chore: ruff py313, conftest unification, audit log, app factory comune

- pyproject.toml: ruff target-version py311 → py313 (auto-fix 42 lint warnings via UP rules); aggiunto consider_namespace_packages = true che risolve la collisione conftest tra servizi e permette di lanciare pytest sull'intera suite cross-servizio. - mcp_common.audit: nuovo helper audit_write_op() con logger dedicato mcp.audit. Wirato su tutti i write endpoint di deribit, bybit, alpaca e hyperliquid (place_order, place_combo_order, cancel_*, set_*, close_*, transfer_*, switch_*, amend_*) con principal + target + payload non-sensibile + result summarizzato. - mcp_common.app_factory: ExchangeAppSpec + run_exchange_main() centralizza il boilerplate dei __main__.py (configure_root_logging, fail_fast_if_missing, summarize, load creds, resolve_environment, load token store, uvicorn). I 4 __main__.py exchange ridotti da ~60 LOC ognuno a ~25 LOC dichiarativi. mcp_common.env_validation promosso da mcp_deribit (mantenuto re-export shim per back-compat test_env_validation). - 8 test nuovi (4 audit + 4 app_factory). Suite full: 450/450 verdi. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-28 00:27:02 +02:00
parent a13e3fe045
commit 4d9db750be
45 changed files with 756 additions and 333 deletions
@@ -1,56 +1,29 @@
 from __future__ import annotations

-import json
-import os
-
-import uvicorn
-from mcp_common.auth import load_token_store_from_files
-from mcp_common.environment import resolve_environment
-from mcp_common.logging import configure_root_logging
+from mcp_common.app_factory import ExchangeAppSpec, run_exchange_main

 from mcp_alpaca.client import AlpacaClient
 from mcp_alpaca.server import create_app

-
-configure_root_logging()
-
-
-def main():
-    creds_file = os.environ["ALPACA_CREDENTIALS_FILE"]
-    with open(creds_file) as f:
-        creds = json.load(f)
-
-    env_info = resolve_environment(
-        creds,
-        env_var="ALPACA_PAPER",
-        flag_key="paper",
-        exchange="alpaca",
-        default_base_url_live="https://api.alpaca.markets",
-        default_base_url_testnet="https://paper-api.alpaca.markets",
-    )
-
-    client = AlpacaClient(
+SPEC = ExchangeAppSpec(
+    exchange="alpaca",
+    creds_env_var="ALPACA_CREDENTIALS_FILE",
+    env_var="ALPACA_PAPER",
+    flag_key="paper",
+    default_base_url_live="https://api.alpaca.markets",
+    default_base_url_testnet="https://paper-api.alpaca.markets",
+    default_port=9020,
+    build_client=lambda creds, env_info: AlpacaClient(
        api_key=creds["api_key_id"],
        secret_key=creds["secret_key"],
        paper=(env_info.environment == "testnet"),
-    )
+    ),
+    build_app=create_app,
+)

-    token_store = load_token_store_from_files(
-        core_token_file=os.environ.get("CORE_TOKEN_FILE"),
-        observer_token_file=os.environ.get("OBSERVER_TOKEN_FILE"),
-    )
-    app = create_app(
-        client=client,
-        token_store=token_store,
-        creds=creds,
-        env_info=env_info,
-    )
-    uvicorn.run(
-        app,
-        log_config=None,
-        host=os.environ.get("HOST", "0.0.0.0"),
-        port=int(os.environ.get("PORT", "9020")),
-    )
+
+def main():
+    run_exchange_main(SPEC)


 if __name__ == "__main__":
@@ -26,8 +26,6 @@ from alpaca.trading.client import TradingClient
 from alpaca.trading.enums import (
    AssetClass,
    OrderSide,
-    OrderStatus,
-    OrderType,
    QueryOrderStatus,
    TimeInForce,
 )
@@ -41,7 +39,6 @@ from alpaca.trading.requests import (
    StopOrderRequest,
 )

-
 _TF_MAP = {
    "1min": TimeFrame(1, TimeFrameUnit.Minute),
    "5min": TimeFrame(5, TimeFrameUnit.Minute),
@@ -3,6 +3,7 @@ from __future__ import annotations
 import os

 from fastapi import Depends, HTTPException
+from mcp_common.audit import audit_write_op
 from mcp_common.auth import Principal, TokenStore, require_principal
 from mcp_common.environment import EnvironmentInfo
 from mcp_common.mcp_bridge import mount_mcp_endpoint
@@ -12,7 +13,6 @@ from pydantic import BaseModel
 from mcp_alpaca.client import AlpacaClient
 from mcp_alpaca.leverage_cap import get_max_leverage

-
 # --- Body models: reads ---

 class AccountReq(BaseModel):
@@ -215,37 +215,77 @@ def create_app(
    @app.post("/tools/place_order", tags=["writes"])
    async def t_place_order(body: PlaceOrderReq, principal: Principal = Depends(require_principal)):
        _check(principal, core=True)
-        return await client.place_order(
+        result = await client.place_order(
            body.symbol, body.side, body.qty, body.notional,
            body.order_type, body.limit_price, body.stop_price, body.tif, body.asset_class,
        )
+        audit_write_op(
+            principal=principal, action="place_order", exchange="alpaca",
+            target=body.symbol,
+            payload={"side": body.side, "qty": body.qty, "notional": body.notional,
+                     "order_type": body.order_type, "limit_price": body.limit_price,
+                     "stop_price": body.stop_price, "tif": body.tif,
+                     "asset_class": body.asset_class},
+            result=result,
+        )
+        return result

    @app.post("/tools/amend_order", tags=["writes"])
    async def t_amend_order(body: AmendOrderReq, principal: Principal = Depends(require_principal)):
        _check(principal, core=True)
-        return await client.amend_order(
+        result = await client.amend_order(
            body.order_id, body.qty, body.limit_price, body.stop_price, body.tif,
        )
+        audit_write_op(
+            principal=principal, action="amend_order", exchange="alpaca",
+            target=body.order_id,
+            payload={"qty": body.qty, "limit_price": body.limit_price,
+                     "stop_price": body.stop_price, "tif": body.tif},
+            result=result,
+        )
+        return result

    @app.post("/tools/cancel_order", tags=["writes"])
    async def t_cancel_order(body: CancelOrderReq, principal: Principal = Depends(require_principal)):
        _check(principal, core=True)
-        return await client.cancel_order(body.order_id)
+        result = await client.cancel_order(body.order_id)
+        audit_write_op(
+            principal=principal, action="cancel_order", exchange="alpaca",
+            target=body.order_id, payload={}, result=result,
+        )
+        return result

    @app.post("/tools/cancel_all_orders", tags=["writes"])
    async def t_cancel_all(body: CancelAllReq, principal: Principal = Depends(require_principal)):
        _check(principal, core=True)
-        return {"canceled": await client.cancel_all_orders()}
+        result = {"canceled": await client.cancel_all_orders()}
+        audit_write_op(
+            principal=principal, action="cancel_all_orders", exchange="alpaca",
+            payload={}, result=result,
+        )
+        return result

    @app.post("/tools/close_position", tags=["writes"])
    async def t_close(body: ClosePositionReq, principal: Principal = Depends(require_principal)):
        _check(principal, core=True)
-        return await client.close_position(body.symbol, body.qty, body.percentage)
+        result = await client.close_position(body.symbol, body.qty, body.percentage)
+        audit_write_op(
+            principal=principal, action="close_position", exchange="alpaca",
+            target=body.symbol,
+            payload={"qty": body.qty, "percentage": body.percentage},
+            result=result,
+        )
+        return result

    @app.post("/tools/close_all_positions", tags=["writes"])
    async def t_close_all(body: CloseAllPositionsReq, principal: Principal = Depends(require_principal)):
        _check(principal, core=True)
-        return {"closed": await client.close_all_positions(body.cancel_orders)}
+        result = {"closed": await client.close_all_positions(body.cancel_orders)}
+        audit_write_op(
+            principal=principal, action="close_all_positions", exchange="alpaca",
+            payload={"cancel_orders": body.cancel_orders}, result=result,
+        )
+        return result

    # ── MCP mount ──────────────────────────────────────────