@exagent/agent 0.2.1 → 0.3.0

package/src/config.ts

@@ -1,4 +1,7 @@
-import { readFileSync, existsSync, writeFileSync } from 'node:fs';
+import { createCipheriv, createDecipheriv, randomBytes, scryptSync } from 'node:crypto';
+import { existsSync, readFileSync, writeFileSync } from 'node:fs';
+import { homedir } from 'node:os';
+import { dirname, resolve } from 'node:path';
 import { z } from 'zod';
 import type { LLMProvider } from '@exagent/sdk';
 
@@ -20,6 +23,11 @@ export interface RuntimeConfig {
   strategy: {
     file?: string;
     template?: string;
+    prompt?: {
+      name?: string;
+      systemPrompt: string;
+      venues?: string[];
+    };
   };
   trading: {
     mode: 'live' | 'paper';
@@ -79,15 +87,43 @@ export interface RuntimeConfig {
   };
 }
 
-const configSchema = z.object({
+export interface LocalSecretPayload {
+  apiToken: string;
+  walletPrivateKey?: string;
+  llmApiKey?: string;
+}
+
+export interface SecureStoreFile {
+  version: 1;
+  algorithm: 'aes-256-gcm';
+  kdf: {
+    name: 'scrypt';
+    salt: string;
+    keyLength: 32;
+    cost: number;
+    blockSize: number;
+    parallelization: number;
+  };
+  iv: string;
+  ciphertext: string;
+  authTag: string;
+}
+
+export interface LoadConfigOptions {
+  getSecretPassword?: () => Promise<string>;
+}
+
+const providerEnum = z.enum(['openai', 'anthropic', 'google', 'deepseek', 'mistral', 'groq', 'together', 'ollama']);
+
+const runtimeSchema = z.object({
   agentId: z.string(),
   apiUrl: z.string().url(),
-  apiToken: z.string(),
+  apiToken: z.string().min(1),
   wallet: z.object({
-    privateKey: z.string(),
+    privateKey: z.string().regex(/^0x[a-fA-F0-9]{64}$/),
   }).optional(),
   llm: z.object({
-    provider: z.enum(['openai', 'anthropic', 'google', 'deepseek', 'mistral', 'groq', 'together', 'ollama']),
+    provider: providerEnum,
     model: z.string().optional(),
     apiKey: z.string().optional(),
     endpoint: z.string().optional(),
@@ -97,6 +133,11 @@ const configSchema = z.object({
   strategy: z.object({
     file: z.string().optional(),
     template: z.string().optional(),
+    prompt: z.object({
+      name: z.string().optional(),
+      systemPrompt: z.string().min(1),
+      venues: z.array(z.string()).optional(),
+    }).optional(),
   }),
   trading: z.object({
     mode: z.enum(['live', 'paper']).default('paper'),
@@ -156,23 +197,172 @@ const configSchema = z.object({
   }).optional(),
 });
 
-export function loadConfig(path: string = 'agent-config.json'): RuntimeConfig {
+const configFileSchema = z.object({
+  agentId: z.string(),
+  apiUrl: z.string().url(),
+  apiToken: z.string().min(1).optional(),
+  wallet: z.object({
+    privateKey: z.string().regex(/^0x[a-fA-F0-9]{64}$/),
+  }).optional(),
+  llm: z.object({
+    provider: providerEnum.optional(),
+    model: z.string().optional(),
+    apiKey: z.string().optional(),
+    endpoint: z.string().optional(),
+    temperature: z.number().min(0).max(2).optional(),
+    maxTokens: z.number().optional(),
+  }).default({}),
+  strategy: z.object({
+    file: z.string().optional(),
+    template: z.string().optional(),
+    prompt: z.object({
+      name: z.string().optional(),
+      systemPrompt: z.string().min(1),
+      venues: z.array(z.string()).optional(),
+    }).optional(),
+  }),
+  trading: runtimeSchema.shape.trading,
+  venues: runtimeSchema.shape.venues,
+  relay: runtimeSchema.shape.relay,
+  llmBudget: runtimeSchema.shape.llmBudget,
+  rpcOverrides: runtimeSchema.shape.rpcOverrides,
+  logging: runtimeSchema.shape.logging,
+  secrets: z.object({
+    bootstrapToken: z.string().optional(),
+    bootstrapExpiresAt: z.string().optional(),
+    secureStorePath: z.string().optional(),
+  }).optional(),
+});
+
+const secureStoreSchema = z.object({
+  version: z.literal(1),
+  algorithm: z.literal('aes-256-gcm'),
+  kdf: z.object({
+    name: z.literal('scrypt'),
+    salt: z.string(),
+    keyLength: z.literal(32),
+    cost: z.number().int().positive(),
+    blockSize: z.number().int().positive(),
+    parallelization: z.number().int().positive(),
+  }),
+  iv: z.string(),
+  ciphertext: z.string(),
+  authTag: z.string(),
+});
+
+export type RuntimeConfigFile = z.infer<typeof configFileSchema>;
+
+const DEFAULT_SCRYPT_COST = 32768;
+const DEFAULT_SCRYPT_BLOCK_SIZE = 8;
+const DEFAULT_SCRYPT_PARALLELIZATION = 1;
+
+function expandHomeDir(path: string): string {
+  if (!path.startsWith('~/')) return path;
+  return resolve(homedir(), path.slice(2));
+}
+
+export function getDefaultSecureStorePath(agentId: string): string {
+  return resolve(homedir(), '.exagent', 'agents', agentId, 'secrets.json');
+}
+
+export function readConfigFile(path: string = 'agent-config.json'): RuntimeConfigFile {
   if (!existsSync(path)) {
     throw new Error(`Config file not found: ${path}. Run 'exagent init' first.`);
   }
 
-  const raw = readFileSync(path, 'utf-8');
   let parsed: unknown;
-
   try {
-    parsed = JSON.parse(raw);
+    parsed = JSON.parse(readFileSync(path, 'utf-8'));
   } catch {
     throw new Error(`Invalid JSON in ${path}`);
   }
 
-  // Apply environment variable overrides
-  const config = parsed as Record<string, unknown>;
-  const llm = (config.llm || {}) as Record<string, unknown>;
+  const result = configFileSchema.safeParse(parsed);
+  if (!result.success) {
+    const issues = result.error.issues.map((issue) => `  ${issue.path.join('.')}: ${issue.message}`).join('\n');
+    throw new Error(`Invalid config file:\n${issues}`);
+  }
+
+  return result.data;
+}
+
+export function writeConfigFile(path: string, config: RuntimeConfigFile): void {
+  writeFileSync(path, JSON.stringify(config, null, 2));
+}
+
+export function encryptSecretPayload(payload: LocalSecretPayload, password: string): SecureStoreFile {
+  const salt = randomBytes(16);
+  const iv = randomBytes(12);
+  const key = scryptSync(password, salt, 32, {
+    N: DEFAULT_SCRYPT_COST,
+    r: DEFAULT_SCRYPT_BLOCK_SIZE,
+    p: DEFAULT_SCRYPT_PARALLELIZATION,
+  });
+
+  const cipher = createCipheriv('aes-256-gcm', key, iv);
+  const plaintext = Buffer.from(JSON.stringify(payload), 'utf8');
+  const ciphertext = Buffer.concat([cipher.update(plaintext), cipher.final()]);
+
+  return {
+    version: 1,
+    algorithm: 'aes-256-gcm',
+    kdf: {
+      name: 'scrypt',
+      salt: salt.toString('hex'),
+      keyLength: 32,
+      cost: DEFAULT_SCRYPT_COST,
+      blockSize: DEFAULT_SCRYPT_BLOCK_SIZE,
+      parallelization: DEFAULT_SCRYPT_PARALLELIZATION,
+    },
+    iv: iv.toString('hex'),
+    ciphertext: ciphertext.toString('hex'),
+    authTag: cipher.getAuthTag().toString('hex'),
+  };
+}
+
+export function decryptSecretPayload(path: string, password: string): LocalSecretPayload {
+  const secureStorePath = expandHomeDir(path);
+  if (!existsSync(secureStorePath)) {
+    throw new Error(`Encrypted secret store not found: ${secureStorePath}`);
+  }
+
+  let parsed: unknown;
+  try {
+    parsed = JSON.parse(readFileSync(secureStorePath, 'utf-8'));
+  } catch {
+    throw new Error(`Invalid JSON in encrypted secret store: ${secureStorePath}`);
+  }
+
+  const result = secureStoreSchema.safeParse(parsed);
+  if (!result.success) {
+    const issues = result.error.issues.map((issue) => `  ${issue.path.join('.')}: ${issue.message}`).join('\n');
+    throw new Error(`Invalid encrypted secret store:\n${issues}`);
+  }
+
+  const store = result.data;
+  const key = scryptSync(password, Buffer.from(store.kdf.salt, 'hex'), store.kdf.keyLength, {
+    N: store.kdf.cost,
+    r: store.kdf.blockSize,
+    p: store.kdf.parallelization,
+  });
+
+  try {
+    const decipher = createDecipheriv(store.algorithm, key, Buffer.from(store.iv, 'hex'));
+    decipher.setAuthTag(Buffer.from(store.authTag, 'hex'));
+    const plaintext = Buffer.concat([
+      decipher.update(Buffer.from(store.ciphertext, 'hex')),
+      decipher.final(),
+    ]);
+    return JSON.parse(plaintext.toString('utf8')) as LocalSecretPayload;
+  } catch {
+    throw new Error('Unable to decrypt local secret store. Check your password.');
+  }
+}
+
+export async function loadConfig(path: string = 'agent-config.json', options: LoadConfigOptions = {}): Promise<RuntimeConfig> {
+  const parsed = readConfigFile(path);
+  const config = structuredClone(parsed) as RuntimeConfigFile & Record<string, unknown>;
+  const llm = { ...(config.llm || {}) } as Record<string, unknown>;
 
   if (process.env.EXAGENT_LLM_PROVIDER) llm.provider = process.env.EXAGENT_LLM_PROVIDER;
   if (process.env.EXAGENT_LLM_MODEL) llm.model = process.env.EXAGENT_LLM_MODEL;
@@ -183,9 +373,24 @@ export function loadConfig(path: string = 'agent-config.json'): RuntimeConfig {
     config.wallet = { privateKey: process.env.EXAGENT_WALLET_PRIVATE_KEY };
   }
 
+  if ((!config.apiToken || !llm.apiKey || !config.wallet) && parsed.secrets?.secureStorePath) {
+    const password = process.env.EXAGENT_SECRET_PASSWORD || await options.getSecretPassword?.();
+    if (!password) {
+      throw new Error('Encrypted secret store found, but no password was provided.');
+    }
+
+    const secrets = decryptSecretPayload(parsed.secrets.secureStorePath, password);
+    if (!config.apiToken) config.apiToken = secrets.apiToken;
+    if (!config.wallet && secrets.walletPrivateKey) config.wallet = { privateKey: secrets.walletPrivateKey };
+    if (!llm.apiKey && secrets.llmApiKey) llm.apiKey = secrets.llmApiKey;
+  }
+
+  if ((!config.apiToken || !llm.apiKey || !config.wallet) && parsed.secrets?.bootstrapToken && !parsed.secrets?.secureStorePath) {
+    throw new Error(`Config ${path} still requires first-time secure setup. Run 'exagent setup --config ${path}' or start the agent interactively.`);
+  }
+
   config.llm = llm;
 
-  // Apply RPC endpoint overrides from environment
   const rpcOverrides: Record<string, string> = (config.rpcOverrides as Record<string, string>) || {};
   if (process.env.EXAGENT_RPC_BASE) rpcOverrides.base = process.env.EXAGENT_RPC_BASE;
   if (process.env.EXAGENT_RPC_ARBITRUM) rpcOverrides.arbitrum = process.env.EXAGENT_RPC_ARBITRUM;
@@ -195,9 +400,9 @@ export function loadConfig(path: string = 'agent-config.json'): RuntimeConfig {
     config.rpcOverrides = rpcOverrides;
   }
 
-  const result = configSchema.safeParse(config);
+  const result = runtimeSchema.safeParse(config);
   if (!result.success) {
-    const issues = result.error.issues.map(i => `  ${i.path.join('.')}: ${i.message}`).join('\n');
+    const issues = result.error.issues.map((issue) => `  ${issue.path.join('.')}: ${issue.message}`).join('\n');
     throw new Error(`Invalid config:\n${issues}`);
   }
 
@@ -205,18 +410,10 @@ export function loadConfig(path: string = 'agent-config.json'): RuntimeConfig {
 }
 
 export function generateSampleConfig(agentId: string, apiUrl: string): string {
-  const config = {
+  const config: RuntimeConfigFile = {
     agentId,
     apiUrl,
-    apiToken: '<your-jwt-token>',
-    wallet: {
-      privateKey: '<your-hex-private-key>',
-    },
-    llm: {
-      provider: 'openai',
-      model: 'gpt-4o',
-      apiKey: '<your-api-key>',
-    },
+    llm: {},
     strategy: {
       template: 'momentum',
     },
@@ -266,6 +463,9 @@ export function generateSampleConfig(agentId: string, apiUrl: string): string {
       heartbeatIntervalMs: 30000,
       reconnectMaxAttempts: 50,
     },
+    secrets: {
+      secureStorePath: getDefaultSecureStorePath(agentId),
+    },
   };
 
   return JSON.stringify(config, null, 2);

package/src/setup.ts

@@ -0,0 +1,233 @@
+import { chmodSync, existsSync, mkdirSync, writeFileSync } from 'node:fs';
+import { homedir } from 'node:os';
+import { dirname, resolve } from 'node:path';
+import { createInterface } from 'node:readline/promises';
+import { stdin as input, stdout as output } from 'node:process';
+import { generatePrivateKey, privateKeyToAccount } from 'viem/accounts';
+import {
+  encryptSecretPayload,
+  getDefaultSecureStorePath,
+  readConfigFile,
+  type LocalSecretPayload,
+  type RuntimeConfigFile,
+  writeConfigFile,
+} from './config.js';
+
+interface BootstrapPayload {
+  apiToken: string;
+  walletPrivateKey?: string;
+  llm?: {
+    provider?: string;
+    model?: string;
+    apiKey?: string;
+  };
+}
+
+function expandHomeDir(path: string): string {
+  if (!path.startsWith('~/')) return path;
+  return resolve(homedir(), path.slice(2));
+}
+
+async function prompt(question: string): Promise<string> {
+  const rl = createInterface({ input, output });
+  try {
+    return (await rl.question(question)).trim();
+  } finally {
+    rl.close();
+  }
+}
+
+async function promptSecret(question: string): Promise<string> {
+  const rl = createInterface({ input, output, terminal: true }) as ReturnType<typeof createInterface> & {
+    stdoutMuted?: boolean;
+    _writeToOutput?: (text: string) => void;
+  };
+  rl.stdoutMuted = true;
+  const originalWrite = rl._writeToOutput?.bind(rl);
+  rl._writeToOutput = (text: string) => {
+    if (!rl.stdoutMuted) {
+      originalWrite?.(text);
+    }
+  };
+
+  try {
+    const answer = (await rl.question(question)).trim();
+    output.write('\n');
+    return answer;
+  } finally {
+    rl.close();
+  }
+}
+
+export async function promptSecretPassword(question: string = 'Device password: '): Promise<string> {
+  return promptSecret(question);
+}
+
+async function promptPasswordWithConfirmation(): Promise<string> {
+  output.write('\n');
+  output.write('Important: this password encrypts the local wallet key, relay token, and agent LLM key for this device.\n');
+  output.write('If you lose this password and the agent wallet holds funds, those funds cannot be recovered.\n\n');
+
+  const ack = await prompt('Type "I UNDERSTAND" to continue: ');
+  if (ack !== 'I UNDERSTAND') {
+    throw new Error('Secure setup aborted');
+  }
+
+  while (true) {
+    const password = await promptSecret('Create a device password (min 12 chars): ');
+    if (password.length < 12) {
+      output.write('Password must be at least 12 characters.\n');
+      continue;
+    }
+
+    const confirm = await promptSecret('Confirm device password: ');
+    if (password !== confirm) {
+      output.write('Passwords did not match. Try again.\n');
+      continue;
+    }
+
+    return password;
+  }
+}
+
+async function promptWalletPrivateKey(): Promise<string> {
+  while (true) {
+    const choice = (await prompt('Wallet setup — [1] generate new wallet locally, [2] use existing private key: ')).trim();
+    if (choice === '1') {
+      const privateKey = generatePrivateKey();
+      const address = privateKeyToAccount(privateKey).address;
+      output.write(`Generated wallet address: ${address}\n`);
+      return privateKey;
+    }
+
+    if (choice === '2') {
+      const privateKey = await promptSecret('Wallet private key (0x...): ');
+      if (/^0x[a-fA-F0-9]{64}$/.test(privateKey)) {
+        return privateKey;
+      }
+      output.write('Invalid private key. Expected a 32-byte hex string prefixed with 0x.\n');
+      continue;
+    }
+
+    output.write('Enter 1 or 2.\n');
+  }
+}
+
+async function promptLlmProvider(): Promise<string> {
+  while (true) {
+    const provider = (await prompt('Agent LLM provider (openai/anthropic/google/deepseek/mistral/groq/together/ollama): ')).toLowerCase();
+    if (['openai', 'anthropic', 'google', 'deepseek', 'mistral', 'groq', 'together', 'ollama'].includes(provider)) {
+      return provider;
+    }
+    output.write('Unsupported provider.\n');
+  }
+}
+
+async function consumeBootstrapPackage(config: RuntimeConfigFile): Promise<BootstrapPayload> {
+  if (!config.secrets?.bootstrapToken) {
+    return { apiToken: '' };
+  }
+
+  const res = await fetch(`${config.apiUrl}/v1/agents/bootstrap/consume`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({
+      agentId: config.agentId,
+      token: config.secrets.bootstrapToken,
+    }),
+  });
+
+  if (!res.ok) {
+    const body = await res.text();
+    throw new Error(`Failed to consume secure setup package: ${body}`);
+  }
+
+  const data = await res.json() as { payload: BootstrapPayload };
+  return data.payload;
+}
+
+async function buildLocalSecrets(config: RuntimeConfigFile, bootstrapPayload: BootstrapPayload): Promise<{ config: RuntimeConfigFile; secrets: LocalSecretPayload }> {
+  const nextConfig = structuredClone(config);
+  const llm = { ...(nextConfig.llm || {}) };
+
+  if (bootstrapPayload.llm?.provider && !llm.provider) {
+    llm.provider = bootstrapPayload.llm.provider as RuntimeConfigFile['llm']['provider'];
+  }
+  if (bootstrapPayload.llm?.model && !llm.model) {
+    llm.model = bootstrapPayload.llm.model;
+  }
+
+  if (!llm.provider) {
+    llm.provider = await promptLlmProvider() as RuntimeConfigFile['llm']['provider'];
+  }
+  if (!llm.model) {
+    llm.model = await prompt('Agent LLM model: ');
+    if (!llm.model) {
+      throw new Error('Agent LLM model is required');
+    }
+  }
+
+  const secrets: LocalSecretPayload = {
+    apiToken: bootstrapPayload.apiToken || nextConfig.apiToken || await promptSecret('Agent relay token: '),
+    walletPrivateKey: bootstrapPayload.walletPrivateKey || nextConfig.wallet?.privateKey || await promptWalletPrivateKey(),
+    llmApiKey: bootstrapPayload.llm?.apiKey || nextConfig.llm.apiKey || await promptSecret('Agent LLM API key: '),
+  };
+
+  if (!secrets.apiToken) {
+    throw new Error('Agent relay token is required');
+  }
+
+  nextConfig.llm = llm;
+  delete nextConfig.apiToken;
+  delete nextConfig.wallet;
+  delete nextConfig.llm.apiKey;
+
+  return { config: nextConfig, secrets };
+}
+
+function writeSecureStore(path: string, secrets: LocalSecretPayload, password: string): string {
+  const secureStorePath = expandHomeDir(path);
+  const encrypted = encryptSecretPayload(secrets, password);
+  const dir = dirname(secureStorePath);
+  if (!existsSync(dir)) {
+    mkdirSync(dir, { recursive: true, mode: 0o700 });
+  }
+  writeFileSync(secureStorePath, JSON.stringify(encrypted, null, 2), { mode: 0o600 });
+  try {
+    chmodSync(secureStorePath, 0o600);
+  } catch {
+    // Best effort only — some platforms ignore chmod semantics.
+  }
+  return secureStorePath;
+}
+
+export async function ensureLocalSetup(configPath: string): Promise<void> {
+  const config = readConfigFile(configPath);
+  const existingSecureStorePath = config.secrets?.secureStorePath ? expandHomeDir(config.secrets.secureStorePath) : null;
+  if (
+    existingSecureStorePath &&
+    !config.secrets?.bootstrapToken &&
+    existsSync(existingSecureStorePath) &&
+    !config.apiToken &&
+    !config.wallet?.privateKey &&
+    !config.llm.apiKey
+  ) {
+    return;
+  }
+
+  const bootstrapPayload = await consumeBootstrapPackage(config);
+  const { config: nextConfig, secrets } = await buildLocalSecrets(config, bootstrapPayload);
+  const password = await promptPasswordWithConfirmation();
+  const secureStorePath = writeSecureStore(
+    nextConfig.secrets?.secureStorePath || getDefaultSecureStorePath(nextConfig.agentId),
+    secrets,
+    password,
+  );
+
+  nextConfig.secrets = {
+    secureStorePath,
+  };
+
+  writeConfigFile(configPath, nextConfig);
+  output.write(`Encrypted local secret store created at ${secureStorePath}\n`);
+}

package/src/strategy/loader.ts

@@ -1,16 +1,44 @@
 import { existsSync } from 'node:fs';
 import { resolve } from 'node:path';
+import { z } from 'zod';
 import type { StrategyFunction, StrategyContext, TradeSignal } from '@exagent/sdk';
 import { getTemplate } from './templates.js';
 
+const promptSignalSchema = z.object({
+  symbol: z.string().min(1),
+  side: z.enum(['buy', 'sell', 'long', 'short']),
+  confidence: z.number().min(0).max(1).optional(),
+  reasoning: z.string().optional(),
+  venue: z.string().optional(),
+  chain: z.string().optional(),
+  size: z.number().positive().optional(),
+  price: z.number().positive().optional(),
+  fee: z.number().min(0).optional(),
+  venueFillId: z.string().optional(),
+  venueTimestamp: z.string().optional(),
+  leverage: z.number().positive().optional(),
+  orderType: z.string().optional(),
+});
+
+const promptSignalArraySchema = z.array(promptSignalSchema);
+
 export async function loadStrategy(config: {
   file?: string;
   template?: string;
+  prompt?: {
+    name?: string;
+    systemPrompt: string;
+    venues?: string[];
+  };
 }): Promise<StrategyFunction> {
   if (config.file) {
     return loadFromFile(config.file);
   }
 
+  if (config.prompt) {
+    return loadFromPrompt(config.prompt);
+  }
+
   if (config.template) {
     const template = getTemplate(config.template);
     if (!template) {
@@ -51,6 +79,76 @@ async function loadFromCode(code: string): Promise<StrategyFunction> {
   return fn;
 }
 
+function loadFromPrompt(config: {
+  name?: string;
+  systemPrompt: string;
+  venues?: string[];
+}): StrategyFunction {
+  return async (context: StrategyContext): Promise<TradeSignal[]> => {
+    const prices = context.market.getPrices();
+    const positions = context.position.openPositions.map((position) => ({
+      token: position.token,
+      quantity: position.quantity,
+      costBasisPerUnit: position.costBasisPerUnit,
+      venue: position.venue,
+      chain: position.chain,
+    }));
+
+    const response = await context.llm.chat([
+      { role: 'system', content: config.systemPrompt },
+      {
+        role: 'user',
+        content: [
+          `Strategy: ${config.name || 'Prompt Strategy'}`,
+          `Allowed venues: ${(config.venues || []).join(', ') || 'any'}`,
+          `Current prices: ${JSON.stringify(prices)}`,
+          `Open positions: ${JSON.stringify(positions)}`,
+          `Risk config: ${JSON.stringify(context.config)}`,
+          'Return ONLY a JSON array of trade signals.',
+        ].join('\n'),
+      },
+    ]);
+
+    const match = response.content.match(/\[[\s\S]*\]/);
+    if (!match) {
+      context.log('Prompt strategy returned a non-JSON response; no signals emitted.');
+      return [];
+    }
+
+    try {
+      const parsed = promptSignalArraySchema.parse(JSON.parse(match[0]));
+      const signals: TradeSignal[] = [];
+      for (const signal of parsed) {
+        const price = signal.price ?? prices[signal.symbol.toUpperCase()];
+        if (!price || price <= 0) {
+          context.log(`Prompt strategy skipped ${signal.symbol}: no usable price in response or market cache.`);
+          continue;
+        }
+
+        signals.push({
+          symbol: signal.symbol,
+          side: signal.side,
+          confidence: signal.confidence ?? 0.5,
+          reasoning: signal.reasoning,
+          venue: signal.venue || config.venues?.[0] || 'manual',
+          chain: signal.chain,
+          size: signal.size ?? 1,
+          price,
+          fee: signal.fee ?? 0,
+          venueFillId: signal.venueFillId ?? '',
+          venueTimestamp: signal.venueTimestamp ?? new Date().toISOString(),
+          leverage: signal.leverage,
+          orderType: signal.orderType,
+        });
+      }
+      return signals;
+    } catch (err) {
+      context.log(`Prompt strategy parse failed: ${(err as Error).message}`);
+      return [];
+    }
+  };
+}
+
 const holdStrategy: StrategyFunction = async (_context: StrategyContext): Promise<TradeSignal[]> => {
   return []; // No trades — hold position
 };