# User Lifecycle

#### 1. Open account

* `AccountManager.openAccount(owner) -> accountId`
* initialize owner permissions

#### 2. Deposit collateral

Flow:

1. user approves adapter
2. `AccountManager.deposit(accountId, profileId, amount)`
3. adapter pulls token into custody
4. adapter notifies Ledger: `lock(profileId, accountId, amount)`

Requirements:

* deposits allowed even if oracle is stale (depositing reduces risk)
* collateral enabled flag must be true

#### 3. Mint rwaUSD

Flow:

1. `AccountManager.mint(accountId, profileId, amtRwaUsd, to)`
2. `FeeAccumulator.accrue(profileId)` updates index
3. Ledger computes new principal delta corresponding to desired minted amount (or mints in principal units directly; pick one and keep consistent)
4. Ledger checks:
   * oracle status `OK`
   * cap not exceeded
   * post-mint safety check passes
   * min position threshold satisfied
5. Ledger:
   * increases principal
   * mints rwaUSD to `to`

**Note on units:**\
The cleanest approach is to mint in **current-liability units** (what user sees), then convert to principal internally using the current index. That prevents user confusion and keeps UI consistent.

#### 4. Repay (burn rwaUSD)

Flow:

1. user approves rwaUSD spending
2. `AccountManager.repay(accountId, profileId, amtRwaUsd, from)`
3. accrue index
4. Ledger reduces liability by burning rwaUSD
5. principal decreases accordingly
6. if principal hits zero, account is debt-free for that profile

Repayments must always be allowed, even in restricted mode.

#### 5. Withdraw collateral

Flow:

1. `AccountManager.withdraw(accountId, profileId, amount, to)`
2. accrue index
3. Ledger checks post-withdraw safety
4. Ledger decreases locked collateral
5. adapter transfers tokens to `to`

Withdrawals are risk-increasing and must be blocked when:

* oracle status not `OK` (policy choice: either block or require higher margin)
* system is paused
* account is under unwind