feat(mcp-hyperliquid): leverage_cap + testnet resolver + environment_info

services/mcp-hyperliquid/tests/test_environment_info.py

@@ -0,0 +1,51 @@
+from __future__ import annotations
+
+from unittest.mock import AsyncMock, MagicMock
+
+from fastapi.testclient import TestClient
+
+from mcp_common.auth import Principal, TokenStore
+from mcp_common.environment import EnvironmentInfo
+from mcp_hyperliquid.server import create_app
+
+
+def _make_app(env_info, creds):
+    c = MagicMock()
+    c.testnet = True
+    store = TokenStore(tokens={
+        "ct": Principal("core", {"core"}),
+        "ot": Principal("observer", {"observer"}),
+    })
+    return create_app(client=c, token_store=store, creds=creds, env_info=env_info)
+
+
+def test_environment_info_full_shape():
+    env = EnvironmentInfo(
+        exchange="hyperliquid",
+        environment="testnet",
+        source="env",
+        env_value="true",
+        base_url="https://api.hyperliquid-testnet.xyz",
+    )
+    app = _make_app(env, creds={"max_leverage": 3})
+    c = TestClient(app)
+    r = c.post("/tools/environment_info", headers={"Authorization": "Bearer ot"})
+    assert r.status_code == 200
+    body = r.json()
+    assert body["exchange"] == "hyperliquid"
+    assert body["environment"] == "testnet"
+    assert body["source"] == "env"
+    assert body["env_value"] == "true"
+    assert body["base_url"] == "https://api.hyperliquid-testnet.xyz"
+    assert body["max_leverage"] == 3
+
+
+def test_environment_info_requires_auth():
+    env = EnvironmentInfo(
+        exchange="hyperliquid", environment="testnet", source="default",
+        env_value=None, base_url="https://api.hyperliquid-testnet.xyz",
+    )
+    app = _make_app(env, creds={"max_leverage": 3})
+    c = TestClient(app)
+    r = c.post("/tools/environment_info")
+    assert r.status_code == 401

services/mcp-hyperliquid/tests/test_leverage_cap.py

@@ -0,0 +1,51 @@
+from __future__ import annotations
+
+import pytest
+from fastapi import HTTPException
+
+from mcp_hyperliquid.leverage_cap import enforce_leverage, get_max_leverage
+
+
+def test_get_max_leverage_returns_creds_value():
+    creds = {"max_leverage": 5}
+    assert get_max_leverage(creds) == 5
+
+
+def test_get_max_leverage_default_when_missing():
+    """Default 1 (cash) se il secret non ha max_leverage."""
+    assert get_max_leverage({}) == 1
+
+
+def test_enforce_leverage_pass_under_cap():
+    creds = {"max_leverage": 3}
+    enforce_leverage(2, creds=creds, exchange="hyperliquid")  # no raise
+
+
+def test_enforce_leverage_pass_at_cap():
+    creds = {"max_leverage": 3}
+    enforce_leverage(3, creds=creds, exchange="hyperliquid")  # no raise
+
+
+def test_enforce_leverage_reject_over_cap():
+    creds = {"max_leverage": 3}
+    with pytest.raises(HTTPException) as exc:
+        enforce_leverage(10, creds=creds, exchange="hyperliquid")
+    assert exc.value.status_code == 403
+    assert exc.value.detail["error"] == "LEVERAGE_CAP_EXCEEDED"
+    assert exc.value.detail["exchange"] == "hyperliquid"
+    assert exc.value.detail["requested"] == 10
+    assert exc.value.detail["max"] == 3
+
+
+def test_enforce_leverage_reject_when_below_one():
+    creds = {"max_leverage": 3}
+    with pytest.raises(HTTPException) as exc:
+        enforce_leverage(0, creds=creds, exchange="hyperliquid")
+    assert exc.value.status_code == 403
+
+
+def test_enforce_leverage_default_when_none():
+    """Se requested è None, applica il cap come default."""
+    creds = {"max_leverage": 3}
+    result = enforce_leverage(None, creds=creds, exchange="hyperliquid")
+    assert result == 3

services/mcp-hyperliquid/tests/test_server_acl.py

@@ -37,7 +37,7 @@ def http(mock_client):
             "ot": Principal("observer", {"observer"}),
         }
     )
-    app = create_app(client=mock_client, token_store=store)
+    app = create_app(client=mock_client, token_store=store, creds={"max_leverage": 3})
     return TestClient(app)
 
 
@@ -128,18 +128,8 @@ def test_place_order_observer_forbidden(http):
     assert r.status_code == 403
 
 
-def test_place_order_notional_cap_enforced(http):
-    """CER-016: HL reject amount*price > 200."""
-    r = http.post(
-        "/tools/place_order",
-        headers={"Authorization": "Bearer ct"},
-        json={"instrument": "ETH", "side": "buy", "amount": 0.1, "price": 3350},
-    )
-    assert r.status_code == 403
-    assert r.json()["error"]["code"] == "HARD_PROHIBITION"
-
-
 def test_place_order_leverage_cap_enforced_hl(http):
+    """Reject leverage > max_leverage (da secret, default 3)."""
     r = http.post(
         "/tools/place_order",
         headers={"Authorization": "Bearer ct"},
@@ -152,6 +142,10 @@ def test_place_order_leverage_cap_enforced_hl(http):
         },
     )
     assert r.status_code == 403
+    body = r.json()
+    err = body["error"]
+    assert err["code"] == "LEVERAGE_CAP_EXCEEDED"
+    assert err["details"]["exchange"] == "hyperliquid"
 
 
 def test_cancel_order_core_ok(http):