@imbingox/acex 0.4.0-beta.3 → 0.4.0-beta.5

package/docs/api.md

@@ -967,6 +967,8 @@ interface AccountRuntimeOptions {
 
 interface CreateClientOptions {
   sandbox?: boolean;   // 预留，当前不生效
+  clock?: TimeProvider;     // 注入签名/请求时钟，默认本地时钟
+  rateLimiter?: RateLimiter; // 注入限流器，默认 reactive（观测 + Retry-After 退避，不主动节流）
   logger?: Logger;     // 预留
   logLevel?: LogLevel; // 预留
   market?: MarketRuntimeOptions;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@imbingox/acex",
-  "version": "0.4.0-beta.3",
+  "version": "0.4.0-beta.5",
   "description": "Multi-exchange trading SDK for market data, account, and order management",
   "repository": {
     "type": "git",

package/src/adapters/binance/adapter.ts

@@ -1,6 +1,7 @@
 import { SubscriptionMultiplexer } from "../../internal/subscription-multiplexer.ts";
 import type {
   MarketDefinition,
+  RateLimiter,
   VenueMarketCapabilities,
 } from "../../types/index.ts";
 import type {
@@ -53,8 +54,16 @@ export class BinanceMarketAdapter implements MarketAdapter {
   private multiplexer: BinanceMarketMultiplexer | undefined;
   private multiplexerConfig: BinanceMultiplexerConfig | undefined;
 
+  constructor(
+    private readonly options: {
+      readonly rateLimiter?: RateLimiter;
+    } = {},
+  ) {}
+
   async loadMarkets(): Promise<MarketDefinition[]> {
-    const markets = await loadBinanceMarkets();
+    const markets = await loadBinanceMarkets(fetch, {
+      rateLimiter: this.options.rateLimiter,
+    });
     this.definitions.clear();
 
     for (const market of markets) {

package/src/adapters/binance/market-catalog.ts

@@ -2,8 +2,15 @@ import { toCanonical } from "../../internal/decimal.ts";
 import {
   type HttpClientMessages,
   httpRequest,
+  isTransportError,
 } from "../../internal/http-client.ts";
-import type { MarketDefinition, MarketType } from "../../types/index.ts";
+import type {
+  MarketDefinition,
+  MarketType,
+  RateLimiter,
+  RateLimitScope,
+} from "../../types/index.ts";
+import { parseBinanceRateLimitUsage } from "./rate-limit.ts";
 
 type FetchLike = typeof fetch;
 
@@ -224,21 +231,55 @@ function normalizeDerivativesSymbol(
 async function requestCatalogJson<T>(
   fetchFn: FetchLike,
   url: string,
+  rateLimiter: RateLimiter | undefined,
+  endpointKey: string,
 ): Promise<T> {
-  const response = await httpRequest<T>({
-    fetchFn,
-    url,
-    timeoutMs: DEFAULT_HTTP_TIMEOUT_MS,
-    parseAs: "json",
-    jsonParseMode: "response",
-    retryPolicy: {
-      idempotent: true,
-      maxAttempts: 3,
-    },
-    messages: BINANCE_CATALOG_HTTP_MESSAGES,
-  });
-
-  return response.body;
+  const scope: RateLimitScope = {
+    venue: "binance",
+    endpointKey,
+  };
+
+  await rateLimiter?.beforeRequest({ scope });
+
+  try {
+    const response = await httpRequest<T>({
+      fetchFn,
+      url,
+      timeoutMs: DEFAULT_HTTP_TIMEOUT_MS,
+      parseAs: "json",
+      jsonParseMode: "response",
+      retryPolicy: {
+        idempotent: true,
+        maxAttempts: 3,
+      },
+      messages: BINANCE_CATALOG_HTTP_MESSAGES,
+    });
+
+    await rateLimiter?.afterResponse(
+      { scope },
+      {
+        status: response.status,
+        headers: response.headers,
+        usage: parseBinanceRateLimitUsage(response.headers),
+      },
+    );
+
+    return response.body;
+  } catch (error) {
+    if (isTransportError(error)) {
+      await rateLimiter?.onTransportError(
+        { scope },
+        {
+          status: error.status,
+          headers: error.headers,
+          retryAfterMs: error.retryAfterMs,
+          usage: parseBinanceRateLimitUsage(error.headers),
+        },
+      );
+    }
+
+    throw error;
+  }
 }
 
 function sortMarkets(
@@ -251,19 +292,26 @@ function sortMarkets(
 
 export async function loadBinanceMarkets(
   fetchFn: FetchLike = fetch,
+  options: { readonly rateLimiter?: RateLimiter } = {},
 ): Promise<BinanceMarketDefinition[]> {
   const [spot, usdm, coinm] = await Promise.all([
     requestCatalogJson<BinanceSpotExchangeInfo>(
       fetchFn,
       BINANCE_SPOT_EXCHANGE_INFO_URL,
+      options.rateLimiter,
+      "GET /api/v3/exchangeInfo",
     ),
     requestCatalogJson<BinanceDerivativesExchangeInfo>(
       fetchFn,
       BINANCE_USDM_EXCHANGE_INFO_URL,
+      options.rateLimiter,
+      "GET /fapi/v1/exchangeInfo",
     ),
     requestCatalogJson<BinanceDerivativesExchangeInfo>(
       fetchFn,
       BINANCE_COINM_EXCHANGE_INFO_URL,
+      options.rateLimiter,
+      "GET /dapi/v1/exchangeInfo",
     ),
   ]);
 

package/src/adapters/binance/private-adapter.ts

@@ -4,11 +4,14 @@ import {
   type HttpClientMessages,
   type HttpRetryPolicy,
   httpRequest,
+  isTransportError,
 } from "../../internal/http-client.ts";
 import { createManagedWebSocket } from "../../internal/managed-websocket.ts";
 import type {
   AccountCredentials,
   PositionSide,
+  RateLimiter,
+  RateLimitScope,
   TimeProvider,
   VenueAccountCapabilities,
   VenueOrderCapabilities,
@@ -28,6 +31,7 @@ import type {
   RawRiskUpdate,
   StreamHandle,
 } from "../types.ts";
+import { parseBinanceRateLimitUsage } from "./rate-limit.ts";
 
 type TimerHandle = ReturnType<typeof setInterval>;
 type SignedRequestMethod = "GET" | "POST" | "DELETE";
@@ -205,6 +209,14 @@ function getNumberOption(
     : undefined;
 }
 
+function getStringOption(
+  options: Record<string, unknown> | undefined,
+  key: string,
+): string | undefined {
+  const value = options?.[key];
+  return typeof value === "string" && value.length > 0 ? value : undefined;
+}
+
 function signQuery(query: string, secret: string): string {
   return createHmac("sha256", secret).update(query).digest("hex");
 }
@@ -590,6 +602,7 @@ export class BinancePrivateAdapter implements PrivateUserDataAdapter {
       readonly fetchFn?: FetchLike;
       readonly httpTimeoutMs?: number;
       readonly signingClock?: TimeProvider;
+      readonly rateLimiter?: RateLimiter;
     } = {},
   ) {}
 
@@ -786,7 +799,7 @@ export class BinancePrivateAdapter implements PrivateUserDataAdapter {
     credentials: AccountCredentials,
     callbacks: PrivateStreamCallbacks,
     options: PrivateStreamOptions,
-    _accountOptions?: Record<string, unknown>,
+    accountOptions?: Record<string, unknown>,
   ): StreamHandle {
     let closed = false;
     let listenKey: string | undefined;
@@ -808,17 +821,19 @@ export class BinancePrivateAdapter implements PrivateUserDataAdapter {
 
       const key = listenKey;
       listenKey = undefined;
-      void this.closeUserDataStream(credentials, key).catch((error) => {
-        callbacks.onError(
-          error instanceof Error
-            ? error
-            : new Error("Failed to close Binance PAPI listenKey"),
-        );
-      });
+      void this.closeUserDataStream(credentials, key, accountOptions).catch(
+        (error) => {
+          callbacks.onError(
+            error instanceof Error
+              ? error
+              : new Error("Failed to close Binance PAPI listenKey"),
+          );
+        },
+      );
     };
 
     const ready = (async () => {
-      listenKey = await this.startUserDataStream(credentials);
+      listenKey = await this.startUserDataStream(credentials, accountOptions);
       if (closed) {
         closeListenKey();
         return;
@@ -829,15 +844,17 @@ export class BinancePrivateAdapter implements PrivateUserDataAdapter {
           return;
         }
 
-        void this.keepAliveUserDataStream(credentials, listenKey).catch(
-          (error) => {
-            callbacks.onError(
-              error instanceof Error
-                ? error
-                : new Error("Failed to keep Binance PAPI listenKey alive"),
-            );
-          },
-        );
+        void this.keepAliveUserDataStream(
+          credentials,
+          listenKey,
+          accountOptions,
+        ).catch((error) => {
+          callbacks.onError(
+            error instanceof Error
+              ? error
+              : new Error("Failed to keep Binance PAPI listenKey alive"),
+          );
+        });
       }, options.listenKeyKeepAliveMs);
 
       websocket = createManagedWebSocket<BinancePrivateMessage>({
@@ -905,6 +922,9 @@ export class BinancePrivateAdapter implements PrivateUserDataAdapter {
     retryPolicy?: HttpRetryPolicy,
   ): Promise<T> {
     const { apiKey, secret } = requirePrivateCredentials(credentials);
+    const scope = this.rateLimitScope(method, path, accountOptions);
+    await this.options.rateLimiter?.beforeRequest({ scope });
+
     const params = new URLSearchParams();
     for (const [key, value] of Object.entries(queryParams ?? {})) {
       if (value !== undefined) {
@@ -927,31 +947,58 @@ export class BinancePrivateAdapter implements PrivateUserDataAdapter {
 
     const url = `${BINANCE_PAPI_REST_BASE_URL}${path}?${params.toString()}`;
     const timeoutMs = this.options.httpTimeoutMs ?? DEFAULT_HTTP_TIMEOUT_MS;
-    const response = await httpRequest<T>({
-      fetchFn: this.options.fetchFn,
-      url,
-      method,
-      headers: {
-        "X-MBX-APIKEY": apiKey,
-      },
-      timeoutMs,
-      parseAs: "json",
-      emptyBody: "empty_object",
-      retryPolicy: retryPolicy ?? NO_RETRY_POLICY,
-      messages: getBinancePapiHttpMessages(timeoutMs),
-    });
+    try {
+      const response = await httpRequest<T>({
+        fetchFn: this.options.fetchFn,
+        url,
+        method,
+        headers: {
+          "X-MBX-APIKEY": apiKey,
+        },
+        timeoutMs,
+        parseAs: "json",
+        emptyBody: "empty_object",
+        retryPolicy: retryPolicy ?? NO_RETRY_POLICY,
+        messages: getBinancePapiHttpMessages(timeoutMs),
+      });
 
-    return response.body;
+      await this.options.rateLimiter?.afterResponse(
+        { scope },
+        {
+          status: response.status,
+          headers: response.headers,
+          usage: parseBinanceRateLimitUsage(response.headers),
+        },
+      );
+
+      return response.body;
+    } catch (error) {
+      if (isTransportError(error)) {
+        await this.options.rateLimiter?.onTransportError(
+          { scope },
+          {
+            status: error.status,
+            headers: error.headers,
+            retryAfterMs: error.retryAfterMs,
+            usage: parseBinanceRateLimitUsage(error.headers),
+          },
+        );
+      }
+
+      throw error;
+    }
   }
 
   private async startUserDataStream(
     credentials: AccountCredentials,
+    accountOptions?: Record<string, unknown>,
   ): Promise<string> {
     const response = await this.userStreamRequest<BinanceListenKeyResponse>(
       "POST",
       credentials,
       undefined,
       NO_RETRY_POLICY,
+      accountOptions,
     );
     if (!response.listenKey) {
       throw new Error("Binance PAPI did not return a listenKey");
@@ -963,24 +1010,28 @@ export class BinancePrivateAdapter implements PrivateUserDataAdapter {
   private async keepAliveUserDataStream(
     credentials: AccountCredentials,
     listenKey: string,
+    accountOptions?: Record<string, unknown>,
   ): Promise<void> {
     await this.userStreamRequest<Record<string, never>>(
       "PUT",
       credentials,
       listenKey,
       LISTEN_KEY_KEEPALIVE_RETRY_POLICY,
+      accountOptions,
     );
   }
 
   private async closeUserDataStream(
     credentials: AccountCredentials,
     listenKey: string,
+    accountOptions?: Record<string, unknown>,
   ): Promise<void> {
     await this.userStreamRequest<Record<string, never>>(
       "DELETE",
       credentials,
       listenKey,
       NO_RETRY_POLICY,
+      accountOptions,
     );
   }
 
@@ -989,8 +1040,16 @@ export class BinancePrivateAdapter implements PrivateUserDataAdapter {
     credentials: AccountCredentials,
     listenKey?: string,
     retryPolicy: HttpRetryPolicy = NO_RETRY_POLICY,
+    accountOptions?: Record<string, unknown>,
   ): Promise<T> {
     const { apiKey } = requirePrivateCredentials(credentials);
+    const scope = this.rateLimitScope(
+      method,
+      "/papi/v1/listenKey",
+      accountOptions,
+    );
+    await this.options.rateLimiter?.beforeRequest({ scope });
+
     const params = new URLSearchParams();
     if (listenKey) {
       params.set("listenKey", listenKey);
@@ -1001,20 +1060,57 @@ export class BinancePrivateAdapter implements PrivateUserDataAdapter {
       query ? `?${query}` : ""
     }`;
     const timeoutMs = this.options.httpTimeoutMs ?? DEFAULT_HTTP_TIMEOUT_MS;
-    const response = await httpRequest<T>({
-      fetchFn: this.options.fetchFn,
-      url,
-      method,
-      headers: {
-        "X-MBX-APIKEY": apiKey,
-      },
-      timeoutMs,
-      parseAs: "json",
-      emptyBody: "empty_object",
-      retryPolicy,
-      messages: getBinancePapiHttpMessages(timeoutMs),
-    });
+    try {
+      const response = await httpRequest<T>({
+        fetchFn: this.options.fetchFn,
+        url,
+        method,
+        headers: {
+          "X-MBX-APIKEY": apiKey,
+        },
+        timeoutMs,
+        parseAs: "json",
+        emptyBody: "empty_object",
+        retryPolicy,
+        messages: getBinancePapiHttpMessages(timeoutMs),
+      });
+
+      await this.options.rateLimiter?.afterResponse(
+        { scope },
+        {
+          status: response.status,
+          headers: response.headers,
+          usage: parseBinanceRateLimitUsage(response.headers),
+        },
+      );
+
+      return response.body;
+    } catch (error) {
+      if (isTransportError(error)) {
+        await this.options.rateLimiter?.onTransportError(
+          { scope },
+          {
+            status: error.status,
+            headers: error.headers,
+            retryAfterMs: error.retryAfterMs,
+            usage: parseBinanceRateLimitUsage(error.headers),
+          },
+        );
+      }
 
-    return response.body;
+      throw error;
+    }
+  }
+
+  private rateLimitScope(
+    method: string,
+    path: string,
+    accountOptions?: Record<string, unknown>,
+  ): RateLimitScope {
+    return {
+      venue: "binance",
+      accountId: getStringOption(accountOptions, "accountId"),
+      endpointKey: `${method} ${path}`,
+    };
   }
 }

package/src/adapters/binance/rate-limit.ts

@@ -0,0 +1,47 @@
+import type { RateLimitUsage } from "../../types/index.ts";
+
+const USED_WEIGHT_PREFIX = "x-mbx-used-weight-";
+const ORDER_COUNT_PREFIX = "x-mbx-order-count-";
+
+export function parseBinanceRateLimitUsage(
+  headers: Headers,
+): RateLimitUsage | undefined {
+  const weight: Record<string, number> = {};
+  const orderCount: Record<string, number> = {};
+
+  for (const name of headers.keys()) {
+    const normalizedName = name.toLowerCase();
+    if (normalizedName.startsWith(USED_WEIGHT_PREFIX)) {
+      const interval = normalizedName.slice(USED_WEIGHT_PREFIX.length);
+      const value = parseHeaderNumber(headers.get(name));
+      if (interval && value !== undefined) {
+        weight[interval] = value;
+      }
+      continue;
+    }
+
+    if (normalizedName.startsWith(ORDER_COUNT_PREFIX)) {
+      const interval = normalizedName.slice(ORDER_COUNT_PREFIX.length);
+      const value = parseHeaderNumber(headers.get(name));
+      if (interval && value !== undefined) {
+        orderCount[interval] = value;
+      }
+    }
+  }
+
+  return Object.keys(weight).length > 0 || Object.keys(orderCount).length > 0
+    ? {
+        weight: Object.keys(weight).length > 0 ? weight : undefined,
+        orderCount: Object.keys(orderCount).length > 0 ? orderCount : undefined,
+      }
+    : undefined;
+}
+
+function parseHeaderNumber(value: string | null): number | undefined {
+  if (value === null) {
+    return undefined;
+  }
+
+  const parsed = Number(value);
+  return Number.isFinite(parsed) ? parsed : undefined;
+}

package/src/adapters/juplend/private-adapter.ts

@@ -699,6 +699,7 @@ export class JuplendPrivateAdapter implements PrivateUserDataAdapter {
     private readonly options: {
       readonly fetchFn?: FetchLike;
       readonly httpTimeoutMs?: number;
+      readonly pollIntervalMs?: number;
     } = {},
   ) {}
 
@@ -762,13 +763,13 @@ export class JuplendPrivateAdapter implements PrivateUserDataAdapter {
   createPrivateStream(
     credentials: AccountCredentials,
     callbacks: PrivateStreamCallbacks,
-    options: PrivateStreamOptions,
+    _options: PrivateStreamOptions,
     accountOptions?: Record<string, unknown>,
   ): StreamHandle {
     let closed = false;
     let timer: ReturnType<typeof setTimeout> | undefined;
     const pollIntervalMs =
-      options.juplendPollIntervalMs ?? DEFAULT_POLL_INTERVAL_MS;
+      this.options.pollIntervalMs ?? DEFAULT_POLL_INTERVAL_MS;
 
     const poll = async (): Promise<void> => {
       try {

package/src/adapters/types.ts

@@ -210,7 +210,6 @@ export interface PrivateStreamOptions {
   reconnectDelayMs: number;
   reconnectMaxDelayMs: number;
   listenKeyKeepAliveMs: number;
-  juplendPollIntervalMs?: number;
   now?: () => number;
 }
 

package/src/client/context.ts

@@ -13,6 +13,7 @@ import type {
   PrivateRuntimeReason,
   PrivateRuntimeStatus,
   Venue,
+  VenueOrderCapabilities,
 } from "../types/index.ts";
 
 export interface RegisteredAccountRecord {
@@ -26,6 +27,7 @@ export interface ClientContext {
   now(): number;
   assertStarted(): void;
   getRegisteredAccount(accountId: string): RegisteredAccountRecord;
+  getPrivateOrderCapabilities(venue: Venue): VenueOrderCapabilities | undefined;
   ensurePrivateCredentials(accountId: string): void;
   subscribePrivateAccountFeed(accountId: string): Promise<void>;
   unsubscribePrivateAccountFeed(accountId: string): void;
@@ -105,13 +107,11 @@ export interface PrivateOrderDataConsumer {
 
 export function hasPrivateCredentials(
   credentials?: AccountCredentials,
-  venue?: Venue,
+  credentialsRequired = true,
 ): boolean {
-  if (venue === "juplend") {
-    return true;
-  }
-
-  return Boolean(credentials?.apiKey && credentials.secret);
+  return credentialsRequired
+    ? Boolean(credentials?.apiKey && credentials.secret)
+    : true;
 }
 
 export function mergeCredentials(

package/src/client/private-subscription-coordinator.ts

@@ -73,7 +73,6 @@ export class PrivateSubscriptionCoordinator {
   private readonly streamReconnectMaxDelayMs: number;
   private readonly listenKeyKeepAliveMs: number;
   private readonly binanceRiskPollIntervalMs: number;
-  private readonly juplendPollIntervalMs?: number;
   private readonly records = new Map<string, PrivateSubscriptionRecord>();
 
   constructor(
@@ -102,7 +101,6 @@ export class PrivateSubscriptionCoordinator {
       options.binance?.riskPollIntervalMs,
       DEFAULT_BINANCE_RISK_POLL_INTERVAL_MS,
     );
-    this.juplendPollIntervalMs = options.juplend?.pollIntervalMs;
   }
 
   async subscribeAccountFeed(accountId: string): Promise<void> {
@@ -115,7 +113,8 @@ export class PrivateSubscriptionCoordinator {
     }
 
     try {
-      if (record.venue === "juplend") {
+      const adapter = this.getAdapter(record.venue);
+      if (adapter.accountCapabilities.updates === "polling") {
         await this.bootstrapAccount(record, account);
         await this.ensureStream(record, account);
       } else {
@@ -233,7 +232,11 @@ export class PrivateSubscriptionCoordinator {
     this.stopAccountRefreshPolling(record);
 
     try {
-      if (record.venue === "juplend" && record.accountSubscribed) {
+      const adapter = this.getAdapter(record.venue);
+      if (
+        adapter.accountCapabilities.updates === "polling" &&
+        record.accountSubscribed
+      ) {
         await this.bootstrapAccount(record, account);
         await this.ensureStream(record, account);
       } else {
@@ -318,7 +321,7 @@ export class PrivateSubscriptionCoordinator {
 
   private ensureAccountRefreshPolling(record: PrivateSubscriptionRecord): void {
     if (
-      record.venue !== "binance" ||
+      typeof this.getAdapter(record.venue).refreshAccount !== "function" ||
       !record.accountSubscribed ||
       record.accountRefreshTimer ||
       record.accountRefreshInFlight
@@ -339,7 +342,10 @@ export class PrivateSubscriptionCoordinator {
   }
 
   private scheduleAccountRefreshPoll(record: PrivateSubscriptionRecord): void {
-    if (record.venue !== "binance" || !record.accountSubscribed) {
+    if (
+      typeof this.getAdapter(record.venue).refreshAccount !== "function" ||
+      !record.accountSubscribed
+    ) {
       return;
     }
 
@@ -348,7 +354,7 @@ export class PrivateSubscriptionCoordinator {
       record.accountRefreshTimer = undefined;
       if (
         generation !== record.accountRefreshGeneration ||
-        record.venue !== "binance" ||
+        typeof this.getAdapter(record.venue).refreshAccount !== "function" ||
         !record.accountSubscribed
       ) {
         return;
@@ -374,7 +380,10 @@ export class PrivateSubscriptionCoordinator {
           }
 
           record.accountRefreshInFlight = undefined;
-          if (record.accountSubscribed && record.venue === "binance") {
+          if (
+            record.accountSubscribed &&
+            typeof this.getAdapter(record.venue).refreshAccount === "function"
+          ) {
             this.scheduleAccountRefreshPoll(record);
           }
         });
@@ -488,15 +497,15 @@ export class PrivateSubscriptionCoordinator {
     record: PrivateSubscriptionRecord,
     account: RegisteredAccountRecord,
   ): Promise<void> {
+    const adapter = this.getAdapter(record.venue);
     const credentials = account.credentials;
-    if (!credentials && record.venue !== "juplend") {
+    if (adapter.accountCapabilities.credentialsRequired && !credentials) {
       throw new AcexError(
         "CREDENTIALS_MISSING",
         `Account credentials are required for private subscriptions: ${account.accountId}`,
       );
     }
 
-    const adapter = this.getAdapter(record.venue);
     const stream = adapter.createPrivateStream(
       credentials ?? {},
       {
@@ -592,10 +601,9 @@ export class PrivateSubscriptionCoordinator {
         reconnectDelayMs: this.streamReconnectDelayMs,
         reconnectMaxDelayMs: this.streamReconnectMaxDelayMs,
         listenKeyKeepAliveMs: this.listenKeyKeepAliveMs,
-        juplendPollIntervalMs: this.juplendPollIntervalMs,
         now: () => this.context.now(),
       },
-      account.options,
+      { ...account.options, accountId: account.accountId },
     );
 
     record.stream = stream;
@@ -664,7 +672,8 @@ export class PrivateSubscriptionCoordinator {
     account: RegisteredAccountRecord,
   ): Promise<void> {
     try {
-      const bootstrap = await this.getAdapter(record.venue).bootstrapAccount(
+      const adapter = this.getAdapter(record.venue);
+      const bootstrap = await adapter.bootstrapAccount(
         account.credentials ?? {},
         { ...account.options, accountId: account.accountId },
       );
@@ -700,7 +709,10 @@ export class PrivateSubscriptionCoordinator {
           ready: false,
           reason: transportReason(
             error,
-            record.venue === "juplend" ? "http_failed" : "auth_failed",
+            this.getAdapter(record.venue).accountCapabilities
+              .credentialsRequired
+              ? "auth_failed"
+              : "http_failed",
           ),
         },
       );
@@ -719,7 +731,7 @@ export class PrivateSubscriptionCoordinator {
     try {
       const snapshots = await this.getAdapter(record.venue).bootstrapOpenOrders(
         account.credentials ?? {},
-        account.options,
+        { ...account.options, accountId: account.accountId },
       );
       if (!record.ordersSubscribed) {
         return;

package/src/client/runtime.ts

@@ -12,6 +12,7 @@ import type {
 import { AcexError, type AcexErrorCode } from "../errors.ts";
 import { AsyncEventBus } from "../internal/async-event-bus.ts";
 import { matchesHealthFilter } from "../internal/filters.ts";
+import { ReactiveRateLimiter } from "../internal/rate-limiter.ts";
 import { AccountManagerImpl } from "../managers/account-manager.ts";
 import { MarketManagerImpl } from "../managers/market-manager.ts";
 import { OrderManagerImpl } from "../managers/order-manager.ts";
@@ -37,6 +38,7 @@ import type {
   StopOptions,
   Venue,
   VenueCapabilities,
+  VenueOrderCapabilities,
 } from "../types/index.ts";
 import {
   type ClientContext,
@@ -102,15 +104,20 @@ export class AcexClientImpl implements AcexClient, ClientContext {
   constructor(options: CreateClientOptions = {}) {
     activeClients.add(this);
 
-    const marketAdapter = new BinanceMarketAdapter();
+    const rateLimiter = options.rateLimiter ?? new ReactiveRateLimiter();
+    const marketAdapter = new BinanceMarketAdapter({ rateLimiter });
     this.marketAdapters = new Map([[marketAdapter.venue, marketAdapter]]);
     const privateAdapters = [
       new BinancePrivateAdapter({
         signingClock: options.clock,
+        rateLimiter,
       }),
       new JuplendPrivateAdapter(
         options.account?.juplend?.rpcUrl,
         options.account?.juplend?.jupApiKey,
+        {
+          pollIntervalMs: options.account?.juplend?.pollIntervalMs,
+        },
       ),
     ];
     this.privateAdapters = new Map(
@@ -295,9 +302,20 @@ export class AcexClientImpl implements AcexClient, ClientContext {
     return account;
   }
 
+  getPrivateOrderCapabilities(
+    venue: Venue,
+  ): VenueOrderCapabilities | undefined {
+    return this.privateAdapters.get(venue)?.orderCapabilities;
+  }
+
   ensurePrivateCredentials(accountId: string): void {
     const account = this.getRegisteredAccount(accountId);
-    if (hasPrivateCredentials(account.credentials, account.venue)) {
+    if (
+      hasPrivateCredentials(
+        account.credentials,
+        this.getPrivateCredentialsRequired(account.venue),
+      )
+    ) {
       return;
     }
 
@@ -341,7 +359,7 @@ export class AcexClientImpl implements AcexClient, ClientContext {
     return this.getPrivateAdapter(account.venue).createOrder(
       account.credentials ?? {},
       request,
-      account.options,
+      { ...account.options, accountId: account.accountId },
     );
   }
 
@@ -356,7 +374,7 @@ export class AcexClientImpl implements AcexClient, ClientContext {
     return this.getPrivateAdapter(account.venue).cancelOrder(
       account.credentials ?? {},
       request,
-      account.options,
+      { ...account.options, accountId: account.accountId },
     );
   }
 
@@ -369,7 +387,7 @@ export class AcexClientImpl implements AcexClient, ClientContext {
     return this.getPrivateAdapter(account.venue).cancelAllOrders(
       account.credentials ?? {},
       request,
-      account.options,
+      { ...account.options, accountId: account.accountId },
     );
   }
 
@@ -426,7 +444,7 @@ export class AcexClientImpl implements AcexClient, ClientContext {
   private getPrivateCommandAccount(accountId: string): RegisteredAccountRecord {
     const account = this.getRegisteredAccount(accountId);
     const adapter = this.getPrivateAdapter(account.venue);
-    if (adapter.venue === "juplend") {
+    if (!adapter.orderCapabilities.supported) {
       throw this.createError(
         "VENUE_NOT_SUPPORTED",
         `Venue does not support private order commands: ${account.venue}`,
@@ -434,7 +452,12 @@ export class AcexClientImpl implements AcexClient, ClientContext {
       );
     }
 
-    if (!hasPrivateCredentials(account.credentials, account.venue)) {
+    if (
+      !hasPrivateCredentials(
+        account.credentials,
+        adapter.accountCapabilities.credentialsRequired,
+      )
+    ) {
       throw this.createError(
         "CREDENTIALS_MISSING",
         `Account credentials are required for private order commands: ${accountId}`,
@@ -445,6 +468,13 @@ export class AcexClientImpl implements AcexClient, ClientContext {
     return account;
   }
 
+  private getPrivateCredentialsRequired(venue: Venue): boolean {
+    return (
+      this.privateAdapters.get(venue)?.accountCapabilities
+        .credentialsRequired ?? true
+    );
+  }
+
   private getPrivateAdapter(venue: Venue): PrivateUserDataAdapter {
     const adapter = this.privateAdapters.get(venue);
     if (!adapter) {

package/src/internal/rate-limiter.ts

@@ -0,0 +1,181 @@
+import type {
+  RateLimiter,
+  RateLimitRequestContext,
+  RateLimitResponseContext,
+  RateLimitScope,
+  RateLimitSnapshot,
+  RateLimitTransportErrorContext,
+  RateLimitUsage,
+} from "../types/index.ts";
+
+interface ReactiveRateLimiterOptions {
+  readonly now?: () => number;
+  readonly sleep?: (ms: number) => Promise<void>;
+  readonly defaultRateLimitMs?: number;
+  readonly defaultBanMs?: number;
+}
+
+interface RateLimitState {
+  usage?: RateLimitUsage;
+  blockedUntil?: number;
+  retryAfterMs?: number;
+  state: RateLimitSnapshot["state"];
+  updatedAt?: number;
+}
+
+const DEFAULT_RATE_LIMIT_MS = 0;
+const DEFAULT_BAN_MS = 60_000;
+
+export class ReactiveRateLimiter implements RateLimiter {
+  private readonly now: () => number;
+  private readonly sleep: (ms: number) => Promise<void>;
+  private readonly defaultRateLimitMs: number;
+  private readonly defaultBanMs: number;
+  private readonly states = new Map<string, RateLimitState>();
+
+  constructor(options: ReactiveRateLimiterOptions = {}) {
+    this.now = options.now ?? Date.now;
+    this.sleep = options.sleep ?? defaultSleep;
+    this.defaultRateLimitMs =
+      options.defaultRateLimitMs ?? DEFAULT_RATE_LIMIT_MS;
+    this.defaultBanMs = options.defaultBanMs ?? DEFAULT_BAN_MS;
+  }
+
+  async beforeRequest(ctx: RateLimitRequestContext): Promise<void> {
+    const snapshot = this.getSnapshot(ctx.scope);
+    if (!snapshot?.blockedUntil || snapshot.blockedUntil <= this.now()) {
+      return;
+    }
+
+    await this.sleep(Math.max(0, snapshot.blockedUntil - this.now()));
+  }
+
+  afterResponse(
+    ctx: RateLimitRequestContext,
+    response: RateLimitResponseContext,
+  ): void {
+    if (response.usage) {
+      const existing = this.getState(ctx.scope);
+      const hasActiveBlock =
+        existing?.blockedUntil !== undefined &&
+        existing.blockedUntil > this.now();
+      this.updateState(ctx.scope, {
+        usage: cloneUsage(response.usage),
+        state: hasActiveBlock ? existing.state : "ok",
+      });
+    }
+  }
+
+  onTransportError(
+    ctx: RateLimitRequestContext,
+    error: RateLimitTransportErrorContext,
+  ): void {
+    if (error.usage) {
+      this.updateState(ctx.scope, {
+        usage: cloneUsage(error.usage),
+      });
+    }
+
+    if (error.status !== 429 && error.status !== 418) {
+      return;
+    }
+
+    const now = this.now();
+    const isBan = error.status === 418;
+    const retryAfterMs =
+      error.retryAfterMs ??
+      (isBan ? this.defaultBanMs : this.defaultRateLimitMs);
+    const blockedUntil =
+      retryAfterMs > 0
+        ? now + retryAfterMs
+        : this.getState(ctx.scope)?.blockedUntil;
+
+    this.updateState(ctx.scope, {
+      blockedUntil,
+      retryAfterMs,
+      state: isBan ? "banned" : "rate_limited",
+    });
+  }
+
+  getSnapshot(scope: RateLimitScope): RateLimitSnapshot | undefined {
+    const state = this.getState(scope);
+    if (!state) {
+      return undefined;
+    }
+
+    const now = this.now();
+    const blockedUntil =
+      state.blockedUntil !== undefined && state.blockedUntil > now
+        ? state.blockedUntil
+        : undefined;
+    const runtimeState =
+      blockedUntil === undefined && state.state !== "ok" ? "ok" : state.state;
+
+    return {
+      scope: { ...scope },
+      usage: state.usage ? cloneUsage(state.usage) : undefined,
+      blockedUntil,
+      retryAfterMs: blockedUntil ? state.retryAfterMs : undefined,
+      state: runtimeState,
+      updatedAt: state.updatedAt,
+    };
+  }
+
+  private getState(scope: RateLimitScope): RateLimitState | undefined {
+    return this.states.get(scopeKey(scope));
+  }
+
+  private updateState(
+    scope: RateLimitScope,
+    patch: Partial<RateLimitState>,
+  ): void {
+    const existing = this.getState(scope);
+    const nextBlockedUntil = maxOptional(
+      existing?.blockedUntil,
+      patch.blockedUntil,
+    );
+    const nextState =
+      patch.state ??
+      (nextBlockedUntil !== undefined
+        ? (existing?.state ?? "ok")
+        : existing?.state);
+
+    this.states.set(scopeKey(scope), {
+      usage: patch.usage ?? existing?.usage,
+      blockedUntil: nextBlockedUntil,
+      retryAfterMs: patch.retryAfterMs ?? existing?.retryAfterMs,
+      state: nextState ?? "ok",
+      updatedAt: this.now(),
+    });
+  }
+}
+
+function scopeKey(scope: RateLimitScope): string {
+  return [scope.venue, scope.accountId ?? "", scope.endpointKey].join("\0");
+}
+
+function cloneUsage(usage: RateLimitUsage): RateLimitUsage {
+  return {
+    weight: usage.weight ? { ...usage.weight } : undefined,
+    orderCount: usage.orderCount ? { ...usage.orderCount } : undefined,
+  };
+}
+
+function maxOptional(
+  left: number | undefined,
+  right: number | undefined,
+): number | undefined {
+  if (left === undefined) {
+    return right;
+  }
+  if (right === undefined) {
+    return left;
+  }
+  return Math.max(left, right);
+}
+
+function defaultSleep(ms: number): Promise<void> {
+  return new Promise((resolve) => {
+    setTimeout(resolve, ms);
+  });
+}

package/src/managers/order-manager.ts

@@ -102,7 +102,10 @@ export class OrderManagerImpl
   async subscribeOrders(input: SubscribeOrdersInput): Promise<void> {
     this.context.assertStarted();
     const account = this.context.getRegisteredAccount(input.accountId);
-    if (account.venue === "juplend") {
+    if (
+      this.context.getPrivateOrderCapabilities(account.venue)?.updates ===
+      "unsupported"
+    ) {
       throw this.createError(
         "VENUE_NOT_SUPPORTED",
         `Venue does not support private order subscriptions: ${account.venue}`,

package/src/types/shared.ts

@@ -29,6 +29,58 @@ export interface TimeProvider {
   now(): number;
 }
 
+export interface RateLimitScope {
+  venue: Venue;
+  accountId?: string;
+  endpointKey: string;
+}
+
+export interface RateLimitUsage {
+  /** Exchange request-weight usage by interval key, e.g. "1m". */
+  weight?: Record<string, number>;
+  /** Exchange order-count usage by interval key, separate from request weight. */
+  orderCount?: Record<string, number>;
+}
+
+export interface RateLimitRequestContext {
+  scope: RateLimitScope;
+}
+
+export interface RateLimitResponseContext {
+  status: number;
+  headers?: Headers;
+  usage?: RateLimitUsage;
+}
+
+export interface RateLimitTransportErrorContext {
+  status?: number;
+  headers?: Headers;
+  retryAfterMs?: number;
+  usage?: RateLimitUsage;
+}
+
+export interface RateLimitSnapshot {
+  scope: RateLimitScope;
+  usage?: RateLimitUsage;
+  blockedUntil?: number;
+  retryAfterMs?: number;
+  state: "ok" | "rate_limited" | "banned";
+  updatedAt?: number;
+}
+
+export interface RateLimiter {
+  beforeRequest(ctx: RateLimitRequestContext): Promise<void> | void;
+  afterResponse(
+    ctx: RateLimitRequestContext,
+    response: RateLimitResponseContext,
+  ): Promise<void> | void;
+  onTransportError(
+    ctx: RateLimitRequestContext,
+    error: RateLimitTransportErrorContext,
+  ): Promise<void> | void;
+  getSnapshot(scope: RateLimitScope): RateLimitSnapshot | undefined;
+}
+
 export interface MarketRuntimeOptions {
   l1InitialMessageTimeoutMs?: number;
   l1StaleAfterMs?: number;
@@ -55,6 +107,7 @@ export interface CreateClientOptions {
   sandbox?: boolean;
   /** Request/signing clock; local receivedAt/freshness clocks stay independent. */
   clock?: TimeProvider;
+  rateLimiter?: RateLimiter;
   logger?: Logger;
   logLevel?: LogLevel;
   market?: MarketRuntimeOptions;