CAPITAL LIFECYCLE — 6 PHASES

Capital Lifecycle

Every dollar entering OPTKAS moves through a deterministic, auditable pipeline. No state can be skipped. No transition can be reversed.

AI Intake

Institutional allocation request enters the system via /api/ai-intake. OpenAI-powered risk scoring evaluates entity profile, jurisdiction, compliance history, and tranche fit.

Enforcement

Env-validated endpoint. JWT-resolved entity. No fallback AI stubs — hard failure if OPENAI_API_KEY missing.

risk_score (0–100)

risk_tier (A/B/C)

compliance_flags[]

system_audit_log entry

Compliance Score

AI risk output feeds into internal compliance review. Risk tier determines fast-track eligibility or manual review routing. Score persisted to audit ledger with idempotency key.

Enforcement

Immutable audit log — INSERT/SELECT only. UPDATE/DELETE blocked by PostgreSQL trigger.

compliance_decision

review_assignment

audit trail entry

Entity Approved

DB state: pending

Entity clears compliance gate. Allocation request created in allocation_requests table with status 'pending'. $100K minimum enforced at DB level.

Enforcement

FK constraint: entity_id must reference institutional_entities. $50M cap per allocation. Unique pending index per entity/tranche.

allocation_request (pending)

entity_id FK verified

amount CHECK passed

Internal Review

DB state: under_internal_review

Allocation transitions to under_internal_review. Managed by advance_entity_state() RPC. Only valid from 'pending'. State machine enforced at trigger level.

Enforcement

Deterministic trigger: enforce_deterministic_allocations(). Invalid transitions rejected with RAISE EXCEPTION.

status: under_internal_review

reviewer_assigned

state_transition_log

Escrow Initiated

DB state: escrow_initiated

Capital locked via /api/escrow-initiation. Creates escrow record with settlement_due_at timestamp. Only valid from under_internal_review.

Enforcement

Env-validated Supabase credentials. JWT-authenticated caller. Deterministic state gate.

escrow_record created

settlement_due_at set

status: escrow_initiated

Settlement Confirmed

DB state: funded

Settlement webhook confirms capital delivery. Only valid from escrow_initiated. Terminal state — no further transitions. Audit entry locks the lifecycle.

Enforcement

HMAC-SHA256 webhook validation. 5-minute timestamp drift. Constant-time comparison. Signature logged.

status: funded (terminal)

settlement_confirmed_at

webhook_log with signature_valid: true

Terminal States

Once an allocation reaches a terminal state, no further transitions are possible. The state machine enforces finality.

cancelled

Available from pending or under_internal_review only. Terminal — cannot resume. Requires explicit cancellation with actor tracking.

funded

Capital settled. Immutable terminal state. All state transitions locked. Full audit trail preserved.

Enforcement Layers

Application

JWT auth

Env validation

CORS headers

Database

State machine trigger

Immutable audit

FK + CHECK constraints

Network

HMAC webhooks

HSTS preload

CSP enforcement

DETERMINISTIC CAPITAL ROUTING

System Integrity Deal Room