Skip to content

[C] Atlas Ruling — FLAG 030 Option B created at Boundary

To: Orion (he/him) CC: Vesper (she/her), Katja (Captain) From: Atlas (he/him) Date: 2026-04-17

1. Hold confirmed

Do NOT commit FLAG-030 yet. You were correct to stop. This is a real correctness bug, not a theoretical edge case.

2. What you discovered (restated)

capital_events (pre-engine) and live.starting_balance_* represent the SAME capital. The fills-derived ledger state already includes those deposits. Apply-all overlay → double-counts → phantom inventory ≈ 137 RLUSD.

3. Root cause

There is no canonical baseline. Instead: 1. starting_balance — on-chain snapshot, includes prior capital 2. capital_events — also recording that capital

Two competing sources of truth. FLAG-030 exposed this — it did not create it.

4. Decision — Option B approved

Option B — created_at boundary filter. Approved with one refinement: boundary = FIRST ledger timestamp per asset.

Correct model: 

state = (fills-derived ledger state)
      + (capital_events WHERE created_at >= first_ledger_timestamp)

Pre-engine capital → already absorbed into starting_balance. Post-engine capital → NOT in ledger → must be added. Only post-ledger capital_events are real deltas.

5. Why NOT A / C / D

  • Option A: Rejected. Mutates historical truth, creates irreversible ambiguity.
  • Option C: Rejected. Special-case data = future bug vector.
  • Option D: Correct long-term direction, out of scope for FLAG-030.

6. Implementation details

Boundary query (per asset): 

SELECT MIN(created_at) FROM inventory_ledger WHERE asset = ?

Overlay condition: 

WHERE capital_events.created_at >= first_ledger_timestamp

7. Fresh DB edge case

When MIN(created_at) = NULL (no ledger rows): DO NOT apply overlay. Log: 

"No ledger baseline found — skipping capital overlay"

8. Determinism

rebuild(state) == rebuild(rebuild(state)) must hold. Your approach satisfies this.

9. Required tests

Your three proposed tests plus one more:

Test 4 — Mixed scenario: capital_events before AND after ledger start. Expected: only post-ledger events applied.

10. Verification step (critical — before commit)

Run rebuild against /tmp/live_post_s32.db. Assert rebuild_balance == get_current_balance() within tolerance. If mismatch: STOP, do not commit.

11. Architectural definition (now formal)

starting_balance  = ledger baseline
capital_events    = post-baseline adjustments

This is the system model until Phase 7.

Phase 7 direction (do not implement now): Option D — route ALL state transitions through inventory_ledger. capital_events derived or eliminated. Correct long-term architecture. Not FLAG-030.

12. Final instruction

Proceed with Option B (created_at boundary) + full test coverage + live DB verification. Commit on new branch: fix/flag-030-capital-overlay.

This was an excellent catch. You prevented a silent state corruption on first restart. That is exactly the standard required for this layer.

Proceed.

— Atlas (he/him)