@liquiditytech/rapidx-cli 1.0.26

package/dist/core/trading/preview.js

@@ -0,0 +1,330 @@
+import { randomUUID } from "node:crypto";
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
+import { dirname, join, resolve } from "node:path";
+import { assertInputMatchesSchema } from "../contracts/input-schema.js";
+import { evaluateSafety, stableParamsHash } from "../safety/policy.js";
+import { ProductError } from "../errors/product-error.js";
+export function makePreviewStore() {
+    return { records: new Map() };
+}
+export function resolvePreviewStoreFile(env = process.env, cwd = process.cwd()) {
+    const stateDir = env.RAPIDX_STATE_DIR ? resolve(env.RAPIDX_STATE_DIR) : resolve(cwd, ".rapidx");
+    return join(stateDir, "preview-store.json");
+}
+export function loadPreviewStoreFromFile(filePath, now = new Date()) {
+    const store = makePreviewStore();
+    if (!existsSync(filePath)) {
+        return store;
+    }
+    const parsed = JSON.parse(readFileSync(filePath, "utf8"));
+    if (!Array.isArray(parsed)) {
+        return store;
+    }
+    for (const item of parsed) {
+        if (!isTradePreviewRecord(item)) {
+            continue;
+        }
+        if (new Date(item.expiresAt).getTime() < now.getTime()) {
+            continue;
+        }
+        store.records.set(item.previewId, item);
+    }
+    return store;
+}
+export function savePreviewStoreToFile(filePath, store) {
+    mkdirSync(dirname(filePath), { recursive: true });
+    const records = [...store.records.values()];
+    writeFileSync(filePath, `${JSON.stringify(records, null, 2)}\n`, { mode: 0o600 });
+}
+export function createTradePreview(capability, input, policy, state, store, ttlSeconds = 300) {
+    assertInputMatchesSchema(capability.inputSchema, input, {
+        allowedExtraFields: ["explicitUserConsent", "acceptedRiskText"]
+    });
+    const tradeParams = normalizeTradeParams(input);
+    const previewDetails = makePreviewDetails(capability, tradeParams);
+    const decision = evaluateSafety(capability, input, policy, state);
+    if (!decision.allowed) {
+        throw new ProductError({
+            code: decision.code ?? "RCORE20002",
+            status: "BLOCKED",
+            message: decision.reason ?? "Preview blocked by safety policy."
+        });
+    }
+    const previewId = `rpv_${randomUUID()}`;
+    const record = {
+        previewId,
+        capabilityId: capability.capabilityId,
+        paramsHash: stableParamsHash(tradeParams),
+        ...previewDetails,
+        expiresAt: new Date(Date.now() + ttlSeconds * 1000).toISOString(),
+        submitted: false,
+        status: "PASS",
+        confirmation: makeSubmitConfirmation(previewId)
+    };
+    store.records.set(previewId, record);
+    return record;
+}
+export function createTargetedTradePreview(targetCapability, input, policy, state, store, ttlSeconds = 300) {
+    assertInputMatchesSchema(targetCapability.inputSchema, input, {
+        allowedExtraFields: [
+            "targetCapabilityId",
+            "consentId",
+            "explicitUserConsent",
+            "acceptedRiskText",
+            "mcpSchemaVersion",
+            "skillsVersion",
+            "skillsSchemaVersion"
+        ],
+        ignoredRequiredFields: ["previewId", "continueConsentId"]
+    });
+    if (targetCapability.operationType !== "TRADE_WRITE") {
+        throw new ProductError({
+            code: "RCORE20002",
+            status: "BLOCKED",
+            message: "trade preview target must be a trade write capability."
+        });
+    }
+    if (isPreviewCapability(targetCapability.capabilityId)) {
+        throw new ProductError({
+            code: "RCORE20002",
+            status: "BLOCKED",
+            message: "trade preview target cannot be another preview capability."
+        });
+    }
+    const tradeParams = normalizeTradeParams(input);
+    const previewDetails = makePreviewDetails(targetCapability, tradeParams);
+    const decision = evaluateSafety(targetCapability, input, policy, state);
+    if (!decision.allowed) {
+        throw new ProductError({
+            code: decision.code ?? "RCORE20002",
+            status: "BLOCKED",
+            message: decision.reason ?? "Preview blocked by safety policy."
+        });
+    }
+    const previewId = `rpv_${randomUUID()}`;
+    const record = {
+        previewId,
+        capabilityId: targetCapability.capabilityId,
+        paramsHash: stableParamsHash(tradeParams),
+        ...previewDetails,
+        expiresAt: new Date(Date.now() + ttlSeconds * 1000).toISOString(),
+        submitted: false,
+        status: "PASS",
+        confirmation: makeSubmitConfirmation(previewId)
+    };
+    store.records.set(previewId, record);
+    return record;
+}
+function makeSubmitConfirmation(previewId) {
+    return {
+        submitToken: `confirm_${previewId}`,
+        requiredFields: ["previewId", "continueConsentId"],
+        instruction: "Pass submitToken as continueConsentId only after the user has confirmed this exact preview."
+    };
+}
+export function verifyPreview(store, previewId, capability, input, now = new Date()) {
+    if (!previewId) {
+        throw new ProductError({
+            code: "RCORE20002",
+            status: "BLOCKED",
+            message: "previewId is required before trade write submission."
+        });
+    }
+    const record = store.records.get(previewId);
+    if (!record) {
+        throw new ProductError({
+            code: "RCORE20002",
+            status: "BLOCKED",
+            message: "previewId was not found."
+        });
+    }
+    if (new Date(record.expiresAt).getTime() < now.getTime()) {
+        throw new ProductError({
+            code: "RCORE20002",
+            status: "BLOCKED",
+            message: "previewId has expired."
+        });
+    }
+    const capabilityMatches = record.capabilityId === capability.capabilityId
+        || ((record.capabilityId === "order.preview" || record.capabilityId === "order.place-preview") && capability.capabilityId === "order.place");
+    if (!capabilityMatches) {
+        throw new ProductError({
+            code: "RCORE20002",
+            status: "BLOCKED",
+            message: "previewId was created for a different capability."
+        });
+    }
+    if (record.paramsHash !== stableParamsHash(normalizeTradeParams(input))) {
+        throw new ProductError({
+            code: "RCORE20002",
+            status: "BLOCKED",
+            message: "Submitted trade parameters do not match the preview."
+        });
+    }
+    return record;
+}
+export function consumePreview(store, previewId, capability, input, now = new Date()) {
+    const record = verifyPreview(store, previewId, capability, input, now);
+    store.records.delete(record.previewId);
+    return record;
+}
+function normalizeTradeParams(input) {
+    const normalized = {};
+    for (const [key, value] of Object.entries(input)) {
+        if (!NON_TRADE_HASH_FIELDS.has(key) && value !== undefined) {
+            normalized[key] = value;
+        }
+    }
+    return normalized;
+}
+function makePreviewDetails(capability, tradeParams) {
+    return {
+        businessParams: { ...tradeParams },
+        requestSummary: makeRequestSummary(capability.capabilityId, tradeParams),
+        riskNotes: makeRiskNotes(capability.capabilityId, tradeParams)
+    };
+}
+function makeRequestSummary(capabilityId, params) {
+    if (capabilityId === "order.preview" || capabilityId === "order.place-preview" || capabilityId === "order.place") {
+        return compactRecord({
+            action: "place_order",
+            symbol: params.symbol,
+            side: params.side,
+            orderType: params.orderType,
+            price: params.price,
+            quantity: params.quantity,
+            amount: params.amount,
+            maxNotional: params.maxNotional,
+            clientOrderId: params.clientOrderId,
+            estimatedNotional: estimateNotional(params)
+        });
+    }
+    if (capabilityId === "position.close") {
+        return compactRecord({
+            action: "close_position",
+            symbol: params.symbol,
+            positionSide: params.positionSide,
+            quantity: params.quantity,
+            reduceOnly: params.reduceOnly,
+            maxNotional: params.maxNotional,
+            orderType: "MARKET",
+            closeSide: "determined_by_current_position"
+        });
+    }
+    if (capabilityId === "position.set-leverage") {
+        return compactRecord({
+            action: "set_leverage",
+            symbol: params.symbol,
+            leverage: params.leverage,
+            positionSide: params.positionSide
+        });
+    }
+    if (capabilityId === "account.set-position-mode") {
+        return compactRecord({
+            action: "set_position_mode",
+            mode: params.mode,
+            exchange: params.exchange
+        });
+    }
+    if (capabilityId.startsWith("order.") || capabilityId.startsWith("algo.")) {
+        return compactRecord({
+            action: capabilityId.replace(".", "_"),
+            symbol: params.symbol,
+            orderId: params.orderId,
+            algoOrderId: params.algoOrderId,
+            clientOrderId: params.clientOrderId,
+            price: params.price,
+            quantity: params.quantity,
+            maxNotional: params.maxNotional
+        });
+    }
+    return compactRecord({ action: capabilityId, ...params });
+}
+function makeRiskNotes(capabilityId, params) {
+    const notes = [];
+    if (params.maxNotional !== undefined) {
+        notes.push("maxNotional is a safety upper bound, not the target order size.");
+    }
+    if (capabilityId === "position.close") {
+        notes.push("Do not pass side or quantity for position.close; RapidX determines BUY or SELL from the current position and closes the target symbol/positionSide.");
+        notes.push("position.close uses the RapidX close-position API and may execute as a market close with slippage.");
+        notes.push("order.get reduceOnly may not reflect the close-position API request; verify final exposure with position.list.");
+    }
+    return notes;
+}
+function estimateNotional(params) {
+    if (params.amount !== undefined && params.amount !== null && params.amount !== "") {
+        return String(params.amount);
+    }
+    if (params.notional !== undefined && params.notional !== null && params.notional !== "") {
+        return String(params.notional);
+    }
+    if (params.price === undefined || params.quantity === undefined) {
+        return undefined;
+    }
+    return multiplyDecimalStrings(String(params.price), String(params.quantity));
+}
+function multiplyDecimalStrings(left, right) {
+    const parsedLeft = parseDecimal(left);
+    const parsedRight = parseDecimal(right);
+    if (!parsedLeft || !parsedRight) {
+        return undefined;
+    }
+    const negative = parsedLeft.negative !== parsedRight.negative;
+    const product = parsedLeft.value * parsedRight.value;
+    const scale = parsedLeft.scale + parsedRight.scale;
+    return formatScaledDecimal(product, scale, negative);
+}
+function parseDecimal(input) {
+    const trimmed = input.trim();
+    const match = /^([+-])?(\d+)(?:\.(\d+))?$/.exec(trimmed);
+    if (!match) {
+        return undefined;
+    }
+    const [, sign, whole, fraction = ""] = match;
+    const digits = `${whole}${fraction}`.replace(/^0+(?=\d)/, "");
+    return {
+        value: BigInt(digits || "0"),
+        scale: fraction.length,
+        negative: sign === "-"
+    };
+}
+function formatScaledDecimal(value, scale, negative) {
+    const sign = negative && value !== 0n ? "-" : "";
+    const raw = value.toString().padStart(scale + 1, "0");
+    if (scale === 0) {
+        return `${sign}${raw}`;
+    }
+    const whole = raw.slice(0, -scale) || "0";
+    const fraction = raw.slice(-scale).replace(/0+$/, "");
+    return fraction ? `${sign}${whole}.${fraction}` : `${sign}${whole}`;
+}
+function compactRecord(input) {
+    return Object.fromEntries(Object.entries(input).filter(([, value]) => value !== undefined && value !== null && value !== ""));
+}
+function isPreviewCapability(capabilityId) {
+    return capabilityId.endsWith(".preview") || capabilityId.endsWith("-preview");
+}
+const NON_TRADE_HASH_FIELDS = new Set([
+    "targetCapabilityId",
+    "previewId",
+    "consentId",
+    "continueConsentId",
+    "explicitUserConsent",
+    "acceptedRiskText",
+    "mcpSchemaVersion",
+    "skillsVersion",
+    "skillsSchemaVersion"
+]);
+function isTradePreviewRecord(value) {
+    if (!value || typeof value !== "object") {
+        return false;
+    }
+    const candidate = value;
+    return typeof candidate.previewId === "string"
+        && typeof candidate.capabilityId === "string"
+        && typeof candidate.paramsHash === "string"
+        && typeof candidate.expiresAt === "string"
+        && candidate.submitted === false
+        && (candidate.status === "PASS" || candidate.status === "BLOCKED");
+}

package/dist/core/trading/trading-verification.js

@@ -0,0 +1,137 @@
+import { findCapabilityById } from "../contracts/capabilities.js";
+import { assertInputMatchesSchema } from "../contracts/input-schema.js";
+import { ProductError } from "../errors/product-error.js";
+import { createTradePreview, makePreviewStore } from "./preview.js";
+import { defaultSafetyPolicy, makeSafetyState } from "../safety/policy.js";
+import { runSelfCheck } from "../self-check/run-self-check.js";
+import { makeResolvedCredential } from "../config/credential.js";
+export async function runTradingVerification(rawInput, probes = {}) {
+    const steps = [];
+    let input;
+    try {
+        input = normalizeTradingVerificationInput(rawInput);
+    }
+    catch (error) {
+        if (error instanceof ProductError) {
+            return { submittedRealOrder: false, status: "FAIL", cleanupStatus: "NOT_VERIFIED", steps, errorCode: error.code, errorMessage: error.message };
+        }
+        throw error;
+    }
+    const selfCheckOptions = {
+        input: { scope: "deep", readOnly: true },
+        probes
+    };
+    const selfCheck = await runSelfCheck(probes.credentialAuth
+        ? { ...selfCheckOptions, credential: makeResolvedCredential("configured-access-key", "configured-secret-key") }
+        : selfCheckOptions);
+    steps.push({ name: "self-check", status: selfCheck.status, toolOrCommandEvidence: "rapidx self-check --read-only --json" });
+    if (selfCheck.status !== "PASS") {
+        return { submittedRealOrder: false, status: "NOT_VERIFIED", cleanupStatus: "NOT_VERIFIED", steps, errorCode: "RCORE10002" };
+    }
+    if (!input.explicitUserConsent) {
+        steps.push({ name: "preview", status: "BLOCKED", toolOrCommandEvidence: "user consent missing for small real trade verification" });
+        return { submittedRealOrder: false, status: "BLOCKED", cleanupStatus: "NOT_VERIFIED", steps, errorCode: "RCORE20001" };
+    }
+    if (!probes.marketRules) {
+        steps.push({ name: "market", status: "NOT_VERIFIED", toolOrCommandEvidence: "market rules probe missing" });
+        return { submittedRealOrder: false, status: "NOT_VERIFIED", cleanupStatus: "NOT_VERIFIED", steps, errorCode: "RCORE10002" };
+    }
+    const marketRules = await probes.marketRules(input);
+    if (Number(marketRules.minNotional) > Number(input.maxNotional)) {
+        steps.push({ name: "market", status: "BLOCKED", toolOrCommandEvidence: `minNotional=${marketRules.minNotional};maxNotional=${input.maxNotional}` });
+        return { submittedRealOrder: false, status: "BLOCKED", cleanupStatus: "NOT_VERIFIED", steps, errorCode: "RCORE24001" };
+    }
+    steps.push({ name: "market", status: "PASS", toolOrCommandEvidence: `minNotional=${marketRules.minNotional};tickSize=${marketRules.tickSize}` });
+    const capability = findCapabilityById("order.preview");
+    if (!capability) {
+        throw new Error("Missing order.preview capability");
+    }
+    const policy = { ...defaultSafetyPolicy(), tradingEnabled: true, readOnly: false, maxNotional: input.maxNotional };
+    const price = marketRules.orderPrice ?? (input.side === "BUY" ? marketRules.bestBid : marketRules.bestAsk);
+    const quantity = marketRules.orderQuantity ?? quantityForNotional(marketRules.minNotional, price);
+    const previewInput = {
+        ...input,
+        orderType: "LIMIT",
+        postOnly: true,
+        price,
+        quantity
+    };
+    const preview = createTradePreview(capability, previewInput, policy, makeSafetyState(), makePreviewStore());
+    steps.push({ name: "preview", status: "PASS", toolOrCommandEvidence: preview.previewId });
+    if (!probes.placeOrder) {
+        steps.push({ name: "place", status: "NOT_VERIFIED", toolOrCommandEvidence: "placeOrder probe missing" });
+        return { submittedRealOrder: false, status: "NOT_VERIFIED", cleanupStatus: "NOT_VERIFIED", steps, previewId: preview.previewId, errorCode: "RCORE23001" };
+    }
+    const placed = await probes.placeOrder({ ...input, previewId: preview.previewId, orderType: "LIMIT", postOnly: true, price, quantity });
+    steps.push({ name: "place", status: "PASS", toolOrCommandEvidence: placed.requestId ?? placed.orderId });
+    if (!probes.queryOrder) {
+        steps.push({ name: "query", status: "NOT_VERIFIED", toolOrCommandEvidence: "queryOrder probe missing" });
+        return { submittedRealOrder: true, status: "NOT_VERIFIED", cleanupStatus: "NOT_VERIFIED", steps, previewId: preview.previewId, errorCode: "RCORE23001" };
+    }
+    const queried = await probes.queryOrder(placed);
+    if (queried.status === "UNKNOWN") {
+        steps.push({ name: "query", status: "NOT_VERIFIED", toolOrCommandEvidence: queried.orderId });
+        return { submittedRealOrder: true, status: "NOT_VERIFIED", cleanupStatus: "NOT_VERIFIED", steps, previewId: preview.previewId, errorCode: "RCORE23001" };
+    }
+    steps.push({ name: "query", status: "PASS", toolOrCommandEvidence: `${queried.orderId}:${queried.status}` });
+    let currentOrder = queried;
+    if (probes.amendOrder) {
+        currentOrder = await probes.amendOrder(currentOrder);
+        steps.push({ name: "amend", status: currentOrder.status === "UNKNOWN" ? "NOT_VERIFIED" : "PASS", toolOrCommandEvidence: `${currentOrder.orderId}:${currentOrder.status}` });
+        if (currentOrder.status === "UNKNOWN") {
+            return { submittedRealOrder: true, status: "NOT_VERIFIED", cleanupStatus: "NOT_VERIFIED", steps, previewId: preview.previewId, errorCode: "RCORE23001" };
+        }
+    }
+    else {
+        steps.push({ name: "amend", status: "EXPECTED_ERROR", toolOrCommandEvidence: "amendOrder probe not supported" });
+    }
+    if (!probes.cancelOrder) {
+        steps.push({ name: "cancel", status: "FAIL", toolOrCommandEvidence: "cancelOrder probe missing" });
+        return { submittedRealOrder: true, status: "FAIL", cleanupStatus: "FAIL", steps, previewId: preview.previewId, errorCode: "RCORE24002" };
+    }
+    currentOrder = await probes.cancelOrder(currentOrder);
+    if (currentOrder.status !== "CANCELED") {
+        steps.push({ name: "cancel", status: "FAIL", toolOrCommandEvidence: `${currentOrder.orderId}:${currentOrder.status}` });
+        return { submittedRealOrder: true, status: "FAIL", cleanupStatus: "FAIL", steps, previewId: preview.previewId, errorCode: "RCORE24002" };
+    }
+    steps.push({ name: "cancel", status: "PASS", toolOrCommandEvidence: `${currentOrder.orderId}:${currentOrder.status}` });
+    if (!probes.cleanupCheck) {
+        steps.push({ name: "cleanup-check", status: "NOT_VERIFIED", toolOrCommandEvidence: "cleanupCheck probe missing" });
+        return { submittedRealOrder: true, status: "NOT_VERIFIED", cleanupStatus: "NOT_VERIFIED", steps, previewId: preview.previewId, errorCode: "RCORE24002" };
+    }
+    const cleanup = await probes.cleanupCheck(currentOrder);
+    if (cleanup.openOrders !== 0 || cleanup.unexpectedPositions !== 0) {
+        steps.push({ name: "cleanup-check", status: "FAIL", toolOrCommandEvidence: `openOrders=${cleanup.openOrders};unexpectedPositions=${cleanup.unexpectedPositions}` });
+        return { submittedRealOrder: true, status: "FAIL", cleanupStatus: "FAIL", steps, previewId: preview.previewId, errorCode: "RCORE24002" };
+    }
+    steps.push({ name: "cleanup-check", status: "PASS", toolOrCommandEvidence: "openOrders=0;unexpectedPositions=0" });
+    return {
+        submittedRealOrder: true,
+        status: "PASS",
+        cleanupStatus: "PASS",
+        steps,
+        previewId: preview.previewId
+    };
+}
+function normalizeTradingVerificationInput(input) {
+    assertInputMatchesSchema("TradingVerificationInput", input);
+    const normalized = {
+        symbol: String(input.symbol),
+        side: input.side === "SELL" ? "SELL" : "BUY",
+        maxNotional: String(input.maxNotional),
+        clientOrderId: String(input.clientOrderId),
+        explicitUserConsent: input.explicitUserConsent === true
+    };
+    if (typeof input.acceptedRiskText === "string") {
+        normalized.acceptedRiskText = input.acceptedRiskText;
+    }
+    return normalized;
+}
+function quantityForNotional(minNotional, price) {
+    const priceNumber = Number(price);
+    const minNotionalNumber = Number(minNotional);
+    if (!Number.isFinite(priceNumber) || priceNumber <= 0 || !Number.isFinite(minNotionalNumber) || minNotionalNumber <= 0) {
+        return minNotional;
+    }
+    return String(Math.ceil((minNotionalNumber / priceNumber) * 1_000_000) / 1_000_000);
+}