chore: ruff py313, conftest unification, audit log, app factory comune

- pyproject.toml: ruff target-version py311 → py313 (auto-fix 42 lint
  warnings via UP rules); aggiunto consider_namespace_packages = true
  che risolve la collisione conftest tra servizi e permette di lanciare
  pytest sull'intera suite cross-servizio.

- mcp_common.audit: nuovo helper audit_write_op() con logger dedicato
  mcp.audit. Wirato su tutti i write endpoint di deribit, bybit, alpaca
  e hyperliquid (place_order, place_combo_order, cancel_*, set_*,
  close_*, transfer_*, switch_*, amend_*) con principal + target +
  payload non-sensibile + result summarizzato.

- mcp_common.app_factory: ExchangeAppSpec + run_exchange_main()
  centralizza il boilerplate dei __main__.py (configure_root_logging,
  fail_fast_if_missing, summarize, load creds, resolve_environment,
  load token store, uvicorn). I 4 __main__.py exchange ridotti da ~60
  LOC ognuno a ~25 LOC dichiarativi. mcp_common.env_validation
  promosso da mcp_deribit (mantenuto re-export shim per back-compat
  test_env_validation).

- 8 test nuovi (4 audit + 4 app_factory). Suite full: 450/450 verdi.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

services/common/src/mcp_common/app_factory.py

@@ -0,0 +1,86 @@
+"""App factory comune per i servizi mcp-{exchange}.
+
+Centralizza il boilerplate dei `__main__.py`:
+- configure_root_logging (JSON)
+- fail_fast_if_missing su env mandatory
+- summarize env
+- load creds JSON
+- resolve_environment con default URLs
+- load token store
+- delega creazione client + app a callback per-servizio
+- uvicorn.run
+
+Ogni servizio invoca `run_exchange_main(spec)` con uno spec dichiarativo.
+"""
+from __future__ import annotations
+
+import json
+import os
+from collections.abc import Callable
+from dataclasses import dataclass
+from typing import Any
+
+import uvicorn
+
+from mcp_common.auth import load_token_store_from_files
+from mcp_common.env_validation import fail_fast_if_missing, require_env, summarize
+from mcp_common.environment import EnvironmentInfo, resolve_environment
+from mcp_common.logging import configure_root_logging
+
+
+@dataclass(frozen=True)
+class ExchangeAppSpec:
+    exchange: str
+    creds_env_var: str
+    env_var: str  # es. "BYBIT_TESTNET", "ALPACA_PAPER"
+    flag_key: str  # campo nel secret JSON ("testnet" o "paper")
+    default_base_url_live: str
+    default_base_url_testnet: str
+    default_port: int
+    build_client: Callable[[dict, EnvironmentInfo], Any]
+    build_app: Callable[..., Any]
+    extra_summarize_envs: tuple[str, ...] = ()
+
+
+def run_exchange_main(spec: ExchangeAppSpec) -> None:
+    configure_root_logging()
+
+    fail_fast_if_missing([spec.creds_env_var])
+    summarize([
+        spec.creds_env_var,
+        "CORE_TOKEN_FILE",
+        "OBSERVER_TOKEN_FILE",
+        "PORT",
+        "HOST",
+        spec.env_var,
+        *spec.extra_summarize_envs,
+    ])
+
+    creds_file = require_env(spec.creds_env_var, f"{spec.exchange} credentials JSON path")
+    with open(creds_file) as f:
+        creds = json.load(f)
+
+    env_info = resolve_environment(
+        creds,
+        env_var=spec.env_var,
+        flag_key=spec.flag_key,
+        exchange=spec.exchange,
+        default_base_url_live=spec.default_base_url_live,
+        default_base_url_testnet=spec.default_base_url_testnet,
+    )
+
+    client = spec.build_client(creds, env_info)
+
+    token_store = load_token_store_from_files(
+        core_token_file=os.environ.get("CORE_TOKEN_FILE"),
+        observer_token_file=os.environ.get("OBSERVER_TOKEN_FILE"),
+    )
+
+    app = spec.build_app(client=client, token_store=token_store, creds=creds, env_info=env_info)
+
+    uvicorn.run(
+        app,
+        log_config=None,
+        host=os.environ.get("HOST", "0.0.0.0"),
+        port=int(os.environ.get("PORT", str(spec.default_port))),
+    )

services/common/src/mcp_common/audit.py

@@ -0,0 +1,74 @@
+"""Audit log strutturato per write endpoint MCP (place_order, cancel,
+set_*, close_*, transfer_*). Usa un logger dedicato `mcp.audit` su stream
+JSON: in deployment può essere redirezionato a file/syslog/SIEM separato.
+
+Logica:
+- `audit_write_op(principal, action, exchange, target, payload, result)`
+  emette UN record JSON per ogni operazione con esito (ok/error).
+- Payload sensibile (api_key, secret) già filtrato dal SecretsFilter
+  globale; qui non si include creds.
+"""
+from __future__ import annotations
+
+import logging
+from typing import Any
+
+from mcp_common.auth import Principal
+from mcp_common.logging import get_json_logger
+
+_logger = get_json_logger("mcp.audit", level=logging.INFO)
+
+
+def audit_write_op(
+    *,
+    principal: Principal | None,
+    action: str,
+    exchange: str,
+    target: str | None = None,
+    payload: dict[str, Any] | None = None,
+    result: dict[str, Any] | None = None,
+    error: str | None = None,
+) -> None:
+    """Emit a structured audit log record per write operation.
+
+    principal: chi ha invocato (None se anonimo, ma normalmente _check
+        impedisce di arrivare qui senza principal).
+    action: nome del tool (es. "place_order", "cancel_order").
+    exchange: identificatore servizio (deribit, bybit, alpaca, hyperliquid).
+    target: instrument/symbol/order_id su cui si agisce.
+    payload: input non-sensibile (qty, side, leverage, ecc.).
+    result: output del client (order_id, status, ecc.).
+    error: stringa errore se l'operazione ha fallito.
+    """
+    record: dict[str, Any] = {
+        "audit_event": "write_op",
+        "action": action,
+        "exchange": exchange,
+        "principal": principal.name if principal else None,
+        "target": target,
+        "payload": payload or {},
+    }
+    if result is not None:
+        record["result"] = _summarize_result(result)
+    if error is not None:
+        record["error"] = error
+        _logger.error("audit", extra=record)
+    else:
+        _logger.info("audit", extra=record)
+
+
+def _summarize_result(result: dict[str, Any]) -> dict[str, Any]:
+    """Estrae i campi rilevanti dal result (order_id, state, error code)
+    per evitare di loggare payload enormi.
+    """
+    keys = (
+        "order_id", "order_link_id", "combo_instrument", "state", "status",
+        "code", "error", "stop_price", "tp_price", "transfer_id",
+    )
+    out: dict[str, Any] = {}
+    for k in keys:
+        if k in result:
+            out[k] = result[k]
+    if "orders" in result:
+        out["orders_count"] = len(result["orders"])
+    return out

services/common/src/mcp_common/env_validation.py

@@ -0,0 +1,69 @@
+"""Env validation policy: fail-fast per mandatory, soft per optional.
+
+Usage al boot di ogni mcp `__main__.py`:
+
+    from mcp_common.env_validation import require_env, optional_env, summarize
+
+    creds_file = require_env("CREDENTIALS_FILE", "deribit credentials JSON path")
+    host = optional_env("HOST", default="0.0.0.0")
+    summarize(["CREDENTIALS_FILE", "HOST", "PORT"])
+"""
+
+from __future__ import annotations
+
+import logging
+import os
+import sys
+
+logger = logging.getLogger(__name__)
+
+
+class MissingEnvError(RuntimeError):
+    """Mandatory env var absent or empty."""
+
+
+def require_env(name: str, description: str = "") -> str:
+    val = (os.environ.get(name) or "").strip()
+    if not val:
+        msg = f"missing mandatory env var: {name}"
+        if description:
+            msg += f" ({description})"
+        logger.error(msg)
+        raise MissingEnvError(msg)
+    return val
+
+
+def optional_env(name: str, *, default: str = "") -> str:
+    val = (os.environ.get(name) or "").strip()
+    if not val:
+        if default:
+            logger.info("env %s not set, using default=%r", name, default)
+        return default
+    return val
+
+
+def summarize(names: list[str]) -> None:
+    sensitive_tokens = ("SECRET", "KEY", "TOKEN", "PASSWORD", "CREDENTIAL", "WALLET")
+    for n in names:
+        val = os.environ.get(n)
+        if val is None:
+            logger.info("env[%s]: <unset>", n)
+            continue
+        if any(t in n.upper() for t in sensitive_tokens):
+            logger.info("env[%s]: <set, %d chars>", n, len(val))
+        else:
+            logger.info("env[%s]: %s", n, val)
+
+
+def fail_fast_if_missing(names: list[str]) -> None:
+    missing: list[str] = []
+    for n in names:
+        if not (os.environ.get(n) or "").strip():
+            missing.append(n)
+    if missing:
+        logger.error("boot aborted: missing mandatory env vars: %s", missing)
+        print(
+            f"FATAL: missing mandatory env vars: {missing}",
+            file=sys.stderr,
+        )
+        sys.exit(2)

services/common/src/mcp_common/mcp_bridge.py

@@ -40,6 +40,7 @@ def _derive_input_schemas(app: FastAPI, tool_names: list[str]) -> dict[str, dict
     risolvibili vengono saltate: il chiamante userà un fallback.
     """
     import typing
+
     from pydantic import BaseModel
 
     names_set = set(tool_names)

services/common/src/mcp_common/server.py

@@ -4,10 +4,9 @@ import json
 import os
 import time
 import uuid
-from datetime import UTC, datetime
-
 from collections.abc import Callable
 from contextlib import AbstractAsyncContextManager
+from datetime import UTC, datetime
 
 from fastapi import FastAPI, HTTPException, Request
 from fastapi.exceptions import RequestValidationError

services/common/tests/test_app_factory.py

@@ -0,0 +1,105 @@
+from __future__ import annotations
+
+import json
+from unittest.mock import MagicMock, patch
+
+from mcp_common.app_factory import ExchangeAppSpec, run_exchange_main
+from mcp_common.environment import EnvironmentInfo
+
+
+def _make_spec(build_client=None, build_app=None) -> ExchangeAppSpec:
+    return ExchangeAppSpec(
+        exchange="testex",
+        creds_env_var="TESTEX_CREDENTIALS_FILE",
+        env_var="TESTEX_TESTNET",
+        flag_key="testnet",
+        default_base_url_live="https://api.testex.com",
+        default_base_url_testnet="https://test.testex.com",
+        default_port=9999,
+        build_client=build_client or (lambda creds, env_info: MagicMock(name="client")),
+        build_app=build_app or (lambda **kwargs: MagicMock(name="app")),
+    )
+
+
+def test_run_exchange_main_loads_creds_and_resolves_env(tmp_path, monkeypatch):
+    creds_file = tmp_path / "creds.json"
+    creds_file.write_text(json.dumps({"api_key": "k", "api_secret": "s"}))
+    monkeypatch.setenv("TESTEX_CREDENTIALS_FILE", str(creds_file))
+    monkeypatch.setenv("PORT", "10000")
+    monkeypatch.delenv("TESTEX_TESTNET", raising=False)
+
+    captured: dict = {}
+
+    def build_client(creds, env_info):
+        captured["creds"] = creds
+        captured["env_info"] = env_info
+        return MagicMock()
+
+    def build_app(**kwargs):
+        captured["app_kwargs"] = kwargs
+        return MagicMock()
+
+    spec = _make_spec(build_client=build_client, build_app=build_app)
+
+    with patch("mcp_common.app_factory.uvicorn.run") as mock_run:
+        run_exchange_main(spec)
+
+    assert captured["creds"]["api_key"] == "k"
+    assert captured["creds"]["base_url_live"] == "https://api.testex.com"
+    assert captured["creds"]["base_url_testnet"] == "https://test.testex.com"
+    assert isinstance(captured["env_info"], EnvironmentInfo)
+    assert captured["env_info"].environment == "testnet"
+    assert captured["env_info"].exchange == "testex"
+
+    assert "client" in captured["app_kwargs"]
+    assert "token_store" in captured["app_kwargs"]
+    assert "creds" in captured["app_kwargs"]
+    assert "env_info" in captured["app_kwargs"]
+
+    call_kwargs = mock_run.call_args.kwargs
+    assert call_kwargs["port"] == 10000  # PORT override
+
+
+def test_run_exchange_main_uses_default_port(tmp_path, monkeypatch):
+    creds_file = tmp_path / "creds.json"
+    creds_file.write_text(json.dumps({}))
+    monkeypatch.setenv("TESTEX_CREDENTIALS_FILE", str(creds_file))
+    monkeypatch.delenv("PORT", raising=False)
+
+    spec = _make_spec()
+    with patch("mcp_common.app_factory.uvicorn.run") as mock_run:
+        run_exchange_main(spec)
+
+    assert mock_run.call_args.kwargs["port"] == 9999
+
+
+def test_run_exchange_main_env_var_overrides_creds(tmp_path, monkeypatch):
+    creds_file = tmp_path / "creds.json"
+    creds_file.write_text(json.dumps({"testnet": True}))
+    monkeypatch.setenv("TESTEX_CREDENTIALS_FILE", str(creds_file))
+    monkeypatch.setenv("TESTEX_TESTNET", "false")
+
+    captured: dict = {}
+
+    def build_client(creds, env_info):
+        captured["env_info"] = env_info
+        return MagicMock()
+
+    spec = _make_spec(build_client=build_client)
+
+    with patch("mcp_common.app_factory.uvicorn.run"):
+        run_exchange_main(spec)
+
+    # env var "false" overrides creds.testnet=True → mainnet
+    assert captured["env_info"].environment == "mainnet"
+    assert captured["env_info"].source == "env"
+
+
+def test_run_exchange_main_missing_creds_file_exits(monkeypatch):
+    monkeypatch.delenv("TESTEX_CREDENTIALS_FILE", raising=False)
+
+    spec = _make_spec()
+    import pytest
+    with pytest.raises(SystemExit) as exc_info:
+        run_exchange_main(spec)
+    assert exc_info.value.code == 2

services/common/tests/test_audit.py

@@ -0,0 +1,97 @@
+from __future__ import annotations
+
+import logging
+
+import pytest
+from mcp_common import audit as audit_mod
+from mcp_common.audit import audit_write_op
+from mcp_common.auth import Principal
+
+
+@pytest.fixture
+def captured_records(monkeypatch):
+    """Cattura i record emessi dal logger mcp.audit (propagate=False blocca caplog).
+
+    Sostituisce il logger del modulo con uno che ha caplog attaccato.
+    """
+    records: list[logging.LogRecord] = []
+
+    class ListHandler(logging.Handler):
+        def emit(self, record: logging.LogRecord) -> None:
+            records.append(record)
+
+    test_logger = logging.getLogger("mcp.audit.test")
+    test_logger.handlers.clear()
+    test_logger.addHandler(ListHandler())
+    test_logger.setLevel(logging.DEBUG)
+    test_logger.propagate = False
+    monkeypatch.setattr(audit_mod, "_logger", test_logger)
+    return records
+
+
+def test_audit_write_op_emits_structured_record(captured_records):
+    p = Principal("core", {"core"})
+    audit_write_op(
+        principal=p,
+        action="place_order",
+        exchange="deribit",
+        target="BTC-PERPETUAL",
+        payload={"side": "buy", "amount": 10, "leverage": 3},
+        result={"order_id": "abc", "state": "open"},
+    )
+    assert len(captured_records) == 1
+    rec = captured_records[0]
+    assert rec.action == "place_order"
+    assert rec.exchange == "deribit"
+    assert rec.target == "BTC-PERPETUAL"
+    assert rec.principal == "core"
+    assert rec.payload == {"side": "buy", "amount": 10, "leverage": 3}
+    assert rec.result == {"order_id": "abc", "state": "open"}
+
+
+def test_audit_write_op_error_uses_error_level(captured_records):
+    p = Principal("core", {"core"})
+    audit_write_op(
+        principal=p,
+        action="cancel_order",
+        exchange="bybit",
+        target="ord-123",
+        payload={},
+        error="not_found",
+    )
+    assert len(captured_records) == 1
+    rec = captured_records[0]
+    assert rec.levelname == "ERROR"
+    assert rec.error == "not_found"
+
+
+def test_audit_write_op_summarizes_result_fields(captured_records):
+    p = Principal("core", {"core"})
+    big_result = {
+        "order_id": "ord-1",
+        "state": "submitted",
+        "extra_huge_field": "x" * 10000,
+        "orders": [{"id": 1}, {"id": 2}, {"id": 3}],
+    }
+    audit_write_op(
+        principal=p,
+        action="place_combo_order",
+        exchange="bybit",
+        payload={},
+        result=big_result,
+    )
+    rec = captured_records[0]
+    assert "extra_huge_field" not in rec.result
+    assert rec.result["order_id"] == "ord-1"
+    assert rec.result["orders_count"] == 3
+
+
+def test_audit_write_op_no_principal(captured_records):
+    audit_write_op(
+        principal=None,
+        action="place_order",
+        exchange="alpaca",
+        payload={},
+    )
+    rec = captured_records[0]
+    assert rec.principal is None

services/common/tests/test_environment.py

@@ -1,10 +1,7 @@
 from __future__ import annotations
 
-import json
-
 import pytest
-
-from mcp_common.environment import EnvironmentInfo, resolve_environment
+from mcp_common.environment import resolve_environment
 
 
 def test_env_var_overrides_secret(monkeypatch):

services/common/tests/test_options.py

@@ -4,7 +4,6 @@ dall'exchange).
 from __future__ import annotations
 
 import pytest
-
 from mcp_common.options import (
     atm_vs_wings_vol,
     dealer_gamma_profile,
@@ -13,7 +12,6 @@ from mcp_common.options import (
     vanna_charm_aggregate,
 )
 
-
 # ---------- oi_weighted_skew ----------
 
 def test_oi_weighted_skew_balanced():

services/common/tests/test_stats.py

@@ -1,6 +1,5 @@
 from __future__ import annotations
 
-import math
 import random
 
 from mcp_common.stats import cointegration_test