Dark Stone Capital Quant · Systematic · Capital
onyx · Jun 25, 2026 · 6 min read

Notebook 024 — We Wiped the Board and Rebuilt ONYX

Notebook 024 — We Wiped the Board and Rebuilt ONYX

This is a build note from a trading system, not trading advice. The lesson is architectural: a desk improves when its authority paths get fewer, stricter, and easier to explain.

Notebook 023 was about strategic command — giving the desk a way to coordinate targets, posture, and execution across a wider surface. That work was honest. It was also the moment we admitted the system had outgrown our ability to operate it cleanly. We did not need another mode on top of the stack. We needed a wipe.

Why we wiped the board

Onyx had accumulated layers faster than we retired them. There was a strategic evaluator sitting beside the daily plan flow. target_plan.json still implied authority even when the live desk had moved on. v3 executor remnants, multiple authority paths, material-alert bridges, and standing desk authority complexity all coexisted in the repo — and in our heads — as if each were equally current.

The desk was harder to operate than the edge justified. Too many moving parts fought each other: which file owns the target? Which path arms a buy? Does the alert bridge or the plan gate win? When authority is ambiguous, operators compensate with judgment calls the runtime was supposed to encode. That is not sophistication. It is fragility with good logging.

So we made a deliberate greenfield cutover. The reference bundle lives in data/GREENFIELD_README.md, and the headline there is the whole philosophy: the plan is the strategy. One plan file per symbol. One posture model from SPY, QQQ, and VXX. One evaluator → guard → paper executor pipeline. Fewer artifacts. Fail-closed gates. Legacy strategic folders and target_plan.json are intentionally not required for the live desk.

Notebook 019 trimmed the repo until authority was visible. Notebook 023 added coordinated command. Notebook 024 is the intentional step past that complexity — not another feature, but a reset to something we can run every morning without a map.

Lessons learned from recent sessions

A wipe does not mean we forgot what the old stack taught us. Several failures in the last week shaped the greenfield rules.

Session caps must be prospective

On June 25, under a MIXED posture, we deployed roughly $276K across four names — individually reasonable trades, including good entries in GOOGL and SPCX — and breached the session deploy cap because counters tracked what had already filled, not what the next order would do. MIXED is supposed to mean 0.75× size, max two entries, and $150K session deploy. The desk broke its own rule without a hard stop.

We shipped a P0 fix: prospective session caps. Before a buy clears, the evaluator asks whether this order would exceed remaining entry or deploy budget. We are gathering per-trade data before changing RED rules further. Caps should fail closed at decision time, not apologize after the fact.

HOSTILE is a probe, not a halt

We briefly considered zero fresh risk on a RED tape — full stop on new entries when SPY and QQQ are below VWAP and VXX is in vol stress. Then June 25 gave us a good GOOGL trade under HOSTILE. That single datapoint was enough to keep the half-size probe: HOSTILE stays at 0.5× notional, one entry per session, $80K deploy cap. Not a green light. Not a blanket ban. A sized-down permission to act when the plan and gates align.

Data hygiene is production infrastructure

SPY's market tile went wrong while QQQ and VXX looked fine. Root cause: a handful of bad one-minute bars around the $502 level — poison premarket prints that corrupted session stats on the SPY chart. We added backfill guards, sanitize passes, and flush logic that refuses to shrink a bar file when history would get worse. QQQ and VXX were never affected; the bug was symbol-local. The lesson generalizes: bad bars are not a chart annoyance. They feed posture inputs, gate logic, and operator trust. Data hygiene belongs beside risk limits, not in a backlog.

Target exits rest at the broker

Target sells now go out as GTC limit orders and rest at the broker until fill or plan change. We stopped re-submitting them daily as DAY orders — that was churn without edge. Fresh buys remain DAY. Extended-hours sells above entry stay enabled so recovery paths can work premarket and after the close. The open-orders tab's TIF column is the honest read: DAY for entries, GTC for targets.

Feasibility is context, not authority

The Target Feasibility panel exposes the gap between the book's target P/L path and a session goal — say, 5% on the day. It rolls up move budget, path quality, and per-symbol distance to plan targets. Useful for sizing ambition. Not a button. Not permission to override posture or plan gates. Feasibility informs; JSON plans and armed execution decide.

Never sell at a loss

Non-negotiable, unchanged across the wipe. Automated exits must stay at or above average entry. The guard enforces it. The dashboard surfaces above-entry recovery paths instead of pretending a loss exit is on the table. If the thesis is wrong, the human handles disposition — the runtime does not donate shares at a discount.

Reading the ONYX desk console

The dashboard at bin/onyx start is a read-only monitor. It polls the desk API every few seconds. Nothing in the browser submits orders or changes authority. Authority lives in plan JSON, posture state, and whether paper execution is armed — not in dashboard buttons.

  1. Top ticker — Book posture color (SUPPORTIVE green, MIXED yellow, HOSTILE red), a scrolling tape of open positions then watchlist marks, and day P/L from the broker snapshot.
  2. Header bar — Feed state and route, session date, regime tag, execution authority (armed/disarmed), daemon health, and session caps showing entries and deploy remaining under the current posture.
  3. Market context — SPY, QQQ, and VXX tiles with session stats: last, change, VWAP relationship, and the inputs posture evaluation consumes after 10:00 ET.
  4. Account — Balances, cash reserve versus the $200K floor, gross exposure versus the $800K envelope, and headroom before single-name or deploy limits bind.
  5. Book — Positions tab for holdings and P/L; Open orders tab with a TIF column that distinguishes DAY entries from GTC target rests.
  6. Target Feasibility — Alerts, book roll-up, and per-symbol path toward plan targets with move budget — context for whether today's goal is realistic, not a trade trigger.
  7. Watchlist — Last price, plan levels (entry zone, invalidation, target), gate status, and an ALLOW/BLOCK verdict with expandable block reasons.
  8. Symbol status / activity — Guard receipts and the decisions tail: what the evaluator allowed or blocked, and what the guard actually sent or stopped.

If a row looks green and the verdict says BLOCK, the verdict wins. The console shows truth; it does not grant exceptions.

How we trade from here

Daily homework produces one plan per symbol in data/plans/.v1.json: entry zone, invalidation, target, mode, and planned notional. A bootstrap script can seed levels from snapshots; placeholders at zero block execution via plan_invalid until a human sets real prices.

After 10:00 ET, book environment from SPY, QQQ, and VXX sets the session budget:

  • SUPPORTIVE — 1.0× size multiplier, no session entry cap, no session deploy cap (account envelope still applies).
  • MIXED — 0.75×, max two entries, $150K session deploy.
  • HOSTILE — 0.5×, max one entry, $80K session deploy.

Hard rails sit underneath posture: $200K minimum cash reserve, $800K max gross deploy, $120K max single name, fresh buys only 09:45–16:00 ET. The watchlist is fixed for now: AAPL, MSFT, GOOGL, AMZN, META, NVDA, TSLA, SPCX.

The runtime pipeline is short: evaluator dry-run → guard → paper executor. Every gate fails closed — missing plan, stale feed, cash floor, prospective cap breach, symbol gate failure. Tools inform the plan; the trader executes the plan; the runtime does not invent trades.

What we are watching next

Three threads will tell us whether the greenfield cutover earned its drama.

First, cap matrix tuning with real fill data — especially whether HOSTILE's half-size probe is right or still too loose. Second, plan quality: are daily levels set with enough discipline that ALLOW means something? Third, feasibility versus deployment — when the roll-up says the 5% path is out of reach, do we size down ambition or skip fresh risk entirely?

We simplified past strategic command, not because coordination was wrong, but because the desk needed one authority story more than it needed another layer. Notebook 019 made the system smaller. Notebook 023 tested coordinated command at scale. Notebook 024 is the board cleared — same discipline, fewer ghosts in the machine.

The plan is the strategy. The console is the mirror. The guard is the stop. We will report back when the greenfield stack has enough sessions to judge.

Written by
Dark Stone Capital
Dark Stone Capital