Glossary
Every term used in CompStack and where to find it.
| Term | Meaning | Where it lives |
|---|---|---|
| Acknowledgement | A user signing that they have read and understood a published document version. | acknowledgements table; doc detail Acknowledgements tab. |
| Approval Chain | A reusable ordered list of approvers, assignable to a process, department, or doc type. | /approval-chains |
| Approval (row) | One materialized step of a chain on one entity version. Tracks decision (pending/approved/rejected) + comment + decided_at. | approvals table |
| Approver | A user expected to sign off on a step. Resolved at materialize-time from chain step config (specific user, dept head, or role). | - |
| Artifact | A document or process version, finding, CAPA, control, evidence - anything Copilot can reference or create. | varies |
| Assessment | A scoping decision: which clauses of a standard apply to this org. Has an engagement_label. |
/scoping |
| Audit | A scheduled review against a standard. Has a checklist, runner, conclusions, status (Draft → Completed). | /audits |
| Audit Checklist Item | One line of an audit, tied to a single requirement, with a result (conformity / NC / OBS / OFI / pending). | audit_checklist_items table |
| Auto-raise (findings) | The sweep that runs on completeAudit: every NC/OBS/OFI checklist item creates a finding row, idempotently. |
AuditService.completeAudit |
| Brand color | The org-level primary color, set by admins from a 12-swatch grid in the theme menu. Persisted in organizations.theme_primary_color. |
top bar theme menu |
| CAPA | Corrective + Preventive Action. A tracked response to a problem, with lifecycle Draft → Closed. | /capa |
| Chain | Short for Approval Chain. | - |
| Checklist | The set of audit items tied to requirements. | audit detail Checklist tab |
| Closure table | department_ancestors - every (descendant, ancestor) pair, maintained by trigger. Used for hierarchical queries without recursion. |
DB |
| Control | An implemented action that satisfies one or more requirements. E.g. "Quarterly access review". | /controls |
| Cross-org guard | A check on detail pages that rejects access if the URL's entity belongs to a different org than the active selection. | every detail page |
| Department | A node in the org hierarchy. Has code, name, head, members, sub-departments. | /departments |
| Department Head | The first-line approver for processes/documents owned by the department. | dept overview |
| Document | A controlled artifact (policy, procedure, work instruction, form). | /documents |
| Document Version | A specific revision of a document, with file blob + status + approvals. Only one is is_current_published at a time. |
doc detail Versions tab |
| DGO | DG Office (a sample department in the FCA seed). | seed |
| Engagement label | A tag on an Assessment indicating its scope (e.g. "corporate-only"). | scoping |
| Evidence | Proof that a control runs - a file, screenshot, or log entry. | /evidence |
| FCA | Family Care Authority - a sample organization in our seed data, modeled on a real customer. | seed |
| Finding | A nonconformity (NC), observation (OBS), or opportunity for improvement (OFI) raised during an audit. | /findings |
| Gap Analysis | The report that maps in-scope requirements to your controls + evidence and surfaces gaps. | /gap-analysis |
| Implemented (treatment) | A risk treatment whose linked CAPA is Closed. | risks |
| Inherent Risk | The risk score before treatment (likelihood × impact, 1-25). Auto-computed. |
risks |
| In Review | A document or process version that's been submitted, approval rows materialized, awaiting decisions. | - |
| Materialize (a chain) | The action of taking a chain definition + an entity version and creating the per-step approvals rows for that version. |
materialize_approval_chain SQL fn |
| Membership | A row in memberships linking a user to an organization with a role. Has is_active. |
- |
| Module | A standard or framework (ISO 9001, ISO 27001, custom KEBS standard, etc.) with clauses + requirements. | /library |
| NC | Nonconformity. The most severe finding type. Maps to findings.type='nc'. |
- |
| OBS | Observation. A minor finding type. Maps to findings.type='obs'. |
- |
| OFI | Opportunity for Improvement. Suggestion-level finding. Maps to findings.type='ofi'. |
- |
| Onboarding seed | A JSON document that bulk-creates departments / processes / chains for a new org. | /onboarding |
| Org | Organization. The unit of multi-tenancy. | - |
| Polymorphic table | A table that references multiple entity types via (entity_type, entity_id). Used for approvals, acknowledgements, risk_links. |
DB |
| Process | A long-lived business process with a current version and a history of versions. | /processes |
| Process Manual | A multi-sheet Excel export of all departments + their processes. | /processes Export button |
| Process Version | One snapshot of a process: turtle, steps, owner, KPIs. Has the same approval lifecycle as document versions. | process detail Versions tab |
| Proposal (AI) | An AI-suggested write that's queued in ai_action_proposals for human approval. |
/ai/approvals |
| Realtime | Postgres logical replication + Supabase realtime channel that pushes row changes to subscribed pages. Most detail pages auto-refresh from this. | - |
| Requirement | A leaf-level rule inside a clause of a module (e.g. "9001-4.1.1 - Determine external and internal issues"). | library |
| Residual Risk | The risk score after treatment. Auto-computed from residual likelihood × impact. | risks |
| Risk | An entry in the risk register with score, owner, treatment. | /risks |
| Risk Treatment | A planned mitigation linked to a CAPA. | risk_treatments |
| RLS | Row-Level Security. Postgres policies enforce per-org and per-user access. | DB policies |
| Role | A named permission bundle (Org admin, Manager, Contributor, Viewer). System roles live in roles with is_system=true. |
roles |
| Scoping | The applicability decision: which clauses of which standards apply to this org. | /scoping |
| Segregation of duties | The rule that the owner of a CAPA cannot also be the verifier. Enforced in CAPA detail UI. | CAPA |
| Site | A physical location or business unit. Used to scope risks and audits. | /sites |
| Source proposal id | A foreign key on artifacts created by AI (controls.source_proposal_id, capa.source_proposal_id) pointing to the originating ai_action_proposals row. Provenance. |
DB |
| Standard | Another word for Module. | - |
| Stepper | The visual approval-chain progress widget. Vertical, with green checks for approved, gray dots for pending, red X for rejected. | doc/process detail |
| Submit (for review) | The action that flips a doc/process version from Draft to In Review and materializes its chain. | doc/process detail |
| Treatment Strategy | One of Avoid / Reduce / Transfer / Accept on a risk. | risks |
| Verify & Close (CAPA) | The final transition where a non-owner user signs off on the CAPA's effectiveness. Status = Closed. | CAPA detail |
| Workspace | The personalized "home" page showing your pending approvals and ownership. | /workspace |