@exagent/agent 0.2.1 → 0.3.1

package/src/runtime.ts

@@ -26,6 +26,7 @@ import { getLogger, configureLogger } from './logger.js';
 import type { LogLevel } from './logger.js';
 import { DiagnosticsCollector } from './diagnostics.js';
 import type { CycleTimings } from './diagnostics.js';
+import { scrubSecrets } from './scrub-secrets.js';
 
 // Hyperliquid
 import { HyperliquidClient } from './perp/client.js';
@@ -49,7 +50,10 @@ import type { SpotConfig } from './spot/types.js';
 import { BridgeManager } from './bridge/bridge-manager.js';
 import type { BridgeConfig } from './bridge/types.js';
 
-const SDK_VERSION = '0.1.0';
+import { createRequire } from 'module';
+const _require = createRequire(import.meta.url);
+let SDK_VERSION = '0.3.0';
+try { SDK_VERSION = _require('../package.json').version; } catch {}
 
 /** Number of consecutive cycle failures before switching to idle */
 const MAX_CONSECUTIVE_FAILURES = 3;
@@ -121,18 +125,7 @@ export class AgentRuntime {
 
     this.diagnostics = new DiagnosticsCollector();
     this.llm = createLLMAdapter(config.llm);
-
-    // Apply LLM daily token budget if configured
-    if (config.llmBudget?.maxDailyTokens && this.llm instanceof BaseLLMAdapter) {
-      this.llm.setMaxDailyTokens(config.llmBudget.maxDailyTokens);
-    }
-
-    // Wire LLM call recording into diagnostics
-    if (this.llm instanceof BaseLLMAdapter) {
-      this.llm.setCallRecordCallback((record) => {
-        this.diagnostics.recordLLMCall(record);
-      });
-    }
+    this.configureLLMAdapter(this.llm);
 
     this.relay = new RelayClient({
       url: config.relay.url,
@@ -236,6 +229,258 @@ export class AgentRuntime {
     process.exit(0);
   }
 
+  private configureLLMAdapter(adapter: LLMAdapter): void {
+    if (this.config.llmBudget?.maxDailyTokens && adapter instanceof BaseLLMAdapter) {
+      adapter.setMaxDailyTokens(this.config.llmBudget.maxDailyTokens);
+    }
+
+    if (adapter instanceof BaseLLMAdapter) {
+      adapter.setCallRecordCallback((record) => {
+        this.diagnostics.recordLLMCall(record);
+      });
+    }
+  }
+
+  private teardownVenues(): void {
+    if (this.hlWs) {
+      this.hlWs.disconnect();
+    }
+
+    this.hlWs = null;
+    this.hlClient = null;
+    this.hlSigner = null;
+    this.hlOrders = null;
+    this.hlPositions = null;
+    this.pmClient = null;
+    this.pmOrders = null;
+    this.spotManager = null;
+    this.bridgeManager = null;
+    this.walletAddress = null;
+  }
+
+  private async waitForCycleCompletion(timeoutMs: number = 30000): Promise<void> {
+    let waitedMs = 0;
+    while (this.cycleInProgress && waitedMs < timeoutMs) {
+      await new Promise((resolve) => setTimeout(resolve, 100));
+      waitedMs += 100;
+    }
+  }
+
+  private getConfiguredSpotVenue(): 'aerodrome' | 'uniswap' {
+    return this.config.venues?.spot?.defaultChain === 'base' ? 'aerodrome' : 'uniswap';
+  }
+
+  private normalizeVenueForExecution(venue?: string): string | undefined {
+    if (!venue) return undefined;
+
+    if (venue === 'hyperliquid_spot') {
+      return this.getConfiguredSpotVenue();
+    }
+
+    if (venue === 'sushiswap') {
+      return 'uniswap';
+    }
+
+    return venue;
+  }
+
+  private isVenueConfigured(venue: string): boolean {
+    const normalized = this.normalizeVenueForExecution(venue) ?? venue;
+
+    switch (normalized) {
+      case 'hyperliquid_perp':
+      case 'hyperliquid_deposit':
+      case 'hyperliquid_withdraw':
+        return this.config.venues?.hyperliquid_perp?.enabled === true;
+      case 'polymarket':
+        return this.config.venues?.polymarket?.enabled === true;
+      case 'uniswap':
+      case 'aerodrome':
+        return this.config.venues?.spot?.enabled === true;
+      case 'across':
+        return this.config.venues?.bridge?.enabled === true;
+      default:
+        return false;
+    }
+  }
+
+  private canExecuteVenue(venue: string): boolean {
+    const normalized = this.normalizeVenueForExecution(venue) ?? venue;
+    if (!this.isVenueConfigured(normalized)) {
+      return false;
+    }
+
+    if (this.paper) {
+      return true;
+    }
+
+    switch (normalized) {
+      case 'hyperliquid_perp':
+      case 'hyperliquid_deposit':
+      case 'hyperliquid_withdraw':
+        return !!this.hlOrders || !!this.hlSigner;
+      case 'polymarket':
+        return !!this.pmOrders;
+      case 'uniswap':
+      case 'aerodrome':
+        return !!this.spotManager;
+      case 'across':
+        return !!this.bridgeManager;
+      default:
+        return false;
+    }
+  }
+
+  private getPreferredExecutionVenues(): string[] {
+    const preferred = [
+      ...(this.config.strategy.venues ?? []),
+      ...(this.config.strategy.prompt?.venues ?? []),
+    ];
+
+    const normalized = preferred
+      .map((venue) => this.normalizeVenueForExecution(venue))
+      .filter((venue): venue is string => Boolean(venue));
+
+    const fallback: string[] = [];
+    if (this.config.venues?.hyperliquid_perp?.enabled) fallback.push('hyperliquid_perp');
+    if (this.config.venues?.polymarket?.enabled) fallback.push('polymarket');
+    if (this.config.venues?.spot?.enabled) fallback.push(this.getConfiguredSpotVenue());
+    if (this.config.venues?.bridge?.enabled) fallback.push('across');
+
+    return [...new Set([...normalized, ...fallback])];
+  }
+
+  private buildRuntimeVenuesFromSelection(selectedVenues: string[]): NonNullable<RuntimeConfig['venues']> {
+    const selected = new Set(selectedVenues);
+    const current = this.config.venues ?? {};
+    const spotEnabled = selectedVenues.some((venue) => ['hyperliquid_spot', 'uniswap', 'aerodrome', 'sushiswap'].includes(venue));
+    const multiChainSpot = selected.has('uniswap') || selected.has('sushiswap');
+    const defaultSpotChains = multiChainSpot
+      ? ['base', 'ethereum', 'arbitrum', 'polygon']
+      : ['base'];
+
+    return {
+      hyperliquid_perp: {
+        enabled: selected.has('hyperliquid_perp'),
+        apiUrl: current.hyperliquid_perp?.apiUrl ?? 'https://api.hyperliquid.xyz',
+        wsUrl: current.hyperliquid_perp?.wsUrl ?? 'wss://api.hyperliquid.xyz/ws',
+        maxLeverage: current.hyperliquid_perp?.maxLeverage ?? 10,
+        maxNotionalUSD: current.hyperliquid_perp?.maxNotionalUSD ?? 50000,
+        allowedInstruments: current.hyperliquid_perp?.allowedInstruments,
+      },
+      polymarket: {
+        enabled: selected.has('polymarket'),
+        clobApiUrl: current.polymarket?.clobApiUrl ?? 'https://clob.polymarket.com',
+        gammaApiUrl: current.polymarket?.gammaApiUrl ?? 'https://gamma-api.polymarket.com',
+        maxNotionalUSD: current.polymarket?.maxNotionalUSD ?? 1000,
+        maxTotalExposureUSD: current.polymarket?.maxTotalExposureUSD ?? 5000,
+        allowedCategories: current.polymarket?.allowedCategories,
+      },
+      spot: {
+        enabled: spotEnabled,
+        chains: current.spot?.chains?.length ? Array.from(new Set([...defaultSpotChains, ...current.spot.chains])) : defaultSpotChains,
+        defaultChain: current.spot?.defaultChain ?? 'base',
+        maxSlippageBps: current.spot?.maxSlippageBps ?? this.config.trading.maxSlippageBps,
+        maxSwapValueUSD: current.spot?.maxSwapValueUSD ?? 10000,
+      },
+      bridge: {
+        enabled: selected.has('across'),
+        defaultBridge: current.bridge?.defaultBridge ?? 'across',
+        maxBridgeValueUSD: current.bridge?.maxBridgeValueUSD ?? 10000,
+        fillTimeoutMs: current.bridge?.fillTimeoutMs ?? 300000,
+        pollIntervalMs: current.bridge?.pollIntervalMs ?? 2000,
+      },
+    };
+  }
+
+  private buildStrategyFallbackPrompt(strategy: {
+    name?: string;
+    description?: string;
+    category?: string;
+    venues?: string[];
+  }): string {
+    const name = strategy.name?.trim() || 'Dashboard Strategy';
+    const description = strategy.description?.trim();
+    const category = strategy.category?.trim();
+    const venues = strategy.venues?.length ? strategy.venues.join(', ') : 'any';
+
+    return [
+      `You are the "${name}" trading agent.`,
+      category ? `Strategy category: ${category}.` : null,
+      description
+        ? `Strategy description: ${description}`
+        : 'Strategy description: follow the owner-configured strategy exactly and do not improvise outside it.',
+      `Allowed venues: ${venues}.`,
+      'Stay inside the owner-configured scope. If the setup is unclear or the trade does not fit, return no trades.',
+      'Return ONLY a JSON array of trade signals.',
+    ].filter((line): line is string => Boolean(line)).join('\n');
+  }
+
+  private extractStrategyConfigFromAgentConfig(cfg: Record<string, unknown>): RuntimeConfig['strategy'] {
+    const rawStrategy = cfg.strategy as Record<string, unknown> | undefined;
+    if (!rawStrategy) {
+      return { template: 'hold' };
+    }
+
+    const venues = Array.isArray(rawStrategy.venues)
+      ? rawStrategy.venues.filter((venue): venue is string => typeof venue === 'string')
+      : undefined;
+
+    if (typeof rawStrategy.file === 'string' && rawStrategy.file.trim()) {
+      return { file: rawStrategy.file, venues };
+    }
+
+    if (typeof rawStrategy.code === 'string' && rawStrategy.code.trim()) {
+      return { code: rawStrategy.code, venues };
+    }
+
+    if (typeof rawStrategy.systemPrompt === 'string' && rawStrategy.systemPrompt.trim()) {
+      return {
+        venues,
+        prompt: {
+          name: typeof rawStrategy.name === 'string' ? rawStrategy.name : undefined,
+          systemPrompt: rawStrategy.systemPrompt,
+          venues,
+        },
+      };
+    }
+
+    if (typeof rawStrategy.template === 'string' && rawStrategy.template.trim()) {
+      return {
+        template: rawStrategy.template,
+        venues,
+      };
+    }
+
+    return {
+      venues,
+      prompt: {
+        name: typeof rawStrategy.name === 'string' ? rawStrategy.name : undefined,
+        systemPrompt: this.buildStrategyFallbackPrompt({
+          name: typeof rawStrategy.name === 'string' ? rawStrategy.name : undefined,
+          description: typeof rawStrategy.description === 'string' ? rawStrategy.description : undefined,
+          category: typeof rawStrategy.category === 'string' ? rawStrategy.category : undefined,
+          venues,
+        }),
+        venues,
+      },
+    };
+  }
+
+  private async applyExecutionMode(): Promise<void> {
+    if (this.config.trading.mode === 'paper') {
+      this.teardownVenues();
+      if (!this.paper) {
+        this.paper = new PaperExecutor(this.config.trading.initialCapitalUSD ?? 10000);
+      }
+      return;
+    }
+
+    this.paper = null;
+    this.teardownVenues();
+    await this.initializeVenues();
+  }
+
   // ── VENUE INITIALIZATION ───────────────────────────────────
 
   private async initializeVenues(): Promise<void> {
@@ -476,8 +721,9 @@ export class AgentRuntime {
         store: this.store,
         config: this.config.trading,
         log: (msg: string) => {
-          log.info('strategy', msg);
-          this.signal.reportInfo('Strategy Log', msg);
+          const safe = scrubSecrets(msg);
+          log.info('strategy', safe);
+          this.signal.reportInfo('Strategy Log', safe);
         },
       });
       timings.strategyMs = Date.now() - strategyStart;
@@ -598,11 +844,20 @@ export class AgentRuntime {
   // ── SIGNAL EXECUTION ───────────────────────────────────────
 
   private async executeSignal(sig: TradeSignal): Promise<void> {
-    const venue = sig.venue;
+    const venue = sig.venue ? this.normalizeVenueForExecution(sig.venue) ?? sig.venue : sig.venue;
+    const signal = venue && venue !== sig.venue
+      ? { ...sig, venue }
+      : sig;
+
+    if (signal.venue && !this.isVenueConfigured(signal.venue)) {
+      getLogger().warn('runtime', `Venue "${signal.venue}" is not enabled in config — signal dropped`, { symbol: signal.symbol });
+      this.signal.reportInfo('Signal Dropped', `${signal.symbol}: venue ${signal.venue} is not enabled in this agent config.`);
+      return;
+    }
 
     if (this.paper) {
       // Paper trading
-      const trade = this.paper.execute(sig, this.market);
+      const trade = this.paper.execute(signal, this.market);
       if (trade) {
         // Record realized PnL for daily loss circuit breaker
         this.risk.recordTrade(trade.pnl ?? 0, trade.fee);
@@ -613,7 +868,7 @@ export class AgentRuntime {
         }
 
         this.signal.reportTrade({
-          ...sig,
+          ...signal,
           price: trade.entryPrice,
           fee: trade.fee,
           venue: trade.venue,
@@ -626,17 +881,17 @@ export class AgentRuntime {
 
     // Live trading — route to venue
     if (venue === 'hyperliquid_perp' && this.hlOrders) {
-      await this.executeHyperliquidSignal(sig);
+      await this.executeHyperliquidSignal(signal);
     } else if (venue === 'polymarket' && this.pmOrders) {
-      await this.executePolymarketSignal(sig);
-    } else if ((venue === 'uniswap' || venue === 'aerodrome' || venue === 'sushiswap') && this.spotManager) {
-      await this.executeSpotSignal(sig);
+      await this.executePolymarketSignal(signal);
+    } else if ((venue === 'uniswap' || venue === 'aerodrome' || venue === 'hyperliquid_spot') && this.spotManager) {
+      await this.executeSpotSignal(signal);
     } else if (venue === 'across' && this.bridgeManager) {
-      await this.executeBridgeSignal(sig);
+      await this.executeBridgeSignal(signal);
     } else if (venue === 'hyperliquid_deposit' && this.hlSigner) {
-      await this.executeHyperliquidDeposit(sig);
+      await this.executeHyperliquidDeposit(signal);
     } else if (venue === 'hyperliquid_withdraw' && this.hlSigner) {
-      await this.executeHyperliquidWithdraw(sig);
+      await this.executeHyperliquidWithdraw(signal);
     } else {
       getLogger().warn('runtime', `No executor for venue "${venue}" — signal dropped`, { symbol: sig.symbol });
     }
@@ -685,14 +940,15 @@ export class AgentRuntime {
     if (!result.venueFillId) result.venueFillId = '';
     if (!result.venueTimestamp) result.venueTimestamp = '';
 
-    // Infer venue from config if missing
+    if (result.venue) {
+      result.venue = this.normalizeVenueForExecution(result.venue) ?? result.venue;
+    }
+
+    // Infer venue from the current strategy + enabled venue config if missing
     if (!result.venue) {
-      if (this.hlOrders) {
-        result.venue = 'hyperliquid_perp';
-      } else if (this.pmOrders) {
-        result.venue = 'polymarket';
-      } else if (this.spotManager) {
-        result.venue = this.config.venues?.spot?.defaultChain === 'base' ? 'aerodrome' : 'uniswap';
+      const candidates = this.getPreferredExecutionVenues().filter((venue) => this.canExecuteVenue(venue));
+      if (candidates.length > 0) {
+        result.venue = candidates[0];
       }
     }
 
@@ -773,7 +1029,12 @@ export class AgentRuntime {
     if (!this.spotManager) return;
 
     const chain = sig.chain ?? this.config.venues?.spot?.defaultChain ?? 'base';
-    const dex = sig.venue === 'aerodrome' ? 'aerodrome' : 'uniswap';
+    const routedVenue = this.normalizeVenueForExecution(sig.venue) ?? this.getConfiguredSpotVenue();
+    const dex = routedVenue === 'aerodrome' ? 'aerodrome' : 'uniswap';
+
+    if (sig.venue === 'hyperliquid_spot') {
+      getLogger().info('venue', 'Routing hyperliquid_spot signal through configured spot executor', { routedAs: dex, chain });
+    }
 
     // For spot, the symbol format is "TOKENIN/TOKENOUT" (e.g., "ETH/USDC")
     const parts = sig.symbol.split('/');
@@ -1162,6 +1423,15 @@ export class AgentRuntime {
       const agent = await res.json() as { config?: Record<string, unknown> };
       if (agent.config) {
         const cfg = agent.config as Record<string, unknown>;
+        const previousMode = this.mode;
+
+        if (this.tradingInterval) {
+          clearInterval(this.tradingInterval);
+          this.tradingInterval = null;
+        }
+
+        await this.waitForCycleCompletion();
+
         // Update risk params if present
         const risk = cfg.risk as Record<string, unknown> | undefined;
         if (risk) {
@@ -1179,10 +1449,73 @@ export class AgentRuntime {
           if (typeof risk.tradingIntervalSec === 'number') {
             this.config.trading.tradingIntervalMs = risk.tradingIntervalSec * 1000;
           }
+          if (typeof risk.minTradeValueUSD === 'number') {
+            this.config.trading.minTradeValueUSD = risk.minTradeValueUSD;
+            updates.minTradeValueUSD = risk.minTradeValueUSD;
+          }
           if (Object.keys(updates).length > 0) {
             this.risk.updateParams(updates);
           }
         }
+
+        if (typeof cfg.paperTrading === 'boolean') {
+          this.config.trading.mode = cfg.paperTrading ? 'paper' : 'live';
+        }
+
+        const llm = cfg.llm as Record<string, unknown> | undefined;
+        if (llm) {
+          let llmChanged = false;
+          const nextLlm = { ...this.config.llm };
+
+          if (typeof llm.provider === 'string' && llm.provider !== nextLlm.provider) {
+            nextLlm.provider = llm.provider as RuntimeConfig['llm']['provider'];
+            llmChanged = true;
+          }
+          if (typeof llm.model === 'string' && llm.model !== nextLlm.model) {
+            nextLlm.model = llm.model;
+            llmChanged = true;
+          }
+          if (typeof llm.endpoint === 'string' && llm.endpoint !== nextLlm.endpoint) {
+            nextLlm.endpoint = llm.endpoint;
+            llmChanged = true;
+          }
+          if (typeof llm.temperature === 'number' && llm.temperature !== nextLlm.temperature) {
+            nextLlm.temperature = llm.temperature;
+            llmChanged = true;
+          }
+          if (typeof llm.maxTokens === 'number' && llm.maxTokens !== nextLlm.maxTokens) {
+            nextLlm.maxTokens = llm.maxTokens;
+            llmChanged = true;
+          }
+
+          if (llmChanged) {
+            this.config.llm = nextLlm;
+            this.llm = createLLMAdapter(this.config.llm);
+            this.configureLLMAdapter(this.llm);
+          }
+        }
+
+        if (Array.isArray(cfg.venues)) {
+          const selectedVenues = cfg.venues.filter((venue): venue is string => typeof venue === 'string');
+          this.config.venues = this.buildRuntimeVenuesFromSelection(selectedVenues);
+        }
+
+        const nextStrategyConfig = this.extractStrategyConfigFromAgentConfig(cfg);
+        const nextStrategy = await loadStrategy(nextStrategyConfig);
+        this.config.strategy = nextStrategyConfig;
+        this.strategy = nextStrategy;
+        await this.applyExecutionMode();
+
+        if (previousMode === 'trading' || previousMode === 'paper') {
+          this.startTrading();
+        } else if (previousMode === 'paused') {
+          this.modeBeforePause = this.config.trading.mode === 'paper' ? 'paper' : 'trading';
+          this.mode = 'paused';
+        } else {
+          this.mode = 'idle';
+          this.modeBeforePause = null;
+        }
+
         getLogger().info('runtime', 'Config reloaded from API');
         this.sendStatus();
       }
@@ -1359,19 +1692,19 @@ export class AgentRuntime {
       },
       venues: {
         hyperliquid: {
-          enabled: !!this.hlClient,
+          enabled: this.config.venues?.hyperliquid_perp?.enabled === true,
           trading: !!this.hlOrders && (this.mode === 'trading' || this.mode === 'paused'),
         },
         polymarket: {
-          enabled: !!this.pmClient,
+          enabled: this.config.venues?.polymarket?.enabled === true,
           trading: !!this.pmOrders && (this.mode === 'trading' || this.mode === 'paused'),
         },
         spot: {
-          enabled: !!this.spotManager,
+          enabled: this.config.venues?.spot?.enabled === true,
           trading: !!this.spotManager && (this.mode === 'trading' || this.mode === 'paused'),
         },
         bridge: {
-          enabled: !!this.bridgeManager,
+          enabled: this.config.venues?.bridge?.enabled === true,
         },
       },
     };

package/src/scrub-secrets.ts

@@ -0,0 +1,39 @@
+/**
+ * Secret scrubbing utility — defense-in-depth protection against LLM responses
+ * or log messages accidentally containing API keys, private keys, or tokens.
+ *
+ * Applied to:
+ * - LLM response content before parsing (strategy/loader.ts)
+ * - Strategy log output (runtime.ts context.log)
+ */
+
+const SECRET_PATTERNS: Array<{ pattern: RegExp; label: string }> = [
+  // OpenAI API keys
+  { pattern: /sk-[a-zA-Z0-9]{20,}/g, label: '[REDACTED:openai-key]' },
+  // Anthropic API keys
+  { pattern: /sk-ant-[a-zA-Z0-9_-]{20,}/g, label: '[REDACTED:anthropic-key]' },
+  // Google API keys
+  { pattern: /AIza[a-zA-Z0-9_-]{35}/g, label: '[REDACTED:google-key]' },
+  // Private keys (64 hex chars after 0x)
+  { pattern: /0x[a-fA-F0-9]{64}/g, label: '[REDACTED:private-key]' },
+  // Agent tokens
+  { pattern: /exg_[a-fA-F0-9]{64}/g, label: '[REDACTED:agent-token]' },
+  // Bootstrap tokens
+  { pattern: /exb_[a-fA-F0-9]{64}/g, label: '[REDACTED:bootstrap-token]' },
+  // Generic long bearer tokens (base64-ish, 40+ chars)
+  { pattern: /Bearer\s+[A-Za-z0-9_-]{40,}/g, label: '[REDACTED:bearer-token]' },
+];
+
+/**
+ * Scrub known secret patterns from text. Returns the scrubbed string.
+ * Safe to call on any text — if no patterns match, returns the original unchanged.
+ */
+export function scrubSecrets(text: string): string {
+  let result = text;
+  for (const { pattern, label } of SECRET_PATTERNS) {
+    // Reset lastIndex for global regexes
+    pattern.lastIndex = 0;
+    result = result.replace(pattern, label);
+  }
+  return result;
+}