pmquant 0.4.3__tar.gz → 0.4.4__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pmquant-0.4.4/.githooks/pre-push +10 -0
- pmquant-0.4.4/.github/workflows/codeql.yml +21 -0
- pmquant-0.4.4/.github/workflows/mcp-publish.yml +35 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/.github/workflows/publish.yml +3 -0
- pmquant-0.4.3/.hypothesis/constants/1720e64af9235558 → pmquant-0.4.4/.hypothesis/constants/3687cdf4cf8f7af3 +1 -1
- {pmquant-0.4.3 → pmquant-0.4.4}/.hypothesis/unicode_data/15.0.0/charmap.json.gz +0 -0
- pmquant-0.4.4/.hypothesis/unicode_data/15.0.0/codec-utf-8.json.gz +0 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/CHANGELOG.md +17 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/CLAUDE.md +30 -10
- pmquant-0.4.4/CONTRIBUTING.md +80 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/PKG-INFO +8 -3
- {pmquant-0.4.3 → pmquant-0.4.4}/README.md +7 -2
- {pmquant-0.4.3 → pmquant-0.4.4}/SECURITY.md +3 -2
- {pmquant-0.4.3 → pmquant-0.4.4}/pyproject.toml +1 -1
- {pmquant-0.4.3 → pmquant-0.4.4}/server.json +3 -3
- {pmquant-0.4.3 → pmquant-0.4.4}/src/pmq/__init__.py +1 -1
- {pmquant-0.4.3 → pmquant-0.4.4}/tests/test_canary_live.py +2 -1
- pmquant-0.4.3/.hypothesis/unicode_data/15.0.0/codec-utf-8.json.gz +0 -0
- pmquant-0.4.3/CONTRIBUTING.md +0 -52
- {pmquant-0.4.3 → pmquant-0.4.4}/.github/dependabot.yml +0 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/.github/workflows/canary.yml +0 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/.github/workflows/scorecard.yml +0 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/.github/workflows/test.yml +0 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/.gitignore +0 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/.hypothesis/.gitignore +0 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/.hypothesis/constants/07a2a0eac57d1dd0 +0 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/.hypothesis/constants/6c9ffb0a1efc27b6 +0 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/.hypothesis/constants/855d9c2e5b4693f1 +0 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/.hypothesis/constants/ef909bf87e6ac33f +0 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/AGENTS.md +0 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/LICENSE +0 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/bot-template/README.md +0 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/bot-template/bot.py +0 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/bot-template/dash/bot_dash.py +0 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/bot-template/dash/dash.html +0 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/bot-template/pmq-bot.service +0 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/bot-template/strategy.py +0 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/docs/assets/pmq-doctor.svg +0 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/docs/recipes.md +0 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/docs/rounding-study.md +0 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/docs/war-story.md +0 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/examples/fak_buy_guarded.py +0 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/examples/read_market.py +0 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/llms.txt +0 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/src/pmq/data.py +0 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/src/pmq/doctor.py +0 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/src/pmq/exceptions.py +0 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/src/pmq/executor.py +0 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/src/pmq/mcp.py +0 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/src/pmq/py.typed +0 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/tests/test_data.py +0 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/tests/test_doctor.py +0 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/tests/test_executor.py +0 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/tests/test_fill_fuzz.py +0 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/tests/test_mcp.py +0 -0
- {pmquant-0.4.3 → pmquant-0.4.4}/tests/test_template_engine.py +0 -0
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
#!/bin/sh
|
|
2
|
+
# pmq pre-push guard: refuse to push red. CI is the backstop; this catches
|
|
3
|
+
# it before the remote does. Bypass knowingly with --no-verify.
|
|
4
|
+
set -e
|
|
5
|
+
cd "$(git rev-parse --show-toplevel)"
|
|
6
|
+
PY=./.venv/bin/python
|
|
7
|
+
[ -x "$PY" ] || PY=python3
|
|
8
|
+
$PY -m ruff check . || { echo "pre-push: ruff rouge"; exit 1; }
|
|
9
|
+
$PY -m mypy || { echo "pre-push: mypy rouge"; exit 1; }
|
|
10
|
+
$PY -m pytest -q || { echo "pre-push: tests rouges"; exit 1; }
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
name: codeql
|
|
2
|
+
on:
|
|
3
|
+
push:
|
|
4
|
+
branches: [main]
|
|
5
|
+
pull_request:
|
|
6
|
+
schedule:
|
|
7
|
+
- cron: "41 7 * * 1"
|
|
8
|
+
|
|
9
|
+
permissions: read-all
|
|
10
|
+
|
|
11
|
+
jobs:
|
|
12
|
+
analyze:
|
|
13
|
+
runs-on: ubuntu-latest
|
|
14
|
+
permissions:
|
|
15
|
+
security-events: write
|
|
16
|
+
steps:
|
|
17
|
+
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
|
18
|
+
- uses: github/codeql-action/init@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4
|
|
19
|
+
with:
|
|
20
|
+
languages: python
|
|
21
|
+
- uses: github/codeql-action/analyze@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
name: mcp-publish
|
|
2
|
+
on:
|
|
3
|
+
release:
|
|
4
|
+
types: [published]
|
|
5
|
+
workflow_dispatch:
|
|
6
|
+
|
|
7
|
+
permissions:
|
|
8
|
+
contents: read
|
|
9
|
+
id-token: write # OIDC login to the MCP registry
|
|
10
|
+
|
|
11
|
+
jobs:
|
|
12
|
+
publish:
|
|
13
|
+
runs-on: ubuntu-latest
|
|
14
|
+
steps:
|
|
15
|
+
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
|
16
|
+
- name: Fetch mcp-publisher
|
|
17
|
+
env:
|
|
18
|
+
GH_TOKEN: ${{ github.token }}
|
|
19
|
+
run: |
|
|
20
|
+
gh release download --repo modelcontextprotocol/registry \
|
|
21
|
+
--pattern "mcp-publisher_*linux_amd64.tar.gz" --output mp.tgz
|
|
22
|
+
tar -xzf mp.tgz
|
|
23
|
+
./mcp-publisher --version
|
|
24
|
+
- name: Wait for the version to exist on PyPI
|
|
25
|
+
run: |
|
|
26
|
+
V=$(python3 -c "import json; print(json.load(open('server.json'))['version'])")
|
|
27
|
+
for i in $(seq 1 20); do
|
|
28
|
+
curl -s "https://pypi.org/pypi/pmquant/$V/json" | grep -q '"version"' && exit 0
|
|
29
|
+
echo "PyPI does not serve $V yet ($i/20)"; sleep 30
|
|
30
|
+
done
|
|
31
|
+
echo "giving up: registry would reject an unpublished version"; exit 1
|
|
32
|
+
- name: Publish server.json to the MCP registry
|
|
33
|
+
run: |
|
|
34
|
+
./mcp-publisher login github-oidc
|
|
35
|
+
./mcp-publisher publish
|
|
@@ -1,4 +1,4 @@
|
|
|
1
1
|
# file: /home/runner/work/pmq/pmq/src/pmq/__init__.py
|
|
2
2
|
# hypothesis_version: 6.156.1
|
|
3
3
|
|
|
4
|
-
['0.4.
|
|
4
|
+
['0.4.4', 'DEFAULT_BUILDER_CODE', 'FEE_RATES', 'Fill', 'OrderUncertain', 'PmqError', 'PolymarketExecutor', '__version__', 'band_ask_depth_usd', 'best_bid_ask', 'book_inferred_winner', 'book_meta', 'event_markets', 'fee', 'get_book', 'get_market', 'get_tape', 'http_get_json', 'parse_market', 'positions', 'resolved_winner']
|
|
Binary file
|
|
Binary file
|
|
@@ -1,5 +1,22 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 0.4.4 (2026-07-04)
|
|
4
|
+
|
|
5
|
+
* Harden: json.loads accepts NaN and Infinity, so a drifted or hostile
|
|
6
|
+
exchange response could book non-finite or negative matched amounts.
|
|
7
|
+
`_parse_fill` now zeroes anything non-finite or negative (fail closed),
|
|
8
|
+
and a hypothesis fuzz suite (four property groups, hundreds of generated
|
|
9
|
+
adversarial responses per run) pins the whole fill contract: market and
|
|
10
|
+
limit paths book only confirmed finite amounts, the 4xx/uncertain
|
|
11
|
+
exception partition is total, every transport exception surfaces as
|
|
12
|
+
OrderUncertain.
|
|
13
|
+
* Security surface: CodeQL workflow (its first scan caught and we fixed a
|
|
14
|
+
host-boundary bypass in the egress allowlist), Scorecard alert triage
|
|
15
|
+
with written dismissal reasons, top-level permissions on the publish
|
|
16
|
+
workflow, direct private-advisory link in SECURITY.md, Dependabot
|
|
17
|
+
vulnerability alerts enabled. Listed in the official MCP registry as
|
|
18
|
+
io.github.crp4222/pmq (publish rides releases via OIDC).
|
|
19
|
+
|
|
3
20
|
## 0.4.3 (2026-07-04)
|
|
4
21
|
|
|
5
22
|
* Fix: py-clob-client-v2 1.0.2 reuses its limit-order rounding table for
|
|
@@ -9,16 +9,26 @@ agents EDITING it. Read both before changing code.)
|
|
|
9
9
|
confirmed (`orderID` + `success is not False` + matched amounts); 4xx is a
|
|
10
10
|
clean rejection; timeout/5xx raises `OrderUncertain`; unparseable = zero.
|
|
11
11
|
Any change that books more optimistically is a regression by definition,
|
|
12
|
-
whatever it fixes elsewhere.
|
|
13
|
-
|
|
12
|
+
whatever it fixes elsewhere. Matched amounts must be finite and
|
|
13
|
+
non-negative (json.loads accepts NaN/Infinity; hostile values book zero).
|
|
14
|
+
`reconcile()` must keep meaning cancel + `get_trades` truth. The
|
|
15
|
+
hypothesis fuzz suite (tests/test_fill_fuzz.py) pins all of this with
|
|
16
|
+
generated adversarial responses: extend it with every parser change,
|
|
17
|
+
never delete it.
|
|
14
18
|
2. **Startup introspection** (`_EXPECTED_METHODS`/`_EXPECTED_MARKET_ARGS`):
|
|
15
19
|
the executor REFUSES to run on a drifted py-clob-client-v2. When bumping
|
|
16
20
|
the client dependency, re-verify signatures by introspection and update
|
|
17
21
|
the tables in the same commit.
|
|
18
|
-
3. **Builder code policy**: default = maintainer's code,
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
+
3. **Builder code policy**: default = maintainer's code, defined in exactly
|
|
23
|
+
ONE place (`DEFAULT_BUILDER_CODE` in executor.py) and applied
|
|
24
|
+
automatically by every order path. DISCLOSED in README and code comment,
|
|
25
|
+
opt-out one line (`builder_code=None` / env). Never hide it, never remove
|
|
26
|
+
the disclosure, never make opt-out harder. AND the mirror rule: keep the
|
|
27
|
+
disclosure at the DOCUMENTATION level only; do not surface attribution in
|
|
28
|
+
runtime channels (server startup logs, MCP tools or instructions, order
|
|
29
|
+
responses). It is public on-chain in every signed order; in-band
|
|
30
|
+
reminders just prompt sessions to toggle a setting that costs users
|
|
31
|
+
nothing. This is the trust model (JKorf pattern).
|
|
22
32
|
4. **No strategy content, ever**: the maintainer's private bot strategy
|
|
23
33
|
(bands, timing, hours, families, sizing) must never appear in code, docs,
|
|
24
34
|
tests, commits or issues. The bot-template ships deliberately naive
|
|
@@ -41,10 +51,20 @@ agents EDITING it. Read both before changing code.)
|
|
|
41
51
|
* Exchange rules (min size, tick, fee rate) are READ from the venue
|
|
42
52
|
(`book_meta`, `fee_rate`), not hardcoded. `FEE_RATES` is a documented
|
|
43
53
|
snapshot of the official schedule used for estimates.
|
|
44
|
-
* Releases: bump version in `pyproject.toml
|
|
45
|
-
update CHANGELOG.md, push, then
|
|
46
|
-
|
|
47
|
-
|
|
54
|
+
* Releases: bump version in `pyproject.toml`, `src/pmq/__init__.py` AND
|
|
55
|
+
`server.json` (both version fields), update CHANGELOG.md, push, then
|
|
56
|
+
`gh release create vX.Y.Z`: PyPI publish (trusted publishing, signed
|
|
57
|
+
attestations) and the MCP registry republish (mcp-publish.yml,
|
|
58
|
+
github-oidc) both fire on the release event. Registry gotchas: the
|
|
59
|
+
server.json description caps at 100 characters, and the version must
|
|
60
|
+
exist on PyPI. PyPI name is `pmquant`, import name `pmq`: keep the
|
|
61
|
+
README line explaining it.
|
|
62
|
+
* CLAUDE.md and CONTRIBUTING.md are THE SAME FILE by contract: after
|
|
63
|
+
editing one, copy it over the other in the same commit (`cp CLAUDE.md
|
|
64
|
+
CONTRIBUTING.md`). Drift between them means an agent read stale rules.
|
|
65
|
+
* Local guard: `git config core.hooksPath .githooks` once per clone
|
|
66
|
+
enables the pre-push hook (ruff + mypy + pytest). CI is the backstop,
|
|
67
|
+
but the hook catches a broken push before it lands.
|
|
48
68
|
* GitHub Actions stay pinned by commit SHA (dependabot bumps them); new
|
|
49
69
|
workflows get an explicit least-privilege permissions block. The egress
|
|
50
70
|
test and pip-audit ride the weekly canary: never move them to default CI
|
|
@@ -0,0 +1,80 @@
|
|
|
1
|
+
# pmq: engineering invariants for agents CONTRIBUTING to this repo
|
|
2
|
+
|
|
3
|
+
(AGENTS.md in this repo is for agents USING the library; this file is for
|
|
4
|
+
agents EDITING it. Read both before changing code.)
|
|
5
|
+
|
|
6
|
+
## Never weaken (the product IS these properties)
|
|
7
|
+
|
|
8
|
+
1. **The fail-closed fill contract**: a `Fill` books only what the exchange
|
|
9
|
+
confirmed (`orderID` + `success is not False` + matched amounts); 4xx is a
|
|
10
|
+
clean rejection; timeout/5xx raises `OrderUncertain`; unparseable = zero.
|
|
11
|
+
Any change that books more optimistically is a regression by definition,
|
|
12
|
+
whatever it fixes elsewhere. Matched amounts must be finite and
|
|
13
|
+
non-negative (json.loads accepts NaN/Infinity; hostile values book zero).
|
|
14
|
+
`reconcile()` must keep meaning cancel + `get_trades` truth. The
|
|
15
|
+
hypothesis fuzz suite (tests/test_fill_fuzz.py) pins all of this with
|
|
16
|
+
generated adversarial responses: extend it with every parser change,
|
|
17
|
+
never delete it.
|
|
18
|
+
2. **Startup introspection** (`_EXPECTED_METHODS`/`_EXPECTED_MARKET_ARGS`):
|
|
19
|
+
the executor REFUSES to run on a drifted py-clob-client-v2. When bumping
|
|
20
|
+
the client dependency, re-verify signatures by introspection and update
|
|
21
|
+
the tables in the same commit.
|
|
22
|
+
3. **Builder code policy**: default = maintainer's code, defined in exactly
|
|
23
|
+
ONE place (`DEFAULT_BUILDER_CODE` in executor.py) and applied
|
|
24
|
+
automatically by every order path. DISCLOSED in README and code comment,
|
|
25
|
+
opt-out one line (`builder_code=None` / env). Never hide it, never remove
|
|
26
|
+
the disclosure, never make opt-out harder. AND the mirror rule: keep the
|
|
27
|
+
disclosure at the DOCUMENTATION level only; do not surface attribution in
|
|
28
|
+
runtime channels (server startup logs, MCP tools or instructions, order
|
|
29
|
+
responses). It is public on-chain in every signed order; in-band
|
|
30
|
+
reminders just prompt sessions to toggle a setting that costs users
|
|
31
|
+
nothing. This is the trust model (JKorf pattern).
|
|
32
|
+
4. **No strategy content, ever**: the maintainer's private bot strategy
|
|
33
|
+
(bands, timing, hours, families, sizing) must never appear in code, docs,
|
|
34
|
+
tests, commits or issues. The bot-template ships deliberately naive
|
|
35
|
+
demos only.
|
|
36
|
+
5. **Claims must be falsifiable**: no superlatives in README/docs; dated
|
|
37
|
+
claims with evidence (comparison table, on-chain receipts, measured
|
|
38
|
+
studies). If you cannot prove it, do not write it.
|
|
39
|
+
6. **MCP safety gates**: trading tools are REGISTERED only when the operator
|
|
40
|
+
sets `PMQ_MCP_LIVE=1`; per-order `PMQ_MCP_MAX_USD` cap enforced before
|
|
41
|
+
any client call. Read tools must keep working with zero credentials.
|
|
42
|
+
|
|
43
|
+
## Working rules
|
|
44
|
+
|
|
45
|
+
* Tests green (`pytest -q`) and `ruff check .` clean before any push;
|
|
46
|
+
`pyscn check src/pmq bot-template` (complexity <= 10, no dead code)
|
|
47
|
+
must stay green too; clone warnings are informational (the template
|
|
48
|
+
dash deliberately duplicates helpers to stay stdlib-standalone). Add
|
|
49
|
+
tests with every behavior change. Network-touching tests go to
|
|
50
|
+
`tests/test_canary_live.py` behind `PMQ_CANARY=1`, never in default CI.
|
|
51
|
+
* Exchange rules (min size, tick, fee rate) are READ from the venue
|
|
52
|
+
(`book_meta`, `fee_rate`), not hardcoded. `FEE_RATES` is a documented
|
|
53
|
+
snapshot of the official schedule used for estimates.
|
|
54
|
+
* Releases: bump version in `pyproject.toml`, `src/pmq/__init__.py` AND
|
|
55
|
+
`server.json` (both version fields), update CHANGELOG.md, push, then
|
|
56
|
+
`gh release create vX.Y.Z`: PyPI publish (trusted publishing, signed
|
|
57
|
+
attestations) and the MCP registry republish (mcp-publish.yml,
|
|
58
|
+
github-oidc) both fire on the release event. Registry gotchas: the
|
|
59
|
+
server.json description caps at 100 characters, and the version must
|
|
60
|
+
exist on PyPI. PyPI name is `pmquant`, import name `pmq`: keep the
|
|
61
|
+
README line explaining it.
|
|
62
|
+
* CLAUDE.md and CONTRIBUTING.md are THE SAME FILE by contract: after
|
|
63
|
+
editing one, copy it over the other in the same commit (`cp CLAUDE.md
|
|
64
|
+
CONTRIBUTING.md`). Drift between them means an agent read stale rules.
|
|
65
|
+
* Local guard: `git config core.hooksPath .githooks` once per clone
|
|
66
|
+
enables the pre-push hook (ruff + mypy + pytest). CI is the backstop,
|
|
67
|
+
but the hook catches a broken push before it lands.
|
|
68
|
+
* GitHub Actions stay pinned by commit SHA (dependabot bumps them); new
|
|
69
|
+
workflows get an explicit least-privilege permissions block. The egress
|
|
70
|
+
test and pip-audit ride the weekly canary: never move them to default CI
|
|
71
|
+
(they need network) and never widen the egress allowlist beyond
|
|
72
|
+
polymarket.com without updating SECURITY.md and the README section.
|
|
73
|
+
* The weekly canary workflow is the drift alarm: if it opens an issue, the
|
|
74
|
+
fix starts by re-running the introspection against the new surface, not
|
|
75
|
+
by loosening the checks.
|
|
76
|
+
* Keep the library small and auditable (five modules): resist adding
|
|
77
|
+
dependencies; stdlib first. Anything bot-shaped belongs in bot-template/,
|
|
78
|
+
not in the package.
|
|
79
|
+
* Style: no em-dashes and no " - " connectors anywhere (strong user rule);
|
|
80
|
+
keep comments sparse and constraint-focused.
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: pmquant
|
|
3
|
-
Version: 0.4.
|
|
3
|
+
Version: 0.4.4
|
|
4
4
|
Summary: Fail-closed execution and market-data layer for Polymarket CLOB V2: local signing, confirmed fills only, fee-correct math, working deposit-wallet (POLY_1271) support.
|
|
5
5
|
Project-URL: Homepage, https://github.com/crp4222/pmq
|
|
6
6
|
Project-URL: Issues, https://github.com/crp4222/pmq/issues
|
|
@@ -130,7 +130,10 @@ not your hopes.
|
|
|
130
130
|
|
|
131
131
|
At startup pmq **introspects the installed py-clob-client-v2** against the API
|
|
132
132
|
surface it was verified on, and refuses to trade on drift instead of sending
|
|
133
|
-
orders through changed semantics.
|
|
133
|
+
orders through changed semantics. The whole table is pinned by an executable
|
|
134
|
+
test per row plus a hypothesis fuzz suite (hundreds of generated adversarial
|
|
135
|
+
responses per run, including NaN/Infinity and negative amounts, which book
|
|
136
|
+
zero).
|
|
134
137
|
|
|
135
138
|
## Quickstart
|
|
136
139
|
|
|
@@ -217,7 +220,9 @@ JKorf/Polymarket.Net; the official client defaults to zero attribution.)
|
|
|
217
220
|
|
|
218
221
|
## MCP server (agents)
|
|
219
222
|
|
|
220
|
-
`pip install "pmquant[mcp]"` then run `pmq-mcp` (stdio).
|
|
223
|
+
`pip install "pmquant[mcp]"` then run `pmq-mcp` (stdio). Listed in the
|
|
224
|
+
[official MCP registry](https://registry.modelcontextprotocol.io) as
|
|
225
|
+
`io.github.crp4222/pmq`. Read tools (market,
|
|
221
226
|
book, taker_fee, account_collateral, account_trades) always exist. Trading
|
|
222
227
|
tools (`fak_buy`, `fak_sell`, `cancel_and_reconcile`) are **only registered
|
|
223
228
|
when the operator sets `PMQ_MCP_LIVE=1`** in the server environment: an
|
|
@@ -95,7 +95,10 @@ not your hopes.
|
|
|
95
95
|
|
|
96
96
|
At startup pmq **introspects the installed py-clob-client-v2** against the API
|
|
97
97
|
surface it was verified on, and refuses to trade on drift instead of sending
|
|
98
|
-
orders through changed semantics.
|
|
98
|
+
orders through changed semantics. The whole table is pinned by an executable
|
|
99
|
+
test per row plus a hypothesis fuzz suite (hundreds of generated adversarial
|
|
100
|
+
responses per run, including NaN/Infinity and negative amounts, which book
|
|
101
|
+
zero).
|
|
99
102
|
|
|
100
103
|
## Quickstart
|
|
101
104
|
|
|
@@ -182,7 +185,9 @@ JKorf/Polymarket.Net; the official client defaults to zero attribution.)
|
|
|
182
185
|
|
|
183
186
|
## MCP server (agents)
|
|
184
187
|
|
|
185
|
-
`pip install "pmquant[mcp]"` then run `pmq-mcp` (stdio).
|
|
188
|
+
`pip install "pmquant[mcp]"` then run `pmq-mcp` (stdio). Listed in the
|
|
189
|
+
[official MCP registry](https://registry.modelcontextprotocol.io) as
|
|
190
|
+
`io.github.crp4222/pmq`. Read tools (market,
|
|
186
191
|
book, taker_fee, account_collateral, account_trades) always exist. Trading
|
|
187
192
|
tools (`fak_buy`, `fak_sell`, `cancel_and_reconcile`) are **only registered
|
|
188
193
|
when the operator sets `PMQ_MCP_LIVE=1`** in the server environment: an
|
|
@@ -35,6 +35,7 @@ the important questions:
|
|
|
35
35
|
|
|
36
36
|
## Reporting a vulnerability
|
|
37
37
|
|
|
38
|
-
Open a
|
|
39
|
-
vulnerability") or
|
|
38
|
+
Open a [private security advisory](https://github.com/crp4222/pmq/security/advisories/new)
|
|
39
|
+
(Security tab, "Report a vulnerability") or, if it is not sensitive, an
|
|
40
|
+
[issue](https://github.com/crp4222/pmq/issues) with the `security` label.
|
|
40
41
|
You will get an answer within a few days.
|
|
@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
|
|
|
4
4
|
|
|
5
5
|
[project]
|
|
6
6
|
name = "pmquant"
|
|
7
|
-
version = "0.4.
|
|
7
|
+
version = "0.4.4"
|
|
8
8
|
description = "Fail-closed execution and market-data layer for Polymarket CLOB V2: local signing, confirmed fills only, fee-correct math, working deposit-wallet (POLY_1271) support."
|
|
9
9
|
readme = "README.md"
|
|
10
10
|
license = { text = "MIT" }
|
|
@@ -2,18 +2,18 @@
|
|
|
2
2
|
"$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json",
|
|
3
3
|
"name": "io.github.crp4222/pmq",
|
|
4
4
|
"title": "pmq (Polymarket CLOB V2)",
|
|
5
|
-
"description": "
|
|
5
|
+
"description": "Production-proven Polymarket CLOB V2 trading and data. Fail-closed fills; keys stay local.",
|
|
6
6
|
"repository": {
|
|
7
7
|
"url": "https://github.com/crp4222/pmq",
|
|
8
8
|
"source": "github"
|
|
9
9
|
},
|
|
10
|
-
"version": "0.4.
|
|
10
|
+
"version": "0.4.4",
|
|
11
11
|
"packages": [
|
|
12
12
|
{
|
|
13
13
|
"registryType": "pypi",
|
|
14
14
|
"registryBaseUrl": "https://pypi.org",
|
|
15
15
|
"identifier": "pmquant",
|
|
16
|
-
"version": "0.4.
|
|
16
|
+
"version": "0.4.4",
|
|
17
17
|
"runtimeHint": "uvx",
|
|
18
18
|
"transport": {
|
|
19
19
|
"type": "stdio"
|
|
@@ -25,7 +25,7 @@ from .data import (
|
|
|
25
25
|
)
|
|
26
26
|
from .exceptions import IntrospectionMismatch, OrderUncertain, PmqError
|
|
27
27
|
|
|
28
|
-
__version__ = "0.4.
|
|
28
|
+
__version__ = "0.4.4"
|
|
29
29
|
__all__ = [
|
|
30
30
|
"FEE_RATES", "band_ask_depth_usd", "best_bid_ask", "book_inferred_winner",
|
|
31
31
|
"book_meta", "event_markets", "fee", "get_book", "get_market", "get_tape",
|
|
@@ -101,5 +101,6 @@ def test_egress_only_polymarket_hosts(monkeypatch):
|
|
|
101
101
|
except pmq.OrderUncertain:
|
|
102
102
|
pass # 5xx path; egress is the point
|
|
103
103
|
print("hosts contacted:", sorted(hosts))
|
|
104
|
-
foreign = {h for h in hosts
|
|
104
|
+
foreign = {h for h in hosts
|
|
105
|
+
if h != "polymarket.com" and not h.endswith(".polymarket.com")}
|
|
105
106
|
assert not foreign, f"unexpected egress: {sorted(foreign)}"
|
|
Binary file
|
pmquant-0.4.3/CONTRIBUTING.md
DELETED
|
@@ -1,52 +0,0 @@
|
|
|
1
|
-
# pmq: engineering invariants for agents CONTRIBUTING to this repo
|
|
2
|
-
|
|
3
|
-
(AGENTS.md in this repo is for agents USING the library; this file is for
|
|
4
|
-
agents EDITING it. Read both before changing code.)
|
|
5
|
-
|
|
6
|
-
## Never weaken (the product IS these properties)
|
|
7
|
-
|
|
8
|
-
1. **The fail-closed fill contract**: a `Fill` books only what the exchange
|
|
9
|
-
confirmed (`orderID` + `success is not False` + matched amounts); 4xx is a
|
|
10
|
-
clean rejection; timeout/5xx raises `OrderUncertain`; unparseable = zero.
|
|
11
|
-
Any change that books more optimistically is a regression by definition,
|
|
12
|
-
whatever it fixes elsewhere. `reconcile()` must keep meaning cancel +
|
|
13
|
-
`get_trades` truth.
|
|
14
|
-
2. **Startup introspection** (`_EXPECTED_METHODS`/`_EXPECTED_MARKET_ARGS`):
|
|
15
|
-
the executor REFUSES to run on a drifted py-clob-client-v2. When bumping
|
|
16
|
-
the client dependency, re-verify signatures by introspection and update
|
|
17
|
-
the tables in the same commit.
|
|
18
|
-
3. **Builder code policy**: default = maintainer's code, DISCLOSED in README
|
|
19
|
-
and code comment, opt-out one line (`builder_code=None` / env). Never
|
|
20
|
-
hide it, never remove the disclosure, never make opt-out harder. This is
|
|
21
|
-
the trust model (JKorf pattern).
|
|
22
|
-
4. **No strategy content, ever**: the maintainer's private bot strategy
|
|
23
|
-
(bands, timing, hours, families, sizing) must never appear in code, docs,
|
|
24
|
-
tests, commits or issues. The bot-template ships deliberately naive
|
|
25
|
-
demos only.
|
|
26
|
-
5. **Claims must be falsifiable**: no superlatives in README/docs; dated
|
|
27
|
-
claims with evidence (comparison table, on-chain receipts, measured
|
|
28
|
-
studies). If you cannot prove it, do not write it.
|
|
29
|
-
6. **MCP safety gates**: trading tools are REGISTERED only when the operator
|
|
30
|
-
sets `PMQ_MCP_LIVE=1`; per-order `PMQ_MCP_MAX_USD` cap enforced before
|
|
31
|
-
any client call. Read tools must keep working with zero credentials.
|
|
32
|
-
|
|
33
|
-
## Working rules
|
|
34
|
-
|
|
35
|
-
* Tests green (`pytest -q`) and `ruff check .` clean before any push; add
|
|
36
|
-
tests with every behavior change. Network-touching tests go to
|
|
37
|
-
`tests/test_canary_live.py` behind `PMQ_CANARY=1`, never in default CI.
|
|
38
|
-
* Exchange rules (min size, tick, fee rate) are READ from the venue
|
|
39
|
-
(`book_meta`, `fee_rate`), not hardcoded. `FEE_RATES` is a documented
|
|
40
|
-
snapshot of the official schedule used for estimates.
|
|
41
|
-
* Releases: bump version in `pyproject.toml` AND `src/pmq/__init__.py`,
|
|
42
|
-
update CHANGELOG.md, push, then `gh release create vX.Y.Z`: PyPI publish
|
|
43
|
-
is automatic via trusted publishing (no tokens anywhere). PyPI name is
|
|
44
|
-
`pmquant`, import name `pmq`: keep the README line explaining it.
|
|
45
|
-
* The weekly canary workflow is the drift alarm: if it opens an issue, the
|
|
46
|
-
fix starts by re-running the introspection against the new surface, not
|
|
47
|
-
by loosening the checks.
|
|
48
|
-
* Keep the library small and auditable (five modules): resist adding
|
|
49
|
-
dependencies; stdlib first. Anything bot-shaped belongs in bot-template/,
|
|
50
|
-
not in the package.
|
|
51
|
-
* Style: no em-dashes and no " - " connectors anywhere (strong user rule);
|
|
52
|
-
keep comments sparse and constraint-focused.
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|