hypercall/rsm/unified_engine/

builder.rs

//! UnifiedEngine builder and construction wiring.

use super::*;

/// Builder for creating the unified engine
pub struct UnifiedEngineBuilder {
    config: Config,
    order_buffer_size: usize,
    database_path: Option<String>,
    db_auth: Option<hypercall_db_diesel::DbAuthConfig>,
    allow_no_database: bool,  // For tests only
    skip_db_migrations: bool, // Standby mode: connect but don't run DDL
    mmp_cache: Option<Arc<crate::read_cache::mmp::MmpCache>>,
    tier_cache: Option<Arc<crate::read_cache::tier::TierCache>>,
    portfolio_service: Option<Arc<dyn PortfolioService + Send + Sync>>,
    portfolio_cache: Option<Arc<crate::read_cache::portfolio::PortfolioCache>>,
    greeks_cache: Option<Arc<GreeksCache>>,
    mark_price_oracles: HashMap<String, Arc<HyperliquidMarkPriceOracle>>,
    risk_account_builder:
        Option<Arc<crate::rsm::portfolio_margin::risk_account_builder::RiskAccountBuilder>>,
    standard_account_builder: Option<Arc<StandardAccountBuilder>>,
    liquidation_cache: Option<Arc<crate::liquidator::LiquidationCache>>,
    risk_vol_oracle: Option<crate::vol_oracle::SharedVolOracle>,
    #[cfg(any(test, feature = "test-utils"))]
    test_funded_accounts: Vec<(WalletAddress, f64)>,
    ws_event_sender: Option<mpsc::UnboundedSender<EngineMessage>>,
    journal_writer: Option<crate::journal::SharedEngineJournalWriter>,
    journal_batch_sender: Option<crate::journal::JournalBatchSender>,
    nats_publisher: Option<crate::nats::NatsPublisher>,
    nats_balance_update_publisher: Option<crate::nats::NatsBalanceUpdatePublisher>,
    read_snapshot: Option<Arc<ArcSwap<EngineSnapshot>>>,
    runtime_settings: Option<EngineRuntimeSettings>,
    startup_balance_ledger: Option<crate::rsm::ledger::BalanceLedger>,
}

/// Result of building the engine with additional info
pub struct UnifiedEngineBuilderResult {
    pub engine: UnifiedEngine,
    pub order_tx: mpsc::Sender<UnifiedEngineRequest>,
    pub market_tx: mpsc::Sender<MarketRequest>,
    pub margin_mode_tx: mpsc::Sender<MarginModeUpdateRequest>,
    pub agent_auth_tx: mpsc::Sender<AgentAuthRequest>,
    pub nonce_check_tx: mpsc::Sender<NonceCheckRequest>,
    pub pm_settlement_admin_tx: mpsc::Sender<hypercall_runtime_api::PmSettlementAdminRequest>,
    pub quiesce_tx: mpsc::Sender<EngineQuiesceRequest>,
    pub last_l2_seq: i64,
    pub sync_status: Arc<SyncStatus>,
}

impl UnifiedEngineBuilder {
    pub fn new(config: Config) -> Self {
        Self {
            config,
            order_buffer_size: DEFAULT_ORDER_BUFFER_SIZE,
            database_path: None, // Default to no database unless explicitly set
            db_auth: None,
            allow_no_database: false, // By default, database is required
            skip_db_migrations: false,
            mmp_cache: None,
            tier_cache: None,
            portfolio_service: None,
            portfolio_cache: None,
            greeks_cache: None,
            mark_price_oracles: HashMap::new(),
            risk_account_builder: None,
            standard_account_builder: None,
            liquidation_cache: None,
            risk_vol_oracle: None,
            #[cfg(any(test, feature = "test-utils"))]
            test_funded_accounts: Vec::new(),
            ws_event_sender: None,
            journal_writer: None,
            journal_batch_sender: None,
            nats_publisher: None,
            nats_balance_update_publisher: None,
            read_snapshot: None,
            runtime_settings: None,
            startup_balance_ledger: None,
        }
    }

    pub fn with_runtime_settings(mut self, settings: EngineRuntimeSettings) -> Self {
        self.runtime_settings = Some(settings);
        self
    }

    /// Seed the engine-owned balance ledger at startup.
    ///
    /// Runtime readers consume balances through EngineSnapshot publication, not
    /// through this builder input after construction.
    pub fn with_startup_balance_ledger(
        mut self,
        balance_ledger: crate::rsm::ledger::BalanceLedger,
    ) -> Self {
        self.startup_balance_ledger = Some(balance_ledger);
        self
    }

    /// Set the ArcSwap snapshot handle for lock-free API reads.
    /// If not set, the engine creates its own (tests).
    pub fn with_read_snapshot(mut self, snapshot: Arc<ArcSwap<EngineSnapshot>>) -> Self {
        self.read_snapshot = Some(snapshot);
        self
    }

    /// Set the durable engine journal writer for restart-safe ACK.
    pub fn with_journal_writer(
        mut self,
        writer: crate::journal::SharedEngineJournalWriter,
    ) -> Self {
        self.journal_writer = Some(writer);
        self
    }

    /// Set the batched journal sender for async PostgreSQL writes.
    pub fn with_journal_batch_sender(mut self, sender: crate::journal::JournalBatchSender) -> Self {
        self.journal_batch_sender = Some(sender);
        self
    }

    pub fn with_nats_publisher(mut self, publisher: crate::nats::NatsPublisher) -> Self {
        self.nats_publisher = Some(publisher);
        self
    }

    pub fn with_nats_balance_update_publisher(
        mut self,
        publisher: crate::nats::NatsBalanceUpdatePublisher,
    ) -> Self {
        self.nats_balance_update_publisher = Some(publisher);
        self
    }

    pub fn with_order_buffer_size(mut self, size: usize) -> Self {
        self.order_buffer_size = size;
        self
    }

    pub fn with_vol_oracle(mut self, oracle: crate::vol_oracle::SharedVolOracle) -> Self {
        self.risk_vol_oracle = Some(oracle);
        self
    }

    pub fn with_risk_vol_oracle(self, oracle: crate::vol_oracle::SharedVolOracle) -> Self {
        self.with_vol_oracle(oracle)
    }

    pub fn with_database(mut self, path: &str) -> Self {
        self.database_path = Some(path.to_string());
        self
    }

    pub fn with_db_auth(mut self, auth: hypercall_db_diesel::DbAuthConfig) -> Self {
        self.db_auth = Some(auth);
        self
    }

    pub fn without_database(mut self) -> Self {
        self.database_path = None;
        self
    }

    /// Connect to the database but skip DDL (migrations).
    ///
    /// Used in standby mode: the engine can read max IDs from a readonly
    /// replica but cannot run migrations. On promote, a read-write
    /// DieselEventHandler is swapped in via `set_diesel_handler`.
    pub fn with_skip_db_migrations(mut self) -> Self {
        self.skip_db_migrations = true;
        self
    }

    /// Allow running without database (for tests only - DO NOT USE IN PRODUCTION)
    #[cfg(any(test, feature = "test-utils"))]
    pub fn allow_no_database_for_tests(mut self) -> Self {
        self.allow_no_database = true;
        self
    }

    /// Use an in-memory journal for testing.
    /// Provides real idempotency checks and event capture without requiring a database.
    /// This is the preferred way to test journaling logic.
    pub fn with_mock_journal(mut self) -> Self {
        let mock = Arc::new(crate::journal::InMemoryJournalWriter::new());
        self.journal_writer = Some(mock);
        self.allow_no_database = true;
        self
    }

    /// Set the MmpCache for market maker protection
    pub fn with_mmp_cache(mut self, cache: Arc<crate::read_cache::mmp::MmpCache>) -> Self {
        self.mmp_cache = Some(cache);
        self
    }

    /// Set the TierCache for position limit checks
    pub fn with_tier_cache(mut self, cache: Arc<crate::read_cache::tier::TierCache>) -> Self {
        self.tier_cache = Some(cache);
        self
    }

    /// Set the PortfolioService for executed state (positions + cash).
    ///
    /// This is the canonical source of truth. Margin checks will read
    /// executed positions from this service instead of the stale self.accounts map.
    pub fn with_portfolio_service(
        mut self,
        service: Arc<dyn PortfolioService + Send + Sync>,
    ) -> Self {
        self.portfolio_service = Some(service);
        self
    }

    /// Set the portfolio cache for synchronous fill processing in the engine hot path.
    pub fn with_portfolio_cache(
        mut self,
        cache: Arc<crate::read_cache::portfolio::PortfolioCache>,
    ) -> Self {
        self.portfolio_cache = Some(cache);
        self
    }

    /// Set the GreeksCache for spot price lookups in margin calculations.
    /// This replaces the legacy reference_prices mechanism for live trading.
    pub fn with_greeks_cache(mut self, cache: Arc<GreeksCache>) -> Self {
        self.greeks_cache = Some(cache);
        self
    }

    /// Set the mark price oracles for spot/forward price lookups.
    ///
    /// Maps underlying symbol (e.g., "BTC", "ETH") to oracle instance.
    /// This is the canonical source for spot prices in margin calculations.
    pub fn with_mark_price_oracles(
        mut self,
        oracles: HashMap<String, Arc<HyperliquidMarkPriceOracle>>,
    ) -> Self {
        self.mark_price_oracles = oracles;
        self
    }

    /// Set the RiskAccountBuilder for building risk accounts.
    ///
    /// This is the single source of truth for "how to build an Account for PM".
    /// Required for margin calculations to work correctly.
    pub fn with_risk_account_builder(
        mut self,
        builder: Arc<crate::rsm::portfolio_margin::risk_account_builder::RiskAccountBuilder>,
    ) -> Self {
        self.risk_account_builder = Some(builder);
        self
    }

    /// Set the StandardAccountBuilder for building StandardAccounts.
    ///
    /// Used for Standard margin mode accounts (Deribit-style linear margin).
    /// If not set, Standard mode margin checks will use a fallback.
    pub fn with_standard_account_builder(mut self, builder: Arc<StandardAccountBuilder>) -> Self {
        self.standard_account_builder = Some(builder);
        self
    }

    /// Set the LiquidationCache for pre-liquidation order blocking.
    ///
    /// When set, orders from accounts in pre-liquidation state will be checked
    /// to ensure they don't increase risk. Risk-reducing orders are still allowed.
    pub fn with_liquidation_cache(
        mut self,
        cache: Arc<crate::liquidator::LiquidationCache>,
    ) -> Self {
        self.liquidation_cache = Some(cache);
        self
    }

    /// Set the direct WS event sender (low-latency WS delivery).
    pub fn with_ws_event_sender(mut self, sender: mpsc::UnboundedSender<EngineMessage>) -> Self {
        self.ws_event_sender = Some(sender);
        self
    }

    /// Pre-fund test accounts (for integration tests only - DO NOT USE IN PRODUCTION)
    /// Adds multiple accounts with the specified cash balance
    #[cfg(any(test, feature = "test-utils"))]
    pub fn with_funded_test_accounts(mut self, accounts: Vec<(WalletAddress, f64)>) -> Self {
        self.test_funded_accounts = accounts;
        self
    }

    /// Build the engine.
    ///
    /// The event_sender is used for direct event publishing (OrderUpdate, TradeMessage, etc.).
    /// L2Update events are published via the journal → outbox path.
    ///
    /// The event_sender is ALWAYS used because:
    /// - OrderUpdate events (cancels, fills) must be delivered directly to users via WebSocket
    /// - Expiry-triggered cancels happen outside the journaled order path
    /// - The outbox only handles L2Update events (public market data)
    pub fn build(
        self,
        event_sender: mpsc::UnboundedSender<EngineMessage>,
        shutdown_sender: broadcast::Sender<()>,
    ) -> (
        UnifiedEngine,
        mpsc::Sender<UnifiedEngineRequest>,
        mpsc::Sender<MarketRequest>,
    ) {
        // Validate journaling is configured (mandatory)
        if self.journal_writer.is_none() && self.journal_batch_sender.is_none() {
            panic!(
                "Journaling is mandatory: either journal_writer or journal_batch_sender must be configured. \
                Use .with_mock_journal() for tests."
            );
        }

        let (order_tx, order_rx) = mpsc::channel(self.order_buffer_size);
        let (market_tx, market_rx) = mpsc::channel(MARKET_REQUEST_BUFFER_SIZE);
        let (_quiesce_tx, quiesce_rx) = mpsc::channel(8);
        let shutdown_rx = shutdown_sender.subscribe();

        let mut engine = UnifiedEngine::init(
            self.config.clone(),
            order_rx,
            market_rx,
            event_sender,
            self.read_snapshot.clone(),
            shutdown_rx,
            self.runtime_settings.clone().unwrap_or_default(),
            self.database_path.clone(),
            self.db_auth.clone(),
            self.allow_no_database,
            self.skip_db_migrations,
        );
        engine.quiesce_receiver = Some(quiesce_rx);
        self.apply_common_config(&mut engine);

        (engine, order_tx, market_tx)
    }

    /// Build the engine with additional startup info.
    pub fn build_with_info(
        self,
        event_sender: mpsc::UnboundedSender<EngineMessage>,
        shutdown_sender: broadcast::Sender<()>,
    ) -> UnifiedEngineBuilderResult {
        // Validate journaling is configured (mandatory)
        if self.journal_writer.is_none() && self.journal_batch_sender.is_none() {
            panic!(
                "Journaling is mandatory: either journal_writer or journal_batch_sender must be configured. \
                Use .with_mock_journal() for tests."
            );
        }

        let (order_tx, order_rx) = mpsc::channel(self.order_buffer_size);
        let (market_tx, market_rx) = mpsc::channel(MARKET_REQUEST_BUFFER_SIZE);
        let (margin_mode_tx, margin_mode_rx) = mpsc::channel(100);
        let (agent_auth_tx, agent_auth_rx) = mpsc::channel(100);
        let (nonce_check_tx, nonce_check_rx) = mpsc::channel(100);
        let (quiesce_tx, quiesce_rx) = mpsc::channel(8);
        let (pm_settlement_admin_tx, pm_settlement_admin_rx) = mpsc::channel(64);
        let shutdown_rx = shutdown_sender.subscribe();

        let mut engine = UnifiedEngine::init(
            self.config.clone(),
            order_rx,
            market_rx,
            event_sender,
            self.read_snapshot.clone(),
            shutdown_rx,
            self.runtime_settings.clone().unwrap_or_default(),
            self.database_path.clone(),
            self.db_auth.clone(),
            self.allow_no_database,
            self.skip_db_migrations,
        );
        engine.margin_mode_receiver = Some(margin_mode_rx);
        engine.agent_auth_receiver = Some(agent_auth_rx);
        engine.nonce_check_receiver = Some(nonce_check_rx);
        engine.pm_settlement_admin_receiver = Some(pm_settlement_admin_rx);
        engine.quiesce_receiver = Some(quiesce_rx);

        self.apply_common_config(&mut engine);

        let last_l2_seq = engine.ctx.l2_update_seq.load(Ordering::SeqCst);
        let sync_status = engine.sync_status();

        UnifiedEngineBuilderResult {
            engine,
            order_tx,
            market_tx,
            margin_mode_tx,
            agent_auth_tx,
            nonce_check_tx,
            pm_settlement_admin_tx,
            quiesce_tx,
            last_l2_seq,
            sync_status,
        }
    }

    fn apply_common_config(&self, engine: &mut UnifiedEngine) {
        if let Some(oracle) = self.risk_vol_oracle.clone() {
            // Only wrap in EngineVolOracle (fail-closed, command-only IV) when
            // the oracle supports surface snapshots. Test oracles that only
            // implement get_iv() are used directly.
            let has_snapshots = oracle.supports_surface_snapshots();
            let margin_oracle: crate::vol_oracle::SharedVolOracle = if has_snapshots {
                engine.external_vol_oracle = Some(oracle.clone());
                std::sync::Arc::new(crate::rsm::engine_vol_oracle::EngineVolOracle::new(
                    engine.engine_iv_surfaces.clone(),
                ))
            } else {
                oracle
            };
            engine.margin_manager = crate::rsm::margin_manager::MarginManager::new_with_vol_oracle(
                &self.config,
                Some(margin_oracle),
            );
        } else if self.allow_no_database {
            // Test builders that opt out of database wiring still need a deterministic
            // risk-vol source so order-admission tests don't hit the production fail-closed path.
            engine.margin_manager.span_margin_service =
                crate::rsm::margin_service::SpanMarginService::new_for_tests(self.config.clone());
        }

        if let Some(cache) = self.mmp_cache.clone() {
            engine.set_mmp_cache(cache);
        }

        if let Some(cache) = self.tier_cache.clone() {
            engine.set_tier_cache(cache);
        }

        if let Some(service) = self.portfolio_service.clone() {
            engine.set_portfolio_service(service);
        }

        if let Some(cache) = self.portfolio_cache.clone() {
            engine.set_portfolio_cache(cache);
        }

        if let Some(balance_ledger) = &self.startup_balance_ledger {
            engine.ctx.balance_ledger = balance_ledger.clone();
            tracing::info!(
                balance_wallet_count = engine.ctx.balance_ledger.len(),
                "Installed startup balance_ledger into engine context"
            );
        }

        if let Some(builder) = self.risk_account_builder.clone() {
            engine.set_risk_account_builder(builder);
        }

        if let Some(builder) = self.standard_account_builder.clone() {
            engine.set_standard_account_builder(builder);
        }

        if let Some(cache) = self.liquidation_cache.clone() {
            engine.set_liquidation_cache(cache);
        }

        if let Some(cache) = self.greeks_cache.clone() {
            engine.ctx.deps.greeks_cache = Some(cache);
        }

        if !self.mark_price_oracles.is_empty() {
            engine.set_mark_price_oracles(self.mark_price_oracles.clone());
            engine
                .expiry_manager
                .register_settlements_for_existing_instruments(
                    &engine.ctx.deps,
                    &engine.ctx.orderbooks,
                );
        }

        #[cfg(any(test, feature = "test-utils"))]
        for (wallet, cash) in &self.test_funded_accounts {
            engine.set_account_cash(wallet, *cash);
        }

        if let Some(ws_tx) = self.ws_event_sender.clone() {
            engine.set_ws_event_sender(ws_tx);
        }

        if let Some(writer) = self.journal_writer.clone() {
            engine.set_journal_writer(writer);
        }

        if let Some(sender) = self.journal_batch_sender.clone() {
            engine.set_journal_batch_sender(sender);
        }

        if let Some(publisher) = self.nats_publisher.clone() {
            engine.set_nats_publisher(publisher);
        }
        if let Some(publisher) = self.nats_balance_update_publisher.clone() {
            engine.set_nats_balance_update_publisher(publisher);
        }
    }
}