Skip to main content
Version: 1.0.0
Last Updated: 2025-12-31
Status: Active
This document describes how data flows through the Encore OS Platform, from user requests to database queries to cross-module communication.

Request Lifecycle

1. User Authentication Flow

Key Points:
  • JWT contains user_id, email, and role claims
  • Token valid for 1 hour (configurable)
  • Refresh token used for silent renewal
  • auth.uid() function extracts user_id in RLS policies

2. Organization Context Setup

Context Flow:

3. Data Query with RLS

RLS Execution Example:

Automation Flow (FW-03)

Form Submission Triggers Automation

Key Security Features:
  • Trigger scoped to organization_id and site_id
  • RLS enforced on all database queries
  • Email sender validation
  • HTTPS-only webhooks
  • Dynamic value resolution prevents code injection
  • All executions audited

Event Flow (Event Infrastructure)

Domain Event Publishing

Idempotency (R7): Event-consumer and automation-executor handlers MUST use event_id or execution_id as idempotency keys—record processed IDs and skip duplicate processing on retry. See EVENT_CONTRACTS § Idempotency and Retry and EDGE_FUNCTIONS.md § automation-executor. Event Types Published:
  1. credential_expired - Employee credential has expired
  2. credential_verified - Credential verification completed
  3. onboarding_completed - Employee onboarding finished
  4. offboarding_completed - Employee offboarding finished
  5. form_submitted - Form submission created (triggers automations)
Event Flow Diagram:

Notification Flow (PF-10)

Creating and Delivering Notifications

Email Delivery Cron Job:
In-App Notification Realtime:

Cross-Module Communication

Scenario: RH Core Needs Form Submission

WITHOUT Platform Integration (❌ Violates Constitution):
WITH Platform Integration (✅ Correct):

Data Flow: Platform Forms Integration

Integration Contract:

Notification Flow (PF-10)

Sending a Notification

Code Example:

Receiving a Notification

Realtime Setup:

Document Management Flow (PF-11)

Upload Document

Upload Flow:

Download Document

Download Flow:

Reporting Flow (PF-12)

Execute Report

Report Execution:

Visual Query Builder


Audit Logging Flow (PF-04)

Automatic Logging (Trigger-Based)

Trigger Example:

Manual Logging (Function-Based)

Manual Audit Example:

Multi-Tenant Data Isolation

How RLS Enforces Isolation

Validation Flow

Cross-Org Protection

Security Test:

Performance Optimization

Caching Strategy

Cache Configuration:

Database Query Optimization

Index Strategy:

Integration Patterns Summary

Pattern 1: Platform Integration Layer

Use Case: Cross-cutting capabilities (forms, notifications, documents) Example: RH core uses forms without depending on FW

Pattern 2: Event-Based Integration

Use Case: Asynchronous workflows, loose coupling Example: Automation engine reacts to form submissions

Pattern 3: API Contracts

Use Case: Synchronous request-response Example: RH requests census data from FA

See /constitution.md Section 5.6 for performance targets and Section 1.3 for integration pattern details.
Last Updated: 2025-11-24
Maintained by: Platform Foundation Team