Glossary

Retrieval-Augmented Generation: the model answers from documents you retrieve at query time, so responses stay grounded in your own data.

An eval metric: how well an answer stays grounded in the retrieved context, with nothing invented.

Automated scoring of an AI system’s output (faithfulness, relevancy, precision…) so quality is measured, not guessed.

A numeric vector that represents the meaning of text, used to find semantically similar content.

A second-pass model that re-scores retrieved candidates for relevance, sharpening precision before generation.

An LLM that can plan and call tools in a loop to complete a task — not just answer once.

Rules and checks around an AI system that constrain inputs, outputs and tool use to keep it safe and on-policy.

An attempt to trick an AI into ignoring its safety rules or system instructions.

An attack that hides malicious instructions inside content the model reads, hijacking its behaviour.

Continuous Integration / Continuous Delivery: automated build, test and deploy on every change.

Vulnerability Assessment & Penetration Testing: security testing that finds and exploits weaknesses before attackers do.

A pull-based delivery method: a live board with work-in-progress limits and continuous flow.

A delivery method using fixed-length sprints with a committed scope and regular ceremonies.

A tool that packages a service and its dependencies into a portable container that runs the same everywhere.

An orchestrator that deploys, scales and self-heals containerised services across machines.

The ability to understand a system’s internal state from its traces, metrics and logs.

Application Performance Monitoring: traces and metrics that surface latency, errors and bottlenecks across services.

Service Level Objective: a target for a reliability metric (e.g. 99.9% uptime) that alerts are tied to.

Domain Name System: the internet’s phone book — it turns a name a human types (pangaea.id) into the numeric IP address a machine can connect to.

The authoritative server that holds a domain’s DNS records and answers lookups for it. Whoever runs your nameservers controls your DNS.

Announcing one IP address from many data centers at once, so the internet routes each request to the nearest copy — cutting distance, and latency.

The wait after a DNS change while the rest of the world’s cached copies expire and pick up the new answer — usually minutes, up to 24 hours.

Mail eXchange: the DNS record that says where mail addressed to your domain should be delivered. Read by the sender’s server.

Sender Policy Framework: a published allow-list of the servers permitted to send mail “as” your domain. Checked by the recipient’s server.

DomainKeys Identified Mail: a cryptographic signature on each outgoing message — a private key signs it, and a public key in DNS lets the receiver verify the mail is genuinely yours and untampered.

Domain-based Message Authentication, Reporting & Conformance: ties SPF and DKIM together, tells receivers what to do when a message fails (monitor, quarantine, reject), and emails you reports.

Simple Mail Transfer Protocol: the protocol that moves email between servers. It has no built-in way to prove who sent a message — which is why SPF, DKIM and DMARC exist.

Certification Authority Authorization: a DNS record listing which Certificate Authorities may issue an HTTPS certificate for your domain. Omit a CA your provider uses and the next auto-renewal silently breaks.

Transport Layer Security (the modern name for SSL): the encryption behind the padlock — it scrambles traffic so nobody between the visitor and the site can read or tamper with it.

HTTP Strict Transport Security: a header that tells the browser to only ever reach a site over HTTPS, so there’s no insecure first hop to intercept. It’s sticky — browsers remember it for the whole max-age.

Content-Security-Policy: an allow-list of where scripts, styles, fonts and images may load from. Anything not on the list is refused — the strongest single defence against cross-site scripting.

Web Application Firewall: a managed ruleset that blocks known attack patterns (SQL injection, common exploit probes) at the edge, before they reach your app.

Content Delivery Network: a fleet of servers in hundreds of cities that each hold a copy of your files close to real visitors, so requests are answered nearby instead of from one far-off origin.

The CDN server nearest the visitor — where the cached page is served from. Most requests are answered at the edge and never travel all the way to the origin.

A saved copy of a file kept close to the visitor so it doesn’t have to be rebuilt or refetched every time. A `Cache-Control` header sets how long a copy stays good.

Static Site Generation: building every page into plain HTML ahead of time, so it can be cached and served instantly — and so crawlers and AI that don’t run JavaScript still see the full content.

The customer journey through awareness, consideration, conversion and retention.

Return On Ad Spend: revenue generated per unit of advertising spend.

Cost Per Acquisition: what it costs in marketing spend to win one customer.

An ad that opens a WhatsApp chat on tap, turning ad spend into direct conversations.

Generative Engine Optimization: getting your facts quoted inside the answer an AI writes (ChatGPT, Perplexity, Google AI overviews), rather than just ranking a link. SEO competes for a click; GEO competes to be the sentence the AI says.

An AI that writes a direct answer instead of returning a list of links — ChatGPT, Perplexity, Claude, Google’s AI overviews. To be cited, it has to trust you’re a real entity it can name.

An automated bot that fetches and reads web pages to build a search or AI index — Googlebot, plus AI crawlers like GPTBot, ClaudeBot and PerplexityBot. Most don’t run JavaScript, so the page must ship full HTML.

An XML file listing every page on a site so search engines can find them all. We generate it at build, so it always lists every route and dynamic slug.

The one official address you want a page indexed under. Without it, the same page reachable at two URLs splits its SEO credit between them.

A “moved permanently” redirect that sends one URL to another and merges their SEO credit. We 301 the bare pangaea.id to the canonical www.pangaea.id.

A tag that tells search engines which language/region version of a page to show, and which URLs are equivalents of each other (here: en, id and x-default).

Machine-readable facts about a page (usually JSON-LD using schema.org types) — Organization, Person, FAQPage, BlogPosting — so search engines and AI can parse what the page is, not just read its words.

A real, specific thing an engine can name and trust — a company, a person — as opposed to a stray phrase. You become one through corroboration: the same facts agreeing across independent, trusted sources.

The open, machine-readable knowledge graph that engines treat as a truth anchor (no notability bar like Wikipedia). A sourced Wikidata item is one of the strongest entity signals you can create.

A protocol for instantly telling search engines (Bing, Yandex) which URLs changed, so they recrawl in minutes instead of waiting for the next crawl. We ping it automatically after each deploy.