Context
BSFG exists to preserve durable, replayable boundary history across autonomous zones. That raises a central modeling question: is the boundary substrate authoritative because it stores the current state of cross-zone entities, or because it preserves the fact history from which state can be derived?
This decision affects:
- how replay and recovery work
- whether corrections mutate prior truth or add later truth
- whether consumers can rebuild projections independently
- whether the boundary appliance becomes a stateful application platform
Options Considered
| Option | Description | Benefits | Drawbacks |
|---|---|---|---|
| Mutable current-state store | BSFG keeps the latest state of each subject as the primary authoritative representation. |
- easy “current view” queries
- simple mental model for CRUD-oriented users
|
- history becomes secondary
- replay and audit reconstruction weaken
- corrections require overwrite semantics
| | Dual-authority model | Maintain both current mutable state and fact history as equally authoritative. |
- supports direct read models
- retains historical data
|
- two sources of truth
- reconciliation complexity
- ambiguous audit posture
| | Projection-owned state only | BSFG retains facts and leaves all current-state materialization to downstream projections. |
- strong replay story
- clean separation between transport and interpretation
- independent projection rebuilds are possible
|
- clients wanting current state must build or query projections
- more than one projection may coexist
| | Fact history is authoritative; state is derived (Selected) | BSFG treats retained facts as the authoritative boundary record. Any state view is a derived projection. |
- maximizes replayability and audit clarity
- fits append-only retention model
- keeps BSFG out of application-state ownership
- allows many projections without changing transport truth
|
- current-state queries are indirect
- projection design becomes a downstream responsibility
|
Decision
BSFG treats retained fact history as the authoritative boundary truth. Current state is never the primary boundary primitive.
authoritative truth = retained facts
derived state = projection(facts)
Implications:
- facts are append-only
- corrections are represented as later facts, not overwrites
- current-state views are projections owned by downstream systems or read models
- BSFG does not expose “update state” as a boundary operation
State-like predicates such as state_is or status_is are still facts. They are facts about state, not a separate mutable state substrate.
Consequences
Benefits:
- recovery can always rebuild from retained history while the facts remain available
- boundary truth is simple to reason about and audit
- many downstream consumers can derive different views without competing for authority
- BSFG remains a durable transport substrate rather than a business state manager
Tradeoffs:
- systems wanting a fast current-state answer must maintain projections
- operators must learn to distinguish retained truth from materialized views
- projection correctness becomes a downstream engineering concern