GLOSSARY
Terms we actually use.
When a post says 'RAG' or 'invariant test', here's what we actually mean — not Wikipedia, but the project-level explanation.
40 / 40
GLOSSARY
[1/2]
- AI Agent→ AI systems
- An LLM-driven piece of software that can call tools (APIs, search, DB queries), keeps memory, and solves multi-step tasks. In production every iteration runs guardrails + evals.
- ASO (App Store Optimization)→ Mobile apps
- Optimising the app's store listing (title, keywords, screenshots, description, categories). As important as web SEO — just in the App Store / Play Store context.
- Core Web Vitals→ Web & web app
- The three metrics (LCP, INP, CLS) Google uses as a ranking factor. We optimise to them on every release.
- CSAT (Customer Satisfaction)
- A satisfaction score usually on a 1–5 or 1–10 scale. When we ship AI-backed support we measure that CSAT actually climbs after deployment.
- DevSecOps→ Cybersecurity
- Security as a continuously-running CI step (SAST, DAST, SCA, IaC scan), not an annual project. Runs against every push; every sprint closes at least one security bug.
- Embedding→ AI systems
- A vector representation of text (e.g. 1536 floats). If two embeddings are close, the meanings are close. In RAG we use this to pick relevant chunks.
- Eval (LLM evaluation)→ AI systems
- An automated test suite that runs ~50–200 'golden' questions against the model before every release and checks that quality metrics (accuracy, factuality, latency) clear the threshold.
- EVM (Ethereum Virtual Machine)→ Blockchain
- The shared execution environment across Ethereum and compatible chains (Arbitrum, Base, Polygon, Optimism). Writing a contract here means it runs on all of them.
- Edge rendering→ Web & web app
- Code runs at the CDN edge closest to the user (Cloudflare Workers, Vercel Edge). Dynamic responses with ~10–50 ms TTFB.
- Fine-tuning→ AI systems
- Further training an existing LLM on your own data (e.g. LoRA). Rarely the first move — RAG + prompt engineering usually gives more for less cost.
- Fuzz test→ Blockchain
- Running millions of pseudo-random inputs through a function to find a combination that breaks it. Echidna or Foundry fuzz campaigns.
- Foundry→ Blockchain
- A Rust-based Solidity toolchain (`forge`, `cast`, `anvil`). Faster with better invariant-test support than Hardhat. We run it on every DField audit project.
- Guardrail→ AI systems
- An input- or output-layer that filters the model's prompt/response (PII scrubbers, prompt-injection detectors, JSON-schema validation, topic blocks). Not before/after the model — around it.
- Hydration (React)→ Web & web app
- Attaching client-side JS logic to already-rendered HTML. Can be expensive; we reduce it via RSC by hydrating only interactive islands.
- Invariant test→ Blockchain
- A test that verifies a universal rule ('sum of user balances always equals total supply'). Feeds the contract random transaction sequences; the rule must hold in every state.
- ISO 27001→ Cybersecurity
- International standard for Information Security Management Systems (ISMS). Often preferred in Europe instead of or alongside SOC 2. 3-year certification cycle.
- ISR (Incremental Static Regeneration)→ Web & web app
- SSG + timed regeneration: the HTML is static but regenerates on a schedule. Ideal for blog content — freshness with CDN speed.
- LLM (Large Language Model)→ AI systems
- A neural model with billions of parameters (GPT-4, Claude, Mistral) that generates text. In production we never use one bare — always wrapped in retrieval and guardrails.
- L2 (Layer 2)→ Blockchain
- A secondary network (Arbitrum, Base, Optimism, zkSync) settling on Ethereum (L1) but much faster and cheaper. Rollups bring 10–100× lower gas.
- LCP (Largest Contentful Paint)→ Web & web app
- Time until the largest visible element paints. Google Core Web Vitals passes under 2.5s — we usually land marketing pages under 1s.
- MEV (Maximal Extractable Value)→ Blockchain
- The value a block-producer can extract by inserting, reordering, or excluding transactions. We factor MEV-resistance into every contract we design.
- MFA (Multi-factor auth)→ Cybersecurity
- Two or more factors (TOTP, WebAuthn, biometric) beyond a password. Table-stakes in SaaS today — enterprise procurement disqualifies you without it.
- Multi-tenant SaaS→ Web & web app
- One deployment, many customers (tenants). Data isolation is either row-level (Postgres RLS) or schema-per-tenant. RLS scales to 10k+ tenants; above that, schema.
- NIS2 directive→ Cybersecurity
- EU cybersecurity directive (in force 2024-10-17) imposing concrete obligations on 'important' and 'essential' organisations — 24-hour incident reporting, supply-chain risk, MFA.
- OWASP Top 10→ Cybersecurity
- The list of the 10 most critical security risks for web apps, updated yearly. Every DField web pentest starts with this list.
- Offline-first→ Mobile apps
- A design philosophy: the app's core functions work without a network and sync when online. Conflict resolution is mandatory, not optional.
- Penetration test (pentest)→ Cybersecurity
- Manual + tooled attack simulation that reveals what an attacker could achieve. We deliver findings as PRs in your repo, not an 80-page PDF.
- RAG (Retrieval-Augmented Generation)→ AI systems
- An AI architecture where the model retrieves relevant documents from your own data before answering, and only reasons over that context. Kills ~80% of hallucinations.
- RSC (React Server Components)→ Web & web app
- React components that run exclusively on the server and never ship to the browser. Result: less client-side JS and faster hydration.
- RLS (Row-Level Security)→ Web & web app
- A Postgres feature that filters rows based on the query context. For multi-tenant SaaS: every SELECT automatically gets a tenant filter appended.
- React Native→ Mobile apps
- Meta's framework for building native iOS + Android apps from React-like code, one codebase. Mature since 2020, though ~15–25% is still platform-specific code.
- Smart contract→ Blockchain
- Code running on a blockchain (Solidity, Rust) that auto-executes an agreement. A single bug can cost nine figures — why we audit, fuzz, and threat-model before deploy.
- Solidity→ Blockchain
- The primary language for EVM-compatible blockchains (Ethereum, Arbitrum, Base). Pascal-like syntax, low-level memory handling, TS-compatible toolchain (Foundry, Hardhat).
- SOC 2→ Cybersecurity
- A US audit framework for confidentiality, integrity, availability, and privacy controls. For SaaS, the Type II audit (6–12 months of observation) is the standard enterprise baseline.
- SSR (Server-Side Rendering)→ Web & web app
- HTML rendered by the server per-request, fresh for every user. Ideal for dynamic content (dashboards), but slower than SSG.
- SSG (Static Site Generation)→ Web & web app
- Pages are produced at build time as HTML and served from a CDN. Near-zero TTFB. DField's own site runs this way across 111+ pages.
- Threat model→ Cybersecurity
- A structured exercise that walks the system's actors, attack surface, risks, and controls. Day one of every DField project — before any code.
- TTFB (Time To First Byte)→ Web & web app
- The time until the server's first byte reaches the browser. With edge + CDN we can get this under 50 ms globally.
- Vector database→ AI systems
- A database specialised for fast approximate-nearest-neighbour search over embedding vectors (pgvector, Qdrant, Weaviate). The engineering base of RAG retrieval.
- Zero-trust→ Cybersecurity
- A security model where every request is suspect (even from inside the network), and every action needs a separate authorisation check. The opposite of the classic perimeter model.
A
C
D
E
F
G
H
I
L
M
N
O
P
R
S
T
V
Z
GET STARTED
Let's talk about your project.
Send an email or book a 30-minute call. We work in English and Hungarian.
dezso@dfieldsolutions.com