hypercall_admin/

state.rs

//! Narrow application state for the admin/operator HTTP surface.
//!
//! [`AdminState`] holds exactly the subset of the runtime that admin handlers
//! touch, and every field type resolves from a stable lower crate
//! (`hypercall-runtime-api`, `hypercall-competition`, `hypercall-types`,
//! `hypercall-db`, `hypercall-signer`, `hypercall-vol-oracle`, tokio). It deliberately does NOT reference any
//! `hypercall-api` internal type, so this module (together with the rest of
//! `admin/`) can be `git mv`'d into a standalone `hypercall-admin` crate with no
//! rewiring.

use std::sync::atomic::AtomicBool;
use std::sync::Arc;

use tokio::sync::{mpsc, oneshot, Mutex, Notify, RwLock};

use hypercall_runtime_api::boundary::engine::{EngineJournalReader, EngineStateDigestProvider};
use hypercall_runtime_api::boundary::market_inputs::{GreeksCacheReader, InstrumentsCacheReader};
use hypercall_runtime_api::boundary::read_models::{
    EngineBalanceSnapshotProvider, PortfolioCacheApi, TierCacheApi,
};

use hypercall_runtime_api::recovery_safety::SharedRecoverySafetyReport;
use hypercall_runtime_api::trading_halt::TradingHaltState;
use hypercall_runtime_api::{
    ApiAsyncDb, ApiSyncDb, BuildInfo, EngineQuiesceRequest, QuoteProvider, QuoteProviderCache,
    StandbyPromoter, UnifiedEngineRequest,
};
use hypercall_types::WalletAddress;

/// Runtime configuration values the admin surface needs.
///
/// This mirrors the subset of `AppRuntimeConfig` used by admin endpoints and is
/// defined locally (over stable primitives) so admin does not depend on the api
/// `AppRuntimeConfig` type.
#[derive(Clone)]
pub struct AdminRuntimeConfig {
    pub wal_path: std::path::PathBuf,
    pub db_host: String,
    pub db_name: String,
    /// True when the runtime is in testnet mode. Gates the testnet-only admin
    /// endpoints (which additionally require the `test-endpoints` feature).
    pub testnet_mode: bool,
    pub portfolio_margin_pool_enabled: bool,
    pub portfolio_margin_settlement_allowlist: Vec<WalletAddress>,
}

/// Narrow operator/admin state.
#[derive(Clone)]
pub struct AdminState {
    // Persistence ports.
    pub db: Arc<dyn ApiAsyncDb>,
    pub sync_db: Option<Arc<dyn ApiSyncDb>>,

    // Read-model + market-input ports.
    pub portfolio_cache: Arc<dyn PortfolioCacheApi>,
    pub greeks_cache: Arc<dyn GreeksCacheReader>,
    pub quote_provider: Arc<dyn QuoteProvider>,
    pub tier_cache: Arc<dyn TierCacheApi>,
    pub risk_vol_oracle: hypercall_vol_oracle::SharedVolOracle,
    pub instruments_cache: Arc<dyn InstrumentsCacheReader>,
    pub engine_state_digest_provider: Arc<dyn EngineStateDigestProvider>,
    pub engine_journal_reader: Option<Arc<dyn EngineJournalReader>>,
    pub balance_snapshot_provider: Arc<dyn EngineBalanceSnapshotProvider>,
    pub recovery_safety_report: SharedRecoverySafetyReport,

    // Quote-provider admin cache (RFQ register/list/suspend).
    pub qp_cache: Arc<QuoteProviderCache>,

    // Competition business logic (create/update/delete competitions).
    pub competition: Arc<hypercall_competition::CompetitionService>,

    // Engine command channels + signer.
    pub order_sender: mpsc::Sender<UnifiedEngineRequest>,
    pub engine_quiesce_sender: mpsc::Sender<EngineQuiesceRequest>,
    pub tier_update_sender: Option<mpsc::Sender<hypercall_runtime_api::TierUpdateRequest>>,
    pub pm_settlement_admin_sender:
        Option<mpsc::Sender<hypercall_runtime_api::PmSettlementAdminRequest>>,
    pub agent_auth_sender: mpsc::Sender<hypercall_runtime_api::AgentAuthRequest>,
    pub rsm_signer: Option<Arc<dyn hypercall_signer::RsmSigner>>,

    // Lifecycle handles.
    pub trading_halt: Arc<RwLock<TradingHaltState>>,
    pub standby_promote: Option<Arc<Mutex<Option<oneshot::Sender<()>>>>>,
    pub standby_controller: Option<Arc<dyn StandbyPromoter>>,
    pub drain_signal: Arc<Notify>,
    pub is_draining: Arc<AtomicBool>,

    // Metadata.
    pub build_info: BuildInfo,
    pub runtime_config: Arc<AdminRuntimeConfig>,
    pub server_started_at: chrono::DateTime<chrono::Utc>,
    pub boot_id: String,
    pub admin_api_key: Option<String>,
    pub allow_unauthenticated_monitoring: bool,
}

pub(crate) const ENGINE_RESPONSE_TIMEOUT: std::time::Duration = std::time::Duration::from_secs(10);

impl AdminState {
    /// Submit a tier-update command through the engine and await acknowledgement.
    ///
    /// Mirrors the helper that previously lived on `AppState`.
    pub async fn submit_tier_update_command(
        &self,
        wallet: hypercall_types::WalletAddress,
    ) -> Result<(), String> {
        let sender = self
            .tier_update_sender
            .as_ref()
            .ok_or_else(|| "tier update engine channel is not configured".to_string())?;

        let tier = self
            .tier_cache
            .get_tier(&wallet)
            .await
            .map(|tier| tier.tier)
            .ok_or_else(|| format!("missing tier for tier update: wallet={wallet}"))?;
        let margin_mode = self
            .tier_cache
            .get_margin_mode(&wallet)
            .await
            .map_err(|e| format!("failed to get margin mode for tier update: {}", e))?;
        let trading_limits = self.tier_cache.get_trading_limits_async(&wallet).await;
        let (tx, rx) = oneshot::channel();

        sender
            .send(hypercall_runtime_api::TierUpdateRequest {
                wallet,
                margin_mode,
                tier,
                trading_limits,
                timestamp_ms: hypercall_types::utils::get_timestamp_millis(),
                applied_tx: Some(tx),
            })
            .await
            .map_err(|_| "tier update engine channel closed".to_string())?;

        tokio::time::timeout(ENGINE_RESPONSE_TIMEOUT, rx)
            .await
            .map_err(|_| "tier update apply acknowledgement timed out".to_string())?
            .map_err(|_| "tier update apply acknowledgement dropped".to_string())?
    }
}