status automatically transitions to 'superseded'.

supported instruments

The set of financial assets (equities, index funds, precious metals) that the system is configured to accept, validate, and price. Supported instruments are maintained in a reference data repository and may be limited by available market data feeds, regulatory restrictions, or business policy. The system validates asset identifiers against this list during holding creation and updates.

system administrator

A user role with elevated privileges responsible for performing system maintenance tasks including database migrations, configuration changes, and operational procedures that affect multiple organizations or the entire platform. System administrators have access to administrative tools and scripts not available to regular users or analysts, and their actions are logged for audit purposes.

system-admin

A user role with elevated privileges responsible for managing access requests, performing system-wide configuration, and executing administrative operations that affect multiple organizations or the entire platform. System-admins have exclusive access to the access request triage interface and can view, update, and process requests from all organizations.

T

technical specifications

Structured product attributes that describe the physical and performance characteristics of tennis balls, including ball type (pressurised/pressureless), surface suitability (hard court/clay/grass/all court), durability rating, ITF approval status, felt composition, core construction, and any other measurable or categorical properties that affect product performance and suitability for specific playing conditions.

template administrator

A user role with permissions to create, modify, and delete requirement templates within their organization, including the ability to configure template structure, default metadata, and recommended analyses. Template administrators manage the reusable patterns that other users employ when creating requirements, ensuring organizational consistency in requirement formats.

template coverage audit

An automated verification process that compares the set of user-reachable primary and sub-view templates in REQQA against the set of template keys in the help_pages table, identifying templates that lack help entries and reporting coverage percentage. The audit ensures compliance with the requirement that every user-facing template has at least a stub help page.

template inventory

A canonical, system-maintained catalog of all user-reachable templates in REQQA, listing each template's key (template_key and optional panel_key), current help-page status (none/stub/draft/published/stale), freshness metadata (last_touched_at, last_touched_by_phase), and demo-inclusion flag. The inventory is derived (not manually authored) and regenerated by the phase-exit skill on every phase close, serving as the single source of truth for gap detection, PDF export filtering, and demo agenda construction.

template key

A unique identifier assigned to each context page template (e.g., 'reqsList', 'analysisKickoff') used in forward link references to establish canonical relationships between how-to guides and context pages. Template keys are validated against a registry of known templates, and unknown keys are flagged in the authoring UI to prevent broken references.

template-declared

A configuration or metadata attribute that is specified within a requirement template definition rather than hardcoded in application controllers or view logic. Template-declared attributes are stored as part of the template structure and can be modified by template administrators without code changes. In the context of inline help, this means the presence, text, and deep link target of info-icons are defined in template metadata rather than embedded in controller code.

template_key

A unique identifier assigned to each user-visible template in REQQA that serves as the primary lookup key for resolving context-sensitive help content. The template_key corresponds to the template file name or route identifier and is used in combination with active_panel_key to locate the appropriate help page entry in the help_pages table.

tenant isolation

A security mechanism that ensures users can only access data belonging to their own organisation (tenant), preventing cross-organisation data leakage. Implemented by automatically filtering all database queries with the authenticated user's orgid, validating that all referenced entities belong to the same organisation, and rejecting any attempt to access resources from a different tenant with a 403 Forbidden response.

tenant-specific override

A help page record with a non-NULL orgid value that replaces the global default help content for a specific tenant organization, allowing customization of help documentation per customer while maintaining a shared baseline corpus. Tenant-specific overrides are an architectural provision for future releases and are not implemented in the initial GUIDE delivery.

tennis ball

A sporting goods product used in the game of tennis, characterized by attributes including brand, type (pressurised, pressureless, training, competition), quantity per pack, and intended use. Tennis balls are the primary inventory items in this catalogue system.

terminal items

Backlog items that have reached a final, non-reversible status ('promoted' or 'declined') from which no further state transitions are permitted. Terminal items represent completed decision points in the backlog lifecycle and cannot be reopened or returned to 'open' status.

terminal state

An order status representing the final, completed state of an order lifecycle from which no further forward transitions are expected. Terminal states include: delivered (successful completion), cancelled (order voided before fulfillment), returned (order completed but product returned), and failed (fulfillment could not be completed). Orders in terminal states are excluded from 'current orders' and may be subject to different retention and archival policies.

ticker symbol

A unique alphabetic identifier (typically 1-5 characters) assigned to a publicly-traded security on a stock exchange, used to identify equities and index funds in trading systems and market data feeds. Ticker symbols may vary by exchange (e.g., 'AAPL' on NASDAQ) and must be validated against supported exchanges and instruments.

timeline

No definition yet.

timeline entry

No definition yet.

timeout period

The maximum duration (measured in minutes) that stock can remain reserved for items in a customer's shopping basket before the reservation automatically expires and the stock is released back to available inventory. The timeout period begins when an item is added to the basket and resets with each basket modification. Typical values range from 10-30 minutes for e-commerce systems, balancing customer convenience against inventory availability for other shoppers.

token accounting

The process of tracking and recording OpenAI API token consumption for each analysis operation, including prompt tokens (input), completion tokens (output), and total tokens used. Token accounting captures usage per analysis, per requirement, per organization, and per time period, enabling cost allocation, budget monitoring, usage trend analysis, and identification of expensive operations. Token counts are stored in the gptlog and aggregated for reporting and billing purposes.

token hash

A one-way cryptographic hash of the API token plaintext, computed using a secure hashing algorithm (such as bcrypt or SHA-256), stored in the database to enable token validation without storing the plaintext token itself, protecting against credential exposure in the event of database compromise.

token metadata

The set of attributes stored with an API token record in the api_tokens table, including: user_id (owner of the token), orgid (organization scope), is_active (revocation status), created (creation timestamp), last_used (most recent authentication timestamp), and expires_at (expiration timestamp). Token metadata is loaded during authentication and used for authorization, audit logging, and token lifecycle management.

token usage tracking

The system capability that records metadata about API token usage, including the timestamp of the most recent successful authentication (last_used field). This tracking enables monitoring of token activity, identification of unused tokens for security audits, and detection of suspicious access patterns.

token validation

The process of verifying that a provided API token is authentic, active, and not expired by: (1) hashing the provided plaintext token, (2) comparing the computed hash against stored token_hash values in the api_tokens table, (3) checking that is_active is true, (4) verifying that expires_at is in the future, and (5) loading the associated user_id and orgid for authorization. Token validation occurs on every API request before processing.

token_hash

A cryptographically hashed representation of an API token stored in the database, generated using a secure one-way hashing algorithm (such as bcrypt, Argon2, or PBKDF2). The token_hash allows the system to verify token authenticity during API requests without storing the plaintext token, which would pose a security risk if the database were compromised. The original token is shown to the user only once at generation time and cannot be recovered from the hash.

tooltip

A small pop-up text box that appears when a user hovers over or focuses on a UI element, providing additional context, explanation, or help text. Tooltips are typically displayed after a short delay (e.g., 500ms) and disappear when the user moves away from the element. They are used to explain truncated text, provide definitions for icons or abbreviations, or offer guidance without cluttering the main interface.

top holdings

The subset of a user's investment holdings with the highest total cost basis values, ranked in descending order by (quantity × cost_basis_per_unit). For portfolio summary display purposes, this refers to the top 5 holdings by value, or all holdings if the user owns fewer than 5 distinct assets.

total cost basis

The aggregate original purchase price for all units of a holding, calculated as quantity multiplied by cost basis per unit. Total cost basis represents the total amount invested in a position and is used to calculate capital gains or losses when the asset is sold. This is a derived value displayed to users but not stored in the database.

total_count

A metadata field in paginated API responses indicating the total number of records matching the query criteria across all pages, regardless of pagination parameters. Used by clients to calculate total_pages and determine whether additional pages exist.

total_pages

A metadata field in paginated API responses indicating the total number of pages available for the current query, calculated as ceiling(total_count / page_size). Used by clients to determine the last available page number and implement pagination controls.

track order status

A system capability that allows customers to view the current status and location of their order in the fulfillment process, typically through a dedicated tracking page or interface. Tracking may include status history, estimated delivery updates, carrier information, tracking numbers for shipped items, and real-time location data where available. The level of detail and update frequency depends on integration with fulfillment and carrier systems.

transaction commit

The point at which a database transaction is successfully completed and all changes are permanently written to the database, making them visible to other users and processes. In the context of holding modifications, this is when the create, update, or delete operation is finalized and the new state becomes the authoritative record.

triage

The process of evaluating and categorizing backlog items to determine their priority, feasibility, and disposition (promote to requirement, decline, or defer). Triage involves analyst review of item details, assessment of business value and technical complexity, and a decision to either promote the item (linking it to a requirement) or decline it (with a documented reason).

triage action link

A clickable hyperlink displayed alongside a backlog item in the attached items panel that navigates the user to the triage page for that specific item, enabling the analyst to promote or decline the item. The link is only displayed for items in 'open' status and is hidden for items already in terminal states (promoted, declined).

triage page

A dedicated user interface page where analysts review individual backlog items and make triage decisions (promote to requirement or decline with reason). The page displays the backlog item's details (title, description, priority, source, creation date) and provides form controls for entering a decline reason, confirmation dialogs for triage actions, and navigation back to the backlog list view.

triage workflow

A structured process for reviewing and categorizing open backlog items, where analysts assess each item's priority, feasibility, and disposition (promote to requirement, decline, or defer), ensuring systematic evaluation of all incoming work items before they enter active development planning.

triaged independently

The capability for a backlog item to undergo the triage workflow (evaluation, prioritization, and disposition decision to promote or decline) without being constrained by its attachment to one or more scopes. Independent triage means that attaching an item to a scope does not automatically promote it to a requirement or change its status, and the triage decision can be made separately from scope planning activities.

triaged_at

A timestamp field recording the exact date and time (in UTC with microsecond precision) when a backlog item's triage decision was finalized, marking the moment the item transitioned from 'open' status to either 'promoted' or 'declined' status. This field is immutable once set and serves as part of the audit trail for backlog item lifecycle tracking.

triaged_by

A foreign key field referencing the user (auth_user.id) who performed the triage action on a backlog item, recording which analyst made the decision to promote or decline the item. This field is immutable once set and serves as part of the audit trail, enabling accountability and traceability of triage decisions.

ttl

Time To Live - a time limit or expiration period after which a resource, token, or cached value becomes invalid and must be refreshed or discarded. In the context of this system, TTL applies to deep links, seat holds, and passenger option selections to ensure timely decisions and prevent stale data.

type (verified)

A classification of tennis balls based on their construction and performance characteristics, with defined values including 'pressurised' (balls with internal air pressure), 'pressureless' (balls without internal pressure), 'training' (designed for practice and coaching), and 'competition' (meeting official tournament standards). Type is a primary filterable attribute in the catalogue.

typical load

The expected normal operating conditions for system performance testing, representing the average concurrent user activity and transaction volume during regular business operations. Typical load is used as a baseline for performance benchmarks and capacity planning, excluding peak periods or stress test scenarios.

U

ui session

An authenticated user session initiated through the web-based user interface (as opposed to API-based programmatic access), typically maintained via browser cookies or session tokens and associated with interactive user actions in the graphical interface.

uk261

UK Regulation 261 - the United Kingdom's passenger rights regulation (derived from EU261 post-Brexit) that establishes compensation and assistance requirements for flight delays, cancellations, and denied boarding. It specifies compensation amounts based on flight distance and delay duration, with exemptions for extraordinary circumstances.

umnr

Unaccompanied Minor - a child passenger traveling without a parent or guardian, typically between ages 5-17 (age ranges vary by carrier). UMNRs require special handling including escort services, supervision during connections, and stricter MCT requirements to ensure safe transfers.

union

A set operation that combines two collections by including all unique elements from both collections, eliminating duplicates. In the context of merging recommended_analyses, the union operation combines the current step-codes with the new template's step-codes, preserving each unique step-code exactly once in the resulting comma-separated list.

unique constraint

A database integrity rule that ensures no two rows in a table can have the same value for a specified column or combination of columns. Unique constraints are enforced by the database management system, which rejects INSERT or UPDATE operations that would create duplicate values, typically returning a constraint violation error.

units

No definition yet.

unrealized gains/losses

The difference between the current market value of a holding and its original cost basis, representing profit or loss that would be realized if the position were sold at current market prices. Calculated as (quantity × current_market_price) - (quantity × cost_basis_per_unit). Unrealized gains/losses are also called 'paper gains/losses' and become realized when the asset is sold.

update

The action of modifying one or more attributes of an existing investment holding record, including quantity held or cost basis per unit. Updates preserve the holding's identity and history while changing current values, and take effect immediately in portfolio calculations.

user activity

Any user-initiated action that demonstrates active engagement with the application and should reset the session inactivity timer. Qualifying activities include: page navigation, API requests, form submissions, and other interactive operations. Passive actions such as keeping a page open without interaction do not constitute activity for session timeout purposes.

user experience metrics

Quantitative measurements of user satisfaction and interaction quality with the system, including metrics such as task completion rate, time-on-task, error rate, user satisfaction scores (e.g., NPS, CSAT), and usability test results. In the context of basket functionality, relevant UX metrics might include basket modification success rate, time to add items, and user-reported satisfaction with basket persistence.

user-reachable template

A template in REQQA that is accessible to authenticated users through normal navigation, excluding system-internal templates, error pages, or administrative interfaces not exposed in the standard user interface. User-reachable templates are the set of pages for which context-sensitive help should be provided, as defined by HR-17.P2's inclusion criterion. The set is discovered automatically by the phase-exit skill through template registry scanning.

utc

Coordinated Universal Time - the primary time standard by which the world regulates clocks and time, not subject to daylight saving time adjustments. UTC is used as a timezone-neutral reference for storing timestamps in databases and logs, enabling consistent time-based calculations and comparisons across different geographic regions. Display times are typically converted from UTC to the user's local timezone.

utf-8 encoding

A variable-width character encoding standard that can represent every character in the Unicode character set using one to four 8-bit bytes. UTF-8 is backward compatible with ASCII and supports international characters, symbols, and emoji, making it the standard encoding for web applications and databases storing multilingual text.

uuid v4 format

A Universally Unique Identifier generated using random or pseudo-random numbers according to RFC 4122 version 4 specification. UUID v4 has the format xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx where x is any hexadecimal digit and y is one of 8, 9, A, or B. This format provides 122 bits of randomness and is suitable for distributed systems where collision probability must be negligible.

V

valuable

A priority classification for backlog items indicating that the item would provide meaningful user or business value but is not essential for the initial product release. Valuable items represent enhancements, optimizations, or additional features that improve the product but can be deferred if necessary. This is the third-highest priority classification in the product backlog taxonomy.

version

A numbered or timestamped edition of a plan document that represents a distinct state of the implementation plan at a specific point in time. Each version is immutable once created, with new versions superseding (but not deleting) previous versions, maintaining a complete audit trail of plan evolution. Version numbers typically follow sequential integer numbering (1, 2, 3...) or semantic versioning schemes.

version stamp

A metadata attribute attached to an embedded screenshot or diagram that identifies the specific version or iteration of that image, typically represented as a version number, timestamp, or hash value. The version stamp enables tracking of image updates over time and comparison against system version to detect staleness. When the system version advances beyond the image's version stamp by more than the configured freshness window, the image is flagged as potentially outdated and requiring review.

versioned ruleset

A numbered or timestamped edition of decision logic used to compute Case severity, eligibility, or other policy-driven outcomes, ensuring that the specific rule version applied is recorded for audit and reproducibility. Each ruleset edition is immutable once published, allowing the system to trace which policy logic governed a particular decision and to re-evaluate cases consistently if needed.

vhost

Virtual host - a web server configuration that allows multiple domain names or websites to be served from a single physical server or IP address. In nginx, a vhost is configured through a server block that defines the domain name, document root, and routing rules for a specific site. The term 'vhost' is shorthand for 'virtual host'.

W

warehouse management portal

A web-based administrative interface used by warehouse and fulfillment team members to view order details, update order status, manage inventory, and perform fulfillment operations. The portal provides authenticated access with role-based permissions and integrates with the order management system to reflect status changes in customer-facing systems.

warehouse manager

No definition yet.

wcag

Web Content Accessibility Guidelines - an international standard published by the World Wide Web Consortium (W3C) that defines how to make web content more accessible to people with disabilities. WCAG provides testable success criteria organized into three conformance levels (A, AA, AAA) covering perceivability, operability, understandability, and robustness. WCAG 2.1 Level AA is the most commonly adopted standard for web accessibility compliance.

webhook

An HTTP callback mechanism where an external system sends real-time event notifications to a specified URL endpoint when specific events occur. The webhook payload contains event data in a structured format (typically JSON), enabling the receiving system to react to external state changes without polling. Webhooks require the receiving system to expose a publicly accessible HTTP endpoint and implement authentication/verification to prevent unauthorized requests.

worker orchestration

The coordination and management of background worker processes (RQ workers running as defospam-worker@*.service systemd units) that execute asynchronous analysis tasks. Worker orchestration includes job queue management, task distribution across available workers, progress tracking, error handling, retry logic, and resource allocation to ensure analyses complete reliably and efficiently without blocking the main application thread.

write access

A permission level granted to users that allows them to create, modify, or delete data within a specific organizational context or application scope. Write access is distinct from read-only access and is required for operations that change system state, such as creating requirements, updating backlog items, or triaging work items.