Double-entry mutation core
Move value with atomic debit and credit updates, posted and pending balances, account limits, ordered mutation, and deterministic duplicate handling.
Private-preview ledger database for value exchange systems
TulaDB gives payment, wallet, treasury, and settlement teams a dedicated system for balances, holds, reversals, rejected transactions, financial reference modes, and immutable financial history — without forcing those guarantees into a generic transaction table.
Private preview: available for architecture review, performance review, and controlled integration pilots. Production use still requires deployment-specific security review, operational drills, and validation.
tuladb review package
runtime = deterministic ledger engine
model = transfer, reserve, commit, rollback, reject
write path = validate → order → persist → project
visibility = balances, holds, rejected outcomes, history
recovery = WAL-backed restart and replay review
integration = SDK and gateway evaluation path
status = private preview
review focus:
- balanced financial state
- explicit hold lifecycle
- durable idempotency
- explainable recovery
- operational visibility What users get
TulaDB is designed for teams that need more than “insert a row and reconcile later.” It owns the balanced state transitions, durable operation identity, pending holds, rejected outcomes, and queryable history that value-movement systems depend on.
Move value with atomic debit and credit updates, posted and pending balances, account limits, ordered mutation, and deterministic duplicate handling.
Use reserve, commit, and rollback as first-class operations. A reserve holds the debit side; commit posts the credit; rollback releases the hold.
Model position and settlement flows together, so direct and indirect settlement patterns do not split correctness across separate services.
Failed business decisions remain visible as durable records for audit, duplicate protection, customer support, and operational reconciliation.
Private-preview evaluators can review integration patterns through SDK and gateway-oriented access surfaces.
Read balances, history, pending reservations, rejected records, and accounts through a read-only path that does not open the mutation surface.
Financial reference and amount modes
TulaDB supports two reference identity modes: ISO-style financial references for ISO 20022-oriented systems, or full SHA3-256 digest references when a deployment wants digest-native identity instead.
Amounts are stored as integers by default. When ISO 20022 mode is enabled, TulaDB applies currency-based decimal-scale interpretation for ISO-style amount handling, including 18,5 scale support where required.
Deterministic duplication checks can derive financial identity from source reference, currency, and source identifier using SHA3-256 with Base62 encoding for compact ISO-style references, or use the full SHA3-256 digest representation when that reference mode is selected.
Payment-message standards can remain at the integration edge; TulaDB keeps the resulting financial state deterministic, balanced, and recoverable in the core.
FinX-style 35-character financial references for ISO 20022-oriented systems.
Digest-native reference identity when a deployment wants the full SHA3-256 digest as the reference form.
Amounts are stored as integers by default for deterministic ledger mutation.
When ISO 20022 mode is enabled, decimal interpretation follows currency-based scale policy, including 18,5 support where required.
Position and settlement movement can be applied atomically in one ledger transaction.
Funding and defunding seed or remove value while preserving double-entry correctness.
How this differs from a generic ledger
Generic databases let you insert rows. TulaDB enforces the financial lifecycle beneath the application: reservations move through explicit states, rejected transactions remain visible, position and settlement can update atomically, and retries resolve deterministically.
Those guarantees live below your application code, so product teams do not depend on every service, job, migration, and support tool remembering the same accounting rules.
TulaDB is for teams that want ledger correctness to be a platform guarantee, not an application convention.
Rows can represent intent, but lifecycle, ordering, duplicate handling, rejected visibility, and cleanup live in services above the database.
Transfer, reserve, commit, rollback, and reject are first-class durable outcomes enforced by the ledger runtime.
Scope boundary
TulaDB is not a payment switch, ISO 20022 parser, fraud engine, compliance workflow, or customer orchestration system. Those systems can remain above the ledger.
TulaDB owns deterministic financial state: balances, holds, postings, rejected outcomes, idempotency, and recovery.
Payment and ISO message handling can stay at the integration edge while the ledger receives validated financial intent.
Customer journeys, compliance flows, routing, and business approvals can remain in application services above the core.
TulaDB focuses on durable balances, holds, postings, rejected records, deterministic retries, and recovery evidence.
Mental model
TulaDB treats financial activity as durable state transitions. A retry should return the same outcome. A rollback should leave an explainable trail. A rejected transaction should still be searchable when operations teams investigate what happened.
Accounting kernel vs. ledger system
If you need the fastest possible double-entry atom and your team will build the reservation lifecycle, deduplication, rejected-record visibility, and settlement coordination above it, a minimal accounting kernel can be the right choice.
TulaDB is for teams that want those responsibilities built, tested, and owned below the application — closer to the financial state itself.
Best when the platform team wants a small accounting primitive and is ready to own lifecycle state, retries, reconciliation visibility, settlement choreography, and operational tooling in application code.
Best when the ledger layer should enforce holds, commits, rollbacks, rejected outcomes, deterministic duplicate checks, and atomic position-plus-settlement updates as part of the runtime contract.
Write path
The write path stays narrow and explainable: validate the request, order the mutation, persist the outcome, and project it into queryable history.
Architecture preview
This static architecture flow maps the private-preview runtime at a high level: SDK ingress, deterministic account mutation, durability, query projection, and replication review.
Stable operation identity enters through SDKs, native access, or an authenticated adapter.
Validation, idempotency, reservation lifecycle, tiered transfer logic, and ordered mutation.
Persistent financial outcomes, recovery checkpoints, and immutable history projection.
Leader/follower behavior, quorum progression, and controlled recovery review.
Balances, transaction history, pending reservations, rejected records, and account search.
Architecture position
Fraud checks, routing, customer orchestration, compliance, and network adapters can remain outside the ledger. TulaDB owns the part those systems should not improvise: durable, idempotent, balanced financial state.
This keeps the ledger core small, deterministic, and reviewable while business workflows remain configurable above it.
Operations
Operators need to answer practical questions quickly: what was accepted, what was rejected, what is pending, what recovered, and which safety posture is running. TulaDB exposes those concerns as explicit runtime and validation surfaces.
Private-preview review separates conservative operating posture from performance-oriented evaluation modes.
Durability, recovery, and replay behavior are evaluated through concrete runtime artifacts and controlled drills.
TLS/mTLS support is part of the private-preview security envelope. Production deployments should still validate authentication policy, rate limits, audit logging, and network boundaries.
Private-preview evaluators can review the available operational surfaces for account state, transfers, reservations, rejected outcomes, and live runtime status.
Trust posture
Verification targets are part of the private-preview evaluation package. They exist to produce evidence for correctness, recovery, and operational review without exposing implementation detail on the public site.
Preview status: TulaDB is ready for architecture review, performance review, controlled integration experiments, and design-partner discussions. Production use should follow deployment-specific security review, operational drills, and validation.