Holochain Glossary


This article is currently a work in progress and subject to frequent change.
See changelog for details.

As you go through our documentation you'll probably find some unfamiliar terms, or familiar ones used in surprising ways. Here are the definitions we use.


The unique ID of an entry or agent on the DHT. Every entry has an address that is generated from its content, usually by a hash function.

Address space

The entire range of possible addresses on the DHT. This space is circular; that is, the last address is considered adjacent to the first address.


The relative power of an agent to participate in their world.


  1. Anything with agency, such as a human or bot.

  2. An agent (definition 1) who participates in a Holochain #network through their #DNA instance.

  3. The public/private key pair that represents an agent (definition 2).


Describes a distributed system that puts agents at the center of the design, giving them agency over their online identity and the data they create. Agent-centric systems are usually distributed and use public-key cryptography to identify agents. Git, Holochain, and Secure Scuttlebutt are highly agent-centric, while client/server systems are less so.

Agent address

The address of an agent ID entry on the DHT, calculated from the agent's public key. It is used in node-to-node messaging and in choosing validators for public entries.

Agent ID

An entry near the beginning of an agent's source chain that identifies them. It contains their public key and other identifying information. This entry becomes an agent's unique identifier in the app. The address of this entry is also the agent's address on the DHT.


Describes any data structure that can only be written to. Once written, data is 'immutable', which means it can't be modified or deleted. An agent's source chain and the DHT are both append-only, which makes them logically monotonic.

Application (app)

  1. A collection of back end and front end components that comprise something a person can use.

  2. Synonymous with hApp.


A piece of metadata on an entry, such as a link, provenance, validation signature, warrant, or CRUD status.


The agent who has published a DHT entry, as shown by their provenance.

Back end

Synonymous with a collection of DNA instances for a hApp — the code that contains the base-level persistence and validation logic.


A distributed system that promises Byzantine fault tolerance by using a coordination protocol to get all nodes to agree on a single, shared history of events. This history is stored as a hash chain of 'blocks', or bundles of state changes. A blockchain can be public (anyone can join) or permissioned/private (membership is controlled). Public blockchains are usually trustless, ensuring tamper-resistance by making cheating more costly than honesty.


A connection between DNA instances in one conductor that allows one instance to call another instance's zome functions.


  1. A hApp bundle.

  2. A group of commits that succeed or fail 'atomically', like a transaction in an SQL database (not yet supported).

Byzantine fault tolerance (BFT)

Describes the ability of a distributed system to reach consistency in spite of 'Byzantine failures', accidental or intentional corruption in nodes or the networking transport between them.

Capability-based security

A security model that allows the owner of a resource to grant others access while still maintaining ultimate control. Instead of allowing direct access to the resource, it mediates access and manages privileges by issuing 'capabilities'. In Holochain, an agent's conductor protects their running DNA instances and authorizes subjects' access to them by issuing and checking tokens.

Capability grant

A special private entry that an agent writes to their source chain to record the issuing of a capability and its terms, including the intended subject. The address of this grant becomes a capability token.

Capability claim

A special source chain entry that a subject writes to their source chain. It records the token that they received, allowing them to exercise their capability later.

Capability subject

The entity that is given permission to access a resource via capability-based security. In Holochain, this can be a client or bridged DNA instance on the same machine, or it can be another agent who exercises a capability by communicating with the grantor via node-to-node messaging.

Capability token

A proof that a subject has been given a capability. It's synonymous with the ability to exercise that capability.


The degree to which agency, decision-making power, or responsibility in a distributed system is concentrated in certain nodes. Client/server systems are highly centralized. The complement of centralization is, of course, decentralization.


Any piece of software that accesses a DNA instance's zome functions. It makes function calls over the conductor's RPC interface. This client can be a GUI, a shell script, a service, or a scheduled task. This client lives on the same machine as the conductor.


A highly centralized distributed system architecture in which certain nodes are responsible for most of the processing, storage, and decision-making. Client/server systems typically give low agency to end-users.


The act of adding an entry to a source chain. If an entry is a public entry it also gets published to the DHT.


Any resource that is used by a group of agents but owned by none. In order to survive, a commons must have rules governing its use. A Holochain DHT is a type of digital commons whose rules are enforced by its DNA.


The service that hosts all of a participant's DNA instances, storing data and connecting them to others in the network. Synonymous with a Holochain node.

Conductor API

The RPC interface that a conductor exposes, which allows locally running clients to access and manipulate configuration of DNAs, agents, instances, and RPC interfaces

Conflict-free replicated data type (CRDT)

A function that allows two nodes in a distributed system to separately make changes to the same piece of data without creating conflicts. A CRDT is logically monotonic, which means that it satisfies the CALM theorem and doesn't need a coordination protocol.


  1. Synonymous with consistency in a distributed system.

  2. Synonymous with global consensus in a blockchain or other DLT.


Agreement among nodes in a distributed system about the state of data. Blockchains enforce a strong form of consistency called global consensus. Holochain prefers small-scale consensus, either between interacting parties or among a small set of third-party validators.

Consistency/availability/partition-tolerance (CAP) theorem

A principle that states that all distributed systems are prone to 'partitions' (some groups of nodes becoming unavailable to each other), and that in the presence of a partition a design can only guarantee availability (data can always be accessed and written) or consistency (data is always correct), but not both.

Consistency as logical monotonicity (CALM) theorem

A principle that states that, as long as a function is logically monotonic, it can be run on multiple nodes in a distributed system and reach strong eventual consistency without needing coordination protocols.

Content-addressable store (CAS)

Any storage system that gives a unique ID to each piece of data and allows it to be retrieved by its ID rather than its physical location. A DHT is a type of CAS.

Coordination protocol

An algorithm that governs the synchronization of data in a distributed system. It aims to prevent or resolve data conflicts that happen when two nodes are out of sync with each other. Any state change that isn't logically monotonic needs a coordination protocol.

Core API

See Holochain Core API.

Create, read, update, delete (CRUD)

The four main things an application needs to do with data. Even though all data structures in Holochain are append-only, data can still be updated or deleted by adding a new entry that marks the old data as obsolete.


The act of removing central points of control. Many distributed systems are decentralized to various degrees.


The removal of identical entries in a CAS. Most CASes, including Holochain's DHT, deduplicate content automatically.


Holochain's standard DPKI library.

DHT entry

A public entry that lives in the DHT. DHT entries are assigned to a neighborhood of validators, are deduplicated, can have many authors, and have metadata attached to them in aspects.

Distributed hash table (DHT)

A collection of data stored collectively by many nodes in a distributed system. A node retrieves data by address (usually its cryptographic hash), searching for a peer that is responsible for holding the data. Holochain uses a validating DHT to store public entries. Each DNA has its own separate DHT.

Distributed ledger technology (DLT)

Any technology that involves many nodes in a distributed system sharing an append-only history of state changes. In Holochain, each agent stores their own history in their source chain and shares copies of it with peers.

Distributed public key infrastructure (DPKI)

A public key infrastructure that doesn't rely on a central authority. DeepKey is Holochain's default DPKI implementation.

Distributed system

Any system that involves multiple nodes talking to each other over a network, whether decentralized or centralized. Because communication isn't instantaneous, different nodes can create conflicting data. Many distributed systems use a coordination protocol to come to consistency, while others rely on the CALM theorem.


A package of executable code that defines the shared 'rules of the game' for a group of agents. A DNA is made up of zomes, which define validation rules for data and zome functions for agents to take action.

DNA instance

A particular Holochain DNA when it's bound to an agent. DNA + agent = instance.

End-to-end encryption (E2EE)

A channel between two nodes in a public network that allows them to transfer secret messages that cannot be decrypted by eavesdroppers. Holochain's node-to-node messaging uses E2EE, as does gossip between nodes.


A basic unit of data in a Holochain app. Each entry has its own defined entry type. When an agent commits an entry, it is written to their source chain. If it's marked as a public entry, it's also published to the DHT.

Entry type

A specific sort of entry that a DNA recognizes and understands. Like an OOP class or database table, its entries have an enforced data schema and validation rules. Its entries can also be public or private.

Eventual consistency

Describes a promise made by distributed systems that optimize for availability over consistency (see CAP theorem), meaning that given enough time, every node ought to eventually reach consistency with each other. Strong eventual consistency means nodes are guaranteed to reach consistency without conflicts, which is possible for any system whose state change functions adhere to the CALM theorem.

Front end

Synonymous with graphical user interface.

Global ledger

A ledger whose contents are identical across all nodes in a blockchain.


A protocol used by many peer-to-peer networks. Each node knows a few other nodes, who know a few more, and so forth. Whenever any node receives a message, they broadcast it to some or all of their peers. Data propagates slowly at first, but spreads at an exponential rate. Nodes in a Holochain network share entries, metadata, neighborhood health, and peer addresses via gossip.

Graphical user interface (GUI)

A client that presents a visual, easy-to-understand way for a user to interact with a DNA instance or collection of instances running in their conductor. As with any client, the GUI always runs on the same machine as the conductor.

hApp bundle

A package containing multiple DNA packages that are instantiated together to form the back end for a hApp, along with a UI package for the front end. Holoscape can install and run fully function applications from hApp bundles.


A unique 'fingerprint' for a piece of data, calculated by running the data through a special function. A hash can serve as a unique identifier for that data (such as with addresses of DHT entries) and makes it easy to retrieve data from a hash table and verify its integrity.

Hash chain

An append-only data structure that can be used as a tamper-evident sequential log of events, such as a source chain or blockchain.


The events taken by an agent, recorded in their source chain


  1. The company funding development of Holochain Core.

  2. See Holo Host.

Holochain Development Kit (HDK)

Holochain's standard software development kit (SDK) for zome and DNA developers. It proides developer-friendly access to the low-level Holochain core API as well as macros for defining entry and link types,validation functions, and init functions.

Holochain application (hApp)

A collection of DNAs and a client (or clients) that allow users to interact with those DNAs.

Holochain Core

The basic components of Holochain. The conductor, the nucleus, and the ribosome.

Holochain Core API

The set of core functions that the nucleus makes available to the ribosome, so the ribosome can make them available to a running DNA instance. These functions allow the DNA to access and manipulate an agent's source chain, run cryptographic functions, retrieve and write DHT entries and links, and send node-to-node messages to peers.

Holo Host

A platform and marketplace where Holochain users offer up their spare computing capacity for a fee. Read more at Holo's website.

Immune system

A property of Holochain's validating DHT, whereby healthy nodes detect invalid data, share proof of corruption among their peers, and take defensive action against the corrupt nodes that produced it. While each node is individually responsible for taking action, the cumulative effect is a collective rejection of the corrupt nodes.

Init callback

A function in a DNA that the nucleus calls when an agent runs the DNA instance for the first time. This can be used to set up initial variables, etc.

Intrinsic data integrity

Holochain's fundamental strategy for guaranteeing data integrity. Data is considered valid or invalid based on the DNA's validation rules as well as Holochain's subconscious validation rules.


Synonymous with ledger.


A history of events or state changes. In distributed ledger technology, ledgers are usually stored as hash chains, such as a Holochain agent's source chain.

A piece of metadata connecting one DHT entry to another. Each link has a defined type as well as a 'tag' for storing arbitrary content.

Logical monotonicity

Describes a set of facts in which the truth of prior facts are never negated by the addition of later facts. CALM relies on functions that exhibit this property — that is, monotonically increasing functions.


Any permeable boundary that allows appropriate access and disallows inappropriate access.

The layer of protection around an agent's DNA instance (provided by capability-based security) that prevents unauthorized access to the instance or its source chain data.

A special validation rule for the agent ID entry that governs the agent's ability to become part of the DHT.


Supplementary data attached to a piece of data. In a Holochain DHT, metadata such as links are stored on entries as aspects.


An application architecture pattern that encourages small, single-purpose back end services. Holochain DNAs can be designed as microservices that combine to form a fully featured hApp.

Monotonically increasing function

A function in which adding things to the input can only increase the output, preserving logical monotonicity and allowing the elimination of coordination protocols in a distributed system by virtue of the CALM theorem. This might seem a bit abstract, so consider an example: the DHT never retracts entries; it only adds new ones. Even a deletion is merely the addition of a new entry that says "please consider the old entry obsolete".

Mutual sovereignty

The interplay between the autonomy of the individual and the collective intentions of the group. A successful commons finds a healthy balance between these opposites. Holochain's design is based on this principle, empowering participants to control their own identity and their response to their peers by equipping each of them with a full copy of the application. But those same rules embedded in the application also constitute the group's intentions, so the choice to use a particular also constitutes a participant's consent to help uphold the group.


The proximity of two addresses to each other in the DHT's address space, expressed as the XOR distance between them.


A group of nodes in a Holochain DHT who are near to each other (in terms of address space, not geography). Neighbors collectively support the resilience of all DHT entries whose address is near to them by storing and validating those entries and gossiping to each other about the entries they have.


A community of nodes gossiping with each other to form a validating DHT, aiding in data storage and retrieval, validation, and peer discovery. Each DNA has a separate network.


An individual agent in a Holochain network. It has an agent address and can be talked to via gossip.

Node-to-node message

A direct, end-to-end-encrypted exchange between two nodes on a network.


The core of Holochain. It governs data flow between the conductor and a DNA instance, with the help of the ribosome, and enforces the subconscious validation rules.


  1. Synonymous with DNA.

  2. The act of compiling zome source code and configuration data into a DNA package.


Synonymous with 'user'. We often prefer the term 'participant' because a Holochain DHT is a commons of mutually sovereign peers who all actively participate to maintain its integrity.


Synonymous with node.


Describes a highly decentralized distributed system in which nodes talk directly to each other without the intermediation of a server or other central nodes.

Private entry

An entry which is stored on the source chain but not published to the DHT.


A public key and a public-key signature, stored as a piece of metadata on a DHT entry. It proves that an agent (represented by the public key) actually authored the entry (as proven by the signature), and also allows anyone to verify that a third party hasn't tampered with it.

Public entry

Synonymous with DHT entry. Any entry marked public will be published to the DHT.

Public-key cryptography

A cryptographic system that consists of two keys: a public component and a private or secret component. These keys are mathematically related to each other in a way that's easy for the key pair's owner to prove but nearly impossible for a third-party to reverse-engineer. In Holochain, the public key lives in the DHT as an agent's identity and the private key stays on the agent's device as a proof that they control their public key. Peers can verify an agent's claim of authorship on an entry by checking their provenance, or can use an agent's public key to encrypt a private message that only they can decrypt.

Public-key infrastructure (PKI)

A way for agents to share their public keys, prove their authenticity, and revoke old keys if they've been compromised. Most PKIs, such as the global SSL certficate authority system, are centralized. Holochain provides a distributed PKI system.

Public-key signature

The hash of a piece of data, encrypted with a private key. It can be decrypted by anyone who has a copy of the public key. In Holochain, this is used in a provenance on each DHT entry to prove authorship and detect third-party tampering.

Public/private key pair

See public-key cryptography.


To send a public entry to the DHT after it has passed the author's own copy of the validation rules for the entry. The neighborhood of validators who are responsible for that entry's address receive it, validate it, and store a copy of it if it's valid.

Remote procedure call (RPC)

In Holochain, a call that a client makes to a zome function or conductor API function over an RPC interace.

RPC interface

A network port that the conductor exposes, allowing clients to call the conductor API or make zome function calls to running DNA instances. This interface only listens for local connections (so it can't be accessed over the internet). That means that clients must be on the same machine as the conductor.


  1. The level of a network's capacity to hold itself in integrity as nodes leave and join the network and dishonest nodes try to corrupt it.

  2. The level of redundancy of a DHT entry, expected to correspond to the resilience factor of the DNA. That is, for a resilience factor of 5, each entry is expected to exist on five nodes with 100% uptime or ten nodes with 50% uptime.

Resilience factor

The desired number of copies of a DHT entry that should exist in a DHT. This value is set in the DNA by its creator. Nodes in a neighborhood who are responsible for an entry collectively work to make sure this factor is met at all times.


The 'sandbox' or 'virtual machine' inside which a DNA instance runs. In Holochain's current design, the ribosome is a WebAssembly interpreter that exposes Holochain's core API to the instance and allows the nucleus to call the instance's validation functions, init function, and other callbacks.


The programming language used to build both Holochain and DNAs.

Scenario test

An automated test involving multiple agents on a simulated network. DNA creators can write these tests to ensure that their code works properly in real-life scenarios.


The process of reducing the processing and storage load on individual nodes in a distributed system. While some sharded systems break data into discrete shards, Holochain's DHT shards nodes into overlapping neighborhoods. This increases


A message emitted by a DNA, meant to be received and responded to a client

Source chain

A hash chain of actions taken by an agent. For each DHT, every agent stores their own source chain as a record of state changes they've made — that is, entries they've committed.

Source chain entry

An individual record stored on a source chain. It may be a private entry, in which case it lives only on the source chain, or it may be a public entry, in which case it's also published to the DHT.

Source chain header

A meta-entry that links a source chain entry to the previous entry in an agent's source chain.

State change

A modification of application state. In Holochain, state changes begin life in an agent's source chain as entries and are optionally published to the DHT as a permanent public record.


The 'base' validation rules defined by the Holochain nucleus. These rules check validity of hashes and provenances, as well as the integrity of each agent's source chain.


Describes a peer-to-peer distributed system which is Byzantine fault tolerant even when nodes are anonymous and membership is unrestricted. Trust is placed in the quality of the algorithm and the game theory that underpins it, rather than in the .

Validating DHT

Holochain's DHT design that creates an immune system for the group. Validators are chosen at random, based on their nearness to the address of the entry to be validated. If an entry fails validation, the validator publishes a warrant against the entry's author, along with proof of invalidity.

Validation rule

A function that checks the correctness of an entry. If validation fails, a validator can publish a warrant proving that the entry's author has broken the 'rules of the game' in the DNA's executable code.

Validation signature

A provenance created by the validator of a DHT entry, attesting to the validity of that entry according to its validation rule.


A node in the validating DHT who is chosen at random to validate a DHT entry, based on their agent address' nearness to the address of the entry. After validating, they also store the entry and help maintain its resilience.


An entry created by the validator of a DHT entry, attesting that the entry is invalid according to its validation rule and proving that its author has broken the 'rules of the game' in the DNA's executable code.

WebAssembly (WASM)

A low-level byte code that can be run on almost any platform, including the web browser. Holochain expects DNAs to be compiled to WebAssembly so the ribosome can execute them.

XOR distance

A metric used to calculate the distance between two addresses in the DHT's address space. The addresses' binary representations are XORed together, and the resulting value is turned into an integer. This distance is used for determining a node's neighborhood, including entries they are responsible for and nodes they are neighbors with.


A basic unit of modularity inside a DNA. Zome can be mixed and matched from other DNAs into one DNA in the service of the needs of a network. This zome defines entry types, link types, validation functions, public zome functions, and init functions.

Zome function

A function, created by the author of a zome, that allows a client to take a particular action in a DNA instance. This includes data retrieval and storage, as well as node-to-node messaging. The zome functions act as a public API for the zome, and can be called by another zome within the same DNA, a bridged DNA instance within the same conductor, or a client via the conductor's RPC interface.

Zome function call

The act of calling a zome function.

Was this helpful?