How do you catch silent logic bugs that don't crash?

Fail as early as possible. In this specific case, invariants help.

To add some context: I’m specifically thinking about cases where each individual state update looks valid on its own, but the combination over time breaks a business rule.

For example, async flows where status updates and data creation are handled in different places.

Curious how teams make these kinds of assumptions explicit in practice.

One nuance I keep seeing is that each individual update is valid, but the invariant only breaks after a specific sequence of events.

That’s where things get tricky to reason about upfront.

Wouldn’t this be a gap in the tests that needs to be closed?

Re-framing the logic of the app can also help.

For example, in your example is there any situation where there is an invoice that has not been paid?

In the vast majority of shopping cart systems, that would be a hard NO. There would be an Order ID, for carts that have not yet been paid for, sure, but an Invoice ID only makes sense if the order has been fully paid for, and not at any stage previous to that.

As such, why have an Order Status at all? Have the mere presence of the Invoice ID be the flag that states the order has been paid for. As in: null = not paid, not null = paid.

Thanks for the thoughtful discussion — a lot of good points here.

For me, the main takeaway is that good modeling, tests, and runtime checks each catch different classes of mistakes, and none fully replace the others.

And thanks who make this package it is easy and it is solve me problem the name package that a have search many times it is

https://github.com/vortexshadow678-hash/invariant-guard