import crypto from 'node:crypto'; import http from 'node:http'; import { spawn } from 'node:child_process'; const WRAPPER_PORT = Number.parseInt(String(process.env.PORT || '8787'), 10); const UPSTREAM_PORT = Number.parseInt(String(process.env.UPSTREAM_PORT || '8788'), 10); const UPSTREAM_HOST = String(process.env.UPSTREAM_HOST || '127.0.0.1'); const UPSTREAM_ENTRY = String(process.env.UPSTREAM_ENTRY || '/app/services/api/server.mjs'); const HASURA_URL = String(process.env.HASURA_GRAPHQL_URL || 'http://hasura:8080/v1/graphql'); const HASURA_ADMIN_SECRET = String(process.env.HASURA_ADMIN_SECRET || ''); const CORS_ORIGIN = String(process.env.CORS_ORIGIN || '*'); if (!Number.isInteger(WRAPPER_PORT) || WRAPPER_PORT <= 0) throw new Error('Invalid PORT'); if (!Number.isInteger(UPSTREAM_PORT) || UPSTREAM_PORT <= 0) throw new Error('Invalid UPSTREAM_PORT'); function getIsoNow() { return new Date().toISOString(); } function sha256Hex(text) { return crypto.createHash('sha256').update(text, 'utf8').digest('hex'); } function getHeader(req, name) { const v = req.headers[String(name).toLowerCase()]; return Array.isArray(v) ? v[0] : v; } function readBearerToken(req) { const auth = getHeader(req, 'authorization'); if (auth && typeof auth === 'string') { const m = auth.match(/^Bearer\s+(.+)$/i); if (m && m[1]) return m[1].trim(); } const apiKey = getHeader(req, 'x-api-key'); if (apiKey && typeof apiKey === 'string' && apiKey.trim()) return apiKey.trim(); return undefined; } function withCors(res) { res.setHeader('access-control-allow-origin', CORS_ORIGIN); res.setHeader('access-control-allow-methods', 'GET,POST,OPTIONS'); res.setHeader( 'access-control-allow-headers', 'content-type, authorization, x-api-key, x-admin-secret' ); } function sendJson(res, status, body) { withCors(res); res.statusCode = status; res.setHeader('content-type', 'application/json; charset=utf-8'); res.end(JSON.stringify(body)); } async function readBodyJson(req, { maxBytes }) { const chunks = []; let total = 0; for await (const chunk of req) { total += chunk.length; if (total > maxBytes) throw new Error('payload_too_large'); chunks.push(chunk); } const text = Buffer.concat(chunks).toString('utf8'); if (!text.trim()) return {}; try { return JSON.parse(text); } catch { throw new Error('invalid_json'); } } function parseNumeric(value) { if (value == null) return null; if (typeof value === 'number') return Number.isFinite(value) ? value : null; if (typeof value === 'string') { const s = value.trim(); if (!s) return null; const n = Number(s); return Number.isFinite(n) ? n : null; } return null; } function clampInt(value, min, max) { const n = Number.parseInt(String(value), 10); if (!Number.isFinite(n) || !Number.isInteger(n)) return min; return Math.min(max, Math.max(min, n)); } function clampNumber(value, min, max, fallback) { const n = typeof value === 'number' ? value : Number(value); if (!Number.isFinite(n)) return fallback; return Math.min(max, Math.max(min, n)); } function isUuid(value) { const s = String(value || '').trim(); return /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i.test(s); } async function hasuraRequest(query, variables) { if (!HASURA_ADMIN_SECRET) throw new Error('Missing HASURA_ADMIN_SECRET'); const res = await fetch(HASURA_URL, { method: 'POST', headers: { 'content-type': 'application/json', 'x-hasura-admin-secret': HASURA_ADMIN_SECRET, }, body: JSON.stringify({ query, variables }), }); const text = await res.text(); if (!res.ok) throw new Error(`Hasura HTTP ${res.status}: ${text}`); const json = text ? JSON.parse(text) : {}; if (json.errors?.length) throw new Error(json.errors.map((e) => e.message).join(' | ')); return json.data; } function normalizeScopes(value) { if (!value) return []; if (Array.isArray(value)) return value.map((v) => String(v)).filter(Boolean); if (typeof value === 'string') { return value .split(',') .map((s) => s.trim()) .filter(Boolean); } return []; } async function requireValidToken(req, requiredScope) { const token = readBearerToken(req); if (!token) return { ok: false, status: 401, error: 'missing_token' }; const hash = sha256Hex(token); const query = ` query ValidToken($hash: String!) { api_tokens(where: {token_hash: {_eq: $hash}, revoked_at: {_is_null: true}}, limit: 1) { id name scopes } } `; let data; try { data = await hasuraRequest(query, { hash }); } catch (err) { return { ok: false, status: 500, error: String(err?.message || err) }; } const row = data?.api_tokens?.[0]; if (!row?.id) return { ok: false, status: 401, error: 'invalid_or_revoked_token' }; const scopes = normalizeScopes(row.scopes); if (requiredScope && !scopes.includes(requiredScope)) { return { ok: false, status: 403, error: 'missing_scope' }; } // best-effort touch const touch = ` mutation TouchToken($id: uuid!, $ts: timestamptz!) { update_api_tokens_by_pk(pk_columns: {id: $id}, _set: {last_used_at: $ts}) { id } } `; hasuraRequest(touch, { id: row.id, ts: getIsoNow() }).catch(() => {}); return { ok: true, token: { id: row.id, name: row.name } }; } async function readSolPriceUsd() { try { const q = ` query SolPrice { dlob_stats_latest(where: {market_name: {_eq: "SOL-PERP"}}, limit: 1) { mid_price mark_price oracle_price } } `; const data = await hasuraRequest(q, {}); const row = data?.dlob_stats_latest?.[0]; const p = parseNumeric(row?.mid_price) ?? parseNumeric(row?.mark_price) ?? parseNumeric(row?.oracle_price); if (p != null && p > 0) return p; } catch { // ignore } return null; } function getByPath(obj, pathStr) { if (!obj || typeof obj !== 'object') return undefined; const parts = String(pathStr || '').split('.').filter(Boolean); let cur = obj; for (const p of parts) { if (!cur || typeof cur !== 'object') return undefined; cur = cur[p]; } return cur; } function readNumberFromPayload(payload, paths) { for (const p of paths) { const v = getByPath(payload, p); const n = parseNumeric(v); if (n != null) return n; } return null; } function readTextFromPayload(payload, paths) { for (const p of paths) { const v = getByPath(payload, p); if (typeof v === 'string' && v.trim()) return v.trim(); } return null; } function inferContractSizeUsd(contract) { return ( readNumberFromPayload(contract, [ 'desired.size_usd', 'desired.sizeUsd', 'desired.notional_usd', 'desired.notionalUsd', 'entry.size_usd', 'entry.sizeUsd', 'entry.notional_usd', 'entry.notionalUsd', 'entry.order_intent.size_usd', 'entry.order_intent.sizeUsd', 'desired.order_intent.size_usd', 'desired.order_intent.sizeUsd', ]) || null ); } function inferContractSide(contract) { const raw = readTextFromPayload(contract, [ 'desired.side', 'entry.side', 'entry.order_intent.side', 'desired.order_intent.side', 'desired.direction', 'entry.direction', ]) || ''; const v = raw.toLowerCase(); if (v === 'long' || v === 'buy') return 'long'; if (v === 'short' || v === 'sell') return 'short'; return null; } function sumCostsFromEvents(events) { const totals = { tradeFeeUsd: 0, txFeeUsd: 0, slippageUsd: 0, fundingUsd: 0, realizedPnlUsd: 0, txCount: 0, fillCount: 0, cancelCount: 0, modifyCount: 0, errorCount: 0, }; for (const ev of events || []) { const t = String(ev?.event_type || '').toLowerCase(); const payload = ev?.payload && typeof ev.payload === 'object' ? ev.payload : {}; const tradeFeeUsd = readNumberFromPayload(payload, [ 'realized_fee_usd', 'trade_fee_usd', 'fee_usd', 'fees.trade_fee_usd', 'fees.usd', ]) || 0; const txFeeUsd = readNumberFromPayload(payload, [ 'realized_tx_usd', 'tx_fee_usd', 'network_fee_usd', 'fees.tx_fee_usd', 'fees.network_usd', ]) || 0; const slippageUsd = readNumberFromPayload(payload, [ 'slippage_usd', 'realized_slippage_usd', 'execution_usd', 'realized_execution_usd', ]) || 0; const fundingUsd = readNumberFromPayload(payload, ['funding_usd', 'realized_funding_usd']) || 0; const pnlUsd = readNumberFromPayload(payload, ['realized_pnl_usd', 'pnl_usd']) || 0; const txCount = readNumberFromPayload(payload, ['tx_count', 'txCount']) || 0; totals.tradeFeeUsd += tradeFeeUsd; totals.txFeeUsd += txFeeUsd; totals.slippageUsd += slippageUsd; totals.fundingUsd += fundingUsd; totals.realizedPnlUsd += pnlUsd; totals.txCount += txCount; if (t.includes('fill')) totals.fillCount += 1; if (t.includes('cancel')) totals.cancelCount += 1; if (t.includes('modify') || t.includes('reprice')) totals.modifyCount += 1; if (t.includes('error') || String(ev?.severity || '').toLowerCase() === 'error') totals.errorCount += 1; } const totalCostsUsd = totals.tradeFeeUsd + totals.txFeeUsd + totals.slippageUsd + totals.fundingUsd; return { ...totals, totalCostsUsd, netPnlUsd: totals.realizedPnlUsd - totalCostsUsd, }; } function buildCostSeriesFromEvents(events, { maxPoints }) { const points = []; const totals = { tradeFeeUsd: 0, txFeeUsd: 0, slippageUsd: 0, fundingUsd: 0, realizedPnlUsd: 0, }; for (const ev of events || []) { const ts = ev?.ts; if (!ts) continue; const payload = ev?.payload && typeof ev.payload === 'object' ? ev.payload : {}; const tradeFeeUsd = readNumberFromPayload(payload, [ 'realized_fee_usd', 'trade_fee_usd', 'fee_usd', 'fees.trade_fee_usd', 'fees.usd', ]) || 0; const txFeeUsd = readNumberFromPayload(payload, [ 'realized_tx_usd', 'tx_fee_usd', 'network_fee_usd', 'fees.tx_fee_usd', 'fees.network_usd', ]) || 0; const slippageUsd = readNumberFromPayload(payload, [ 'slippage_usd', 'realized_slippage_usd', 'execution_usd', 'realized_execution_usd', ]) || 0; const fundingUsd = readNumberFromPayload(payload, ['funding_usd', 'realized_funding_usd']) || 0; const pnlUsd = readNumberFromPayload(payload, ['realized_pnl_usd', 'pnl_usd']) || 0; totals.tradeFeeUsd += tradeFeeUsd; totals.txFeeUsd += txFeeUsd; totals.slippageUsd += slippageUsd; totals.fundingUsd += fundingUsd; totals.realizedPnlUsd += pnlUsd; const totalCostsUsd = totals.tradeFeeUsd + totals.txFeeUsd + totals.slippageUsd + totals.fundingUsd; points.push({ ts, tradeFeeUsd: totals.tradeFeeUsd, txFeeUsd: totals.txFeeUsd, slippageUsd: totals.slippageUsd, fundingUsd: totals.fundingUsd, totalCostsUsd, realizedPnlUsd: totals.realizedPnlUsd, netPnlUsd: totals.realizedPnlUsd - totalCostsUsd, }); } const cap = Math.max(50, Math.min(10_000, Number(maxPoints) || 600)); if (points.length <= cap) return points; const step = Math.ceil(points.length / cap); const sampled = []; for (let i = 0; i < points.length; i += step) sampled.push(points[i]); const last = points[points.length - 1]; if (sampled[sampled.length - 1] !== last) sampled.push(last); return sampled; } function proxyToUpstream(req, res) { const url = new URL(req.url || '/', `http://${req.headers.host || 'localhost'}`); const headers = { ...req.headers }; delete headers.host; delete headers.connection; const opts = { host: UPSTREAM_HOST, port: UPSTREAM_PORT, method: req.method, path: url.pathname + url.search, headers, }; const upstreamReq = http.request(opts, (upstreamRes) => { withCors(res); res.statusCode = upstreamRes.statusCode || 502; for (const [k, v] of Object.entries(upstreamRes.headers || {})) { if (!k) continue; if (k.toLowerCase() === 'content-length') continue; if (k.toLowerCase().startsWith('access-control-')) continue; if (v != null) res.setHeader(k, v); } upstreamRes.pipe(res); }); upstreamReq.on('error', (err) => { sendJson(res, 502, { ok: false, error: String(err?.message || err) }); }); req.pipe(upstreamReq); } async function handleMonitor(req, res, url) { const auth = await requireValidToken(req, 'read'); if (!auth.ok) { sendJson(res, auth.status, { ok: false, error: auth.error }); return; } const pathname = url.pathname; const parts = pathname.split('/').filter(Boolean); const contractId = parts[2]; if (!isUuid(contractId)) { sendJson(res, 400, { ok: false, error: 'invalid_contract_id' }); return; } const limit = clampInt(url.searchParams.get('eventsLimit') || '2000', 10, 50_000); const wantSeries = (url.searchParams.get('series') || '').trim() === '1'; const seriesMax = clampInt(url.searchParams.get('seriesMax') || '600', 50, 10_000); const qContract = ` query ContractByPk($id: uuid!) { bot_contracts_by_pk(id: $id) { id decision_id bot_id model_version market_name subaccount_id status desired entry manage exit gates created_at updated_at last_heartbeat_at ended_at reason } } `; const qEvents = ` query ContractEvents($id: uuid!, $limit: Int!) { bot_events(where: {contract_id: {_eq: $id}}, order_by: {ts: asc}, limit: $limit) { ts contract_id decision_id bot_id market_name event_type severity payload } } `; try { const data = await hasuraRequest(qContract, { id: contractId }); const contract = data?.bot_contracts_by_pk; if (!contract?.id) { sendJson(res, 404, { ok: false, error: 'contract_not_found' }); return; } const evData = await hasuraRequest(qEvents, { id: contractId, limit }); const events = evData?.bot_events || []; const costs = sumCostsFromEvents(events); const series = wantSeries ? buildCostSeriesFromEvents(events, { maxPoints: seriesMax }) : null; const sizeUsd = inferContractSizeUsd(contract); const side = inferContractSide(contract); let closeEst = null; if (contract.market_name && sizeUsd != null) { const qSlip = ` query Slippage($market: String!) { dlob_slippage_latest(where: {market_name: {_eq: $market}}) { market_name side size_usd mid_price vwap_price worst_price impact_bps fill_pct updated_at } } `; const slipData = await hasuraRequest(qSlip, { market: contract.market_name }); const rows = slipData?.dlob_slippage_latest || []; const pickNearest = (wantedSide) => { const candidates = rows.filter((r) => String(r.side || '').toLowerCase() === wantedSide); if (!candidates.length) return null; let best = null; let bestD = Infinity; for (const r of candidates) { const s = parseNumeric(r.size_usd); if (s == null) continue; const d = Math.abs(s - sizeUsd); if (d < bestD) { bestD = d; best = r; } } return best; }; closeEst = { requestedSizeUsd: sizeUsd, entrySide: side, suggestedCloseSide: side === 'long' ? 'sell' : side === 'short' ? 'buy' : null, buy: pickNearest('buy'), sell: pickNearest('sell'), }; } sendJson(res, 200, { ok: true, contract, eventsCount: events.length, costs, series, closeEstimate: closeEst, }); } catch (err) { sendJson(res, 500, { ok: false, error: String(err?.message || err) }); } } async function handleEstimate(req, res) { const auth = await requireValidToken(req, 'read'); if (!auth.ok) { sendJson(res, auth.status, { ok: false, error: auth.error }); return; } let body; try { body = await readBodyJson(req, { maxBytes: 256 * 1024 }); } catch (err) { const msg = String(err?.message || err); if (msg === 'payload_too_large') { sendJson(res, 413, { ok: false, error: 'payload_too_large' }); return; } sendJson(res, 400, { ok: false, error: 'invalid_json' }); return; } const market = String(body?.market_name || body?.market || '').trim(); if (!market) { sendJson(res, 400, { ok: false, error: 'missing_market' }); return; } const notionalUsd = parseNumeric(body?.notional_usd ?? body?.notionalUsd ?? body?.size_usd ?? body?.sizeUsd); if (!(notionalUsd != null && notionalUsd > 0)) { sendJson(res, 400, { ok: false, error: 'invalid_notional_usd' }); return; } const entrySideRaw = String(body?.side || 'long').trim().toLowerCase(); const entrySide = entrySideRaw === 'short' ? 'short' : 'long'; const orderType = String(body?.order_type || body?.orderType || 'market').trim().toLowerCase(); const isMarket = orderType === 'market' || orderType === 'taker'; const takerBps = clampNumber(parseNumeric(body?.fee_taker_bps) ?? 5, 0, 1000, 5); const makerBps = clampNumber(parseNumeric(body?.fee_maker_bps) ?? 0, -1000, 1000, 0); const feeBps = isMarket ? takerBps : makerBps; let txFeeUsdEst = parseNumeric(body?.tx_fee_usd_est); if (txFeeUsdEst == null) { const baseLamports = 5000; const sigs = 1; const priorityLamports = 0; const lamports = baseLamports * sigs + priorityLamports; const sol = lamports / 1_000_000_000; const solUsd = await readSolPriceUsd(); txFeeUsdEst = solUsd != null ? sol * solUsd : 0; } txFeeUsdEst = clampNumber(txFeeUsdEst, 0, 100, 0); const expectedReprices = clampInt(body?.expected_reprices_per_entry ?? body?.expectedReprices ?? '0', 0, 500); const modifyTxCount = clampInt(body?.modify_tx_count ?? body?.modifyTxCount ?? '2', 0, 10); try { const qSlip = ` query Slippage($market: String!) { dlob_slippage_latest(where: {market_name: {_eq: $market}}) { market_name side size_usd mid_price vwap_price worst_price impact_bps fill_pct updated_at } } `; const slipData = await hasuraRequest(qSlip, { market }); const rows = slipData?.dlob_slippage_latest || []; const wantedSide = entrySide === 'long' ? 'buy' : 'sell'; const candidates = rows.filter((r) => String(r.side || '').toLowerCase() === wantedSide); let best = null; let bestD = Infinity; for (const r of candidates) { const s = parseNumeric(r.size_usd); if (s == null) continue; const d = Math.abs(s - notionalUsd); if (d < bestD) { bestD = d; best = r; } } const impactBps = parseNumeric(best?.impact_bps) ?? 0; const slippageUsd = (notionalUsd * impactBps) / 10_000; const tradeFeeUsd = (notionalUsd * feeBps) / 10_000; const modifyCostUsd = expectedReprices * modifyTxCount * txFeeUsdEst; const totalUsd = tradeFeeUsd + slippageUsd + txFeeUsdEst + modifyCostUsd; const totalBps = (totalUsd / notionalUsd) * 10_000; sendJson(res, 200, { ok: true, input: { market_name: market, notional_usd: notionalUsd, side: entrySide, order_type: orderType, fee_bps: feeBps, tx_fee_usd_est: txFeeUsdEst, expected_reprices_per_entry: expectedReprices, }, dlob: best ? { size_usd: best.size_usd, side: best.side, mid_price: best.mid_price, vwap_price: best.vwap_price, impact_bps: best.impact_bps, fill_pct: best.fill_pct, updated_at: best.updated_at, } : null, breakdown: { trade_fee_usd: tradeFeeUsd, slippage_usd: slippageUsd, tx_fee_usd: txFeeUsdEst, expected_modify_usd: modifyCostUsd, total_usd: totalUsd, total_bps: totalBps, breakeven_bps: totalBps, }, }); } catch (err) { sendJson(res, 500, { ok: false, error: String(err?.message || err) }); } } let upstreamChild = null; function startUpstream() { const env = { ...process.env, PORT: String(UPSTREAM_PORT) }; upstreamChild = spawn('node', [UPSTREAM_ENTRY], { env, stdio: 'inherit' }); upstreamChild.on('exit', (code, signal) => { console.error(`upstream exited: code=${code} signal=${signal}`); }); } function shutdown() { if (upstreamChild && !upstreamChild.killed) upstreamChild.kill('SIGTERM'); } process.on('SIGTERM', shutdown); process.on('SIGINT', shutdown); startUpstream(); const server = http.createServer(async (req, res) => { if (req.method === 'OPTIONS') { withCors(res); res.statusCode = 204; res.end(); return; } const url = new URL(req.url || '/', `http://${req.headers.host || 'localhost'}`); const pathname = url.pathname; if (req.method === 'GET' && pathname === '/healthz') { // Check upstream quickly; if it's down, we fail readiness. const opts = { host: UPSTREAM_HOST, port: UPSTREAM_PORT, path: '/healthz', method: 'GET', timeout: 800 }; const upstreamOk = await new Promise((resolve) => { const r = http.request(opts, (rr) => { rr.resume(); resolve(rr.statusCode === 200); }); r.on('timeout', () => { r.destroy(); resolve(false); }); r.on('error', () => resolve(false)); r.end(); }); if (!upstreamOk) { sendJson(res, 503, { ok: false, error: 'upstream_not_ready' }); return; } sendJson(res, 200, { ok: true, service: 'trade-api-wrapper', startedAt: getIsoNow(), upstream: { host: UPSTREAM_HOST, port: UPSTREAM_PORT }, }); return; } if (req.method === 'POST' && pathname === '/v1/contracts/costs/estimate') { await handleEstimate(req, res); return; } if (req.method === 'GET' && pathname.startsWith('/v1/contracts/') && pathname.endsWith('/monitor')) { await handleMonitor(req, res, url); return; } proxyToUpstream(req, res); }); server.listen(WRAPPER_PORT, () => { console.log( JSON.stringify( { service: 'trade-api-wrapper', port: WRAPPER_PORT, upstream: { entry: UPSTREAM_ENTRY, host: UPSTREAM_HOST, port: UPSTREAM_PORT }, hasuraUrl: HASURA_URL, hasuraAdminSecret: HASURA_ADMIN_SECRET ? '***' : undefined, }, null, 2 ) ); });