19 — Glossary
Terms used throughout the spec, with precise definitions. Use these terms consistently in the codebase, docs, and public communication.
A
ADR (Architecture Decision Record) — A numbered markdown file in /docs/adr/ documenting one design decision: context, choice, consequences, alternatives. Created when an (open) is resolved.
App ID — The unique identifier for a Locara app: <publisher>/<name> (e.g., kingtongchoo/transcribe).
App Sandbox (macOS) — Apple’s kernel-enforced sandboxing mechanism. Configured via entitlements plist; restricts apps to declared resources. See ../notes/mac-app-store-sandbox.md.
Artifact — The signed, notarized .app (or .dmg, .locapp) bundle produced by a build.
Attestation (provenance) — A signed statement linking an artifact to its source (commit SHA, builder, build steps). Stored in Sigstore’s transparency log. See 14-trust-safety.md.
B
BSON / SQLite file — The single-file storage format SQLite uses; one file per Locara app’s database.
C
Capability — A specific, declared, runtime-enforced power an app has. Examples: net: false, device.microphone: true, fs.user-selected: "read-write". See 03-capabilities.md.
Capability cool-down — A delay (typically 7 days) before newly-declared capabilities activate after an app update. Catches account-takeover attacks. See 14-trust-safety.md.
Capability composition rule — Tools cannot exceed the capabilities of the app they run in. Adding a tool never expands an app’s reach. See 04-modalities.md.
CDN (Content Delivery Network) — Cloudflare R2 in v1; serves model + artifact downloads.
CI (Continuous Integration) — GitHub Actions in v1; runs locara verify, builds artifacts, generates provenance.
Locara Manager (optional, phase 3+) — A small menubar utility that aggregates installed Locara apps’ status, updates, and settings. Not v1; not required for the architecture. Each Locara app is standalone; the manager is only a unified-surface convenience. The architecture has no “Locara client” that mediates between users and apps — apps are downloaded directly as standalone signed Mac apps from locara.app.
CLI — locara, the developer command-line tool. See 06-cli.md.
Components (@locara/components) — Shadcn-style UI primitives copied as source into apps. See 11-components.md.
Container (macOS) — The per-app directory at ~/Library/Containers/<bundle-id>/. Sandboxed apps see this as their “home.”
Content-addressed storage — Storage where files are identified by their SHA hash. Used for models + artifacts. Same content → same address; deduped automatically.
D
DAG (capability) — When modalities + tooling expand into capabilities, the result is a directed acyclic graph of declarations. See 04-modalities.md.
Daemon (Locara) — A long-running background process that hot-swaps models and arbitrates resources across multiple Locara apps. Not in v1; planned for v2.
Default-deny — The principle that apps start with zero capabilities and gain them only via explicit manifest declarations.
Dev panel — The right half of the locara dev window, showing capability log, profile simulator, resource monitor, etc. See 07-runtime.md.
Device fit — Whether a user’s hardware meets an app’s profile requirements (RAM, disk, CPU).
DNS verification — A publisher’s optional verification step: prove control of a domain via TXT record. Earns the “domain-verified” badge.
E
Entitlements — macOS plist file declaring what kernel-level capabilities an app has. Locara generates these from the manifest. See 03-capabilities.md.
F
FTS5 — SQLite’s built-in full-text search extension. Used in Locara apps for keyword search.
Fully local (badge) — A property awarded to apps that meet: net: false, only Locara-curated/locally-cached models, no tools requiring net. Auto-computed from manifest.
G
Gatekeeper (macOS) — Apple’s mechanism that blocks unsigned/un-notarized apps. Locara apps must be signed + notarized to install cleanly.
GGUF — File format for llama.cpp-compatible quantized models. Most Locara model artifacts use this on non-Apple-Silicon.
H
Hardlink — Filesystem mechanism letting two paths refer to the same disk content. Used for shared model cache (one disk copy, multiple apps’ bundles point to it).
Hugging Face Hub (HF) — The dominant ML model registry. Locara depends on it for raw weights; does not build a competing registry. See ../notes/huggingface-hub.md.
I
IPC (Inter-Process Communication) — In Locara, refers to (a) Tauri IPC between webview and Rust runtime, and (b) future inter-app IPC declared via manifest.
K
Kill-switch — Locara’s revocation mechanism. The registry can mark a published version as malicious; clients uninstall it on next check. See 14-trust-safety.md.
L
llama.cpp — Open-source C++ inference engine. Cross-platform foundation for Locara; one of two backends.
Locara CI — The Locara-managed CI pipeline that builds and signs published apps. Source-only submissions; binaries never come from developers.
Lockfile (locara.lock.json) — Auto-generated, committed to repo. Pins resolved model hashes + dependency versions for reproducible builds.
locapp file (.locapp) — A signed, sideloadable bundle: app + manifest + provenance attestation. Used for distribution outside the registry.
M
Manifest (locara.json) — The central spec for a Locara app. Identity, display, capabilities, modalities, tooling, profiles, storage. See 02-manifest.md.
MLX — Apple’s ML framework for Apple Silicon. ~30–50% faster than llama.cpp on M-series chips. Locara’s primary backend on Apple Silicon (open: which is v1 default).
Modality — A first-class declaration of input/output transformation: text-to-text, speech-to-text, etc. Expands into capabilities + models + SDK access. See 04-modalities.md.
Model manifest (Locara) — Locara’s curated model entries. References HF artifacts, validated chat templates, recommended params, license info. See 09-models.md.
Monorepo — Single Git repository holding crates + packages + apps + spec + notes + website. See 17-repo-layout.md.
N
Notarization (macOS) — Apple-mediated process where Apple scans a binary for malware and signs it for Gatekeeper. Required for Locara apps. See 16-build.md.
O
Open question ((open) in spec) — A design decision that is not yet committed. Resolved by adding an ADR.
P
Pinning (model) — Apps reference models by <id>@sha256:<hash>. The hash pins a specific quantization; runtime refuses other models.
Powerbox — macOS’s mechanism for granting sandboxed apps access to user-selected files via the file picker. Apps don’t see arbitrary ~/; they see a file the user chose.
Profile (device tier) — Named tier of hardware requirements: low, mid, high. Apps declare what they need at each tier; runtime picks the right model variants for the user. See 02-manifest.md.
Provenance — See “Attestation.”
Publisher — A registered Locara account that can publish apps. Verified via GitHub OAuth (default) + DNS TXT (for “domain-verified” badge).
Q
Quantization — Reducing the precision of model weights (e.g., from FP16 to Q4) to fit smaller hardware. Tradeoff: smaller + faster, slightly lower quality. v1 default: Q4_K_M for chat models.
R
R2 — Cloudflare’s object storage; Locara’s CDN for artifacts + models. No egress fees.
Registry — A curated, signed catalog. Locara has four: app, model, tool, component registries. The default-published-by-Locara is locara.app; alternatives are supported. See 12-registry.md.
Reviewer (Locara) — Initially the project lead; later trusted community members. Approves/denies submissions that don’t auto-approve.
Risk class (review) — Low / Medium / High based on declared capabilities. Determines auto-approve vs human review.
S
Sandbox — Generic term for capability-restricted execution environment. Locara has three layers: macOS App Sandbox (kernel), Tauri IPC + Locara plugin checks (runtime), Wasmtime (tools).
SDK (@locara/sdk) — TypeScript API surface developers code against. See 05-sdk.md.
Sideload — Installing an app from outside the registry (via a .locapp file). Same trust mechanics, different distribution. See 15-distribution.md.
Sigstore — Open-source ecosystem for signing and verifying software artifacts via short-lived certificates + transparency logs. Locara uses it for provenance attestations.
SQLite — The default storage engine for Locara apps. Single-file, embedded, zero-ops. See 08-storage.md.
sqlite-vec — SQLite extension for vector similarity search. Default vector backend in Locara.
Spec (/spec/) — The folder you’re reading. Contains design documents 00–18.
T
Tauri — Rust-based framework for desktop apps using OS-native webviews. Locara’s runtime + client are Tauri apps. See ../notes/tauri.md.
Tooling — First-class declaration of LLM- or app-callable functions: OCR, filesystem search, code execution, etc. See 04-modalities.md.
TCC (Transparency, Consent, Control) — macOS’s user-prompt layer for sensitive resources (camera, mic, contacts, screen recording). Triggered by Locara apps the first time they use such resources.
Transcribe (the app) — Locara’s first reference app: audio → text → search. Phase 1 deliverable.
U
Universal binary (Universal 2) — macOS binary containing both Apple Silicon (arm64) and Intel (x86_64) code. Considered for Locara post-v1.
User-selected files — Files the user explicitly granted access to via the macOS file picker. The default Locara filesystem capability.
V
Verified publisher — A publisher with DNS TXT or other verified identity. Earns a badge in the registry; preferred placement in some surfaces.
W
Wasmtime — A WebAssembly runtime by the Bytecode Alliance. Locara’s default sandbox for tool execution. See ../notes/wasmtime-wasi.md.
WASI — WebAssembly System Interface. Standardized capability-based API for wasm modules to interact with hosts.
Whisper — OpenAI’s speech-to-text model. Used in Transcribe and as the default STT modality model.
X
Xet — Hugging Face’s storage backend for content-addressable chunked file dedup. Locara uses similar principles for model cache.
Z
zvec — Alibaba’s open-source embedded vector database. Opt-in scale-up alternative to sqlite-vec for >1M vectors.
Cross-references
- All numbered spec docs.
../notes/README.mdfor term origins in prior art.