@liquiditytech/rapidx-cli 1.0.26

package/dist/core/safety/policy.js

@@ -0,0 +1,215 @@
+import { createHash } from "node:crypto";
+import { buildCompatibilityReport } from "../contracts/compatibility.js";
+import { ProductError } from "../errors/product-error.js";
+const TRADING_DOMAINS = new Set(["account", "order", "position", "algo"]);
+export function defaultSafetyPolicy() {
+    const policy = {
+        readOnly: process.env.RAPIDX_READ_ONLY === "true",
+        tradingEnabled: process.env.RAPIDX_TRADING_ENABLED === "true",
+        duplicateWindowMs: 30_000,
+        requirePostOnlyForVerification: true
+    };
+    if (process.env.RAPIDX_MAX_NOTIONAL) {
+        policy.maxNotional = process.env.RAPIDX_MAX_NOTIONAL;
+    }
+    return policy;
+}
+export function makeSafetyState(nowMs = () => Date.now()) {
+    return {
+        recentClientOrderIds: new Map(),
+        nowMs
+    };
+}
+export function stableParamsHash(input) {
+    return createHash("sha256").update(stableStringify(input)).digest("hex");
+}
+export function stableStringify(input) {
+    if (Array.isArray(input)) {
+        return `[${input.map((item) => stableStringify(item)).join(",")}]`;
+    }
+    if (input && typeof input === "object") {
+        return `{${Object.entries(input)
+            .sort(([a], [b]) => a.localeCompare(b))
+            .map(([key, value]) => `${JSON.stringify(key)}:${stableStringify(value)}`)
+            .join(",")}}`;
+    }
+    return JSON.stringify(input);
+}
+export function evaluateSafety(capability, input, policy, state = makeSafetyState()) {
+    const paramsHash = stableParamsHash(input);
+    if (capability.operationType !== "TRADE_WRITE") {
+        return { allowed: true, paramsHash };
+    }
+    if (policy.readOnly) {
+        return { allowed: false, code: "RCORE21001", reason: "Read-only mode blocks trade write operations.", paramsHash };
+    }
+    if (!policy.tradingEnabled) {
+        return { allowed: false, code: "RCORE21001", reason: "Trading is not enabled.", paramsHash };
+    }
+    const compatibility = buildCompatibilityReport({
+        mcpSchemaVersion: stringValue(input.mcpSchemaVersion),
+        skillsVersion: stringValue(input.skillsVersion),
+        skillsSchemaVersion: stringValue(input.skillsSchemaVersion)
+    });
+    if (compatibility.status === "BLOCKED") {
+        return { allowed: false, code: "RCORE30001", reason: "CLI/MCP/Skills version compatibility check failed.", paramsHash };
+    }
+    const domain = capability.capabilityId.split(".")[0] ?? "";
+    if (TRADING_DOMAINS.has(domain)) {
+        const missing = requiredTradeFields(capability, input);
+        if (missing.length > 0) {
+            return {
+                allowed: false,
+                code: "RCORE00001",
+                reason: `Missing required trade fields: ${missing.join(", ")}.`,
+                paramsHash
+            };
+        }
+    }
+    if (capability.capabilityId === "position.set-leverage") {
+        const leverage = Number(input.leverage);
+        if (!Number.isInteger(leverage) || leverage < 1 || leverage > 125) {
+            return { allowed: false, code: "RCORE00001", reason: "leverage must be an integer from 1 to 125.", paramsHash };
+        }
+    }
+    if (capability.capabilityId === "account.set-position-mode") {
+        const mode = String(input.mode ?? "");
+        if (mode !== "BOTH" && mode !== "NET") {
+            return { allowed: false, code: "RCORE00001", reason: "mode must be BOTH or NET.", paramsHash };
+        }
+    }
+    if (String(input.orderType ?? "").toUpperCase() === "MARKET" && (policy.marketOrderPolicy ?? "BLOCK_BY_DEFAULT") === "BLOCK_BY_DEFAULT") {
+        return { allowed: false, code: "RCORE20002", reason: "Market orders are blocked by default.", paramsHash };
+    }
+    if (requiresNotionalLimit(capability)) {
+        const maxNotional = input.maxNotional ?? policy.maxNotional;
+        if (!maxNotional) {
+            return { allowed: false, code: "RCORE00001", reason: "maxNotional is required for exposure-changing trade writes.", paramsHash };
+        }
+        const notional = input.notional ?? estimateDirectNotional(input);
+        if (notional && Number(notional) > Number(maxNotional)) {
+            return { allowed: false, code: "RCORE24001", reason: "Requested notional exceeds maxNotional.", paramsHash };
+        }
+    }
+    const clientOrderId = typeof input.clientOrderId === "string" ? input.clientOrderId : undefined;
+    if (clientOrderId) {
+        const now = state.nowMs();
+        const seenAt = state.recentClientOrderIds.get(clientOrderId);
+        if (seenAt && now - seenAt < policy.duplicateWindowMs) {
+            return { allowed: false, code: "RCORE24004", reason: "Duplicate clientOrderId detected.", paramsHash };
+        }
+        state.recentClientOrderIds.set(clientOrderId, now);
+    }
+    return { allowed: true, paramsHash };
+}
+function requiredTradeFields(capability, input) {
+    const missing = [];
+    switch (capability.capabilityId) {
+        case "order.preview":
+        case "order.place-preview":
+        case "order.place":
+        case "algo.place":
+            requireString(input, "symbol", missing);
+            requireString(input, "side", missing);
+            requireString(input, "orderType", missing);
+            requireString(input, "clientOrderId", missing);
+            requireString(input, "maxNotional", missing);
+            if (!hasString(input, "quantity") && !hasString(input, "amount")) {
+                missing.push("quantity or amount");
+            }
+            if (String(input.orderType ?? "").toUpperCase() === "LIMIT") {
+                requireString(input, "price", missing);
+            }
+            if (capability.capabilityId === "algo.place") {
+                requireString(input, "algoType", missing);
+            }
+            break;
+        case "order.amend":
+            requireOneOf(input, ["orderId", "clientOrderId"], "orderId or clientOrderId", missing);
+            if (!hasString(input, "price") && !hasString(input, "quantity")) {
+                missing.push("price or quantity");
+            }
+            break;
+        case "order.cancel":
+            requireOneOf(input, ["orderId", "clientOrderId"], "orderId or clientOrderId", missing);
+            break;
+        case "position.close":
+            requireString(input, "symbol", missing);
+            if (input.reduceOnly !== true) {
+                missing.push("reduceOnly=true");
+            }
+            requireString(input, "maxNotional", missing);
+            break;
+        case "position.set-leverage":
+            requireString(input, "symbol", missing);
+            if (input.leverage === undefined) {
+                missing.push("leverage");
+            }
+            break;
+        case "account.set-position-mode":
+            requireString(input, "mode", missing);
+            requireString(input, "exchange", missing);
+            break;
+        case "algo.amend":
+            requireOneOf(input, ["algoOrderId", "clientOrderId"], "algoOrderId or clientOrderId", missing);
+            break;
+        case "algo.cancel":
+            requireOneOf(input, ["algoOrderId", "clientOrderId"], "algoOrderId or clientOrderId", missing);
+            break;
+    }
+    return missing;
+}
+function requiresNotionalLimit(capability) {
+    return capability.capabilityId === "order.preview"
+        || capability.capabilityId === "order.place-preview"
+        || capability.capabilityId === "order.place"
+        || capability.capabilityId === "algo.place"
+        || capability.capabilityId === "position.close";
+}
+function estimateDirectNotional(input) {
+    const symbol = typeof input.symbol === "string" ? input.symbol : "";
+    if (!symbol.startsWith("BINANCE_")) {
+        return undefined;
+    }
+    const price = parsePositiveNumber(input.price);
+    const quantity = parsePositiveNumber(input.quantity);
+    if (price === undefined || quantity === undefined) {
+        return undefined;
+    }
+    return String(price * quantity);
+}
+function parsePositiveNumber(value) {
+    if (typeof value !== "string" && typeof value !== "number") {
+        return undefined;
+    }
+    const parsed = Number(value);
+    if (!Number.isFinite(parsed) || parsed <= 0) {
+        return undefined;
+    }
+    return parsed;
+}
+function stringValue(value) {
+    return typeof value === "string" && value.length > 0 ? value : undefined;
+}
+function hasString(input, field) {
+    return typeof input[field] === "string" && input[field].length > 0;
+}
+function requireString(input, field, missing) {
+    if (!hasString(input, field)) {
+        missing.push(field);
+    }
+}
+function requireOneOf(input, fields, label, missing) {
+    if (!fields.some((field) => hasString(input, field))) {
+        missing.push(label);
+    }
+}
+export function assertSafety(decision) {
+    if (!decision.allowed) {
+        throw new ProductError({
+            code: decision.code ?? "RCORE20001",
+            status: "BLOCKED",
+            message: decision.reason ?? "Safety policy blocked the operation."
+        });
+    }
+}

package/dist/core/safety/raw-api.js

@@ -0,0 +1,19 @@
+import { ProductError } from "../errors/product-error.js";
+const RAW_TRADING_WRITE_DOMAINS = new Set(["order", "position", "algo", "trading"]);
+export function assertRawApiAllowed(input) {
+    if (input.bypassesAuth || input.bypassesPreview || input.bypassesSafety || input.bypassesAudit) {
+        return new ProductError({
+            code: "RCORE25002",
+            status: "BLOCKED",
+            message: "Raw API cannot bypass authentication, preview, safety policy, or audit."
+        });
+    }
+    if (input.operationType === "WRITE" && RAW_TRADING_WRITE_DOMAINS.has(input.domain)) {
+        return new ProductError({
+            code: "RCORE25001",
+            status: "BLOCKED",
+            message: "Raw trading write operations are not allowed."
+        });
+    }
+    return null;
+}

package/dist/core/self-check/live-read-only-probes.js

@@ -0,0 +1,25 @@
+import { executeRapidXCapability } from "../client/capability-executor.js";
+import { resolveCredential } from "../config/resolve.js";
+export function buildLiveReadOnlySelfCheck(input = {}) {
+    const credential = tryResolveEnvCredential();
+    if (!credential) {
+        return {};
+    }
+    const symbol = typeof input.symbol === "string" ? input.symbol : "BINANCE_PERP_BTC_USDT";
+    const probes = {
+        publicMarket: async () => executeRapidXCapability("market.ticker", { symbol }),
+        credentialAuth: async () => executeRapidXCapability("account.overview", {}),
+        accountRead: async () => executeRapidXCapability("account.balance", {}),
+        orderRead: async () => executeRapidXCapability("order.list", {}),
+        positionRead: async () => executeRapidXCapability("position.list", {})
+    };
+    return { credential, probes };
+}
+function tryResolveEnvCredential() {
+    try {
+        return resolveCredential({ ref: { source: "env" } });
+    }
+    catch {
+        return undefined;
+    }
+}

package/dist/core/self-check/live-trading-verification-probes.js

@@ -0,0 +1,252 @@
+import { executeRapidXCapability } from "../client/capability-executor.js";
+import { CORE_ERRORS, ProductError } from "../errors/product-error.js";
+import { buildLiveReadOnlySelfCheck } from "./live-read-only-probes.js";
+export function buildLiveTradingVerificationProbes(input = {}) {
+    const readOnly = buildLiveReadOnlySelfCheck(input).probes ?? {};
+    return {
+        ...readOnly,
+        marketRules: async (verificationInput) => buildMarketRules(verificationInput),
+        placeOrder: async (orderInput) => {
+            const result = await executeRapidXCapability("order.place", {
+                symbol: orderInput.symbol,
+                side: orderInput.side,
+                orderType: "LIMIT",
+                price: orderInput.price,
+                quantity: orderInput.quantity,
+                maxNotional: orderInput.maxNotional,
+                clientOrderId: orderInput.clientOrderId,
+                postOnly: true,
+                previewId: orderInput.previewId,
+                continueConsentId: continueConsentId(orderInput.clientOrderId, "place")
+            });
+            const data = extractDataObject(result);
+            const orderId = stringField(data, "orderId") ?? orderInput.clientOrderId;
+            return {
+                orderId,
+                requestId: stringField(data, "clientOrderId") ?? orderInput.clientOrderId,
+                status: normalizeOrderStatus(stringField(data, "orderState") ?? "OPEN")
+            };
+        },
+        queryOrder: async (order) => queryOrder(order),
+        cancelOrder: async (order) => {
+            const result = await executeRapidXCapability("order.cancel", {
+                orderId: order.orderId,
+                previewId: `internal-${order.orderId}`,
+                continueConsentId: continueConsentId(order.orderId, "cancel")
+            });
+            const data = extractDataObject(result);
+            const status = normalizeOrderStatus(stringField(data, "orderState") ?? stringField(data, "action") ?? "");
+            if (status === "CANCELED") {
+                return { orderId: order.orderId, status };
+            }
+            return queryOrder(order);
+        },
+        cleanupCheck: async (_order) => cleanupCheck(input)
+    };
+}
+async function buildMarketRules(input) {
+    const [symbolInfoResult, orderbookResult] = await Promise.all([
+        executeRapidXCapability("market.symbol-info", { symbol: input.symbol }),
+        executeRapidXCapability("market.orderbook", { symbol: input.symbol, depth: 5 })
+    ]);
+    const symbolInfo = extractSymbolInfo(symbolInfoResult, input.symbol);
+    const orderbook = extractDataObject(orderbookResult);
+    const bestBid = nestedStringField(orderbook, "bestBid", "price");
+    const bestAsk = nestedStringField(orderbook, "bestAsk", "price");
+    const minNotional = stringField(symbolInfo, "minNotional") ?? "";
+    const tickSize = stringField(symbolInfo, "tickSize") ?? "0.000001";
+    const lotSize = stringField(symbolInfo, "lotSize") ?? "0.000001";
+    const order = choosePostOnlyVerificationOrder({
+        side: input.side,
+        maxNotional: input.maxNotional,
+        minNotional,
+        tickSize,
+        lotSize,
+        bestBid,
+        bestAsk
+    });
+    return {
+        minNotional,
+        tickSize,
+        lotSize,
+        bestBid,
+        bestAsk,
+        orderPrice: order.price,
+        orderQuantity: order.quantity
+    };
+}
+async function queryOrder(order) {
+    const result = await executeRapidXCapability("order.get", { orderId: order.orderId });
+    const data = extractDataObject(result);
+    const requestId = stringField(data, "clientOrderId") ?? order.requestId;
+    return {
+        orderId: stringField(data, "orderId") ?? order.orderId,
+        status: normalizeOrderStatus(stringField(data, "orderState") ?? ""),
+        ...(requestId ? { requestId } : {})
+    };
+}
+async function cleanupCheck(input) {
+    const symbol = typeof input.symbol === "string" ? input.symbol : "BINANCE_PERP_BTC_USDT";
+    const [ordersResult, positionsResult] = await Promise.all([
+        executeRapidXCapability("order.list", { symbol, pageSize: 20 }),
+        executeRapidXCapability("position.list", { symbol })
+    ]);
+    const orders = extractList(extractDataObject(ordersResult));
+    const positions = extractArrayData(positionsResult);
+    return {
+        openOrders: orders.filter((order) => {
+            const state = normalizeOrderStatus(stringField(order, "orderState") ?? "OPEN");
+            const orderSymbol = stringField(order, "sym") ?? stringField(order, "symbol") ?? symbol;
+            return orderSymbol === symbol && state !== "CANCELED" && state !== "REJECTED" && state !== "FILLED";
+        }).length,
+        unexpectedPositions: positions.filter((position) => {
+            const positionSymbol = stringField(position, "sym") ?? stringField(position, "symbol");
+            return positionSymbol === symbol && Number(stringField(position, "positionQty") ?? "0") !== 0;
+        }).length
+    };
+}
+function choosePostOnlyVerificationOrder(input) {
+    const maxNotional = finitePositiveNumber(input.maxNotional, "maxNotional");
+    const minNotional = finitePositiveNumber(input.minNotional, "minNotional");
+    const tickSize = finitePositiveNumber(input.tickSize, "tickSize");
+    const lotSize = finitePositiveNumber(input.lotSize, "lotSize");
+    const referencePrice = finitePositiveNumber(input.side === "BUY" ? input.bestBid : input.bestAsk, "reference price");
+    let quantity = ceilToStep(minNotional / referencePrice, lotSize);
+    if (quantity <= 0) {
+        quantity = lotSize;
+    }
+    let price;
+    if (input.side === "BUY") {
+        const maxPriceByNotional = floorToStep(maxNotional / quantity, tickSize);
+        price = floorToStep(Math.min(referencePrice, maxPriceByNotional), tickSize);
+    }
+    else {
+        price = ceilToStep(referencePrice + tickSize, tickSize);
+    }
+    if (price <= 0 || price * quantity > maxNotional + 1e-9 || price * quantity < minNotional - 1e-9) {
+        throw new ProductError({
+            code: "RCORE24001",
+            status: "BLOCKED",
+            message: "No post-only verification order can satisfy minNotional and maxNotional."
+        });
+    }
+    return {
+        price: formatStepValue(price, input.tickSize),
+        quantity: formatStepValue(quantity, input.lotSize)
+    };
+}
+function finitePositiveNumber(value, label) {
+    const number = Number(value);
+    if (!Number.isFinite(number) || number <= 0) {
+        throw new ProductError({
+            code: CORE_ERRORS.SCHEMA_INVALID,
+            status: "FAIL",
+            message: `Invalid ${label}.`
+        });
+    }
+    return number;
+}
+function ceilToStep(value, step) {
+    return Math.ceil((value / step) - 1e-12) * step;
+}
+function floorToStep(value, step) {
+    return Math.floor((value / step) + 1e-12) * step;
+}
+function formatStepValue(value, step) {
+    const decimals = decimalPlaces(step);
+    return decimals === 0 ? String(Math.round(value)) : value.toFixed(decimals);
+}
+function decimalPlaces(step) {
+    const fraction = step.split(".")[1];
+    return fraction ? fraction.length : 0;
+}
+function continueConsentId(id, action) {
+    return `trade-verify-${action}-${id}`;
+}
+function extractSymbolInfo(result, symbol) {
+    const data = extractData(result);
+    if (data && typeof data === "object") {
+        const record = data;
+        const keyed = record[symbol];
+        if (keyed && typeof keyed === "object") {
+            return keyed;
+        }
+        return record;
+    }
+    throw new ProductError({
+        code: CORE_ERRORS.UPSTREAM_REJECTED,
+        status: "FAIL",
+        message: "RapidX symbol info response is missing data."
+    });
+}
+function extractDataObject(result) {
+    const data = extractData(result);
+    if (data && typeof data === "object" && !Array.isArray(data)) {
+        return data;
+    }
+    return {};
+}
+function extractArrayData(result) {
+    const data = extractData(result);
+    if (Array.isArray(data)) {
+        return data.filter((item) => Boolean(item) && typeof item === "object" && !Array.isArray(item));
+    }
+    return [];
+}
+function extractList(data) {
+    const list = data.list;
+    if (!Array.isArray(list)) {
+        return [];
+    }
+    return list.filter((item) => Boolean(item) && typeof item === "object" && !Array.isArray(item));
+}
+function extractData(result) {
+    if (result && typeof result === "object" && Object.prototype.hasOwnProperty.call(result, "data")) {
+        return result.data;
+    }
+    return result;
+}
+function stringField(record, field) {
+    const value = record[field];
+    return value === undefined || value === null || value === "" ? undefined : String(value);
+}
+function nestedStringField(record, parent, field) {
+    const value = record[parent];
+    if (!value || typeof value !== "object" || Array.isArray(value)) {
+        throw new ProductError({
+            code: CORE_ERRORS.UPSTREAM_REJECTED,
+            status: "FAIL",
+            message: `RapidX orderbook response is missing ${parent}.${field}.`
+        });
+    }
+    const result = stringField(value, field);
+    if (!result) {
+        throw new ProductError({
+            code: CORE_ERRORS.UPSTREAM_REJECTED,
+            status: "FAIL",
+            message: `RapidX orderbook response is missing ${parent}.${field}.`
+        });
+    }
+    return result;
+}
+function normalizeOrderStatus(state) {
+    switch (state.toUpperCase()) {
+        case "NEW":
+        case "OPEN":
+        case "ACCEPTED":
+        case "CANCEL_PENDING":
+            return "ACCEPTED";
+        case "PARTIALLY_FILLED":
+            return "PARTIALLY_FILLED";
+        case "FILLED":
+            return "FILLED";
+        case "CANCELLED":
+        case "CANCELED":
+        case "CANCEL_COMPLETE":
+            return "CANCELED";
+        case "REJECTED":
+            return "REJECTED";
+        default:
+            return "UNKNOWN";
+    }
+}

package/dist/core/self-check/run-self-check.js

@@ -0,0 +1,91 @@
+import { getSchemaResult } from "../contracts/capabilities.js";
+import { ProductError } from "../errors/product-error.js";
+import { checkForUpdate } from "../update/check-update.js";
+export async function runSelfCheck(options = {}) {
+    const scope = options.input?.scope ?? "quick";
+    const probes = options.probes ?? {};
+    const checks = [];
+    const evidence = [];
+    function add(item) {
+        checks.push(item);
+        evidence.push({
+            source: item.source,
+            toolOrCommandEvidence: item.name,
+            timestamp: new Date().toISOString()
+        });
+    }
+    add({ name: "discovery", status: "PASS", source: "local_check", message: `${getSchemaResult().capabilities.length} capabilities loaded.` });
+    add({ name: "schema-compatibility", status: "PASS", source: "local_check", message: "Canonical schema is available." });
+    let update;
+    if (options.input?.checkUpdates) {
+        update = await checkForUpdate();
+        add({
+            name: "update-status",
+            status: statusForUpdate(update),
+            source: "local_check",
+            message: `Release manifest status is ${update.status}.`
+        });
+    }
+    await runProbe("public-market", probes.publicMarket, add);
+    if (options.credential) {
+        if (probes.credentialAuth) {
+            await runProbe("credential-auth", probes.credentialAuth, add);
+        }
+        else {
+            add({ name: "credential-auth", status: "NOT_VERIFIED", source: "real_tool_call", message: "Credential exists but no real auth probe was provided." });
+        }
+    }
+    else {
+        add({ name: "credential-auth", status: "NOT_VERIFIED", source: "real_tool_call", message: "Portfolio credential was not provided." });
+    }
+    if (scope === "deep") {
+        await runProbe("account-balance", probes.accountRead, add);
+        await runProbe("order-list", probes.orderRead, add);
+        await runProbe("position-list", probes.positionRead, add);
+    }
+    const status = checks.some((check) => check.status === "FAIL")
+        ? "FAIL"
+        : checks.some((check) => check.status === "BLOCKED")
+            ? "BLOCKED"
+            : checks.some((check) => check.status === "NOT_VERIFIED")
+                ? "NOT_VERIFIED"
+                : checks.some((check) => check.status === "EXPECTED_ERROR")
+                    ? "EXPECTED_ERROR"
+                    : checks.every((check) => check.status === "PASS")
+                        ? "PASS"
+                        : "NOT_VERIFIED";
+    return {
+        scope,
+        status,
+        checks,
+        notVerifiedItems: checks.filter((check) => check.status === "NOT_VERIFIED").map((check) => check.name),
+        evidence,
+        ...(update ? { update } : {})
+    };
+}
+function statusForUpdate(update) {
+    if (update.status === "WRITE_BLOCKED" || update.status === "UPGRADE_REQUIRED") {
+        return "BLOCKED";
+    }
+    if (update.status === "UNKNOWN") {
+        return "NOT_VERIFIED";
+    }
+    return "PASS";
+}
+async function runProbe(name, probe, add) {
+    if (!probe) {
+        add({ name, status: "NOT_VERIFIED", source: "real_tool_call", message: "No real probe was provided; PASS cannot be asserted." });
+        return;
+    }
+    try {
+        await probe();
+        add({ name, status: "PASS", source: "real_tool_call", message: "Real probe completed." });
+    }
+    catch (error) {
+        if (error instanceof ProductError && error.status === "EXPECTED_ERROR") {
+            add({ name, status: "EXPECTED_ERROR", source: "real_tool_call", message: error.message });
+            return;
+        }
+        add({ name, status: "FAIL", source: "real_tool_call", message: error instanceof Error ? error.message : String(error) });
+    }
+}