Not Expired ≠ Authorized
ExpirySignal can answer whether something is expired at read time. It cannot answer whether an action should be allowed.
Not expired means only that the current expiry fact does not indicate expiration. It is not authentication, payment, safety, permission, or authorization.
Expiry is a temporal fact. Authorization is an application-owned decision.
Your application queries ExpirySignal, evaluates the returned fact with its own rules, and executes the outcome elsewhere.
- Not expired ≠ permitted
- Not expired ≠ authenticated
- Not expired ≠ paid
- Not expired ≠ safe
- Absence of an expiry record is not permission
Signals remain facts even when your application is tempted to treat them as enforcement.
- Clock skew causes temporal validity to be evaluated incorrectly
- Stale reads cause “not expired” to persist after intended expiry
- Missing writes make expired state invisible
- Developers treat “not expired” as an allow-list
Your application must decide what to do when expiry state is missing, stale, contradictory, or unavailable.
SimpleStates returns the fact. The application owns the decision, enforcement, user-facing behavior, and operational consequence.