GOVERNANCE_STATE_MACHINE_MATRIX.md

0. Purpose

Define deterministic governance state transitions with canonical code-aligned record types.

1. Policy Domain

States:

• DRAFT
• FROZEN

Transitions: | From | To | RecordType | |---|---|---| | DRAFT | FROZEN | POLICY_FREEZE |

2. Access Decision Domain

State model:

• Stateless override by latest decision for (subjectId, action, policyHash).

RecordType:

• ACCESS_DECISION

3. KES Domain

RecordTypes:

• KES_VERSION_PROPOSED
• KES_VERSION_RATIFIED

Constraints:

• Monotonic contiguous version chain.
• Ratification requires matching proposal hash.

4. Tender Domain

States:

• CREATED
• OPEN
• CLOSED
• CANCELLED

Transitions: | From | To | RecordType | |---|---|---| | CREATED | OPEN | TENDER_TRANSITION | | OPEN | CLOSED | TENDER_TRANSITION | | OPEN | CANCELLED | TENDER_TRANSITION |

5. Auction Domain

States:

• CREATED
• OPEN
• CLOSED
• SETTLED
• CANCELLED

Transitions: | From | To | RecordType | |---|---|---| | CREATED | OPEN | AUCTION_TRANSITION | | OPEN | CLOSED | AUCTION_TRANSITION | | OPEN | CANCELLED | AUCTION_TRANSITION | | CLOSED | SETTLED | SETTLEMENT_INTENT followed by valid SETTLEMENT_EVENT completion |

6. Settlement Domain

Canonical recordTypes:

• SETTLEMENT_INTENT
• SETTLEMENT_EVENT

Lifecycle:

• Intent creation: SETTLEMENT.CREATE via SETTLEMENT_INTENT
• Event progression: via SETTLEMENT_EVENT

7. Cross-Domain Constraints

1. Policy must be frozen before policy-bound actions.
2. Ratified KES version is required before settlement operations that reference KES commitments.
3. Settlement intent must not occur before parent process closure.

8. Determinism Requirement

Validation must be pure, replayable, and ledger-only.