Adriano/Cerbero-mcp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(V2): IBKR client base + auth header + tickle keep-alive

Browse Source 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
root
2026-05-03 20:22:51 +00:00
parent b49b2b36e0
commit 0c74691e7c
3 changed files with 223 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/cerbero_mcp/exchanges/ibkr/client.py
+112
View File
@@ -0,0 +1,112 @@
"""IBKR Client Portal Web API client (REST httpx + OAuth1a)."""
from __future__ import annotations
import time
from collections import OrderedDict
from dataclasses import dataclass, field
from typing import Any
from cerbero_mcp.common.http import async_client
from cerbero_mcp.exchanges.ibkr.oauth import (
IBKRAuthError,
OAuth1aSigner,
_percent_encode,
)
class IBKRError(Exception):
"""Generic IBKR API error (non-auth)."""
_TICKLE_INTERVAL_S = 240.0 # tickle if last call > 4min ago
@dataclass
class IBKRClient:
signer: OAuth1aSigner
account_id: str
paper: bool = True
base_url: str = "https://api.ibkr.com/v1/api"
_conid_cache: OrderedDict[str, int] = field(
default_factory=OrderedDict, init=False, repr=False
)
_last_request_at: float = field(default=0.0, init=False, repr=False)
_http: Any = field(default=None, init=False, repr=False)
_CONID_CACHE_MAX = 1024
def __post_init__(self) -> None:
self._http = async_client(timeout=30.0)
async def aclose(self) -> None:
if self._http and not self._http.is_closed:
await self._http.aclose()
async def health(self) -> dict[str, Any]:
return {"status": "ok", "paper": self.paper}
def is_testnet(self) -> dict[str, Any]:
return {"testnet": self.paper, "base_url": self.base_url}
async def _build_auth_header(self, method: str, url: str) -> str:
await self.signer.get_live_session_token(base_url=self.base_url)
params = self.signer.make_oauth_params()
params["oauth_signature_method"] = "HMAC-SHA256"
sig = self.signer.sign_with_lst(method, url, params)
params["oauth_signature"] = sig
return "OAuth realm=\"limited_poa\", " + ", ".join(
f'{k}="{_percent_encode(v)}"' for k, v in sorted(params.items())
)
async def _maybe_tickle(self) -> None:
if time.monotonic() - self._last_request_at < _TICKLE_INTERVAL_S:
return
try:
url = f"{self.base_url}/tickle"
auth = await self._build_auth_header("POST", url)
await self._http.post(url, headers={"Authorization": auth})
except Exception:
# Tickle is best-effort; failure shouldn't block real request
pass
async def _request(
self,
method: str,
path: str,
*,
params: dict[str, Any] | None = None,
json_body: dict[str, Any] | None = None,
skip_tickle: bool = False,
) -> Any:
if not skip_tickle:
await self._maybe_tickle()
url = f"{self.base_url}{path}"
auth = await self._build_auth_header(method, url)
clean_params = (
{k: v for k, v in params.items() if v is not None}
if params else None
)
resp = await self._http.request(
method, url,
params=clean_params or None,
json=json_body,
headers={"Authorization": auth, "User-Agent": "cerbero-mcp/2.0"},
)
self._last_request_at = time.monotonic()
if resp.status_code == 401:
raise IBKRAuthError(f"401 on {method} {path}: {resp.text[:200]}")
if resp.status_code == 429:
raise IBKRError(f"IBKR_RATE_LIMITED: {resp.text[:200]}")
if resp.status_code >= 500:
raise IBKRError(f"IBKR_SERVER_ERROR status={resp.status_code}")
if resp.status_code >= 400:
raise IBKRError(
f"IBKR_HTTP_{resp.status_code}: {resp.text[:300]}"
)
if not resp.content:
return {}
return resp.json()
async def get_account(self) -> dict:
return await self._request("GET", f"/portfolio/{self.account_id}/summary")