Refactor resource zome to use Request-Evaluate-Apply pattern

[Soushi888]

Summary

Refactor the resource zome so that all resource state changes pass through the governance zome for approval before being applied. This implements the Request-Evaluate-Apply pattern that is the core flow of the governance-as-operator architecture.

Context

Currently, resource operations (create, update, transfer) happen directly in the resource zome without governance approval. The governance-as-operator architecture requires:

1. Resource Zome requests a state change → sends GovernanceTransitionRequest
2. Governance Zome evaluates rules and permissions → returns GovernanceTransitionResult
3. Resource Zome applies the change only if approved

This ensures all resource mutations are governed and auditable.

Technical Implementation

1. New Resource Zome Function

#[hdk_extern]
pub fn request_resource_transition(
    request: GovernanceTransitionRequest,
) -> ExternResult<GovernanceTransitionResult> {
    // 1. Validate input data integrity
    validate_transition_request(&request)?;

    // 2. Call governance zome for evaluation
    let result: GovernanceTransitionResult = call(
        CallTargetCell::Local,
        "zome_gouvernance",
        "evaluate_state_transition".into(),
        None,
        &request,
    )?;

    // 3. Apply state change if approved
    if result.success {
        if let Some(new_state) = &result.new_resource_state {
            update_resource_state(new_state)?;
        }
        if let Some(event) = &result.economic_event {
            record_economic_event(event)?;
        }
    }

    Ok(result)
}

2. Refactor Existing Resource Operations

Identify and refactor resource operations that currently bypass governance:

• create_economic_resource — should it require governance approval?
• update_economic_resource — must pass through governance
• Any transfer/custody change operations
• State changes (active, reserved, retired)

3. Data Validation vs. Business Validation Split

• Resource zome keeps: Data integrity validation (non-empty fields, valid quantities, spec exists)
• Governance zome handles: Business rule validation (permissions, governance rules, state transition legality)

4. Error Handling

• Handle governance zome unavailability gracefully
• Log rejections for audit trail
• Return structured error information to callers

Acceptance Criteria

• request_resource_transition function implemented in resource zome
• Cross-zome call to evaluate_state_transition works correctly
• Approved transitions update resource state and create economic events
• Rejected transitions are logged and return rejection reasons
• Data integrity validation remains in resource zome
• Business rule validation delegated to governance zome
• Error handling covers governance unavailability
• Existing resource operations refactored to use the new pattern
• Integration tests verify the full Request-Evaluate-Apply flow

Dependencies

• Define cross-zome interface types for governance-as-operator protocol #41 (Cross-zome interface types)
• Implement pure-function GovernanceEngine for state transition evaluation #42 (GovernanceEngine implementation)

Definition of Done

• Resource state changes flow through governance evaluation
• All integration tests pass
• No regression in existing resource functionality
• Code review completed

[Soushi888]

Architecture note (2026-04-06): This issue was written before the NDO 3-layer architecture spec (ndo_prima_materia.md) was finalised.

The Request-Evaluate-Apply pattern described here applies specifically to NDO Layer 2 (Process layer) operations — economic events, custody transfers, Use/Transport/Storage/Repair processes. It does NOT apply to NDO Layer 0 (NondominiumIdentity), which is an immutable entry after creation (only lifecycle_stage may be updated, via a direct zome call, no governance gate needed).

When implementing this issue, scope the REA refactor to operations that create or transition EconomicEvent/Process entries (Layer 2). The NondominiumIdentity creation and lifecycle update paths remain outside this governance gate.