@liquiditytech/rapidx-cli 1.0.34 → 1.0.36

package/README.md

@@ -38,6 +38,14 @@ rapidx order place-preview --input '{"symbol":"BINANCE_PERP_BTC_USDT","side":"BU
 
 Submit write operations only after reviewing the preview result and providing the returned `previewId` plus `confirmation.submitToken` as `continueConsentId`.
 
+For bounded agent automation, create a local session first, then pass `automationSessionId` to preview:
+
+```bash
+rapidx automation start --input '{"symbols":["BINANCE_PERP_BTC_USDT"],"maxNotionalPerOrder":"100","maxTotalNotional":"1000","expiresInSeconds":3600,"allowedActions":["order.place"],"allowedOrderTypes":["MARKET","LIMIT"],"explicitUserConsent":true,"acceptedRiskText":"I authorize RapidX automation for BINANCE_PERP_BTC_USDT with maxNotionalPerOrder 100 and maxTotalNotional 1000."}' --json
+```
+
+Automation still uses preview-first trading; the session only replaces per-order chat confirmation within the authorized scope.
+
 ## Use As MCP
 
 Configure the agent host to start the MCP server with:

package/dist/cli/commands/automation.js

@@ -0,0 +1,36 @@
+import { extendAutomationSession, getAutomationSession, listAutomationSessions, loadAutomationSessionStoreFromFile, normalizeUnknownError, publicErrorDetails, resolveAutomationSessionStoreFile, saveAutomationSessionStoreToFile, startAutomationSession, stopAutomationSession, withAutomationSessionStoreLock } from "../../core/index.js";
+import { fail, ok } from "../envelope.js";
+export function runAutomationCommand(action, input) {
+    const filePath = resolveAutomationSessionStoreFile();
+    try {
+        return withAutomationSessionStoreLock(filePath, () => {
+            const store = loadAutomationSessionStoreFromFile(filePath);
+            if (action === "start") {
+                const session = startAutomationSession(store, input);
+                saveAutomationSessionStoreToFile(filePath, store);
+                return ok(session, "rapidx automation start");
+            }
+            if (action === "list") {
+                return ok({ sessions: listAutomationSessions(store) }, "rapidx automation list");
+            }
+            if (action === "status") {
+                return ok(getAutomationSession(store, input), "rapidx automation status");
+            }
+            if (action === "extend") {
+                const session = extendAutomationSession(store, input);
+                saveAutomationSessionStoreToFile(filePath, store);
+                return ok(session, "rapidx automation extend");
+            }
+            if (action === "stop") {
+                const session = stopAutomationSession(store, input);
+                saveAutomationSessionStoreToFile(filePath, store);
+                return ok(session, "rapidx automation stop");
+            }
+            return fail("RCLI12001", `Unknown automation command: ${action}`);
+        });
+    }
+    catch (error) {
+        const productError = normalizeUnknownError(error, "RCLI26000");
+        return fail(productError.code.replace(/^RCORE/, "RCLI"), productError.message, productError.status, `rapidx automation ${action}`, publicErrorDetails(productError));
+    }
+}

package/dist/cli/commands/index.js

@@ -2,6 +2,7 @@ import { checkInvocationMode } from "../invocation-checker.js";
 import { fail, ok } from "../envelope.js";
 import { runPortfolioCommand } from "./account.js";
 import { runAlgoCommand } from "./algo.js";
+import { runAutomationCommand } from "./automation.js";
 import { runAuthCheck } from "./auth.js";
 import { runConfigCommand } from "./config.js";
 import { runDoctorCommand } from "./doctor.js";
@@ -42,6 +43,9 @@ export async function dispatchCli(parsed) {
     if (domain === "update") {
         return runUpdateCommand(action ?? "check", parsed.input);
     }
+    if (domain === "automation") {
+        return runAutomationCommand(action ?? "list", parsed.input);
+    }
     if (domain === "invocation" && action === "check") {
         const invocationInput = {};
         if (typeof parsed.input.commandLine === "string") {

package/dist/cli/commands/order.js

@@ -1,17 +1,20 @@
-import { consumePreview, createTargetedTradePreview, createTradePreview, defaultSafetyPolicy, executeRapidXCapability, findCapabilityById, loadPreviewStoreFromFile, makeSafetyState, normalizeUnknownError, publicErrorDetails, resolvePreviewStoreFile, runPreviewPreflight, savePreviewStoreToFile, verifyPreview } from "../../core/index.js";
+import { consumePreview, createTargetedTradePreview, createTradePreview, defaultSafetyPolicy, executeRapidXCapability, findCapabilityById, assertAutomationSessionStillAllowsSubmit, loadAutomationSessionStoreFromFile, loadPreviewStoreFromFile, makeSafetyState, normalizeUnknownError, publicErrorDetails, ProductError, assertTargetedTradePreviewInput, recordAutomationSessionSubmit, resolveAutomationSessionForPreview, resolveAutomationSessionStoreFile, resolvePreviewStoreFile, runPreviewPreflight, saveAutomationSessionStoreToFile, savePreviewStoreToFile, verifyPreview, withAutomationSessionStoreLock } from "../../core/index.js";
 import { fail, ok } from "../envelope.js";
 import { writeCliAudit } from "../audit.js";
 const safetyState = makeSafetyState();
 export async function runOrderCommand(action, input) {
     const previewStoreFile = resolvePreviewStoreFile();
     const previewStore = loadPreviewStoreFromFile(previewStoreFile);
+    const automationStoreFile = resolveAutomationSessionStoreFile();
+    const automationStore = loadAutomationSessionStoreFromFile(automationStoreFile);
     if (action === "place-preview") {
         const capability = findCapabilityById("order.place-preview");
         if (!capability) {
             return fail("RCLI30001", "order.place-preview capability missing.");
         }
         try {
-            const preview = createTradePreview(capability, input, { ...defaultSafetyPolicy(), tradingEnabled: true, readOnly: false }, safetyState, previewStore);
+            const automation = optionalAutomationSession(automationStore, "order.place", input);
+            const preview = createTradePreview(capability, input, { ...defaultSafetyPolicy(), tradingEnabled: true, readOnly: false }, safetyState, previewStore, 300, automation ? { automationSession: automation.session } : {});
             Object.assign(preview, await runPreviewPreflight("order.place", input));
             savePreviewStoreToFile(previewStoreFile, previewStore);
             return ok(preview, `rapidx order ${action}`);
@@ -28,8 +31,11 @@ export async function runOrderCommand(action, input) {
             return fail("RCLI30001", `${previewTarget} capability missing.`);
         }
         try {
-            const preview = createTargetedTradePreview(targetCapability, input, { ...defaultSafetyPolicy(), tradingEnabled: true, readOnly: false }, safetyState, previewStore);
-            Object.assign(preview, await runPreviewPreflight(previewTarget, input));
+            assertTargetedTradePreviewInput(targetCapability, input);
+            const preflight = await runPreviewPreflight(previewTarget, input);
+            const automation = optionalAutomationSession(automationStore, previewTarget, { ...input, ...preflight });
+            const preview = createTargetedTradePreview(targetCapability, input, { ...defaultSafetyPolicy(), tradingEnabled: true, readOnly: false }, safetyState, previewStore, 300, automation ? { automationSession: automation.session } : {});
+            Object.assign(preview, preflight);
             savePreviewStoreToFile(previewStoreFile, previewStore);
             return ok(preview, `rapidx order ${action}`);
         }
@@ -42,9 +48,12 @@ export async function runOrderCommand(action, input) {
     if (!capability) {
         return fail("RCLI12001", `Unknown order command: ${action}`);
     }
+    let consumedPreview;
     if (capability.previewRequired) {
+        let previewRecord;
         try {
-            verifyPreview(previewStore, typeof input.previewId === "string" ? input.previewId : undefined, capability, input);
+            previewRecord = verifyPreview(previewStore, typeof input.previewId === "string" ? input.previewId : undefined, capability, input);
+            assertAutomationSessionStillAllowsSubmit(automationStore, previewRecord, capability.capabilityId);
         }
         catch (error) {
             return fail("RCLI20002", error instanceof Error ? error.message : String(error), "BLOCKED", `rapidx order ${action}`);
@@ -52,8 +61,32 @@ export async function runOrderCommand(action, input) {
         if (typeof input.continueConsentId !== "string" || input.continueConsentId.length === 0) {
             return fail("RCLI20001", "continueConsentId is required for trade writes.", "BLOCKED", `rapidx order ${action}`);
         }
+        if (previewRecord.automationSession) {
+            try {
+                const data = await withAutomationSessionStoreLock(automationStoreFile, async () => {
+                    const lockedAutomationStore = loadAutomationSessionStoreFromFile(automationStoreFile);
+                    const lockedPreviewStore = loadPreviewStoreFromFile(previewStoreFile);
+                    const lockedPreviewRecord = verifyPreview(lockedPreviewStore, typeof input.previewId === "string" ? input.previewId : undefined, capability, input);
+                    assertAutomationSessionStillAllowsSubmit(lockedAutomationStore, lockedPreviewRecord, capability.capabilityId);
+                    const lockedConsumedPreview = consumePreview(lockedPreviewStore, typeof input.previewId === "string" ? input.previewId : undefined, capability, input);
+                    savePreviewStoreToFile(previewStoreFile, lockedPreviewStore);
+                    const result = await executeRapidXCapability(capability.capabilityId, input);
+                    recordAutomationSessionSubmit(lockedAutomationStore, lockedConsumedPreview, new Date(), capability.capabilityId);
+                    saveAutomationSessionStoreToFile(automationStoreFile, lockedAutomationStore);
+                    return result;
+                });
+                const auditId = capability.operationType === "TRADE_WRITE"
+                    ? writeCliAudit("trade-write", "PASS", { command: `rapidx order ${action}`, capabilityId: capability.capabilityId, clientOrderId: input.clientOrderId })
+                    : undefined;
+                return ok(data, `rapidx order ${action}`, "PASS", "real_tool_call", auditId);
+            }
+            catch (error) {
+                const productError = normalizeUnknownError(error, "RCLI12001");
+                return fail(productError.code.replace(/^RCORE/, "RCLI"), productError.message, productError.status, `rapidx order ${action}`, publicErrorDetails(productError));
+            }
+        }
         try {
-            consumePreview(previewStore, typeof input.previewId === "string" ? input.previewId : undefined, capability, input);
+            consumedPreview = consumePreview(previewStore, typeof input.previewId === "string" ? input.previewId : undefined, capability, input);
             savePreviewStoreToFile(previewStoreFile, previewStore);
         }
         catch (error) {
@@ -62,6 +95,10 @@ export async function runOrderCommand(action, input) {
     }
     try {
         const data = await executeRapidXCapability(capability.capabilityId, input);
+        if (consumedPreview?.automationSession) {
+            recordAutomationSessionSubmit(automationStore, consumedPreview, new Date(), capability.capabilityId);
+            saveAutomationSessionStoreToFile(automationStoreFile, automationStore);
+        }
         const auditId = capability.operationType === "TRADE_WRITE"
             ? writeCliAudit("trade-write", "PASS", { command: `rapidx order ${action}`, capabilityId: capability.capabilityId, clientOrderId: input.clientOrderId })
             : undefined;
@@ -72,6 +109,17 @@ export async function runOrderCommand(action, input) {
         return fail(productError.code.replace(/^RCORE/, "RCLI"), productError.message, productError.status, `rapidx order ${action}`, publicErrorDetails(productError));
     }
 }
+function optionalAutomationSession(store, targetCapabilityId, input) {
+    try {
+        return resolveAutomationSessionForPreview(store, targetCapabilityId, input);
+    }
+    catch (error) {
+        if (error instanceof ProductError && error.code === "RCORE26001") {
+            return undefined;
+        }
+        throw error;
+    }
+}
 function previewTargetForAction(action) {
     if (action === "replace-preview") {
         return "order.replace";

package/dist/cli/help.js

@@ -11,6 +11,7 @@ export function formatCliHelp() {
         "  rapidx self-check --input '{\"scope\":\"deep\"}' --json",
         "  rapidx market get-ticker --input '{\"symbol\":\"BINANCE_PERP_BTC_USDT\"}' --json",
         "  rapidx market get-ticker --symbol BINANCE_PERP_BTC_USDT --json",
+        "  rapidx automation start --input '{\"symbols\":[\"BINANCE_PERP_BTC_USDT\"],\"maxNotionalPerOrder\":\"100\",\"maxTotalNotional\":\"1000\",\"expiresInSeconds\":3600,\"allowedActions\":[\"order.place\",\"order.replace\",\"order.cancel\"],\"allowedOrderTypes\":[\"MARKET\",\"LIMIT\"]}' --json",
         "  rapidx order place-preview --input '{\"symbol\":\"BINANCE_PERP_BTC_USDT\",\"side\":\"BUY\",\"orderType\":\"LIMIT\",\"price\":\"1\",\"quantity\":\"0.001\",\"maxNotional\":\"1\",\"clientOrderId\":\"example\"}' --json",
         "  rapidx order cancel-preview --input '{\"orderId\":\"<order-id>\"}' --json",
         "  rapidx trade verify-live --input '{\"symbol\":\"BINANCE_PERP_BTC_USDT\",\"side\":\"BUY\",\"maxNotional\":\"10\",\"clientOrderId\":\"verify-001\",\"explicitUserConsent\":true,\"acceptedRiskText\":\"I authorize a real verification order for BINANCE_PERP_BTC_USDT BUY maxNotional 10 with cancel cleanup.\"}' --json",
@@ -18,7 +19,7 @@ export function formatCliHelp() {
         "",
         "Domains:",
         "  schema, doctor, auth, config, update, self-check, invocation",
-        "  market, portfolio, order, transaction, trade, position, algo",
+        "  market, portfolio, automation, order, transaction, trade, position, algo",
         "",
         "Use --input for structured JSON. Named options such as --symbol and --depth are also accepted for simple inputs."
     ].join("\n");

package/dist/cli/parser.js

@@ -62,7 +62,7 @@ function readInput(value) {
     return parsed;
 }
 const RESERVED_OPTIONS = new Set(["help", "version", "json", "input"]);
-const NUMBER_OPTIONS = new Set(["depth", "limit", "pageSize", "leverage", "maxCacheAgeSeconds"]);
+const NUMBER_OPTIONS = new Set(["depth", "limit", "pageSize", "leverage", "maxCacheAgeSeconds", "expiresInSeconds"]);
 const BOOLEAN_OPTIONS = new Set(["postOnly", "reduceOnly", "readOnly", "explicitUserConsent", "force", "checkUpdates"]);
 function normalizeOptionName(name) {
     return name.replace(/-([a-z])/g, (_, char) => char.toUpperCase());

package/dist/core/automation/session.js

@@ -0,0 +1,455 @@
+import { randomUUID } from "node:crypto";
+import { existsSync, mkdirSync, readFileSync, renameSync, rmSync, writeFileSync } from "node:fs";
+import { dirname, join, resolve } from "node:path";
+import { ProductError } from "../errors/product-error.js";
+import { parseRapidXSymbol } from "../client/symbol.js";
+const DEFAULT_EXPIRES_IN_SECONDS = 24 * 60 * 60;
+const MAX_EXPIRES_IN_SECONDS = 30 * 24 * 60 * 60;
+const DEFAULT_ALLOWED_ACTIONS = ["order.place", "order.replace", "order.cancel"];
+const DEFAULT_ALLOWED_ORDER_TYPES = ["LIMIT", "MARKET"];
+export function makeAutomationSessionStore() {
+    return { sessions: new Map() };
+}
+export function resolveAutomationSessionStoreFile(env = process.env, cwd = process.cwd()) {
+    const stateDir = env.RAPIDX_STATE_DIR ? resolve(env.RAPIDX_STATE_DIR) : resolve(cwd, ".rapidx");
+    return join(stateDir, "automation-sessions.json");
+}
+export function loadAutomationSessionStoreFromFile(filePath, now = new Date()) {
+    const store = makeAutomationSessionStore();
+    if (!existsSync(filePath)) {
+        return store;
+    }
+    const parsed = JSON.parse(readFileSync(filePath, "utf8"));
+    if (!Array.isArray(parsed)) {
+        return store;
+    }
+    for (const item of parsed) {
+        if (isAutomationSession(item)) {
+            const session = item.expiresAt && new Date(item.expiresAt).getTime() < now.getTime() && item.status === "ACTIVE"
+                ? { ...item, status: "STOPPED" }
+                : item;
+            store.sessions.set(session.automationSessionId, session);
+        }
+    }
+    return store;
+}
+export function saveAutomationSessionStoreToFile(filePath, store) {
+    mkdirSync(dirname(filePath), { recursive: true });
+    const tmp = `${filePath}.${process.pid}.${Date.now()}.tmp`;
+    writeFileSync(tmp, `${JSON.stringify([...store.sessions.values()], null, 2)}\n`, { mode: 0o600 });
+    renameSync(tmp, filePath);
+}
+export function withAutomationSessionStoreLock(filePath, fn) {
+    const lockPath = `${filePath}.lock`;
+    mkdirSync(dirname(lockPath), { recursive: true });
+    try {
+        mkdirSync(lockPath, { mode: 0o700 });
+    }
+    catch {
+        throw new ProductError({
+            code: "RCORE26006",
+            status: "BLOCKED",
+            message: "Automation session store is busy. Retry shortly."
+        });
+    }
+    let removeSynchronously = true;
+    try {
+        const result = fn();
+        if (isPromiseLike(result)) {
+            removeSynchronously = false;
+            return result.finally(() => {
+                rmSync(lockPath, { recursive: true, force: true });
+            });
+        }
+        rmSync(lockPath, { recursive: true, force: true });
+        return result;
+    }
+    finally {
+        // Promise-returning callbacks remove the lock in finally() after they settle.
+        if (removeSynchronously && existsSync(lockPath)) {
+            rmSync(lockPath, { recursive: true, force: true });
+        }
+    }
+}
+export function startAutomationSession(store, input, now = new Date()) {
+    const acceptedRiskText = requireAutomationConsent(input, "automation.start");
+    const expiresInSeconds = input.expiresInSeconds ?? DEFAULT_EXPIRES_IN_SECONDS;
+    validateExpiresInSeconds(expiresInSeconds);
+    const symbols = normalizeSymbols(input.symbols);
+    const session = {
+        automationSessionId: `ras_${randomUUID()}`,
+        status: "ACTIVE",
+        symbols,
+        maxNotionalPerOrder: validatePositiveDecimal(input.maxNotionalPerOrder, "maxNotionalPerOrder"),
+        maxTotalNotional: validatePositiveDecimal(input.maxTotalNotional, "maxTotalNotional"),
+        usedNotional: "0",
+        allowedActions: normalizeStringList(input.allowedActions, DEFAULT_ALLOWED_ACTIONS, "allowedActions"),
+        allowedOrderTypes: normalizeStringList(input.allowedOrderTypes, DEFAULT_ALLOWED_ORDER_TYPES, "allowedOrderTypes").map((value) => value.toUpperCase()),
+        createdAt: now.toISOString(),
+        expiresAt: new Date(now.getTime() + expiresInSeconds * 1000).toISOString(),
+        acceptedRiskText,
+        ...(input.name ? { name: input.name } : {})
+    };
+    store.sessions.set(session.automationSessionId, session);
+    return session;
+}
+export function extendAutomationSession(store, input, now = new Date()) {
+    const acceptedRiskText = requireAutomationConsent(input, "automation.extend");
+    validateExpiresInSeconds(input.expiresInSeconds);
+    const session = requireSession(store, input.automationSessionId, now);
+    const updated = {
+        ...session,
+        expiresAt: new Date(now.getTime() + input.expiresInSeconds * 1000).toISOString(),
+        lastExtensionAcceptedRiskText: acceptedRiskText
+    };
+    store.sessions.set(updated.automationSessionId, updated);
+    return updated;
+}
+export function stopAutomationSession(store, input, now = new Date()) {
+    const session = requireKnownSession(store, input.automationSessionId);
+    const updated = {
+        ...session,
+        status: "STOPPED",
+        stoppedAt: now.toISOString()
+    };
+    store.sessions.set(updated.automationSessionId, updated);
+    return updated;
+}
+export function getAutomationSession(store, input, now = new Date()) {
+    return requireSession(store, input.automationSessionId, now);
+}
+export function listAutomationSessions(store, now = new Date()) {
+    return [...store.sessions.values()].map((session) => {
+        if (session.status === "ACTIVE" && new Date(session.expiresAt).getTime() < now.getTime()) {
+            return { ...session, status: "STOPPED" };
+        }
+        return session;
+    });
+}
+export function resolveAutomationSessionForPreview(store, targetCapabilityId, input, now = new Date()) {
+    const explicit = typeof input.automationSessionId === "string" && input.automationSessionId.length > 0
+        ? input.automationSessionId
+        : undefined;
+    if (explicit) {
+        const session = requireSession(store, explicit, now);
+        assertSessionAllowsPreview(session, targetCapabilityId, input, now);
+        return { session, matchedBy: "explicit" };
+    }
+    const matches = [...store.sessions.values()].filter((session) => {
+        try {
+            assertSessionAllowsPreview(session, targetCapabilityId, input, now);
+            return true;
+        }
+        catch {
+            return false;
+        }
+    });
+    if (matches.length === 1) {
+        return { session: matches[0], matchedBy: "auto" };
+    }
+    if (matches.length > 1) {
+        throw new ProductError({
+            code: "RCORE26003",
+            status: "BLOCKED",
+            message: "multiple automation sessions match this preview; pass automationSessionId explicitly."
+        });
+    }
+    throw new ProductError({
+        code: "RCORE26001",
+        status: "BLOCKED",
+        message: "automation session required for automated submit."
+    });
+}
+export function automationPreviewDetails(session) {
+    return {
+        automationSessionId: session.automationSessionId,
+        confirmationMode: "automation-session",
+        expiresAt: session.expiresAt,
+        maxNotionalPerOrder: session.maxNotionalPerOrder,
+        maxTotalNotional: session.maxTotalNotional,
+        usedNotional: session.usedNotional
+    };
+}
+export function assertAutomationSessionStillAllowsSubmit(store, preview, targetCapabilityId, now = new Date()) {
+    const sessionId = preview.automationSession?.automationSessionId;
+    if (!sessionId) {
+        return undefined;
+    }
+    const session = requireSession(store, sessionId, now);
+    assertSessionAllowsPreview(session, targetCapabilityId, {
+        ...preview.businessParams,
+        ...(preview.orderReadback ? { orderReadback: preview.orderReadback } : {})
+    }, now);
+    return session;
+}
+export function recordAutomationSessionSubmit(store, preview, now = new Date(), targetCapabilityId) {
+    const sessionId = preview.automationSession?.automationSessionId;
+    if (!sessionId) {
+        return undefined;
+    }
+    const session = requireSession(store, sessionId, now);
+    const action = normalizePreviewCapabilityId(targetCapabilityId ?? preview.capabilityId);
+    const notional = automationNotionalForAction(action, {
+        ...preview.businessParams,
+        ...(preview.orderReadback ? { orderReadback: preview.orderReadback } : {})
+    });
+    if (!notional) {
+        return session;
+    }
+    const usedNotional = addDecimalStrings(session.usedNotional, notional);
+    const updated = { ...session, usedNotional };
+    store.sessions.set(session.automationSessionId, updated);
+    return updated;
+}
+function assertSessionAllowsPreview(session, targetCapabilityId, input, now = new Date()) {
+    requireActiveSession(session, now);
+    if (!session.allowedActions.includes(targetCapabilityId)) {
+        throw new ProductError({
+            code: "RCORE26004",
+            status: "BLOCKED",
+            message: `automation session does not allow ${targetCapabilityId}.`
+        });
+    }
+    const symbol = symbolForAutomationInput(input);
+    if (isOrderLifecycleAction(targetCapabilityId) && !symbol) {
+        throw new ProductError({ code: "RCORE26004", status: "BLOCKED", message: `automation ${targetCapabilityId} requires symbol or orderReadback symbol.` });
+    }
+    if (symbol && !session.symbols.includes(symbol)) {
+        throw new ProductError({ code: "RCORE26004", status: "BLOCKED", message: "automation session does not allow this symbol." });
+    }
+    const orderType = typeof input.orderType === "string" ? input.orderType.toUpperCase() : undefined;
+    if (targetCapabilityId === "order.place" && orderType && !session.allowedOrderTypes.includes(orderType)) {
+        throw new ProductError({ code: "RCORE26004", status: "BLOCKED", message: "automation session does not allow this orderType." });
+    }
+    const notional = automationNotionalForAction(targetCapabilityId, input);
+    if (notional) {
+        if (compareDecimalStrings(notional, session.maxNotionalPerOrder) > 0) {
+            throw new ProductError({
+                code: "RCORE26005",
+                status: "BLOCKED",
+                message: targetCapabilityId === "order.place"
+                    ? "maxNotional exceeds automation maxNotionalPerOrder."
+                    : `${targetCapabilityId} notional exceeds automation maxNotionalPerOrder.`
+            });
+        }
+        if (compareDecimalStrings(addDecimalStrings(session.usedNotional, notional), session.maxTotalNotional) > 0) {
+            throw new ProductError({
+                code: "RCORE26005",
+                status: "BLOCKED",
+                message: "automation maxTotalNotional exceeded."
+            });
+        }
+    }
+}
+function isOrderLifecycleAction(targetCapabilityId) {
+    return targetCapabilityId === "order.place" || targetCapabilityId === "order.replace" || targetCapabilityId === "order.cancel";
+}
+function normalizePreviewCapabilityId(capabilityId) {
+    if (capabilityId === "order.place-preview") {
+        return "order.place";
+    }
+    if (capabilityId === "order.replace-preview") {
+        return "order.replace";
+    }
+    if (capabilityId === "order.cancel-preview") {
+        return "order.cancel";
+    }
+    return capabilityId ?? "";
+}
+function automationNotionalForAction(targetCapabilityId, input) {
+    if (targetCapabilityId === "order.place") {
+        return validatePositiveDecimal(String(input.maxNotional ?? ""), "maxNotional");
+    }
+    if (targetCapabilityId === "order.replace") {
+        return replacementNotional(input);
+    }
+    return undefined;
+}
+function replacementNotional(input) {
+    const orderReadback = isRecord(input.orderReadback) ? input.orderReadback : {};
+    const price = firstNonEmptyString(input.price, orderReadback.limitPrice, orderReadback.price, orderReadback.orderPrice, orderReadback.origPrice);
+    const quantity = firstNonEmptyString(input.quantity, input.qty, orderReadback.orderQty, orderReadback.quantity, orderReadback.qty, orderReadback.origQty);
+    if (!price || !quantity) {
+        throw new ProductError({
+            code: "RCORE26007",
+            status: "BLOCKED",
+            message: "automation order.replace requires readable replacement price and quantity."
+        });
+    }
+    return multiplyDecimalStrings(validatePositiveDecimal(price, "price"), validatePositiveDecimal(quantity, "quantity"));
+}
+function symbolForAutomationInput(input) {
+    if (typeof input.symbol === "string" && input.symbol.length > 0) {
+        return canonicalSymbol(input.symbol);
+    }
+    const orderReadback = isRecord(input.orderReadback) ? input.orderReadback : undefined;
+    const readbackSymbol = orderReadback
+        ? firstNonEmptyString(orderReadback.sym, orderReadback.symbol, orderReadback.instrumentId, orderReadback.instrument)
+        : undefined;
+    return readbackSymbol ? canonicalSymbol(readbackSymbol) : undefined;
+}
+function requireSession(store, automationSessionId, now) {
+    const session = requireKnownSession(store, automationSessionId);
+    requireActiveSession(session, now);
+    return session;
+}
+function requireKnownSession(store, automationSessionId) {
+    const session = store.sessions.get(automationSessionId);
+    if (!session) {
+        throw new ProductError({
+            code: "RCORE26002",
+            status: "NOT_FOUND",
+            message: "automation session not found."
+        });
+    }
+    return session;
+}
+function requireActiveSession(session, now) {
+    if (session.status !== "ACTIVE") {
+        throw new ProductError({
+            code: "RCORE26002",
+            status: "BLOCKED",
+            message: "automation session is not active."
+        });
+    }
+    if (new Date(session.expiresAt).getTime() < now.getTime()) {
+        throw new ProductError({
+            code: "RCORE26002",
+            status: "BLOCKED",
+            message: "automation session has expired."
+        });
+    }
+}
+function validateExpiresInSeconds(value) {
+    if (!Number.isInteger(value) || value <= 0 || value > MAX_EXPIRES_IN_SECONDS) {
+        throw new ProductError({
+            code: "RCORE26000",
+            status: "INVALID_INPUT",
+            message: "expiresInSeconds must be an integer from 1 to 2592000."
+        });
+    }
+}
+function requireAutomationConsent(input, action) {
+    if (input.explicitUserConsent !== true) {
+        throw new ProductError({
+            code: "RCORE26000",
+            status: "BLOCKED",
+            message: `${action} requires explicitUserConsent=true.`
+        });
+    }
+    const acceptedRiskText = typeof input.acceptedRiskText === "string" ? input.acceptedRiskText.trim() : "";
+    if (!acceptedRiskText) {
+        throw new ProductError({
+            code: "RCORE26000",
+            status: "BLOCKED",
+            message: `${action} requires acceptedRiskText from the user's authorization.`
+        });
+    }
+    return acceptedRiskText;
+}
+function normalizeSymbols(symbols) {
+    if (!Array.isArray(symbols) || symbols.length === 0) {
+        throw new ProductError({ code: "RCORE26000", status: "INVALID_INPUT", message: "symbols must contain at least one symbol." });
+    }
+    return [...new Set(symbols.map((symbol) => canonicalSymbol(symbol)))];
+}
+function normalizeStringList(input, defaults, field) {
+    const values = input ?? [...defaults];
+    if (!Array.isArray(values) || values.length === 0 || values.some((value) => typeof value !== "string" || value.length === 0)) {
+        throw new ProductError({ code: "RCORE26000", status: "INVALID_INPUT", message: `${field} must contain at least one string.` });
+    }
+    return [...new Set(values)];
+}
+function canonicalSymbol(value) {
+    try {
+        return parseRapidXSymbol(value).canonicalSymbol;
+    }
+    catch {
+        return value;
+    }
+}
+function validatePositiveDecimal(value, field) {
+    if (!/^(?:0|[1-9]\d*)(?:\.\d+)?$/.test(value) || Number(value) <= 0) {
+        throw new ProductError({ code: "RCORE26000", status: "INVALID_INPUT", message: `${field} must be a positive decimal string.` });
+    }
+    return trimDecimal(value);
+}
+function compareDecimalStrings(left, right) {
+    const [leftWhole = "0", leftFraction = ""] = trimDecimal(left).split(".");
+    const [rightWhole = "0", rightFraction = ""] = trimDecimal(right).split(".");
+    if (leftWhole.length !== rightWhole.length) {
+        return leftWhole.length > rightWhole.length ? 1 : -1;
+    }
+    if (leftWhole !== rightWhole) {
+        return leftWhole > rightWhole ? 1 : -1;
+    }
+    const width = Math.max(leftFraction.length, rightFraction.length);
+    const paddedLeft = leftFraction.padEnd(width, "0");
+    const paddedRight = rightFraction.padEnd(width, "0");
+    if (paddedLeft === paddedRight) {
+        return 0;
+    }
+    return paddedLeft > paddedRight ? 1 : -1;
+}
+function addDecimalStrings(left, right) {
+    const leftParsed = parseDecimal(left);
+    const rightParsed = parseDecimal(right);
+    const scale = Math.max(leftParsed.scale, rightParsed.scale);
+    const sum = leftParsed.value * 10n ** BigInt(scale - leftParsed.scale)
+        + rightParsed.value * 10n ** BigInt(scale - rightParsed.scale);
+    return formatDecimal(sum, scale);
+}
+function multiplyDecimalStrings(left, right) {
+    const leftParsed = parseDecimal(left);
+    const rightParsed = parseDecimal(right);
+    const scale = leftParsed.scale + rightParsed.scale;
+    return formatDecimal(leftParsed.value * rightParsed.value, scale);
+}
+function parseDecimal(value) {
+    const [whole, fraction = ""] = trimDecimal(value).split(".");
+    return {
+        value: BigInt(`${whole}${fraction}`),
+        scale: fraction.length
+    };
+}
+function formatDecimal(value, scale) {
+    const raw = value.toString().padStart(scale + 1, "0");
+    if (scale === 0) {
+        return raw;
+    }
+    const whole = raw.slice(0, -scale);
+    const fraction = raw.slice(-scale).replace(/0+$/, "");
+    return fraction ? `${whole}.${fraction}` : whole;
+}
+function trimDecimal(value) {
+    return value.replace(/^0+(?=\d)/, "").replace(/(\.\d*?)0+$/, "$1").replace(/\.$/, "");
+}
+function firstNonEmptyString(...values) {
+    const value = values.find((candidate) => candidate !== undefined && candidate !== null && candidate !== "");
+    return value === undefined ? undefined : String(value);
+}
+function isRecord(value) {
+    return Boolean(value) && typeof value === "object" && !Array.isArray(value);
+}
+function isPromiseLike(value) {
+    if (!value || typeof value !== "object" || !("then" in value)) {
+        return false;
+    }
+    return typeof value.then === "function";
+}
+function isAutomationSession(value) {
+    if (!value || typeof value !== "object") {
+        return false;
+    }
+    const candidate = value;
+    return typeof candidate.automationSessionId === "string"
+        && (candidate.status === "ACTIVE" || candidate.status === "STOPPED")
+        && Array.isArray(candidate.symbols)
+        && typeof candidate.maxNotionalPerOrder === "string"
+        && typeof candidate.maxTotalNotional === "string"
+        && typeof candidate.usedNotional === "string"
+        && Array.isArray(candidate.allowedActions)
+        && Array.isArray(candidate.allowedOrderTypes)
+        && typeof candidate.createdAt === "string"
+        && typeof candidate.expiresAt === "string";
+}