Compare commits
10 Commits
a163947205
...
21da74e8a1
| Author | SHA1 | Date | |
|---|---|---|---|
 AdrianoDev
|
21da74e8a1 | ||
|
AdrianoDev
|
81fb5e8c29 | ||
|
AdrianoDev
|
1dbf9bbd7b | ||
|
AdrianoDev
|
d1cea403a7 | ||
|
AdrianoDev
|
33f358c13a | ||
|
AdrianoDev
|
de19d42850 | ||
|
AdrianoDev
|
fb8c43cc61 | ||
|
AdrianoDev
|
e958422fe5 | ||
|
AdrianoDev
|
0b471f207a | ||
|
AdrianoDev
|
ecb2d0e4c2 |
+3
-1
@@ -78,6 +78,7 @@ services:
|
||||
CREDENTIALS_FILE: /run/secrets/deribit_credentials
|
||||
CORE_TOKEN_FILE: /run/secrets/core_token
|
||||
OBSERVER_TOKEN_FILE: /run/secrets/observer_token
|
||||
DERIBIT_TESTNET: "true" # override secrets/deribit.json testnet flag
|
||||
ROOT_PATH: /mcp-deribit
|
||||
|
||||
mcp-hyperliquid:
|
||||
@@ -95,6 +96,7 @@ services:
|
||||
HYPERLIQUID_WALLET_FILE: /run/secrets/hyperliquid_wallet
|
||||
CORE_TOKEN_FILE: /run/secrets/core_token
|
||||
OBSERVER_TOKEN_FILE: /run/secrets/observer_token
|
||||
HYPERLIQUID_TESTNET: "true" # override secrets/hyperliquid.json testnet flag
|
||||
ROOT_PATH: /mcp-hyperliquid
|
||||
|
||||
mcp-bybit:
|
||||
@@ -112,7 +114,7 @@ services:
|
||||
BYBIT_CREDENTIALS_FILE: /run/secrets/bybit_credentials
|
||||
CORE_TOKEN_FILE: /run/secrets/core_token
|
||||
OBSERVER_TOKEN_FILE: /run/secrets/observer_token
|
||||
BYBIT_TESTNET: "false"
|
||||
BYBIT_TESTNET: "true" # override secrets/bybit.json testnet flag
|
||||
ROOT_PATH: /mcp-bybit
|
||||
PORT: "9019"
|
||||
|
||||
|
||||
@@ -6,7 +6,7 @@ RUN pip install --no-cache-dir "uv>=0.5,<0.7"
|
||||
WORKDIR /app
|
||||
COPY pyproject.toml uv.lock ./
|
||||
COPY services/common ./services/common
|
||||
RUN uv sync --frozen --no-dev --package option-mcp-common
|
||||
RUN uv sync --frozen --no-dev --package mcp-common
|
||||
ENV PATH="/app/.venv/bin:$PATH"
|
||||
FROM base AS dev
|
||||
RUN uv sync --frozen --package option-mcp-common
|
||||
RUN uv sync --frozen --package mcp-common
|
||||
|
||||
@@ -29,13 +29,18 @@ def resolve_environment(
|
||||
env_var: str,
|
||||
flag_key: str,
|
||||
exchange: str,
|
||||
default_base_url_live: str | None = None,
|
||||
default_base_url_testnet: str | None = None,
|
||||
) -> EnvironmentInfo:
|
||||
"""Risolvi l'ambiente per un MCP exchange.
|
||||
|
||||
creds: dict letto dal secret JSON. Deve contenere base_url_live e base_url_testnet.
|
||||
creds: dict letto dal secret JSON. Può contenere base_url_live/base_url_testnet
|
||||
per override; in assenza vengono usati i default kwargs.
|
||||
env_var: nome della env var di override (es. DERIBIT_TESTNET).
|
||||
flag_key: chiave booleana nel secret JSON (es. "testnet" o "paper" per alpaca).
|
||||
exchange: nome exchange per logging/info.
|
||||
default_base_url_live / default_base_url_testnet: URL canonici dell'exchange,
|
||||
applicati se non presenti in creds.
|
||||
"""
|
||||
env_value = os.environ.get(env_var)
|
||||
if env_value is not None:
|
||||
@@ -49,6 +54,11 @@ def resolve_environment(
|
||||
environment = "testnet"
|
||||
source = "default"
|
||||
|
||||
if default_base_url_live is not None:
|
||||
creds.setdefault("base_url_live", default_base_url_live)
|
||||
if default_base_url_testnet is not None:
|
||||
creds.setdefault("base_url_testnet", default_base_url_testnet)
|
||||
|
||||
base_url = creds["base_url_testnet"] if environment == "testnet" else creds["base_url_live"]
|
||||
return EnvironmentInfo(
|
||||
exchange=exchange,
|
||||
|
||||
@@ -74,6 +74,37 @@ def test_env_value_truthy_parsing(monkeypatch, raw, expected):
|
||||
assert info.environment == expected
|
||||
|
||||
|
||||
def test_default_base_urls_applied_when_creds_missing(monkeypatch):
|
||||
monkeypatch.delenv("X_TESTNET", raising=False)
|
||||
creds: dict = {}
|
||||
info = resolve_environment(
|
||||
creds,
|
||||
env_var="X_TESTNET",
|
||||
flag_key="testnet",
|
||||
exchange="x",
|
||||
default_base_url_live="https://live.example",
|
||||
default_base_url_testnet="https://test.example",
|
||||
)
|
||||
assert info.base_url == "https://test.example"
|
||||
assert creds["base_url_live"] == "https://live.example"
|
||||
assert creds["base_url_testnet"] == "https://test.example"
|
||||
|
||||
|
||||
def test_creds_base_urls_override_defaults(monkeypatch):
|
||||
monkeypatch.delenv("X_TESTNET", raising=False)
|
||||
creds = {"base_url_live": "L", "base_url_testnet": "T"}
|
||||
info = resolve_environment(
|
||||
creds,
|
||||
env_var="X_TESTNET",
|
||||
flag_key="testnet",
|
||||
exchange="x",
|
||||
default_base_url_live="https://live.example",
|
||||
default_base_url_testnet="https://test.example",
|
||||
)
|
||||
assert info.base_url == "T"
|
||||
assert creds["base_url_live"] == "L"
|
||||
|
||||
|
||||
def test_alpaca_paper_flag_key(monkeypatch):
|
||||
"""Alpaca usa 'paper' invece di 'testnet' nel secret."""
|
||||
monkeypatch.delenv("ALPACA_PAPER", raising=False)
|
||||
|
||||
@@ -5,6 +5,7 @@ import os
|
||||
|
||||
import uvicorn
|
||||
from mcp_common.auth import load_token_store_from_files
|
||||
from mcp_common.environment import resolve_environment
|
||||
from mcp_common.logging import configure_root_logging
|
||||
|
||||
from mcp_alpaca.client import AlpacaClient
|
||||
@@ -19,20 +20,31 @@ def main():
|
||||
with open(creds_file) as f:
|
||||
creds = json.load(f)
|
||||
|
||||
paper_env = os.environ.get("ALPACA_PAPER", "true").lower()
|
||||
paper = paper_env not in ("0", "false", "no")
|
||||
env_info = resolve_environment(
|
||||
creds,
|
||||
env_var="ALPACA_PAPER",
|
||||
flag_key="paper",
|
||||
exchange="alpaca",
|
||||
default_base_url_live="https://api.alpaca.markets",
|
||||
default_base_url_testnet="https://paper-api.alpaca.markets",
|
||||
)
|
||||
|
||||
client = AlpacaClient(
|
||||
api_key=creds["api_key_id"],
|
||||
secret_key=creds["secret_key"],
|
||||
paper=paper,
|
||||
paper=(env_info.environment == "testnet"),
|
||||
)
|
||||
|
||||
token_store = load_token_store_from_files(
|
||||
core_token_file=os.environ.get("CORE_TOKEN_FILE"),
|
||||
observer_token_file=os.environ.get("OBSERVER_TOKEN_FILE"),
|
||||
)
|
||||
app = create_app(client=client, token_store=token_store)
|
||||
app = create_app(
|
||||
client=client,
|
||||
token_store=token_store,
|
||||
creds=creds,
|
||||
env_info=env_info,
|
||||
)
|
||||
uvicorn.run(
|
||||
app,
|
||||
log_config=None,
|
||||
|
||||
@@ -0,0 +1,56 @@
|
||||
"""Leverage cap server-side per place_order.
|
||||
|
||||
Cap letto dal secret JSON via campo `max_leverage`. Default 1 (cash) se assente.
|
||||
"""
|
||||
from __future__ import annotations
|
||||
|
||||
from fastapi import HTTPException
|
||||
|
||||
|
||||
def get_max_leverage(creds: dict) -> int:
|
||||
"""Legge max_leverage dal secret. Default 1 se mancante."""
|
||||
raw = creds.get("max_leverage", 1)
|
||||
try:
|
||||
value = int(raw)
|
||||
except (TypeError, ValueError):
|
||||
value = 1
|
||||
return max(1, value)
|
||||
|
||||
|
||||
def enforce_leverage(
|
||||
requested: int | float | None,
|
||||
*,
|
||||
creds: dict,
|
||||
exchange: str,
|
||||
) -> int:
|
||||
"""Verifica e applica leverage cap. Ritorna leverage applicabile.
|
||||
|
||||
Solleva HTTPException(403, LEVERAGE_CAP_EXCEEDED) se requested > cap.
|
||||
Se requested is None, applica il cap come default.
|
||||
"""
|
||||
cap = get_max_leverage(creds)
|
||||
if requested is None:
|
||||
return cap
|
||||
lev = int(requested)
|
||||
if lev < 1:
|
||||
raise HTTPException(
|
||||
status_code=403,
|
||||
detail={
|
||||
"error": "LEVERAGE_CAP_EXCEEDED",
|
||||
"exchange": exchange,
|
||||
"requested": lev,
|
||||
"max": cap,
|
||||
"reason": "leverage must be >= 1",
|
||||
},
|
||||
)
|
||||
if lev > cap:
|
||||
raise HTTPException(
|
||||
status_code=403,
|
||||
detail={
|
||||
"error": "LEVERAGE_CAP_EXCEEDED",
|
||||
"exchange": exchange,
|
||||
"requested": lev,
|
||||
"max": cap,
|
||||
},
|
||||
)
|
||||
return lev
|
||||
@@ -4,11 +4,13 @@ import os
|
||||
|
||||
from fastapi import Depends, HTTPException
|
||||
from mcp_common.auth import Principal, TokenStore, require_principal
|
||||
from mcp_common.environment import EnvironmentInfo
|
||||
from mcp_common.mcp_bridge import mount_mcp_endpoint
|
||||
from mcp_common.server import build_app
|
||||
from pydantic import BaseModel
|
||||
|
||||
from mcp_alpaca.client import AlpacaClient
|
||||
from mcp_alpaca.leverage_cap import get_max_leverage
|
||||
|
||||
|
||||
# --- Body models: reads ---
|
||||
@@ -118,11 +120,39 @@ def _check(principal: Principal, *, core: bool = False, observer: bool = False)
|
||||
raise HTTPException(status_code=403, detail="forbidden")
|
||||
|
||||
|
||||
def create_app(*, client: AlpacaClient, token_store: TokenStore):
|
||||
def create_app(
|
||||
*,
|
||||
client: AlpacaClient,
|
||||
token_store: TokenStore,
|
||||
creds: dict | None = None,
|
||||
env_info: EnvironmentInfo | None = None,
|
||||
):
|
||||
creds = creds or {}
|
||||
app = build_app(name="mcp-alpaca", version="0.1.0", token_store=token_store)
|
||||
|
||||
# ── Reads ──────────────────────────────────────────────
|
||||
|
||||
@app.post("/tools/environment_info", tags=["reads"])
|
||||
async def t_environment_info(principal: Principal = Depends(require_principal)):
|
||||
_check(principal, core=True, observer=True)
|
||||
if env_info is None:
|
||||
return {
|
||||
"exchange": "alpaca",
|
||||
"environment": "testnet" if getattr(client, "paper", True) else "mainnet",
|
||||
"source": "credentials",
|
||||
"env_value": None,
|
||||
"base_url": getattr(client, "base_url", None),
|
||||
"max_leverage": get_max_leverage(creds),
|
||||
}
|
||||
return {
|
||||
"exchange": env_info.exchange,
|
||||
"environment": env_info.environment,
|
||||
"source": env_info.source,
|
||||
"env_value": env_info.env_value,
|
||||
"base_url": env_info.base_url,
|
||||
"max_leverage": get_max_leverage(creds),
|
||||
}
|
||||
|
||||
@app.post("/tools/get_account", tags=["reads"])
|
||||
async def t_get_account(body: AccountReq, principal: Principal = Depends(require_principal)):
|
||||
_check(principal, core=True, observer=True)
|
||||
@@ -227,6 +257,7 @@ def create_app(*, client: AlpacaClient, token_store: TokenStore):
|
||||
token_store=token_store,
|
||||
internal_base_url=f"http://localhost:{port}",
|
||||
tools=[
|
||||
{"name": "environment_info", "description": "Ambiente operativo (paper/live), source, base_url, max_leverage cap."},
|
||||
{"name": "get_account", "description": "Alpaca account summary (equity, cash, buying_power)."},
|
||||
{"name": "get_positions", "description": "Posizioni aperte (stocks/crypto/options)."},
|
||||
{"name": "get_activities", "description": "Activity log (fills, dividends, transfers)."},
|
||||
|
||||
@@ -0,0 +1,51 @@
|
||||
from __future__ import annotations
|
||||
|
||||
from unittest.mock import AsyncMock, MagicMock
|
||||
|
||||
from fastapi.testclient import TestClient
|
||||
|
||||
from mcp_common.auth import Principal, TokenStore
|
||||
from mcp_common.environment import EnvironmentInfo
|
||||
from mcp_alpaca.server import create_app
|
||||
|
||||
|
||||
def _make_app(env_info, creds):
|
||||
c = MagicMock()
|
||||
c.paper = True
|
||||
store = TokenStore(tokens={
|
||||
"ct": Principal("core", {"core"}),
|
||||
"ot": Principal("observer", {"observer"}),
|
||||
})
|
||||
return create_app(client=c, token_store=store, creds=creds, env_info=env_info)
|
||||
|
||||
|
||||
def test_environment_info_paper_is_testnet():
|
||||
"""Alpaca: 'paper' nel secret mappa a environment='testnet'."""
|
||||
env = EnvironmentInfo(
|
||||
exchange="alpaca",
|
||||
environment="testnet",
|
||||
source="env",
|
||||
env_value="true",
|
||||
base_url="https://paper-api.alpaca.markets",
|
||||
)
|
||||
app = _make_app(env, creds={"max_leverage": 1})
|
||||
c = TestClient(app)
|
||||
r = c.post("/tools/environment_info", headers={"Authorization": "Bearer ot"})
|
||||
assert r.status_code == 200
|
||||
body = r.json()
|
||||
assert body["exchange"] == "alpaca"
|
||||
assert body["environment"] == "testnet"
|
||||
assert body["source"] == "env"
|
||||
assert body["base_url"] == "https://paper-api.alpaca.markets"
|
||||
assert body["max_leverage"] == 1
|
||||
|
||||
|
||||
def test_environment_info_requires_auth():
|
||||
env = EnvironmentInfo(
|
||||
exchange="alpaca", environment="testnet", source="default",
|
||||
env_value=None, base_url="https://paper-api.alpaca.markets",
|
||||
)
|
||||
app = _make_app(env, creds={"max_leverage": 1})
|
||||
c = TestClient(app)
|
||||
r = c.post("/tools/environment_info")
|
||||
assert r.status_code == 401
|
||||
@@ -0,0 +1,47 @@
|
||||
from __future__ import annotations
|
||||
|
||||
import pytest
|
||||
from fastapi import HTTPException
|
||||
|
||||
from mcp_alpaca.leverage_cap import enforce_leverage, get_max_leverage
|
||||
|
||||
|
||||
def test_get_max_leverage_returns_creds_value():
|
||||
creds = {"max_leverage": 4}
|
||||
assert get_max_leverage(creds) == 4
|
||||
|
||||
|
||||
def test_get_max_leverage_default_when_missing():
|
||||
"""Default 1 (cash) se il secret non ha max_leverage."""
|
||||
assert get_max_leverage({}) == 1
|
||||
|
||||
|
||||
def test_enforce_leverage_pass_at_cap_one():
|
||||
"""Alpaca cash account: cap 1, leverage 1 OK."""
|
||||
creds = {"max_leverage": 1}
|
||||
enforce_leverage(1, creds=creds, exchange="alpaca") # no raise
|
||||
|
||||
|
||||
def test_enforce_leverage_reject_over_cap_one():
|
||||
creds = {"max_leverage": 1}
|
||||
with pytest.raises(HTTPException) as exc:
|
||||
enforce_leverage(2, creds=creds, exchange="alpaca")
|
||||
assert exc.value.status_code == 403
|
||||
assert exc.value.detail["error"] == "LEVERAGE_CAP_EXCEEDED"
|
||||
assert exc.value.detail["exchange"] == "alpaca"
|
||||
assert exc.value.detail["requested"] == 2
|
||||
assert exc.value.detail["max"] == 1
|
||||
|
||||
|
||||
def test_enforce_leverage_reject_when_below_one():
|
||||
creds = {"max_leverage": 1}
|
||||
with pytest.raises(HTTPException) as exc:
|
||||
enforce_leverage(0, creds=creds, exchange="alpaca")
|
||||
assert exc.value.status_code == 403
|
||||
|
||||
|
||||
def test_enforce_leverage_default_when_none():
|
||||
"""Se requested è None, applica il cap come default."""
|
||||
creds = {"max_leverage": 1}
|
||||
result = enforce_leverage(None, creds=creds, exchange="alpaca")
|
||||
assert result == 1
|
||||
@@ -44,7 +44,7 @@ def mock_client():
|
||||
|
||||
@pytest.fixture
|
||||
def http(mock_client, token_store):
|
||||
app = create_app(client=mock_client, token_store=token_store)
|
||||
app = create_app(client=mock_client, token_store=token_store, creds={"max_leverage": 1})
|
||||
return TestClient(app)
|
||||
|
||||
|
||||
|
||||
@@ -5,6 +5,7 @@ import os
|
||||
|
||||
import uvicorn
|
||||
from mcp_common.auth import load_token_store_from_files
|
||||
from mcp_common.environment import resolve_environment
|
||||
from mcp_common.logging import configure_root_logging
|
||||
|
||||
from mcp_bybit.client import BybitClient
|
||||
@@ -19,20 +20,31 @@ def main():
|
||||
with open(creds_file) as f:
|
||||
creds = json.load(f)
|
||||
|
||||
testnet_env = os.environ.get("BYBIT_TESTNET", "true").lower()
|
||||
testnet = testnet_env not in ("0", "false", "no")
|
||||
env_info = resolve_environment(
|
||||
creds,
|
||||
env_var="BYBIT_TESTNET",
|
||||
flag_key="testnet",
|
||||
exchange="bybit",
|
||||
default_base_url_live="https://api.bybit.com",
|
||||
default_base_url_testnet="https://api-testnet.bybit.com",
|
||||
)
|
||||
|
||||
client = BybitClient(
|
||||
api_key=creds["api_key"],
|
||||
api_secret=creds["api_secret"],
|
||||
testnet=testnet,
|
||||
testnet=(env_info.environment == "testnet"),
|
||||
)
|
||||
|
||||
token_store = load_token_store_from_files(
|
||||
core_token_file=os.environ.get("CORE_TOKEN_FILE"),
|
||||
observer_token_file=os.environ.get("OBSERVER_TOKEN_FILE"),
|
||||
)
|
||||
app = create_app(client=client, token_store=token_store)
|
||||
app = create_app(
|
||||
client=client,
|
||||
token_store=token_store,
|
||||
creds=creds,
|
||||
env_info=env_info,
|
||||
)
|
||||
uvicorn.run(
|
||||
app,
|
||||
log_config=None,
|
||||
|
||||
@@ -0,0 +1,56 @@
|
||||
"""Leverage cap server-side per place_order.
|
||||
|
||||
Cap letto dal secret JSON via campo `max_leverage`. Default 1 (cash) se assente.
|
||||
"""
|
||||
from __future__ import annotations
|
||||
|
||||
from fastapi import HTTPException
|
||||
|
||||
|
||||
def get_max_leverage(creds: dict) -> int:
|
||||
"""Legge max_leverage dal secret. Default 1 se mancante."""
|
||||
raw = creds.get("max_leverage", 1)
|
||||
try:
|
||||
value = int(raw)
|
||||
except (TypeError, ValueError):
|
||||
value = 1
|
||||
return max(1, value)
|
||||
|
||||
|
||||
def enforce_leverage(
|
||||
requested: int | float | None,
|
||||
*,
|
||||
creds: dict,
|
||||
exchange: str,
|
||||
) -> int:
|
||||
"""Verifica e applica leverage cap. Ritorna leverage applicabile.
|
||||
|
||||
Solleva HTTPException(403, LEVERAGE_CAP_EXCEEDED) se requested > cap.
|
||||
Se requested is None, applica il cap come default.
|
||||
"""
|
||||
cap = get_max_leverage(creds)
|
||||
if requested is None:
|
||||
return cap
|
||||
lev = int(requested)
|
||||
if lev < 1:
|
||||
raise HTTPException(
|
||||
status_code=403,
|
||||
detail={
|
||||
"error": "LEVERAGE_CAP_EXCEEDED",
|
||||
"exchange": exchange,
|
||||
"requested": lev,
|
||||
"max": cap,
|
||||
"reason": "leverage must be >= 1",
|
||||
},
|
||||
)
|
||||
if lev > cap:
|
||||
raise HTTPException(
|
||||
status_code=403,
|
||||
detail={
|
||||
"error": "LEVERAGE_CAP_EXCEEDED",
|
||||
"exchange": exchange,
|
||||
"requested": lev,
|
||||
"max": cap,
|
||||
},
|
||||
)
|
||||
return lev
|
||||
@@ -4,11 +4,14 @@ import os
|
||||
|
||||
from fastapi import Depends, HTTPException
|
||||
from mcp_common.auth import Principal, TokenStore, require_principal
|
||||
from mcp_common.environment import EnvironmentInfo
|
||||
from mcp_common.mcp_bridge import mount_mcp_endpoint
|
||||
from mcp_common.server import build_app
|
||||
from pydantic import BaseModel
|
||||
|
||||
from mcp_bybit.client import BybitClient
|
||||
from mcp_bybit.leverage_cap import enforce_leverage as _enforce_leverage
|
||||
from mcp_bybit.leverage_cap import get_max_leverage
|
||||
|
||||
|
||||
# --- Body models: reads ---
|
||||
@@ -180,11 +183,39 @@ def _check(principal: Principal, *, core: bool = False, observer: bool = False)
|
||||
raise HTTPException(status_code=403, detail="forbidden")
|
||||
|
||||
|
||||
def create_app(*, client: BybitClient, token_store: TokenStore):
|
||||
def create_app(
|
||||
*,
|
||||
client: BybitClient,
|
||||
token_store: TokenStore,
|
||||
creds: dict | None = None,
|
||||
env_info: "EnvironmentInfo | None" = None,
|
||||
):
|
||||
creds = creds or {}
|
||||
app = build_app(name="mcp-bybit", version="0.1.0", token_store=token_store)
|
||||
|
||||
# ── Reads ──────────────────────────────────────────────
|
||||
|
||||
@app.post("/tools/environment_info", tags=["reads"])
|
||||
async def t_environment_info(principal: Principal = Depends(require_principal)):
|
||||
_check(principal, core=True, observer=True)
|
||||
if env_info is None:
|
||||
return {
|
||||
"exchange": "bybit",
|
||||
"environment": "testnet" if client.testnet else "mainnet",
|
||||
"source": "credentials",
|
||||
"env_value": None,
|
||||
"base_url": getattr(client, "base_url", None),
|
||||
"max_leverage": get_max_leverage(creds),
|
||||
}
|
||||
return {
|
||||
"exchange": env_info.exchange,
|
||||
"environment": env_info.environment,
|
||||
"source": env_info.source,
|
||||
"env_value": env_info.env_value,
|
||||
"base_url": env_info.base_url,
|
||||
"max_leverage": get_max_leverage(creds),
|
||||
}
|
||||
|
||||
@app.post("/tools/get_ticker", tags=["reads"])
|
||||
async def t_get_ticker(body: TickerReq, principal: Principal = Depends(require_principal)):
|
||||
_check(principal, core=True, observer=True)
|
||||
@@ -309,6 +340,7 @@ def create_app(*, client: BybitClient, token_store: TokenStore):
|
||||
|
||||
@app.post("/tools/set_leverage", tags=["writes"])
|
||||
async def t_set_leverage(body: SetLeverageReq, principal: Principal = Depends(require_principal)):
|
||||
_enforce_leverage(body.leverage, creds=creds, exchange="bybit")
|
||||
_check(principal, core=True)
|
||||
return await client.set_leverage(body.category, body.symbol, body.leverage)
|
||||
|
||||
@@ -332,6 +364,7 @@ def create_app(*, client: BybitClient, token_store: TokenStore):
|
||||
token_store=token_store,
|
||||
internal_base_url=f"http://localhost:{port}",
|
||||
tools=[
|
||||
{"name": "environment_info", "description": "Ambiente operativo (testnet/mainnet), source, base_url, max_leverage cap."},
|
||||
{"name": "get_ticker", "description": "Ticker Bybit (spot/linear/inverse/option)."},
|
||||
{"name": "get_ticker_batch", "description": "Ticker per più simboli."},
|
||||
{"name": "get_orderbook", "description": "Orderbook profondità N."},
|
||||
|
||||
@@ -0,0 +1,55 @@
|
||||
from __future__ import annotations
|
||||
|
||||
from unittest.mock import AsyncMock, MagicMock
|
||||
|
||||
from fastapi.testclient import TestClient
|
||||
|
||||
from mcp_common.auth import Principal, TokenStore
|
||||
from mcp_common.environment import EnvironmentInfo
|
||||
from mcp_bybit.server import create_app
|
||||
|
||||
|
||||
def _make_app(env_info, creds):
|
||||
c = MagicMock()
|
||||
c.testnet = True
|
||||
c.set_leverage = AsyncMock(return_value={"state": "ok"})
|
||||
store = TokenStore(tokens={
|
||||
"ct": Principal("core", {"core"}),
|
||||
"ot": Principal("observer", {"observer"}),
|
||||
})
|
||||
return create_app(client=c, token_store=store, creds=creds, env_info=env_info)
|
||||
|
||||
|
||||
def test_environment_info_full_shape():
|
||||
env = EnvironmentInfo(
|
||||
exchange="bybit",
|
||||
environment="testnet",
|
||||
source="env",
|
||||
env_value="true",
|
||||
base_url="https://api-testnet.bybit.com",
|
||||
)
|
||||
app = _make_app(env, creds={"max_leverage": 3})
|
||||
c = TestClient(app)
|
||||
r = c.post(
|
||||
"/tools/environment_info",
|
||||
headers={"Authorization": "Bearer ot"},
|
||||
)
|
||||
assert r.status_code == 200
|
||||
body = r.json()
|
||||
assert body["exchange"] == "bybit"
|
||||
assert body["environment"] == "testnet"
|
||||
assert body["source"] == "env"
|
||||
assert body["env_value"] == "true"
|
||||
assert body["base_url"] == "https://api-testnet.bybit.com"
|
||||
assert body["max_leverage"] == 3
|
||||
|
||||
|
||||
def test_environment_info_requires_auth():
|
||||
env = EnvironmentInfo(
|
||||
exchange="bybit", environment="testnet", source="default",
|
||||
env_value=None, base_url="https://api-testnet.bybit.com",
|
||||
)
|
||||
app = _make_app(env, creds={"max_leverage": 3})
|
||||
c = TestClient(app)
|
||||
r = c.post("/tools/environment_info")
|
||||
assert r.status_code == 401
|
||||
@@ -0,0 +1,51 @@
|
||||
from __future__ import annotations
|
||||
|
||||
import pytest
|
||||
from fastapi import HTTPException
|
||||
|
||||
from mcp_bybit.leverage_cap import enforce_leverage, get_max_leverage
|
||||
|
||||
|
||||
def test_get_max_leverage_returns_creds_value():
|
||||
creds = {"max_leverage": 5}
|
||||
assert get_max_leverage(creds) == 5
|
||||
|
||||
|
||||
def test_get_max_leverage_default_when_missing():
|
||||
"""Default 1 (cash) se il secret non ha max_leverage."""
|
||||
assert get_max_leverage({}) == 1
|
||||
|
||||
|
||||
def test_enforce_leverage_pass_under_cap():
|
||||
creds = {"max_leverage": 3}
|
||||
enforce_leverage(2, creds=creds, exchange="bybit") # no raise
|
||||
|
||||
|
||||
def test_enforce_leverage_pass_at_cap():
|
||||
creds = {"max_leverage": 3}
|
||||
enforce_leverage(3, creds=creds, exchange="bybit") # no raise
|
||||
|
||||
|
||||
def test_enforce_leverage_reject_over_cap():
|
||||
creds = {"max_leverage": 3}
|
||||
with pytest.raises(HTTPException) as exc:
|
||||
enforce_leverage(10, creds=creds, exchange="bybit")
|
||||
assert exc.value.status_code == 403
|
||||
assert exc.value.detail["error"] == "LEVERAGE_CAP_EXCEEDED"
|
||||
assert exc.value.detail["exchange"] == "bybit"
|
||||
assert exc.value.detail["requested"] == 10
|
||||
assert exc.value.detail["max"] == 3
|
||||
|
||||
|
||||
def test_enforce_leverage_reject_when_below_one():
|
||||
creds = {"max_leverage": 3}
|
||||
with pytest.raises(HTTPException) as exc:
|
||||
enforce_leverage(0, creds=creds, exchange="bybit")
|
||||
assert exc.value.status_code == 403
|
||||
|
||||
|
||||
def test_enforce_leverage_default_when_none():
|
||||
"""Se requested è None, applica il cap come default."""
|
||||
creds = {"max_leverage": 3}
|
||||
result = enforce_leverage(None, creds=creds, exchange="bybit")
|
||||
assert result == 3
|
||||
@@ -52,7 +52,7 @@ def mock_client():
|
||||
|
||||
@pytest.fixture
|
||||
def http(mock_client, token_store):
|
||||
app = create_app(client=mock_client, token_store=token_store)
|
||||
app = create_app(client=mock_client, token_store=token_store, creds={"max_leverage": 5})
|
||||
return TestClient(app)
|
||||
|
||||
|
||||
|
||||
@@ -5,14 +5,15 @@ import os
|
||||
|
||||
import uvicorn
|
||||
from mcp_common.auth import load_token_store_from_files
|
||||
from mcp_common.environment import resolve_environment
|
||||
from mcp_common.logging import configure_root_logging
|
||||
|
||||
from mcp_deribit.client import DeribitClient
|
||||
from mcp_deribit.env_validation import (
|
||||
fail_fast_if_missing,
|
||||
require_env,
|
||||
summarize,
|
||||
)
|
||||
from mcp_common.logging import configure_root_logging
|
||||
|
||||
from mcp_deribit.client import DeribitClient
|
||||
from mcp_deribit.server import create_app
|
||||
|
||||
configure_root_logging() # CER-P5-009: JSON default, env LOG_FORMAT=text per dev
|
||||
@@ -26,17 +27,31 @@ def main():
|
||||
with open(creds_file) as f:
|
||||
creds = json.load(f)
|
||||
|
||||
env_info = resolve_environment(
|
||||
creds,
|
||||
env_var="DERIBIT_TESTNET",
|
||||
flag_key="testnet",
|
||||
exchange="deribit",
|
||||
default_base_url_live="https://www.deribit.com/api/v2",
|
||||
default_base_url_testnet="https://test.deribit.com/api/v2",
|
||||
)
|
||||
|
||||
client = DeribitClient(
|
||||
client_id=creds["client_id"],
|
||||
client_secret=creds["client_secret"],
|
||||
testnet=bool(creds.get("testnet", True)),
|
||||
testnet=(env_info.environment == "testnet"),
|
||||
)
|
||||
|
||||
token_store = load_token_store_from_files(
|
||||
core_token_file=os.environ.get("CORE_TOKEN_FILE"),
|
||||
observer_token_file=os.environ.get("OBSERVER_TOKEN_FILE"),
|
||||
)
|
||||
app = create_app(client=client, token_store=token_store)
|
||||
app = create_app(
|
||||
client=client,
|
||||
token_store=token_store,
|
||||
creds=creds,
|
||||
env_info=env_info,
|
||||
)
|
||||
uvicorn.run(
|
||||
app,
|
||||
log_config=None, # CER-P5-009: delega al root JSON logger
|
||||
|
||||
@@ -4,12 +4,10 @@ import os
|
||||
|
||||
from fastapi import Depends, FastAPI, HTTPException
|
||||
from mcp_common.auth import Principal, TokenStore, require_principal
|
||||
from mcp_common.environment import EnvironmentInfo
|
||||
from mcp_common.mcp_bridge import mount_mcp_endpoint
|
||||
from mcp_common.risk_guard import (
|
||||
enforce_aggregate,
|
||||
enforce_leverage,
|
||||
enforce_single_notional,
|
||||
)
|
||||
from mcp_deribit.leverage_cap import enforce_leverage as _enforce_leverage
|
||||
from mcp_deribit.leverage_cap import get_max_leverage
|
||||
from mcp_common.server import build_app
|
||||
from pydantic import BaseModel, field_validator, model_validator
|
||||
|
||||
@@ -208,48 +206,6 @@ class ClosePositionReq(BaseModel):
|
||||
instrument_name: str
|
||||
|
||||
|
||||
# --- CER-016 notional helpers ---
|
||||
|
||||
async def _compute_notional_deribit(client: DeribitClient, body: PlaceOrderReq) -> float:
|
||||
"""Stima notional in USD per un ordine Deribit.
|
||||
|
||||
- Perp USDC: contract size = 1 USD → amount è già notional USD.
|
||||
- Options: amount è in base asset (BTC/ETH) → moltiplica per index price.
|
||||
- Altri perp BTC/ETH: amount in USD notional.
|
||||
"""
|
||||
name = body.instrument_name.upper()
|
||||
if name.endswith("-PERPETUAL"):
|
||||
return float(body.amount)
|
||||
ref_price: float | None = body.price
|
||||
if ref_price is None:
|
||||
try:
|
||||
tk = await client.get_ticker(body.instrument_name)
|
||||
ref_price = tk.get("mark_price") or tk.get("last_price")
|
||||
except Exception:
|
||||
ref_price = None
|
||||
if not ref_price:
|
||||
return float(body.amount)
|
||||
return float(body.amount) * float(ref_price)
|
||||
|
||||
|
||||
async def _current_aggregate_deribit(client: DeribitClient) -> float:
|
||||
"""Somma notional posizioni aperte su Deribit (USDC)."""
|
||||
try:
|
||||
positions = await client.get_positions("USDC")
|
||||
except Exception:
|
||||
return 0.0
|
||||
total = 0.0
|
||||
for p in positions or []:
|
||||
size = abs(float(p.get("size") or 0))
|
||||
name = str(p.get("instrument") or "").upper()
|
||||
if name.endswith("-PERPETUAL"):
|
||||
total += size
|
||||
else:
|
||||
mark = float(p.get("mark_price") or 0)
|
||||
total += size * mark
|
||||
return total
|
||||
|
||||
|
||||
# --- ACL helper ---
|
||||
|
||||
def _check(principal: Principal, *, core: bool = False, observer: bool = False) -> None:
|
||||
@@ -264,16 +220,23 @@ def _check(principal: Principal, *, core: bool = False, observer: bool = False)
|
||||
|
||||
# --- App factory ---
|
||||
|
||||
def create_app(*, client: DeribitClient, token_store: TokenStore) -> FastAPI:
|
||||
def create_app(
|
||||
*,
|
||||
client: DeribitClient,
|
||||
token_store: TokenStore,
|
||||
creds: dict,
|
||||
env_info: EnvironmentInfo | None = None,
|
||||
) -> FastAPI:
|
||||
from contextlib import asynccontextmanager
|
||||
|
||||
# CER-016: pre-set leverage 3x su perp principali al boot (best-effort).
|
||||
cap_default = get_max_leverage(creds)
|
||||
|
||||
# CER-016: pre-set leverage cap su perp principali al boot (best-effort).
|
||||
@asynccontextmanager
|
||||
async def _lifespan(_app: FastAPI):
|
||||
cap = enforce_leverage(None)
|
||||
for inst in ("BTC-PERPETUAL", "ETH-PERPETUAL"):
|
||||
try:
|
||||
await client.set_leverage(inst, cap)
|
||||
await client.set_leverage(inst, cap_default)
|
||||
except Exception:
|
||||
pass
|
||||
yield
|
||||
@@ -292,6 +255,27 @@ def create_app(*, client: DeribitClient, token_store: TokenStore) -> FastAPI:
|
||||
_check(principal, core=True, observer=True)
|
||||
return client.is_testnet()
|
||||
|
||||
@app.post("/tools/environment_info", tags=["reads"])
|
||||
async def t_environment_info(principal: Principal = Depends(require_principal)):
|
||||
_check(principal, core=True, observer=True)
|
||||
if env_info is None:
|
||||
return {
|
||||
"exchange": "deribit",
|
||||
"environment": "testnet" if client.is_testnet().get("testnet") else "mainnet",
|
||||
"source": "credentials",
|
||||
"env_value": None,
|
||||
"base_url": client.base_url,
|
||||
"max_leverage": get_max_leverage(creds),
|
||||
}
|
||||
return {
|
||||
"exchange": env_info.exchange,
|
||||
"environment": env_info.environment,
|
||||
"source": env_info.source,
|
||||
"env_value": env_info.env_value,
|
||||
"base_url": env_info.base_url,
|
||||
"max_leverage": get_max_leverage(creds),
|
||||
}
|
||||
|
||||
@app.post("/tools/get_ticker", tags=["reads"])
|
||||
async def t_get_ticker(
|
||||
body: GetTickerReq, principal: Principal = Depends(require_principal)
|
||||
@@ -476,15 +460,8 @@ def create_app(*, client: DeribitClient, token_store: TokenStore) -> FastAPI:
|
||||
body: PlaceOrderReq, principal: Principal = Depends(require_principal)
|
||||
):
|
||||
_check(principal, core=True)
|
||||
lev = enforce_leverage(body.leverage)
|
||||
if not body.reduce_only:
|
||||
notional = await _compute_notional_deribit(client, body)
|
||||
enforce_single_notional(
|
||||
notional, exchange="deribit", instrument=body.instrument_name
|
||||
)
|
||||
agg = await _current_aggregate_deribit(client)
|
||||
enforce_aggregate(agg, notional)
|
||||
if lev != enforce_leverage(None):
|
||||
lev = _enforce_leverage(body.leverage, creds=creds, exchange="deribit")
|
||||
if lev != cap_default:
|
||||
try:
|
||||
await client.set_leverage(body.instrument_name, lev)
|
||||
except Exception:
|
||||
@@ -538,6 +515,7 @@ def create_app(*, client: DeribitClient, token_store: TokenStore) -> FastAPI:
|
||||
internal_base_url=f"http://localhost:{port}",
|
||||
tools=[
|
||||
{"name": "is_testnet", "description": "True se client Deribit è in modalità testnet."},
|
||||
{"name": "environment_info", "description": "Ambiente operativo (testnet/mainnet), source, base_url, max_leverage cap."},
|
||||
{"name": "get_ticker", "description": "Ticker di un instrument Deribit."},
|
||||
{"name": "get_ticker_batch", "description": "Ticker per N instruments in parallelo (max 20)."},
|
||||
{"name": "get_instruments", "description": "Lista instruments per currency."},
|
||||
|
||||
@@ -0,0 +1,78 @@
|
||||
from __future__ import annotations
|
||||
|
||||
from unittest.mock import AsyncMock
|
||||
|
||||
from fastapi.testclient import TestClient
|
||||
|
||||
from mcp_common.auth import Principal, TokenStore
|
||||
from mcp_common.environment import EnvironmentInfo
|
||||
from mcp_deribit.server import create_app
|
||||
|
||||
|
||||
def _make_app(env_info, creds):
|
||||
c = AsyncMock()
|
||||
c.set_leverage = AsyncMock(return_value={"state": "ok"})
|
||||
store = TokenStore(tokens={
|
||||
"ct": Principal("core", {"core"}),
|
||||
"ot": Principal("observer", {"observer"}),
|
||||
})
|
||||
return create_app(client=c, token_store=store, creds=creds, env_info=env_info)
|
||||
|
||||
|
||||
def test_environment_info_full_shape():
|
||||
env = EnvironmentInfo(
|
||||
exchange="deribit",
|
||||
environment="testnet",
|
||||
source="env",
|
||||
env_value="true",
|
||||
base_url="https://test.deribit.com/api/v2",
|
||||
)
|
||||
app = _make_app(env, creds={"max_leverage": 3})
|
||||
c = TestClient(app)
|
||||
r = c.post(
|
||||
"/tools/environment_info",
|
||||
headers={"Authorization": "Bearer ot"},
|
||||
)
|
||||
assert r.status_code == 200
|
||||
body = r.json()
|
||||
assert body["exchange"] == "deribit"
|
||||
assert body["environment"] == "testnet"
|
||||
assert body["source"] == "env"
|
||||
assert body["env_value"] == "true"
|
||||
assert body["base_url"] == "https://test.deribit.com/api/v2"
|
||||
assert body["max_leverage"] == 3
|
||||
|
||||
|
||||
def test_environment_info_default_source():
|
||||
env = EnvironmentInfo(
|
||||
exchange="deribit",
|
||||
environment="testnet",
|
||||
source="default",
|
||||
env_value=None,
|
||||
base_url="https://test.deribit.com/api/v2",
|
||||
)
|
||||
app = _make_app(env, creds={"max_leverage": 1})
|
||||
c = TestClient(app)
|
||||
r = c.post(
|
||||
"/tools/environment_info",
|
||||
headers={"Authorization": "Bearer ct"},
|
||||
)
|
||||
assert r.status_code == 200
|
||||
body = r.json()
|
||||
assert body["source"] == "default"
|
||||
assert body["env_value"] is None
|
||||
assert body["max_leverage"] == 1
|
||||
|
||||
|
||||
def test_environment_info_requires_auth():
|
||||
env = EnvironmentInfo(
|
||||
exchange="deribit",
|
||||
environment="testnet",
|
||||
source="default",
|
||||
env_value=None,
|
||||
base_url="https://test.deribit.com/api/v2",
|
||||
)
|
||||
app = _make_app(env, creds={"max_leverage": 3})
|
||||
c = TestClient(app)
|
||||
r = c.post("/tools/environment_info")
|
||||
assert r.status_code == 401
|
||||
@@ -34,7 +34,7 @@ def http(mock_client):
|
||||
"ct": Principal("core", {"core"}),
|
||||
"ot": Principal("observer", {"observer"}),
|
||||
})
|
||||
app = create_app(client=mock_client, token_store=store)
|
||||
app = create_app(client=mock_client, token_store=store, creds={"max_leverage": 3})
|
||||
return TestClient(app)
|
||||
|
||||
|
||||
@@ -94,24 +94,8 @@ def test_place_order_observer_forbidden(http):
|
||||
assert r.status_code == 403
|
||||
|
||||
|
||||
def test_place_order_notional_cap_enforced(http):
|
||||
"""CER-016: reject se notional > CERBERO_MAX_NOTIONAL (default 200)."""
|
||||
r = http.post(
|
||||
"/tools/place_order",
|
||||
headers={"Authorization": "Bearer ct"},
|
||||
json={
|
||||
"instrument_name": "ETH-PERPETUAL",
|
||||
"side": "buy",
|
||||
"amount": 335, # USD — cap 200
|
||||
},
|
||||
)
|
||||
assert r.status_code == 403
|
||||
body = r.json()
|
||||
assert body["error"]["code"] == "HARD_PROHIBITION"
|
||||
|
||||
|
||||
def test_place_order_leverage_cap_enforced(http):
|
||||
"""CER-016: reject leverage > 3x."""
|
||||
"""Reject leverage > max_leverage (da secret, default 3)."""
|
||||
r = http.post(
|
||||
"/tools/place_order",
|
||||
headers={"Authorization": "Bearer ct"},
|
||||
@@ -124,22 +108,12 @@ def test_place_order_leverage_cap_enforced(http):
|
||||
)
|
||||
assert r.status_code == 403
|
||||
body = r.json()
|
||||
assert body["error"]["code"] == "HARD_PROHIBITION"
|
||||
|
||||
|
||||
def test_place_order_reduce_only_skips_cap(http):
|
||||
"""CER-016: reduce_only orders bypassano cap notional (è close)."""
|
||||
r = http.post(
|
||||
"/tools/place_order",
|
||||
headers={"Authorization": "Bearer ct"},
|
||||
json={
|
||||
"instrument_name": "ETH-PERPETUAL",
|
||||
"side": "sell",
|
||||
"amount": 10000,
|
||||
"reduce_only": True,
|
||||
},
|
||||
)
|
||||
assert r.status_code == 200
|
||||
err = body["error"]
|
||||
assert err["code"] == "LEVERAGE_CAP_EXCEEDED"
|
||||
details = err["details"]
|
||||
assert details["exchange"] == "deribit"
|
||||
assert details["requested"] == 50
|
||||
assert details["max"] == 3
|
||||
|
||||
|
||||
def test_close_position_core_ok(http):
|
||||
|
||||
@@ -5,7 +5,7 @@ import os
|
||||
|
||||
import uvicorn
|
||||
from mcp_common.auth import load_token_store_from_files
|
||||
|
||||
from mcp_common.environment import resolve_environment
|
||||
from mcp_common.logging import configure_root_logging
|
||||
|
||||
from mcp_hyperliquid.client import HyperliquidClient
|
||||
@@ -19,10 +19,19 @@ def main():
|
||||
with open(wallet_file) as f:
|
||||
creds = json.load(f)
|
||||
|
||||
env_info = resolve_environment(
|
||||
creds,
|
||||
env_var="HYPERLIQUID_TESTNET",
|
||||
flag_key="testnet",
|
||||
exchange="hyperliquid",
|
||||
default_base_url_live="https://api.hyperliquid.xyz",
|
||||
default_base_url_testnet="https://api.hyperliquid-testnet.xyz",
|
||||
)
|
||||
|
||||
client = HyperliquidClient(
|
||||
wallet_address=creds["wallet_address"],
|
||||
private_key=creds["private_key"],
|
||||
testnet=bool(creds.get("testnet", True)),
|
||||
testnet=(env_info.environment == "testnet"),
|
||||
api_wallet_address=creds.get("api_wallet_address"),
|
||||
)
|
||||
|
||||
@@ -30,7 +39,12 @@ def main():
|
||||
core_token_file=os.environ.get("CORE_TOKEN_FILE"),
|
||||
observer_token_file=os.environ.get("OBSERVER_TOKEN_FILE"),
|
||||
)
|
||||
app = create_app(client=client, token_store=token_store)
|
||||
app = create_app(
|
||||
client=client,
|
||||
token_store=token_store,
|
||||
creds=creds,
|
||||
env_info=env_info,
|
||||
)
|
||||
uvicorn.run(
|
||||
app,
|
||||
log_config=None, # CER-P5-009: delega al root JSON logger
|
||||
|
||||
@@ -0,0 +1,56 @@
|
||||
"""Leverage cap server-side per place_order.
|
||||
|
||||
Cap letto dal secret JSON via campo `max_leverage`. Default 1 (cash) se assente.
|
||||
"""
|
||||
from __future__ import annotations
|
||||
|
||||
from fastapi import HTTPException
|
||||
|
||||
|
||||
def get_max_leverage(creds: dict) -> int:
|
||||
"""Legge max_leverage dal secret. Default 1 se mancante."""
|
||||
raw = creds.get("max_leverage", 1)
|
||||
try:
|
||||
value = int(raw)
|
||||
except (TypeError, ValueError):
|
||||
value = 1
|
||||
return max(1, value)
|
||||
|
||||
|
||||
def enforce_leverage(
|
||||
requested: int | float | None,
|
||||
*,
|
||||
creds: dict,
|
||||
exchange: str,
|
||||
) -> int:
|
||||
"""Verifica e applica leverage cap. Ritorna leverage applicabile.
|
||||
|
||||
Solleva HTTPException(403, LEVERAGE_CAP_EXCEEDED) se requested > cap.
|
||||
Se requested is None, applica il cap come default.
|
||||
"""
|
||||
cap = get_max_leverage(creds)
|
||||
if requested is None:
|
||||
return cap
|
||||
lev = int(requested)
|
||||
if lev < 1:
|
||||
raise HTTPException(
|
||||
status_code=403,
|
||||
detail={
|
||||
"error": "LEVERAGE_CAP_EXCEEDED",
|
||||
"exchange": exchange,
|
||||
"requested": lev,
|
||||
"max": cap,
|
||||
"reason": "leverage must be >= 1",
|
||||
},
|
||||
)
|
||||
if lev > cap:
|
||||
raise HTTPException(
|
||||
status_code=403,
|
||||
detail={
|
||||
"error": "LEVERAGE_CAP_EXCEEDED",
|
||||
"exchange": exchange,
|
||||
"requested": lev,
|
||||
"max": cap,
|
||||
},
|
||||
)
|
||||
return lev
|
||||
@@ -5,11 +5,9 @@ import os
|
||||
from fastapi import Depends, FastAPI, HTTPException
|
||||
from mcp_common.auth import Principal, TokenStore, require_principal
|
||||
from mcp_common.mcp_bridge import mount_mcp_endpoint
|
||||
from mcp_common.risk_guard import (
|
||||
enforce_aggregate,
|
||||
enforce_leverage,
|
||||
enforce_single_notional,
|
||||
)
|
||||
from mcp_common.environment import EnvironmentInfo
|
||||
from mcp_hyperliquid.leverage_cap import enforce_leverage as _enforce_leverage
|
||||
from mcp_hyperliquid.leverage_cap import get_max_leverage
|
||||
from mcp_common.server import build_app
|
||||
from pydantic import BaseModel, field_validator, model_validator
|
||||
|
||||
@@ -167,35 +165,6 @@ class ClosePositionReq(BaseModel):
|
||||
instrument: str
|
||||
|
||||
|
||||
# --- CER-016 notional helpers ---
|
||||
|
||||
async def _compute_notional_hl(client: HyperliquidClient, body: PlaceOrderReq) -> float:
|
||||
"""HL perp: amount è in base asset → notional = amount * price."""
|
||||
ref_price: float | None = body.price
|
||||
if ref_price is None:
|
||||
try:
|
||||
tk = await client.get_ticker(body.instrument)
|
||||
ref_price = tk.get("mark_price") or tk.get("last_price") or tk.get("price")
|
||||
except Exception:
|
||||
ref_price = None
|
||||
if not ref_price:
|
||||
return 0.0
|
||||
return float(body.amount) * float(ref_price)
|
||||
|
||||
|
||||
async def _current_aggregate_hl(client: HyperliquidClient) -> float:
|
||||
try:
|
||||
positions = await client.get_positions()
|
||||
except Exception:
|
||||
return 0.0
|
||||
total = 0.0
|
||||
for p in positions or []:
|
||||
size = abs(float(p.get("size") or p.get("amount") or 0))
|
||||
mark = float(p.get("mark_price") or p.get("price") or 0)
|
||||
total += size * mark
|
||||
return total
|
||||
|
||||
|
||||
# --- ACL helper ---
|
||||
|
||||
def _check(principal: Principal, *, core: bool = False, observer: bool = False) -> None:
|
||||
@@ -210,11 +179,39 @@ def _check(principal: Principal, *, core: bool = False, observer: bool = False)
|
||||
|
||||
# --- App factory ---
|
||||
|
||||
def create_app(*, client: HyperliquidClient, token_store: TokenStore) -> FastAPI:
|
||||
def create_app(
|
||||
*,
|
||||
client: HyperliquidClient,
|
||||
token_store: TokenStore,
|
||||
creds: dict | None = None,
|
||||
env_info: EnvironmentInfo | None = None,
|
||||
) -> FastAPI:
|
||||
creds = creds or {}
|
||||
app = build_app(name="mcp-hyperliquid", version="0.1.0", token_store=token_store)
|
||||
|
||||
# --- Read tools: core + observer ---
|
||||
|
||||
@app.post("/tools/environment_info", tags=["reads"])
|
||||
async def t_environment_info(principal: Principal = Depends(require_principal)):
|
||||
_check(principal, core=True, observer=True)
|
||||
if env_info is None:
|
||||
return {
|
||||
"exchange": "hyperliquid",
|
||||
"environment": "testnet" if getattr(client, "testnet", True) else "mainnet",
|
||||
"source": "credentials",
|
||||
"env_value": None,
|
||||
"base_url": getattr(client, "base_url", None),
|
||||
"max_leverage": get_max_leverage(creds),
|
||||
}
|
||||
return {
|
||||
"exchange": env_info.exchange,
|
||||
"environment": env_info.environment,
|
||||
"source": env_info.source,
|
||||
"env_value": env_info.env_value,
|
||||
"base_url": env_info.base_url,
|
||||
"max_leverage": get_max_leverage(creds),
|
||||
}
|
||||
|
||||
@app.post("/tools/get_markets", tags=["reads"])
|
||||
async def t_get_markets(
|
||||
body: GetMarketsReq, principal: Principal = Depends(require_principal)
|
||||
@@ -307,14 +304,7 @@ def create_app(*, client: HyperliquidClient, token_store: TokenStore) -> FastAPI
|
||||
body: PlaceOrderReq, principal: Principal = Depends(require_principal)
|
||||
):
|
||||
_check(principal, core=True)
|
||||
enforce_leverage(body.leverage)
|
||||
if not body.reduce_only:
|
||||
notional = await _compute_notional_hl(client, body)
|
||||
enforce_single_notional(
|
||||
notional, exchange="hyperliquid", instrument=body.instrument
|
||||
)
|
||||
agg = await _current_aggregate_hl(client)
|
||||
enforce_aggregate(agg, notional)
|
||||
_enforce_leverage(body.leverage, creds=creds, exchange="hyperliquid")
|
||||
return await client.place_order(
|
||||
instrument=body.instrument,
|
||||
side=body.side,
|
||||
@@ -361,6 +351,7 @@ def create_app(*, client: HyperliquidClient, token_store: TokenStore) -> FastAPI
|
||||
token_store=token_store,
|
||||
internal_base_url=f"http://localhost:{port}",
|
||||
tools=[
|
||||
{"name": "environment_info", "description": "Ambiente operativo (testnet/mainnet), source, base_url, max_leverage cap."},
|
||||
{"name": "get_markets", "description": "Lista mercati perp disponibili."},
|
||||
{"name": "get_ticker", "description": "Ticker di un perp."},
|
||||
{"name": "get_orderbook", "description": "Orderbook L2."},
|
||||
|
||||
@@ -0,0 +1,51 @@
|
||||
from __future__ import annotations
|
||||
|
||||
from unittest.mock import AsyncMock, MagicMock
|
||||
|
||||
from fastapi.testclient import TestClient
|
||||
|
||||
from mcp_common.auth import Principal, TokenStore
|
||||
from mcp_common.environment import EnvironmentInfo
|
||||
from mcp_hyperliquid.server import create_app
|
||||
|
||||
|
||||
def _make_app(env_info, creds):
|
||||
c = MagicMock()
|
||||
c.testnet = True
|
||||
store = TokenStore(tokens={
|
||||
"ct": Principal("core", {"core"}),
|
||||
"ot": Principal("observer", {"observer"}),
|
||||
})
|
||||
return create_app(client=c, token_store=store, creds=creds, env_info=env_info)
|
||||
|
||||
|
||||
def test_environment_info_full_shape():
|
||||
env = EnvironmentInfo(
|
||||
exchange="hyperliquid",
|
||||
environment="testnet",
|
||||
source="env",
|
||||
env_value="true",
|
||||
base_url="https://api.hyperliquid-testnet.xyz",
|
||||
)
|
||||
app = _make_app(env, creds={"max_leverage": 3})
|
||||
c = TestClient(app)
|
||||
r = c.post("/tools/environment_info", headers={"Authorization": "Bearer ot"})
|
||||
assert r.status_code == 200
|
||||
body = r.json()
|
||||
assert body["exchange"] == "hyperliquid"
|
||||
assert body["environment"] == "testnet"
|
||||
assert body["source"] == "env"
|
||||
assert body["env_value"] == "true"
|
||||
assert body["base_url"] == "https://api.hyperliquid-testnet.xyz"
|
||||
assert body["max_leverage"] == 3
|
||||
|
||||
|
||||
def test_environment_info_requires_auth():
|
||||
env = EnvironmentInfo(
|
||||
exchange="hyperliquid", environment="testnet", source="default",
|
||||
env_value=None, base_url="https://api.hyperliquid-testnet.xyz",
|
||||
)
|
||||
app = _make_app(env, creds={"max_leverage": 3})
|
||||
c = TestClient(app)
|
||||
r = c.post("/tools/environment_info")
|
||||
assert r.status_code == 401
|
||||
@@ -0,0 +1,51 @@
|
||||
from __future__ import annotations
|
||||
|
||||
import pytest
|
||||
from fastapi import HTTPException
|
||||
|
||||
from mcp_hyperliquid.leverage_cap import enforce_leverage, get_max_leverage
|
||||
|
||||
|
||||
def test_get_max_leverage_returns_creds_value():
|
||||
creds = {"max_leverage": 5}
|
||||
assert get_max_leverage(creds) == 5
|
||||
|
||||
|
||||
def test_get_max_leverage_default_when_missing():
|
||||
"""Default 1 (cash) se il secret non ha max_leverage."""
|
||||
assert get_max_leverage({}) == 1
|
||||
|
||||
|
||||
def test_enforce_leverage_pass_under_cap():
|
||||
creds = {"max_leverage": 3}
|
||||
enforce_leverage(2, creds=creds, exchange="hyperliquid") # no raise
|
||||
|
||||
|
||||
def test_enforce_leverage_pass_at_cap():
|
||||
creds = {"max_leverage": 3}
|
||||
enforce_leverage(3, creds=creds, exchange="hyperliquid") # no raise
|
||||
|
||||
|
||||
def test_enforce_leverage_reject_over_cap():
|
||||
creds = {"max_leverage": 3}
|
||||
with pytest.raises(HTTPException) as exc:
|
||||
enforce_leverage(10, creds=creds, exchange="hyperliquid")
|
||||
assert exc.value.status_code == 403
|
||||
assert exc.value.detail["error"] == "LEVERAGE_CAP_EXCEEDED"
|
||||
assert exc.value.detail["exchange"] == "hyperliquid"
|
||||
assert exc.value.detail["requested"] == 10
|
||||
assert exc.value.detail["max"] == 3
|
||||
|
||||
|
||||
def test_enforce_leverage_reject_when_below_one():
|
||||
creds = {"max_leverage": 3}
|
||||
with pytest.raises(HTTPException) as exc:
|
||||
enforce_leverage(0, creds=creds, exchange="hyperliquid")
|
||||
assert exc.value.status_code == 403
|
||||
|
||||
|
||||
def test_enforce_leverage_default_when_none():
|
||||
"""Se requested è None, applica il cap come default."""
|
||||
creds = {"max_leverage": 3}
|
||||
result = enforce_leverage(None, creds=creds, exchange="hyperliquid")
|
||||
assert result == 3
|
||||
@@ -37,7 +37,7 @@ def http(mock_client):
|
||||
"ot": Principal("observer", {"observer"}),
|
||||
}
|
||||
)
|
||||
app = create_app(client=mock_client, token_store=store)
|
||||
app = create_app(client=mock_client, token_store=store, creds={"max_leverage": 3})
|
||||
return TestClient(app)
|
||||
|
||||
|
||||
@@ -128,18 +128,8 @@ def test_place_order_observer_forbidden(http):
|
||||
assert r.status_code == 403
|
||||
|
||||
|
||||
def test_place_order_notional_cap_enforced(http):
|
||||
"""CER-016: HL reject amount*price > 200."""
|
||||
r = http.post(
|
||||
"/tools/place_order",
|
||||
headers={"Authorization": "Bearer ct"},
|
||||
json={"instrument": "ETH", "side": "buy", "amount": 0.1, "price": 3350},
|
||||
)
|
||||
assert r.status_code == 403
|
||||
assert r.json()["error"]["code"] == "HARD_PROHIBITION"
|
||||
|
||||
|
||||
def test_place_order_leverage_cap_enforced_hl(http):
|
||||
"""Reject leverage > max_leverage (da secret, default 3)."""
|
||||
r = http.post(
|
||||
"/tools/place_order",
|
||||
headers={"Authorization": "Bearer ct"},
|
||||
@@ -152,6 +142,10 @@ def test_place_order_leverage_cap_enforced_hl(http):
|
||||
},
|
||||
)
|
||||
assert r.status_code == 403
|
||||
body = r.json()
|
||||
err = body["error"]
|
||||
assert err["code"] == "LEVERAGE_CAP_EXCEEDED"
|
||||
assert err["details"]["exchange"] == "hyperliquid"
|
||||
|
||||
|
||||
def test_cancel_order_core_ok(http):
|
||||
|
||||
@@ -0,0 +1,18 @@
|
||||
# Smoke locale Cerbero_mcp
|
||||
|
||||
```bash
|
||||
# da repo root Cerbero_mcp/
|
||||
docker compose up -d
|
||||
bash tests/smoke/run.sh
|
||||
docker compose down
|
||||
```
|
||||
|
||||
Il file `run.sh` verifica:
|
||||
- `/health` di tutti i 6 MCP (atteso `200`)
|
||||
- `environment_info` dei 4 exchange (atteso shape `{environment, source, env_value, base_url, max_leverage}`)
|
||||
|
||||
Variabili di ambiente:
|
||||
- `GATEWAY` — URL base gateway (default `http://localhost:8080`)
|
||||
- `TOKEN_FILE` — path al token bearer di lettura (default `secrets/observer.token`)
|
||||
|
||||
Exit code 0 = tutto OK, 1 = uno o più check falliti.
|
||||
Executable
+111
@@ -0,0 +1,111 @@
|
||||
#!/usr/bin/env bash
|
||||
# Smoke test locale per Cerbero_mcp.
|
||||
# Presuppone: docker compose up -d già eseguito da repo root.
|
||||
# Verifica: ogni MCP risponde /health; i 4 exchange espongono environment_info.
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
cd "$(dirname "$0")/../.."
|
||||
|
||||
GATEWAY="${GATEWAY:-http://localhost:8080}"
|
||||
TOKEN_FILE="${TOKEN_FILE:-secrets/observer.token}"
|
||||
|
||||
if [ ! -f "$TOKEN_FILE" ]; then
|
||||
echo "ERROR: token file $TOKEN_FILE not found" >&2
|
||||
exit 2
|
||||
fi
|
||||
|
||||
TOKEN="$(cat "$TOKEN_FILE")"
|
||||
fail=0
|
||||
|
||||
echo "=== /health ==="
|
||||
for svc in mcp-deribit mcp-bybit mcp-hyperliquid mcp-alpaca mcp-macro mcp-sentiment; do
|
||||
code=$(curl -s -o /dev/null -w "%{http_code}" \
|
||||
-H "Authorization: Bearer $TOKEN" \
|
||||
"$GATEWAY/$svc/health" || echo "000")
|
||||
if [ "$code" = "200" ]; then
|
||||
echo " $svc: OK"
|
||||
else
|
||||
echo " $svc: FAIL ($code)"
|
||||
fail=$((fail + 1))
|
||||
fi
|
||||
done
|
||||
|
||||
echo
|
||||
echo "=== environment_info on 4 exchange MCPs ==="
|
||||
for ex in deribit bybit hyperliquid alpaca; do
|
||||
body=$(curl -s -X POST \
|
||||
-H "Authorization: Bearer $TOKEN" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d '{}' \
|
||||
"$GATEWAY/mcp-${ex}/tools/environment_info" 2>/dev/null || echo '{}')
|
||||
|
||||
if [ -z "$body" ] || [ "$body" = "{}" ]; then
|
||||
echo " $ex: FAIL (empty body)"
|
||||
fail=$((fail + 1))
|
||||
continue
|
||||
fi
|
||||
|
||||
if echo "$body" | jq -e '.environment, .source, .base_url, .max_leverage' > /dev/null 2>&1; then
|
||||
env=$(echo "$body" | jq -r '.environment')
|
||||
src=$(echo "$body" | jq -r '.source')
|
||||
cap=$(echo "$body" | jq -r '.max_leverage')
|
||||
echo " $ex: OK (env=$env source=$src max_leverage=$cap)"
|
||||
else
|
||||
echo " $ex: FAIL (shape mismatch)"
|
||||
echo " body: $body"
|
||||
fail=$((fail + 1))
|
||||
fi
|
||||
done
|
||||
|
||||
echo
|
||||
echo "=== live tool check (read-only contro upstream testnet) ==="
|
||||
|
||||
_check_tool() {
|
||||
local label="$1" url="$2" body="$3"
|
||||
local resp
|
||||
resp=$(curl -s -X POST \
|
||||
-H "Authorization: Bearer $TOKEN" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d "$body" \
|
||||
"$url" 2>/dev/null || echo '{}')
|
||||
if echo "$resp" | jq -e 'has("error") | not' > /dev/null 2>&1 \
|
||||
&& [ -n "$resp" ] && [ "$resp" != "null" ] && [ "$resp" != "{}" ]; then
|
||||
echo " $label: OK"
|
||||
else
|
||||
echo " $label: FAIL"
|
||||
echo " body: $(echo "$resp" | head -c 200)"
|
||||
fail=$((fail + 1))
|
||||
fi
|
||||
}
|
||||
|
||||
_check_tool "deribit get_ticker BTC-PERPETUAL" \
|
||||
"$GATEWAY/mcp-deribit/tools/get_ticker" \
|
||||
'{"instrument_name":"BTC-PERPETUAL"}'
|
||||
|
||||
_check_tool "bybit get_ticker BTCUSDT" \
|
||||
"$GATEWAY/mcp-bybit/tools/get_ticker" \
|
||||
'{"symbol":"BTCUSDT","category":"linear"}'
|
||||
|
||||
_check_tool "hyperliquid get_ticker BTC" \
|
||||
"$GATEWAY/mcp-hyperliquid/tools/get_ticker" \
|
||||
'{"instrument":"BTC"}'
|
||||
|
||||
_check_tool "alpaca get_clock (richiede ALPACA_PAPER credenziali valide)" \
|
||||
"$GATEWAY/mcp-alpaca/tools/get_clock" \
|
||||
'{}'
|
||||
|
||||
_check_tool "macro get_treasury_yields" \
|
||||
"$GATEWAY/mcp-macro/tools/get_treasury_yields" \
|
||||
'{}'
|
||||
|
||||
_check_tool "sentiment get_funding_rates BTC" \
|
||||
"$GATEWAY/mcp-sentiment/tools/get_funding_rates" \
|
||||
'{"asset":"BTC"}'
|
||||
|
||||
echo
|
||||
if [ "$fail" -gt 0 ]; then
|
||||
echo "SMOKE FAILED: $fail check(s) failed"
|
||||
exit 1
|
||||
fi
|
||||
echo "SMOKE OK"
|
||||
Reference in New Issue
Block a user