@liquiditytech/rapidx-cli 1.0.27 → 1.0.29

package/dist/core/trading/trading-verification.js

@@ -13,7 +13,7 @@ export async function runTradingVerification(rawInput, probes = {}) {
     }
     catch (error) {
         if (error instanceof ProductError) {
-            return { submittedRealOrder: false, status: "FAIL", cleanupStatus: "NOT_VERIFIED", steps, errorCode: error.code, errorMessage: error.message };
+            return { submittedRealOrder: false, status: error.status, cleanupStatus: "NOT_VERIFIED", steps, errorCode: error.code, errorMessage: error.message, errorStage: "input-validation" };
         }
         throw error;
     }
@@ -26,20 +26,40 @@ export async function runTradingVerification(rawInput, probes = {}) {
         : selfCheckOptions);
     steps.push({ name: "self-check", status: selfCheck.status, toolOrCommandEvidence: "rapidx self-check --read-only --json" });
     if (selfCheck.status !== "PASS") {
-        return { submittedRealOrder: false, status: "NOT_VERIFIED", cleanupStatus: "NOT_VERIFIED", steps, errorCode: "RCORE10002" };
+        return { submittedRealOrder: false, status: "NOT_VERIFIED", cleanupStatus: "NOT_VERIFIED", steps, errorCode: "RCORE10002", errorStage: "self-check" };
     }
-    if (!input.explicitUserConsent) {
-        steps.push({ name: "preview", status: "BLOCKED", toolOrCommandEvidence: "user consent missing for small real trade verification" });
-        return { submittedRealOrder: false, status: "BLOCKED", cleanupStatus: "NOT_VERIFIED", steps, errorCode: "RCORE20001" };
+    const consentProblem = validateParameterBoundConsent(input);
+    if (consentProblem) {
+        steps.push({ name: "preview", status: "BLOCKED", toolOrCommandEvidence: consentProblem });
+        return {
+            submittedRealOrder: false,
+            status: "BLOCKED",
+            cleanupStatus: "NOT_VERIFIED",
+            steps,
+            errorCode: "RCORE20001",
+            errorMessage: consentProblem,
+            errorStage: "user-consent",
+            recommendedAction: "Ask the human user to confirm the exact symbol, side, positionSide when provided, maxNotional, real-order risk, and cancel cleanup behavior before running verify-live."
+        };
     }
     if (!probes.marketRules) {
         steps.push({ name: "market", status: "NOT_VERIFIED", toolOrCommandEvidence: "market rules probe missing" });
-        return { submittedRealOrder: false, status: "NOT_VERIFIED", cleanupStatus: "NOT_VERIFIED", steps, errorCode: "RCORE10002" };
+        return { submittedRealOrder: false, status: "NOT_VERIFIED", cleanupStatus: "NOT_VERIFIED", steps, errorCode: "RCORE10002", errorStage: "market" };
     }
     const marketRules = await probes.marketRules(input);
     if (Number(marketRules.minNotional) > Number(input.maxNotional)) {
-        steps.push({ name: "market", status: "BLOCKED", toolOrCommandEvidence: `minNotional=${marketRules.minNotional};maxNotional=${input.maxNotional}` });
-        return { submittedRealOrder: false, status: "BLOCKED", cleanupStatus: "NOT_VERIFIED", steps, errorCode: "RCORE24001" };
+        const evidence = `minNotional=${marketRules.minNotional};maxNotional=${input.maxNotional}`;
+        steps.push({ name: "market", status: "BLOCKED", toolOrCommandEvidence: evidence });
+        return {
+            submittedRealOrder: false,
+            status: "BLOCKED",
+            cleanupStatus: "NOT_VERIFIED",
+            steps,
+            errorCode: "RCORE24001",
+            errorMessage: `Verification order blocked because ${evidence}.`,
+            errorStage: "market",
+            recommendedAction: `Increase maxNotional to at least ${marketRules.minNotional}, or choose a symbol whose minNotional is within the authorized maxNotional.`
+        };
     }
     steps.push({ name: "market", status: "PASS", toolOrCommandEvidence: `minNotional=${marketRules.minNotional};tickSize=${marketRules.tickSize}` });
     const capability = findCapabilityById("order.preview");
@@ -60,18 +80,18 @@ export async function runTradingVerification(rawInput, probes = {}) {
     steps.push({ name: "preview", status: "PASS", toolOrCommandEvidence: preview.previewId });
     if (!probes.placeOrder) {
         steps.push({ name: "place", status: "NOT_VERIFIED", toolOrCommandEvidence: "placeOrder probe missing" });
-        return { submittedRealOrder: false, status: "NOT_VERIFIED", cleanupStatus: "NOT_VERIFIED", steps, previewId: preview.previewId, errorCode: "RCORE23001" };
+        return { submittedRealOrder: false, status: "NOT_VERIFIED", cleanupStatus: "NOT_VERIFIED", steps, previewId: preview.previewId, errorCode: "RCORE23001", errorStage: "place" };
     }
     const placed = await probes.placeOrder({ ...input, previewId: preview.previewId, orderType: "LIMIT", postOnly: true, price, quantity });
-    steps.push({ name: "place", status: "PASS", toolOrCommandEvidence: placed.requestId ?? placed.orderId });
+    steps.push({ name: "place", status: "PASS", toolOrCommandEvidence: [placed.requestId ?? placed.orderId, input.positionSide ? `positionSide=${input.positionSide}` : undefined].filter(Boolean).join(";") });
     if (!probes.queryOrder) {
         steps.push({ name: "query", status: "NOT_VERIFIED", toolOrCommandEvidence: "queryOrder probe missing" });
-        return { submittedRealOrder: true, status: "NOT_VERIFIED", cleanupStatus: "NOT_VERIFIED", steps, previewId: preview.previewId, errorCode: "RCORE23001" };
+        return { submittedRealOrder: true, status: "NOT_VERIFIED", cleanupStatus: "NOT_VERIFIED", steps, previewId: preview.previewId, errorCode: "RCORE23001", errorStage: "query" };
     }
     const queried = await probes.queryOrder(placed);
     if (queried.status === "UNKNOWN") {
         steps.push({ name: "query", status: "NOT_VERIFIED", toolOrCommandEvidence: queried.orderId });
-        return { submittedRealOrder: true, status: "NOT_VERIFIED", cleanupStatus: "NOT_VERIFIED", steps, previewId: preview.previewId, errorCode: "RCORE23001" };
+        return { submittedRealOrder: true, status: "NOT_VERIFIED", cleanupStatus: "NOT_VERIFIED", steps, previewId: preview.previewId, errorCode: "RCORE23001", errorStage: "query", lastObservedOrderState: queried.status };
     }
     steps.push({ name: "query", status: "PASS", toolOrCommandEvidence: `${queried.orderId}:${queried.status}` });
     let currentOrder = queried;
@@ -79,32 +99,37 @@ export async function runTradingVerification(rawInput, probes = {}) {
         currentOrder = await probes.amendOrder(currentOrder);
         steps.push({ name: "amend", status: currentOrder.status === "UNKNOWN" ? "NOT_VERIFIED" : "PASS", toolOrCommandEvidence: `${currentOrder.orderId}:${currentOrder.status}` });
         if (currentOrder.status === "UNKNOWN") {
-            return { submittedRealOrder: true, status: "NOT_VERIFIED", cleanupStatus: "NOT_VERIFIED", steps, previewId: preview.previewId, errorCode: "RCORE23001" };
+            return { submittedRealOrder: true, status: "NOT_VERIFIED", cleanupStatus: "NOT_VERIFIED", steps, previewId: preview.previewId, errorCode: "RCORE23001", errorStage: "amend", lastObservedOrderState: currentOrder.status };
         }
     }
     else {
-        steps.push({ name: "amend", status: "EXPECTED_ERROR", toolOrCommandEvidence: "amendOrder probe not supported" });
+        steps.push({
+            name: "amend",
+            status: "EXPECTED_ERROR",
+            toolOrCommandEvidence: "optional verify-live amend check skipped; order.amend remains available outside verify-live"
+        });
     }
     if (!probes.cancelOrder) {
         steps.push({ name: "cancel", status: "FAIL", toolOrCommandEvidence: "cancelOrder probe missing" });
-        return { submittedRealOrder: true, status: "FAIL", cleanupStatus: "FAIL", steps, previewId: preview.previewId, errorCode: "RCORE24002" };
+        return cleanupFailureReport(steps, preview.previewId, "cancel", undefined, "cancelOrder probe missing");
     }
-    currentOrder = await probes.cancelOrder(currentOrder);
-    if (currentOrder.status !== "CANCELED") {
-        steps.push({ name: "cancel", status: "FAIL", toolOrCommandEvidence: `${currentOrder.orderId}:${currentOrder.status}` });
-        return { submittedRealOrder: true, status: "FAIL", cleanupStatus: "FAIL", steps, previewId: preview.previewId, errorCode: "RCORE24002" };
+    const cancelConfirmation = await confirmCancel(currentOrder, probes);
+    currentOrder = cancelConfirmation.order;
+    if (!cancelConfirmation.confirmed) {
+        steps.push({ name: "cancel", status: "FAIL", toolOrCommandEvidence: cancelConfirmation.evidence });
+        return cleanupFailureReport(steps, preview.previewId, "cancel-confirmation", currentOrder.status);
     }
-    steps.push({ name: "cancel", status: "PASS", toolOrCommandEvidence: `${currentOrder.orderId}:${currentOrder.status}` });
+    steps.push({ name: "cancel", status: "PASS", toolOrCommandEvidence: cancelConfirmation.evidence });
     if (!probes.cleanupCheck) {
         steps.push({ name: "cleanup-check", status: "NOT_VERIFIED", toolOrCommandEvidence: "cleanupCheck probe missing" });
-        return { submittedRealOrder: true, status: "NOT_VERIFIED", cleanupStatus: "NOT_VERIFIED", steps, previewId: preview.previewId, errorCode: "RCORE24002" };
+        return { submittedRealOrder: true, status: "NOT_VERIFIED", cleanupStatus: "NOT_VERIFIED", steps, previewId: preview.previewId, errorCode: "RCORE24002", errorStage: "cleanup-check", recommendedAction: "Query order/list and position/list before retrying verify-live." };
     }
-    const cleanup = await probes.cleanupCheck(currentOrder);
-    if (cleanup.openOrders !== 0 || cleanup.unexpectedPositions !== 0) {
-        steps.push({ name: "cleanup-check", status: "FAIL", toolOrCommandEvidence: `openOrders=${cleanup.openOrders};unexpectedPositions=${cleanup.unexpectedPositions}` });
-        return { submittedRealOrder: true, status: "FAIL", cleanupStatus: "FAIL", steps, previewId: preview.previewId, errorCode: "RCORE24002" };
+    const cleanupConfirmation = await confirmCleanup(currentOrder, probes);
+    if (!cleanupConfirmation.confirmed) {
+        steps.push({ name: "cleanup-check", status: "FAIL", toolOrCommandEvidence: cleanupConfirmation.evidence });
+        return cleanupFailureReport(steps, preview.previewId, "cleanup-check", currentOrder.status, `cleanup still shows ${cleanupEvidence(cleanupConfirmation.cleanup)}`);
     }
-    steps.push({ name: "cleanup-check", status: "PASS", toolOrCommandEvidence: "openOrders=0;unexpectedPositions=0" });
+    steps.push({ name: "cleanup-check", status: "PASS", toolOrCommandEvidence: cleanupConfirmation.evidence });
     return {
         submittedRealOrder: true,
         status: "PASS",
@@ -125,8 +150,113 @@ function normalizeTradingVerificationInput(input) {
     if (typeof input.acceptedRiskText === "string") {
         normalized.acceptedRiskText = input.acceptedRiskText;
     }
+    if (input.positionSide === "LONG" || input.positionSide === "SHORT") {
+        normalized.positionSide = input.positionSide;
+    }
     return normalized;
 }
+function validateParameterBoundConsent(input) {
+    if (!input.explicitUserConsent) {
+        return "user consent missing for small real trade verification";
+    }
+    const text = input.acceptedRiskText?.trim() ?? "";
+    const upperText = text.toUpperCase();
+    const lowerText = text.toLowerCase();
+    const missing = [];
+    if (text.length < 20) {
+        missing.push("acceptedRiskText");
+    }
+    if (!upperText.includes(input.symbol.toUpperCase())) {
+        missing.push("symbol");
+    }
+    if (!upperText.includes(input.side)) {
+        missing.push("side");
+    }
+    if (input.positionSide && !upperText.includes(input.positionSide)) {
+        missing.push("positionSide");
+    }
+    if (!text.includes(input.maxNotional)) {
+        missing.push("maxNotional");
+    }
+    if (!lowerText.includes("real") && !text.includes("真实")) {
+        missing.push("real-order risk");
+    }
+    if (!lowerText.includes("cancel") && !lowerText.includes("cleanup") && !text.includes("取消") && !text.includes("清理")) {
+        missing.push("cancel cleanup");
+    }
+    if (missing.length > 0) {
+        return `acceptedRiskText must include ${missing.join(", ")} for this exact verify-live request`;
+    }
+    return undefined;
+}
+async function confirmCancel(order, probes) {
+    const observations = [];
+    let current = await probes.cancelOrder(order);
+    observations.push(current.status);
+    if (isSafeCancelTerminalState(current.status)) {
+        return { confirmed: true, order: current, evidence: `${current.orderId}:${observations.join("->")}` };
+    }
+    const delays = probes.cancelConfirmationDelaysMs ?? [100, 250, 500, 1_000, 2_000];
+    const wait = probes.wait ?? defaultWait;
+    for (const delay of delays) {
+        await wait(delay);
+        if (!probes.queryOrder) {
+            break;
+        }
+        current = await probes.queryOrder(current);
+        observations.push(current.status);
+        if (isSafeCancelTerminalState(current.status)) {
+            return { confirmed: true, order: current, evidence: `${current.orderId}:${observations.join("->")}` };
+        }
+    }
+    return { confirmed: false, order: current, evidence: `${current.orderId}:${observations.join("->")}` };
+}
+function isSafeCancelTerminalState(status) {
+    return status === "CANCELED" || status === "EXPIRED" || status === "REJECTED";
+}
+async function confirmCleanup(order, probes) {
+    const observations = [];
+    let current = await probes.cleanupCheck(order);
+    observations.push(cleanupEvidence(current));
+    if (isCleanupClean(current)) {
+        return { confirmed: true, cleanup: current, evidence: observations.join("->") };
+    }
+    const delays = probes.cleanupCheckDelaysMs ?? probes.cancelConfirmationDelaysMs ?? [100, 250, 500, 1_000, 2_000];
+    const wait = probes.wait ?? defaultWait;
+    for (const delay of delays) {
+        await wait(delay);
+        current = await probes.cleanupCheck(order);
+        observations.push(cleanupEvidence(current));
+        if (isCleanupClean(current)) {
+            return { confirmed: true, cleanup: current, evidence: observations.join("->") };
+        }
+    }
+    return { confirmed: false, cleanup: current, evidence: observations.join("->") };
+}
+function isCleanupClean(cleanup) {
+    return cleanup.openOrders === 0 && cleanup.unexpectedPositions === 0;
+}
+function cleanupEvidence(cleanup) {
+    return `openOrders=${cleanup.openOrders};unexpectedPositions=${cleanup.unexpectedPositions}`;
+}
+function defaultWait(milliseconds) {
+    return new Promise((resolve) => setTimeout(resolve, milliseconds));
+}
+function cleanupFailureReport(steps, previewId, errorStage, lastObservedOrderState, detail) {
+    return {
+        submittedRealOrder: true,
+        status: "FAIL",
+        cleanupStatus: "FAIL",
+        steps,
+        previewId,
+        errorCode: "RCORE24002",
+        errorMessage: detail ?? "Trading verification cleanup could not be confirmed.",
+        errorStage,
+        ...(lastObservedOrderState ? { lastObservedOrderState } : {}),
+        expectedOrderStates: ["CANCELED", "EXPIRED", "REJECTED"],
+        recommendedAction: "Query order/get, order/list, and position/list before retrying; do not submit another verification until cleanup is confirmed."
+    };
+}
 function quantityForNotional(minNotional, price) {
     const priceNumber = Number(price);
     const minNotionalNumber = Number(minNotional);

package/dist/core/version.js

@@ -1 +1 @@
-export const RAPIDX_VERSION = "1.0.27";
+export const RAPIDX_VERSION = "1.0.29";

package/dist/mcp/tool-registry.js

@@ -10,13 +10,20 @@ export function getMcpToolDefinitions() {
         const canonical = capabilityForTool(capability.mcpTool);
         tools.push({
             name: capability.mcpTool,
-            description: `RapidX ${canonical.capabilityId} (${canonical.riskLevel}, schema ${SCHEMA_VERSION})`,
+            description: toolDescription(canonical),
             inputSchema: inputSchemaForName(canonical.inputSchema),
             capability: canonical
         });
     }
     return tools.sort((a, b) => a.name.localeCompare(b.name));
 }
+function toolDescription(capability) {
+    const base = `RapidX ${capability.capabilityId} (${capability.riskLevel}, schema ${SCHEMA_VERSION})`;
+    if (!capability.containsRealOrder) {
+        return base;
+    }
+    return `${base}. This submits a real verification order and requires explicit human confirmation bound to symbol, side, maxNotional, and cancel cleanup behavior.`;
+}
 export function capabilityForTool(toolName) {
     const overrideId = toolName === "rapidx/tools"
         ? "schema.discover"

package/dist/mcp/tool-runner.js

@@ -1,4 +1,4 @@
-import { consumePreview, createTargetedTradePreview, createTradePreview, defaultSafetyPolicy, executeRapidXCapability, findCapabilityById, getSchemaResult, makeEvidence, makePreviewStore, makeSafetyState, normalizeUnknownError, runSelfCheck, runTradingVerification, verifyPreview, buildLiveReadOnlySelfCheck, buildLiveTradingVerificationProbes, checkForUpdate, } from "../core/index.js";
+import { consumePreview, createTargetedTradePreview, createTradePreview, defaultSafetyPolicy, executeRapidXCapability, findCapabilityById, getSchemaResult, makeEvidence, makePreviewStore, makeSafetyState, normalizeUnknownError, runSelfCheck, runPreviewPreflight, runTradingVerification, verifyPreview, buildLiveReadOnlySelfCheck, buildLiveTradingVerificationProbes, checkForUpdate, } from "../core/index.js";
 import { capabilityForTool, getMcpToolDefinitions } from "./tool-registry.js";
 import { writeMcpAudit } from "./audit.js";
 const previewStore = makePreviewStore();
@@ -6,14 +6,19 @@ const safetyState = makeSafetyState();
 export async function runMcpTool(toolName, input = {}) {
     try {
         if (toolName === "rapidx/tools") {
+            const schema = getSchemaResult();
             const data = {
-                schemaVersion: getSchemaResult().schemaVersion,
+                schemaVersion: schema.schemaVersion,
+                inputSchemas: schema.inputSchemas,
                 tools: getMcpToolDefinitions().map((tool) => ({
                     name: tool.name,
                     riskLevel: tool.capability.riskLevel,
                     inputSchema: tool.capability.inputSchema,
                     outputSchema: tool.capability.outputSchema,
-                    previewRequired: tool.capability.previewRequired
+                    previewRequired: tool.capability.previewRequired,
+                    containsRealOrder: tool.capability.containsRealOrder === true,
+                    requiresExplicitHumanConfirmation: tool.capability.requiresExplicitHumanConfirmation === true,
+                    confirmationMode: tool.capability.confirmationMode
                 }))
             };
             const auditId = writeMcpAudit("tools/list", "PASS", { toolName });
@@ -52,6 +57,13 @@ export async function runMcpTool(toolName, input = {}) {
                 throw new Error("order.preview capability missing");
             }
             const preview = createTradePreview(previewCapability, input, { ...defaultSafetyPolicy(), tradingEnabled: true, readOnly: false }, safetyState, previewStore);
+            try {
+                Object.assign(preview, await runPreviewPreflight("order.place", input));
+            }
+            catch (error) {
+                previewStore.records.delete(preview.previewId);
+                throw error;
+            }
             const auditId = writeMcpAudit("trade-preview", "PASS", { toolName, capabilityId: capability.capabilityId, previewId: preview.previewId });
             return { ok: true, status: "PASS", data: preview, auditId, evidence: [makeEvidence(toolName)] };
         }
@@ -62,6 +74,13 @@ export async function runMcpTool(toolName, input = {}) {
                 throw new Error(`${concretePreviewTarget} capability missing`);
             }
             const preview = createTargetedTradePreview(targetCapability, input, { ...defaultSafetyPolicy(), tradingEnabled: true, readOnly: false }, safetyState, previewStore);
+            try {
+                Object.assign(preview, await runPreviewPreflight(concretePreviewTarget, input));
+            }
+            catch (error) {
+                previewStore.records.delete(preview.previewId);
+                throw error;
+            }
             const auditId = writeMcpAudit("trade-preview", "PASS", { toolName, capabilityId: targetCapability.capabilityId, previewId: preview.previewId });
             return { ok: true, status: "PASS", data: preview, auditId, evidence: [makeEvidence(toolName)] };
         }
@@ -75,6 +94,13 @@ export async function runMcpTool(toolName, input = {}) {
                 throw new Error("trade preview target must be a non-preview trade write capability.");
             }
             const preview = createTargetedTradePreview(targetCapability, input, { ...defaultSafetyPolicy(), tradingEnabled: true, readOnly: false }, safetyState, previewStore);
+            try {
+                Object.assign(preview, await runPreviewPreflight(targetCapability.capabilityId, input));
+            }
+            catch (error) {
+                previewStore.records.delete(preview.previewId);
+                throw error;
+            }
             const auditId = writeMcpAudit("trade-preview", "PASS", { toolName, capabilityId: targetCapability.capabilityId, previewId: preview.previewId });
             return { ok: true, status: "PASS", data: preview, auditId, evidence: [makeEvidence(toolName)] };
         }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@liquiditytech/rapidx-cli",
-  "version": "1.0.27",
+  "version": "1.0.29",
   "description": "RapidX CLI, MCP server mode, registry, and release assets.",
   "type": "module",
   "private": false,

package/packages/distribution/docs/cli.md

@@ -21,7 +21,9 @@ Supported conventions:
 - Use `rapidx order cancel-preview` for `order.cancel`.
 - Use `rapidx trade preview` with `targetCapabilityId` for non-order trade writes, including position, account, and algo writes.
 - `rapidx trade preview` input is flat JSON; do not wrap target parameters under `params`.
+- CLI preview ids are stored in the local CLI preview store. Do not submit MCP-created preview ids through CLI.
 - Treat `maxNotional` as a safety upper bound, not as the target order amount. Check symbol `minNotional` before increasing a requested amount.
+- Use `positionSide="LONG"` or `positionSide="SHORT"` for hedge-mode order placement or verification. Do not switch account position mode just to place a hedge-side order.
 
 Examples:
 
@@ -42,8 +44,14 @@ rapidx account set-position-mode --input @/absolute/path/set-position-mode.json
 
 `rapidx update check --json` reads the RapidX release manifest and caches the result locally. Use it during setup, review, or session startup. Trade submit paths should not perform a fresh network update check.
 
+`rapidx schema --json` returns `capabilities` plus `inputSchemas`. Agents should read the concrete input schema before constructing write inputs.
+
 `rapidx account balance` defaults to `mode=portfolio` and reads `/api/v1/trading/portfolio/assets`. `mode=account` reads `/api/v1/account/balance` and requires credentials with account-level permission.
 
-`rapidx account set-position-mode` is a trade write. It requires a matching preview token and a `continueConsentId` before execution.
+`rapidx account set-position-mode` is a trade write. Use it only when the user explicitly asks to change account position mode. It requires a matching preview token and a `continueConsentId` before execution.
+
+`rapidx order cancel` is asynchronous. A successful response can mean cancel accepted but not terminal. Poll `rapidx order get --json` when `terminalStateConfirmed=false`.
+
+Automation mode still uses preview. Pass `automationMode=true` and the user's exact `automationConsentText` to preview only when the user has enabled automation in chat for the current scope.
 
 `rapidx position close` is a close-position action. Do not pass `side` or `quantity`; RapidX determines BUY or SELL from the current position and closes the target symbol/positionSide. Use a reduce-only order flow for partial closes. Verify the final exposure with `rapidx position list --json`, and do not rely only on `order get` to interpret the close intent.

package/packages/distribution/docs/mcp.md

@@ -24,13 +24,18 @@ Public tool names use the `rapidx/` prefix.
 
 Key trading tools:
 
+- `rapidx/tools` returns the MCP tool list plus `inputSchemas`. Agents should read the concrete input schema before constructing write inputs.
 - `rapidx/update/check` reads the RapidX release manifest and returns current/latest CLI version, minimum write version, skills update advice, and upgrade commands.
 - `rapidx/self-check` can include update state when called with `{"checkUpdates": true}`.
 - `rapidx/order/preview` creates preview tokens for `order.place`.
 - `rapidx/order/place-preview`, `rapidx/order/amend-preview`, and `rapidx/order/cancel-preview` are concrete order preview aliases. Preview responses include `confirmation.submitToken`; pass it as `continueConsentId` when submitting the matching write tool.
 - `rapidx/trade/preview` creates preview tokens for non-place trade writes by `targetCapabilityId`, including position, account, and algo writes.
+- Preview ids are local to the running MCP server. Do not submit a CLI-created preview id through MCP, and do not submit an MCP-created preview id through CLI.
+- `rapidx/order/cancel` returns cancel acceptance plus terminal-state guidance. Poll `rapidx/order/get` when `terminalStateConfirmed=false`.
+- Automation mode still uses preview. Set `automationMode=true` and pass the user's exact `automationConsentText` only when the user has enabled automation in chat for the current scope.
 - `rapidx/position/history` reads historical positions.
-- `rapidx/account/set-position-mode` changes account position mode and requires preview plus explicit continuation consent.
-- `rapidx/trade/verify-live` runs the optional small real-trade verification flow with `explicitUserConsent`; it creates its own internal preview and does not accept an external `previewId`. `rapidx/trading-verification` remains supported as a compatibility alias.
+- Hedge-mode order placement and verification use `positionSide="LONG"` or `positionSide="SHORT"` in the order or verify-live input. Do not use account mode switching as a substitute for order-level `positionSide`.
+- `rapidx/account/set-position-mode` changes account position mode and requires preview plus explicit continuation consent. Use it only when the user explicitly asks to change account position mode.
+- `rapidx/trade/verify-live` runs the optional small real-trade verification flow with `explicitUserConsent` and parameter-bound `acceptedRiskText`; it creates its own internal preview and does not accept an external `previewId`. If `positionSide` is provided, `acceptedRiskText` must include that position side. `rapidx/trading-verification` remains supported as a compatibility alias.
 
 Agents must discover the full tool list through `rapidx/tools` and must not invent tool names.

package/packages/distribution/docs/quickstart.md

@@ -113,6 +113,8 @@ rapidx schema --json
 
 For trade writes, create a preview before submit. Use `rapidx order place-preview` for `order.place`, `rapidx order amend-preview` for `order.amend`, and `rapidx order cancel-preview` for `order.cancel`. Use flat JSON with `rapidx trade preview` and `targetCapabilityId` for non-order writes such as `position.set-leverage`, `position.close`, or `account.set-position-mode`.
 
+`rapidx schema --json` and `rapidx/tools` return concrete `inputSchemas`. For hedge-mode orders, use `positionSide="LONG"` or `positionSide="SHORT"` in the order or verify-live input. Use `account.set-position-mode` only when the user explicitly asks to change account mode.
+
 For clearer order flows, prefer the explicit aliases:
 
 ```bash
@@ -124,6 +126,12 @@ rapidx trade preview --input '{"targetCapabilityId":"position.set-leverage","sym
 
 When submitting the actual write, pass the returned `previewId` and use `confirmation.submitToken` as `continueConsentId`.
 
+Preview ids are runtime-local. Submit MCP previews through the same MCP server runtime, and submit CLI previews through the same CLI preview store.
+
+`order.cancel` is asynchronous. If the cancel result says `terminalStateConfirmed=false`, poll `order get` until a terminal state before claiming that the order is cancelled.
+
+For automation, keep the preview-first flow. Use `automationMode=true` and the user's exact `automationConsentText` only after the user has enabled RapidX automation mode in chat for the current scope.
+
 `maxNotional` is a safety upper bound, not the target order amount. If a requested amount is below the symbol `minNotional`, ask the user to confirm the larger amount before submitting. For `position.close`, do not pass `side` or `quantity`; RapidX determines the close side from the current position and closes the target symbol/positionSide. Use a reduce-only order flow for partial closes, then check final exposure with `position list`.
 
-Use `rapidx trade verify-live --json` only when the user explicitly authorizes a small real-trade verification. The older `rapidx self-check trade-verify --json` command remains supported for compatibility.
+Use `rapidx trade verify-live --json` only when the user explicitly authorizes a small real-trade verification. Include `acceptedRiskText` that names the exact symbol, side, positionSide when provided, maxNotional, real-order risk, and cancel cleanup behavior. The older `rapidx self-check trade-verify --json` command remains supported for compatibility.

package/packages/distribution/docs/tools.md

@@ -4,7 +4,7 @@ The canonical source is `rapidx schema --json` or `rapidx/tools`.
 
 ## Discovery And Update
 
-- `rapidx/tools`: returns the MCP tool surface and schema metadata.
+- `rapidx/tools`: returns the MCP tool surface and concrete `inputSchemas`.
 - `rapidx/self-check`: verifies discovery, schema, credentials, and optional read-only probes. Pass `checkUpdates=true` to include release manifest status.
 - `rapidx/update/check`: reads the RapidX release manifest, returns version status, minimum write version, skills update advice, and upgrade commands.
 
@@ -24,12 +24,46 @@ The canonical source is `rapidx schema --json` or `rapidx/tools`.
 - Position reads: list and position history.
 - Algo reads: list.
 
+## Symbol Format
+
+Use RapidX symbols in tool inputs:
+
+```text
+BINANCE_PERP_<BASE>_<QUOTE>
+```
+
+`OKX_PERP_<BASE>_<QUOTE>` is also supported for OKX perpetual instruments. `OKX_SWAP_<BASE>_<QUOTE>` is accepted as an input alias and is normalized to `OKX_PERP_<BASE>_<QUOTE>` in preview matching and outputs.
+
+Public market adapters may call venue APIs with official venue symbols such as `BTCUSDT` or `BTC-USDT-SWAP`. When the venue response uses a different symbol, RapidX returns canonical `symbol` plus `originalSymbol`.
+
 ## Write Tools
 
 - Order writes: place, amend, and cancel.
 - Position writes: close and set leverage.
 - Account writes: set position mode.
 - Algo writes: place, amend, and cancel.
-- Live verification: `rapidx/trade/verify-live` is the clearer alias for the small real-trade verification flow. `rapidx/trading-verification` remains supported for compatibility.
+- Live verification: `rapidx/trade/verify-live` is the clearer alias for the small real-trade verification flow. It submits a real verification order and requires `acceptedRiskText` bound to the exact symbol, side, maxNotional, real-order risk, and cancel cleanup behavior. If `positionSide` is provided, `acceptedRiskText` must include it. `rapidx/trading-verification` remains supported for compatibility.
 
 All write tools require preview where the schema marks `previewRequired: true`.
+MARKET order writes are allowed after preview and consent. Preview includes immediate-execution and slippage risk notes; do not replace MARKET with a synthetic limit strategy unless the user explicitly asks for that order style.
+
+For hedge-mode order placement, pass `positionSide="LONG"` or `positionSide="SHORT"` on the order or verify-live input. Use `account.set-position-mode` only when the user explicitly asks to change the account position mode.
+
+Preview ids are runtime-local. A preview created by MCP must be submitted through the same MCP server runtime. A preview created by CLI must be submitted through the same CLI preview store. Do not mix MCP preview ids with CLI submit commands, or the reverse.
+
+`order.cancel` is asynchronous. A successful cancel response means the cancel request was accepted; it may not prove a terminal order state yet. The response includes `cancelAccepted`, `terminalStateConfirmed`, `lastObservedOrderState`, and `recommendedAction`. Poll `order.get` until `CANCELED`, `REJECTED`, `EXPIRED`, or timeout when `terminalStateConfirmed=false`.
+
+For automation, keep preview-first execution. Set `automationMode=true` and pass the user's exact `automationConsentText` only when the user has explicitly enabled RapidX automation mode in chat. The preview response still returns `confirmation.submitToken`; automation mode only means the agent may use that submit token without asking for another per-order chat confirmation within the authorized scope.
+
+For TPSL or conditional algo orders, use `rapidx/trade/preview` with `targetCapabilityId="algo.place"`, then submit `rapidx/algo/place`. `conditionType="ENTIRE_CLOSE_POSITION"` may use `orderType="MARKET"` without `quantity` or `amount`; provide at least one take-profit or stop-loss trigger and verify with `rapidx/algo/list`.
+
+## Result Statuses
+
+- `PASS`: the tool or command completed successfully.
+- `INVALID_INPUT`: local schema or parameter validation failed. Fix the input before retrying.
+- `BLOCKED`: local preview, safety, compatibility, or policy checks rejected the action before submission.
+- `NOT_FOUND`: the requested order, position, or upstream resource was not found.
+- `PERMISSION_SCOPE_ERROR`: credentials are valid but do not cover the requested scope, such as account-level balance with portfolio-scoped credentials.
+- `BUSINESS_ERROR`: RapidX or venue business rules rejected the request.
+- `NOT_VERIFIED`: the tool could not prove the requested state.
+- `FAIL`: startup, auth, network, malformed response, or unexpected execution failure.

package/packages/distribution/manifests/offline-manifest.json

@@ -1,25 +1,25 @@
 {
-  "version": "1.0.27",
+  "version": "1.0.29",
   "artifacts": [
     {
       "name": "rapidx-mcp-registry",
       "path": "packages/distribution/registry/rapidx.mcp.json",
       "channel": "offline",
-      "checksum": "sha256:b48359c7cf540918a6de44a08378ccb5c9a6746e98112e20d6c586e660752b0a",
+      "checksum": "sha256:8a462f111ce2e1496b670978113277deeb49fc8ebcc9bfb2f9af3a91e5c8f9eb",
       "status": "ready"
     },
     {
       "name": "rapidx-quickstart-doc",
       "path": "packages/distribution/docs/quickstart.md",
       "channel": "offline",
-      "checksum": "sha256:7d8f511a5dbe803e7a19ede0be79f6bf1b77942dbafa45d0ce87fb3b098f7829",
+      "checksum": "sha256:f1771cbc6e3da39b47afac839ca89fc063bede11ac9d8078b215145953c0145c",
       "status": "ready"
     },
     {
       "name": "rapidx-tools-doc",
       "path": "packages/distribution/docs/tools.md",
       "channel": "offline",
-      "checksum": "sha256:ee6adae99a6facfd5f1c3dced86c7a28eafd11ecbe7e2a7eda159a6aa788a245",
+      "checksum": "sha256:e6ba0a1cbafa47fef2d6a2de6baffeb0a786d1d38886961c1347b9ffbd870e54",
       "status": "ready"
     }
   ]

package/packages/distribution/registry/rapidx.mcp.json

@@ -1,7 +1,7 @@
 {
   "name": "rapidx",
   "packageName": "@liquiditytech/rapidx-cli",
-  "version": "1.0.27",
+  "version": "1.0.29",
   "command": "rapidx",
   "args": ["mcp", "serve"],
   "launchCommand": "rapidx",