@ibidathoillah/indodax-cli 0.1.21

package/README.md

@@ -0,0 +1,388 @@
+# indodax-cli
+
+Unofficial Rust CLI for Indodax. Use it to inspect markets, manage account data, place spot orders, stream live WebSocket events, run paper trading and price alerts, and expose the same command surface to agents through MCP.
+
+[![Rust](https://img.shields.io/badge/Rust-2021-000000?logo=rust)](https://www.rust-lang.org/)
+[![CLI](https://img.shields.io/badge/interface-terminal-2f855a)](#quick-start)
+[![WebSocket](https://img.shields.io/badge/websocket-live-2563eb)](#websocket-streaming)
+[![MCP](https://img.shields.io/badge/MCP-ready-7c3aed)](#mcp-server)
+[![License](https://img.shields.io/badge/license-MIT-blue)](LICENSE)
+
+## Highlights
+
+- Public market data: server time, pairs, ticker, all tickers, summaries, order book, trades, OHLC, and price increments.
+- Private account data: account info, balances, transactions, and trade history.
+- Spot trading: buy, sell, cancel, cancel by client order ID, cancel all, and deadman countdown.
+- Funding: withdrawal fee lookup, crypto withdrawal, and withdrawal callback validation server.
+- Real-time streams: ticker, trades, order book, summary, and private order updates.
+- Paper trading: risk-free simulated trading with balances, orders, fills, history, and status.
+- Price alerts: threshold and percentage alerts with one-shot checks or live WebSocket monitoring.
+- Automation-friendly output: human tables by default, JSON envelopes with `-o json`.
+- Credential resolution: CLI flags, environment variables, or `~/.config/indodax/config.toml`.
+- Agent support: MCP server mode with guarded dangerous operations.
+
+## Recent Highlights
+
+- WebSocket reliability overhaul: application-level pings, automatic reconnection with exponential backoff, and private WebSocket support for real-time order and balance updates.
+- Secure WebSocket authentication: configurable WebSocket tokens with fallback to a stable default.
+- TradeAPI-2 compliance: normalized symbol formats and stricter request handling across commands.
+- Response parsing improvements: order book handling supports both legacy and modern API shapes.
+
+## Installation
+
+Install from source:
+
+```bash
+git clone https://github.com/ibidathoillah/indodax-cli.git
+cd indodax-cli
+cargo install --path .
+```
+
+Install from crates.io:
+
+```bash
+cargo install indodax-cli
+```
+
+Install from npm:
+
+```bash
+npm install -g indodax-cli
+```
+
+Run with Docker:
+
+```bash
+docker run --rm ibidathoillah/indodax-cli --help
+docker run --rm -v ~/.config/indodax:/root/.config/indodax ibidathoillah/indodax-cli balance
+```
+
+Run from the checkout:
+
+```bash
+cargo build
+./target/debug/indodax --help
+```
+
+## Quick Start
+
+Market data does not require credentials:
+
+```bash
+indodax server-time
+indodax ticker btc/idr
+indodax orderbook btc/idr --count 10
+indodax pairs
+indodax ohlc --pair btc/idr
+indodax -o json ticker btc/idr
+```
+
+Configure private API credentials:
+
+```bash
+indodax auth set --api-key YOUR_API_KEY --api-secret YOUR_API_SECRET
+indodax auth test
+indodax auth show
+```
+
+Or use environment variables:
+
+```bash
+export INDODAX_API_KEY=your_api_key
+export INDODAX_API_SECRET=your_api_secret
+```
+
+Credential priority:
+
+1. `--api-key` and `--api-secret`
+2. `INDODAX_API_KEY` and `INDODAX_API_SECRET`
+3. `~/.config/indodax/config.toml`
+
+## Command Reference
+
+Global options:
+
+```text
+indodax [OPTIONS] <COMMAND>
+
+Options:
+  -o, --output <table|json>      Output format [default: table]
+      --api-key <API_KEY>        API key override
+      --api-secret <API_SECRET>  API secret override
+      --api-secret-stdin         Read API secret from stdin
+  -v, --verbose                  Enable verbose logs
+      --yes, --force             Skip confirmation prompts
+```
+
+### Market
+
+```bash
+indodax server-time
+indodax pairs
+indodax ticker btc/idr
+indodax ticker-all
+indodax summaries
+indodax orderbook btc/idr --count 10
+indodax trades btc/idr
+indodax ohlc --pair btc/idr --interval 60
+indodax price-increments
+```
+
+### Account
+
+```bash
+indodax account-info
+indodax balance
+indodax transactions
+indodax trades-history btc/idr --limit 5
+```
+
+### Trading
+
+```bash
+indodax order buy --pair btc/idr --idr 100000 --price 1000000000
+indodax order buy --pair btc/idr --idr 100000 --order-type market
+indodax order sell --pair btc/idr --amount 0.001 --price 1000000000
+indodax order cancel --order-id 123456 --pair btc/idr --order-type buy
+indodax order cancel-by-client-id --client-order-id CLIENT_ID
+indodax --yes order cancel-all --pair btc/idr
+indodax order countdown --pair btc/idr --countdown-time 60000
+```
+
+### Funding
+
+```bash
+indodax withdrawal fee --asset btc
+indodax withdraw --asset btc --volume 0.001 --address bc1... --network BTC
+indodax withdrawal serve-callback --port 8080
+```
+
+For withdrawals, Indodax may require a callback URL. Configure it with:
+
+```bash
+indodax auth set --callback-url https://yourdomain.com/callback
+```
+
+### WebSocket Streaming
+
+Public streams:
+
+```bash
+indodax ws ticker btc/idr
+indodax ws trades btc/idr
+indodax ws book btc/idr
+indodax ws summary
+```
+
+Private stream:
+
+```bash
+indodax ws orders
+```
+
+### Price Alerts
+
+```bash
+indodax alert add -p btc/idr --above 150000000
+indodax alert add -p btc/idr --below 50000000
+indodax alert add -p btc/idr --percent-up 5
+indodax alert add -p btc/idr --percent-down 10
+indodax alert list
+indodax alert list --history
+indodax alert cancel -i 1
+indodax alert cancel --all
+indodax alert check
+indodax alert watch -p btc/idr
+indodax alert triggered
+```
+
+Alerts are stored in `~/.config/indodax/alerts.json`.
+
+### Paper Trading
+
+```bash
+indodax paper init
+indodax paper init --idr 50000000 --btc 0.5
+indodax paper balance
+indodax paper buy -p btc/idr -i 1000000
+indodax paper buy -p btc/idr -a 0.1 -r 500000000
+indodax paper sell -p btc/idr -a 0.05 -r 1000000000
+indodax paper orders --pair btc/idr
+indodax paper cancel -i 1
+indodax paper cancel-all
+indodax paper fill -i 1
+indodax paper fill -i 2 --price 110000000
+indodax paper fill --all
+indodax paper check-fills -p '{"btc/idr": 95000000, "eth/idr": 12000000}'
+indodax paper topup -c usdt -a 50000
+indodax paper history
+indodax paper status
+indodax paper reset
+```
+
+Paper trading mirrors the live order interface for safer strategy testing.
+
+### Interactive Shell
+
+```bash
+indodax shell
+```
+
+### MCP Server
+
+```bash
+indodax mcp
+indodax mcp -s all
+indodax mcp -s all --allow-dangerous
+indodax mcp -s market,trade,paper
+```
+
+Service groups:
+
+| Group | Tools | Auth Required | Dangerous |
+|-------|-------|---------------|-----------|
+| `market` | Server time, ticker, pairs, orderbook, trades, OHLC, price increments | No | No |
+| `account` | Balance, trade history, transactions, account info | Yes | No |
+| `trade` | Buy, sell, cancel orders | Yes | Yes |
+| `funding` | Withdraw fees, withdraw crypto | Yes | Yes |
+| `paper` | Paper trading init, balance, buy, sell, orders, cancel, history, status | No | No |
+| `auth` | Show config, test credentials | Varies | No |
+
+By default, `trade` and `funding` MCP tools require `acknowledged: true`. Use `--allow-dangerous` only for controlled local automation.
+
+Example MCP client configuration:
+
+```json
+{
+  "mcpServers": {
+    "indodax": {
+      "command": "indodax",
+      "args": ["mcp", "-s", "all"]
+    }
+  }
+}
+```
+
+## Output Formats
+
+Table mode is the default:
+
+```bash
+indodax ticker btc/idr
+```
+
+JSON mode is intended for scripting and automation:
+
+```bash
+indodax -o json ticker btc/idr
+```
+
+Error responses in JSON mode use structured envelopes:
+
+```json
+{
+  "error": true,
+  "message": "Invalid trading pair: xxx_idr",
+  "error_type": "invalid_pair",
+  "retryable": false
+}
+```
+
+## E2E Testing
+
+The repository includes live API smoke tests:
+
+```bash
+./scripts/e2e_minimal.sh --public
+./scripts/e2e_minimal.sh --private
+./scripts/e2e_minimal.sh --ws
+./scripts/e2e_websocket_mock.sh
+```
+
+Environment knobs:
+
+```bash
+INDODAX_BIN=./target/debug/indodax
+```
+
+Latest local verification:
+
+```text
+cargo test: 296 passed
+./scripts/e2e_minimal.sh --public: passed
+./scripts/e2e_minimal.sh --private: skipped private checks (credentials unavailable)
+./scripts/e2e_minimal.sh --ws: passed
+```
+
+## API Coverage
+
+- Public REST: Indodax market endpoints
+- Private REST: Indodax TradeAPI and TradeAPI-2 endpoints
+- Public WebSocket: `wss://ws3.indodax.com/ws/`
+- Private WebSocket: `wss://pws.indodax.com/ws/`
+
+## Architecture
+
+This project is inspired by the Kraken CLI architecture and built with modern Rust:
+
+- `clap` for derive-based CLI parsing
+- `tokio` for async runtime
+- `tokio-tungstenite` for WebSocket streams
+- `reqwest` for REST API calls
+- `serde` for serialization and deserialization
+- `comfy-table` for terminal tables
+- `rmcp` for Model Context Protocol support
+
+## Testing Standards
+
+Every release should pass:
+
+- Unit tests with `cargo test`
+- Public E2E smoke tests
+- WebSocket smoke tests
+- Private read-only tests when credentials are available
+
+Coverage is maintained across `auth`, `client`, `config`, `errors`, `commands`, `mcp`, and `output` modules.
+
+## Security
+
+- Credentials are stored with `0600` permissions when using `indodax auth set`.
+- HMAC-SHA512 signing is used for private API authentication.
+- Prefer read-only API keys for account inspection and WebSocket monitoring.
+- Use least-privilege exchange API keys for MCP and automation.
+- Never commit real API keys, secrets, callback tokens, or listen keys.
+
+## Development
+
+```bash
+cargo fmt
+cargo test
+cargo build
+```
+
+## Contributing
+
+Contributions are welcome:
+
+1. Fork the repository.
+2. Create a feature branch.
+3. Run tests and relevant E2E smoke checks.
+4. Open a pull request.
+
+## Related Projects
+
+If you use multiple exchanges, check out these related CLI tools built with the same architecture:
+
+- [indodax-cli](https://github.com/ibidathoillah/indodax-cli) - CLI for Indodax
+- [bittime-cli](https://github.com/ibidathoillah/bittime-cli) - CLI for Bittime
+- [binance-cli](https://github.com/ibidathoillah/binance-cli) - CLI for Binance Spot
+- [tokocrypto-cli](https://github.com/ibidathoillah/tokocrypto-cli) - CLI for Tokocrypto
+- [kraken-cli](https://github.com/ibidathoillah/kraken-cli) - CLI for Kraken (Spot, Margin, Futures)
+
+## License
+
+MIT
+
+## Disclaimer
+
+This project is unofficial and is not affiliated with or endorsed by Indodax. Cryptocurrency trading is risky; review commands carefully before using write-capable API keys.

package/bin/indodax.js

@@ -0,0 +1,45 @@
+#!/usr/bin/env node
+
+const { spawn } = require('child_process');
+const path = require('path');
+const fs = require('fs');
+
+// Determine the binary name based on platform
+const binName = process.platform === 'win32' ? 'indodax-native.exe' : 'indodax-native';
+const binPath = path.join(__dirname, binName);
+
+// Check if the binary exists
+if (!fs.existsSync(binPath)) {
+    // Fallback: Check if it's named 'indodax' (old naming)
+    const oldBinName = process.platform === 'win32' ? 'indodax.exe' : 'indodax';
+    const oldBinPath = path.join(__dirname, oldBinName);
+    
+    if (fs.existsSync(oldBinPath)) {
+        runBinary(oldBinPath);
+    } else {
+        console.error(`\x1b[31mError: Indodax native binary not found.\x1b[0m`);
+        console.error(`Expected at: ${binPath}`);
+        console.error(`\nThis usually happens if the post-install download failed.`);
+        console.error(`You can try to:`);
+        console.error(`1. Reinstall: npm install -g indodax-cli`);
+        console.error(`2. Build from source: cargo install --path .`);
+        process.exit(1);
+    }
+} else {
+    runBinary(binPath);
+}
+
+function runBinary(path) {
+    const child = spawn(path, process.argv.slice(2), {
+        stdio: 'inherit'
+    });
+
+    child.on('exit', (code) => {
+        process.exit(code || 0);
+    });
+
+    child.on('error', (err) => {
+        console.error(`\x1b[31mError spawning binary:\x1b[0m ${err.message}`);
+        process.exit(1);
+    });
+}

package/package.json

@@ -0,0 +1,31 @@
+{
+  "name": "@ibidathoillah/indodax-cli",
+  "version": "0.1.21",
+  "description": "Command-line interface for the Indodax cryptocurrency exchange",
+  "bin": {
+    "indodax": "./bin/indodax.js"
+  },
+  "scripts": {
+    "postinstall": "node scripts/install.js"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/ibidathoillah/indodax-cli.git"
+  },
+  "keywords": [
+    "indodax",
+    "crypto",
+    "cli",
+    "trading",
+    "bitcoin"
+  ],
+  "author": "Ibida Thoillah",
+  "license": "MIT",
+  "bugs": {
+    "url": "https://github.com/ibidathoillah/indodax-cli/issues"
+  },
+  "homepage": "https://github.com/ibidathoillah/indodax-cli#readme",
+  "publishConfig": {
+    "access": "public"
+  }
+}

package/pr24.diff

@@ -0,0 +1,215 @@
+diff --git a/src/commands/utility.rs b/src/commands/utility.rs
+index 20c2d76..e03c716 100644
+--- a/src/commands/utility.rs
++++ b/src/commands/utility.rs
+@@ -89,7 +89,7 @@ async fn shell() -> Result<CommandOutput> {
+             Ok(input) => {
+                 let _ = rl.add_history_entry(&input);
+                 let args = format!("indodax {}", input);
+-                let args: Vec<&str> = shell_parse(&args);
++                let args: Vec<String> = shell_parse(&args);
+                 match Cli::try_parse_from(args) {
+                     Ok(cli) => {
+                         if matches!(cli.command, crate::Command::Shell) {
+@@ -119,30 +119,44 @@ async fn shell() -> Result<CommandOutput> {
+     Ok(CommandOutput::json(data))
+ }
+ 
+-fn shell_parse(input: &str) -> Vec<&str> {
+-    let mut parts = Vec::new();
+-    let mut current = "";
++/// Splits a shell-style command line into argv-like tokens.
++fn shell_parse(input: &str) -> Vec<String> {
++    let mut parts: Vec<String> = Vec::new();
++    let mut current = String::new();
+     let mut in_quote = false;
++    let mut has_token = false;
++    let mut chars = input.chars().peekable();
+ 
+-    for word in input.split(' ') {
+-        if in_quote {
+-            if word.ends_with('"') {
+-                in_quote = false;
+-                parts.push(&input[current.len() + 1..current.len() + 1 + parts.last().map(|s: &&str| s.len()).unwrap_or(0) + word.len() - 1]);
++    while let Some(ch) = chars.next() {
++        match ch {
++            '"' => {
++                in_quote = !in_quote;
++                has_token = true;
++            }
++            '\\' if in_quote => match chars.peek() {
++                Some('"') | Some('\\') => {
++                    current.push(chars.next().unwrap());
++                }
++                _ => current.push(ch),
++            },
++            c if c.is_whitespace() && !in_quote => {
++                if has_token {
++                    parts.push(std::mem::take(&mut current));
++                    has_token = false;
++                }
++            }
++            c => {
++                current.push(c);
++                has_token = true;
+             }
+-        } else if word.starts_with('"') {
+-            in_quote = true;
+-            current = word;
+-        } else {
+-            parts.push(word);
+         }
+     }
+ 
+-    if parts.is_empty() {
+-        input.split_whitespace().collect()
+-    } else {
+-        parts
++    if has_token {
++        parts.push(current);
+     }
++
++    parts
+ }
+ 
+ #[cfg(test)]
+@@ -151,67 +165,109 @@ mod tests {
+ 
+     #[test]
+     fn test_shell_parse_simple() {
+-        let input = "market ticker btc_idr";
+-        let result = shell_parse(input);
++        let result = shell_parse("market ticker btc_idr");
+         assert_eq!(result, vec!["market", "ticker", "btc_idr"]);
+     }
+ 
+     #[test]
+     fn test_shell_parse_single_word() {
+-        let input = "help";
+-        let result = shell_parse(input);
++        let result = shell_parse("help");
+         assert_eq!(result, vec!["help"]);
+     }
+ 
+     #[test]
+     fn test_shell_parse_empty() {
+-        let input = "";
+-        let result = shell_parse(input);
+-        assert!(result.is_empty() || result == vec![""]);
++        let result = shell_parse("");
++        assert!(result.is_empty());
+     }
+ 
+     #[test]
+     fn test_shell_parse_with_quotes() {
+-        let input = r#"auth set --api-key "my key" --api-secret "my secret""#;
+-        let result = shell_parse(input);
+-        // The shell_parse function doesn't handle quotes like this perfectly,
+-        // but let's test what it actually does
+-        assert!(!result.is_empty());
++        let result =
++            shell_parse(r#"auth set --api-key "my key" --api-secret "my secret""#);
++        assert_eq!(
++            result,
++            vec![
++                "auth", "set", "--api-key", "my key", "--api-secret", "my secret",
++            ]
++        );
++    }
++
++    #[test]
++    fn test_shell_parse_quoted_value_with_dash() {
++        let result = shell_parse(r#"market ticker --pair "btc_idr""#);
++        assert_eq!(result, vec!["market", "ticker", "--pair", "btc_idr"]);
+     }
+ 
+     #[test]
+     fn test_shell_parse_multiple_spaces() {
+-        let input = "market   ticker   btc_idr";
+-        let result = shell_parse(input);
+-        // The function doesn't normalize multiple spaces perfectly
+-        assert!(result.contains(&"market") || result.len() >= 3);
++        let result = shell_parse("market   ticker   btc_idr");
++        assert_eq!(result, vec!["market", "ticker", "btc_idr"]);
+     }
+ 
+     #[test]
+     fn test_shell_parse_leading_trailing_spaces() {
+-        let input = "  market ticker btc_idr  ";
+-        let result = shell_parse(input);
+-        assert!(result.contains(&"market") || result.len() >= 3);
++        let result = shell_parse("  market ticker btc_idr  ");
++        assert_eq!(result, vec!["market", "ticker", "btc_idr"]);
+     }
+ 
+     #[test]
+-    fn test_utility_command_variants() {
+-        let _cmd1 = UtilityCommand::Setup;
+-        let _cmd2 = UtilityCommand::Shell;
++    fn test_shell_parse_only_whitespace() {
++        let result = shell_parse("    ");
++        assert!(result.is_empty());
++    }
++
++    #[test]
++    fn test_shell_parse_quoted_empty_string() {
++        let result = shell_parse(r#"set key """#);
++        assert_eq!(result, vec!["set", "key", ""]);
++    }
++
++    #[test]
++    fn test_shell_parse_quoted_whitespace_only() {
++        let result = shell_parse(r#"echo "   ""#);
++        assert_eq!(result, vec!["echo", "   "]);
+     }
+ 
+     #[test]
+-    fn test_shell_parse_whitespace_fallback() {
+-        // Test the fallback path when parts is empty
+-        let input = "simple";
+-        let result = shell_parse(input);
+-        assert_eq!(result.len(), 1);
++    fn test_shell_parse_escaped_quote_inside_quotes() {
++        let result = shell_parse(r#"echo "he said \"hi\"""#);
++        assert_eq!(result, vec!["echo", r#"he said "hi""#]);
++    }
++
++    #[test]
++    fn test_shell_parse_escaped_backslash_inside_quotes() {
++        let result = shell_parse(r#"path "a\\b""#);
++        assert_eq!(result, vec!["path", r#"a\b"#]);
++    }
++
++    #[test]
++    fn test_shell_parse_unclosed_quote_keeps_token() {
++        let result = shell_parse(r#"foo "bar baz"#);
++        assert_eq!(result, vec!["foo", "bar baz"]);
++    }
++
++    #[test]
++    fn test_shell_parse_adjacent_quoted_and_bare() {
++        let result = shell_parse(r#"x="hello world""#);
++        assert_eq!(result, vec!["x=hello world"]);
++    }
++
++    #[test]
++    fn test_shell_parse_tab_separator() {
++        let result = shell_parse("a\tb\tc");
++        assert_eq!(result, vec!["a", "b", "c"]);
++    }
++
++    #[test]
++    fn test_utility_command_variants() {
++        let _cmd1 = UtilityCommand::Setup;
++        let _cmd2 = UtilityCommand::Shell;
+     }
+ 
+     #[test]
+     fn test_shell_parse_with_dash_args() {
+-        let input = "account balance -v";
+-        let result = shell_parse(input);
+-        assert!(result.contains(&"account") || result.len() >= 2);
++        let result = shell_parse("account balance -v");
++        assert_eq!(result, vec!["account", "balance", "-v"]);
+     }
+ }

package/release_template.yml.tmp

@@ -0,0 +1,202 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+permissions:
+  packages: write
+  contents: write
+
+jobs:
+  build-and-release:
+    name: Build and Release
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - os: ubuntu-latest
+            target: x86_64-unknown-linux-gnu
+            artifact_name: PROJECT_NAME-linux-x86_64
+            binary_extension: ""
+          - os: ubuntu-latest
+            target: aarch64-unknown-linux-gnu
+            artifact_name: PROJECT_NAME-linux-aarch64
+            binary_extension: ""
+          - os: macos-latest
+            target: x86_64-apple-darwin
+            artifact_name: PROJECT_NAME-macos-x86_64
+            binary_extension: ""
+          - os: macos-latest
+            target: aarch64-apple-darwin
+            artifact_name: PROJECT_NAME-macos-aarch64
+            binary_extension: ""
+          - os: windows-latest
+            target: x86_64-pc-windows-msvc
+            artifact_name: PROJECT_NAME-windows-x86_64
+            binary_extension: ".exe"
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          targets: ${{ matrix.target }}
+
+      - name: Install cross-compilation tools (Linux ARM64)
+        if: matrix.target == 'aarch64-unknown-linux-gnu'
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y gcc-aarch64-linux-gnu
+
+      - name: Build
+        shell: bash
+        run: |
+          if [ "${{ matrix.target }}" == "aarch64-unknown-linux-gnu" ]; then
+            export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc
+          fi
+          
+          cargo build --release --target ${{ matrix.target }}
+          
+          BIN_DIR="target/${{ matrix.target }}/release"
+          cp "$BIN_DIR/PROJECT_NAME${{ matrix.binary_extension }}" "${{ matrix.artifact_name }}${{ matrix.binary_extension }}"
+
+      - name: Upload Artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ matrix.artifact_name }}
+          path: ${{ matrix.artifact_name }}${{ matrix.binary_extension }}
+
+  publish-cargo:
+    name: Publish to Cargo
+    needs: build-and-release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@stable
+      - name: Publish
+        env:
+          CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
+        run: cargo publish --token $CARGO_REGISTRY_TOKEN --no-verify --allow-dirty || echo "Already published"
+
+  publish-npm:
+    name: Publish to NPM
+    needs: build-and-release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          registry-url: 'https://registry.npmjs.org'
+      - name: NPM_EXTRA_STEPS
+      - name: Publish
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+        run: |
+          NPM_PUBLISH_COMMAND
+
+  publish-docker:
+    name: Publish to Docker Hub
+    needs: build-and-release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Build and Push Docker Image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile
+          push: true
+          tags: |
+            ${{ secrets.DOCKER_USERNAME }}/PROJECT_NAME-cli:${{ github.ref_name }}
+            ${{ secrets.DOCKER_USERNAME }}/PROJECT_NAME-cli:latest
+
+  publish-gpr:
+    name: Publish to GitHub Packages (NPM)
+    needs: build-and-release
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+          registry-url: "https://npm.pkg.github.com"
+          scope: "@ibidathoillah"
+      - name: Publish to GPR
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          sed -i 's|https://registry.npmjs.org|https://npm.pkg.github.com|g' package.json || true
+          npm publish || echo "Already published to GPR"
+
+  publish-ghcr:
+    name: Publish to GHCR
+    needs: build-and-release
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Log in to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and Push to GHCR
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile
+          push: true
+          tags: |
+            ghcr.io/${{ github.repository }}:${{ github.ref_name }}
+            ghcr.io/${{ github.repository }}:latest
+
+  github-release:
+    name: GitHub Release
+    needs: build-and-release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Download Artifacts
+        uses: actions/download-artifact@v4
+        with:
+          merge-multiple: true
+
+      - name: Create Release
+        uses: softprops/action-gh-release@v2
+        with:
+          files: |
+            PROJECT_NAME-linux-x86_64
+            PROJECT_NAME-linux-aarch64
+            PROJECT_NAME-macos-x86_64
+            PROJECT_NAME-macos-aarch64
+            PROJECT_NAME-windows-x86_64.exe
+          body_path: RELEASE_NOTES.md
+          fail_on_unmatched_files: false
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

package/scripts/e2e_minimal.sh

@@ -0,0 +1,100 @@
+#!/bin/bash
+# Minimal Balance E2E Test Script for Indodax CLI
+# This script performs safe, read-only and minimal-amount operations to verify CLI health.
+
+set -e
+
+echo "--- [E2E] Starting Minimal Risk Tests ---"
+
+RUN_PUBLIC=true
+RUN_PRIVATE=true
+RUN_WS=true
+
+if [[ "${1:-}" == "--public" ]]; then
+    RUN_PRIVATE=false
+    RUN_WS=false
+elif [[ "${1:-}" == "--private" ]]; then
+    RUN_PUBLIC=false
+    RUN_WS=false
+elif [[ "${1:-}" == "--ws" ]]; then
+    RUN_PUBLIC=false
+    RUN_PRIVATE=false
+fi
+
+INDODAX="${INDODAX_BIN:-./target/debug/indodax}"
+PAIR="${INDODAX_TEST_PAIR:-btc_idr}"
+PAIR_FLEX="${INDODAX_TEST_PAIR_FLEX:-btc/idr}"
+if [ ! -x "$INDODAX" ]; then
+    INDODAX="./target/release/indodax"
+fi
+
+if [ ! -x "$INDODAX" ]; then
+    echo "Building indodax-cli ..."
+    cargo build
+    INDODAX="./target/debug/indodax"
+fi
+
+# Function to check that a command succeeds and returns output.
+check_not_empty() {
+    local cmd=$1
+    local name=$2
+    echo "Testing: $name..."
+    local output
+    output=$($INDODAX $cmd)
+    
+    if [ -n "$output" ]; then
+        echo "✅ $name: OK"
+    else
+        echo "❌ $name: FAILED (Empty output)"
+        echo "$output"
+        exit 1
+    fi
+}
+
+if $RUN_PUBLIC; then
+    # 1. Public API Verification
+    echo "[1/5] Checking Public Market Data..."
+    check_not_empty "ticker $PAIR" "Market Ticker"
+    check_not_empty "pairs" "Market Pairs"
+    check_not_empty "trades $PAIR_FLEX" "Market Trades"
+    check_not_empty "ohlc --pair $PAIR_FLEX" "Market OHLC"
+    echo "✅ Public Market Data OK"
+fi
+
+if $RUN_PRIVATE; then
+    if $INDODAX auth test >/dev/null 2>&1; then
+        # 2. Authentication & V1 API Verification (Read-Only)
+        echo "[2/5] Checking Private V1 API (Balance)..."
+        check_not_empty "balance" "Account Balance"
+        echo "✅ Private V1 (Auth) OK"
+
+        # 3. API V2 Verification (Read-Only)
+        echo "[3/5] Checking Private V2 API (Order History)..."
+        # Note: History might be empty for new accounts, so we check for no error
+        $INDODAX trades-history "$PAIR_FLEX" --limit 1 > /dev/null
+        echo "✅ Private V2 (History) OK"
+    else
+        echo "[2/5] Private API: SKIP (credentials unavailable or invalid)"
+        echo "[3/5] Private V2 API: SKIP (credentials unavailable or invalid)"
+    fi
+fi
+
+if $RUN_WS; then
+    # 4. WebSocket Connectivity (Brief check)
+    echo "[4/5] Checking WebSocket Connectivity (5s)..."
+    ws_output=$(timeout 5s $INDODAX --output json ws ticker "$PAIR_FLEX" 2>&1 || true)
+    if echo "$ws_output" | grep -q "connecting"; then
+        echo "✅ WebSocket: OK (connected)"
+    else
+        echo "❌ WebSocket: FAILED"
+        echo "$ws_output"
+        exit 1
+    fi
+fi
+
+# 5. Minimal Trade Verification (Optional/Manual)
+echo "[5/5] Minimal Trade Verification (Instructions):"
+echo "   To verify execution, run: indodax order buy --pair $PAIR_FLEX --idr 10000"
+echo "   Then immediately cancel:  indodax --yes order cancel-all --pair $PAIR_FLEX"
+
+echo "--- [E2E] Minimal Tests Completed Successfully ---"

package/scripts/e2e_websocket_mock.sh

@@ -0,0 +1,48 @@
+#!/bin/bash
+# E2E Mock verification for WebSocket commands
+# This script runs public websocket commands for a few seconds and verifies they produce output.
+
+set -e
+
+echo "Starting WebSocket E2E verification..."
+
+PAIR="${INDODAX_TEST_PAIR:-btc_idr}"
+PAIR_FLEX="${INDODAX_TEST_PAIR_FLEX:-btc/idr}"
+
+# Function to test a websocket command
+test_ws() {
+    local cmd=$1
+    local name=$2
+    echo "Testing: $name..."
+    
+    # Run command with timeout. It should produce at least one event in 10 seconds for BTC_IDR
+    # We use --output json to make it easy to verify.
+    output=$(timeout 15s "$INDODAX" --output json ws $cmd 2>&1 || true)
+    
+    if echo "$output" | grep -q "\"event\""; then
+        echo "✅ $name: Success (received events)"
+    elif echo "$output" | grep -q "connecting"; then
+        echo "✅ $name: Success (connected but no events in timeout window)"
+    else
+        echo "❌ $name: Failed (no connection or events)"
+        echo "Debug output: $output"
+        return 1
+    fi
+}
+
+INDODAX="${INDODAX_BIN:-./target/debug/indodax}"
+if [ ! -x "$INDODAX" ]; then
+    echo "Building indodax-cli ..."
+    cargo build
+fi
+
+if [ ! -x "$INDODAX" ]; then
+    echo "Error: $INDODAX not found after cargo build."
+    exit 1
+fi
+
+test_ws "ticker $PAIR_FLEX" "Public Ticker"
+test_ws "summary" "Public Summary"
+test_ws "book $PAIR" "Public Orderbook"
+
+echo "E2E verification complete."

package/scripts/install.js

@@ -0,0 +1,87 @@
+const fs = require('fs');
+const path = require('path');
+const https = require('https');
+const os = require('os');
+
+// Get version from package.json
+const pkg = JSON.parse(fs.readFileSync(path.join(__dirname, '..', 'package.json'), 'utf8'));
+const VERSION = pkg.version;
+const REPO = 'ibidathoillah/indodax-cli';
+
+function getBinaryUrl() {
+    const platform = os.platform();
+    const arch = os.arch();
+
+    let osName = '';
+    let archName = '';
+
+    if (platform === 'linux') {
+        osName = 'linux';
+    } else if (platform === 'darwin') {
+        osName = 'macos';
+    } else if (platform === 'win32') {
+        osName = 'windows';
+    } else {
+        console.error(`Unsupported platform: ${platform}`);
+        process.exit(1);
+    }
+
+    if (arch === 'x64') {
+        archName = 'x86_64';
+    } else if (arch === 'arm64') {
+        archName = 'aarch64';
+    } else {
+        console.error(`Unsupported architecture: ${arch}`);
+        process.exit(1);
+    }
+
+    const ext = platform === 'win32' ? '.exe' : '';
+    return `https://github.com/${REPO}/releases/download/v${VERSION}/indodax-${osName}-${archName}${ext}`;
+}
+
+const binDir = path.join(__dirname, '..', 'bin');
+const binName = os.platform() === 'win32' ? 'indodax.exe' : 'indodax';
+const binPath = path.join(binDir, binName);
+
+if (!fs.existsSync(binDir)) {
+    fs.mkdirSync(binDir, { recursive: true });
+}
+
+function download(url, dest) {
+    console.log(`Downloading indodax-cli binary from ${url}...`);
+
+    const file = fs.createWriteStream(dest);
+
+    https.get(url, (response) => {
+        if (response.statusCode === 301 || response.statusCode === 302) {
+            download(response.headers.location, dest);
+            return;
+        }
+
+        if (response.statusCode !== 200) {
+            console.warn(`\x1b[33mWarning:\x1b[0m Server returned status code ${response.statusCode}`);
+            if (response.statusCode === 404) {
+                console.warn(`Binary for version v${VERSION} not found on GitHub releases.`);
+                console.warn(`The command 'indodax' will still be registered, but you may need to build it manually.`);
+            }
+            fs.unlink(dest, () => { });
+            // Exit with 0 to allow the npm installation to complete
+            process.exit(0);
+        }
+
+        response.pipe(file);
+
+        file.on('finish', () => {
+            file.close();
+            fs.chmodSync(dest, 0o755);
+            console.log('\x1b[32mindodax-cli binary installed successfully.\x1b[0m');
+        });
+    }).on('error', (err) => {
+        fs.unlink(dest, () => { });
+        console.error(`\x1b[31mError downloading binary:\x1b[0m ${err.message}`);
+        process.exit(1);
+    });
+}
+
+const url = getBinaryUrl();
+download(url, binPath);

package/scripts/release.sh

@@ -0,0 +1,56 @@
+#!/bin/bash
+# scripts/release.sh - Automate Indodax CLI releases
+# Usage: ./scripts/release.sh [version]
+# If version is omitted, it reads from Cargo.toml
+
+set -e
+
+# 1. Get current version from Cargo.toml if not provided
+if [ -z "$1" ]; then
+    VERSION=$(grep '^version =' Cargo.toml | head -n1 | cut -d'"' -f2)
+    echo "Using version $VERSION from Cargo.toml"
+else
+    VERSION=$1
+    echo "Setting version to $VERSION"
+    # Update Cargo.toml
+    sed -i "s/^version = \".*\"/version = \"$VERSION\"/" Cargo.toml
+fi
+
+# 2. Sync package.json
+if [ -f "package.json" ]; then
+    sed -i "s/\"version\": \".*\"/\"version\": \"$VERSION\"/" package.json
+fi
+
+# 3. Update RELEASE_NOTES.md headers
+if [ -f "RELEASE_NOTES.md" ]; then
+    sed -i "s/Welcome to Indodax CLI v[0-9.]*/Welcome to Indodax CLI v$VERSION/" RELEASE_NOTES.md
+    sed -i "s/What's New in v[0-9.]*/What's New in v$VERSION/" RELEASE_NOTES.md
+fi
+
+# 4. Update README.md highlights
+if [ -f "README.md" ]; then
+    sed -i "s/Recent Highlights (v[0-9.]*)/Recent Highlights (v$VERSION)/" README.md
+fi
+
+# 5. Update TODO.md
+if [ -f "TODO.md" ]; then
+    sed -i "s/WebSocket Reliability Overhaul (v[0-9.]*)/WebSocket Reliability Overhaul (v$VERSION)/" TODO.md
+fi
+
+echo "✅ All files updated to v$VERSION"
+
+# 6. Git Operations (Optional - uncomment if you want auto-commit)
+# git add Cargo.toml package.json RELEASE_NOTES.md README.md TODO.md
+# git commit -m "chore: release v$VERSION"
+# git push origin main
+# git tag -f v$VERSION
+# git push origin v$VERSION -f
+
+# 7. GitHub Release
+if command -v gh &> /dev/null; then
+    echo "Updating GitHub release v$VERSION..."
+    gh release edit "v$VERSION" --notes-file RELEASE_NOTES.md || \
+    gh release create "v$VERSION" --title "v$VERSION" --notes-file RELEASE_NOTES.md
+fi
+
+echo "🚀 Release v$VERSION completed successfully!"