# Glossary

## Core Concepts

### Agent
A software component installed on deployment targets that receives and executes deployment tasks. Agents communicate with the orchestrator via mTLS and execute deployments locally on the target.

### Approval
A human decision to authorize a promotion request. Approvals may require multiple approvers and enforce separation of duties.

### Approval Policy
Rules defining who can approve promotions to specific environments, including required approval counts and SoD requirements.

### Blue-Green Deployment
A deployment strategy using two identical production environments. Traffic switches from "blue" (current) to "green" (new) after validation.

### Canary Deployment
A deployment strategy that gradually rolls out changes to a small subset of targets before full deployment, allowing validation with real traffic.

### Channel
A version stream for components (e.g., "stable", "beta", "nightly"). Each channel tracks the latest compatible version.

### Component
A deployable unit mapped to a container image repository. Components have versions tracked via digest.

### Compose Lock
A Docker Compose file with all image references pinned to specific digests, ensuring reproducible deployments.

### Connector
A plugin that integrates Release Orchestrator with external systems (registries, CI/CD, notifications, etc.).

### Decision Record
An immutable record of all gate evaluations and conditions considered when making a promotion decision.

### Deployment Job
A unit of work representing the deployment of a release to an environment. Contains multiple deployment tasks.

### Deployment Task
A single target-level deployment operation within a deployment job.

### Digest
A cryptographic hash (SHA-256) that uniquely identifies a container image. Format: `sha256:abc123...`

### Drift
A mismatch between the expected deployed version (from version sticker) and the actual running version on a target.

### Environment
A logical grouping of deployment targets representing a stage in the promotion pipeline (e.g., dev, staging, production).

### Evidence Packet
An immutable, cryptographically signed record of deployment decisions and outcomes for audit purposes.

### Freeze Window
A time period during which deployments to an environment are blocked (e.g., holiday code freeze).

### Gate
A checkpoint in the promotion workflow that must pass before deployment proceeds. Types include security gates, approval gates, and custom policy gates.

### Promotion
The process of moving a release from one environment to another, subject to gates and approvals.

### Release
A versioned bundle of component digests representing a deployable unit. Releases are immutable once created.

### Rolling Deployment
A deployment strategy that updates targets in batches, maintaining availability throughout the process.

### Rollback
The process of reverting to a previous release version when a deployment fails or causes issues.

### Security Gate
An automated gate that evaluates security policies (vulnerability thresholds, compliance requirements) before allowing promotion.

### Separation of Duties (SoD)
A security principle requiring that the person who requests a promotion cannot be the same person who approves it.

### Step
A single unit of work within a workflow template. Steps have types (deploy, approve, notify, etc.) and can have dependencies.

### Target
A specific deployment destination (host, service, container) within an environment.

### Tenant
An isolated organizational unit with its own environments, releases, and configurations. Multi-tenancy ensures data isolation.

### Version Map
A mapping of image tags to digests for a component, allowing tag-based references while maintaining digest-based deployments.

### Version Sticker
Metadata placed on deployment targets indicating the currently deployed release and digest.

### Workflow
A DAG (Directed Acyclic Graph) of steps defining the deployment process, including gates, approvals, and verification.

### Workflow Template
A reusable workflow definition that can be customized for specific deployment scenarios.

## Module Abbreviations

| Abbreviation | Full Name | Description |
|--------------|-----------|-------------|
| INTHUB | Integration Hub | External system integration |
| ENVMGR | Environment Manager | Environment and target management |
| RELMAN | Release Management | Component and release management |
| WORKFL | Workflow Engine | Workflow execution |
| PROMOT | Promotion & Approval | Promotion and approval handling |
| DEPLOY | Deployment Execution | Deployment orchestration |
| AGENTS | Deployment Agents | Agent management |
| PROGDL | Progressive Delivery | A/B and canary releases |
| RELEVI | Release Evidence | Audit and compliance |
| PLUGIN | Plugin Infrastructure | Plugin system |

## Deployment Strategies

| Strategy | Description |
|----------|-------------|
| All-at-once | Deploy to all targets simultaneously |
| Rolling | Deploy in batches with availability |
| Canary | Gradual rollout with metrics validation |
| Blue-Green | Parallel environment with traffic switch |

## Status Values

### Promotion Status

| Status | Description |
|--------|-------------|
| `pending` | Promotion created, not yet evaluated |
| `pending_approval` | Waiting for human approval |
| `approved` | Approved, ready for deployment |
| `rejected` | Rejected by approver |
| `deploying` | Deployment in progress |
| `completed` | Successfully deployed |
| `failed` | Deployment failed |
| `cancelled` | Cancelled by user |

### Deployment Job Status

| Status | Description |
|--------|-------------|
| `pending` | Job created, not started |
| `preparing` | Generating artifacts |
| `running` | Tasks executing |
| `completing` | Verifying deployment |
| `completed` | Successfully completed |
| `failed` | Deployment failed |
| `rolling_back` | Rollback in progress |
| `rolled_back` | Rollback completed |

### Agent Status

| Status | Description |
|--------|-------------|
| `online` | Agent connected and healthy |
| `offline` | Agent not connected |
| `degraded` | Agent connected but reporting issues |

### Target Health Status

| Status | Description |
|--------|-------------|
| `healthy` | Target responding correctly |
| `unhealthy` | Target failing health checks |
| `unknown` | Health status not determined |

## API Error Codes

| Code | Description |
|------|-------------|
| `RELEASE_NOT_FOUND` | Release ID does not exist |
| `ENVIRONMENT_NOT_FOUND` | Environment ID does not exist |
| `PROMOTION_BLOCKED` | Promotion blocked by gate or freeze |
| `APPROVAL_REQUIRED` | Promotion requires approval |
| `INSUFFICIENT_APPROVALS` | Not enough approvals |
| `SOD_VIOLATION` | Separation of duties violated |
| `FREEZE_WINDOW_ACTIVE` | Environment in freeze window |
| `SECURITY_GATE_FAILED` | Security requirements not met |
| `NO_AGENT_AVAILABLE` | No agent available for target |
| `DEPLOYMENT_IN_PROGRESS` | Another deployment running |
| `ROLLBACK_NOT_POSSIBLE` | No previous version to rollback to |

## Integration Types

| Type | Category | Description |
|------|----------|-------------|
| `docker-registry` | Registry | Docker Registry v2 |
| `ecr` | Registry | AWS ECR |
| `acr` | Registry | Azure Container Registry |
| `gcr` | Registry | Google Container Registry |
| `harbor` | Registry | Harbor Registry |
| `gitlab-ci` | CI/CD | GitLab CI/CD |
| `github-actions` | CI/CD | GitHub Actions |
| `jenkins` | CI/CD | Jenkins |
| `slack` | Notification | Slack |
| `teams` | Notification | Microsoft Teams |
| `email` | Notification | Email (SMTP) |
| `hashicorp-vault` | Secrets | HashiCorp Vault |
| `prometheus` | Metrics | Prometheus |

## Workflow Step Types

| Type | Category | Description |
|------|----------|-------------|
| `approval` | Control | Wait for human approval |
| `wait` | Control | Wait for duration |
| `condition` | Control | Branch based on condition |
| `parallel` | Control | Execute children in parallel |
| `security-gate` | Gate | Evaluate security policy |
| `custom-gate` | Gate | Custom OPA policy |
| `freeze-check` | Gate | Check freeze windows |
| `deploy-docker` | Deploy | Deploy single container |
| `deploy-compose` | Deploy | Deploy Compose stack |
| `health-check` | Verify | HTTP/TCP health check |
| `smoke-test` | Verify | Run smoke tests |
| `notify` | Notify | Send notification |
| `webhook` | Integration | Call external webhook |
| `trigger-ci` | Integration | Trigger CI pipeline |
| `rollback` | Recovery | Rollback deployment |

## Security Terms

| Term | Description |
|------|-------------|
| mTLS | Mutual TLS - both client and server authenticate with certificates |
| JWT | JSON Web Token - used for API authentication |
| RBAC | Role-Based Access Control |
| OPA | Open Policy Agent - policy evaluation engine |
| SoD | Separation of Duties |
| PEP | Policy Enforcement Point |

## References

- [Design Principles](../design/principles.md)
- [API Overview](../api/overview.md)
- [Security Overview](../security/overview.md)