horizon-code 0.1.0

package/assets/python/highlights.scm

@@ -0,0 +1,137 @@
+; Identifier naming conventions
+
+(identifier) @variable
+
+((identifier) @constructor
+ (#match? @constructor "^[A-Z]"))
+
+((identifier) @constant
+ (#match? @constant "^[A-Z][A-Z_]*$"))
+
+; Function calls
+
+(decorator) @function
+(decorator
+  (identifier) @function)
+
+(call
+  function: (attribute attribute: (identifier) @function.method))
+(call
+  function: (identifier) @function)
+
+; Builtin functions
+
+((call
+  function: (identifier) @function.builtin)
+ (#match?
+   @function.builtin
+   "^(abs|all|any|ascii|bin|bool|breakpoint|bytearray|bytes|callable|chr|classmethod|compile|complex|delattr|dict|dir|divmod|enumerate|eval|exec|filter|float|format|frozenset|getattr|globals|hasattr|hash|help|hex|id|input|int|isinstance|issubclass|iter|len|list|locals|map|max|memoryview|min|next|object|oct|open|ord|pow|print|property|range|repr|reversed|round|set|setattr|slice|sorted|staticmethod|str|sum|super|tuple|type|vars|zip|__import__)$"))
+
+; Function definitions
+
+(function_definition
+  name: (identifier) @function)
+
+(attribute attribute: (identifier) @property)
+(type (identifier) @type)
+
+; Literals
+
+[
+  (none)
+  (true)
+  (false)
+] @constant.builtin
+
+[
+  (integer)
+  (float)
+] @number
+
+(comment) @comment
+(string) @string
+(escape_sequence) @escape
+
+(interpolation
+  "{" @punctuation.special
+  "}" @punctuation.special) @embedded
+
+[
+  "-"
+  "-="
+  "!="
+  "*"
+  "**"
+  "**="
+  "*="
+  "/"
+  "//"
+  "//="
+  "/="
+  "&"
+  "&="
+  "%"
+  "%="
+  "^"
+  "^="
+  "+"
+  "->"
+  "+="
+  "<"
+  "<<"
+  "<<="
+  "<="
+  "<>"
+  "="
+  ":="
+  "=="
+  ">"
+  ">="
+  ">>"
+  ">>="
+  "|"
+  "|="
+  "~"
+  "@="
+  "and"
+  "in"
+  "is"
+  "not"
+  "or"
+  "is not"
+  "not in"
+] @operator
+
+[
+  "as"
+  "assert"
+  "async"
+  "await"
+  "break"
+  "class"
+  "continue"
+  "def"
+  "del"
+  "elif"
+  "else"
+  "except"
+  "exec"
+  "finally"
+  "for"
+  "from"
+  "global"
+  "if"
+  "import"
+  "lambda"
+  "nonlocal"
+  "pass"
+  "print"
+  "raise"
+  "return"
+  "try"
+  "while"
+  "with"
+  "yield"
+  "match"
+  "case"
+] @keyword

package/bin/horizon.js

@@ -0,0 +1,2 @@
+#!/usr/bin/env bun
+import "../src/index.ts";

package/package.json

@@ -0,0 +1,40 @@
+{
+  "name": "horizon-code",
+  "version": "0.1.0",
+  "description": "AI-powered trading strategy terminal for Polymarket",
+  "type": "module",
+  "bin": {
+    "horizon": "./bin/horizon.js"
+  },
+  "files": [
+    "src",
+    "bin",
+    "assets"
+  ],
+  "scripts": {
+    "start": "bun run src/index.ts",
+    "dev": "bun run --watch src/index.ts"
+  },
+  "keywords": ["polymarket", "trading", "ai", "terminal", "strategy", "horizon"],
+  "author": "Oppenheimer Labs",
+  "license": "UNLICENSED",
+  "devDependencies": {
+    "@types/bun": "latest"
+  },
+  "peerDependencies": {
+    "typescript": "^5"
+  },
+  "dependencies": {
+    "@ai-sdk/mcp": "^1.0.25",
+    "@ai-sdk/provider-utils": "^3.0.0",
+    "@modelcontextprotocol/sdk": "^1.27.1",
+    "@openrouter/ai-sdk-provider": "^2.2.3",
+    "@opentui/core": "^0.1.87",
+    "@supabase/supabase-js": "^2.99.1",
+    "ai": "^6.0.78",
+    "zod": "^4.3.6"
+  },
+  "engines": {
+    "bun": ">=1.0.0"
+  }
+}

package/src/ai/client.ts

@@ -0,0 +1,369 @@
+// AI client — all LLM calls go through the API server (OpenRouter key stays server-side)
+// Tools execute LOCALLY (Python sandbox, file ops, local APIs).
+// Architecture: TUI sends messages → server calls OpenRouter → streams SSE back
+// If LLM calls a tool → TUI executes it → sends result back → server continues
+
+import { z } from "zod";
+import { createMCPClient } from "@ai-sdk/mcp";
+import { getSystemPrompt } from "./system-prompt.ts";
+import { researchTools } from "../research/tools.ts";
+import { portfolioTools } from "../platform/tools.ts";
+import { strategyTools } from "../strategy/tools.ts";
+import { getAuthUrl, loadConfig } from "../platform/config.ts";
+import type { Mode } from "../components/mode-bar.ts";
+import type { ModelPower } from "../platform/tiers.ts";
+import { MODEL_IDS, PREMIUM_TOOLS, type PlanTier } from "../platform/tiers.ts";
+
+let mcpTools: Record<string, any> = {};
+let mcpClient: Awaited<ReturnType<typeof createMCPClient>> | null = null;
+
+export async function initMCP(): Promise<{ toolCount: number }> {
+  const command = process.env.HORIZON_MCP_COMMAND;
+  if (!command) return { toolCount: 0 };
+  const args = (process.env.HORIZON_MCP_ARGS ?? "mcp serve").split(" ");
+  try {
+    // Only pass safe env vars to MCP — no exchange keys, API secrets, or private keys
+    const mcpEnv: Record<string, string> = {};
+    const mcpAllow = ["PATH", "HOME", "LANG", "LC_ALL", "TERM", "PYTHONPATH", "VIRTUAL_ENV", "CONDA_PREFIX", "SHELL", "USER"];
+    for (const k of mcpAllow) { if (process.env[k]) mcpEnv[k] = process.env[k]!; }
+
+    mcpClient = await createMCPClient({
+      transport: { type: "stdio" as any, command, args, env: mcpEnv } as any,
+    });
+    mcpTools = await mcpClient.tools();
+    return { toolCount: Object.keys(mcpTools).length };
+  } catch { return { toolCount: 0 }; }
+}
+
+export async function closeMCP(): Promise<void> {
+  if (mcpClient) { await mcpClient.close(); mcpClient = null; }
+}
+
+interface ChatMessage { role: "user" | "assistant"; content: string; }
+
+export type ChatEvent =
+  | { type: "thinking" }
+  | { type: "text-delta"; textDelta: string }
+  | { type: "tool-call"; toolName: string; args: Record<string, unknown> }
+  | { type: "tool-result"; toolName: string; result: unknown }
+  | { type: "strategy-code"; code: string }
+  | { type: "usage"; inputTokens: number; outputTokens: number; weightedTokens: number; model: string }
+  | { type: "meta"; tier: string; model: string; effectivePower: string; budgetUsed: number; budgetTotal: number; overflowing: boolean }
+  | { type: "error"; message: string }
+  | { type: "finish" };
+
+// ── Structured output schema for strategy mode ──
+
+const strategySchema = z.object({
+  response: z.string().describe("Your response to the user in markdown"),
+  code: z.string().nullable().describe("Complete Python strategy code (imports + pipeline + hz.run), or null if no code change"),
+});
+
+// ── Partial JSON field extractor ──
+
+function extractJsonStringField(json: string, field: string): string | undefined {
+  const pattern = new RegExp(`"${field}"\\s*:\\s*"`);
+  const match = json.match(pattern);
+  if (!match || match.index === undefined) return undefined;
+
+  const start = match.index + match[0].length;
+  let result = "";
+  let i = start;
+
+  while (i < json.length) {
+    const ch = json[i]!;
+    if (ch === "\\") {
+      if (i + 1 >= json.length) break;
+      const next = json[i + 1]!;
+      switch (next) {
+        case "n": result += "\n"; break;
+        case "t": result += "\t"; break;
+        case "r": result += "\r"; break;
+        case '"': result += '"'; break;
+        case "\\": result += "\\"; break;
+        case "/": result += "/"; break;
+        case "u": {
+          if (i + 5 < json.length) {
+            const hex = json.slice(i + 2, i + 6);
+            const cp = parseInt(hex, 16);
+            if (!isNaN(cp)) result += String.fromCharCode(cp);
+            i += 4;
+          }
+          break;
+        }
+        default: result += next; break;
+      }
+      i += 2;
+    } else if (ch === '"') {
+      break;
+    } else {
+      result += ch;
+      i++;
+    }
+  }
+  return result;
+}
+
+function extractCodeField(json: string): string | null | undefined {
+  if (json.match(/"code"\s*:\s*null/)) return null;
+  return extractJsonStringField(json, "code");
+}
+
+// ── Build tools for a given mode ──
+
+function buildTools(mode: Mode): Record<string, any> {
+  // All tools available — server handles tier gating via model selection
+  return {
+    ...(mode === "research" ? researchTools : {}),
+    ...(mode === "strategy" ? { ...strategyTools, ...researchTools, deploy_strategy: portfolioTools.deploy_strategy, stop_strategy: portfolioTools.stop_strategy, list_strategies: portfolioTools.list_strategies, list_credentials: portfolioTools.list_credentials, add_credential: portfolioTools.add_credential } : {}),
+    ...(mode === "portfolio" ? portfolioTools : {}),
+    ...mcpTools,
+  };
+}
+
+// ── SSE stream consumer ──
+
+async function* consumeSSE(res: Response): AsyncGenerator<Record<string, any>> {
+  if (!res.body) return;
+  const reader = res.body.getReader();
+  const decoder = new TextDecoder();
+  let buf = "";
+
+  while (true) {
+    const { done, value } = await reader.read();
+    if (done) break;
+    buf += decoder.decode(value, { stream: true });
+
+    const lines = buf.split("\n");
+    buf = lines.pop() ?? "";
+
+    for (const line of lines) {
+      if (!line.startsWith("data: ")) continue;
+      const data = line.slice(6);
+      if (data === "[DONE]") return;
+      try { yield JSON.parse(data); } catch {}
+    }
+  }
+}
+
+// ── Convert tools to JSON-serializable format for the server ──
+
+import { zodSchema } from "@ai-sdk/provider-utils";
+
+function toolsToServerFormat(tools: Record<string, any>): Record<string, any> {
+  const result: Record<string, any> = {};
+  for (const [name, tool] of Object.entries(tools)) {
+    if (!tool) continue;
+    let params: any = { type: "object", properties: {} };
+    try {
+      if (tool.parameters) {
+        // Use AI SDK's zodSchema which correctly converts Zod v4 to JSON Schema
+        const converted = zodSchema(tool.parameters);
+        params = converted.jsonSchema ?? params;
+      }
+    } catch {}
+    result[name] = { description: tool.description ?? "", parameters: params };
+  }
+  return result;
+}
+
+// ── Server call — sends messages, receives SSE stream ──
+
+// Shared abort controller — cancel from outside to abort the current stream
+let currentAbort: AbortController | null = null;
+export function abortChat(): void { currentAbort?.abort(); }
+
+async function callServer(opts: {
+  messages: { role: string; content: string }[];
+  system: string;
+  modelPower: ModelPower;
+  tools: Record<string, any>;
+  responseFormat?: any;
+  signal?: AbortSignal;
+}): Promise<Response> {
+  const config = loadConfig();
+  if (!config.api_key) throw new Error("Not authenticated. Type /login.");
+
+  const res = await fetch(`${getAuthUrl()}/api/v1/chat`, {
+    method: "POST",
+    signal: opts.signal ?? AbortSignal.timeout(120000), // 2 min max
+    headers: { "Authorization": `Bearer ${config.api_key}`, "Content-Type": "application/json" },
+    body: JSON.stringify({
+      messages: opts.messages,
+      system: opts.system,
+      model_power: opts.modelPower,
+      tools: toolsToServerFormat(opts.tools),
+      response_format: opts.responseFormat,
+    }),
+  });
+
+  if (!res.ok) {
+    const err = await res.json().catch(() => ({ error: `Server error ${res.status}` })) as any;
+    throw new Error(err.message ?? err.error ?? `Error ${res.status}`);
+  }
+
+  return res;
+}
+
+// ── Main chat function ──
+
+export async function* chat(
+  messages: ChatMessage[],
+  mode: Mode = "research",
+  modelPower?: ModelPower,
+  verbosity: string = "normal",
+): AsyncGenerator<ChatEvent> {
+  const power = modelPower ?? "standard";
+  const config = loadConfig();
+  if (!config.api_key) {
+    yield { type: "error", message: "Not authenticated. Type /login." };
+    return;
+  }
+
+  const tools = buildTools(mode);
+  const system = getSystemPrompt(mode, verbosity);
+  const useStructuredOutput = mode === "strategy";
+
+  // Abort controller — allows cancellation from the UI
+  currentAbort = new AbortController();
+  const signal = currentAbort.signal;
+
+  // Build the conversation for the server
+  const serverMessages = messages.map((m) => ({ role: m.role, content: m.content }));
+
+  let step = 0;
+  const MAX_STEPS = 5;
+
+  while (step < MAX_STEPS) {
+    step++;
+
+    let res: Response;
+    try {
+      res = await callServer({
+        messages: serverMessages,
+        system,
+        modelPower: power,
+        tools,
+        responseFormat: useStructuredOutput ? { type: "json_schema", schema: { response: "string", code: "string|null" } } : undefined,
+        signal,
+      });
+    } catch (err: any) {
+      yield { type: "error", message: err.message };
+      return;
+    }
+
+    // Process SSE events
+    let hasToolCalls = false;
+    let jsonBuf = "";
+    let emittedResponseLen = 0;
+    let emittedCode: string | null = null;
+    let structuredActive = useStructuredOutput;
+    const pendingToolCalls: { toolName: string; args: Record<string, unknown> }[] = [];
+    let eventCount = 0;
+
+    for await (const event of consumeSSE(res)) {
+      eventCount++;
+      if (event.type === "meta") {
+        yield {
+          type: "meta", tier: event.tier ?? "", model: event.model ?? "",
+          effectivePower: event.effective_power ?? power,
+          budgetUsed: event.budget_used ?? 0, budgetTotal: event.budget_total ?? 0,
+          overflowing: event.overflowing ?? false,
+        };
+      } else if (event.type === "text-delta") {
+        const delta = event.text ?? event.textDelta ?? "";
+        if (!delta) continue;
+
+        if (structuredActive) {
+          jsonBuf += delta;
+
+          const trimmed = jsonBuf.trimStart();
+          if (trimmed.length > 3 && !trimmed.startsWith("{") && !trimmed.startsWith("[")) {
+            structuredActive = false;
+            yield { type: "text-delta", textDelta: jsonBuf };
+            jsonBuf = "";
+            continue;
+          }
+
+          const response = extractJsonStringField(jsonBuf, "response");
+          if (response && response.length > emittedResponseLen) {
+            yield { type: "text-delta", textDelta: response.slice(emittedResponseLen) };
+            emittedResponseLen = response.length;
+          }
+
+          const code = extractCodeField(jsonBuf);
+          if (code !== undefined && code !== emittedCode) {
+            if (code !== null) yield { type: "strategy-code", code };
+            emittedCode = code;
+          }
+        } else {
+          yield { type: "text-delta", textDelta: delta };
+        }
+      } else if (event.type === "tool-call") {
+        hasToolCalls = true;
+        const toolName = event.toolName ?? "";
+        const args = event.args ?? {};
+        pendingToolCalls.push({ toolName, args });
+        yield { type: "tool-call", toolName, args };
+      } else if (event.type === "usage") {
+        yield {
+          type: "usage",
+          inputTokens: event.input_tokens ?? 0,
+          outputTokens: event.output_tokens ?? 0,
+          weightedTokens: event.weighted_tokens ?? 0,
+          model: event.model ?? "",
+        };
+      } else if (event.type === "error") {
+        yield { type: "error", message: event.message ?? "Server error" };
+        return;
+      }
+    }
+
+    // If no tool calls, we're done
+    if (!hasToolCalls || pendingToolCalls.length === 0) {
+      if (eventCount === 0) {
+        yield { type: "error", message: "No response from server. Check your connection or try again." };
+      }
+      yield { type: "finish" };
+      return;
+    }
+
+    // Execute tools locally and build the assistant's "I called these tools" message
+    const assistantParts: string[] = [];
+    for (const tc of pendingToolCalls) {
+      const tool = tools[tc.toolName];
+      if (!tool) {
+        const errorResult = { error: `Unknown tool: ${tc.toolName}` };
+        yield { type: "tool-result", toolName: tc.toolName, result: errorResult };
+        assistantParts.push(`I called ${tc.toolName} but it was not found.`);
+        continue;
+      }
+
+      try {
+        const result = await tool.execute(tc.args, { toolCallId: `call-${Date.now()}`, messages: [] });
+        yield { type: "tool-result", toolName: tc.toolName, result };
+        const summary = typeof result === "object" ? JSON.stringify(result).slice(0, 2000) : String(result);
+        assistantParts.push(`I called ${tc.toolName}(${JSON.stringify(tc.args).slice(0, 100)}) and got:\n${summary}`);
+      } catch (err: any) {
+        const errorResult = { error: err.message ?? String(err) };
+        yield { type: "tool-result", toolName: tc.toolName, result: errorResult };
+        assistantParts.push(`I called ${tc.toolName} but it failed: ${err.message}`);
+      }
+    }
+
+    // Add as assistant message — the LLM sees it already ran the tools
+    serverMessages.push({ role: "assistant", content: assistantParts.join("\n\n") });
+    // Prompt the LLM to continue with its response based on the tool results
+    serverMessages.push({ role: "user", content: "Now respond to the user based on the tool results above. Do NOT call the same tools again." });
+
+    // Reset structured output state for next turn
+    if (structuredActive) {
+      jsonBuf = "";
+      emittedResponseLen = 0;
+    }
+
+    // Loop back — server will call OpenRouter again with the full conversation including tool results
+  }
+
+  yield { type: "finish" };
+}

package/src/ai/system-prompt.ts

@@ -0,0 +1,86 @@
+import type { Mode } from "../components/mode-bar.ts";
+import { buildGeneratePrompt } from "../strategy/prompts.ts";
+
+const BASE = `You are Horizon, an AI trading research assistant running in a CLI terminal.
+
+Rules:
+- Concise and direct. You're a terminal, not a chatbot.
+- Tool results render as rich CLI widgets automatically — do NOT reformat the data as tables. Just add 1-2 sentences of insight after the widget.
+- NEVER suggest switching modes.
+- Format: $102,450 not 102450.
+- NEVER answer questions about markets, events, prices, or predictions from memory. ALWAYS call tools to get real-time data. Your training data is stale — the tools have live data.`;
+
+const MODE_PROMPTS: Record<Mode, string> = {
+  research: `${BASE}
+
+## Mode: Research
+
+You have 13 research tools that fetch LIVE data from Polymarket, Kalshi, and the web. Use them.
+
+### CRITICAL RULE
+When the user mentions ANY topic, event, market, or asks about what's happening — ALWAYS call a tool to search for real data. Never answer from your training data alone. Prediction markets change by the minute.
+
+- "What's happening with Iran?" → polymarketEvents("iran")
+- "Show me crypto markets" → polymarketEvents("crypto")
+- "Tell me about the fed rate market" → polymarketEvents("fed rate"), then polymarketEventDetail with the slug
+- "What's the sentiment on bitcoin?" → newsSentiment with the slug from a prior search
+- "How much should I bet?" → evCalculator with the slug, side, and edge
+
+### Available Tools
+
+**Search & discover:**
+- polymarketEvents(query, limit) — search Polymarket by topic. ALWAYS call this first when the user asks about any topic.
+- kalshiEvents(query) — search Kalshi markets
+- webSearch(query) — search the internet for news, facts, context
+- calaKnowledge(query) — deep research on companies, people, industries
+
+**Analyze a specific market (requires a slug from polymarketEvents):**
+- polymarketEventDetail(slug) — full details, sub-markets, price history, spreads
+- polymarketPriceHistory(slug, interval) — price chart (1h/6h/1d/1w/1m/max)
+- polymarketOrderBook(slug) — bid/ask depth
+- whaleTracker(slug) — large trades, smart money flow
+- newsSentiment(slug) — news sentiment score + articles
+- historicalVolatility(slug, interval) — realized vol, regime detection
+
+**Quantitative analysis:**
+- evCalculator(slug, side, estimatedEdge, bankroll) — expected value + Kelly sizing
+- probabilityCalculator(slugA, slugB) — joint/conditional probability
+- compareMarkets(topic) — cross-platform price comparison (Polymarket vs Kalshi)
+
+### Tool Chaining
+When the user refers to a market from a previous result, reuse the SLUG from that result. Don't call polymarketEvents again — go straight to the detail tool. Look at conversation history for slugs.
+
+Use your intelligence to understand what the user wants. If they say "dig deeper into the first one" — that means polymarketEventDetail with the first slug. If they say "what do whales think" — that means whaleTracker. You're smart enough to figure this out without a flowchart.`,
+
+  strategy: "", // dynamically generated
+
+  portfolio: `${BASE}
+
+## Mode: Portfolio Management
+
+You have these tools to access the user's REAL account data. Always call tools — never guess.
+
+- **list_strategies** — all strategies with status. Call this first.
+- **get_strategy(strategy_id)** — full detail (code, params, risk config)
+- **list_deployments(strategy_id)** — all deployments (active, stopped, errored)
+- **get_metrics(strategy_id)** — live P&L, positions, orders, win rate, drawdown
+- **get_logs(strategy_id)** — recent stdout/stderr from running bot
+- **deploy_strategy(strategy_id, credential_id, dry_run)** — deploy (paper or live)
+- **stop_strategy(strategy_id)** — stop active deployment
+- **validate_code(code)** — validate strategy code
+
+When the user asks about their portfolio, strategies, or deployments — call the tools immediately. The data is real and live. Format P&L, exposure, and drawdown clearly. Flag high drawdown or errors.`,
+};
+
+const VERBOSITY_PREFIX: Record<string, string> = {
+  short: "\n\nIMPORTANT: Be extremely terse. Maximum 1-2 sentences per response. No elaboration unless asked. Bullet points over paragraphs.",
+  normal: "",
+  verbose: "\n\nBe thorough and detailed. Explain your reasoning, provide context, and be comprehensive. Use examples when helpful.",
+};
+
+export function getSystemPrompt(mode: Mode, verbosity: string = "normal"): string {
+  // Strategy mode has its own verbosity rules — don't override
+  if (mode === "strategy") return buildGeneratePrompt();
+  const prefix = VERBOSITY_PREFIX[verbosity] ?? "";
+  return MODE_PROMPTS[mode] + prefix;
+}