STEP-06-STATE-MACHINE-EX-IP-04.md
Document Metadata
- Name: STEP-06-STATE-MACHINE-EX-IP-04
- Version: 1.0
- Status: DRAFT
- Date: 2026-02-26
Purpose
This governance state machine defines the canonical lifecycle for EX-IP-04 (Cost Estimate Inspection), including state authority, transition boundaries, and invariants required for auditability and automation-safe form gating. This document does NOT define UI design, backend workflows, SLAs, or implementation details.
Canonical State List
- INITIATED
- SUBMITTED
- ASSIGNED
- UNDER_INSPECTION
- UNDER_VERIFICATION
- VERIFICATION_COMPLETED
- UNDER_REVIEW
- DECISION_PENDING
- CORRECTION_REQUIRED
- APPROVED
- REJECTED
- ANCHORED
- SETTLED
- CLOSED
- CANCELLED
State Definitions
INITIATED
- Description: Procedure instance is opened; submission package is being prepared.
- Allowed roles: Applicant / Client
- Prohibited actions: Assignment, decision, closure
- Mandatory records: F-IP-04-01 (draft in progress)
- Governance invariants: Initiator MUST NOT self-approve later decision stages.
SUBMITTED
- Description: Submission package is formally submitted for governance processing.
- Allowed roles: Applicant / Client
- Prohibited actions: Decision, closure
- Mandatory records: F-IP-04-01
- Governance invariants: Submission payload becomes auditable evidence.
ASSIGNED
- Description: Inspector is assigned under explicit authority boundaries.
- Allowed roles: Governance Manager
- Prohibited actions: Inspection output approval by assigner
- Mandatory records: F-IP-04-02, F-IP-04-09 (if required)
- Governance invariants: Assigned inspector MUST satisfy independence constraints.
UNDER_INSPECTION
- Description: Inspection evidence is being collected and recorded.
- Allowed roles: Inspector
- Prohibited actions: Final decision, closure
- Mandatory records: F-IP-04-03
- Governance invariants: Inspector MUST record factual observations only.
UNDER_VERIFICATION
- Description: Verification activity is in progress against submitted estimate and inspection evidence.
- Allowed roles: Inspector
- Prohibited actions: Final governance decision
- Mandatory records: F-IP-04-04 (in progress)
- Governance invariants: Verification evidence MUST be traceable and complete.
VERIFICATION_COMPLETED
- Description: Verification result is finalized and ready for review/decision gate.
- Allowed roles: Inspector
- Prohibited actions: Direct closure, settlement finalization
- Mandatory records: F-IP-04-04
- Governance invariants: Verification completion MUST be immutable before review.
UNDER_REVIEW
- Description: Independent review stage (when review role is enabled).
- Allowed roles: Reviewer (if applicable), Quality Manager
- Prohibited actions: Reviewer MUST NOT sign as inspector for same instance
- Mandatory records: F-IP-04-05 (conditional)
- Governance invariants: Review separation-of-duties MUST hold.
DECISION_PENDING
- Description: Governance authority evaluates evidence for final decision.
- Allowed roles: Governance Manager
- Prohibited actions: Unapproved closure
- Mandatory records: F-IP-04-06 (draft/working)
- Governance invariants: Decision authority MUST NOT equal inspector role for same instance.
CORRECTION_REQUIRED
- Description: Correction or clarification is required before decision.
- Allowed roles: Governance Manager, Inspector, Applicant / Client (as applicable)
- Prohibited actions: Approval, closure, settlement
- Mandatory records: F-IP-04-07
- Governance invariants: Corrections MUST be linked to explicit evidence gaps.
APPROVED
- Description: Inspection outcome is formally approved.
- Allowed roles: Governance Manager, Quality Manager (review scope)
- Prohibited actions: Payload mutation without correction loop
- Mandatory records: F-IP-04-06
- Governance invariants: Approval MUST be justified and auditable.
REJECTED
- Description: Inspection outcome is rejected with governance reason.
- Allowed roles: Governance Manager
- Prohibited actions: Further progression
- Mandatory records: F-IP-04-06 (with rejection rationale)
- Governance invariants: Rejection MUST be immutable and traceable.
ANCHORED
- Description: Integrity proof for finalized inspection record set is anchored.
- Allowed roles: Governance/Oversight function
- Prohibited actions: Treat anchoring as approval logic
- Mandatory records: Anchoring proof reference
- Governance invariants: Anchoring is proof-only.
SETTLED
- Description: Settlement reference is recorded for finality evidence.
- Allowed roles: Governance/Oversight function
- Prohibited actions: Re-open decision logic
- Mandatory records: Settlement reference record
- Governance invariants: Settlement is finality evidence, not governance decision logic.
CLOSED
- Description: Procedure instance is formally closed.
- Allowed roles: Governance Manager, Quality Manager
- Prohibited actions: Any state mutation
- Mandatory records: F-IP-04-08
- Governance invariants: Closed record set MUST be immutable.
CANCELLED
- Description: Procedure instance is cancelled before completion.
- Allowed roles: Governance Manager
- Prohibited actions: Further progression
- Mandatory records: Cancellation record (decision evidence)
- Governance invariants: Cancellation MUST be explicit and auditable.
State Transitions (Conceptual)
| From State | To State | Triggering Condition | Responsible Role | Required Evidence | |------------------------|------------------------|------------------------------------------------|--------------------------|------------------| | INITIATED | SUBMITTED | Submission package formally submitted | Applicant / Client | F-IP-04-01 | | SUBMITTED | ASSIGNED | Inspector assignment approved | Governance Manager | F-IP-04-02 | | ASSIGNED | UNDER_INSPECTION | Inspection activity started | Inspector | F-IP-04-03 | | UNDER_INSPECTION | UNDER_VERIFICATION | Inspection observations complete | Inspector | F-IP-04-03 | | UNDER_VERIFICATION | VERIFICATION_COMPLETED | Verification completed | Inspector | F-IP-04-04 | | VERIFICATION_COMPLETED | UNDER_REVIEW | Independent review required | Governance Manager | F-IP-04-05 (if enabled) | | VERIFICATION_COMPLETED | DECISION_PENDING | Review bypass not required by policy | Governance Manager | F-IP-04-04 | | UNDER_REVIEW | DECISION_PENDING | Review completed | Reviewer / Quality | F-IP-04-05 | | UNDER_REVIEW | CORRECTION_REQUIRED | Review identified correction need | Reviewer / Quality | F-IP-04-05 | | DECISION_PENDING | APPROVED | Decision approved | Governance Manager | F-IP-04-06 | | DECISION_PENDING | REJECTED | Decision rejected | Governance Manager | F-IP-04-06 | | DECISION_PENDING | CORRECTION_REQUIRED | Decision requires correction cycle | Governance Manager | F-IP-04-07 | | CORRECTION_REQUIRED | SUBMITTED | Corrected package resubmitted | Applicant / Inspector | F-IP-04-07 | | APPROVED | ANCHORED | Anchoring executed (if enabled) | Oversight | Anchoring proof reference | | ANCHORED | SETTLED | Settlement reference recorded | Oversight | Settlement reference | | SETTLED | CLOSED | Closure finalized | Governance Manager | F-IP-04-08 | | APPROVED | CLOSED | Direct closure path (if anchoring not required)| Governance Manager | F-IP-04-08 | | Any pre-terminal state | CANCELLED | Cancellation decision | Governance Manager | Cancellation record |
Governance Invariants
- Inspector MUST NOT approve own inspection output.
- Reviewer (if enabled) MUST be independent from inspector for same instance.
- Governance decision authority MUST remain separated from inspection authorship.
- Correction loops MUST NOT bypass verification and decision evidence gates.
- After terminal states (
CLOSED,REJECTED,CANCELLED), records are immutable. - Anchoring and settlement are proof/finality artefacts only.
Terminal States
- CLOSED
- REJECTED
- CANCELLED
Anchoring and Settlement Positioning
ANCHOREDandSETTLEDrepresent evidence of integrity/finality.- They MUST NOT act as approval authority.
- UI and APIs MUST NOT present these states as decision makers.
UNDEFINED Items
- Reviewer role mandatory/optional enforcement policy.
- Maximum correction loop count.
- Detailed cancellation authority matrix.
- Anchoring requirement policy per inspection category.