Glossary

Key terms and concepts with source links

.mpk (bundle)

Signed application archive (tar.gz) containing manifest.json, app.wasm, and optional abi.json. The deployable unit for Calimero applications.

AppKey

Composite application identity: {package}:{signerId}. Determines the ApplicationId. Must stay stable across versions for the upgrade path to work.

ApplicationId

32-byte hash identifying a WASM application.

Defined in: crates/primitives/src/application.rs

BlobId

Content-addressed identifier for binary blobs.

Defined in: crates/primitives/src/blobs.rs

Borsh

Binary Object Representation Serializer for Hashing. Deterministic binary serialization format used for state deltas, governance payloads, store entries, and wire protocol messages.

BroadcastMessage

Borsh-serialized gossipsub payload enum (StateDelta, HashHeartbeat, SignedGroupOpV1, etc.).

Defined in: crates/node/primitives/src/sync/snapshot.rs

Capabilities

Per-member u32 bitmask controlling group-level permissions (CAN_CREATE_CONTEXT, CAN_INVITE_MEMBERS, CAN_JOIN_OPEN_CONTEXTS, MANAGE_MEMBERS, MANAGE_APPLICATION).

CausalDelta

A single DAG entry: delta_id, parents, payload, HLC, expected_root_hash.

Defined in: crates/dag/src/lib.rs

Column

Logical partition in the KV store (Meta, Config, Identity, State, Delta, Blobs, Application, Alias, Generic, Group).

Defined in: crates/store/src/db.rs

Context

An instance binding a Group to an Application. Has its own identity, state DAG, and member list.

Defined in: crates/primitives/src/context.rs

ContextClient

Async facade over LazyRecipient<ContextMessage> for invoking context operations.

Defined in: crates/context/primitives/src/client.rs

ContextId

32-byte hash identifying a context.

Defined in: crates/primitives/src/context.rs

ContextManager

Actix actor managing contexts, groups, governance DAGs, and application lifecycle.

Defined in: crates/context/src/lib.rs

ContextMessage

Top-level message enum for ContextManager with 20+ variants.

Defined in: crates/context/primitives/src/messages.rs

CRDT

Conflict-free Replicated Data Type. Data structures where replicas can be updated independently and merged to produce a consistent result regardless of message ordering.

DAG (Directed Acyclic Graph)

Causal ordering structure used for both application state deltas and governance operations.

Defined in: crates/dag/src/lib.rs

DagStore

In-memory causal DAG with pending queue, topological ordering, and head tracking.

Defined in: crates/dag/src/lib.rs

DeltaApplier

Async trait for applying deltas to storage. Implemented by GroupGovernanceApplier.

Defined in: crates/dag/src/lib.rs

DeltaBuffer

Temporary storage for state deltas that arrive before their context is initialized or while a sync session is active.

Defined in: crates/node/primitives/src/delta_buffer.rs

did:key

DID method that encodes an Ed25519 public key directly in the identifier string. Format: did:key:z{base58btc(0xed01 || public_key)}.

Ed25519

Elliptic-curve digital signature algorithm used for governance operations, bundle manifests, and challenge-response authentication.

G-Counter

Grow-only Counter CRDT. Each node increments its own slot; value() returns the sum. Calimero's Counter type follows this pattern.

GarbageCollector

Periodic actor that cleans up stale data (unused blobs, expired entries). Default interval: 12 hours.

gossipsub

libp2p publish/subscribe protocol. Calimero uses context/<hex> topics for state deltas and group/<hex> topics for governance operations.

Governance epoch

Reserved field on state deltas for future staleness checks. Will reject deltas from removed members. Currently stored but not enforced.

Group

Governance unit owning one or more Contexts. Manages membership, capabilities, visibility via signed operations.

Defined in: crates/context/primitives/src/group.rs

GroupGovernanceApplier

DeltaApplier implementation bridging the DAG to GroupStore for governance ops.

Defined in: crates/context/src/governance_dag.rs

GroupGovernanceDelta

Gossip message carrying a signed governance operation with explicit DAG metadata (delta_id, parent_ids) for replication and catch-up.

GroupMemberRole

Enum distinguishing Admin, Member, and ReadOnly members within a group.

Defined in: crates/store/src/key/group.rs

GroupMutationKind

Lightweight notification enum broadcast after a governance op is applied. Used for real-time UI notifications.

GroupOp

Non-exhaustive enum of governance operations (MemberAdded, ContextRegistered, etc.). 25+ variants.

Defined in: crates/context/primitives/src/local_governance.rs

GroupStateHeartbeat

Periodic gossip message (default 30s) carrying DAG heads and member count. Peers compare heads and request missing ops on divergence.

GroupStore

Authoritative persistence layer for group state. Handles apply, OpLog, nonces, cascades.

Defined in: crates/context/src/group_store.rs

HashHeartbeat

Periodic gossip message carrying root_hash + dag_heads for divergence detection. Part of BroadcastMessage.

HybridTimestamp (HLC)

Logical clock combining wall-clock time with a counter for causal ordering.

Defined in: crates/storage/src/logical_clock.rs

InitPayload

Stream protocol init message enum (BlobShare, KeyShare, DeltaRequest, SnapshotStreamRequest, GroupDeltaRequest, etc.).

Defined in: crates/node/primitives/src/sync/wire.rs

JCS

JSON Canonicalization Scheme (RFC 8785). Produces deterministic byte ordering for JSON. Used by mero-sign before hashing bundle manifests.

JSON-RPC

JSON-RPC 2.0 protocol for external method calls on contexts. Clients POST to /jsonrpc with method name and params.

Kademlia

Distributed hash table protocol from libp2p used for peer discovery, bootstrap routing, and record storage.

KMS

Key Management Service. Releases encryption keys to TEE nodes via attestation. Supported: mero-kms-phala for Phala Cloud.

LazyRecipient

Deferred Actix actor address wrapper using Arc<OnceCell<Recipient>>. Breaks circular init dependencies.

Defined in: crates/utils/actix/

libp2p

Modular P2P networking framework providing transport (TCP/QUIC), discovery (Kademlia, mDNS), messaging (gossipsub), and stream protocols.

LWW (Last-Write-Wins)

Merge strategy where concurrent updates are resolved by keeping the latest timestamp. Used by LwwRegister and per-entry in UnorderedMap.

manifest

JSON metadata inside an .mpk bundle: package, version, signerId, wasm/abi paths, migrations, and Ed25519 signature.

MemberCapabilities

Struct holding the five capability bit constants for group-level authorization.

Mergeable

Trait for CRDT merge operations. Implemented by Map, Set, LwwRegister.

Defined in: crates/storage/

mero-sign

Tool for Ed25519 key generation and bundle manifest signing using JCS + SHA-256 + Ed25519.

meroctl

Operator CLI for a running node. Command groups: app, context, group, call, blob, peers, node.

merod

Calimero node daemon. Commands: init (create config), config (modify settings), run (start all actors and servers).

merodb

Debug CLI for direct RocksDB inspection: schema, export, validate, DAG export, YAML migration plans.

Multiaddr

libp2p address format encoding layered protocol stacks (e.g. /ip4/127.0.0.1/tcp/2428/p2p/12D3KooW...).

NetworkClient

Async facade over LazyRecipient<NetworkMessage>.

Defined in: crates/network/primitives/src/client.rs

NetworkEvent

Events from the libp2p swarm (ListeningOn, Subscribed, Message, StreamOpened, BlobRequested, etc.).

Defined in: crates/network/primitives/src/messages.rs

NetworkManager

Actix actor wrapping the libp2p Swarm.

Defined in: crates/network/src/lib.rs

NodeClient

Async facade over LazyRecipient<NodeMessage>.

Defined in: crates/node/primitives/src/client.rs

NodeManager

Central Actix actor orchestrating network events, blob cache, heartbeats.

Defined in: crates/node/src/lib.rs

Nonce

Cryptographic nonce for replay protection. Per-signer monotonic counter in governance ops.

OpLog

Persistent log of applied SignedGroupOp entries, keyed by (group_id, sequence).

Defined in: crates/store/src/key/group.rs

OpHead

Latest sequence number + current DAG heads for a group.

Defined in: crates/store/src/key/group.rs

PeerId

libp2p peer identifier derived from the node's public key. Uniquely identifies a node in the P2P network.

PrivateState

Node-local storage column for data that should not be synchronized across peers.

PublicKey

Ed25519 public key used for identity and signing.

Defined in: crates/primitives/src/identity.rs

QUIC

UDP-based transport with built-in encryption and multiplexing. Calimero nodes listen on both TCP and QUIC.

ReadOnly

Group member role that allows joining contexts and reading state but prevents all state mutations. Enforced at both local and remote nodes.

RGA (Replicated Growable Array)

Sequence CRDT for character-level collaborative text editing with HLC-based CharIds and left-neighbor positioning.

RocksDB

Embedded LSM-tree key-value store backing all node persistence. 11 column families accessed via calimero-store.

SHA-256

Hash function used for content-addressed IDs (delta_id, blob_id), state hashes, and bundle signing.

SignedGroupOp

Signed governance operation: version, group_id, parent_op_hashes, state_hash, signer, nonce, op, signature.

Defined in: crates/context/primitives/src/local_governance.rs

SignedGroupOpenInvitation

Admin-signed invitation token for joining a group.

Defined in: crates/context/primitives/src/local_governance.rs

SignedGroupOpV1

Legacy gossip wrapper carrying opaque Borsh-serialized SignedGroupOp payload. Still accepted for compatibility.

SignerId

did:key string from the Ed25519 key used to sign bundles. Establishes cryptographic update authority.

StateDelta

BroadcastMessage variant carrying encrypted state diff for a context. Part of the context DAG.

StreamMessage

Wire format for sync streams: Init, Message, or OpaqueError.

Defined in: crates/node/primitives/src/sync/wire.rs

SubgroupCreated

Governance operation that links a child group to a parent, enabling membership inheritance.

SyncManager

Async task managing periodic sync. Selects from HashComparison, LevelWise, Snapshot, or Delta protocols.

Defined in: crates/node/src/sync/manager.rs

TDX

Intel Trust Domain Extensions. Hardware TEE with attestation via measurement registers (MRTD, RTMR0-3).

TEE

Trusted Execution Environment. Hardware-isolated runtime protecting code and data. merod supports TEE mode with KMS key fetch.

TopicHash

Gossipsub topic identifier. Formats: context/<hex> for state, group/<hex> for governance.

UpgradePolicy

Group setting controlling how application upgrades propagate: Automatic, LazyOnAccess, or Coordinated.

Defined in: crates/primitives/src/context.rs

Visibility

Per-context access mode: Open (any group member can join) or Restricted (allowlist required, no admin bypass).

VMContext

Runtime execution context: input, context_id, executor_public_key, governance_epoch.

Defined in: crates/runtime/src/logic.rs

VMLogic

WASM host function dispatcher. Manages registers, memory, storage, events.

Defined in: crates/runtime/src/logic.rs

WASM

WebAssembly. Portable bytecode for application logic. Apps compile to wasm32-unknown-unknown and run via Wasmer with Cranelift JIT.

xcall

Cross-context fire-and-forget call from one context's WASM to another on the same node. Queued during execution, runs after commit. No return value.

No terms match your filter.