* docs/11-gui-streamlit.md — replaces the original spec with what was
actually built: implementation status table, real page filenames
(1_Status, 2_Audit, 3_Equity, 4_History, 5_Position), per-page
inventory of implemented vs deferred sections, GUI ↔ engine table
showing arm_kill/disarm_kill via manual_actions and the
not_supported markers for force_close + approve/reject_proposal,
consumer signature with cron */1, lock model clarified (no GUI
lockfile), DoD updated with current state.
* docs/05-data-model.md — manual_actions is no longer "pianificata":
populated by gui/data_layer.py, drained by the manual_actions job;
per-kind status table (arm/disarm OK, others not_supported).
* docs/09-development-roadmap.md — Phase 4.5 marked implemented with
per-task ✅/⏳ markers for the deferred items (auto-refresh,
AppTest, force-close hook).
* docs/06-operational-flow.md — adds Flusso 5b describing the
manual_actions consumer pattern (enqueue → KillSwitch transition →
audit log linkage).
360/360 tests still pass.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Each bot now manages its own notification + portfolio aggregation:
* TelegramClient calls the public Bot API directly via httpx, reading
CERBERO_BITE_TELEGRAM_BOT_TOKEN / CERBERO_BITE_TELEGRAM_CHAT_ID from
env. No credentials → silent disabled mode.
* PortfolioClient composes DeribitClient + HyperliquidClient + the new
MacroClient.get_asset_price/eur_usd_rate to expose equity (EUR) and
per-asset exposure as the bot's own slice (no cross-bot view).
* mcp-telegram and mcp-portfolio removed from MCP_SERVICES / McpEndpoints
and the cerbero-bite ping CLI; health_check no longer probes portfolio.
Docs (02/04/06/07) and docker-compose updated to reflect the new
architecture.
353/353 tests pass; ruff clean; mypy src clean.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Conclude il doc drift residuo dei tre documenti che ancora
descrivevano il modello di esercizio pre-Fase 4 (memory/brain-bridge,
push_user_instruction, conferma manuale). Aggiornati per riflettere
l'engine autonomo notify-only attuale, con tutti gli ultimi
hardening integrati.
docs/02-architecture.md:
- Diagramma a blocchi: rimosso cerbero-memory ↔ Cerbero core,
aggiunto annotation sull'audit chain con anchor SQLite.
- Tabella stack: httpx pooling al posto dell'SDK mcp, hash chain
con anchor in system_state.
- Layout cartelle: aggiunte runtime/lockfile.py,
runtime/orchestrator.py, runtime/recovery.py, scripts/dead_man.sh,
state/migrations/0002_audit_anchor.sql.
- Sequenze entry/monitor riscritte all'auto-execute via
place_combo_order, niente attesa conferma utente.
- Nuova sezione "Lifecycle del container" con boot order, scheduler,
SIGTERM clean shutdown, lock release.
- Failure modes aggiornati: environment mismatch, audit anchor
mismatch, lock occupato.
docs/05-data-model.md:
- Filosofia estesa con la regola dell'audit chain e l'anchor.
- Schema instructions: payload_json riferito ai response Deribit
(combo_instrument, order_id, state) invece di
push_user_instruction.
- Aggiunta migration 0002_audit_anchor.sql con last_audit_hash.
- Schema log JSONL: campi cycle e cycle_id propagati da
structlog.contextvars.
- Sezione "Audit log" descrive il formato concretamente in uso
(separatori | con prev_hash/hash) ed elenco eventi reali
(ENGINE_START, RECOVERY_DONE, ENTRY_PLACED, HOLD, EXIT_FILLED,
KILL_SWITCH_*, ALERT, KELLY_RECALIBRATED).
- Sezione backup riferita allo job APScheduler ora schedulato
(0 * * * *).
docs/07-risk-controls.md:
- Nuova tabella trigger automatici allineata al codice (column
"Implementato" punta ai moduli runtime/safety reali).
- Sezione "Single-instance lock" introdotta (fcntl.flock,
EngineLock, caveat multi-host).
- Sezione "Anti-truncation" che descrive il flusso anchor: callback
on_append → SQLite → check al boot.
- "Cap di rischio" estesa con i due nuovi filter dealer-gamma e
liquidation-heatmap (§2.8).
- Sezione "Versionamento config" cita execution.environment,
execution.eur_to_usd, dealer_gamma_min, dealer_gamma_filter_enabled,
liquidation_filter_enabled.
- Escalation tree concretizzata sull'AlertManager con i metodi
reali (low/medium/high/critical).
Test: 335 pass, 1 skip (sqlite3 CLI).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Integra due nuovi filtri dal pacchetto quant indicators rilasciato in
Cerbero_mcp (commit a13e3fe). 335 test pass, mypy strict pulito,
ruff clean.
Filtri (§2.8 — nuovo):
- dealer-gamma: blocca entry quando total_net_dealer_gamma <
dealer_gamma_min (default 0). Long-gamma regime favorisce credit
spread (vol-suppressing dealer flow); short-gamma flow lo amplifica
ed è da evitare.
- liquidation-heatmap: blocca entry quando il segnale euristico di
cerbero-sentiment riporta long o short squeeze risk = "high"
(cluster di liquidations imminenti entro 24h).
Entrambi sono best-effort: se il tool MCP fallisce o restituisce
dati anomali l'entry_cycle popola EntryContext con None e
validate_entry salta il gate per non bloccare entry su problemi
infrastrutturali.
Wrapper:
- DeribitClient.dealer_gamma_profile_eth → DealerGammaSnapshot.
- SentimentClient.liquidation_heatmap → LiquidationHeatmap con
property has_high_squeeze_risk.
Schema:
- EntryConfig.dealer_gamma_min, dealer_gamma_filter_enabled,
liquidation_filter_enabled.
- EntryContext.dealer_net_gamma, liquidation_squeeze_risk_high
opzionali.
- strategy.yaml: nuovi campi documentati con commento + hash
ricalcolato (4c2be4c5...).
Documentazione:
- docs/04-mcp-integration.md riscritto al modello attuale (HTTP
REST, no mcp SDK, no memory/brain-bridge, place_combo_order
documentato, environment_info al boot).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Wrapper async tipizzati sui sei servizi MCP HTTP che Cerbero Bite
consuma in autonomia. 277 test pass, copertura clients 93%, mypy
strict pulito, ruff clean.
Base layer:
- clients/_base.py: HttpToolClient con httpx + tenacity (retry
esponenziale 3x, timeout 8s, mapping HTTP→eccezioni tipizzate).
- clients/_exceptions.py: McpAuthError, McpServerError, McpToolError,
McpDataAnomalyError, McpNotFoundError, McpTimeoutError.
- config/mcp_endpoints.py: risoluzione URL via Docker DNS
(mcp-deribit:9011, ...) con override per servizio via env var;
caricamento bearer token da secrets/core.token o
CERBERO_BITE_CORE_TOKEN_FILE.
Wrapper:
- clients/macro.py: next_high_severity_within() per filtro entry §2.5.
- clients/sentiment.py: funding_cross_median_annualized() con
annualizzazione per period nativo per exchange (Binance/Bybit/OKX
1095, Hyperliquid 8760).
- clients/hyperliquid.py: funding_rate_annualized() per filtro §2.6.
- clients/portfolio.py: total_equity_eur(), asset_pct_of_portfolio()
per sizing engine + filtro §2.7.
- clients/telegram.py: notify-only (no callback queue, no
conferme — Bite auto-execute).
- clients/deribit.py: environment_info, index_price_eth,
latest_dvol, options_chain, get_tickers, orderbook_depth_top3,
get_account_summary, get_positions, place_combo_order (combo
atomico), cancel_order.
CLI:
- cerbero-bite ping: health-check parallelo di tutti gli MCP con
tabella rich (OK/FAIL/SKIPPED).
Docker:
- Dockerfile multi-stage Python 3.13 + uv, user non-root.
- docker-compose.yml con rete external "cerbero-suite", secret
core_token montato a /run/secrets/core_token, env per ogni MCP.
- secrets/README.md documenta il setup del token.
Documentazione di intervento:
- docs/12-mcp-deribit-changes.md: spec delle modifiche apportate
al server mcp-deribit (place_combo_order + override testnet via
DERIBIT_TESTNET).
Dipendenze:
- aggiunto pytest-httpx per i test HTTP.
- rimosso mcp>=1.0 (non usiamo l'SDK MCP, parliamo via HTTP REST).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Adriano