@usherlabs/cex-broker 0.2.8 → 0.2.10

package/dist/commands/cli.js

@@ -313495,16 +313495,18 @@ if (process.env.LOG_LEVEL !== "debug") {
 var log = baseLogger;
 
 // src/helpers/index.ts
-class WithdrawRoutingError extends Error {
-}
-
-class WithdrawRoutingUnavailableError extends WithdrawRoutingError {
-}
-function isMasterBrokerAccount(account) {
-  return account.label === "primary" || account.role === "master";
+class BrokerAccountPreconditionError extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "BrokerAccountPreconditionError";
+  }
 }
-function isSubaccountBrokerAccount(account) {
-  return !isMasterBrokerAccount(account);
+function requireDestinationEmail(dest, transferType) {
+  const email = dest.email?.trim();
+  if (!email) {
+    throw new BrokerAccountPreconditionError(`Destination account '${dest.label}' requires an email configured for ${transferType} transfers`);
+  }
+  return email;
 }
 function authenticateRequest(call, whitelistIps) {
   const clientIp = call.getPeer().split(":")[0];
@@ -313683,7 +313685,13 @@ function loadPolicy(policyPath) {
     const withdrawRuleEntrySchema = import_joi.default.object({
       exchange: import_joi.default.string().required(),
       network: import_joi.default.string().required(),
-      whitelist: import_joi.default.array().items(import_joi.default.string()).required()
+      whitelist: import_joi.default.array().items(import_joi.default.string()).required(),
+      coins: import_joi.default.array().items(import_joi.default.string()).optional()
+    });
+    const depositRuleEntrySchema = import_joi.default.object({
+      exchange: import_joi.default.string().required(),
+      network: import_joi.default.string().required(),
+      coins: import_joi.default.array().items(import_joi.default.string()).optional()
     });
     const orderRuleSchema = import_joi.default.object({
       markets: import_joi.default.array().items(import_joi.default.string()).required(),
@@ -313698,7 +313706,9 @@ function loadPolicy(policyPath) {
       withdraw: import_joi.default.object({
         rule: import_joi.default.array().items(withdrawRuleEntrySchema).min(1).required()
       }).required(),
-      deposit: import_joi.default.object().pattern(import_joi.default.string(), import_joi.default.valid(null)).required(),
+      deposit: import_joi.default.object({
+        rule: import_joi.default.array().items(depositRuleEntrySchema).optional()
+      }).required(),
       order: import_joi.default.object({
         rule: orderRuleSchema.required()
       }).required()
@@ -313722,9 +313732,25 @@ function normalizePolicyConfig(policy) {
         ...rule,
         exchange: rule.exchange.trim().toUpperCase(),
         network: rule.network.trim().toUpperCase(),
-        whitelist: rule.whitelist.map((address) => address.trim().toLowerCase())
+        whitelist: rule.whitelist.map((address) => address.trim().toLowerCase()),
+        ...rule.coins && {
+          coins: rule.coins.map((c) => c.trim().toUpperCase())
+        }
       }))
     },
+    deposit: {
+      ...policy.deposit,
+      ...policy.deposit.rule && {
+        rule: policy.deposit.rule.map((rule) => ({
+          ...rule,
+          exchange: rule.exchange.trim().toUpperCase(),
+          network: rule.network.trim().toUpperCase(),
+          ...rule.coins && {
+            coins: rule.coins.map((c) => c.trim().toUpperCase())
+          }
+        }))
+      }
+    },
     order: {
       ...policy.order,
       rule: {
@@ -313751,7 +313777,24 @@ function getWithdrawRulePriority(rule, exchange, network) {
   }
   return 1;
 }
-function validateWithdraw(policy, exchange, network, recipientAddress, _amount, _ticker) {
+function getDepositRulePriority(rule, exchange, network) {
+  const exchangeMatch = rule.exchange === exchange || rule.exchange === "*";
+  const networkMatch = rule.network === network || rule.network === "*";
+  if (!exchangeMatch || !networkMatch) {
+    return 0;
+  }
+  if (rule.exchange === exchange && rule.network === network) {
+    return 4;
+  }
+  if (rule.exchange === exchange && rule.network === "*") {
+    return 3;
+  }
+  if (rule.exchange === "*" && rule.network === network) {
+    return 2;
+  }
+  return 1;
+}
+function validateWithdraw(policy, exchange, network, recipientAddress, _amount, ticker) {
   const normalizedPolicy = normalizePolicyConfig(policy);
   const exchangeNorm = exchange.trim().toUpperCase();
   const networkNorm = network.trim().toUpperCase();
@@ -313773,83 +313816,62 @@ function validateWithdraw(policy, exchange, network, recipientAddress, _amount,
       error: `Address ${recipientAddress} is not whitelisted for withdrawals`
     };
   }
-  return { valid: true };
-}
-function normalizeAccountSelector(selector2, metadata, defaultSelector) {
-  const raw = selector2?.trim().toLowerCase() ?? defaultSelector;
-  if (raw === "current") {
-    return getCurrentBrokerSelector(metadata);
-  }
-  if (raw === "primary") {
-    return "primary";
-  }
-  const secondaryMatch = raw.match(/^secondary:(\d+)$/);
-  if (secondaryMatch) {
-    return `secondary:${secondaryMatch[1]}`;
+  const coins = withdrawRule.coins;
+  if (coins && coins.length > 0 && !coins.includes("*")) {
+    const tickerNorm = ticker.trim().toUpperCase();
+    if (!coins.includes(tickerNorm)) {
+      return {
+        valid: false,
+        error: `Token ${tickerNorm} is not allowed for withdrawals on ${exchangeNorm}:${networkNorm}. Allowed: [${coins.join(", ")}]`
+      };
+    }
   }
-  throw new WithdrawRoutingError(`Invalid account selector "${selector2}"`);
+  return { valid: true };
 }
-async function transferBinanceSubAccountToMaster(source, code, amount) {
+async function transferBinanceInternal(source, dest, code, amount) {
   const exchange = source.exchange;
-  if (typeof exchange.sapiPostSubAccountTransferSubToMaster !== "function") {
-    throw new WithdrawRoutingUnavailableError("Binance sub-account to master transfer is unavailable in this CCXT build");
-  }
   await source.exchange.loadMarkets();
   const currency = source.exchange.currency(code);
-  return await exchange.sapiPostSubAccountTransferSubToMaster({
-    asset: currency.id,
-    amount: source.exchange.currencyToPrecision(code, amount)
-  });
-}
-async function executeWithdrawWithRouting(args) {
-  const {
-    cex: cex3,
-    brokers,
-    metadata,
-    selectedBroker,
-    code,
-    amount,
-    recipientAddress,
-    network,
-    params,
-    routeViaMaster,
-    sourceAccount,
-    masterAccount
-  } = args;
-  const withdrawParams = {
-    ...params ?? {},
-    network
-  };
-  if (!routeViaMaster) {
-    return await selectedBroker.withdraw(code, amount, recipientAddress, undefined, withdrawParams);
-  }
-  const sourceSelector = normalizeAccountSelector(sourceAccount, metadata, "current");
-  const masterSelector = normalizeAccountSelector(masterAccount, metadata, "primary");
-  if (!brokers) {
-    throw new WithdrawRoutingUnavailableError("Routed withdraw requires configured broker accounts");
-  }
-  const source = resolveBrokerAccount(brokers, sourceSelector);
-  if (!source) {
-    throw new WithdrawRoutingError(`Source account ${sourceSelector} is not configured`);
-  }
-  const master = resolveBrokerAccount(brokers, masterSelector);
-  if (!master) {
-    throw new WithdrawRoutingError(`Master account ${masterSelector} is not configured`);
-  }
-  if (!isMasterBrokerAccount(master)) {
-    throw new WithdrawRoutingError(`Master account ${masterSelector} must resolve to the primary/master account`);
-  }
-  if (source.label === master.label) {
-    return await master.exchange.withdraw(code, amount, recipientAddress, undefined, withdrawParams);
+  const asset = currency.id;
+  const amountStr = source.exchange.currencyToPrecision(code, amount);
+  const isSourceSecondary = source.label.startsWith("secondary:");
+  const isDestPrimary = dest.label === "primary";
+  const isDestSecondary = dest.label.startsWith("secondary:");
+  const isSourcePrimary = source.label === "primary";
+  if (isSourceSecondary && isDestPrimary) {
+    if (typeof exchange.sapiPostSubAccountTransferSubToMaster !== "function") {
+      throw new Error("Binance sub→master transfer is unavailable in this CCXT build");
+    }
+    return await exchange.sapiPostSubAccountTransferSubToMaster({
+      asset,
+      amount: amountStr
+    });
   }
-  if (!isSubaccountBrokerAccount(source)) {
-    throw new WithdrawRoutingError(`Source account ${sourceSelector} must resolve to a subaccount when routeViaMaster is enabled`);
+  if (isSourceSecondary && isDestSecondary) {
+    if (typeof exchange.sapiPostSubAccountTransferSubToSub !== "function") {
+      throw new Error("Binance sub→sub transfer is unavailable in this CCXT build");
+    }
+    const destEmail = requireDestinationEmail(dest, "sub-to-sub");
+    return await exchange.sapiPostSubAccountTransferSubToSub({
+      toEmail: destEmail,
+      asset,
+      amount: amountStr
+    });
   }
-  if (cex3.trim().toLowerCase() !== "binance") {
-    throw new WithdrawRoutingUnavailableError(`Withdraw routing via master is not supported for ${cex3}`);
+  if (isSourcePrimary && isDestSecondary) {
+    if (typeof exchange.sapiPostSubAccountUniversalTransfer !== "function") {
+      throw new Error("Binance universal transfer is unavailable in this CCXT build");
+    }
+    const destEmail = requireDestinationEmail(dest, "primary-to-sub");
+    return await exchange.sapiPostSubAccountUniversalTransfer({
+      fromAccountType: "SPOT",
+      toAccountType: "SPOT",
+      toEmail: destEmail,
+      asset,
+      amount: amountStr
+    });
   }
-  await transferBinanceSubAccountToMaster(source, code, amount);
-  return await master.exchange.withdraw(code, amount, recipientAddress, undefined, withdrawParams);
+  throw new Error(`Unsupported transfer direction: ${source.label} → ${dest.label}`);
 }
 function isMarketPatternMatch(pattern, broker, fromToken, toToken) {
   const normalizedPattern = pattern.toUpperCase().trim();
@@ -313970,6 +313992,35 @@ async function resolveOrderExecution(policy, broker, cex3, fromToken, toToken, a
     matchedPatterns
   };
 }
+function validateDeposit(policy, exchange, network, ticker) {
+  const normalizedPolicy = normalizePolicyConfig(policy);
+  if (!normalizedPolicy.deposit.rule || normalizedPolicy.deposit.rule.length === 0) {
+    return { valid: true };
+  }
+  const exchangeNorm = exchange.trim().toUpperCase();
+  const networkNorm = network.trim().toUpperCase();
+  const tickerNorm = ticker.trim().toUpperCase();
+  const matchingRules = normalizedPolicy.deposit.rule.map((rule) => ({
+    rule,
+    priority: getDepositRulePriority(rule, exchangeNorm, networkNorm)
+  })).filter((r) => r.priority > 0).sort((a, b2) => b2.priority - a.priority);
+  const depositRule = matchingRules[0]?.rule;
+  if (!depositRule) {
+    return {
+      valid: false,
+      error: `Deposits not allowed for ${exchangeNorm}:${networkNorm}`
+    };
+  }
+  if (depositRule.coins && depositRule.coins.length > 0 && !depositRule.coins.includes("*")) {
+    if (!depositRule.coins.includes(tickerNorm)) {
+      return {
+        valid: false,
+        error: `Token ${tickerNorm} not allowed for deposit on ${exchangeNorm}:${networkNorm}. Allowed: [${depositRule.coins.join(", ")}]`
+      };
+    }
+  }
+  return { valid: true };
+}
 
 // src/helpers/otel.ts
 var import_api_logs2 = __toESM(require_src7(), 1);
@@ -314303,7 +314354,8 @@ var Action = {
   FetchCurrency: 9,
   Call: 10,
   FetchAccountId: 11,
-  FetchFees: 12
+  FetchFees: 12,
+  InternalTransfer: 13
 };
 
 // src/proto/cex_broker/SubscriptionType.ts
@@ -314434,7 +314486,8 @@ var descriptor = {
             FetchCurrency: 9,
             Call: 10,
             FetchAccountId: 11,
-            FetchFees: 12
+            FetchFees: 12,
+            InternalTransfer: 13
           }
         }
       }
@@ -328020,11 +328073,13 @@ var WithdrawPayloadSchema = exports_external.object({
   recipientAddress: exports_external.string().min(1),
   amount: exports_external.coerce.number().positive(),
   chain: exports_external.string().min(1),
-  routeViaMaster: booleanLikeSchema.optional().default(false),
-  sourceAccount: exports_external.string().min(1).optional(),
-  masterAccount: exports_external.string().min(1).optional(),
   params: exports_external.preprocess(parseJsonString, stringNumberRecordSchema).default({})
 });
+var InternalTransferPayloadSchema = exports_external.object({
+  amount: exports_external.coerce.number().positive(),
+  fromAccount: exports_external.string().min(1).optional(),
+  toAccount: exports_external.string().min(1).optional()
+});
 var CreateOrderPayloadSchema = exports_external.object({
   orderType: exports_external.enum(["market", "limit"]).default("limit"),
   amount: exports_external.coerce.number().positive(),
@@ -328072,6 +328127,31 @@ function safeLogError(context2, error48) {
     console.error(context2, error48);
   }
 }
+function mapCcxtErrorToGrpcStatus(error48) {
+  if (error48 instanceof ccxt_default.AuthenticationError)
+    return grpc.status.UNAUTHENTICATED;
+  if (error48 instanceof ccxt_default.PermissionDenied)
+    return grpc.status.PERMISSION_DENIED;
+  if (error48 instanceof ccxt_default.InsufficientFunds)
+    return grpc.status.FAILED_PRECONDITION;
+  if (error48 instanceof ccxt_default.InvalidAddress)
+    return grpc.status.INVALID_ARGUMENT;
+  if (error48 instanceof ccxt_default.BadSymbol)
+    return grpc.status.NOT_FOUND;
+  if (error48 instanceof ccxt_default.BadRequest)
+    return grpc.status.INVALID_ARGUMENT;
+  if (error48 instanceof ccxt_default.NotSupported)
+    return grpc.status.UNIMPLEMENTED;
+  if (error48 instanceof ccxt_default.RateLimitExceeded)
+    return grpc.status.RESOURCE_EXHAUSTED;
+  if (error48 instanceof ccxt_default.OnMaintenance)
+    return grpc.status.UNAVAILABLE;
+  if (error48 instanceof ccxt_default.ExchangeNotAvailable)
+    return grpc.status.UNAVAILABLE;
+  if (error48 instanceof ccxt_default.NetworkError)
+    return grpc.status.UNAVAILABLE;
+  return;
+}
 function getServer(policy, brokers, whitelistIps, useVerity, verityProverUrl, otelMetrics) {
   const server = new grpc.Server;
   server.addService(cexNode.cex_service.service, {
@@ -328127,7 +328207,8 @@ function getServer(policy, brokers, whitelistIps, useVerity, verityProverUrl, ot
             message: "`action` AND `cex` fields are required"
           }, null);
         }
-        const broker = selectBroker(brokers[cex3], metadata) ?? createBroker(cex3, metadata);
+        const normalizedCex = cex3.trim().toLowerCase();
+        const broker = selectBroker(brokers[normalizedCex], metadata) ?? createBroker(normalizedCex, metadata);
         if (!broker) {
           return wrappedCallback({
             code: grpc.status.UNAUTHENTICATED,
@@ -328405,6 +328486,13 @@ function getServer(policy, brokers, whitelistIps, useVerity, verityProverUrl, ot
               }, null);
             }
             const fetchDepositAddresses = parsedPayload.data;
+            const depositValidation = validateDeposit(policy, cex3, fetchDepositAddresses.chain, symbol2);
+            if (!depositValidation.valid) {
+              return wrappedCallback({
+                code: grpc.status.PERMISSION_DENIED,
+                message: depositValidation.error
+              }, null);
+            }
             try {
               const depositAddresses = broker.has.fetchDepositAddress === true ? [
                 await broker.fetchDepositAddress(symbol2, {
@@ -328458,39 +328546,10 @@ function getServer(policy, brokers, whitelistIps, useVerity, verityProverUrl, ot
               }, null);
             }
             try {
-              let transaction;
-              try {
-                transaction = await executeWithdrawWithRouting({
-                  cex: cex3,
-                  brokers: brokers[cex3],
-                  metadata,
-                  selectedBroker: broker,
-                  code: symbol2,
-                  amount: transferValue.amount,
-                  recipientAddress: transferValue.recipientAddress,
-                  network: transferValue.chain,
-                  params: transferValue.params,
-                  routeViaMaster: transferValue.routeViaMaster,
-                  sourceAccount: transferValue.sourceAccount,
-                  masterAccount: transferValue.masterAccount
-                });
-              } catch (error48) {
-                if (error48 instanceof WithdrawRoutingUnavailableError) {
-                  log.warn("Withdraw routing unavailable, falling back", {
-                    cex: cex3,
-                    error: error48.message
-                  });
-                  if (transferValue.routeViaMaster) {
-                    throw error48;
-                  }
-                  transaction = await broker.withdraw(symbol2, transferValue.amount, transferValue.recipientAddress, undefined, {
-                    ...transferValue.params ?? {},
-                    network: transferValue.chain
-                  });
-                } else {
-                  throw error48;
-                }
-              }
+              const transaction = await broker.withdraw(symbol2, transferValue.amount, transferValue.recipientAddress, undefined, {
+                ...transferValue.params ?? {},
+                network: transferValue.chain
+              });
               log.info(`Withdraw Result: ${JSON.stringify(transaction)}`);
               wrappedCallback(null, {
                 proof: verityProof,
@@ -328498,10 +328557,10 @@ function getServer(policy, brokers, whitelistIps, useVerity, verityProverUrl, ot
               });
             } catch (error48) {
               safeLogError("Withdraw failed", error48);
-              const message = error48 instanceof WithdrawRoutingError ? error48.message : getErrorMessage(error48);
+              const code = mapCcxtErrorToGrpcStatus(error48) ?? grpc.status.INTERNAL;
               wrappedCallback({
-                code: error48 instanceof WithdrawRoutingError ? grpc.status.INVALID_ARGUMENT : grpc.status.INTERNAL,
-                message: `Withdraw failed: ${message}`
+                code,
+                message: `Withdraw failed: ${getErrorMessage(error48)}`
               }, null);
             }
             break;
@@ -328674,6 +328733,86 @@ function getServer(policy, brokers, whitelistIps, useVerity, verityProverUrl, ot
               }, null);
             }
             break;
+          case Action.InternalTransfer: {
+            if (!symbol2) {
+              return wrappedCallback({
+                code: grpc.status.INVALID_ARGUMENT,
+                message: `ValidationError: Symbol required`
+              }, null);
+            }
+            const parsedPayload = parsePayload(InternalTransferPayloadSchema, call.request.payload);
+            if (!parsedPayload.success) {
+              return wrappedCallback({
+                code: grpc.status.INVALID_ARGUMENT,
+                message: parsedPayload.message
+              }, null);
+            }
+            const transferPayload = parsedPayload.data;
+            if (normalizedCex !== "binance") {
+              return wrappedCallback({
+                code: grpc.status.UNIMPLEMENTED,
+                message: `InternalTransfer is only supported for Binance`
+              }, null);
+            }
+            const pool = brokers[normalizedCex];
+            if (!pool) {
+              return wrappedCallback({
+                code: grpc.status.FAILED_PRECONDITION,
+                message: `No broker accounts configured for ${normalizedCex}`
+              }, null);
+            }
+            const fromSelector = transferPayload.fromAccount ?? getCurrentBrokerSelector(metadata);
+            const toSelector = transferPayload.toAccount ?? "primary";
+            const sourceAccount = resolveBrokerAccount(pool, fromSelector);
+            if (!sourceAccount) {
+              return wrappedCallback({
+                code: grpc.status.INVALID_ARGUMENT,
+                message: `Source account "${fromSelector}" is not configured`
+              }, null);
+            }
+            const destAccount = resolveBrokerAccount(pool, toSelector);
+            if (!destAccount) {
+              return wrappedCallback({
+                code: grpc.status.INVALID_ARGUMENT,
+                message: `Destination account "${toSelector}" is not configured`
+              }, null);
+            }
+            try {
+              if (useVerity) {
+                sourceAccount.exchange.setHttpClientOverride(buildHttpClientOverrideFromMetadata(metadata, verityProverUrl, (proof, notaryPubKey) => {
+                  verityProof = proof;
+                  log.debug(`Verity proof:`, { proof, notaryPubKey });
+                }), verityHttpClientOverridePredicate);
+              }
+              const result = await transferBinanceInternal(sourceAccount, destAccount, symbol2, transferPayload.amount);
+              wrappedCallback(null, {
+                proof: verityProof,
+                result: JSON.stringify(result)
+              });
+            } catch (error48) {
+              safeLogError("InternalTransfer failed", error48);
+              if (error48 instanceof BrokerAccountPreconditionError) {
+                return wrappedCallback({
+                  code: grpc.status.FAILED_PRECONDITION,
+                  message: getErrorMessage(error48)
+                }, null);
+              }
+              const msg = getErrorMessage(error48);
+              let code;
+              if (msg.includes("Unsupported transfer direction")) {
+                code = grpc.status.INVALID_ARGUMENT;
+              } else if (msg.includes("unavailable in this CCXT build")) {
+                code = grpc.status.UNIMPLEMENTED;
+              } else {
+                code = mapCcxtErrorToGrpcStatus(error48) ?? grpc.status.INTERNAL;
+              }
+              wrappedCallback({
+                code,
+                message: `InternalTransfer failed: ${msg}`
+              }, null);
+            }
+            break;
+          }
           default:
             return wrappedCallback({
               code: grpc.status.INVALID_ARGUMENT,

package/dist/helpers/index.d.ts

@@ -14,9 +14,8 @@ export type BrokerPoolEntry = {
     primary: BrokerAccount;
     secondaryBrokers: BrokerAccount[];
 };
-export declare class WithdrawRoutingError extends Error {
-}
-export declare class WithdrawRoutingUnavailableError extends WithdrawRoutingError {
+export declare class BrokerAccountPreconditionError extends Error {
+    constructor(message: string);
 }
 export declare function authenticateRequest<T, E>(call: ServerUnaryCall<T, E>, whitelistIps: string[]): boolean;
 export declare function createVerityHttpClientOverride(verityProverUrl: string, onProofCallback: (proof: string, notaryPubKey?: string) => void): (redact: string, proofTimeout: number) => HttpClientOverride;
@@ -43,24 +42,15 @@ export declare function selectBrokerAccount(brokers: BrokerPoolEntry | undefined
  */
 export declare function loadPolicy(policyPath: string): PolicyConfig;
 export declare function normalizePolicyConfig(policy: PolicyConfig): PolicyConfig;
-export declare function validateWithdraw(policy: PolicyConfig, exchange: string, network: string, recipientAddress: string, _amount: number, _ticker: string): {
+export declare function validateWithdraw(policy: PolicyConfig, exchange: string, network: string, recipientAddress: string, _amount: number, ticker: string): {
     valid: boolean;
     error?: string;
 };
-export declare function executeWithdrawWithRouting(args: {
-    cex: string;
-    brokers: BrokerPoolEntry | undefined;
-    metadata: Metadata;
-    selectedBroker: Exchange;
-    code: string;
-    amount: number;
-    recipientAddress: string;
-    network: string;
-    params?: Record<string, string | number>;
-    routeViaMaster?: boolean;
-    sourceAccount?: string;
-    masterAccount?: string;
-}): Promise<import("@usherlabs/ccxt").Transaction>;
+/**
+ * Routes an internal transfer to the correct Binance SAPI endpoint
+ * based on source and destination account types.
+ */
+export declare function transferBinanceInternal(source: BrokerAccount, dest: BrokerAccount, code: string, amount: number): Promise<unknown>;
 /**
  * Validates order request against policy rules
  */
@@ -78,10 +68,7 @@ type OrderExecutionResolution = {
     matchedPatterns?: string[];
 };
 export declare function resolveOrderExecution(policy: PolicyConfig, broker: Exchange, cex: string, fromToken: string, toToken: string, amount: number, price: number): Promise<OrderExecutionResolution>;
-/**
- * Validates deposit request (currently empty but can be extended)
- */
-export declare function validateDeposit(_policy: PolicyConfig, _chain: string, _amount: number): {
+export declare function validateDeposit(policy: PolicyConfig, exchange: string, network: string, ticker: string): {
     valid: boolean;
     error?: string;
 };