Diagrams

PURPOSE

These diagrams document responsibility transfer and signal boundaries.

BLUEPRINT

════════════════════════════════════════════════════════════
  APPLICATION
  (Enforcement Plane · High-Voltage Circuit)
════════════════════════════════════════════════════════════

  Application-owned Responsibility:
  - Identity resolution
  - Business logic & rules
  - Authorization / gating
  - Economic actions (grants, trades, charges)
  - Human overrides & judgment

                     ▲
                     │  HTTP GET  (Read-Time Signals)
                     │  /state/{signal}?subject=entity_id
                     │  < Deterministic JSON >
                     │
────────────────────────────────────────────────────────────
  SIMPLESTATES
  (Signal Plane · Low-Voltage Circuit)
────────────────────────────────────────────────────────────

  EVIDENCE OUT  ·  STATE IN  ·  DECISIONS MADE (Application-owned)

  EVIDENCE SINK  (Downstream · Write-Time)

  [1] StateMirror
      → Immutable decision snapshot ledger
      → Records what the system *knew* at decision time
      → Stores inputs + decision + timestamps
      → Verifiable via hash-chain

      Example:
      {
        inputs: {
          plan: "gold",
          denied: false,
          expired: false
        },
        decision: "approved",
        decided_at: "2025-12-30T18:42:00.000Z"
      }

                     ▲
                     │  (Application evaluates signals,
                     │   then makes a decision)
                     │
                     ▼

  STATE SOURCES  (Upstream · Read-Time)

  [2] PlanSignal
      → Plan & entitlement state
      → What this entity is allowed to have
      Example: { plan: "gold", tier: "vip", origin: "issuer_api" }

  [3] DenySignal
      → Explicit denial state
      → What this entity must not do
      Example: { denied: true, reason: "abuse", severity: "hard" }

  [4] ExpirySignal
      → Temporal validity state
      → What is still valid in time
      Example: { expired: false, expires_at: "2026-01-15T12:00:00.000Z" }

────────────────────────────────────────────────────────────
  GUARANTEES                    |  EXPLICIT NON-CAPABILITIES
────────────────────────────────|───────────────────────────
  - Emits factual state only     |  - NO enforcement
  - Deterministic responses      |  - NO auth decisions
  - Idempotent write ingress     |  - NO background jobs
  - Self-hosted PostgreSQL       |  - NO outbound webhooks
  - Verifiable integrity         |  - NO dashboards / SaaS UI

                     ▲
                     │  HTTP POST  (Write-Time Ingress)
                     │  /write/{signal}
                     │  < Stored facts only >
                     │
════════════════════════════════════════════════════════════
  EXTERNAL EVENT SOURCES
  (The Inputs)
════════════════════════════════════════════════════════════

  - Billing / Issuers / Platforms   → PlanSignal
  - Admin & Anti-Abuse Actions      → DenySignal
  - Timers / Windows / Issuance     → ExpirySignal
  - Application Decisions           → StateMirror

COMPOSITION

PlanSignal     → plan/entitlement state (read-time)
DenySignal     → explicit denial state (read-time)
ExpirySignal   → temporal validity state (read-time)

StateMirror    → evidence snapshots + verification (write-time)

Application composes signals.
Application decides and enforces outcomes.

BOUNDARY RULE

State is queried.
Decisions are made.
Actions are executed.

SimpleStates stops at state.