Glossary

Key terms and definitions for RayRay Enterprise Intelligence Platform

A

Analyst

User role with permissions to upload documents, initiate extractions, perform comparisons, and export reports. Cannot approve extractions for database commitment.

Attribute

A structured data field extracted from documents (e.g., range_km,max_speed_mph, unit_cost). Attributes are defined in scoring profiles.

Audit Event

An immutable record of a system action, including timestamp, user, resource, action type, and outcome. Events are cryptographically chained using SHA-256 hashes.

AU-9

NIST 800-53 control requiring protection of audit information from unauthorized access, modification, or deletion. Implemented via SHA-256 hash chain.

B

Bounding Box (bbox)

Rectangular region on a document page or spreadsheet cell, defined by coordinates{x0, y0, x1, y1}. Used for spatial evidence traceability.

C

Checkpoint

A LangGraph state persistence mechanism that pauses workflow execution pending human intervention. Used to enforce mandatory review before database writes.

Comparison

A structured evaluation of multiple documents against a scoring profile, producing ranked results with weighted scores.

Confidence Score

A value between 0.0 and 1.0 indicating the AI model's certainty in an extraction. Low-confidence extractions are flagged for additional human scrutiny.

D

Decision Memo

A formal PDF document summarizing comparison results, rationale, and approval chain. Includes M-25-21 compliance notice.

Document

An uploaded file (PDF, Excel, CSV) processed by RayRay for data extraction. Documents are immutable after upload.

E

Extraction

The process of converting unstructured document content into structured attribute values. Includes AI processing and human verification.

Extraction Panel

UI component displaying extraction results side-by-side with source document, enabling analysts to verify and correct AI outputs.

F

FedRAMP

Federal Risk and Authorization Management Program. A government-wide program providing a standardized approach to security assessment for cloud services.

H

Hash Chain

A cryptographic structure where each event includes a hash computed over the event content plus the previous event's hash. Provides tamper-evident audit logging.

Human-in-the-Loop (HITL)

A workflow pattern requiring human verification before AI-generated outputs are committed. Mandated by OMB M-25-21 for AI-assisted government decisions.

I

ISSO

Information System Security Officer. Role responsible for security posture, audit review, and compliance monitoring.

ISSM

Information System Security Manager. Senior role responsible for security program management and authorization decisions.

J

JWT (JSON Web Token)

Cryptographic token used for user authentication. Contains user identity, role, and expiration timestamp, signed with a server secret.

L

LangGraph

A framework for building stateful, multi-actor applications with LLMs. Used to orchestrate RayRay's extraction workflow with checkpoint-based human review.

M

M-25-21

OMB Memorandum M-25-21: "Advancing Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence." Establishes requirements for AI oversight in federal agencies, including mandatory human review.

MFA (Multi-Factor Authentication)

Authentication requiring two or more verification factors. RayRay implements TOTP-based MFA per RFC 6238.

Normalization

Process of scaling attribute values to a 0-100 range for comparison. Strategies include MAX (higher is better), MIN (lower is better), and TARGET (closest to value).

N

NIST 800-53

National Institute of Standards and Technology Special Publication 800-53: "Security and Privacy Controls for Information Systems and Organizations." Provides the control framework for RayRay compliance.

O

Observer

User role with read-only access to documents, extractions, and comparisons. Cannot perform actions that modify system state.

OMB

Office of Management and Budget. Executive office responsible for overseeing federal agency performance and issuing policy guidance.

P

Profile (Scoring Profile)

Configuration defining attributes, weights, and normalization strategies for document comparison. Profiles are versioned and snapshotted at comparison creation.

R

Reviewer

User role with Analyst permissions plus ability to approve extractions for database commitment. Serves as the human checkpoint in HITL workflow.

S

SHA-256

Secure Hash Algorithm 256-bit. Cryptographic hash function used for file integrity verification and audit log hash chains.

Sheet

A single tab within an Excel workbook. Each sheet is processed as a separate "page" with its own text blocks and bounding boxes.

Spatial Evidence Traceability

The ability to link every extracted value to its exact source location via bounding box coordinates. Supports audit and verification requirements.

Text Block

A unit of extracted text with associated bounding box coordinates. Text blocks are the atomic units processed by the LLM for attribute extraction.

T

TOTP (Time-based One-Time Password)

A temporary passcode generated by an authenticator app, valid for 30 seconds. Implements MFA per RFC 6238.

W

Weight

A value between 0.0 and 1.0 assigned to an attribute in a scoring profile, indicating its relative importance in the final score. Weights must sum to 1.0.

Workflow Run

A single execution of the extraction workflow, including AI processing and human review. Each run is logged to the audit trail.

Abbreviations

Related

• Compliance — NIST control mappings
• Architecture — System design