hypercall_runtime_api/

lib.rs

pub mod boundary;
pub mod db_ports;
pub mod drain;
pub mod error;
pub mod quote_provider_cache;
pub mod recovery_safety;
pub mod rpi_monitor;
pub mod sonic_json;
pub mod trading_halt;
pub mod valuation;

pub use db_ports::{ApiAsyncDb, ApiRsmStateDb, ApiSyncDb};
pub use quote_provider_cache::{QuoteProviderCache, QuoteProviderConfig};

use alloy::primitives::{FixedBytes, U256};
use alloy::sol_types::SolValue;
use std::collections::HashMap;
use std::sync::{
    atomic::{AtomicI64, Ordering},
    Arc,
};
use std::time::{Duration, Instant};

use hypercall_types::{
    api_models::TradingLimits,
    directives::{CreditOption, SYSTEM_ACTION_ID_CREDIT_OPTION, SYSTEM_ACTION_VERSION},
    MarketActionMessage, MarketUpdateMessage, OrderActionMessage, OrderUpdateMessage, Side,
    WalletAddress,
};
use rust_decimal::Decimal;
use tokio::sync::broadcast;
use tokio::sync::{mpsc, oneshot};

pub use hypercall_engine::command::{RfqExecuteCommand, RfqExecuteLeg, RfqExecuteResult};
pub use hypercall_recovery::{
    QuiesceAction as EngineQuiesceAction, QuiesceReport as EngineQuiesceReport,
};

/// Global counter for pending engine requests.
///
/// API/runtime callers increment this when a request is sent to the engine
/// channel, and the engine runtime decrements it when processing starts.
static PENDING_ENGINE_REQUESTS: AtomicI64 = AtomicI64::new(0);

pub fn increment_pending_requests() {
    PENDING_ENGINE_REQUESTS.fetch_add(1, Ordering::Relaxed);
}

pub fn decrement_pending_requests() {
    PENDING_ENGINE_REQUESTS.fetch_sub(1, Ordering::Relaxed);
}

pub fn get_pending_requests() -> i64 {
    PENDING_ENGINE_REQUESTS.load(Ordering::Relaxed)
}

/// Request to execute an RFQ trade through the engine.
pub struct RfqExecuteRequest {
    pub command: RfqExecuteCommand,
    pub response_tx: oneshot::Sender<RfqExecuteResult>,
}

/// Journaled PM settlement admin mutation request.
pub struct PmSettlementAdminRequest {
    pub command: hypercall_engine::command::EngineCommand,
    pub applied_tx: oneshot::Sender<Result<(), String>>,
}

#[async_trait::async_trait]
pub trait EngineEventPersistence: Send + Sync {
    async fn handle_event(&self, event: &hypercall_types::EngineMessage) -> anyhow::Result<()>;
}

/// Per-symbol orderbook quote from an engine snapshot.
#[derive(Clone, Debug)]
pub struct SnapshotBookQuote {
    pub best_bid: Option<f64>,
    pub best_bid_size: Option<f64>,
    pub best_ask: Option<f64>,
    pub best_ask_size: Option<f64>,
    pub mid: Option<f64>,
    pub bids: Vec<(f64, f64)>,
    pub asks: Vec<(f64, f64)>,
}

impl SnapshotBookQuote {
    /// Empty book for a known instrument after the engine has published a
    /// snapshot. This is not an unknown-symbol sentinel.
    pub fn empty() -> Self {
        Self {
            best_bid: None,
            best_bid_size: None,
            best_ask: None,
            best_ask_size: None,
            mid: None,
            bids: Vec::new(),
            asks: Vec::new(),
        }
    }

    pub fn is_empty_book(&self) -> bool {
        self.best_bid.is_none()
            && self.best_ask.is_none()
            && self.bids.is_empty()
            && self.asks.is_empty()
    }
}

/// Snapshot readiness for book-based routing.
///
/// Unknown instruments are rejected before quote-provider lookup. Once the
/// engine has published a snapshot, a symbol missing from `quotes` is a ready
/// empty book and should be returned as `Ready { quote: empty(), .. }`.
#[derive(Clone, Debug)]
pub enum BookSnapshotState {
    NotReady {
        l2_seq: i64,
    },
    Ready {
        quote: SnapshotBookQuote,
        l2_seq: i64,
    },
}

#[derive(Clone, Debug)]
pub struct QuoteSnapshot {
    pub quotes: HashMap<String, SnapshotBookQuote>,
    pub l2_seq: i64,
}

/// Read-only interface for accessing orderbook quotes.
pub trait QuoteProvider: Send + Sync {
    fn get_quote(&self, symbol: &str) -> Option<SnapshotBookQuote>;
    fn get_quote_with_seq(&self, symbol: &str) -> (Option<SnapshotBookQuote>, i64);
    fn book_snapshot_state(&self, symbol: &str) -> BookSnapshotState;
    fn all_quotes(&self) -> HashMap<String, SnapshotBookQuote>;
    fn l2_seq(&self) -> i64;
    fn snapshot(&self) -> QuoteSnapshot;
    fn staleness(&self) -> Duration;
}

/// Runtime-owned summary of an open order from an engine snapshot.
#[derive(Debug, Clone)]
pub struct RuntimeOrderSummary {
    pub order_id: u64,
    pub symbol: String,
    pub side: Side,
    pub price: Decimal,
    /// Original order size in human-readable contract units.
    pub original_size: Decimal,
    /// Remaining open size in human-readable contract units.
    pub remaining_size: Decimal,
    pub is_perp: bool,
    pub mmp_enabled: bool,
    pub client_id: Option<String>,
    pub created_at: i64,
}

impl From<hypercall_engine::OrderSummary> for RuntimeOrderSummary {
    fn from(order: hypercall_engine::OrderSummary) -> Self {
        Self {
            order_id: order.order_id,
            symbol: order.symbol,
            side: order.side,
            price: order.price,
            original_size: order.original_size,
            remaining_size: order.remaining_size,
            is_perp: order.is_perp,
            mmp_enabled: order.mmp_enabled,
            client_id: order.client_id,
            created_at: order.created_at,
        }
    }
}

/// Read-only interface for accessing open orders from an engine snapshot.
pub trait OrderSnapshotProvider: Send + Sync {
    fn get_open_orders_for_wallet(&self, wallet: &WalletAddress) -> Vec<RuntimeOrderSummary>;
    fn get_all_orders(&self) -> Vec<(RuntimeOrderSummary, WalletAddress)>;
}

/// Read-only interface for checking agent authorization from an engine snapshot.
pub trait AgentAuthProvider: Send + Sync {
    fn is_agent_authorized(&self, wallet: &WalletAddress, agent: &WalletAddress) -> bool;
    fn get_authorized_agents(&self, wallet: &WalletAddress) -> Vec<WalletAddress>;
}

#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub struct SystemCreditOptionDirective {
    pub underlying: [u8; 32],
    pub expiry: U256,
    pub strike: U256,
    pub is_call: bool,
    pub amount_wei: U256,
}

pub fn encode_credit_option_action(action: SystemCreditOptionDirective) -> anyhow::Result<Vec<u8>> {
    if action.amount_wei.is_zero() {
        anyhow::bail!("refusing to submit SystemCreditOption with amount_wei=0");
    }
    if action.expiry.is_zero() {
        anyhow::bail!("refusing to submit SystemCreditOption with expiry=0");
    }
    if action.strike.is_zero() {
        anyhow::bail!("refusing to submit SystemCreditOption with strike=0");
    }
    if action.underlying == [0u8; 32] {
        anyhow::bail!("refusing to submit SystemCreditOption with zero underlying");
    }

    hypercall_signer::encode_action_bytes(
        SYSTEM_ACTION_VERSION,
        SYSTEM_ACTION_ID_CREDIT_OPTION,
        &CreditOption {
            underlying: FixedBytes::<32>::from(action.underlying),
            expiry: action.expiry,
            strike: action.strike,
            isCall: action.is_call,
            amountWei: action.amount_wei,
        }
        .abi_encode(),
    )
    .map_err(|error| anyhow::anyhow!("{}", error))
}

/// Receiver half for shutdown signals.
///
/// Subscribe to shutdown signals via `Shutdown::subscribe()`.
pub type ShutdownRx = broadcast::Receiver<()>;

/// Unified shutdown signal broadcaster.
///
/// Create one `Shutdown` instance per shutdown domain and share it across
/// all services that should shut down together.
#[derive(Clone)]
pub struct Shutdown {
    tx: broadcast::Sender<()>,
    triggered: Arc<std::sync::atomic::AtomicBool>,
}

impl Default for Shutdown {
    fn default() -> Self {
        Self::new()
    }
}

impl Shutdown {
    /// Create a new shutdown broadcaster.
    pub fn new() -> Self {
        let (tx, _) = broadcast::channel(1);
        Self {
            tx,
            triggered: Arc::new(std::sync::atomic::AtomicBool::new(false)),
        }
    }

    /// Get the underlying sender for code that expects `broadcast::Sender<()>`.
    pub fn tx(&self) -> broadcast::Sender<()> {
        self.tx.clone()
    }

    /// Subscribe to shutdown signals.
    pub fn subscribe(&self) -> ShutdownRx {
        self.tx.subscribe()
    }

    /// Trigger shutdown.
    pub fn trigger(&self) {
        self.triggered
            .store(true, std::sync::atomic::Ordering::SeqCst);
        let _ = self.tx.send(());
    }

    /// Check if shutdown has been triggered.
    pub fn is_triggered(&self) -> bool {
        self.triggered.load(std::sync::atomic::Ordering::SeqCst)
    }
}

/// Request to the unified engine order path.
#[derive(Debug, Clone)]
pub struct UnifiedEngineRequest {
    pub message: OrderActionMessage,
    pub response_tx: mpsc::Sender<OrderUpdateMessage>,
    /// When this request was enqueued, for measuring queue wait time.
    pub enqueued_at: Instant,
    /// Trace context for propagating spans across channel boundary.
    #[cfg(feature = "otel-tracing")]
    pub trace_context: Option<opentelemetry::Context>,
}

/// Market management request sent to the runtime engine task.
#[derive(Debug, Clone)]
pub struct MarketRequest {
    pub message: MarketActionMessage,
    pub response_tx: mpsc::Sender<MarketUpdateMessage>,
}

/// Agent authorization request sent by the API to approve or revoke agents
/// through the engine's command stream.
#[derive(Debug)]
pub struct AgentAuthRequest {
    pub wallet: WalletAddress,
    pub agent: WalletAddress,
    pub approve: bool,
    pub expires_at_ms: Option<u64>,
    /// Signed nonce from the request, forwarded to engine for replay protection.
    pub nonce: Option<u64>,
    pub applied_tx: oneshot::Sender<Result<(), String>>,
}

/// Nonce-only request sent by QP handshakes to advance the per-wallet nonce
/// watermark through the engine command stream.
#[derive(Debug)]
pub struct NonceCheckRequest {
    pub wallet: WalletAddress,
    pub nonce: u64,
    pub applied_tx: oneshot::Sender<Result<(), String>>,
}

/// Margin mode update request sent by the API to keep engine-owned admission
/// state in sync with the tier cache.
#[derive(Debug)]
pub struct MarginModeUpdateRequest {
    pub wallet: WalletAddress,
    pub margin_mode: hypercall_types::MarginMode,
    pub timestamp_ms: u64,
    pub applied_tx: oneshot::Sender<Result<(), String>>,
}

/// Deposit request sent from faucet/admin handlers to update balance_ledger.
#[derive(Debug)]
pub struct DepositRequest {
    pub wallet: WalletAddress,
    pub amount: Decimal,
    pub timestamp_ms: u64,
    /// Monotonic durable sequence for this balance update.
    pub sequence: Option<u64>,
    pub source_event_hash: FixedBytes<32>,
    /// External durable mutations of engine-owned state must carry a UUID-backed
    /// journal request ID. Runtime validates this before mutating memory.
    pub journal_request_id: String,
    pub outbox_appends: Vec<hypercall_db::DirectiveOutboxAppend>,
    pub applied_tx: Option<oneshot::Sender<Result<(), String>>>,
}

/// Option-token deposit request sent from the chain observer to update
/// engine-owned option inventory.
#[derive(Debug)]
pub struct OptionDepositRequest {
    /// External durable mutations of engine-owned state must carry a UUID-backed
    /// journal request ID. Runtime validates this before mutating memory.
    pub request_id: String,
    pub wallet: WalletAddress,
    pub symbol: String,
    pub quantity: Decimal,
    pub timestamp_ms: u64,
    pub applied_tx: Option<oneshot::Sender<Result<(), String>>>,
}

#[derive(Debug)]
pub struct OptionWithdrawalRequest {
    /// External durable mutations of engine-owned state must carry a UUID-backed
    /// journal request ID. Runtime validates this before mutating memory.
    pub request_id: String,
    pub wallet: WalletAddress,
    pub account: WalletAddress,
    pub signer: WalletAddress,
    pub rsm_signer: WalletAddress,
    pub symbol: String,
    pub quantity: Decimal,
    pub nonce: u64,
    pub action: Vec<u8>,
    pub timestamp_ms: u64,
    pub applied_tx: Option<oneshot::Sender<Result<OptionWithdrawalApplyReceipt, String>>>,
}

#[derive(Debug, Clone)]
pub struct OptionWithdrawalApplyReceipt {
    pub directive_id: String,
    pub domain_status: hypercall_db::DirectiveDomainStatus,
    pub delivery_status: hypercall_db::DirectiveDeliveryStatus,
}

#[derive(Debug)]
pub struct CashWithdrawalRequest {
    /// External durable mutations of engine-owned state must carry a UUID-backed
    /// journal request ID. Runtime validates this before mutating memory.
    pub request_id: String,
    pub wallet: WalletAddress,
    pub account: WalletAddress,
    pub destination: WalletAddress,
    pub signer: WalletAddress,
    pub rsm_signer: WalletAddress,
    pub amount: Decimal,
    pub amount_wei: u64,
    pub nonce: u64,
    pub timestamp_ms: u64,
    pub applied_tx: Option<oneshot::Sender<Result<CashWithdrawalApplyReceipt, String>>>,
}

#[derive(Debug, Clone)]
pub struct CashWithdrawalApplyReceipt {
    pub directive_id: String,
    pub domain_status: hypercall_db::DirectiveDomainStatus,
    pub delivery_status: hypercall_db::DirectiveDeliveryStatus,
    pub balance_after: Decimal,
}

/// Liquidation bonus request sent from the chain observer to update
/// balance_ledger.
#[derive(Debug)]
pub struct LiquidationBonusRequest {
    /// External durable mutations of engine-owned state must carry a UUID-backed
    /// journal request ID. Runtime validates this before mutating memory.
    pub request_id: String,
    pub wallet: WalletAddress,
    pub amount: Decimal,
    pub timestamp_ms: u64,
    pub sequence: Option<u64>,
    pub applied_tx: Option<oneshot::Sender<Result<(), String>>>,
}

/// Tier update sent from runtime handlers to refresh engine-owned admission
/// state.
#[derive(Debug)]
pub struct TierUpdateRequest {
    pub wallet: WalletAddress,
    pub margin_mode: hypercall_types::MarginMode,
    pub tier: String,
    pub trading_limits: TradingLimits,
    pub timestamp_ms: u64,
    pub applied_tx: Option<oneshot::Sender<Result<(), String>>>,
}

/// HyperCore equity update from the Hydromancer feed for PM margin.
#[derive(Debug)]
pub struct HypercoreEquityRequest {
    pub wallet: WalletAddress,
    pub account_value: Decimal,
    pub timestamp_ms: u64,
}

/// Outcome of promoting a standby engine to active.
#[derive(Clone, Debug, PartialEq, Eq)]
pub enum StandbyPromoteOutcome {
    Promoted { queued_orders: usize },
    AlreadyActive,
}

/// Promotes a standby engine to active.
#[async_trait::async_trait]
pub trait StandbyPromoter: Send + Sync {
    async fn promote(&self) -> StandbyPromoteOutcome;
}

/// Build/version metadata surfaced by health and recovery endpoints.
#[derive(Clone, Debug)]
pub struct BuildInfo {
    pub version: String,
    pub commit: String,
    pub git_ref: String,
    pub build_time: String,
}

/// Engine-level quiesce control for restart and blue/green drain barriers.
#[derive(Debug)]
pub struct EngineQuiesceRequest {
    pub action: EngineQuiesceAction,
    pub response_tx: oneshot::Sender<EngineQuiesceReport>,
}