@liquiditytech/rapidx-cli 1.0.26 → 1.0.28

package/dist/cli/help.js

@@ -13,7 +13,7 @@ export function formatCliHelp() {
         "  rapidx market get-ticker --symbol BINANCE_PERP_BTC_USDT --json",
         "  rapidx order preview --input '{\"symbol\":\"BINANCE_PERP_BTC_USDT\",\"side\":\"BUY\",\"orderType\":\"LIMIT\",\"price\":\"1\",\"quantity\":\"0.001\",\"maxNotional\":\"1\",\"clientOrderId\":\"example\"}' --json",
         "  rapidx order cancel-preview --input '{\"orderId\":\"<order-id>\"}' --json",
-        "  rapidx trade verify-live --input '{\"symbol\":\"BINANCE_PERP_BTC_USDT\",\"side\":\"BUY\",\"maxNotional\":\"10\",\"clientOrderId\":\"verify-001\",\"explicitUserConsent\":true}' --json",
+        "  rapidx trade verify-live --input '{\"symbol\":\"BINANCE_PERP_BTC_USDT\",\"side\":\"BUY\",\"maxNotional\":\"10\",\"clientOrderId\":\"verify-001\",\"explicitUserConsent\":true,\"acceptedRiskText\":\"I authorize a real verification order for BINANCE_PERP_BTC_USDT BUY maxNotional 10 with cancel cleanup.\"}' --json",
         "  rapidx mcp serve",
         "",
         "Domains:",

package/dist/core/contracts/capabilities.js

@@ -38,8 +38,8 @@ export const CAPABILITIES = [
     { capabilityId: "algo.amend", cliCommand: "rapidx algo amend", mcpTool: "rapidx/algo/amend", operationType: "TRADE_WRITE", riskLevel: "trade-write", inputSchema: "AlgoAmendInput", outputSchema: "AlgoOrderStatus", previewRequired: true },
     { capabilityId: "algo.cancel", cliCommand: "rapidx algo cancel", mcpTool: "rapidx/algo/cancel", operationType: "TRADE_WRITE", riskLevel: "trade-write", inputSchema: "AlgoCancelInput", outputSchema: "AlgoOrderStatus", previewRequired: true },
     { capabilityId: "algo.list", cliCommand: "rapidx algo list", mcpTool: "rapidx/algo/list", operationType: "TRADE_READ", riskLevel: "trade-read", inputSchema: "AlgoListInput", outputSchema: "AlgoList", previewRequired: false },
-    { capabilityId: "trading.verify", cliCommand: "rapidx self-check trade-verify", mcpTool: "rapidx/trading-verification", operationType: "TRADE_WRITE", riskLevel: "critical-trade-write", inputSchema: "TradingVerificationInput", outputSchema: "TradingVerificationReport", previewRequired: false },
-    { capabilityId: "trading.verify-live", cliCommand: "rapidx trade verify-live", mcpTool: "rapidx/trade/verify-live", operationType: "TRADE_WRITE", riskLevel: "critical-trade-write", inputSchema: "TradingVerificationInput", outputSchema: "TradingVerificationReport", previewRequired: false },
+    { capabilityId: "trading.verify", cliCommand: "rapidx self-check trade-verify", mcpTool: "rapidx/trading-verification", operationType: "TRADE_WRITE", riskLevel: "critical-trade-write", inputSchema: "TradingVerificationInput", outputSchema: "TradingVerificationReport", previewRequired: false, containsRealOrder: true, requiresExplicitHumanConfirmation: true, confirmationMode: "internal-preview-and-parameter-bound-consent" },
+    { capabilityId: "trading.verify-live", cliCommand: "rapidx trade verify-live", mcpTool: "rapidx/trade/verify-live", operationType: "TRADE_WRITE", riskLevel: "critical-trade-write", inputSchema: "TradingVerificationInput", outputSchema: "TradingVerificationReport", previewRequired: false, containsRealOrder: true, requiresExplicitHumanConfirmation: true, confirmationMode: "internal-preview-and-parameter-bound-consent" },
     { capabilityId: "invocation.check", cliCommand: "rapidx invocation check", operationType: "DIAGNOSTIC", riskLevel: "read", inputSchema: "InvocationCheckInput", outputSchema: "InvocationCompliance", previewRequired: false }
 ];
 export function getSchemaResult() {

package/dist/core/contracts/compatibility.js

@@ -1,7 +1,7 @@
 import { SCHEMA_VERSION } from "./types.js";
 import { RAPIDX_VERSION } from "../version.js";
 export const RAPIDX_SKILLS_DISTRIBUTION = "github";
-export const RAPIDX_SKILLS_VERSION = "1.0.1";
+export const RAPIDX_SKILLS_VERSION = "1.0.2";
 export const RAPIDX_SKILLS_SCHEMA_VERSION = "1.0.0";
 export function buildCompatibilityReport(input = {}) {
     const checks = [

package/dist/core/contracts/input-schema.js

@@ -4,8 +4,8 @@ const booleanSchema = { type: "boolean" };
 const numberSchema = { type: "number" };
 const symbolSchema = {
     type: "string",
-    description: "RapidX symbol, for example BINANCE_PERP_BTC_USDT or OKX_SWAP_BTC_USDT.",
-    examples: ["BINANCE_PERP_BTC_USDT", "OKX_SWAP_BTC_USDT"]
+    description: "RapidX symbol. Recommended format: BINANCE_PERP_<BASE>_<QUOTE>.",
+    examples: ["BINANCE_PERP_BTC_USDT", "BINANCE_PERP_ETH_USDT"]
 };
 const sideSchema = {
     type: "string",
@@ -46,6 +46,15 @@ const clientOrderIdSchema = {
     description: "Caller-generated idempotency key for the order request.",
     examples: ["agent-test-20260529-001"]
 };
+const explicitUserConsentSchema = {
+    type: "boolean",
+    description: "Must be true only after the human user explicitly authorizes this exact live verification request."
+};
+const acceptedRiskTextSchema = {
+    type: "string",
+    description: "Human confirmation text bound to the exact symbol, side, maxNotional, real-order risk, and cancel/cleanup behavior.",
+    examples: ["I authorize a real verification order for BINANCE_PERP_BTC_USDT BUY maxNotional 10 with cancel cleanup."]
+};
 const previewIdSchema = {
     type: "string",
     description: "Preview id returned by the matching preview tool or command.",
@@ -230,7 +239,14 @@ export function inputSchemaForName(name) {
         case "AlgoCancelInput":
             return objectSchema({ algoOrderId: stringSchema, clientOrderId: clientOrderIdSchema, previewId: previewIdSchema, continueConsentId: continueConsentIdSchema }, ["previewId", "continueConsentId"]);
         case "TradingVerificationInput":
-            return objectSchema({ symbol: symbolSchema, side: sideSchema, maxNotional: maxNotionalSchema, clientOrderId: clientOrderIdSchema, explicitUserConsent: booleanSchema, acceptedRiskText: stringSchema }, ["symbol", "side", "maxNotional", "clientOrderId"]);
+            return objectSchema({
+                symbol: symbolSchema,
+                side: sideSchema,
+                maxNotional: maxNotionalSchema,
+                clientOrderId: clientOrderIdSchema,
+                explicitUserConsent: explicitUserConsentSchema,
+                acceptedRiskText: acceptedRiskTextSchema
+            }, ["symbol", "side", "maxNotional", "clientOrderId", "explicitUserConsent", "acceptedRiskText"]);
         case "ConfigGetInput":
         case "ConfigUnsetInput":
             return objectSchema({ key: stringSchema }, ["key"]);

package/dist/core/self-check/live-trading-verification-probes.js

@@ -97,7 +97,7 @@ async function cleanupCheck(input) {
         openOrders: orders.filter((order) => {
             const state = normalizeOrderStatus(stringField(order, "orderState") ?? "OPEN");
             const orderSymbol = stringField(order, "sym") ?? stringField(order, "symbol") ?? symbol;
-            return orderSymbol === symbol && state !== "CANCELED" && state !== "REJECTED" && state !== "FILLED";
+            return orderSymbol === symbol && state !== "CANCELED" && state !== "REJECTED" && state !== "EXPIRED" && state !== "FILLED";
         }).length,
         unexpectedPositions: positions.filter((position) => {
             const positionSymbol = stringField(position, "sym") ?? stringField(position, "symbol");
@@ -244,6 +244,9 @@ function normalizeOrderStatus(state) {
         case "CANCELED":
         case "CANCEL_COMPLETE":
             return "CANCELED";
+        case "EXPIRED":
+        case "EXPIRE":
+            return "EXPIRED";
         case "REJECTED":
             return "REJECTED";
         default:

package/dist/core/self-check/run-self-check.js

@@ -1,4 +1,4 @@
-import { getSchemaResult } from "../contracts/capabilities.js";
+import { getSchemaResult, listMcpCapabilities } from "../contracts/capabilities.js";
 import { ProductError } from "../errors/product-error.js";
 import { checkForUpdate } from "../update/check-update.js";
 export async function runSelfCheck(options = {}) {
@@ -14,7 +14,9 @@ export async function runSelfCheck(options = {}) {
             timestamp: new Date().toISOString()
         });
     }
-    add({ name: "discovery", status: "PASS", source: "local_check", message: `${getSchemaResult().capabilities.length} capabilities loaded.` });
+    const canonicalCapabilityCount = getSchemaResult().capabilities.length;
+    const mcpToolCount = new Set(listMcpCapabilities().map((capability) => capability.mcpTool)).size;
+    add({ name: "discovery", status: "PASS", source: "local_check", message: `${canonicalCapabilityCount} canonical capabilities loaded; ${mcpToolCount} MCP tools available.` });
     add({ name: "schema-compatibility", status: "PASS", source: "local_check", message: "Canonical schema is available." });
     let update;
     if (options.input?.checkUpdates) {

package/dist/core/trading/trading-verification.js

@@ -13,7 +13,7 @@ export async function runTradingVerification(rawInput, probes = {}) {
     }
     catch (error) {
         if (error instanceof ProductError) {
-            return { submittedRealOrder: false, status: "FAIL", cleanupStatus: "NOT_VERIFIED", steps, errorCode: error.code, errorMessage: error.message };
+            return { submittedRealOrder: false, status: "FAIL", cleanupStatus: "NOT_VERIFIED", steps, errorCode: error.code, errorMessage: error.message, errorStage: "input-validation" };
         }
         throw error;
     }
@@ -26,20 +26,30 @@ export async function runTradingVerification(rawInput, probes = {}) {
         : selfCheckOptions);
     steps.push({ name: "self-check", status: selfCheck.status, toolOrCommandEvidence: "rapidx self-check --read-only --json" });
     if (selfCheck.status !== "PASS") {
-        return { submittedRealOrder: false, status: "NOT_VERIFIED", cleanupStatus: "NOT_VERIFIED", steps, errorCode: "RCORE10002" };
-    }
-    if (!input.explicitUserConsent) {
-        steps.push({ name: "preview", status: "BLOCKED", toolOrCommandEvidence: "user consent missing for small real trade verification" });
-        return { submittedRealOrder: false, status: "BLOCKED", cleanupStatus: "NOT_VERIFIED", steps, errorCode: "RCORE20001" };
+        return { submittedRealOrder: false, status: "NOT_VERIFIED", cleanupStatus: "NOT_VERIFIED", steps, errorCode: "RCORE10002", errorStage: "self-check" };
+    }
+    const consentProblem = validateParameterBoundConsent(input);
+    if (consentProblem) {
+        steps.push({ name: "preview", status: "BLOCKED", toolOrCommandEvidence: consentProblem });
+        return {
+            submittedRealOrder: false,
+            status: "BLOCKED",
+            cleanupStatus: "NOT_VERIFIED",
+            steps,
+            errorCode: "RCORE20001",
+            errorMessage: consentProblem,
+            errorStage: "user-consent",
+            recommendedAction: "Ask the human user to confirm the exact symbol, side, maxNotional, real-order risk, and cancel cleanup behavior before running verify-live."
+        };
     }
     if (!probes.marketRules) {
         steps.push({ name: "market", status: "NOT_VERIFIED", toolOrCommandEvidence: "market rules probe missing" });
-        return { submittedRealOrder: false, status: "NOT_VERIFIED", cleanupStatus: "NOT_VERIFIED", steps, errorCode: "RCORE10002" };
+        return { submittedRealOrder: false, status: "NOT_VERIFIED", cleanupStatus: "NOT_VERIFIED", steps, errorCode: "RCORE10002", errorStage: "market" };
     }
     const marketRules = await probes.marketRules(input);
     if (Number(marketRules.minNotional) > Number(input.maxNotional)) {
         steps.push({ name: "market", status: "BLOCKED", toolOrCommandEvidence: `minNotional=${marketRules.minNotional};maxNotional=${input.maxNotional}` });
-        return { submittedRealOrder: false, status: "BLOCKED", cleanupStatus: "NOT_VERIFIED", steps, errorCode: "RCORE24001" };
+        return { submittedRealOrder: false, status: "BLOCKED", cleanupStatus: "NOT_VERIFIED", steps, errorCode: "RCORE24001", errorStage: "market" };
     }
     steps.push({ name: "market", status: "PASS", toolOrCommandEvidence: `minNotional=${marketRules.minNotional};tickSize=${marketRules.tickSize}` });
     const capability = findCapabilityById("order.preview");
@@ -60,18 +70,18 @@ export async function runTradingVerification(rawInput, probes = {}) {
     steps.push({ name: "preview", status: "PASS", toolOrCommandEvidence: preview.previewId });
     if (!probes.placeOrder) {
         steps.push({ name: "place", status: "NOT_VERIFIED", toolOrCommandEvidence: "placeOrder probe missing" });
-        return { submittedRealOrder: false, status: "NOT_VERIFIED", cleanupStatus: "NOT_VERIFIED", steps, previewId: preview.previewId, errorCode: "RCORE23001" };
+        return { submittedRealOrder: false, status: "NOT_VERIFIED", cleanupStatus: "NOT_VERIFIED", steps, previewId: preview.previewId, errorCode: "RCORE23001", errorStage: "place" };
     }
     const placed = await probes.placeOrder({ ...input, previewId: preview.previewId, orderType: "LIMIT", postOnly: true, price, quantity });
     steps.push({ name: "place", status: "PASS", toolOrCommandEvidence: placed.requestId ?? placed.orderId });
     if (!probes.queryOrder) {
         steps.push({ name: "query", status: "NOT_VERIFIED", toolOrCommandEvidence: "queryOrder probe missing" });
-        return { submittedRealOrder: true, status: "NOT_VERIFIED", cleanupStatus: "NOT_VERIFIED", steps, previewId: preview.previewId, errorCode: "RCORE23001" };
+        return { submittedRealOrder: true, status: "NOT_VERIFIED", cleanupStatus: "NOT_VERIFIED", steps, previewId: preview.previewId, errorCode: "RCORE23001", errorStage: "query" };
     }
     const queried = await probes.queryOrder(placed);
     if (queried.status === "UNKNOWN") {
         steps.push({ name: "query", status: "NOT_VERIFIED", toolOrCommandEvidence: queried.orderId });
-        return { submittedRealOrder: true, status: "NOT_VERIFIED", cleanupStatus: "NOT_VERIFIED", steps, previewId: preview.previewId, errorCode: "RCORE23001" };
+        return { submittedRealOrder: true, status: "NOT_VERIFIED", cleanupStatus: "NOT_VERIFIED", steps, previewId: preview.previewId, errorCode: "RCORE23001", errorStage: "query", lastObservedOrderState: queried.status };
     }
     steps.push({ name: "query", status: "PASS", toolOrCommandEvidence: `${queried.orderId}:${queried.status}` });
     let currentOrder = queried;
@@ -79,7 +89,7 @@ export async function runTradingVerification(rawInput, probes = {}) {
         currentOrder = await probes.amendOrder(currentOrder);
         steps.push({ name: "amend", status: currentOrder.status === "UNKNOWN" ? "NOT_VERIFIED" : "PASS", toolOrCommandEvidence: `${currentOrder.orderId}:${currentOrder.status}` });
         if (currentOrder.status === "UNKNOWN") {
-            return { submittedRealOrder: true, status: "NOT_VERIFIED", cleanupStatus: "NOT_VERIFIED", steps, previewId: preview.previewId, errorCode: "RCORE23001" };
+            return { submittedRealOrder: true, status: "NOT_VERIFIED", cleanupStatus: "NOT_VERIFIED", steps, previewId: preview.previewId, errorCode: "RCORE23001", errorStage: "amend", lastObservedOrderState: currentOrder.status };
         }
     }
     else {
@@ -87,22 +97,23 @@ export async function runTradingVerification(rawInput, probes = {}) {
     }
     if (!probes.cancelOrder) {
         steps.push({ name: "cancel", status: "FAIL", toolOrCommandEvidence: "cancelOrder probe missing" });
-        return { submittedRealOrder: true, status: "FAIL", cleanupStatus: "FAIL", steps, previewId: preview.previewId, errorCode: "RCORE24002" };
+        return cleanupFailureReport(steps, preview.previewId, "cancel", undefined, "cancelOrder probe missing");
     }
-    currentOrder = await probes.cancelOrder(currentOrder);
-    if (currentOrder.status !== "CANCELED") {
-        steps.push({ name: "cancel", status: "FAIL", toolOrCommandEvidence: `${currentOrder.orderId}:${currentOrder.status}` });
-        return { submittedRealOrder: true, status: "FAIL", cleanupStatus: "FAIL", steps, previewId: preview.previewId, errorCode: "RCORE24002" };
+    const cancelConfirmation = await confirmCancel(currentOrder, probes);
+    currentOrder = cancelConfirmation.order;
+    if (!cancelConfirmation.confirmed) {
+        steps.push({ name: "cancel", status: "FAIL", toolOrCommandEvidence: cancelConfirmation.evidence });
+        return cleanupFailureReport(steps, preview.previewId, "cancel-confirmation", currentOrder.status);
     }
-    steps.push({ name: "cancel", status: "PASS", toolOrCommandEvidence: `${currentOrder.orderId}:${currentOrder.status}` });
+    steps.push({ name: "cancel", status: "PASS", toolOrCommandEvidence: cancelConfirmation.evidence });
     if (!probes.cleanupCheck) {
         steps.push({ name: "cleanup-check", status: "NOT_VERIFIED", toolOrCommandEvidence: "cleanupCheck probe missing" });
-        return { submittedRealOrder: true, status: "NOT_VERIFIED", cleanupStatus: "NOT_VERIFIED", steps, previewId: preview.previewId, errorCode: "RCORE24002" };
+        return { submittedRealOrder: true, status: "NOT_VERIFIED", cleanupStatus: "NOT_VERIFIED", steps, previewId: preview.previewId, errorCode: "RCORE24002", errorStage: "cleanup-check", recommendedAction: "Query order/list and position/list before retrying verify-live." };
     }
     const cleanup = await probes.cleanupCheck(currentOrder);
     if (cleanup.openOrders !== 0 || cleanup.unexpectedPositions !== 0) {
         steps.push({ name: "cleanup-check", status: "FAIL", toolOrCommandEvidence: `openOrders=${cleanup.openOrders};unexpectedPositions=${cleanup.unexpectedPositions}` });
-        return { submittedRealOrder: true, status: "FAIL", cleanupStatus: "FAIL", steps, previewId: preview.previewId, errorCode: "RCORE24002" };
+        return cleanupFailureReport(steps, preview.previewId, "cleanup-check", currentOrder.status, `cleanup still shows openOrders=${cleanup.openOrders}; unexpectedPositions=${cleanup.unexpectedPositions}`);
     }
     steps.push({ name: "cleanup-check", status: "PASS", toolOrCommandEvidence: "openOrders=0;unexpectedPositions=0" });
     return {
@@ -127,6 +138,80 @@ function normalizeTradingVerificationInput(input) {
     }
     return normalized;
 }
+function validateParameterBoundConsent(input) {
+    if (!input.explicitUserConsent) {
+        return "user consent missing for small real trade verification";
+    }
+    const text = input.acceptedRiskText?.trim() ?? "";
+    const upperText = text.toUpperCase();
+    const lowerText = text.toLowerCase();
+    const missing = [];
+    if (text.length < 20) {
+        missing.push("acceptedRiskText");
+    }
+    if (!upperText.includes(input.symbol.toUpperCase())) {
+        missing.push("symbol");
+    }
+    if (!upperText.includes(input.side)) {
+        missing.push("side");
+    }
+    if (!text.includes(input.maxNotional)) {
+        missing.push("maxNotional");
+    }
+    if (!lowerText.includes("real") && !text.includes("真实")) {
+        missing.push("real-order risk");
+    }
+    if (!lowerText.includes("cancel") && !lowerText.includes("cleanup") && !text.includes("取消") && !text.includes("清理")) {
+        missing.push("cancel cleanup");
+    }
+    if (missing.length > 0) {
+        return `acceptedRiskText must include ${missing.join(", ")} for this exact verify-live request`;
+    }
+    return undefined;
+}
+async function confirmCancel(order, probes) {
+    const observations = [];
+    let current = await probes.cancelOrder(order);
+    observations.push(current.status);
+    if (isSafeCancelTerminalState(current.status)) {
+        return { confirmed: true, order: current, evidence: `${current.orderId}:${observations.join("->")}` };
+    }
+    const delays = probes.cancelConfirmationDelaysMs ?? [100, 250, 500, 1_000, 2_000];
+    const wait = probes.wait ?? defaultWait;
+    for (const delay of delays) {
+        await wait(delay);
+        if (!probes.queryOrder) {
+            break;
+        }
+        current = await probes.queryOrder(current);
+        observations.push(current.status);
+        if (isSafeCancelTerminalState(current.status)) {
+            return { confirmed: true, order: current, evidence: `${current.orderId}:${observations.join("->")}` };
+        }
+    }
+    return { confirmed: false, order: current, evidence: `${current.orderId}:${observations.join("->")}` };
+}
+function isSafeCancelTerminalState(status) {
+    return status === "CANCELED" || status === "EXPIRED" || status === "REJECTED";
+}
+function defaultWait(milliseconds) {
+    return new Promise((resolve) => setTimeout(resolve, milliseconds));
+}
+function cleanupFailureReport(steps, previewId, errorStage, lastObservedOrderState, detail) {
+    return {
+        submittedRealOrder: true,
+        status: "FAIL",
+        cleanupStatus: "FAIL",
+        steps,
+        previewId,
+        errorCode: "RCORE24002",
+        errorMessage: detail ?? "Trading verification cleanup could not be confirmed.",
+        errorStage,
+        ...(lastObservedOrderState ? { lastObservedOrderState } : {}),
+        expectedOrderStates: ["CANCELED", "EXPIRED", "REJECTED"],
+        recommendedAction: "Query order/get, order/list, and position/list before retrying; do not submit another verification until cleanup is confirmed."
+    };
+}
 function quantityForNotional(minNotional, price) {
     const priceNumber = Number(price);
     const minNotionalNumber = Number(minNotional);

package/dist/core/version.js

@@ -1 +1 @@
-export const RAPIDX_VERSION = "1.0.26";
+export const RAPIDX_VERSION = "1.0.28";

package/dist/mcp/tool-registry.js

@@ -10,13 +10,20 @@ export function getMcpToolDefinitions() {
         const canonical = capabilityForTool(capability.mcpTool);
         tools.push({
             name: capability.mcpTool,
-            description: `RapidX ${canonical.capabilityId} (${canonical.riskLevel}, schema ${SCHEMA_VERSION})`,
+            description: toolDescription(canonical),
             inputSchema: inputSchemaForName(canonical.inputSchema),
             capability: canonical
         });
     }
     return tools.sort((a, b) => a.name.localeCompare(b.name));
 }
+function toolDescription(capability) {
+    const base = `RapidX ${capability.capabilityId} (${capability.riskLevel}, schema ${SCHEMA_VERSION})`;
+    if (!capability.containsRealOrder) {
+        return base;
+    }
+    return `${base}. This submits a real verification order and requires explicit human confirmation bound to symbol, side, maxNotional, and cancel cleanup behavior.`;
+}
 export function capabilityForTool(toolName) {
     const overrideId = toolName === "rapidx/tools"
         ? "schema.discover"

package/dist/mcp/tool-runner.js

@@ -13,7 +13,10 @@ export async function runMcpTool(toolName, input = {}) {
                     riskLevel: tool.capability.riskLevel,
                     inputSchema: tool.capability.inputSchema,
                     outputSchema: tool.capability.outputSchema,
-                    previewRequired: tool.capability.previewRequired
+                    previewRequired: tool.capability.previewRequired,
+                    containsRealOrder: tool.capability.containsRealOrder === true,
+                    requiresExplicitHumanConfirmation: tool.capability.requiresExplicitHumanConfirmation === true,
+                    confirmationMode: tool.capability.confirmationMode
                 }))
             };
             const auditId = writeMcpAudit("tools/list", "PASS", { toolName });

package/package.json

@@ -1,13 +1,10 @@
 {
   "name": "@liquiditytech/rapidx-cli",
-  "version": "1.0.26",
+  "version": "1.0.28",
   "description": "RapidX CLI, MCP server mode, registry, and release assets.",
   "type": "module",
   "private": false,
-  "repository": {
-    "type": "git",
-    "url": "git+ssh://git@github.com/LiquidityTech/ltp-rapidx-cli-mcp.git"
-  },
+  "license": "UNLICENSED",
   "publishConfig": {
     "registry": "https://registry.npmjs.org/",
     "access": "public"

package/packages/distribution/docs/mcp.md

@@ -31,6 +31,6 @@ Key trading tools:
 - `rapidx/trade/preview` creates preview tokens for non-place trade writes by `targetCapabilityId`, including position, account, and algo writes.
 - `rapidx/position/history` reads historical positions.
 - `rapidx/account/set-position-mode` changes account position mode and requires preview plus explicit continuation consent.
-- `rapidx/trade/verify-live` runs the optional small real-trade verification flow with `explicitUserConsent`; it creates its own internal preview and does not accept an external `previewId`. `rapidx/trading-verification` remains supported as a compatibility alias.
+- `rapidx/trade/verify-live` runs the optional small real-trade verification flow with `explicitUserConsent` and parameter-bound `acceptedRiskText`; it creates its own internal preview and does not accept an external `previewId`. `rapidx/trading-verification` remains supported as a compatibility alias.
 
 Agents must discover the full tool list through `rapidx/tools` and must not invent tool names.

package/packages/distribution/docs/quickstart.md

@@ -126,4 +126,4 @@ When submitting the actual write, pass the returned `previewId` and use `confirm
 
 `maxNotional` is a safety upper bound, not the target order amount. If a requested amount is below the symbol `minNotional`, ask the user to confirm the larger amount before submitting. For `position.close`, do not pass `side` or `quantity`; RapidX determines the close side from the current position and closes the target symbol/positionSide. Use a reduce-only order flow for partial closes, then check final exposure with `position list`.
 
-Use `rapidx trade verify-live --json` only when the user explicitly authorizes a small real-trade verification. The older `rapidx self-check trade-verify --json` command remains supported for compatibility.
+Use `rapidx trade verify-live --json` only when the user explicitly authorizes a small real-trade verification. Include `acceptedRiskText` that names the exact symbol, side, maxNotional, real-order risk, and cancel cleanup behavior. The older `rapidx self-check trade-verify --json` command remains supported for compatibility.

package/packages/distribution/docs/tools.md

@@ -30,6 +30,6 @@ The canonical source is `rapidx schema --json` or `rapidx/tools`.
 - Position writes: close and set leverage.
 - Account writes: set position mode.
 - Algo writes: place, amend, and cancel.
-- Live verification: `rapidx/trade/verify-live` is the clearer alias for the small real-trade verification flow. `rapidx/trading-verification` remains supported for compatibility.
+- Live verification: `rapidx/trade/verify-live` is the clearer alias for the small real-trade verification flow. It submits a real verification order and requires `acceptedRiskText` bound to the exact symbol, side, maxNotional, real-order risk, and cancel cleanup behavior. `rapidx/trading-verification` remains supported for compatibility.
 
 All write tools require preview where the schema marks `previewRequired: true`.

package/packages/distribution/manifests/offline-manifest.json

@@ -1,25 +1,25 @@
 {
-  "version": "1.0.26",
+  "version": "1.0.28",
   "artifacts": [
     {
       "name": "rapidx-mcp-registry",
       "path": "packages/distribution/registry/rapidx.mcp.json",
       "channel": "offline",
-      "checksum": "sha256:a27d7e64537c0b39574b06887e1a0f4a689851901614216a509fd19c04fdbf98",
+      "checksum": "sha256:0e4bbf784d784442bd296e4ca6d490733ccd40e50f7b299b211b5fdb4dcb465d",
       "status": "ready"
     },
     {
       "name": "rapidx-quickstart-doc",
       "path": "packages/distribution/docs/quickstart.md",
       "channel": "offline",
-      "checksum": "sha256:7d8f511a5dbe803e7a19ede0be79f6bf1b77942dbafa45d0ce87fb3b098f7829",
+      "checksum": "sha256:0f78bb814c60ec3f5ac1053cac49c1c1e768ff529b70b32e44a31f96ad8a1e95",
       "status": "ready"
     },
     {
       "name": "rapidx-tools-doc",
       "path": "packages/distribution/docs/tools.md",
       "channel": "offline",
-      "checksum": "sha256:ee6adae99a6facfd5f1c3dced86c7a28eafd11ecbe7e2a7eda159a6aa788a245",
+      "checksum": "sha256:ab953a5e40024e9171ad7510bd37fef20e6aa9c6d89bfc219160cb33bb465712",
       "status": "ready"
     }
   ]

package/packages/distribution/registry/rapidx.mcp.json

@@ -1,7 +1,7 @@
 {
   "name": "rapidx",
   "packageName": "@liquiditytech/rapidx-cli",
-  "version": "1.0.26",
+  "version": "1.0.28",
   "command": "rapidx",
   "args": ["mcp", "serve"],
   "launchCommand": "rapidx",