Job Lifecycle
State Machine
State Descriptions
| State | Trigger | Description |
|---|---|---|
created | Job message on queue after OAuth consent | Job ID and namespace created. DEK generated and stored encrypted in manifest. No data written yet. |
collecting | Data Collector starts | Collection phases execute. No partial writes to EDS during collection. |
written | Data Collector completes all 4 phases | collection.json.enc written atomically. Manifest updated with checksum and write timestamp. |
assessing | Assessment Engine reads collection | DEK requested, collection.json decrypted in memory, evaluation begins. Data never written to disk decrypted. |
assessed | Assessment Engine completes | findings.json.enc written (retained tier) or discarded (ephemeral). report.pdf.enc written. |
delivered | Report delivered to client | Download confirmed. TTL clock starts. Manifest updated with delivery timestamp. |
expired | TTL reached | All files in job namespace deleted by store TTL. Audit log entry retained for 12 months (metadata only). |
deleted | Client deletion request | Immediate deletion of all files. Audit log entry updated. Client email confirmation within 24 hours. |
failed | Phase 1 collection failure | No files written to EDS. Client notified. Admin alert triggered. |
Namespace Structure
/{tier}/{job_id}/
collection.json.enc ← AES-256 encrypted raw collection output
findings.json.enc ← AES-256 encrypted assessment findings (retained tier only)
report.pdf.enc ← AES-256 encrypted generated report
manifest.json ← Job metadata: checksums, timestamps, encrypted DEK reference
Client Deletion Request Process
- Client submits deletion request via account portal — requires re-authentication
- CYC system locates all job namespaces for client's tenant ID hash
- All encrypted files deleted immediately — ahead of TTL schedule
- Audit log updated:
deletion_trigger: client_request - Client receives email confirmation within 24 hours
- Audit log metadata entry retained for 12 months per standard policy
For ephemeral-tier clients
Clients who did not opt in to retained storage can also request a deletion confirmation email. This confirms their data was already deleted per the standard 48-hour TTL — it is a transparency service, not a deletion action.