Project Glossary¶
Terms you'll see throughout the codebase and documentation.
Platform & Architecture¶
- Tenant
- A customer organisation that uses the platform. Each tenant has isolated data, users, and configuration. Example: "Acme Construction" is a tenant.
- Schema-per-tenant
- Our multi-tenancy isolation strategy. Each tenant has a dedicated PostgreSQL schema (e.g.
acme.projects,beta.projects). See Multi-Tenancy. - Tenant slug
- The short identifier used in URLs and schema names.
acmeis the slug for "Acme Construction" — they sign in atacme.platform.com. - Tenant registry
- The
public.tenantstable that lists all tenants and their configuration (IDP, modules enabled, region, etc.). - Custom fields
- Tenant-defined additional fields on any entity. Stored in the
custom_fieldsJSONB column and governed byfield_definitionsper tenant. - Module
- A feature area of the platform — Site Diary, Plant, Personnel, etc. Modules can be enabled/disabled per tenant.
Authentication¶
- Cognito
- AWS Cognito User Pool — our identity service. Issues JWT tokens after authentication.
- Entra ID
- Microsoft's enterprise identity service (formerly Azure AD). Our SaaS tenants federate to it via SAML for single sign-on.
- SAML federation
- The protocol that lets a user from a customer's Entra ID sign into our platform without a separate password.
- JWT
- JSON Web Token — the format used for authentication tokens. Cognito issues these; FastAPI validates them on every request.
- RBAC
- Role-Based Access Control. Roles include Platform Admin, Tenant Admin, Project Manager, Site Foreman, etc.
Construction Domain¶
- Site diary
- The daily record of works carried out on a construction site. Completed by the site foreman.
- Plant
- Construction equipment — excavators, cranes, scaffolding, vehicles, tools. Distinct from "plant" in the botanical sense.
- RAMS
- Risk Assessment and Method Statement — health and safety documentation required before specific works.
- RIDDOR
- Reporting of Injuries, Diseases and Dangerous Occurrences Regulations — UK HSE reporting requirement for serious workplace incidents.
- Induction
- The mandatory safety briefing every worker must complete before entering a site for the first time.
- Snag list
- List of defects or incomplete items identified during an inspection.
- Subcontractor
- An external company carrying out work on a project, distinct from the main contractor.
- LOLER
- Lifting Operations and Lifting Equipment Regulations — UK regulation requiring periodic inspection of lifting equipment.
Infrastructure¶
- IaC
- Infrastructure as Code. We use Terraform to define all AWS resources.
- ECS Fargate
- AWS's managed container service. Runs our FastAPI containers without us managing servers.
- ALB
- Application Load Balancer. Routes incoming traffic to ECS tasks.
- RDS
- AWS's managed relational database service. We run PostgreSQL on it.
- CloudFront
- AWS's CDN. Serves our frontend assets and routes API requests.
- WAF
- Web Application Firewall. Sits in front of CloudFront, blocks malicious traffic.
- VPC
- Virtual Private Cloud. The isolated network in AWS that all our resources run inside.
Development¶
- ADR
- Architecture Decision Record. A short document explaining why a technical decision was made.
- PowerSync
- The managed offline sync service we use. Keeps client SQLite databases synchronised with the server.
- OpenAPI spec
- The machine-readable description of our REST API, auto-generated by FastAPI. The frontend uses this to generate TypeScript types.
- PR
- Pull Request. The mechanism for proposing code changes via GitHub.
- CI/CD
- Continuous Integration / Continuous Deployment. The automated pipeline that tests and deploys code on every change.
Compliance¶
- ISO 27001
- International standard for information security management. We target certification within 18 months of launch.
- SOC 2
- Audit framework for security, availability, and confidentiality controls. Type II requires 6+ months of operating evidence.
- Cyber Essentials
- UK government-backed scheme certifying basic cyber security controls. The first compliance milestone we target.
- GDPR
- General Data Protection Regulation. EU/UK data protection law. We are a data processor; our tenants are data controllers.
- DPA
- Data Processing Agreement. The contract between us (processor) and each tenant (controller) governing how personal data is handled.