Reference

Glossary

A reference for the terms that appear across our migration work and content. Oracle Forms terminology, DEX-specific concepts, compliance acronyms, and modern stack vocabulary.

Oracle Forms

Oracle Forms: Oracle's legacy 4GL platform for building database-backed enterprise applications. First released in 1985. Still runs in production at 8,000+ enterprises and processes an estimated $3.2T in business operations globally. Oracle has extended support multiple times but no longer invests in new features.
.fmb file: Oracle Forms binary source file. Contains the full definition of a form: blocks, items, triggers, lists of values, canvases, parameters, and PL/SQL program units. Compiled to .fmx for runtime execution. Cannot be read in a text editor — requires Oracle's Forms Builder or a parser to extract the structure.
.fmx file: The compiled, executable form. Generated from a .fmb at build time. This is what the Oracle Forms runtime actually loads.
PL/SQL: Oracle's procedural extension to SQL. Used inside Forms triggers, packages, and stored procedures. Strongly typed, block-structured, and tightly integrated with the Oracle Database. Most Oracle Forms business logic lives in PL/SQL.
Block: The Oracle Forms unit that maps to a database table or view. A form is a collection of blocks. Each block has items (fields), triggers, and a layout on a canvas.
Canvas: Oracle Forms' layout container. Items are positioned on a canvas. A form can have multiple canvases (content, stacked, tab, toolbar).
LOV (List of Values): Oracle Forms' built-in dropdown/picker. Backed by a SQL query. Modern equivalents are type-ahead inputs, autocompletes, and combo boxes.
Trigger: A piece of PL/SQL that fires in response to a Forms event. There are dozens of trigger types — most business logic accumulates in WHEN-VALIDATE-ITEM, POST-QUERY, and KEY-* triggers.
WHEN-VALIDATE-ITEM: A trigger that fires when a field's value changes and the user moves focus. The most common place where business validation rules accumulate over decades.
POST-QUERY: A trigger that fires after a query returns rows from the database. Used for derived fields, lookups, and data augmentation.
KEY-NEXT-ITEM: A trigger fired when the user moves between fields with the keyboard. Often hides navigation rules and field-skip logic.
Forms Builder: Oracle's desktop IDE for building .fmb files. Required to open and edit Oracle Forms source. Increasingly difficult to find developers who know it.
Oracle APEX: Oracle's modern low-code platform. Often pitched as a Forms migration path. Keeps customers locked into Oracle Database licensing and ecosystem dependency.

DEX Elements

JSON descriptor: DEX's structured representation of a screen, workflow, or form. Inspectable, versionable, diffable. Sits between the AI generator and the runtime, making AI-generated software auditable and reviewable by humans.
Governed generation: DEX's approach to AI code generation. Instead of producing free-form code, the AI assembles applications from a fixed framework against constrained JSON patterns. Drives 5–10x token efficiency and compliance-ready output by default.
Functional layer: The JSON layer that describes what each screen does — fields, validations, queries, permissions, workflows. Distinct from the visual layer (how it looks) and the runtime (how it executes).
DEX runtime: The TypeScript runtime that interprets JSON descriptors and renders production interfaces. Handles authentication, authorization, audit logging, and integration with the REST API layer.
Parallel operation: DEX's standard migration architecture: the new web application connects to the same Oracle Database through a REST API layer, so the legacy and modern systems run simultaneously until cutover. Eliminates downtime and data migration risk.
Migration engine: The DEX component that parses .fmb files, extracts every block, trigger, LOV, and PL/SQL block, and converts them into JSON descriptors plus TypeScript validators.

Compliance and regulation

SOX (Sarbanes-Oxley): US financial controls compliance regime introduced in 2002. Section 404 requires public companies to attest to the effectiveness of their internal controls over financial reporting. Affects every Oracle Forms migration in publicly listed companies.
GxP: A general acronym for "good practice" quality guidelines and regulations in life sciences (GMP, GLP, GCP, GDP). Validated computer systems are a core requirement.
21 CFR Part 11: FDA regulation governing electronic records and electronic signatures in life sciences. Requires audit trails, access controls, and record integrity for any system that handles regulated data.
HIPAA: US healthcare privacy and security regulation. Sets minimum standards for protecting patient health information.
GDPR: EU data protection regulation. Affects any system that processes personal data of EU residents.
ITAR: US International Traffic in Arms Regulations. Controls export of defense-related articles and services. Affects defense contractors using Oracle Forms.
CMMC 2.0: Cybersecurity Maturity Model Certification — US Department of Defense framework for contractor cybersecurity.
DORA: EU Digital Operational Resilience Act. Affects financial services firms operating in the EU.

Modern stack

TypeScript: Typed superset of JavaScript. The target language for every DEX migration. Enables compile-time guarantees that legacy PL/SQL never had.
REST API layer: The HTTP API that DEX generates between the modern UI and the Oracle Database. Replaces direct database access and enables parallel operation with the legacy system.
JSON Schema: A vocabulary for describing the structure of JSON documents. DEX descriptors are validated against schemas at build and runtime.
RBAC: Role-based access control. Built into the DEX framework as a first-class primitive — not bolted on later.
Audit logging: Recording every meaningful action a user takes against a regulated system. Required by SOX, HIPAA, GxP, and most enterprise compliance regimes. Built into the DEX runtime.