Terminology

implementedLast verified: 2026-02-15

Glossary

Term	Definition
Host/Core Zone	The central orchestration zone running the API server, policy engine, evidence store, and tenant management. Not directly accessible from external networks.
DinD Zone	Docker-in-Docker execution environment. Ephemeral containers for code generation and testing. Destroyed after each run. No outbound network access.
DMZ Zone	Demilitarized zone for inbound submission intake. All code enters here first for scanning before any core system interaction.
Gate	A numbered evaluation point (0–12) in the pipeline. Each gate runs a set of policy rules against the submission and produces an evidence artifact.
Gate Runner	The service (`ops/run_gates.py`) that executes gates 0–12 in sequence. Halts on failure.
Evidence Artifact	A JSON record produced at each gate containing verdict, timestamp, executor identity, rule results, and a SHA-256 hash. Immutable once stored.
Proof Package	The complete evidence bundle for a run: all gate artifacts, submission manifest, file hashes, policy version, and aggregate verdict.
Verdict	The outcome of a gate evaluation: `pass`, `partial`, or `fail`.
Run Manifest	Metadata for a complete pipeline execution: inputs, outputs, timing, gate results, and zipped artifacts.
Policy	A versioned set of rules governing gate behavior. Policies are code — authored, tested, and deployed through the API.
Rule	An individual check within a policy. Composed of a metric, an operator, and a threshold. Example: `test-coverage gte 80`.
Operator	A comparison function used in rules. ADCG supports 12 operators: `eq`, `neq`, `gt`, `gte`, `lt`, `lte`, `contains`, `not_contains`, `matches`, `not_matches`, `in`, `not_in`.
Combinator	Logical grouping for rules within a gate: `all` (AND), `any` (OR), `none` (NOR). Supports nesting with depth limits.
Depth Limit	Maximum nesting level for rule combinators. Prevents infinitely recursive policy definitions.
Tenant	An isolated organizational unit. Each tenant has its own policies, evidence store, API keys, and row-level security boundary.
Approval Chain	A sequence of required human approvals before a policy change takes effect. Prevents unilateral policy modification.
Hash Chain	The mechanism linking evidence artifacts sequentially. Each artifact's hash incorporates the previous artifact's hash, creating a tamper-evident timeline.
RLS (Row-Level Security)	Database-level enforcement ensuring tenants can only access their own data. Applied at the PostgreSQL level, not the application level.

← PreviousHow It Works Next →Infrastructure Zones

Glossary

Term

Definition

Host/Core Zone

The central orchestration zone running the API server, policy engine, evidence store, and tenant management. Not directly accessible from external networks.

DinD Zone

Docker-in-Docker execution environment. Ephemeral containers for code generation and testing. Destroyed after each run. No outbound network access.

DMZ Zone

Demilitarized zone for inbound submission intake. All code enters here first for scanning before any core system interaction.

Gate

A numbered evaluation point (0–12) in the pipeline. Each gate runs a set of policy rules against the submission and produces an evidence artifact.

Gate Runner

The service (ops/run_gates.py) that executes gates 0–12 in sequence. Halts on failure.

Evidence Artifact

A JSON record produced at each gate containing verdict, timestamp, executor identity, rule results, and a SHA-256 hash. Immutable once stored.

Proof Package

The complete evidence bundle for a run: all gate artifacts, submission manifest, file hashes, policy version, and aggregate verdict.

Verdict

The outcome of a gate evaluation: pass, partial, or fail.

Run Manifest

Metadata for a complete pipeline execution: inputs, outputs, timing, gate results, and zipped artifacts.

Policy

A versioned set of rules governing gate behavior. Policies are code — authored, tested, and deployed through the API.

Rule

An individual check within a policy. Composed of a metric, an operator, and a threshold. Example: test-coverage gte 80.

Operator

A comparison function used in rules. ADCG supports 12 operators: eq, neq, gt, gte, lt, lte, contains, not_contains, matches, not_matches, in, not_in.

Combinator

Logical grouping for rules within a gate: all (AND), any (OR), none (NOR). Supports nesting with depth limits.

Depth Limit

Maximum nesting level for rule combinators. Prevents infinitely recursive policy definitions.

Tenant

An isolated organizational unit. Each tenant has its own policies, evidence store, API keys, and row-level security boundary.

Approval Chain

A sequence of required human approvals before a policy change takes effect. Prevents unilateral policy modification.

Hash Chain

The mechanism linking evidence artifacts sequentially. Each artifact's hash incorporates the previous artifact's hash, creating a tamper-evident timeline.

RLS (Row-Level Security)

Database-level enforcement ensuring tenants can only access their own data. Applied at the PostgreSQL level, not the application level.