// Make the bad state impossible · lesson 03
Make illegal states unrepresentable
The most elegant way to prevent a bad state is to build a system where the bad state cannot be constructed in the first place. Not caught after it forms. Not validated against. Impossible to express at all. This is the state-machine idea, and it's the difference between a system that checks for invalid states and a system where invalid states simply have no way to exist.
Take an order that moves through pending, confirmed, filled, and cancelled. The sloppy version stores a status string and a pile of boolean flags, and now nothing stops the code from producing an order that's both filled and cancelled, or confirmed with no confirmation, because the shape of the data permits nonsense. The structured version models the states explicitly and the transitions as the only ways to move between them, so an order can only ever be in one real state, and it can only get there through a legal move. The illegal combinations aren't rejected. They were never representable. There's no arrangement of the pieces that spells them.
Why is unrepresentable better than validated?
Because validation is a check you have to remember to run, everywhere, forever, and forgetting it once is all it takes. "Make illegal states unrepresentable" moves the guarantee from runtime discipline to the structure itself. A validated system says "this bad state can exist, but I'll try to catch it every time." A well-modeled system says "this bad state has no way to come into being." The first depends on you never missing a check. The second depends on nothing, because the badness isn't prevented by vigilance, it's prevented by the fact that the data has no way to hold it. One relies on you being perfect. The other doesn't need you at all.
How this lands with AI in the loop
When a model is generating against a well-shaped structure, it inherits the guarantee for free. It cannot produce the illegal state, not because it was careful, but because the types, the transitions, the shape of what it's allowed to build won't let it. You've made the model's carefulness irrelevant to that class of bug, which is exactly where you want it, because the model's carefulness is the thing you can't count on. Design the shape so the wrong thing can't be spelled, and the model can't spell it.
The takeaway: don't validate against bad states, build structures where bad states can't be constructed, because unrepresentable beats caught-every-time, and a model can't produce an illegal state that has no way to exist.