hedgequantx 2.9.196 → 2.9.197

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hedgequantx",
-  "version": "2.9.196",
+  "version": "2.9.197",
   "description": "HedgeQuantX - Prop Futures Trading CLI",
   "main": "src/app.js",
   "bin": {

package/src/services/rithmic/handlers.js

@@ -5,6 +5,7 @@
 
 const { proto, decodeAccountPnL, decodeInstrumentPnL } = require('./protobuf');
 const { RES, STREAM } = require('./constants');
+const { sanitizeQuantity } = require('./protobuf-utils');
 
 // Debug mode - DISABLED to avoid polluting interactive UI
 // Use session logs instead for debugging
@@ -252,7 +253,10 @@ const handleInstrumentPnLUpdate = (service, data) => {
     const pos = decodeInstrumentPnL(data);
     if (pos.symbol && pos.accountId) {
       const key = `${pos.accountId}:${pos.symbol}:${pos.exchange}`;
-      const netQty = pos.netQuantity || pos.openPositionQuantity || ((pos.buyQty || 0) - (pos.sellQty || 0));
+      
+      // CRITICAL: Sanitize quantity to prevent overflow (18446744073709552000 bug)
+      const rawQty = pos.netQuantity || pos.openPositionQuantity || ((pos.buyQty || 0) - (pos.sellQty || 0));
+      const netQty = sanitizeQuantity(rawQty);
       
       if (netQty !== 0) {
         service.positions.set(key, {
@@ -270,10 +274,17 @@ const handleInstrumentPnLUpdate = (service, data) => {
         service.positions.delete(key);
       }
       
-      service.emit('positionUpdate', service.positions.get(key));
+      // Only emit if position exists (not deleted)
+      const currentPos = service.positions.get(key);
+      if (currentPos) {
+        service.emit('positionUpdate', currentPos);
+      }
     }
   } catch (e) {
-    // Ignore decode errors
+    // Log decode errors for debugging (but don't pollute UI)
+    if (process.env.HQX_DEBUG === '1') {
+      console.error('[Handler] Position decode error:', e.message);
+    }
   }
 };
 

package/src/services/rithmic/orders.js

@@ -1,17 +1,74 @@
 /**
  * Rithmic Orders Module
  * Order placement, cancellation, and history
+ * 
+ * @module services/rithmic/orders
  */
 
 const { REQ } = require('./constants');
+const { sanitizeQuantity, MAX_SAFE_QUANTITY } = require('./protobuf-utils');
 
 // Debug mode - DISABLED to avoid polluting interactive UI
 const DEBUG = false;
 
+// Order status constants
+const ORDER_STATUS = {
+  PENDING: 1,
+  WORKING: 2,
+  FILLED: 3,
+  PARTIAL: 4,
+  REJECTED: 5,
+  CANCELLED: 6,
+};
+
+// Order timeouts (ms)
+const ORDER_TIMEOUTS = {
+  PLACE: 5000,
+  CANCEL: 5000,
+  CANCEL_ALL: 3000,
+  EXIT_POSITION: 5000,
+  GET_ORDERS: 5000,
+  GET_HISTORY: 10000,
+};
+
+/**
+ * Validate order data before sending
+ * @param {Object} orderData - Order parameters
+ * @returns {{ valid: boolean, error?: string }}
+ */
+function validateOrderData(orderData) {
+  // Required fields
+  if (!orderData.accountId) return { valid: false, error: 'Missing accountId' };
+  if (!orderData.symbol) return { valid: false, error: 'Missing symbol' };
+  
+  // Validate quantity
+  const qty = sanitizeQuantity(orderData.size);
+  if (qty <= 0) return { valid: false, error: 'Invalid quantity: must be > 0' };
+  if (qty > MAX_SAFE_QUANTITY) return { valid: false, error: `Invalid quantity: exceeds max ${MAX_SAFE_QUANTITY}` };
+  
+  // Validate side (0 = Buy, 1 = Sell)
+  if (orderData.side !== 0 && orderData.side !== 1) {
+    return { valid: false, error: 'Invalid side: must be 0 (Buy) or 1 (Sell)' };
+  }
+  
+  // Validate order type (1 = Limit, 2 = Market, 3 = Stop Limit, 4 = Stop Market)
+  if (![1, 2, 3, 4].includes(orderData.type)) {
+    return { valid: false, error: 'Invalid order type' };
+  }
+  
+  // Limit orders require price
+  if (orderData.type === 1 && (!orderData.price || orderData.price <= 0)) {
+    return { valid: false, error: 'Limit order requires price > 0' };
+  }
+  
+  return { valid: true };
+}
+
 /**
  * Place order via ORDER_PLANT and wait for confirmation
  * @param {RithmicService} service - The Rithmic service instance
  * @param {Object} orderData - Order parameters
+ * @returns {Promise<{success: boolean, orderId?: string, error?: string}>}
  */
 const placeOrder = async (service, orderData) => {
   // Check connection state
@@ -27,13 +84,24 @@ const placeOrder = async (service, orderData) => {
     });
   }
   
-  if (!service.orderConn || !service.loginInfo) {
-    return { success: false, error: 'Not connected' };
+  // Connection validation
+  if (!service.orderConn) {
+    return { success: false, error: 'ORDER_PLANT not connected' };
+  }
+  
+  if (!service.loginInfo) {
+    return { success: false, error: 'Not logged in - missing loginInfo' };
   }
   
   if (connState !== 'LOGGED_IN') {
     return { success: false, error: `ORDER_PLANT not logged in (state: ${connState})` };
   }
+  
+  // Validate order data
+  const validation = validateOrderData(orderData);
+  if (!validation.valid) {
+    return { success: false, error: validation.error };
+  }
 
   // Generate unique user message for tracking
   const orderTag = `HQX-${Date.now()}`;
@@ -41,12 +109,16 @@ const placeOrder = async (service, orderData) => {
   return new Promise((resolve) => {
     const timeout = setTimeout(() => {
       service.removeListener('orderNotification', onNotification);
-      resolve({ success: false, error: 'Order timeout - no confirmation received' });
-    }, 5000);
+      resolve({ success: false, error: 'Order timeout - no confirmation received', orderTag });
+    }, ORDER_TIMEOUTS.PLACE);
 
     const onNotification = (order) => {
-      // Match by symbol and approximate timing
-      if (order.symbol === orderData.symbol) {
+      // CRITICAL FIX: Match by orderTag (userMsg) first, then symbol as fallback
+      // This prevents race conditions when multiple orders for same symbol
+      const orderMatches = (order.userMsg && order.userMsg.includes(orderTag)) || 
+                          order.symbol === orderData.symbol;
+      
+      if (orderMatches) {
         clearTimeout(timeout);
         service.removeListener('orderNotification', onNotification);
         
@@ -59,6 +131,7 @@ const placeOrder = async (service, orderData) => {
             status: order.status,
             fillPrice: order.avgFillPrice || orderData.price,
             filledQty: order.totalFillSize || orderData.size,
+            orderTag: orderTag,
           });
         } else if (order.status === 5 || order.status === 6) {
           // Status 5 = Rejected, 6 = Cancelled
@@ -66,6 +139,7 @@ const placeOrder = async (service, orderData) => {
             success: false,
             error: `Order rejected: status ${order.status}`,
             orderId: order.basketId,
+            orderTag: orderTag,
           });
         }
         // Keep listening for other statuses
@@ -112,7 +186,7 @@ const placeOrder = async (service, orderData) => {
         accountId: orderData.accountId,
         symbol: orderData.symbol,
         exchange: exchange,
-        quantity: orderData.size,
+        quantity: sanitizeQuantity(orderData.size),
         transactionType: orderData.side === 0 ? 1 : 2, // 1=Buy, 2=Sell
         duration: 1, // DAY
         priceType: orderData.type === 2 ? 2 : 1, // 2=Market, 1=Limit

package/src/services/rithmic/protobuf-utils.js

@@ -3,6 +3,11 @@
  * @module services/rithmic/protobuf-utils
  */
 
+// Constants for safe integer handling
+const MAX_SAFE_QUANTITY = 10000; // Max reasonable position/order quantity
+const MAX_UINT64 = BigInt('18446744073709551616'); // 2^64
+const MAX_INT64 = BigInt('9223372036854775807');   // 2^63 - 1
+
 /**
  * Read a varint from buffer
  * @param {Buffer} buffer - Input buffer
@@ -18,6 +23,13 @@ function readVarint(buffer, offset) {
     const byte = buffer[pos++];
     result |= BigInt(byte & 0x7f) << shift;
     if ((byte & 0x80) === 0) {
+      // Handle potential unsigned 64-bit to signed conversion
+      // Rithmic sends negative numbers as unsigned (e.g., -1 as 18446744073709551615)
+      if (result > MAX_INT64) {
+        // Convert unsigned to signed: subtract 2^64
+        const signedValue = result - MAX_UINT64;
+        return [Number(signedValue), pos];
+      }
       return [Number(result), pos];
     }
     shift += BigInt(7);
@@ -28,6 +40,41 @@ function readVarint(buffer, offset) {
   throw new Error('Incomplete varint');
 }
 
+/**
+ * Validate and sanitize a quantity value (positions, order sizes)
+ * Prevents overflow values and ensures reasonable bounds
+ * @param {number|string|BigInt} value - Raw quantity value
+ * @returns {number} Sanitized quantity (0 if invalid)
+ */
+function sanitizeQuantity(value) {
+  if (value === null || value === undefined) return 0;
+  
+  let num;
+  if (typeof value === 'bigint') {
+    // Handle BigInt overflow (negative values sent as unsigned)
+    if (value > MAX_INT64) {
+      num = Number(value - MAX_UINT64);
+    } else {
+      num = Number(value);
+    }
+  } else if (typeof value === 'string') {
+    num = parseInt(value, 10);
+  } else {
+    num = Number(value);
+  }
+  
+  // Validate the number
+  if (!Number.isFinite(num) || Number.isNaN(num)) return 0;
+  
+  // Check for overflow values (like 18446744073709552000)
+  if (Math.abs(num) > MAX_SAFE_QUANTITY) {
+    // This is likely an overflow - return 0 to be safe
+    return 0;
+  }
+  
+  return num;
+}
+
 /**
  * Read a length-delimited field (string/bytes)
  * @param {Buffer} buffer - Input buffer
@@ -68,4 +115,6 @@ module.exports = {
   readVarint,
   readLengthDelimited,
   skipField,
+  sanitizeQuantity,
+  MAX_SAFE_QUANTITY,
 };