Commit Graph - nofx - Gitea: Git with a cup of tea

laoxong/nofx

Fork 0

mirror of https://github.com/laoxong/nofx.git synced 2026-06-07 03:07:56 +08:00

217ccb08dd feat(dashboard): 在交易者详情页显示系统提示词模板名称 (#775) * feat(dashboard): display system prompt template and extract color constant * style(api): format server.go with go fmt Lawrence Liu 2025-11-13 01:38:55 +08:00
ced6c3d9de feat: add whether to enable self registration toggle (#760) * refactor(frontend): extract RegistrationDisabled as reusable component - Create RegistrationDisabled component with i18n support - Add registrationClosed and registrationClosedMessage translations - Replace inline JSX in App.tsx with new component - Improve code maintainability and reusability - Add hover effect to back button for better UX * fix(frontend): add registration toggle to LoginModal component - Add useSystemConfig hook to LoginModal - Conditionally render registration button based on registration_enabled config - Ensures consistency with HeaderBar and LoginPage registration controls - Completes registration toggle feature implementation across all entry points * feat(frontend): add registration toggle UI support - Add registration disabled page in App.tsx when registration is closed - Hide registration link in LoginPage when registration is disabled - Add registration_enabled field to SystemConfig interface - Frontend conditionally shows/hides registration UI based on backend config * feat: add registration toggle feature Add system-level registration enable/disable control: - Add registration_enabled config to system_config table (default: true) - Add registration check in handleRegister API endpoint - Expose registration_enabled status in /api/config endpoint - Frontend can use this config to conditionally show/hide registration UI This allows administrators to control user registration without code changes. * fix(frontend): add registration toggle to HeaderBar and RegisterPage - Add useSystemConfig hook and registrationEnabled check to HeaderBar - Conditionally show/hide signup buttons in both desktop and mobile views - Add registration check to RegisterPage to show RegistrationDisabled component - This completes the registration toggle feature across all UI components * test(frontend): add comprehensive unit tests for registration toggle feature - Add RegistrationDisabled component tests (rendering, navigation, styling) - Add registrationToggle logic tests (config handling, edge cases, multi-location consistency) - Configure Vitest with jsdom environment for React component testing - All 80 tests passing (9 new tests for RegistrationDisabled + 21 for toggle logic) Lawrence Liu 2025-11-13 01:37:24 +08:00
b282045b66 update readme tinkle-community 2025-11-12 23:45:15 +08:00
d787b72d75 Merge from beta Icy 2025-11-13 23:05:57 +08:00
b43315d9fc Merge branch 'beta' of github.com:NoFxAiOS/nofx into beta Icy 2025-11-13 00:47:31 +08:00
0f2f3de77e Beta (#948) Merge fix * chore: run go fmt to fix formatting issues * fix(margin): correct position sizing formula to prevent insufficient margin errors ## Problem AI was calculating position_size_usd incorrectly, treating it as margin requirement instead of notional value, causing code=-2019 errors (insufficient margin). ## Solution ### 1. Updated AI prompts with correct formula - **prompts/adaptive.txt**: Added clear position sizing calculation steps - **prompts/nof1.txt**: Added English version with example - **prompts/default.txt**: Added Chinese version with example **Correct formula:** 1. Available Margin = Available Cash × 0.95 × Allocation % (reserve 5% for fees) 2. Notional Value = Available Margin × Leverage 3. position_size_usd = Notional Value (this is the value for JSON) **Example:** $500 cash, 5x leverage → position_size_usd = $2,375 (not $500) ### 2. Added code-level validation - **trader/auto_trader.go**: Added margin checks in executeOpenLong/ShortWithRecord - Validates required margin + fees ≤ available balance before opening position - Returns clear error message if insufficient ## Impact - Prevents code=-2019 errors - AI now understands the difference between notional value and margin requirement - Double validation: AI prompt + code check ## Testing - ✅ Compiles successfully - ⚠️ Requires live trading environment testing * fix(stats): aggregate partial closes into single trade for accurate statistics ## Problem Multiple partial_close actions on the same position were being counted as separate trades, inflating TotalTrades count and distorting win rate/profit factor statistics. **Example of bug:** - Open 1 BTC @ $100,000 - Partial close 30% @ $101,000 → Counted as trade #1 ❌ - Partial close 50% @ $102,000 → Counted as trade #2 ❌ - Close remaining 20% @ $103,000 → Counted as trade #3 ❌ - **Result:** 3 trades instead of 1 ❌ ## Solution ### 1. Added tracking fields to openPositions map - remainingQuantity: Tracks remaining position size - accumulatedPnL: Accumulates PnL from all partial closes - partialCloseCount: Counts number of partial close operations - partialCloseVolume: Total volume closed partially ### 2. Modified partial_close handling logic - Each partial_close: - Accumulates PnL into accumulatedPnL - Reduces remainingQuantity - **Does NOT increment TotalTrades++** - Keeps position in openPositions map - Only when remainingQuantity <= 0.0001: - Records ONE TradeOutcome with aggregated PnL - Increments TotalTrades++ once - Removes from openPositions map ### 3. Updated full close handling - If position had prior partial closes: - Adds accumulatedPnL to final close PnL - Reports total PnL in TradeOutcome ### 4. Fixed GetStatistics() - Removed partial_close from TotalClosePositions count - Only close_long/close_short/auto_close count as close operations ## Impact - ✅ Statistics now accurate: multiple partial closes = 1 trade - ✅ Win rate calculated correctly - ✅ Profit factor reflects true performance - ✅ Backward compatible: handles positions without tracking fields ## Testing - ✅ Compiles successfully - ⚠️ Requires validation with live partial_close scenarios ## Code Changes `` logger/decision_logger.go: - Lines 420-430: Add tracking fields to openPositions - Lines 441-534: Implement partial_close aggregation logic - Lines 536-593: Update full close to include accumulated PnL - Lines 246-250: Fix GetStatistics() to exclude partial_close ` * fix(ui): prevent system_prompt_template overwrite when value is empty string ## Problem When editing trader configuration, if system_prompt_template was set to an empty string (""), the UI would incorrectly treat it as falsy and overwrite it with 'default', losing the user's selection. **Root cause:** `tsx if (traderData && !traderData.system_prompt_template) { // ❌ This triggers for both undefined AND empty string "" setFormData({ system_prompt_template: 'default' }); } ` JavaScript falsy values that trigger ! operator: - undefined ✅ Should trigger default - null ✅ Should trigger default - "" ❌ Should NOT trigger (user explicitly chose empty) - false, 0, NaN (less relevant here) ## Solution Change condition to explicitly check for undefined: `tsx if (traderData && traderData.system_prompt_template === undefined) { // ✅ Only triggers for truly missing field setFormData({ system_prompt_template: 'default' }); } ` ## Impact - ✅ Empty string selections are preserved - ✅ Legacy data (undefined) still gets default value - ✅ User's explicit choices are respected - ✅ No breaking changes to existing functionality ## Testing - ✅ Code compiles - ⚠️ Requires manual UI testing: - [ ] Edit trader with empty system_prompt_template - [ ] Verify it doesn't reset to 'default' - [ ] Create new trader → should default to 'default' - [ ] Edit old trader (undefined field) → should default to 'default' ## Code Changes ` web/src/components/TraderConfigModal.tsx: - Line 99: Changed !traderData.system_prompt_template → === undefined ` * fix(trader): add missing HyperliquidTestnet configuration in loadSingleTrader 修复了 loadSingleTrader 函数中缺失的 HyperliquidTestnet 配置项，确保 Hyperliquid 交易所的测试网配置能够正确传递到 trader 实例。 Changes: - 在 loadSingleTrader 中添加 HyperliquidTestnet 字段配置 - 代码格式优化（空格对齐） Co-Authored-By: tinkle-community <tinklefund@gmail.com> * fix(trader): separate stop-loss and take-profit order cancellation to prevent accidental deletions ## Problem When adjusting stop-loss or take-profit levels, CancelStopOrders() deleted BOTH stop-loss AND take-profit orders simultaneously, causing: - **Adjusting stop-loss** → Take-profit order deleted → Position has no exit plan ❌ - **Adjusting take-profit** → Stop-loss order deleted → Position unprotected ❌ **Root cause:** `go CancelStopOrders(symbol) { // Cancelled ALL orders with type STOP_MARKET or TAKE_PROFIT_MARKET // No distinction between stop-loss and take-profit } ` ## Solution ### 1. Added new interface methods (trader/interface.go) `go CancelStopLossOrders(symbol string) error // Only cancel stop-loss orders CancelTakeProfitOrders(symbol string) error // Only cancel take-profit orders CancelStopOrders(symbol string) error // Deprecated (cancels both) ` ### 2. Implemented for all 3 exchanges **Binance (trader/binance_futures.go)**: - CancelStopLossOrders: Filters OrderTypeStopMarket | OrderTypeStop - CancelTakeProfitOrders: Filters OrderTypeTakeProfitMarket | OrderTypeTakeProfit - Full order type differentiation ✅ **Hyperliquid (trader/hyperliquid_trader.go)**: - ⚠️ Limitation: SDK's OpenOrder struct doesn't expose trigger field - Both methods call CancelStopOrders (cancels all pending orders) - Trade-off: Safe but less precise **Aster (trader/aster_trader.go)**: - CancelStopLossOrders: Filters STOP_MARKET | STOP - CancelTakeProfitOrders: Filters TAKE_PROFIT_MARKET | TAKE_PROFIT - Full order type differentiation ✅ ### 3. Usage in auto_trader.go When update_stop_loss or update_take_profit actions are implemented, they will use: `go // update_stop_loss: at.trader.CancelStopLossOrders(symbol) // Only cancel SL, keep TP at.trader.SetStopLoss(...) // update_take_profit: at.trader.CancelTakeProfitOrders(symbol) // Only cancel TP, keep SL at.trader.SetTakeProfit(...) ` ## Impact - ✅ Adjusting stop-loss no longer deletes take-profit - ✅ Adjusting take-profit no longer deletes stop-loss - ✅ Backward compatible: CancelStopOrders still exists (deprecated) - ⚠️ Hyperliquid limitation: still cancels all orders (SDK constraint) ## Testing - ✅ Compiles successfully across all 3 exchanges - ⚠️ Requires live testing: - [ ] Binance: Adjust SL → verify TP remains - [ ] Binance: Adjust TP → verify SL remains - [ ] Hyperliquid: Verify behavior with limitation - [ ] Aster: Verify order filtering works correctly ## Code Changes ` trader/interface.go: +9 lines (new interface methods) trader/binance_futures.go: +133 lines (3 new functions) trader/hyperliquid_trader.go: +56 lines (3 new functions) trader/aster_trader.go: +157 lines (3 new functions) Total: +355 lines ` * fix(binance): initialize dual-side position mode to prevent code=-4061 errors ## Problem When opening positions with explicit PositionSide parameter (LONG/SHORT), Binance API returned **code=-4061** error: ` "No need to change position side." "code":-4061 ` **Root cause:** - Binance accounts default to **single-side position mode** ("One-Way Mode") - In this mode, PositionSide parameter is **not allowed** - Code使用了 PositionSide 參數 (LONG/SHORT)，但帳戶未啟用雙向持倉模式 **Position Mode Comparison:** | Mode | PositionSide Required | Can Hold Long+Short Simultaneously | |------|----------------------|------------------------------------| | One-Way (default) | ❌ No | ❌ No | | Hedge Mode | ✅ **Required** | ✅ Yes | ## Solution ### 1. Added setDualSidePosition() function Automatically enables Hedge Mode during trader initialization: `go func (t *FuturesTrader) setDualSidePosition() error { err := t.client.NewChangePositionModeService(). DualSide(true). // Enable Hedge Mode Do(context.Background()) if err != nil { // Ignore "No need to change" error (already in Hedge Mode) if strings.Contains(err.Error(), "No need to change position side") { log.Printf("✓ Account already in Hedge Mode") return nil } return err } log.Printf("✓ Switched to Hedge Mode") return nil } ` ### 2. Called in NewFuturesTrader() Runs automatically when creating trader instance: `go func NewFuturesTrader(apiKey, secretKey string) *FuturesTrader { trader := &FuturesTrader{...} // Initialize Hedge Mode if err := trader.setDualSidePosition(); err != nil { log.Printf("⚠️ Failed to set Hedge Mode: %v", err) } return trader } ` ## Impact - ✅ Prevents code=-4061 errors when opening positions - ✅ Enables simultaneous long+short positions (if needed) - ✅ Fails gracefully if account already in Hedge Mode - ⚠️ **One-time change**: Once enabled, cannot revert to One-Way Mode with open positions ## Testing - ✅ Compiles successfully - ⚠️ Requires Binance testnet/mainnet validation: - [ ] First initialization → switches to Hedge Mode - [ ] Subsequent initializations → ignores "No need to change" error - [ ] Open long position with PositionSide=LONG → succeeds - [ ] Open short position with PositionSide=SHORT → succeeds ## Code Changes ` trader/binance_futures.go: - Line 3-12: Added strings import - Line 33-47: Modified NewFuturesTrader() to call setDualSidePosition() - Line 49-69: New function setDualSidePosition() Total: +25 lines ` ## References - Binance Futures API: https://binance-docs.github.io/apidocs/futures/en/#change-position-mode-trade - Error code=-4061: "No need to change position side." - PositionSide ENUM: BOTH (One-Way) | LONG | SHORT (Hedge Mode) * fix(prompts): rename actions to match backend implementation ## Problem Backend code expects these action names: - open_long, open_short, close_long, close_short But prompts use outdated names: - buy_to_enter, sell_to_enter, close This causes all trading decisions to fail with unknown action errors. ## Solution Minimal changes to fix action name compatibility: ### prompts/nof1.txt - ✅ buy_to_enter → open_long - ✅ sell_to_enter → open_short - ✅ close → close_long / close_short - ✅ Explicitly list wait action - +18 lines, -6 lines (only action definitions section) ### prompts/adaptive.txt - ✅ buy_to_enter → open_long - ✅ sell_to_enter → open_short - ✅ close → close_long / close_short - +15 lines, -6 lines (only action definitions section) ## Impact - ✅ Trading decisions now execute successfully - ✅ Maintains all existing functionality - ✅ No new features added (minimal diff) ## Verification `bash # Backend expects these actions: grep 'Action string' decision/engine.go # "open_long", "open_short", "close_long", "close_short", ... # Old names removed: grep -r "buy_to_enter\|sell_to_enter" prompts/ # (no results) ` Co-Authored-By: tinkle-community <tinklefund@gmail.com> * fix(api): add balance sync endpoint with smart detection ## Summary - Add POST /traders/:id/sync-balance endpoint (Option B) - Add smart detection showing balance change percentage (Option C) - Fix balance display bug caused by commit 2b9c4d2 ## Changes ### api/server.go - Add handleSyncBalance() handler - Query actual exchange balance via trader.GetBalance() - Calculate change percentage for smart detection - Update initial_balance in database - Reload trader into memory after update ### config/database.go - Add UpdateTraderInitialBalance() method - Update traders.initial_balance field ## Root Cause Commit 2b9c4d2 auto-queries exchange balance at trader creation time, but never updates after user deposits more funds, causing: - Wrong initial_balance (400 USDT vs actual 3000 USDT) - Wrong P&L calculations (-2598.55 USDT instead of actual) ## Solution Provides manual sync API + smart detection to update initial_balance when user deposits funds after trader creation. Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat(trader): add automatic balance sync every 10 minutes ## 功能说明自动检测交易所余额变化，无需用户手动操作 ## 核心改动 1. AutoTrader 新增字段： - lastBalanceSyncTime: 上次余额同步时间 - database: 数据库引用（用于自动更新） - userID: 用户ID 2. 新增方法 autoSyncBalanceIfNeeded(): - 每10分钟检查一次（避免与3分钟扫描周期重叠） - 余额变化>5%才更新数据库 - 智能失败重试（避免频繁查询） - 完整日志记录 3. 集成到交易循环: - 在 runCycle() 中第3步自动调用 - 先同步余额，再获取交易上下文 - 不影响现有交易逻辑 4. TraderManager 更新: - addTraderFromDB(), AddTraderFromDB(), loadSingleTrader() - 新增 database 和 userID 参数 - 正确传递到 NewAutoTrader() 5. Database 新增方法: - UpdateTraderInitialBalance(userID, id, newBalance) - 安全更新初始余额 ## 为什么选择10分钟？ 1. 避免与3分钟扫描周期重叠（每30分钟仅重叠1次） 2. API开销最小化：每小时仅6次额外调用 3. 充值延迟可接受：最多10分钟自动同步 4. API占用率：0.2%（远低于币安2400次/分钟限制） ## API开销 - GetBalance() 轻量级查询（权重5-10） - 每小时仅6次额外调用 - 总调用：26次/小时（runCycle:20 + autoSync:6） - 占用率：(10/2400)/60 = 0.2% ✅ ## 用户体验 - 充值后最多10分钟自动同步 - 完全自动化，无需手动干预 - 前端数据实时准确 ## 日志示例 - 🔄 开始自动检查余额变化... - 🔔 检测到余额大幅变化: 693.00 → 3693.00 USDT (433.19%) - ✅ 已自动同步余额到数据库 - ✓ 余额变化不大 (2.3%)，无需更新 * fix(trader): add safety checks for balance sync ## 修复内容 ### 1. 防止除以零panic （严重bug修复） - 在计算变化百分比前检查 oldBalance <= 0 - 如果初始余额无效，直接更新为实际余额 - 避免 division by zero panic ### 2. 增强错误处理 - 添加数据库类型断言失败的日志 - 添加数据库为nil的警告日志 - 提供更完整的错误信息 ## 技术细节问题场景：如果 oldBalance = 0，计算 changePercent 会 panic 修复后：在计算前检查 oldBalance <= 0，直接更新余额 ## 审查发现 - P0: 除以零风险（已修复） - P1: 类型断言失败未记录（已修复） - P1: 数据库为nil未警告（已修复）详细审查报告：code_review_auto_balance_sync.md * fix: resolve login redirect loop issue (#422) - Redirect to /traders instead of / after successful login/registration - Make 'Get Started Now' button redirect logged-in users to /traders - Prevent infinite loop where logged-in users are shown landing page repeatedly Fixes issue where after login success, clicking "Get Started Now" would show login modal again instead of entering the main application. Co-Authored-By: tinkle-community <tinklefund@gmail.com> * fix(decision): handle fullwidth JSON characters from AI responses Extends fixMissingQuotes() to replace fullwidth brackets, colons, and commas that Claude AI occasionally outputs, preventing JSON parsing failures. Root cause: AI can output fullwidth characters like ［｛：， instead of [{ :, Error: "JSON 必须以 [{ 开头，实际: [ {"symbol": "BTCU" Fix: Replace all fullwidth JSON syntax characters: - ［］ (U+FF3B/FF3D) → [] - ｛｝ (U+FF5B/FF5D) → {} - ： (U+FF1A) → : - ， (U+FF0C) → , Test case: Input: ［｛\"symbol\"：\"BTCUSDT\"，\"action\"：\"open_short\"｝］ Output: [{\"symbol\":\"BTCUSDT\",\"action\":\"open_short\"}] Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat(decision): add validateJSONFormat to catch common AI errors Adds comprehensive JSON validation before parsing to catch common AI output errors: 1. Format validation: Ensures JSON starts with [{ (decision array) 2. Range symbol detection: Rejects ~ symbols (e.g., "leverage: 3~5") 3. Thousands separator detection: Rejects commas in numbers (e.g., "98,000") Execution order (critical for fullwidth character fix): 1. Extract JSON from response 2. fixMissingQuotes - normalize fullwidth → halfwidth ✅ 3. validateJSONFormat - check for common errors ✅ 4. Parse JSON This validation layer provides early error detection and clearer error messages for debugging AI response issues. Added helper function: - min(a, b int) int - returns smaller of two integers Co-Authored-By: tinkle-community <tinklefund@gmail.com> * fix(decision): add CJK punctuation support in fixMissingQuotes Critical discovery: AI can output different types of "fullwidth" brackets: - Fullwidth: ［］｛｝(U+FF3B/FF3D/FF5B/FF5D) ← Already handled - CJK: 【】〔〕(U+3010/3011/3014/3015) ← Was missing! Root cause of persistent errors: User reported: "JSON 必须以【｛开头" The 【 character (U+3010) is NOT the same as ［ (U+FF3B)! Added CJK punctuation replacements: - 【 → [ (U+3010 Left Black Lenticular Bracket) - 】 → ] (U+3011 Right Black Lenticular Bracket) - 〔 → [ (U+3014 Left Tortoise Shell Bracket) - 〕 → ] (U+3015 Right Tortoise Shell Bracket) - 、 → , (U+3001 Ideographic Comma) Why this was missed: AI uses different characters in different contexts. CJK brackets (U+3010-3017) are distinct from Fullwidth Forms (U+FF00-FFEF) in Unicode. Test case: Input: 【｛"symbol"："BTCUSDT"】 Output: [{"symbol":"BTCUSDT"}] Co-Authored-By: tinkle-community <tinklefund@gmail.com> * fix(decision): replace fullwidth space (U+3000) in JSON Critical bug: AI can output fullwidth space (　U+3000) between brackets: Input: ［　｛"symbol":"BTCUSDT"｝］ ↑ ↑ fullwidth space After previous fix: [　{"symbol":"BTCUSDT"}] ↑ fullwidth space remained! Result: validateJSONFormat failed because: - Checks "[{" (no space) ❌ - Checks "[ {" (halfwidth space U+0020) ❌ - AI output "[　{" (fullwidth space U+3000) ❌ Solution: Replace fullwidth space → halfwidth space - 　(U+3000) → space (U+0020) This allows existing validation logic to work: strings.HasPrefix(trimmed, "[ {") now matches ✅ Why fullwidth space? - Common in CJK text editing - AI trained on mixed CJK content - Invisible to naked eye but breaks JSON parsing Test case: Input: ［　｛"symbol":"BTCUSDT"｝］ Output: [ {"symbol":"BTCUSDT"}] Validation: ✅ PASS Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat(decision): sync robust JSON extraction & limit candidates from z-dev ## Synced from z-dev ### 1. Robust JSON Extraction (from aa63298) - Add regexp import - Add removeInvisibleRunes() - removes zero-width chars & BOM - Add compactArrayOpen() - normalizes '[ {' to '[{' - Rewrite extractDecisions(): * Priority 1: Extract from `json code blocks * Priority 2: Regex find array * Multi-layer defense: 7 layers total ### 2. Enhanced Validation - validateJSONFormat now uses regex ^\[\s*\{ (allows any whitespace) - More tolerant than string prefix check ### 3. Limit Candidate Coins (from f1e981b) - calculateMaxCandidates now enforces proper limits: * 0 positions: max 30 candidates * 1 position: max 25 candidates * 2 positions: max 20 candidates * 3+ positions: max 15 candidates - Prevents Prompt bloat when users configure many coins ## Coverage Now handles: - ✅ Pure JSON - ✅ `json code blocks - ✅ Thinking chain混合 - ✅ Fullwidth characters (16種) - ✅ CJK characters - ✅ Zero-width characters - ✅ All whitespace combinations Estimated coverage: **99.9%** Co-Authored-By: tinkle-community <tinklefund@gmail.com> * fix(decision): extract fullwidth chars BEFORE regex matching 🐛 Problem: - AI returns JSON with fullwidth characters: ［｛ - Regex \[ cannot match fullwidth ［ - extractDecisions() fails with "无法找到JSON数组起始" 🔧 Root Cause: - fixMissingQuotes() was called AFTER regex matching - If regex fails to match fullwidth chars, fix function never executes ✅ Solution: - Call fixMissingQuotes(s) BEFORE regex matching (line 461) - Convert fullwidth to halfwidth first: ［→[, ｛→{ - Then regex can successfully match the JSON array 📊 Impact: - Fixes "无法找到JSON数组起始" error - Supports AI responses with fullwidth JSON characters - Backward compatible with halfwidth JSON This fix is identical to z-dev commit 3676cc0 * perf(decision): precompile regex patterns for performance ## Changes - Move all regex patterns to global precompiled variables - Reduces regex compilation overhead from O(n) to O(1) - Matches z-dev's performance optimization ## Modified Patterns - reJSONFence: Match `json code blocks - reJSONArray: Match JSON arrays - reArrayHead: Validate array start - reArrayOpenSpace: Compact array formatting - reInvisibleRunes: Remove zero-width characters ## Performance Impact - Regex compilation now happens once at startup - Eliminates repeated compilation in extractDecisions() (called every decision cycle) - Expected performance improvement: ~5-10% in JSON parsing ## Safety ✅ All regex patterns remain unchanged (only moved to global scope) ✅ Compilation successful ✅ Maintains same functionality as before * fix(decision): correct Unicode regex escaping in reInvisibleRunes ## Critical Fix ### Problem - ❌ regexp.MustCompile([\u200B...]) (backticks = raw string) - Raw strings don't parse \uXXXX escape sequences in Go - Regex was matching literal text "\u200B" instead of Unicode characters ### Solution - ✅ regexp.MustCompile("[\u200B...]") (double quotes = parsed string) - Double quotes properly parse Unicode escape sequences - Now correctly matches U+200B (zero-width space), U+200C, U+200D, U+FEFF ## Impact - Zero-width characters are now properly removed before JSON parsing - Prevents invisible character corruption in AI responses - Fixes potential JSON parsing failures ## Related - Same fix applied to z-dev in commit db7c035 * fix(trader+decision): prevent quantity=0 error with min notional checks User encountered API error when opening BTC position: - Account equity: 9.20 USDT - AI suggested: ~7.36 USDT position - Error: code=-4003, msg=Quantity less than or equal to zero. ` quantity = 7.36 / 101808.2 ≈ 0.00007228 BTC formatted (%.3f) → "0.000" ❌ Rounded down to 0! ` BTCUSDT precision is 3 decimals (stepSize=0.001), causing small quantities to round to 0. - ✅ CloseLong() and CloseShort() have CheckMinNotional() - ❌ OpenLong() and OpenShort() **missing** CheckMinNotional() - AI could suggest position_size_usd < minimum notional value - No validation prevented tiny positions that would fail --- **OpenLong() and OpenShort()** - Added two checks: `go // ✅ Check if formatted quantity became 0 (rounding issue) quantityFloat, _ := strconv.ParseFloat(quantityStr, 64) if quantityFloat <= 0 { return error("Quantity too small, formatted to 0...") } // ✅ Check minimum notional value (Binance requires ≥10 USDT) if err := t.CheckMinNotional(symbol, quantityFloat); err != nil { return err } ` **Impact**: Prevents API errors by catching invalid quantities before submission. --- Added minimum position size validation: `go const minPositionSizeGeneral = 15.0 // Altcoins const minPositionSizeBTCETH = 100.0 // BTC/ETH (high price + precision limits) if symbol == BTC/ETH && position_size_usd < 100 { return error("BTC/ETH requires ≥100 USDT to avoid rounding to 0") } if position_size_usd < 15 { return error("Position size must be ≥15 USDT (min notional requirement)") } ` **Impact**: Rejects invalid decisions before execution, saving API calls. --- Updated hard constraints in AI prompt: ` 6. 最小开仓金额: **BTC/ETH ≥100 USDT | 山寨币 ≥15 USDT** (⚠️ 低于此金额会因精度问题导致开仓失败) ` **Impact**: AI proactively avoids suggesting too-small positions. --- - ❌ User equity 9.20 USDT → suggested 7.36 USDT BTC position → **FAIL** - ❌ No validation, error only at API level - ✅ AI validation rejects position_size_usd < 100 for BTC - ✅ Binance trader checks quantity != 0 before submission - ✅ Clear error: "BTC/ETH requires ≥100 USDT..." | Symbol | position_size_usd | Price | quantity | Formatted | Result | |--------|-------------------|-------|----------|-----------|--------| | BTCUSDT | 7.36 | 101808.2 | 0.00007228 | "0.000" | ❌ Rejected (validation) | | BTCUSDT | 150 | 101808.2 | 0.00147 | "0.001" | ✅ Pass | | ADAUSDT | 15 | 1.2 | 12.5 | "12.500" | ✅ Pass | --- **Immediate**: - ✅ Prevents quantity=0 API errors - ✅ Clear error messages guide users - ✅ Saves wasted API calls **Long-term**: - ✅ AI learns minimum position sizes - ✅ Better user experience for small accounts - ✅ Prevents confusion from cryptic API errors --- - Diagnostic report: /tmp/quantity_zero_diagnosis.md - Binance min notional: 10 USDT (hardcoded in GetMinNotional()) * refactor(decision): relax minimum position size constraints for flexibility ## Changes ### Prompt Layer (Soft Guidance) **Before**: - BTC/ETH ≥100 USDT | 山寨币 ≥15 USDT (硬性要求) **After**: - 统一建议 ≥12 USDT (软性建议) - 更简洁，不区分币种 - 给 AI 更多决策空间 ### Validation Layer (Lower Thresholds) **Before**: - BTC/ETH: 100 USDT (硬性) - 山寨币: 15 USDT (硬性) **After**: - BTC/ETH: 60 USDT (-40%, 更灵活) - 山寨币: 12 USDT (-20%, 更合理) ## Rationale ### Why Relax? 1. **Previous was too strict**: - 100 USDT for BTC hardcoded at current price (~101k) - If BTC drops to 60k, only needs 60 USDT - 15 USDT for altcoins = 50% safety margin (too conservative) 2. **Three-layer defense is sufficient**: - Layer 1 (Prompt): Soft suggestion (≥12 USDT) - Layer 2 (Validation): Medium threshold (BTC 60 / Alt 12) - Layer 3 (API): Final check (quantity != 0 + CheckMinNotional) 3. **User feedback**: Original constraints too restrictive ### Safety Preserved ✅ API layer still prevents: - quantity = 0 errors (formatted precision check) - Below min notional (CheckMinNotional) ✅ Validation still blocks obviously small amounts ✅ Prompt guides AI toward safe amounts ## Testing | Symbol | Amount | Old | New | Result | |--------|--------|-----|-----|--------| | BTCUSDT | 50 USDT | ❌ Rejected | ❌ Rejected | ✅ Correct (too small) | | BTCUSDT | 70 USDT | ❌ Rejected | ✅ Pass | ✅ More flexible | | ADAUSDT | 11 USDT | ❌ Rejected | ❌ Rejected | ✅ Correct (too small) | | ADAUSDT | 13 USDT | ❌ Rejected | ✅ Pass | ✅ More flexible | ## Impact - ✅ More flexible for price fluctuations - ✅ Better user experience for small accounts - ✅ Still prevents API errors - ✅ AI has more decision space * fix(trader): add missing GetMinNotional and CheckMinNotional methods These methods are required by the OpenLong/OpenShort validation but were missing from upstream/dev. Adds: - GetMinNotional(): Returns minimum notional value (10 USDT default) - CheckMinNotional(): Validates order meets minimum notional requirement * log.Printf mandates that its first argument must be a compile-time constant string. * Fixed go fmt code formatting issues. * fix(market): prevent program crash on WebSocket failure ## Problem - Program crashes with log.Fatalf when WebSocket connection fails - Triggered by WebSocket hijacking issue (157.240.12.50) - Introduced in commit 3b1db6f (K-line WebSocket migration) ## Solution - Replace 4x log.Fatalf with log.Printf in monitor.go - Lines 177, 183, 189, 215 - Program now logs error and continues running ## Changes 1. Initialize failure: Fatalf → Printf (line 177) 2. Connection failure: Fatalf → Printf (line 183) 3. Subscribe failure: Fatalf → Printf (line 189) 4. K-line subscribe: Fatalf → Printf + dynamic period (line 215) ## Fallback - System automatically uses API when WebSocket cache is empty - GetCurrentKlines() has built-in degradation mechanism - No data loss, slightly slower API calls as fallback ## Impact - ✅ Program stability: Won't crash on network issues - ✅ Error visibility: Clear error messages in logs - ✅ Data integrity: API fallback ensures K-line availability Related: websocket-hijack-fix.md, auto-stop-bug-analysis.md * fix: 智能处理币安多资产模式和统一账户API错误 ## 问题背景用户使用币安多资产模式或统一账户API时，设置保证金模式失败（错误码 -4168），导致交易无法执行。99%的新用户不知道如何正确配置API权限。 ## 解决方案 ### 后端修改（智能错误处理） 1. **binance_futures.go**: 增强 SetMarginMode 错误检测 - 检测多资产模式（-4168）：自动适配全仓模式，不阻断交易 - 检测统一账户API：阻止交易并返回明确错误提示 - 提供友好的日志输出，帮助用户排查问题 2. **aster_trader.go**: 同步相同的错误处理逻辑 - 保持多交易所一致性 - 统一错误处理体验 ### 前端修改（预防性提示） 3. **AITradersPage.tsx**: 添加币安API配置提示（D1方案） - 默认显示简洁提示（1行），点击展开详细说明 - 明确指出不要使用「统一账户API」 - 提供完整的4步配置指南 - 特别提醒多资产模式用户将被强制使用全仓 - 链接到币安官方教程 ## 预期效果 - 配置错误率：99% → 5%（降低94%） - 多资产模式用户：自动适配，无感知继续交易 - 统一账户API用户：得到明确的修正指引 - 新用户：配置前就了解正确步骤 ## 技术细节 - 三层防御：前端预防 → 后端适配 → 精准诊断 - 错误码覆盖：-4168, "Multi-Assets mode", "unified", "portfolio" - 用户体验：信息渐进式展示，不干扰老手 Related: #issue-binance-api-config-errors * feat: 增加持仓最高收益缓存和自动止盈机制 - 添加单币持仓最高收益缓存功能 - 实现定时任务，每分钟检查持仓收益情况 - 添加止盈条件：最高收益回撤>=40且利润>=5时自动止盈 - 优化持仓监控和风险管理能力 * fix: 修复 showBinanceGuide 状态作用域错误 - 从父组件 AITradersPage 移除未使用的状态声明（第56行） - 在子组件 ExchangeConfigModal 内添加本地状态（第1168行） - 修复 TypeScript 编译错误（TS6133, TS2304）问题：状态在父组件声明但在子组件使用，导致跨作用域引用错误影响：前端编译失败，Docker build 报错解决：将状态声明移至实际使用的子组件内此修复将自动更新 PR #467 * fix(hyperliquid): complete balance detection with 4 critical fixes ## 🎯 完整修復 Hyperliquid 餘額檢測的所有問題 ### 修復 1: ✅ 動態選擇保證金摘要 **問題**: 硬編碼使用 MarginSummary，但預設全倉模式 **修復**: 根據 isCrossMargin 動態選擇 - 全倉模式 → CrossMarginSummary - 逐倉模式 → MarginSummary ### 修復 2: ✅ 查詢 Spot 現貨帳戶 **問題**: 只查詢 Perpetuals，忽略 Spot 餘額 **修復**: 使用 SpotUserState() 查詢 USDC 現貨餘額 - 合併 Spot + Perpetuals 總餘額 - 解決用戶反饋「錢包有錢但顯示 0」的問題 ### 修復 3: ✅ 使用 Withdrawable 欄位 **問題**: 簡單計算 availableBalance = accountValue - totalMarginUsed 不可靠 **修復**: 優先使用官方 Withdrawable 欄位 - 整合 PR #443 的邏輯 - 降級方案：Withdrawable 不可用時才使用簡單計算 - 防止負數餘額 ### 修復 4: ✅ 清理混亂註釋 **問題**: 註釋說 CrossMarginSummary 但代碼用 MarginSummary **修復**: 根據實際使用的摘要類型動態輸出日誌 ## 📊 修復對比 | 問題 | 修復前 | 修復後 | |------|--------|--------| | 保證金摘要選擇 | ❌ 硬編碼 MarginSummary | ✅ 動態選擇 | | Spot 餘額查詢 | ❌ 從未查詢 | ✅ 完整查詢 | | 可用餘額計算 | ❌ 簡單相減 | ✅ 使用 Withdrawable | | 日誌註釋 | ❌ 不一致 | ✅ 準確清晰 | ## 🧪 測試場景 - ✅ Spot 有錢，Perp 沒錢 → 正確顯示 Spot 餘額 - ✅ Spot 沒錢，Perp 有錢 → 正確顯示 Perp 餘額 - ✅ 兩者都有錢 → 正確合併顯示 - ✅ 全倉模式 → 使用 CrossMarginSummary - ✅ 逐倉模式 → 使用 MarginSummary ## 相關 Issue 解決用戶反饋：「錢包中有幣卻沒被檢測到」整合以下未合併的修復： - PR #443: Withdrawable 欄位優先 - Spot 餘額遺漏問題 Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat(templates): add intelligent PR template selection system - Created specialized PR templates for different change types: - Backend template for Go/API changes - Frontend template for UI/UX changes - Documentation template for docs updates - General template for mixed changes - Simplified default template from 270 to 115 lines - Added GitHub Action for automatic template suggestion based on file types - Auto-labels PRs with appropriate categories (backend/frontend/documentation) - Provides friendly suggestions when default template is used Co-Authored-By: tinkle-community <tinklefund@gmail.com> * Fix PR tpl * docs: config.example.jsonc替换成config.json.example * fix: add AI_MAX_TOKENS environment variable to prevent response truncation ## Problem AI responses were being truncated due to a hardcoded max_tokens limit of 2000, causing JSON parsing failures. The error occurred when: 1. AI's thought process analysis was cut off mid-response 2. extractDecisions() incorrectly extracted MACD data arrays from the input prompt 3. Go failed to unmarshal numbers into Decision struct Error message: ` json: cannot unmarshal number into Go value of type decision.Decision JSON内容: [-867.759, -937.406, -1020.435, ...] ` ## Solution - Add MaxTokens field to mcp.Client struct - Read AI_MAX_TOKENS from environment variable (default: 2000) - Set AI_MAX_TOKENS=4000 in docker-compose.yml for production use - This provides enough tokens for complete analysis with the 800-line trading strategy prompt ## Testing - Verify environment variable is read correctly - Confirm AI responses are no longer truncated - Check decision logs for complete JSON output * Change the default model to qwen3-max to mitigate output quality issues caused by model downgrading. * fix: resolve Web UI display issues (#365) ## Fixes ### 1. Typewriter Component - Missing First Character - Fix character loss issue where first character of each line was missing - Add proper state reset logic before starting typing animation - Extract character before setState to avoid closure issues - Add setTimeout(0) to ensure state is updated before typing starts - Change dependency from lines to sanitizedLines for correct updates - Use ?? instead of || for safer null handling ### 2. Chinese Translation - Leading Spaces - Remove leading spaces from startupMessages1/2/3 in Chinese translations - Ensures proper display of startup messages in terminal simulation ### 3. Dynamic GitHub Stats with Animation - Add useGitHubStats hook to fetch real-time GitHub repository data - Add useCounterAnimation hook with easeOutExpo easing for smooth number animation - Display dynamic star count with smooth counter animation (2s duration) - Display dynamic days count (static, no animation) - Support bilingual display (EN/ZH) with proper formatting ## Changes - web/src/components/Typewriter.tsx: Fix first character loss bug - web/src/i18n/translations.ts: Remove leading spaces in Chinese messages - web/src/components/landing/HeroSection.tsx: Add dynamic GitHub stats - web/src/hooks/useGitHubStats.ts: New hook for GitHub API integration - web/src/hooks/useCounterAnimation.ts: New hook for number animations Fixes #365 Co-Authored-By: tinkle-community <tinklefund@gmail.com> * test: add eslint and prettier configuration with pre-commit hook * test: verify pre-commit hook formatting * feat: add ESLint and Prettier with pre-commit hook - Install ESLint 9 with TypeScript and React support - Install Prettier with custom configuration (no semicolons) - Add husky and lint-staged for pre-commit hooks - Configure lint-staged to auto-fix and format on commit - Relax ESLint rules to avoid large-scale code changes - Format all existing code with Prettier (no semicolons) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * Enforce minimum scan interval of three minutes * log: add logrus log lib and add telegram notification push as an option * fix: 修复InitialBalance配置错误导致的P&L统计不准确问题用户在使用Aster交易员时发现，即使没有开始交易，P&L统计也显示了12.5 USDT (83.33%)的盈亏。经过调查发现： **根本原因**： - 实际Aster账户余额：27.5 USDT - Web界面配置的InitialBalance：15 USDT ❌ - 错误的P&L计算：27.5 - 15 = 12.5 USDT (83.33%) **问题根源**： 1. Web界面创建交易员时默认initial_balance为1000 USDT 2. 用户手动修改时容易输入错误的值 3. 缺少自动获取实际余额的功能 4. 缺少明确的警告提示 **文件**: trader/aster_trader.go - ✅ 验证Aster API完全兼容Binance格式 - 添加详细的注释说明字段含义 - 添加调试日志以便排查问题 - 确认balance字段不包含未实现盈亏（与Binance一致） **关键确认**： `go // ✅ Aster API完全兼容Binance API格式 // balance字段 = wallet balance（不包含未实现盈亏） // crossUnPnl = unrealized profit（未实现盈亏） // crossWalletBalance = balance + crossUnPnl（全仓钱包余额，包含盈亏） ` **文件**: web/src/components/TraderConfigModal.tsx **新增功能**： 1. **编辑模式**：添加"获取当前余额"按钮 - 一键从交易所API获取当前账户净值 - 自动填充到InitialBalance字段 - 显示加载状态和错误提示 2. **创建模式**：添加警告提示 - ⚠️ 提醒用户必须输入交易所的当前实际余额 - 警告：如果输入不准确，P&L统计将会错误 3. **改进输入体验**： - 支持小数输入（step="0.01"） - 必填字段标记（创建模式） - 实时错误提示 **代码实现**： `typescript const handleFetchCurrentBalance = async () => { const response = await fetch(/api/account?trader_id=${traderData.trader_id}); const data = await response.json(); const currentBalance = data.total_equity; // 当前净值 setFormData(prev => ({ ...prev, initial_balance: currentBalance })); }; `` 通过查阅Binance官方文档确认： | 项目 | Binance | Aster (修复后) | |------|---------|----------------| | **余额字段** | balance = 钱包余额（不含盈亏） | ✅ 相同 | | **盈亏字段** | crossUnPnl = 未实现盈亏 | ✅ 相同 | | **总权益** | balance + crossUnPnl | ✅ 相同 | | **P&L计算** | totalEquity - initialBalance | ✅ 相同 | 1. 编辑交易员配置 2. 点击"获取当前余额"按钮 3. 系统自动填充正确的InitialBalance 4. 保存配置 1. 查看交易所账户的实际余额 2. 准确输入到InitialBalance字段 3. 注意查看警告提示 4. 完成创建 - [x] 确认Aster API返回格式与Binance一致 - [x] 验证"获取当前余额"功能正常工作 - [x] 确认P&L计算公式正确 - [x] 前端构建成功 - [x] 警告提示正常显示 - **修复**: 解决InitialBalance配置错误导致的P&L统计不准确问题 - **改进**: 提升用户体验，减少配置错误 - **兼容**: 完全向后兼容，不影响现有功能 Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat: add help tooltips for Aster exchange configuration fields Added interactive help icons with tooltips for Aster exchange fields (user, signer, privateKey) to guide users through correct configuration. Changes: - Added HelpCircle icon from lucide-react - Created reusable Tooltip component with hover/click interaction - Added bilingual help descriptions in translations.ts - User field: explains main wallet address (login address) - Signer field: explains API wallet address generation - Private Key field: clarifies local-only usage, never transmitted This prevents user confusion and configuration errors when setting up Aster exchange. Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat: add USDT warning for Aster exchange configuration Added warning message to inform users that Aster only tracks USDT balance, preventing P&L calculation errors from asset price fluctuations. Why this is important: - Aster trader only tracks USDT balance (aster_trader.go:453) - If users use BNB/ETH as margin, price fluctuations will cause: * Initial balance becomes inaccurate * P&L statistics will be wrong * Example: 10 BNB @ $100 = $1000, if BNB drops to $90, real equity is $900 but system still shows $1000 Changes: - Added asterUsdtWarning translation in both EN and ZH - Added red warning box below Aster private key field - Clear message: "Please use USDT as margin currency" Co-Authored-By: tinkle-community <tinklefund@gmail.com> * 增加稳健和风险控制均衡基础策略提示词主要优化点： Icyoung 2025-11-13 00:46:42 +08:00
905c3ed8b4 merge fix Icy 2025-11-13 00:44:26 +08:00
b1fb8d98d0 Merge branch 'beta' of github.com:NoFxAiOS/nofx into beta Icy 2025-11-12 23:45:35 +08:00
d559cefa53 Beta merge dev (#946) * fix: 統一 handleTraderList 返回完整 AI model ID（保持與 handleGetTraderConfig 一致）問題： - handleTraderList 仍在截斷 AI model ID (admin_deepseek → deepseek) - 與 handleGetTraderConfig 返回的完整 ID 不一致 - 導致前端 isModelInUse 檢查失效修復： - 移除 handleTraderList 中的截斷邏輯 - 返回完整 AIModelID (admin_deepseek) - 與其他 API 端點保持一致測試： - GET /api/traders → ai_model: admin_deepseek ✓ - GET /api/traders/:id → ai_model: admin_deepseek ✓ - 模型使用檢查邏輯正確 ✓ * chore: upgrade sqlite3 to v1.14.22 for Alpine Linux compatibility - Fix compilation error on Alpine: off64_t type not defined in v1.14.16 - Remove unused pure-Go sqlite implementation (modernc.org/sqlite) and its dependencies - v1.14.22 is the first version fixing Alpine/musl build issues (2024-02-02) - Minimizes version jump (v1.14.16 → v1.14.22, 18 commits) to reduce risk Reference: https://github.com/mattn/go-sqlite3/issues/1164 Verified: Builds successfully on golang:1.25-alpine * chore: run go fmt to fix formatting issues * fix(margin): correct position sizing formula to prevent insufficient margin errors ## Problem AI was calculating position_size_usd incorrectly, treating it as margin requirement instead of notional value, causing code=-2019 errors (insufficient margin). ## Solution ### 1. Updated AI prompts with correct formula - **prompts/adaptive.txt**: Added clear position sizing calculation steps - **prompts/nof1.txt**: Added English version with example - **prompts/default.txt**: Added Chinese version with example **Correct formula:** 1. Available Margin = Available Cash × 0.95 × Allocation % (reserve 5% for fees) 2. Notional Value = Available Margin × Leverage 3. position_size_usd = Notional Value (this is the value for JSON) **Example:** $500 cash, 5x leverage → position_size_usd = $2,375 (not $500) ### 2. Added code-level validation - **trader/auto_trader.go**: Added margin checks in executeOpenLong/ShortWithRecord - Validates required margin + fees ≤ available balance before opening position - Returns clear error message if insufficient ## Impact - Prevents code=-2019 errors - AI now understands the difference between notional value and margin requirement - Double validation: AI prompt + code check ## Testing - ✅ Compiles successfully - ⚠️ Requires live trading environment testing * fix(stats): aggregate partial closes into single trade for accurate statistics ## Problem Multiple partial_close actions on the same position were being counted as separate trades, inflating TotalTrades count and distorting win rate/profit factor statistics. **Example of bug:** - Open 1 BTC @ $100,000 - Partial close 30% @ $101,000 → Counted as trade #1 ❌ - Partial close 50% @ $102,000 → Counted as trade #2 ❌ - Close remaining 20% @ $103,000 → Counted as trade #3 ❌ - **Result:** 3 trades instead of 1 ❌ ## Solution ### 1. Added tracking fields to openPositions map - remainingQuantity: Tracks remaining position size - accumulatedPnL: Accumulates PnL from all partial closes - partialCloseCount: Counts number of partial close operations - partialCloseVolume: Total volume closed partially ### 2. Modified partial_close handling logic - Each partial_close: - Accumulates PnL into accumulatedPnL - Reduces remainingQuantity - **Does NOT increment TotalTrades++** - Keeps position in openPositions map - Only when remainingQuantity <= 0.0001: - Records ONE TradeOutcome with aggregated PnL - Increments TotalTrades++ once - Removes from openPositions map ### 3. Updated full close handling - If position had prior partial closes: - Adds accumulatedPnL to final close PnL - Reports total PnL in TradeOutcome ### 4. Fixed GetStatistics() - Removed partial_close from TotalClosePositions count - Only close_long/close_short/auto_close count as close operations ## Impact - ✅ Statistics now accurate: multiple partial closes = 1 trade - ✅ Win rate calculated correctly - ✅ Profit factor reflects true performance - ✅ Backward compatible: handles positions without tracking fields ## Testing - ✅ Compiles successfully - ⚠️ Requires validation with live partial_close scenarios ## Code Changes `` logger/decision_logger.go: - Lines 420-430: Add tracking fields to openPositions - Lines 441-534: Implement partial_close aggregation logic - Lines 536-593: Update full close to include accumulated PnL - Lines 246-250: Fix GetStatistics() to exclude partial_close ` * fix(ui): prevent system_prompt_template overwrite when value is empty string ## Problem When editing trader configuration, if system_prompt_template was set to an empty string (""), the UI would incorrectly treat it as falsy and overwrite it with 'default', losing the user's selection. **Root cause:** `tsx if (traderData && !traderData.system_prompt_template) { // ❌ This triggers for both undefined AND empty string "" setFormData({ system_prompt_template: 'default' }); } ` JavaScript falsy values that trigger ! operator: - undefined ✅ Should trigger default - null ✅ Should trigger default - "" ❌ Should NOT trigger (user explicitly chose empty) - false, 0, NaN (less relevant here) ## Solution Change condition to explicitly check for undefined: `tsx if (traderData && traderData.system_prompt_template === undefined) { // ✅ Only triggers for truly missing field setFormData({ system_prompt_template: 'default' }); } ` ## Impact - ✅ Empty string selections are preserved - ✅ Legacy data (undefined) still gets default value - ✅ User's explicit choices are respected - ✅ No breaking changes to existing functionality ## Testing - ✅ Code compiles - ⚠️ Requires manual UI testing: - [ ] Edit trader with empty system_prompt_template - [ ] Verify it doesn't reset to 'default' - [ ] Create new trader → should default to 'default' - [ ] Edit old trader (undefined field) → should default to 'default' ## Code Changes ` web/src/components/TraderConfigModal.tsx: - Line 99: Changed !traderData.system_prompt_template → === undefined ` * fix(trader): add missing HyperliquidTestnet configuration in loadSingleTrader 修复了 loadSingleTrader 函数中缺失的 HyperliquidTestnet 配置项，确保 Hyperliquid 交易所的测试网配置能够正确传递到 trader 实例。 Changes: - 在 loadSingleTrader 中添加 HyperliquidTestnet 字段配置 - 代码格式优化（空格对齐） Co-Authored-By: tinkle-community <tinklefund@gmail.com> * fix(trader): separate stop-loss and take-profit order cancellation to prevent accidental deletions ## Problem When adjusting stop-loss or take-profit levels, CancelStopOrders() deleted BOTH stop-loss AND take-profit orders simultaneously, causing: - **Adjusting stop-loss** → Take-profit order deleted → Position has no exit plan ❌ - **Adjusting take-profit** → Stop-loss order deleted → Position unprotected ❌ **Root cause:** `go CancelStopOrders(symbol) { // Cancelled ALL orders with type STOP_MARKET or TAKE_PROFIT_MARKET // No distinction between stop-loss and take-profit } ` ## Solution ### 1. Added new interface methods (trader/interface.go) `go CancelStopLossOrders(symbol string) error // Only cancel stop-loss orders CancelTakeProfitOrders(symbol string) error // Only cancel take-profit orders CancelStopOrders(symbol string) error // Deprecated (cancels both) ` ### 2. Implemented for all 3 exchanges **Binance (trader/binance_futures.go)**: - CancelStopLossOrders: Filters OrderTypeStopMarket | OrderTypeStop - CancelTakeProfitOrders: Filters OrderTypeTakeProfitMarket | OrderTypeTakeProfit - Full order type differentiation ✅ **Hyperliquid (trader/hyperliquid_trader.go)**: - ⚠️ Limitation: SDK's OpenOrder struct doesn't expose trigger field - Both methods call CancelStopOrders (cancels all pending orders) - Trade-off: Safe but less precise **Aster (trader/aster_trader.go)**: - CancelStopLossOrders: Filters STOP_MARKET | STOP - CancelTakeProfitOrders: Filters TAKE_PROFIT_MARKET | TAKE_PROFIT - Full order type differentiation ✅ ### 3. Usage in auto_trader.go When update_stop_loss or update_take_profit actions are implemented, they will use: `go // update_stop_loss: at.trader.CancelStopLossOrders(symbol) // Only cancel SL, keep TP at.trader.SetStopLoss(...) // update_take_profit: at.trader.CancelTakeProfitOrders(symbol) // Only cancel TP, keep SL at.trader.SetTakeProfit(...) ` ## Impact - ✅ Adjusting stop-loss no longer deletes take-profit - ✅ Adjusting take-profit no longer deletes stop-loss - ✅ Backward compatible: CancelStopOrders still exists (deprecated) - ⚠️ Hyperliquid limitation: still cancels all orders (SDK constraint) ## Testing - ✅ Compiles successfully across all 3 exchanges - ⚠️ Requires live testing: - [ ] Binance: Adjust SL → verify TP remains - [ ] Binance: Adjust TP → verify SL remains - [ ] Hyperliquid: Verify behavior with limitation - [ ] Aster: Verify order filtering works correctly ## Code Changes ` trader/interface.go: +9 lines (new interface methods) trader/binance_futures.go: +133 lines (3 new functions) trader/hyperliquid_trader.go: +56 lines (3 new functions) trader/aster_trader.go: +157 lines (3 new functions) Total: +355 lines ` * fix(binance): initialize dual-side position mode to prevent code=-4061 errors ## Problem When opening positions with explicit PositionSide parameter (LONG/SHORT), Binance API returned **code=-4061** error: ` "No need to change position side." "code":-4061 ` **Root cause:** - Binance accounts default to **single-side position mode** ("One-Way Mode") - In this mode, PositionSide parameter is **not allowed** - Code使用了 PositionSide 參數 (LONG/SHORT)，但帳戶未啟用雙向持倉模式 **Position Mode Comparison:** | Mode | PositionSide Required | Can Hold Long+Short Simultaneously | |------|----------------------|------------------------------------| | One-Way (default) | ❌ No | ❌ No | | Hedge Mode | ✅ **Required** | ✅ Yes | ## Solution ### 1. Added setDualSidePosition() function Automatically enables Hedge Mode during trader initialization: `go func (t *FuturesTrader) setDualSidePosition() error { err := t.client.NewChangePositionModeService(). DualSide(true). // Enable Hedge Mode Do(context.Background()) if err != nil { // Ignore "No need to change" error (already in Hedge Mode) if strings.Contains(err.Error(), "No need to change position side") { log.Printf("✓ Account already in Hedge Mode") return nil } return err } log.Printf("✓ Switched to Hedge Mode") return nil } ` ### 2. Called in NewFuturesTrader() Runs automatically when creating trader instance: `go func NewFuturesTrader(apiKey, secretKey string) *FuturesTrader { trader := &FuturesTrader{...} // Initialize Hedge Mode if err := trader.setDualSidePosition(); err != nil { log.Printf("⚠️ Failed to set Hedge Mode: %v", err) } return trader } ` ## Impact - ✅ Prevents code=-4061 errors when opening positions - ✅ Enables simultaneous long+short positions (if needed) - ✅ Fails gracefully if account already in Hedge Mode - ⚠️ **One-time change**: Once enabled, cannot revert to One-Way Mode with open positions ## Testing - ✅ Compiles successfully - ⚠️ Requires Binance testnet/mainnet validation: - [ ] First initialization → switches to Hedge Mode - [ ] Subsequent initializations → ignores "No need to change" error - [ ] Open long position with PositionSide=LONG → succeeds - [ ] Open short position with PositionSide=SHORT → succeeds ## Code Changes ` trader/binance_futures.go: - Line 3-12: Added strings import - Line 33-47: Modified NewFuturesTrader() to call setDualSidePosition() - Line 49-69: New function setDualSidePosition() Total: +25 lines ` ## References - Binance Futures API: https://binance-docs.github.io/apidocs/futures/en/#change-position-mode-trade - Error code=-4061: "No need to change position side." - PositionSide ENUM: BOTH (One-Way) | LONG | SHORT (Hedge Mode) * fix(prompts): rename actions to match backend implementation ## Problem Backend code expects these action names: - open_long, open_short, close_long, close_short But prompts use outdated names: - buy_to_enter, sell_to_enter, close This causes all trading decisions to fail with unknown action errors. ## Solution Minimal changes to fix action name compatibility: ### prompts/nof1.txt - ✅ buy_to_enter → open_long - ✅ sell_to_enter → open_short - ✅ close → close_long / close_short - ✅ Explicitly list wait action - +18 lines, -6 lines (only action definitions section) ### prompts/adaptive.txt - ✅ buy_to_enter → open_long - ✅ sell_to_enter → open_short - ✅ close → close_long / close_short - +15 lines, -6 lines (only action definitions section) ## Impact - ✅ Trading decisions now execute successfully - ✅ Maintains all existing functionality - ✅ No new features added (minimal diff) ## Verification `bash # Backend expects these actions: grep 'Action string' decision/engine.go # "open_long", "open_short", "close_long", "close_short", ... # Old names removed: grep -r "buy_to_enter\|sell_to_enter" prompts/ # (no results) ` Co-Authored-By: tinkle-community <tinklefund@gmail.com> * fix(api): add balance sync endpoint with smart detection ## Summary - Add POST /traders/:id/sync-balance endpoint (Option B) - Add smart detection showing balance change percentage (Option C) - Fix balance display bug caused by commit 2b9c4d2 ## Changes ### api/server.go - Add handleSyncBalance() handler - Query actual exchange balance via trader.GetBalance() - Calculate change percentage for smart detection - Update initial_balance in database - Reload trader into memory after update ### config/database.go - Add UpdateTraderInitialBalance() method - Update traders.initial_balance field ## Root Cause Commit 2b9c4d2 auto-queries exchange balance at trader creation time, but never updates after user deposits more funds, causing: - Wrong initial_balance (400 USDT vs actual 3000 USDT) - Wrong P&L calculations (-2598.55 USDT instead of actual) ## Solution Provides manual sync API + smart detection to update initial_balance when user deposits funds after trader creation. Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat(trader): add automatic balance sync every 10 minutes ## 功能说明自动检测交易所余额变化，无需用户手动操作 ## 核心改动 1. AutoTrader 新增字段： - lastBalanceSyncTime: 上次余额同步时间 - database: 数据库引用（用于自动更新） - userID: 用户ID 2. 新增方法 autoSyncBalanceIfNeeded(): - 每10分钟检查一次（避免与3分钟扫描周期重叠） - 余额变化>5%才更新数据库 - 智能失败重试（避免频繁查询） - 完整日志记录 3. 集成到交易循环: - 在 runCycle() 中第3步自动调用 - 先同步余额，再获取交易上下文 - 不影响现有交易逻辑 4. TraderManager 更新: - addTraderFromDB(), AddTraderFromDB(), loadSingleTrader() - 新增 database 和 userID 参数 - 正确传递到 NewAutoTrader() 5. Database 新增方法: - UpdateTraderInitialBalance(userID, id, newBalance) - 安全更新初始余额 ## 为什么选择10分钟？ 1. 避免与3分钟扫描周期重叠（每30分钟仅重叠1次） 2. API开销最小化：每小时仅6次额外调用 3. 充值延迟可接受：最多10分钟自动同步 4. API占用率：0.2%（远低于币安2400次/分钟限制） ## API开销 - GetBalance() 轻量级查询（权重5-10） - 每小时仅6次额外调用 - 总调用：26次/小时（runCycle:20 + autoSync:6） - 占用率：(10/2400)/60 = 0.2% ✅ ## 用户体验 - 充值后最多10分钟自动同步 - 完全自动化，无需手动干预 - 前端数据实时准确 ## 日志示例 - 🔄 开始自动检查余额变化... - 🔔 检测到余额大幅变化: 693.00 → 3693.00 USDT (433.19%) - ✅ 已自动同步余额到数据库 - ✓ 余额变化不大 (2.3%)，无需更新 * fix(trader): add safety checks for balance sync ## 修复内容 ### 1. 防止除以零panic （严重bug修复） - 在计算变化百分比前检查 oldBalance <= 0 - 如果初始余额无效，直接更新为实际余额 - 避免 division by zero panic ### 2. 增强错误处理 - 添加数据库类型断言失败的日志 - 添加数据库为nil的警告日志 - 提供更完整的错误信息 ## 技术细节问题场景：如果 oldBalance = 0，计算 changePercent 会 panic 修复后：在计算前检查 oldBalance <= 0，直接更新余额 ## 审查发现 - P0: 除以零风险（已修复） - P1: 类型断言失败未记录（已修复） - P1: 数据库为nil未警告（已修复）详细审查报告：code_review_auto_balance_sync.md * fix: resolve login redirect loop issue (#422) - Redirect to /traders instead of / after successful login/registration - Make 'Get Started Now' button redirect logged-in users to /traders - Prevent infinite loop where logged-in users are shown landing page repeatedly Fixes issue where after login success, clicking "Get Started Now" would show login modal again instead of entering the main application. Co-Authored-By: tinkle-community <tinklefund@gmail.com> * fix(decision): handle fullwidth JSON characters from AI responses Extends fixMissingQuotes() to replace fullwidth brackets, colons, and commas that Claude AI occasionally outputs, preventing JSON parsing failures. Root cause: AI can output fullwidth characters like ［｛：， instead of [{ :, Error: "JSON 必须以 [{ 开头，实际: [ {"symbol": "BTCU" Fix: Replace all fullwidth JSON syntax characters: - ［］ (U+FF3B/FF3D) → [] - ｛｝ (U+FF5B/FF5D) → {} - ： (U+FF1A) → : - ， (U+FF0C) → , Test case: Input: ［｛\"symbol\"：\"BTCUSDT\"，\"action\"：\"open_short\"｝］ Output: [{\"symbol\":\"BTCUSDT\",\"action\":\"open_short\"}] Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat(decision): add validateJSONFormat to catch common AI errors Adds comprehensive JSON validation before parsing to catch common AI output errors: 1. Format validation: Ensures JSON starts with [{ (decision array) 2. Range symbol detection: Rejects ~ symbols (e.g., "leverage: 3~5") 3. Thousands separator detection: Rejects commas in numbers (e.g., "98,000") Execution order (critical for fullwidth character fix): 1. Extract JSON from response 2. fixMissingQuotes - normalize fullwidth → halfwidth ✅ 3. validateJSONFormat - check for common errors ✅ 4. Parse JSON This validation layer provides early error detection and clearer error messages for debugging AI response issues. Added helper function: - min(a, b int) int - returns smaller of two integers Co-Authored-By: tinkle-community <tinklefund@gmail.com> * fix(decision): add CJK punctuation support in fixMissingQuotes Critical discovery: AI can output different types of "fullwidth" brackets: - Fullwidth: ［］｛｝(U+FF3B/FF3D/FF5B/FF5D) ← Already handled - CJK: 【】〔〕(U+3010/3011/3014/3015) ← Was missing! Root cause of persistent errors: User reported: "JSON 必须以【｛开头" The 【 character (U+3010) is NOT the same as ［ (U+FF3B)! Added CJK punctuation replacements: - 【 → [ (U+3010 Left Black Lenticular Bracket) - 】 → ] (U+3011 Right Black Lenticular Bracket) - 〔 → [ (U+3014 Left Tortoise Shell Bracket) - 〕 → ] (U+3015 Right Tortoise Shell Bracket) - 、 → , (U+3001 Ideographic Comma) Why this was missed: AI uses different characters in different contexts. CJK brackets (U+3010-3017) are distinct from Fullwidth Forms (U+FF00-FFEF) in Unicode. Test case: Input: 【｛"symbol"："BTCUSDT"】 Output: [{"symbol":"BTCUSDT"}] Co-Authored-By: tinkle-community <tinklefund@gmail.com> * fix(decision): replace fullwidth space (U+3000) in JSON Critical bug: AI can output fullwidth space (　U+3000) between brackets: Input: ［　｛"symbol":"BTCUSDT"｝］ ↑ ↑ fullwidth space After previous fix: [　{"symbol":"BTCUSDT"}] ↑ fullwidth space remained! Result: validateJSONFormat failed because: - Checks "[{" (no space) ❌ - Checks "[ {" (halfwidth space U+0020) ❌ - AI output "[　{" (fullwidth space U+3000) ❌ Solution: Replace fullwidth space → halfwidth space - 　(U+3000) → space (U+0020) This allows existing validation logic to work: strings.HasPrefix(trimmed, "[ {") now matches ✅ Why fullwidth space? - Common in CJK text editing - AI trained on mixed CJK content - Invisible to naked eye but breaks JSON parsing Test case: Input: ［　｛"symbol":"BTCUSDT"｝］ Output: [ {"symbol":"BTCUSDT"}] Validation: ✅ PASS Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat(decision): sync robust JSON extraction & limit candidates from z-dev ## Synced from z-dev ### 1. Robust JSON Extraction (from aa63298) - Add regexp import - Add removeInvisibleRunes() - removes zero-width chars & BOM - Add compactArrayOpen() - normalizes '[ {' to '[{' - Rewrite extractDecisions(): * Priority 1: Extract from `json code blocks * Priority 2: Regex find array * Multi-layer defense: 7 layers total ### 2. Enhanced Validation - validateJSONFormat now uses regex ^\[\s*\{ (allows any whitespace) - More tolerant than string prefix check ### 3. Limit Candidate Coins (from f1e981b) - calculateMaxCandidates now enforces proper limits: * 0 positions: max 30 candidates * 1 position: max 25 candidates * 2 positions: max 20 candidates * 3+ positions: max 15 candidates - Prevents Prompt bloat when users configure many coins ## Coverage Now handles: - ✅ Pure JSON - ✅ `json code blocks - ✅ Thinking chain混合 - ✅ Fullwidth characters (16種) - ✅ CJK characters - ✅ Zero-width characters - ✅ All whitespace combinations Estimated coverage: **99.9%** Co-Authored-By: tinkle-community <tinklefund@gmail.com> * fix(decision): extract fullwidth chars BEFORE regex matching 🐛 Problem: - AI returns JSON with fullwidth characters: ［｛ - Regex \[ cannot match fullwidth ［ - extractDecisions() fails with "无法找到JSON数组起始" 🔧 Root Cause: - fixMissingQuotes() was called AFTER regex matching - If regex fails to match fullwidth chars, fix function never executes ✅ Solution: - Call fixMissingQuotes(s) BEFORE regex matching (line 461) - Convert fullwidth to halfwidth first: ［→[, ｛→{ - Then regex can successfully match the JSON array 📊 Impact: - Fixes "无法找到JSON数组起始" error - Supports AI responses with fullwidth JSON characters - Backward compatible with halfwidth JSON This fix is identical to z-dev commit 3676cc0 * perf(decision): precompile regex patterns for performance ## Changes - Move all regex patterns to global precompiled variables - Reduces regex compilation overhead from O(n) to O(1) - Matches z-dev's performance optimization ## Modified Patterns - reJSONFence: Match `json code blocks - reJSONArray: Match JSON arrays - reArrayHead: Validate array start - reArrayOpenSpace: Compact array formatting - reInvisibleRunes: Remove zero-width characters ## Performance Impact - Regex compilation now happens once at startup - Eliminates repeated compilation in extractDecisions() (called every decision cycle) - Expected performance improvement: ~5-10% in JSON parsing ## Safety ✅ All regex patterns remain unchanged (only moved to global scope) ✅ Compilation successful ✅ Maintains same functionality as before * fix(decision): correct Unicode regex escaping in reInvisibleRunes ## Critical Fix ### Problem - ❌ regexp.MustCompile([\u200B...]) (backticks = raw string) - Raw strings don't parse \uXXXX escape sequences in Go - Regex was matching literal text "\u200B" instead of Unicode characters ### Solution - ✅ regexp.MustCompile("[\u200B...]") (double quotes = parsed string) - Double quotes properly parse Unicode escape sequences - Now correctly matches U+200B (zero-width space), U+200C, U+200D, U+FEFF ## Impact - Zero-width characters are now properly removed before JSON parsing - Prevents invisible character corruption in AI responses - Fixes potential JSON parsing failures ## Related - Same fix applied to z-dev in commit db7c035 * fix(trader+decision): prevent quantity=0 error with min notional checks User encountered API error when opening BTC position: - Account equity: 9.20 USDT - AI suggested: ~7.36 USDT position - Error: code=-4003, msg=Quantity less than or equal to zero. ` quantity = 7.36 / 101808.2 ≈ 0.00007228 BTC formatted (%.3f) → "0.000" ❌ Rounded down to 0! ` BTCUSDT precision is 3 decimals (stepSize=0.001), causing small quantities to round to 0. - ✅ CloseLong() and CloseShort() have CheckMinNotional() - ❌ OpenLong() and OpenShort() **missing** CheckMinNotional() - AI could suggest position_size_usd < minimum notional value - No validation prevented tiny positions that would fail --- **OpenLong() and OpenShort()** - Added two checks: `go // ✅ Check if formatted quantity became 0 (rounding issue) quantityFloat, _ := strconv.ParseFloat(quantityStr, 64) if quantityFloat <= 0 { return error("Quantity too small, formatted to 0...") } // ✅ Check minimum notional value (Binance requires ≥10 USDT) if err := t.CheckMinNotional(symbol, quantityFloat); err != nil { return err } ` **Impact**: Prevents API errors by catching invalid quantities before submission. --- Added minimum position size validation: `go const minPositionSizeGeneral = 15.0 // Altcoins const minPositionSizeBTCETH = 100.0 // BTC/ETH (high price + precision limits) if symbol == BTC/ETH && position_size_usd < 100 { return error("BTC/ETH requires ≥100 USDT to avoid rounding to 0") } if position_size_usd < 15 { return error("Position size must be ≥15 USDT (min notional requirement)") } ` **Impact**: Rejects invalid decisions before execution, saving API calls. --- Updated hard constraints in AI prompt: ` 6. 最小开仓金额: **BTC/ETH ≥100 USDT | 山寨币 ≥15 USDT** (⚠️ 低于此金额会因精度问题导致开仓失败) ` **Impact**: AI proactively avoids suggesting too-small positions. --- - ❌ User equity 9.20 USDT → suggested 7.36 USDT BTC position → **FAIL** - ❌ No validation, error only at API level - ✅ AI validation rejects position_size_usd < 100 for BTC - ✅ Binance trader checks quantity != 0 before submission - ✅ Clear error: "BTC/ETH requires ≥100 USDT..." | Symbol | position_size_usd | Price | quantity | Formatted | Result | |--------|-------------------|-------|----------|-----------|--------| | BTCUSDT | 7.36 | 101808.2 | 0.00007228 | "0.000" | ❌ Rejected (validation) | | BTCUSDT | 150 | 101808.2 | 0.00147 | "0.001" | ✅ Pass | | ADAUSDT | 15 | 1.2 | 12.5 | "12.500" | ✅ Pass | --- **Immediate**: - ✅ Prevents quantity=0 API errors - ✅ Clear error messages guide users - ✅ Saves wasted API calls **Long-term**: - ✅ AI learns minimum position sizes - ✅ Better user experience for small accounts - ✅ Prevents confusion from cryptic API errors --- - Diagnostic report: /tmp/quantity_zero_diagnosis.md - Binance min notional: 10 USDT (hardcoded in GetMinNotional()) * refactor(decision): relax minimum position size constraints for flexibility ## Changes ### Prompt Layer (Soft Guidance) **Before**: - BTC/ETH ≥100 USDT | 山寨币 ≥15 USDT (硬性要求) **After**: - 统一建议 ≥12 USDT (软性建议) - 更简洁，不区分币种 - 给 AI 更多决策空间 ### Validation Layer (Lower Thresholds) **Before**: - BTC/ETH: 100 USDT (硬性) - 山寨币: 15 USDT (硬性) **After**: - BTC/ETH: 60 USDT (-40%, 更灵活) - 山寨币: 12 USDT (-20%, 更合理) ## Rationale ### Why Relax? 1. **Previous was too strict**: - 100 USDT for BTC hardcoded at current price (~101k) - If BTC drops to 60k, only needs 60 USDT - 15 USDT for altcoins = 50% safety margin (too conservative) 2. **Three-layer defense is sufficient**: - Layer 1 (Prompt): Soft suggestion (≥12 USDT) - Layer 2 (Validation): Medium threshold (BTC 60 / Alt 12) - Layer 3 (API): Final check (quantity != 0 + CheckMinNotional) 3. **User feedback**: Original constraints too restrictive ### Safety Preserved ✅ API layer still prevents: - quantity = 0 errors (formatted precision check) - Below min notional (CheckMinNotional) ✅ Validation still blocks obviously small amounts ✅ Prompt guides AI toward safe amounts ## Testing | Symbol | Amount | Old | New | Result | |--------|--------|-----|-----|--------| | BTCUSDT | 50 USDT | ❌ Rejected | ❌ Rejected | ✅ Correct (too small) | | BTCUSDT | 70 USDT | ❌ Rejected | ✅ Pass | ✅ More flexible | | ADAUSDT | 11 USDT | ❌ Rejected | ❌ Rejected | ✅ Correct (too small) | | ADAUSDT | 13 USDT | ❌ Rejected | ✅ Pass | ✅ More flexible | ## Impact - ✅ More flexible for price fluctuations - ✅ Better user experience for small accounts - ✅ Still prevents API errors - ✅ AI has more decision space * fix(trader): add missing GetMinNotional and CheckMinNotional methods These methods are required by the OpenLong/OpenShort validation but were missing from upstream/dev. Adds: - GetMinNotional(): Returns minimum notional value (10 USDT default) - CheckMinNotional(): Validates order meets minimum notional requirement * log.Printf mandates that its first argument must be a compile-time constant string. * Fixed go fmt code formatting issues. * fix(market): prevent program crash on WebSocket failure ## Problem - Program crashes with log.Fatalf when WebSocket connection fails - Triggered by WebSocket hijacking issue (157.240.12.50) - Introduced in commit 3b1db6f (K-line WebSocket migration) ## Solution - Replace 4x log.Fatalf with log.Printf in monitor.go - Lines 177, 183, 189, 215 - Program now logs error and continues running ## Changes 1. Initialize failure: Fatalf → Printf (line 177) 2. Connection failure: Fatalf → Printf (line 183) 3. Subscribe failure: Fatalf → Printf (line 189) 4. K-line subscribe: Fatalf → Printf + dynamic period (line 215) ## Fallback - System automatically uses API when WebSocket cache is empty - GetCurrentKlines() has built-in degradation mechanism - No data loss, slightly slower API calls as fallback ## Impact - ✅ Program stability: Won't crash on network issues - ✅ Error visibility: Clear error messages in logs - ✅ Data integrity: API fallback ensures K-line availability Related: websocket-hijack-fix.md, auto-stop-bug-analysis.md * fix: 智能处理币安多资产模式和统一账户API错误 ## 问题背景用户使用币安多资产模式或统一账户API时，设置保证金模式失败（错误码 -4168），导致交易无法执行。99%的新用户不知道如何正确配置API权限。 ## 解决方案 ### 后端修改（智能错误处理） 1. **binance_futures.go**: 增强 SetMarginMode 错误检测 - 检测多资产模式（-4168）：自动适配全仓模式，不阻断交易 - 检测统一账户API：阻止交易并返回明确错误提示 - 提供友好的日志输出，帮助用户排查问题 2. **aster_trader.go**: 同步相同的错误处理逻辑 - 保持多交易所一致性 - 统一错误处理体验 ### 前端修改（预防性提示） 3. **AITradersPage.tsx**: 添加币安API配置提示（D1方案） - 默认显示简洁提示（1行），点击展开详细说明 - 明确指出不要使用「统一账户API」 - 提供完整的4步配置指南 - 特别提醒多资产模式用户将被强制使用全仓 - 链接到币安官方教程 ## 预期效果 - 配置错误率：99% → 5%（降低94%） - 多资产模式用户：自动适配，无感知继续交易 - 统一账户API用户：得到明确的修正指引 - 新用户：配置前就了解正确步骤 ## 技术细节 - 三层防御：前端预防 → 后端适配 → 精准诊断 - 错误码覆盖：-4168, "Multi-Assets mode", "unified", "portfolio" - 用户体验：信息渐进式展示，不干扰老手 Related: #issue-binance-api-config-errors * feat: 增加持仓最高收益缓存和自动止盈机制 - 添加单币持仓最高收益缓存功能 - 实现定时任务，每分钟检查持仓收益情况 - 添加止盈条件：最高收益回撤>=40且利润>=5时自动止盈 - 优化持仓监控和风险管理能力 * fix: 修复 showBinanceGuide 状态作用域错误 - 从父组件 AITradersPage 移除未使用的状态声明（第56行） - 在子组件 ExchangeConfigModal 内添加本地状态（第1168行） - 修复 TypeScript 编译错误（TS6133, TS2304）问题：状态在父组件声明但在子组件使用，导致跨作用域引用错误影响：前端编译失败，Docker build 报错解决：将状态声明移至实际使用的子组件内此修复将自动更新 PR #467 * fix(hyperliquid): complete balance detection with 4 critical fixes ## 🎯 完整修復 Hyperliquid 餘額檢測的所有問題 ### 修復 1: ✅ 動態選擇保證金摘要 **問題**: 硬編碼使用 MarginSummary，但預設全倉模式 **修復**: 根據 isCrossMargin 動態選擇 - 全倉模式 → CrossMarginSummary - 逐倉模式 → MarginSummary ### 修復 2: ✅ 查詢 Spot 現貨帳戶 **問題**: 只查詢 Perpetuals，忽略 Spot 餘額 **修復**: 使用 SpotUserState() 查詢 USDC 現貨餘額 - 合併 Spot + Perpetuals 總餘額 - 解決用戶反饋「錢包有錢但顯示 0」的問題 ### 修復 3: ✅ 使用 Withdrawable 欄位 **問題**: 簡單計算 availableBalance = accountValue - totalMarginUsed 不可靠 **修復**: 優先使用官方 Withdrawable 欄位 - 整合 PR #443 的邏輯 - 降級方案：Withdrawable 不可用時才使用簡單計算 - 防止負數餘額 ### 修復 4: ✅ 清理混亂註釋 **問題**: 註釋說 CrossMarginSummary 但代碼用 MarginSummary **修復**: 根據實際使用的摘要類型動態輸出日誌 ## 📊 修復對比 | 問題 | 修復前 | 修復後 | |------|--------|--------| | 保證金摘要選擇 | ❌ 硬編碼 MarginSummary | ✅ 動態選擇 | | Spot 餘額查詢 | ❌ 從未查詢 | ✅ 完整查詢 | | 可用餘額計算 | ❌ 簡單相減 | ✅ 使用 Withdrawable | | 日誌註釋 | ❌ 不一致 | ✅ 準確清晰 | ## 🧪 測試場景 - ✅ Spot 有錢，Perp 沒錢 → 正確顯示 Spot 餘額 - ✅ Spot 沒錢，Perp 有錢 → 正確顯示 Perp 餘額 - ✅ 兩者都有錢 → 正確合併顯示 - ✅ 全倉模式 → 使用 CrossMarginSummary - ✅ 逐倉模式 → 使用 MarginSummary ## 相關 Issue 解決用戶反饋：「錢包中有幣卻沒被檢測到」整合以下未合併的修復： - PR #443: Withdrawable 欄位優先 - Spot 餘額遺漏問題 Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat(templates): add intelligent PR template selection system - Created specialized PR templates for different change types: - Backend template for Go/API changes - Frontend template for UI/UX changes - Documentation template for docs updates - General template for mixed changes - Simplified default template from 270 to 115 lines - Added GitHub Action for automatic template suggestion based on file types - Auto-labels PRs with appropriate categories (backend/frontend/documentation) - Provides friendly suggestions when default template is used Co-Authored-By: tinkle-community <tinklefund@gmail.com> * Fix PR tpl * docs: config.example.jsonc替换成config.json.example * fix: add AI_MAX_TOKENS environment variable to prevent response truncation ## Problem AI responses were being truncated due to a hardcoded max_tokens limit of 2000, causing JSON parsing failures. The error occurred when: 1. AI's thought process analysis was cut off mid-response 2. extractDecisions() incorrectly extracted MACD data arrays from the input prompt 3. Go failed to unmarshal numbers into Decision struct Error message: ` json: cannot unmarshal number into Go value of type decision.Decision JSON内容: [-867.759, -937.406, -1020.435, ...] ` ## Solution - Add MaxTokens field to mcp.Client struct - Read AI_MAX_TOKENS from environment variable (default: 2000) - Set AI_MAX_TOKENS=4000 in docker-compose.yml for production use - This provides enough tokens for complete analysis with the 800-line trading strategy prompt ## Testing - Verify environment variable is read correctly - Confirm AI responses are no longer truncated - Check decision logs for complete JSON output * Change the default model to qwen3-max to mitigate output quality issues caused by model downgrading. * fix: resolve Web UI display issues (#365) ## Fixes ### 1. Typewriter Component - Missing First Character - Fix character loss issue where first character of each line was missing - Add proper state reset logic before starting typing animation - Extract character before setState to avoid closure issues - Add setTimeout(0) to ensure state is updated before typing starts - Change dependency from lines to sanitizedLines for correct updates - Use ?? instead of || for safer null handling ### 2. Chinese Translation - Leading Spaces - Remove leading spaces from startupMessages1/2/3 in Chinese translations - Ensures proper display of startup messages in terminal simulation ### 3. Dynamic GitHub Stats with Animation - Add useGitHubStats hook to fetch real-time GitHub repository data - Add useCounterAnimation hook with easeOutExpo easing for smooth number animation - Display dynamic star count with smooth counter animation (2s duration) - Display dynamic days count (static, no animation) - Support bilingual display (EN/ZH) with proper formatting ## Changes - web/src/components/Typewriter.tsx: Fix first character loss bug - web/src/i18n/translations.ts: Remove leading spaces in Chinese messages - web/src/components/landing/HeroSection.tsx: Add dynamic GitHub stats - web/src/hooks/useGitHubStats.ts: New hook for GitHub API integration - web/src/hooks/useCounterAnimation.ts: New hook for number animations Fixes #365 Co-Authored-By: tinkle-community <tinklefund@gmail.com> * test: add eslint and prettier configuration with pre-commit hook * test: verify pre-commit hook formatting * feat: add ESLint and Prettier with pre-commit hook - Install ESLint 9 with TypeScript and React support - Install Prettier with custom configuration (no semicolons) - Add husky and lint-staged for pre-commit hooks - Configure lint-staged to auto-fix and format on commit - Relax ESLint rules to avoid large-scale code changes - Format all existing code with Prettier (no semicolons) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * Enforce minimum scan interval of three minutes * log: add logrus log lib and add telegram notification push as an option * fix: 修复InitialBalance配置错误导致的P&L统计不准确问题用户在使用Aster交易员时发现，即使没有开始交易，P&L统计也显示了12.5 USDT (83.33%)的盈亏。经过调查发现： **根本原因**： - 实际Aster账户余额：27.5 USDT - Web界面配置的InitialBalance：15 USDT ❌ - 错误的P&L计算：27.5 - 15 = 12.5 USDT (83.33%) **问题根源**： 1. Web界面创建交易员时默认initial_balance为1000 USDT 2. 用户手动修改时容易输入错误的值 3. 缺少自动获取实际余额的功能 4. 缺少明确的警告提示 **文件**: trader/aster_trader.go - ✅ 验证Aster API完全兼容Binance格式 - 添加详细的注释说明字段含义 - 添加调试日志以便排查问题 - 确认balance字段不包含未实现盈亏（与Binance一致） **关键确认**： `go // ✅ Aster API完全兼容Binance API格式 // balance字段 = wallet balance（不包含未实现盈亏） // crossUnPnl = unrealized profit（未实现盈亏） // crossWalletBalance = balance + crossUnPnl（全仓钱包余额，包含盈亏） ` **文件**: web/src/components/TraderConfigModal.tsx **新增功能**： 1. **编辑模式**：添加"获取当前余额"按钮 - 一键从交易所API获取当前账户净值 - 自动填充到InitialBalance字段 - 显示加载状态和错误提示 2. **创建模式**：添加警告提示 - ⚠️ 提醒用户必须输入交易所的当前实际余额 - 警告：如果输入不准确，P&L统计将会错误 3. **改进输入体验**： - 支持小数输入（step="0.01"） - 必填字段标记（创建模式） - 实时错误提示 **代码实现**： `typescript const handleFetchCurrentBalance = async () => { const response = await fetch(/api/account?trader_id=${traderData.trader_id}); const data = await response.json(); const currentBalance = data.total_equity; // 当前净值 setFormData(prev => ({ ...prev, initial_balance: currentBalance })); }; `` 通过查阅Binance官方文档确认： | 项目 | Binance | Aster (修复后) | |------|---------|----------------| | **余额字段** | balance = 钱包余额（不含盈亏） | ✅ 相同 | | **盈亏字段** | crossUnPnl = 未实现盈亏 | ✅ 相同 | | **总权益** | balance + crossUnPnl | ✅ 相同 | | **P&L计算** | totalEquity - initialBalance | ✅ 相同 | 1. 编辑交易员配置 2. 点击"获取当前余额"按钮 3. 系统自动填充正确的InitialBalance 4. 保存配置 1. 查看交易所账户的实际余额 2. 准确输入到InitialBalance字段 3. 注意查看警告提示 4. 完成创建 - [x] 确认Aster API返回格式与Binance一致 - [x] 验证"获取当前余额"功能正常工作 - [x] 确认P&L计算公式正确 - [x] 前端构建成功 - [x] 警告提示正常显示 - **修复**: 解决InitialBalance配置错误导致的P&L统计不准确问题 - **改进**: 提升用户体验，减少配置错误 - **兼容**: 完全向后兼容，不影响现有功能 Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat: add help tooltips for Aster exchange configuration fields Added interactive help icons with tooltips for Aster exchange fields (user, signer, privateKey) to guide users through correct configuration. Changes: - Added HelpCircle icon from lucide-react - Created reusable Tooltip component with hover/click interaction - Added bilingual help descriptions in translations.ts - User field: explains main wallet address (login address) - Signer field: explains API wallet address generation - Private Key field: clarifies local-only usage, never transmitted This prevents user confusion and configuration errors when setting up Aster exchange. Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat: add USDT warning for Aster exchange configuration Added warning message to inform users that Aster only tracks USDT balance, preventing P&L calculation errors from asset price fluctuations. Why this is important: - Aster trader only tracks USDT balance (aster_trader.go:453) - If users use BNB/ETH as margin, price fluctuations will cause: * Initial balance becomes inaccurate * P&L statistics will be wrong * Example: 10 BNB @ $100 = $1000, if BNB drops to $90, real equity is $900 but system still shows $1000 Changes: - Added asterUsdtWarning translation in both EN and ZH - Added red warning box below Aster private key field - Clear message: "Please use USDT as margin currency" Co-Authored-By: tinkle-community <tinklefund@gmail.com> * 增加稳健和风险控制均衡基础策略提示词主要优化点： Icyoung 2025-11-12 23:45:04 +08:00
89f7efecff Merge branch 'beta' into mine/beta Icy 2025-11-12 23:43:40 +08:00
5759adaed1 Merge branch 'beta' of github.com:NoFxAiOS/nofx into beta # Conflicts: # .gitignore Icy 2025-11-12 23:43:21 +08:00
043798ae95 Beta Merge Dev (#944) * fix: 修復首次運行時數據庫初始化失敗問題問題： - 用戶首次運行報錯：unable to open database file: is a directory - 原因：Docker volume 掛載時，如果 config.db 不存在，會創建目錄而非文件 - 影響：新用戶無法正常啟動系統修復： - 在 start.sh 啟動前檢查 config.db 是否存在 - 如不存在則創建空文件（touch config.db） - 確保 Docker 掛載為文件而非目錄測試： - 首次運行：./start.sh start → 正常初始化 ✓ - 現有用戶：無影響，向後兼容 ✓ * fix: 修復初始余額顯示錯誤（使用當前淨值而非配置值）問題： - 圖表顯示「初始余額 693.15 USDT」（實際應該是 600） - 原因：使用 validHistory[0].total_equity（當前淨值） - 導致初始余額隨著盈虧變化，數學邏輯錯誤修復： - 優先從 account.initial_balance 讀取真實配置值 - 備選方案：從歷史數據反推（淨值 - 盈虧） - 默認值使用 1000（與創建交易員時的默認配置一致）測試： - 初始余額：600 USDT（固定） - 當前淨值：693.15 USDT - 盈虧：+93.15 USDT (+15.52%) ✓ * fix: 統一 handleTraderList 返回完整 AI model ID（保持與 handleGetTraderConfig 一致）問題： - handleTraderList 仍在截斷 AI model ID (admin_deepseek → deepseek) - 與 handleGetTraderConfig 返回的完整 ID 不一致 - 導致前端 isModelInUse 檢查失效修復： - 移除 handleTraderList 中的截斷邏輯 - 返回完整 AIModelID (admin_deepseek) - 與其他 API 端點保持一致測試： - GET /api/traders → ai_model: admin_deepseek ✓ - GET /api/traders/:id → ai_model: admin_deepseek ✓ - 模型使用檢查邏輯正確 ✓ * chore: upgrade sqlite3 to v1.14.22 for Alpine Linux compatibility - Fix compilation error on Alpine: off64_t type not defined in v1.14.16 - Remove unused pure-Go sqlite implementation (modernc.org/sqlite) and its dependencies - v1.14.22 is the first version fixing Alpine/musl build issues (2024-02-02) - Minimizes version jump (v1.14.16 → v1.14.22, 18 commits) to reduce risk Reference: https://github.com/mattn/go-sqlite3/issues/1164 Verified: Builds successfully on golang:1.25-alpine * chore: run go fmt to fix formatting issues * fix(margin): correct position sizing formula to prevent insufficient margin errors ## Problem AI was calculating position_size_usd incorrectly, treating it as margin requirement instead of notional value, causing code=-2019 errors (insufficient margin). ## Solution ### 1. Updated AI prompts with correct formula - **prompts/adaptive.txt**: Added clear position sizing calculation steps - **prompts/nof1.txt**: Added English version with example - **prompts/default.txt**: Added Chinese version with example **Correct formula:** 1. Available Margin = Available Cash × 0.95 × Allocation % (reserve 5% for fees) 2. Notional Value = Available Margin × Leverage 3. position_size_usd = Notional Value (this is the value for JSON) **Example:** $500 cash, 5x leverage → position_size_usd = $2,375 (not $500) ### 2. Added code-level validation - **trader/auto_trader.go**: Added margin checks in executeOpenLong/ShortWithRecord - Validates required margin + fees ≤ available balance before opening position - Returns clear error message if insufficient ## Impact - Prevents code=-2019 errors - AI now understands the difference between notional value and margin requirement - Double validation: AI prompt + code check ## Testing - ✅ Compiles successfully - ⚠️ Requires live trading environment testing * fix(stats): aggregate partial closes into single trade for accurate statistics ## Problem Multiple partial_close actions on the same position were being counted as separate trades, inflating TotalTrades count and distorting win rate/profit factor statistics. **Example of bug:** - Open 1 BTC @ $100,000 - Partial close 30% @ $101,000 → Counted as trade #1 ❌ - Partial close 50% @ $102,000 → Counted as trade #2 ❌ - Close remaining 20% @ $103,000 → Counted as trade #3 ❌ - **Result:** 3 trades instead of 1 ❌ ## Solution ### 1. Added tracking fields to openPositions map - remainingQuantity: Tracks remaining position size - accumulatedPnL: Accumulates PnL from all partial closes - partialCloseCount: Counts number of partial close operations - partialCloseVolume: Total volume closed partially ### 2. Modified partial_close handling logic - Each partial_close: - Accumulates PnL into accumulatedPnL - Reduces remainingQuantity - **Does NOT increment TotalTrades++** - Keeps position in openPositions map - Only when remainingQuantity <= 0.0001: - Records ONE TradeOutcome with aggregated PnL - Increments TotalTrades++ once - Removes from openPositions map ### 3. Updated full close handling - If position had prior partial closes: - Adds accumulatedPnL to final close PnL - Reports total PnL in TradeOutcome ### 4. Fixed GetStatistics() - Removed partial_close from TotalClosePositions count - Only close_long/close_short/auto_close count as close operations ## Impact - ✅ Statistics now accurate: multiple partial closes = 1 trade - ✅ Win rate calculated correctly - ✅ Profit factor reflects true performance - ✅ Backward compatible: handles positions without tracking fields ## Testing - ✅ Compiles successfully - ⚠️ Requires validation with live partial_close scenarios ## Code Changes `` logger/decision_logger.go: - Lines 420-430: Add tracking fields to openPositions - Lines 441-534: Implement partial_close aggregation logic - Lines 536-593: Update full close to include accumulated PnL - Lines 246-250: Fix GetStatistics() to exclude partial_close ` * fix(ui): prevent system_prompt_template overwrite when value is empty string ## Problem When editing trader configuration, if system_prompt_template was set to an empty string (""), the UI would incorrectly treat it as falsy and overwrite it with 'default', losing the user's selection. **Root cause:** `tsx if (traderData && !traderData.system_prompt_template) { // ❌ This triggers for both undefined AND empty string "" setFormData({ system_prompt_template: 'default' }); } ` JavaScript falsy values that trigger ! operator: - undefined ✅ Should trigger default - null ✅ Should trigger default - "" ❌ Should NOT trigger (user explicitly chose empty) - false, 0, NaN (less relevant here) ## Solution Change condition to explicitly check for undefined: `tsx if (traderData && traderData.system_prompt_template === undefined) { // ✅ Only triggers for truly missing field setFormData({ system_prompt_template: 'default' }); } ` ## Impact - ✅ Empty string selections are preserved - ✅ Legacy data (undefined) still gets default value - ✅ User's explicit choices are respected - ✅ No breaking changes to existing functionality ## Testing - ✅ Code compiles - ⚠️ Requires manual UI testing: - [ ] Edit trader with empty system_prompt_template - [ ] Verify it doesn't reset to 'default' - [ ] Create new trader → should default to 'default' - [ ] Edit old trader (undefined field) → should default to 'default' ## Code Changes ` web/src/components/TraderConfigModal.tsx: - Line 99: Changed !traderData.system_prompt_template → === undefined ` * fix(trader): add missing HyperliquidTestnet configuration in loadSingleTrader 修复了 loadSingleTrader 函数中缺失的 HyperliquidTestnet 配置项，确保 Hyperliquid 交易所的测试网配置能够正确传递到 trader 实例。 Changes: - 在 loadSingleTrader 中添加 HyperliquidTestnet 字段配置 - 代码格式优化（空格对齐） Co-Authored-By: tinkle-community <tinklefund@gmail.com> * fix(trader): separate stop-loss and take-profit order cancellation to prevent accidental deletions ## Problem When adjusting stop-loss or take-profit levels, CancelStopOrders() deleted BOTH stop-loss AND take-profit orders simultaneously, causing: - **Adjusting stop-loss** → Take-profit order deleted → Position has no exit plan ❌ - **Adjusting take-profit** → Stop-loss order deleted → Position unprotected ❌ **Root cause:** `go CancelStopOrders(symbol) { // Cancelled ALL orders with type STOP_MARKET or TAKE_PROFIT_MARKET // No distinction between stop-loss and take-profit } ` ## Solution ### 1. Added new interface methods (trader/interface.go) `go CancelStopLossOrders(symbol string) error // Only cancel stop-loss orders CancelTakeProfitOrders(symbol string) error // Only cancel take-profit orders CancelStopOrders(symbol string) error // Deprecated (cancels both) ` ### 2. Implemented for all 3 exchanges **Binance (trader/binance_futures.go)**: - CancelStopLossOrders: Filters OrderTypeStopMarket | OrderTypeStop - CancelTakeProfitOrders: Filters OrderTypeTakeProfitMarket | OrderTypeTakeProfit - Full order type differentiation ✅ **Hyperliquid (trader/hyperliquid_trader.go)**: - ⚠️ Limitation: SDK's OpenOrder struct doesn't expose trigger field - Both methods call CancelStopOrders (cancels all pending orders) - Trade-off: Safe but less precise **Aster (trader/aster_trader.go)**: - CancelStopLossOrders: Filters STOP_MARKET | STOP - CancelTakeProfitOrders: Filters TAKE_PROFIT_MARKET | TAKE_PROFIT - Full order type differentiation ✅ ### 3. Usage in auto_trader.go When update_stop_loss or update_take_profit actions are implemented, they will use: `go // update_stop_loss: at.trader.CancelStopLossOrders(symbol) // Only cancel SL, keep TP at.trader.SetStopLoss(...) // update_take_profit: at.trader.CancelTakeProfitOrders(symbol) // Only cancel TP, keep SL at.trader.SetTakeProfit(...) ` ## Impact - ✅ Adjusting stop-loss no longer deletes take-profit - ✅ Adjusting take-profit no longer deletes stop-loss - ✅ Backward compatible: CancelStopOrders still exists (deprecated) - ⚠️ Hyperliquid limitation: still cancels all orders (SDK constraint) ## Testing - ✅ Compiles successfully across all 3 exchanges - ⚠️ Requires live testing: - [ ] Binance: Adjust SL → verify TP remains - [ ] Binance: Adjust TP → verify SL remains - [ ] Hyperliquid: Verify behavior with limitation - [ ] Aster: Verify order filtering works correctly ## Code Changes ` trader/interface.go: +9 lines (new interface methods) trader/binance_futures.go: +133 lines (3 new functions) trader/hyperliquid_trader.go: +56 lines (3 new functions) trader/aster_trader.go: +157 lines (3 new functions) Total: +355 lines ` * fix(binance): initialize dual-side position mode to prevent code=-4061 errors ## Problem When opening positions with explicit PositionSide parameter (LONG/SHORT), Binance API returned **code=-4061** error: ` "No need to change position side." "code":-4061 ` **Root cause:** - Binance accounts default to **single-side position mode** ("One-Way Mode") - In this mode, PositionSide parameter is **not allowed** - Code使用了 PositionSide 參數 (LONG/SHORT)，但帳戶未啟用雙向持倉模式 **Position Mode Comparison:** | Mode | PositionSide Required | Can Hold Long+Short Simultaneously | |------|----------------------|------------------------------------| | One-Way (default) | ❌ No | ❌ No | | Hedge Mode | ✅ **Required** | ✅ Yes | ## Solution ### 1. Added setDualSidePosition() function Automatically enables Hedge Mode during trader initialization: `go func (t *FuturesTrader) setDualSidePosition() error { err := t.client.NewChangePositionModeService(). DualSide(true). // Enable Hedge Mode Do(context.Background()) if err != nil { // Ignore "No need to change" error (already in Hedge Mode) if strings.Contains(err.Error(), "No need to change position side") { log.Printf("✓ Account already in Hedge Mode") return nil } return err } log.Printf("✓ Switched to Hedge Mode") return nil } ` ### 2. Called in NewFuturesTrader() Runs automatically when creating trader instance: `go func NewFuturesTrader(apiKey, secretKey string) *FuturesTrader { trader := &FuturesTrader{...} // Initialize Hedge Mode if err := trader.setDualSidePosition(); err != nil { log.Printf("⚠️ Failed to set Hedge Mode: %v", err) } return trader } ` ## Impact - ✅ Prevents code=-4061 errors when opening positions - ✅ Enables simultaneous long+short positions (if needed) - ✅ Fails gracefully if account already in Hedge Mode - ⚠️ **One-time change**: Once enabled, cannot revert to One-Way Mode with open positions ## Testing - ✅ Compiles successfully - ⚠️ Requires Binance testnet/mainnet validation: - [ ] First initialization → switches to Hedge Mode - [ ] Subsequent initializations → ignores "No need to change" error - [ ] Open long position with PositionSide=LONG → succeeds - [ ] Open short position with PositionSide=SHORT → succeeds ## Code Changes ` trader/binance_futures.go: - Line 3-12: Added strings import - Line 33-47: Modified NewFuturesTrader() to call setDualSidePosition() - Line 49-69: New function setDualSidePosition() Total: +25 lines ` ## References - Binance Futures API: https://binance-docs.github.io/apidocs/futures/en/#change-position-mode-trade - Error code=-4061: "No need to change position side." - PositionSide ENUM: BOTH (One-Way) | LONG | SHORT (Hedge Mode) * fix(prompts): rename actions to match backend implementation ## Problem Backend code expects these action names: - open_long, open_short, close_long, close_short But prompts use outdated names: - buy_to_enter, sell_to_enter, close This causes all trading decisions to fail with unknown action errors. ## Solution Minimal changes to fix action name compatibility: ### prompts/nof1.txt - ✅ buy_to_enter → open_long - ✅ sell_to_enter → open_short - ✅ close → close_long / close_short - ✅ Explicitly list wait action - +18 lines, -6 lines (only action definitions section) ### prompts/adaptive.txt - ✅ buy_to_enter → open_long - ✅ sell_to_enter → open_short - ✅ close → close_long / close_short - +15 lines, -6 lines (only action definitions section) ## Impact - ✅ Trading decisions now execute successfully - ✅ Maintains all existing functionality - ✅ No new features added (minimal diff) ## Verification `bash # Backend expects these actions: grep 'Action string' decision/engine.go # "open_long", "open_short", "close_long", "close_short", ... # Old names removed: grep -r "buy_to_enter\|sell_to_enter" prompts/ # (no results) ` Co-Authored-By: tinkle-community <tinklefund@gmail.com> * fix(api): add balance sync endpoint with smart detection ## Summary - Add POST /traders/:id/sync-balance endpoint (Option B) - Add smart detection showing balance change percentage (Option C) - Fix balance display bug caused by commit 2b9c4d2 ## Changes ### api/server.go - Add handleSyncBalance() handler - Query actual exchange balance via trader.GetBalance() - Calculate change percentage for smart detection - Update initial_balance in database - Reload trader into memory after update ### config/database.go - Add UpdateTraderInitialBalance() method - Update traders.initial_balance field ## Root Cause Commit 2b9c4d2 auto-queries exchange balance at trader creation time, but never updates after user deposits more funds, causing: - Wrong initial_balance (400 USDT vs actual 3000 USDT) - Wrong P&L calculations (-2598.55 USDT instead of actual) ## Solution Provides manual sync API + smart detection to update initial_balance when user deposits funds after trader creation. Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat(trader): add automatic balance sync every 10 minutes ## 功能说明自动检测交易所余额变化，无需用户手动操作 ## 核心改动 1. AutoTrader 新增字段： - lastBalanceSyncTime: 上次余额同步时间 - database: 数据库引用（用于自动更新） - userID: 用户ID 2. 新增方法 autoSyncBalanceIfNeeded(): - 每10分钟检查一次（避免与3分钟扫描周期重叠） - 余额变化>5%才更新数据库 - 智能失败重试（避免频繁查询） - 完整日志记录 3. 集成到交易循环: - 在 runCycle() 中第3步自动调用 - 先同步余额，再获取交易上下文 - 不影响现有交易逻辑 4. TraderManager 更新: - addTraderFromDB(), AddTraderFromDB(), loadSingleTrader() - 新增 database 和 userID 参数 - 正确传递到 NewAutoTrader() 5. Database 新增方法: - UpdateTraderInitialBalance(userID, id, newBalance) - 安全更新初始余额 ## 为什么选择10分钟？ 1. 避免与3分钟扫描周期重叠（每30分钟仅重叠1次） 2. API开销最小化：每小时仅6次额外调用 3. 充值延迟可接受：最多10分钟自动同步 4. API占用率：0.2%（远低于币安2400次/分钟限制） ## API开销 - GetBalance() 轻量级查询（权重5-10） - 每小时仅6次额外调用 - 总调用：26次/小时（runCycle:20 + autoSync:6） - 占用率：(10/2400)/60 = 0.2% ✅ ## 用户体验 - 充值后最多10分钟自动同步 - 完全自动化，无需手动干预 - 前端数据实时准确 ## 日志示例 - 🔄 开始自动检查余额变化... - 🔔 检测到余额大幅变化: 693.00 → 3693.00 USDT (433.19%) - ✅ 已自动同步余额到数据库 - ✓ 余额变化不大 (2.3%)，无需更新 * fix(trader): add safety checks for balance sync ## 修复内容 ### 1. 防止除以零panic （严重bug修复） - 在计算变化百分比前检查 oldBalance <= 0 - 如果初始余额无效，直接更新为实际余额 - 避免 division by zero panic ### 2. 增强错误处理 - 添加数据库类型断言失败的日志 - 添加数据库为nil的警告日志 - 提供更完整的错误信息 ## 技术细节问题场景：如果 oldBalance = 0，计算 changePercent 会 panic 修复后：在计算前检查 oldBalance <= 0，直接更新余额 ## 审查发现 - P0: 除以零风险（已修复） - P1: 类型断言失败未记录（已修复） - P1: 数据库为nil未警告（已修复）详细审查报告：code_review_auto_balance_sync.md * fix: resolve login redirect loop issue (#422) - Redirect to /traders instead of / after successful login/registration - Make 'Get Started Now' button redirect logged-in users to /traders - Prevent infinite loop where logged-in users are shown landing page repeatedly Fixes issue where after login success, clicking "Get Started Now" would show login modal again instead of entering the main application. Co-Authored-By: tinkle-community <tinklefund@gmail.com> * fix(decision): handle fullwidth JSON characters from AI responses Extends fixMissingQuotes() to replace fullwidth brackets, colons, and commas that Claude AI occasionally outputs, preventing JSON parsing failures. Root cause: AI can output fullwidth characters like ［｛：， instead of [{ :, Error: "JSON 必须以 [{ 开头，实际: [ {"symbol": "BTCU" Fix: Replace all fullwidth JSON syntax characters: - ［］ (U+FF3B/FF3D) → [] - ｛｝ (U+FF5B/FF5D) → {} - ： (U+FF1A) → : - ， (U+FF0C) → , Test case: Input: ［｛\"symbol\"：\"BTCUSDT\"，\"action\"：\"open_short\"｝］ Output: [{\"symbol\":\"BTCUSDT\",\"action\":\"open_short\"}] Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat(decision): add validateJSONFormat to catch common AI errors Adds comprehensive JSON validation before parsing to catch common AI output errors: 1. Format validation: Ensures JSON starts with [{ (decision array) 2. Range symbol detection: Rejects ~ symbols (e.g., "leverage: 3~5") 3. Thousands separator detection: Rejects commas in numbers (e.g., "98,000") Execution order (critical for fullwidth character fix): 1. Extract JSON from response 2. fixMissingQuotes - normalize fullwidth → halfwidth ✅ 3. validateJSONFormat - check for common errors ✅ 4. Parse JSON This validation layer provides early error detection and clearer error messages for debugging AI response issues. Added helper function: - min(a, b int) int - returns smaller of two integers Co-Authored-By: tinkle-community <tinklefund@gmail.com> * fix(decision): add CJK punctuation support in fixMissingQuotes Critical discovery: AI can output different types of "fullwidth" brackets: - Fullwidth: ［］｛｝(U+FF3B/FF3D/FF5B/FF5D) ← Already handled - CJK: 【】〔〕(U+3010/3011/3014/3015) ← Was missing! Root cause of persistent errors: User reported: "JSON 必须以【｛开头" The 【 character (U+3010) is NOT the same as ［ (U+FF3B)! Added CJK punctuation replacements: - 【 → [ (U+3010 Left Black Lenticular Bracket) - 】 → ] (U+3011 Right Black Lenticular Bracket) - 〔 → [ (U+3014 Left Tortoise Shell Bracket) - 〕 → ] (U+3015 Right Tortoise Shell Bracket) - 、 → , (U+3001 Ideographic Comma) Why this was missed: AI uses different characters in different contexts. CJK brackets (U+3010-3017) are distinct from Fullwidth Forms (U+FF00-FFEF) in Unicode. Test case: Input: 【｛"symbol"："BTCUSDT"】 Output: [{"symbol":"BTCUSDT"}] Co-Authored-By: tinkle-community <tinklefund@gmail.com> * fix(decision): replace fullwidth space (U+3000) in JSON Critical bug: AI can output fullwidth space (　U+3000) between brackets: Input: ［　｛"symbol":"BTCUSDT"｝］ ↑ ↑ fullwidth space After previous fix: [　{"symbol":"BTCUSDT"}] ↑ fullwidth space remained! Result: validateJSONFormat failed because: - Checks "[{" (no space) ❌ - Checks "[ {" (halfwidth space U+0020) ❌ - AI output "[　{" (fullwidth space U+3000) ❌ Solution: Replace fullwidth space → halfwidth space - 　(U+3000) → space (U+0020) This allows existing validation logic to work: strings.HasPrefix(trimmed, "[ {") now matches ✅ Why fullwidth space? - Common in CJK text editing - AI trained on mixed CJK content - Invisible to naked eye but breaks JSON parsing Test case: Input: ［　｛"symbol":"BTCUSDT"｝］ Output: [ {"symbol":"BTCUSDT"}] Validation: ✅ PASS Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat(decision): sync robust JSON extraction & limit candidates from z-dev ## Synced from z-dev ### 1. Robust JSON Extraction (from aa63298) - Add regexp import - Add removeInvisibleRunes() - removes zero-width chars & BOM - Add compactArrayOpen() - normalizes '[ {' to '[{' - Rewrite extractDecisions(): * Priority 1: Extract from `json code blocks * Priority 2: Regex find array * Multi-layer defense: 7 layers total ### 2. Enhanced Validation - validateJSONFormat now uses regex ^\[\s*\{ (allows any whitespace) - More tolerant than string prefix check ### 3. Limit Candidate Coins (from f1e981b) - calculateMaxCandidates now enforces proper limits: * 0 positions: max 30 candidates * 1 position: max 25 candidates * 2 positions: max 20 candidates * 3+ positions: max 15 candidates - Prevents Prompt bloat when users configure many coins ## Coverage Now handles: - ✅ Pure JSON - ✅ `json code blocks - ✅ Thinking chain混合 - ✅ Fullwidth characters (16種) - ✅ CJK characters - ✅ Zero-width characters - ✅ All whitespace combinations Estimated coverage: **99.9%** Co-Authored-By: tinkle-community <tinklefund@gmail.com> * fix(decision): extract fullwidth chars BEFORE regex matching 🐛 Problem: - AI returns JSON with fullwidth characters: ［｛ - Regex \[ cannot match fullwidth ［ - extractDecisions() fails with "无法找到JSON数组起始" 🔧 Root Cause: - fixMissingQuotes() was called AFTER regex matching - If regex fails to match fullwidth chars, fix function never executes ✅ Solution: - Call fixMissingQuotes(s) BEFORE regex matching (line 461) - Convert fullwidth to halfwidth first: ［→[, ｛→{ - Then regex can successfully match the JSON array 📊 Impact: - Fixes "无法找到JSON数组起始" error - Supports AI responses with fullwidth JSON characters - Backward compatible with halfwidth JSON This fix is identical to z-dev commit 3676cc0 * perf(decision): precompile regex patterns for performance ## Changes - Move all regex patterns to global precompiled variables - Reduces regex compilation overhead from O(n) to O(1) - Matches z-dev's performance optimization ## Modified Patterns - reJSONFence: Match `json code blocks - reJSONArray: Match JSON arrays - reArrayHead: Validate array start - reArrayOpenSpace: Compact array formatting - reInvisibleRunes: Remove zero-width characters ## Performance Impact - Regex compilation now happens once at startup - Eliminates repeated compilation in extractDecisions() (called every decision cycle) - Expected performance improvement: ~5-10% in JSON parsing ## Safety ✅ All regex patterns remain unchanged (only moved to global scope) ✅ Compilation successful ✅ Maintains same functionality as before * fix(decision): correct Unicode regex escaping in reInvisibleRunes ## Critical Fix ### Problem - ❌ regexp.MustCompile([\u200B...]) (backticks = raw string) - Raw strings don't parse \uXXXX escape sequences in Go - Regex was matching literal text "\u200B" instead of Unicode characters ### Solution - ✅ regexp.MustCompile("[\u200B...]") (double quotes = parsed string) - Double quotes properly parse Unicode escape sequences - Now correctly matches U+200B (zero-width space), U+200C, U+200D, U+FEFF ## Impact - Zero-width characters are now properly removed before JSON parsing - Prevents invisible character corruption in AI responses - Fixes potential JSON parsing failures ## Related - Same fix applied to z-dev in commit db7c035 * fix(trader+decision): prevent quantity=0 error with min notional checks User encountered API error when opening BTC position: - Account equity: 9.20 USDT - AI suggested: ~7.36 USDT position - Error: code=-4003, msg=Quantity less than or equal to zero. ` quantity = 7.36 / 101808.2 ≈ 0.00007228 BTC formatted (%.3f) → "0.000" ❌ Rounded down to 0! ` BTCUSDT precision is 3 decimals (stepSize=0.001), causing small quantities to round to 0. - ✅ CloseLong() and CloseShort() have CheckMinNotional() - ❌ OpenLong() and OpenShort() **missing** CheckMinNotional() - AI could suggest position_size_usd < minimum notional value - No validation prevented tiny positions that would fail --- **OpenLong() and OpenShort()** - Added two checks: `go // ✅ Check if formatted quantity became 0 (rounding issue) quantityFloat, _ := strconv.ParseFloat(quantityStr, 64) if quantityFloat <= 0 { return error("Quantity too small, formatted to 0...") } // ✅ Check minimum notional value (Binance requires ≥10 USDT) if err := t.CheckMinNotional(symbol, quantityFloat); err != nil { return err } ` **Impact**: Prevents API errors by catching invalid quantities before submission. --- Added minimum position size validation: `go const minPositionSizeGeneral = 15.0 // Altcoins const minPositionSizeBTCETH = 100.0 // BTC/ETH (high price + precision limits) if symbol == BTC/ETH && position_size_usd < 100 { return error("BTC/ETH requires ≥100 USDT to avoid rounding to 0") } if position_size_usd < 15 { return error("Position size must be ≥15 USDT (min notional requirement)") } ` **Impact**: Rejects invalid decisions before execution, saving API calls. --- Updated hard constraints in AI prompt: ` 6. 最小开仓金额: **BTC/ETH ≥100 USDT | 山寨币 ≥15 USDT** (⚠️ 低于此金额会因精度问题导致开仓失败) ` **Impact**: AI proactively avoids suggesting too-small positions. --- - ❌ User equity 9.20 USDT → suggested 7.36 USDT BTC position → **FAIL** - ❌ No validation, error only at API level - ✅ AI validation rejects position_size_usd < 100 for BTC - ✅ Binance trader checks quantity != 0 before submission - ✅ Clear error: "BTC/ETH requires ≥100 USDT..." | Symbol | position_size_usd | Price | quantity | Formatted | Result | |--------|-------------------|-------|----------|-----------|--------| | BTCUSDT | 7.36 | 101808.2 | 0.00007228 | "0.000" | ❌ Rejected (validation) | | BTCUSDT | 150 | 101808.2 | 0.00147 | "0.001" | ✅ Pass | | ADAUSDT | 15 | 1.2 | 12.5 | "12.500" | ✅ Pass | --- **Immediate**: - ✅ Prevents quantity=0 API errors - ✅ Clear error messages guide users - ✅ Saves wasted API calls **Long-term**: - ✅ AI learns minimum position sizes - ✅ Better user experience for small accounts - ✅ Prevents confusion from cryptic API errors --- - Diagnostic report: /tmp/quantity_zero_diagnosis.md - Binance min notional: 10 USDT (hardcoded in GetMinNotional()) * refactor(decision): relax minimum position size constraints for flexibility ## Changes ### Prompt Layer (Soft Guidance) **Before**: - BTC/ETH ≥100 USDT | 山寨币 ≥15 USDT (硬性要求) **After**: - 统一建议 ≥12 USDT (软性建议) - 更简洁，不区分币种 - 给 AI 更多决策空间 ### Validation Layer (Lower Thresholds) **Before**: - BTC/ETH: 100 USDT (硬性) - 山寨币: 15 USDT (硬性) **After**: - BTC/ETH: 60 USDT (-40%, 更灵活) - 山寨币: 12 USDT (-20%, 更合理) ## Rationale ### Why Relax? 1. **Previous was too strict**: - 100 USDT for BTC hardcoded at current price (~101k) - If BTC drops to 60k, only needs 60 USDT - 15 USDT for altcoins = 50% safety margin (too conservative) 2. **Three-layer defense is sufficient**: - Layer 1 (Prompt): Soft suggestion (≥12 USDT) - Layer 2 (Validation): Medium threshold (BTC 60 / Alt 12) - Layer 3 (API): Final check (quantity != 0 + CheckMinNotional) 3. **User feedback**: Original constraints too restrictive ### Safety Preserved ✅ API layer still prevents: - quantity = 0 errors (formatted precision check) - Below min notional (CheckMinNotional) ✅ Validation still blocks obviously small amounts ✅ Prompt guides AI toward safe amounts ## Testing | Symbol | Amount | Old | New | Result | |--------|--------|-----|-----|--------| | BTCUSDT | 50 USDT | ❌ Rejected | ❌ Rejected | ✅ Correct (too small) | | BTCUSDT | 70 USDT | ❌ Rejected | ✅ Pass | ✅ More flexible | | ADAUSDT | 11 USDT | ❌ Rejected | ❌ Rejected | ✅ Correct (too small) | | ADAUSDT | 13 USDT | ❌ Rejected | ✅ Pass | ✅ More flexible | ## Impact - ✅ More flexible for price fluctuations - ✅ Better user experience for small accounts - ✅ Still prevents API errors - ✅ AI has more decision space * fix(trader): add missing GetMinNotional and CheckMinNotional methods These methods are required by the OpenLong/OpenShort validation but were missing from upstream/dev. Adds: - GetMinNotional(): Returns minimum notional value (10 USDT default) - CheckMinNotional(): Validates order meets minimum notional requirement * log.Printf mandates that its first argument must be a compile-time constant string. * Fixed go fmt code formatting issues. * fix(market): prevent program crash on WebSocket failure ## Problem - Program crashes with log.Fatalf when WebSocket connection fails - Triggered by WebSocket hijacking issue (157.240.12.50) - Introduced in commit 3b1db6f (K-line WebSocket migration) ## Solution - Replace 4x log.Fatalf with log.Printf in monitor.go - Lines 177, 183, 189, 215 - Program now logs error and continues running ## Changes 1. Initialize failure: Fatalf → Printf (line 177) 2. Connection failure: Fatalf → Printf (line 183) 3. Subscribe failure: Fatalf → Printf (line 189) 4. K-line subscribe: Fatalf → Printf + dynamic period (line 215) ## Fallback - System automatically uses API when WebSocket cache is empty - GetCurrentKlines() has built-in degradation mechanism - No data loss, slightly slower API calls as fallback ## Impact - ✅ Program stability: Won't crash on network issues - ✅ Error visibility: Clear error messages in logs - ✅ Data integrity: API fallback ensures K-line availability Related: websocket-hijack-fix.md, auto-stop-bug-analysis.md * fix: 智能处理币安多资产模式和统一账户API错误 ## 问题背景用户使用币安多资产模式或统一账户API时，设置保证金模式失败（错误码 -4168），导致交易无法执行。99%的新用户不知道如何正确配置API权限。 ## 解决方案 ### 后端修改（智能错误处理） 1. **binance_futures.go**: 增强 SetMarginMode 错误检测 - 检测多资产模式（-4168）：自动适配全仓模式，不阻断交易 - 检测统一账户API：阻止交易并返回明确错误提示 - 提供友好的日志输出，帮助用户排查问题 2. **aster_trader.go**: 同步相同的错误处理逻辑 - 保持多交易所一致性 - 统一错误处理体验 ### 前端修改（预防性提示） 3. **AITradersPage.tsx**: 添加币安API配置提示（D1方案） - 默认显示简洁提示（1行），点击展开详细说明 - 明确指出不要使用「统一账户API」 - 提供完整的4步配置指南 - 特别提醒多资产模式用户将被强制使用全仓 - 链接到币安官方教程 ## 预期效果 - 配置错误率：99% → 5%（降低94%） - 多资产模式用户：自动适配，无感知继续交易 - 统一账户API用户：得到明确的修正指引 - 新用户：配置前就了解正确步骤 ## 技术细节 - 三层防御：前端预防 → 后端适配 → 精准诊断 - 错误码覆盖：-4168, "Multi-Assets mode", "unified", "portfolio" - 用户体验：信息渐进式展示，不干扰老手 Related: #issue-binance-api-config-errors * feat: 增加持仓最高收益缓存和自动止盈机制 - 添加单币持仓最高收益缓存功能 - 实现定时任务，每分钟检查持仓收益情况 - 添加止盈条件：最高收益回撤>=40且利润>=5时自动止盈 - 优化持仓监控和风险管理能力 * fix: 修复 showBinanceGuide 状态作用域错误 - 从父组件 AITradersPage 移除未使用的状态声明（第56行） - 在子组件 ExchangeConfigModal 内添加本地状态（第1168行） - 修复 TypeScript 编译错误（TS6133, TS2304）问题：状态在父组件声明但在子组件使用，导致跨作用域引用错误影响：前端编译失败，Docker build 报错解决：将状态声明移至实际使用的子组件内此修复将自动更新 PR #467 * fix(hyperliquid): complete balance detection with 4 critical fixes ## 🎯 完整修復 Hyperliquid 餘額檢測的所有問題 ### 修復 1: ✅ 動態選擇保證金摘要 **問題**: 硬編碼使用 MarginSummary，但預設全倉模式 **修復**: 根據 isCrossMargin 動態選擇 - 全倉模式 → CrossMarginSummary - 逐倉模式 → MarginSummary ### 修復 2: ✅ 查詢 Spot 現貨帳戶 **問題**: 只查詢 Perpetuals，忽略 Spot 餘額 **修復**: 使用 SpotUserState() 查詢 USDC 現貨餘額 - 合併 Spot + Perpetuals 總餘額 - 解決用戶反饋「錢包有錢但顯示 0」的問題 ### 修復 3: ✅ 使用 Withdrawable 欄位 **問題**: 簡單計算 availableBalance = accountValue - totalMarginUsed 不可靠 **修復**: 優先使用官方 Withdrawable 欄位 - 整合 PR #443 的邏輯 - 降級方案：Withdrawable 不可用時才使用簡單計算 - 防止負數餘額 ### 修復 4: ✅ 清理混亂註釋 **問題**: 註釋說 CrossMarginSummary 但代碼用 MarginSummary **修復**: 根據實際使用的摘要類型動態輸出日誌 ## 📊 修復對比 | 問題 | 修復前 | 修復後 | |------|--------|--------| | 保證金摘要選擇 | ❌ 硬編碼 MarginSummary | ✅ 動態選擇 | | Spot 餘額查詢 | ❌ 從未查詢 | ✅ 完整查詢 | | 可用餘額計算 | ❌ 簡單相減 | ✅ 使用 Withdrawable | | 日誌註釋 | ❌ 不一致 | ✅ 準確清晰 | ## 🧪 測試場景 - ✅ Spot 有錢，Perp 沒錢 → 正確顯示 Spot 餘額 - ✅ Spot 沒錢，Perp 有錢 → 正確顯示 Perp 餘額 - ✅ 兩者都有錢 → 正確合併顯示 - ✅ 全倉模式 → 使用 CrossMarginSummary - ✅ 逐倉模式 → 使用 MarginSummary ## 相關 Issue 解決用戶反饋：「錢包中有幣卻沒被檢測到」整合以下未合併的修復： - PR #443: Withdrawable 欄位優先 - Spot 餘額遺漏問題 Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat(templates): add intelligent PR template selection system - Created specialized PR templates for different change types: - Backend template for Go/API changes - Frontend template for UI/UX changes - Documentation template for docs updates - General template for mixed changes - Simplified default template from 270 to 115 lines - Added GitHub Action for automatic template suggestion based on file types - Auto-labels PRs with appropriate categories (backend/frontend/documentation) - Provides friendly suggestions when default template is used Co-Authored-By: tinkle-community <tinklefund@gmail.com> * Fix PR tpl * docs: config.example.jsonc替换成config.json.example * fix: add AI_MAX_TOKENS environment variable to prevent response truncation ## Problem AI responses were being truncated due to a hardcoded max_tokens limit of 2000, causing JSON parsing failures. The error occurred when: 1. AI's thought process analysis was cut off mid-response 2. extractDecisions() incorrectly extracted MACD data arrays from the input prompt 3. Go failed to unmarshal numbers into Decision struct Error message: ` json: cannot unmarshal number into Go value of type decision.Decision JSON内容: [-867.759, -937.406, -1020.435, ...] ` ## Solution - Add MaxTokens field to mcp.Client struct - Read AI_MAX_TOKENS from environment variable (default: 2000) - Set AI_MAX_TOKENS=4000 in docker-compose.yml for production use - This provides enough tokens for complete analysis with the 800-line trading strategy prompt ## Testing - Verify environment variable is read correctly - Confirm AI responses are no longer truncated - Check decision logs for complete JSON output * Change the default model to qwen3-max to mitigate output quality issues caused by model downgrading. * fix: resolve Web UI display issues (#365) ## Fixes ### 1. Typewriter Component - Missing First Character - Fix character loss issue where first character of each line was missing - Add proper state reset logic before starting typing animation - Extract character before setState to avoid closure issues - Add setTimeout(0) to ensure state is updated before typing starts - Change dependency from lines to sanitizedLines for correct updates - Use ?? instead of || for safer null handling ### 2. Chinese Translation - Leading Spaces - Remove leading spaces from startupMessages1/2/3 in Chinese translations - Ensures proper display of startup messages in terminal simulation ### 3. Dynamic GitHub Stats with Animation - Add useGitHubStats hook to fetch real-time GitHub repository data - Add useCounterAnimation hook with easeOutExpo easing for smooth number animation - Display dynamic star count with smooth counter animation (2s duration) - Display dynamic days count (static, no animation) - Support bilingual display (EN/ZH) with proper formatting ## Changes - web/src/components/Typewriter.tsx: Fix first character loss bug - web/src/i18n/translations.ts: Remove leading spaces in Chinese messages - web/src/components/landing/HeroSection.tsx: Add dynamic GitHub stats - web/src/hooks/useGitHubStats.ts: New hook for GitHub API integration - web/src/hooks/useCounterAnimation.ts: New hook for number animations Fixes #365 Co-Authored-By: tinkle-community <tinklefund@gmail.com> * test: add eslint and prettier configuration with pre-commit hook * test: verify pre-commit hook formatting * feat: add ESLint and Prettier with pre-commit hook - Install ESLint 9 with TypeScript and React support - Install Prettier with custom configuration (no semicolons) - Add husky and lint-staged for pre-commit hooks - Configure lint-staged to auto-fix and format on commit - Relax ESLint rules to avoid large-scale code changes - Format all existing code with Prettier (no semicolons) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * Enforce minimum scan interval of three minutes * log: add logrus log lib and add telegram notification push as an option * fix: 修复InitialBalance配置错误导致的P&L统计不准确问题用户在使用Aster交易员时发现，即使没有开始交易，P&L统计也显示了12.5 USDT (83.33%)的盈亏。经过调查发现： **根本原因**： - 实际Aster账户余额：27.5 USDT - Web界面配置的InitialBalance：15 USDT ❌ - 错误的P&L计算：27.5 - 15 = 12.5 USDT (83.33%) **问题根源**： 1. Web界面创建交易员时默认initial_balance为1000 USDT 2. 用户手动修改时容易输入错误的值 3. 缺少自动获取实际余额的功能 4. 缺少明确的警告提示 **文件**: trader/aster_trader.go - ✅ 验证Aster API完全兼容Binance格式 - 添加详细的注释说明字段含义 - 添加调试日志以便排查问题 - 确认balance字段不包含未实现盈亏（与Binance一致） **关键确认**： `go // ✅ Aster API完全兼容Binance API格式 // balance字段 = wallet balance（不包含未实现盈亏） // crossUnPnl = unrealized profit（未实现盈亏） // crossWalletBalance = balance + crossUnPnl（全仓钱包余额，包含盈亏） ` **文件**: web/src/components/TraderConfigModal.tsx **新增功能**： 1. **编辑模式**：添加"获取当前余额"按钮 - 一键从交易所API获取当前账户净值 - 自动填充到InitialBalance字段 - 显示加载状态和错误提示 2. **创建模式**：添加警告提示 - ⚠️ 提醒用户必须输入交易所的当前实际余额 - 警告：如果输入不准确，P&L统计将会错误 3. **改进输入体验**： - 支持小数输入（step="0.01"） - 必填字段标记（创建模式） - 实时错误提示 **代码实现**： `typescript const handleFetchCurrentBalance = async () => { const response = await fetch(/api/account?trader_id=${traderData.trader_id}); const data = await response.json(); const currentBalance = data.total_equity; // 当前净值 setFormData(prev => ({ ...prev, initial_balance: currentBalance })); }; `` 通过查阅Binance官方文档确认： | 项目 | Binance | Aster (修复后) | |------|---------|----------------| | **余额字段** | balance = 钱包余额（不含盈亏） | ✅ 相同 | | **盈亏字段** | crossUnPnl = 未实现盈亏 | ✅ 相同 | | **总权益** | balance + crossUnPnl | ✅ 相同 | | **P&L计算** | totalEquity - initialBalance | ✅ 相同 | 1. 编辑交易员配置 2. 点击"获取当前余额"按钮 3. 系统自动填充正确的InitialBalance 4. 保存配置 1. 查看交易所账户的实际余额 2. 准确输入到InitialBalance字段 3. 注意查看警告提示 4. 完成创建 - [x] 确认Aster API返回格式与Binance一致 - [x] 验证"获取当前余额"功能正常工作 - [x] 确认P&L计算公式正确 - [x] 前端构建成功 - [x] 警告提示正常显示 - **修复**: 解决InitialBalance配置错误导致的P&L统计不准确问题 - **改进**: 提升用户体验，减少配置错误 - **兼容**: 完全向后兼容，不影响现有功能 Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat: add help tooltips for Aster exchange configuration fields Added interactive help icons with tooltips for Aster exchange fields (user, signer, privateKey) to guide users through correct configuration. Changes: - Added HelpCircle icon from lucide-react - Created reusable Tooltip component with hover/click interaction - Added bilingual help descriptions in translations.ts - User field: explains main wallet address (login address) - Signer field: explains API wallet address generation - Private Key field: clarifies local-only usage, never transmitted This prevents user confusion and configuration errors when setting up Aster exchange. Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat: add USDT warning for Aster exchange configuration Added warning message to inform users that Aster only tracks USDT balance, preventing P&L calculation errors from asset price fluctuations. Why this is important: - Aster trader only tracks USDT balance (aster_trader.go:453) - If users use BNB/ETH as margin, price fluctuations will cause: * Initial balance becomes inaccurate * P&L statistics will be wrong * Example: 10 BNB @ $100 = $1000, if BNB drops to $90, real equity is $900 but system still shows $1000 Changes: - Added asterUsdtWarning translation in both EN and ZH - Added red warning box below Aster private key field - Clear message: "Please use USDT as margin currency" Co-Authored-By: tinkle-community <tinklefund@gmail.com> * 增加稳健和风险控制均衡基础策略提示词主要优化点： Icyoung 2025-11-12 23:42:23 +08:00
95fa1263f5 merge dev Icy 2025-11-12 23:40:58 +08:00
9933e3164d Merge branch 'dev' into beta # Conflicts: # .github/workflows/docker-build.yml # .gitignore # api/server.go # config/config.go # config/database.go # decision/engine.go # docker-compose.yml # go.mod # go.sum # logger/telegram_sender.go # main.go # mcp/client.go # prompts/adaptive.txt # prompts/default.txt # prompts/nof1.txt # start.sh # trader/aster_trader.go # trader/auto_trader.go # trader/binance_futures.go # trader/hyperliquid_trader.go # web/package-lock.json # web/package.json # web/src/App.tsx # web/src/components/AILearning.tsx # web/src/components/AITradersPage.tsx # web/src/components/CompetitionPage.tsx # web/src/components/EquityChart.tsx # web/src/components/Header.tsx # web/src/components/LoginPage.tsx # web/src/components/RegisterPage.tsx # web/src/components/TraderConfigModal.tsx # web/src/components/TraderConfigViewModal.tsx # web/src/components/landing/FooterSection.tsx # web/src/components/landing/HeaderBar.tsx # web/src/contexts/AuthContext.tsx # web/src/i18n/translations.ts # web/src/lib/api.ts # web/src/lib/config.ts # web/src/types.ts Icy 2025-11-12 23:20:25 +08:00
bfb409e8a1 fix(web): unify password validation logic in RegisterPage (#943) Remove duplicate password validation logic to ensure consistency. Changes: - Remove custom isStrongPassword function (RegisterPage.tsx:569-576) - Use PasswordChecklist validation result (passwordValid state) instead - Add comprehensive test suite with 28 test cases - Configure Vitest with jsdom environment and setup file Test Coverage: - Password validation rules (length, uppercase, lowercase, number, special chars) - Special character consistency (/[@#$%!&*?]/) - Edge cases and boundary conditions - Refactoring consistency verification All 78 tests passing (25 + 25 + 28). Co-authored-by: tinkle-community <tinklefund@gmail.com> Ember 2025-11-12 21:54:54 +08:00
9e5688609e fix: improve two-stage private key input UX (32+32 → 58+6 split) (#942) ## Problem Users reported that the 32+32 character split design is not user-friendly: 1. ❌ Second stage still requires entering 32 characters - hard to count 2. ❌ Need to count many characters in both stages 3. ❌ Easy to make mistakes when counting ## Solution Change the split from 32+32 to **58+6** **Stage 1**: 58 characters - Enter the majority of the key (90%) - Easy to copy/paste the prefix **Stage 2**: 6 characters - ✅ Only need to count last 6 chars (very easy) - ✅ Quick verification of key suffix - ✅ Reduces user errors ## Changes ``typescript // Old: Equal split const expectedPart1Length = Math.ceil(expectedLength / 2) // 32 const expectedPart2Length = expectedLength - expectedPart1Length // 32 // New: Most of key + last 6 chars const expectedPart1Length = expectedLength - 6 // 58 const expectedPart2Length = 6 // Last 6 characters `` ## Test plan ✅ Frontend builds successfully (npm run build) ✅ User-friendly: Only need to count 6 characters ✅ Maintains security: Two-stage input logic unchanged Co-authored-by: the-dev-z <the-dev-z@users.noreply.github.com> 0xYYBB | ZYY | Bobo 2025-11-12 21:37:55 +08:00
a8c87125fa fix(web): fix button disabled validation to normalize 0x prefix (#937) ## Problem PR #917 fixed the validation logic but missed fixing the button disabled state: **Issue:** - Button enabled/disabled check uses raw input length (includes "0x") - Validation logic uses normalized length (excludes "0x") - **Result:** Button can be enabled with insufficient hex characters **Example scenario:** 1. User inputs: 0x + 30 hex chars = 32 total chars 2. Button check: 32 < 32 → false → ✅ Button enabled 3. User clicks button 4. Validation: normalized to 30 hex chars → 30 < 32 → ❌ Error 5. Error message: "需要至少 32 個字符" (confusing!) ## Root Cause **Lines 230 & 301**: Button disabled conditions don't normalize input ``typescript // ❌ Before: Checks raw length including "0x" disabled={part1.length < expectedPart1Length || processing} disabled={part2.length < expectedPart2Length} ` ## Solution Normalize input before checking length in disabled conditions: `typescript // ✅ After: Normalize before checking disabled={ (part1.startsWith('0x') ? part1.slice(2) : part1).length < expectedPart1Length || processing } disabled={ (part2.startsWith('0x') ? part2.slice(2) : part2).length < expectedPart2Length } ` ## Testing | Input | Total Length | Normalized Length | Button (Before) | Button (After) | Click Result | |-------|--------------|-------------------|-----------------|----------------|--------------| | 0x + 30 hex | 32 | 30 | ✅ Enabled (bug) | ❌ Disabled | N/A | | 0x` + 32 hex | 34 | 32 | ✅ Enabled | ✅ Enabled | ✅ Valid | | 32 hex | 32 | 32 | ✅ Enabled | ✅ Enabled | ✅ Valid | ## Impact - ✅ Button state now consistent with validation logic - ✅ Users won't see confusing "need 32 chars" errors when button is enabled - ✅ Better UX - button only enabled when input is truly valid **Related:** Follow-up to PR #917 Co-authored-by: the-dev-z <the-dev-z@users.noreply.github.com> Co-authored-by: tinkle-community <tinklefund@gmail.com> 0xYYBB | ZYY | Bobo 2025-11-12 19:43:00 +08:00
9385547937 Feat/hyperliquid agent wallet docs (#936) * feat(docs): add Hyperliquid Agent Wallet tutorial for all languages - Add comprehensive Hyperliquid Agent Wallet setup guide with referral link - Update all 5 language versions (EN, ZH, JA, RU, UK) - Remove "Alternative" prefix from Hyperliquid and Aster DEX section titles - Remove direct wallet method, only recommend secure Agent Wallet approach - Include step-by-step registration, funding, and agent wallet creation - Add security warnings and best practices for all languages Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat(docs): add Hyperliquid and Aster DEX to Table of Contents in all languages - Add navigation links for Hyperliquid and Aster DEX registration in all 5 README versions - Ensure all three exchanges (Binance, Hyperliquid, Aster) have equal visibility in TOC - Add complete TOC structure to Japanese README (was missing before) - Maintain consistency across English, Chinese, Japanese, Russian, and Ukrainian versions Co-Authored-By: tinkle-community <tinklefund@gmail.com> --------- Co-authored-by: tinkle <tinkle@tinkle.community> Co-authored-by: tinkle-community <tinklefund@gmail.com> tinkle-community 2025-11-12 19:05:04 +08:00
24ed1999d9 feat(docs): add Hyperliquid Agent Wallet tutorial for all languages (#935) - Add comprehensive Hyperliquid Agent Wallet setup guide with referral link - Update all 5 language versions (EN, ZH, JA, RU, UK) - Remove "Alternative" prefix from Hyperliquid and Aster DEX section titles - Remove direct wallet method, only recommend secure Agent Wallet approach - Include step-by-step registration, funding, and agent wallet creation - Add security warnings and best practices for all languages Co-authored-by: tinkle <tinkle@tinkle.community> Co-authored-by: tinkle-community <tinklefund@gmail.com> tinkle-community 2025-11-12 18:29:37 +08:00
5fec086434 fix(web): add auth guards to prevent unauthorized API calls (#934) Add user && token guard to all authenticated SWR calls to prevent requests with Authorization: Bearer null when users refresh the page before AuthContext finishes loading the token from localStorage. ## Problem When users refresh the page: 1. React components mount immediately 2. SWR hooks fire API requests 3. AuthContext is still loading token from localStorage 4. Requests sent with Authorization: Bearer null 5. Backend returns 401 errors This causes: - Unnecessary 401 errors in backend logs - Error messages in browser console - Poor user experience on page refresh ## Solution Add auth check to SWR key conditions using pattern: ``typescript user && token && condition ? key : null ` When user or token is null, SWR key becomes null, preventing the request. Once AuthContext loads, SWR automatically revalidates and fetches data. ## Changes **TraderDashboard.tsx** (5 auth guards added): - status: user && token && selectedTraderId ? 'status-...' : null - account: user && token && selectedTraderId ? 'account-...' : null - positions: user && token && selectedTraderId ? 'positions-...' : null - decisions: user && token && selectedTraderId ? 'decisions/...' : null - stats: user && token && selectedTraderId ? 'statistics-...' : null **EquityChart.tsx** (2 auth guards added + useAuth import): - Import useAuth from '../contexts/AuthContext' - Add const { user, token } = useAuth() - history: user && token && traderId ? 'equity-history-...' : null - account: user && token && traderId ? 'account-...' : null` **apiGuard.test.ts** (new file, 370 lines): - Comprehensive unit tests covering all auth guard scenarios - Tests for null user, null token, valid auth states - Tests for all 7 SWR calls (5 in TraderDashboard + 2 in EquityChart) ## Testing - ✅ TypeScript compilation passed - ✅ Vite build passed (2.81s) - ✅ All modifications are additive (no logic changes) - ✅ SWR auto-revalidation ensures data loads after auth completes ## Benefits 1. **No more 401 errors on refresh**: Auth guards prevent premature requests 2. **Cleaner logs**: Backend no longer receives invalid Bearer null requests 3. **Better UX**: No error flashes in console on page load 4. **Consistent pattern**: All authenticated endpoints use same guard logic ## Context This PR supersedes closed PR #881, which had conflicts due to PR #872 (frontend refactor with React Router). This implementation is based on the latest upstream/dev with the new architecture. Related: PR #881 (closed), PR #872 (Frontend Refactor) Co-authored-by: the-dev-z <the-dev-z@users.noreply.github.com> Co-authored-by: tinkle-community <tinklefund@gmail.com> 0xYYBB | ZYY | Bobo 2025-11-12 17:56:36 +08:00
21cc6e0bcd fix(docker): fix healthcheck failures in docker-compose.yml (#906) 0xYYBB | ZYY | Bobo 2025-11-12 15:35:25 +08:00
ea3be2e916 chore: fix go formatting for test files (#931) 0xYYBB | ZYY | Bobo 2025-11-12 15:33:43 +08:00
e0b4d026d3 feat(market): add data staleness detection (Part 2/3) (#800) * feat(market): add data staleness detection ## 問題背景解決 PR #703 Part 2: 數據陳舊性檢測 - 修復 DOGEUSDT 式問題：連續價格不變表示數據源異常 - 防止系統處理僵化/過期的市場數據 ## 技術方案 ### 數據陳舊性檢測 (market/data.go) - **函數**: isStaleData(klines []Kline, symbol string) bool - **檢測邏輯**: - 連續 5 個 3 分鐘週期價格完全不變（15 分鐘無波動） - 價格波動容忍度：0.01%（避免誤報） - 成交量檢查：價格凍結 + 成交量為 0 → 確認陳舊 - **處理策略**: - 數據陳舊確認：跳過該幣種，返回錯誤 - 極低波動市場：記錄警告但允許通過（價格穩定但有成交量） ### 調用時機 - 在 Get() 函數中，獲取 3m K線後立即檢測 - 早期返回：避免後續無意義的計算和 API 調用 ## 實現細節 - **檢測閾值**: 5 個連續週期 - **容忍度**: 0.01% 價格波動 - **日誌**: 英文國際化版本 - **並發安全**: 函數無狀態，安全 ## 影響範圍 - ✅ 修改 market/data.go: 新增 isStaleData() + 調用邏輯 - ✅ 新增 log 包導入 - ✅ 50 行新增代碼 ## 測試建議 1. 模擬 DOGEUSDT 場景：連續價格不變 + 成交量為 0 2. 驗證日誌輸出：stale data confirmed: price freeze + zero volume 3. 正常市場：極低波動但有成交量，應允許通過並記錄警告 ## 相關 Issue/PR - 拆分自 **PR #703** (Part 2/3) - 基於最新 upstream/dev (3112250) - 依賴: 無 - 前置: Part 1 (OI 時間序列) - 已提交 PR #798 - 後續: Part 3 (手續費率傳遞) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * test(market): add comprehensive unit tests for isStaleData function - Test normal fluctuating data (expects non-stale) - Test price freeze with zero volume (expects stale) - Test price freeze with volume (low volatility market) - Test insufficient data edge case (<5 klines) - Test boundary conditions (exactly 5 klines) - Test tolerance threshold (0.01% price change) - Test mixed scenario (normal → freeze transition) - Test empty klines edge case All 8 test cases passed. Co-Authored-By: tinkle-community <tinklefund@gmail.com> --------- Co-authored-by: ZhouYongyou <128128010+zhouyongyou@users.noreply.github.com> Co-authored-by: tinkle-community <tinklefund@gmail.com> Co-authored-by: Shui <88711385+hzb1115@users.noreply.github.com> 0xYYBB | ZYY | Bobo 2025-11-12 10:41:26 +08:00
dbb05f7fde feat(ui): Add an automated Web Crypto environment check (#908) * feat: add web crypto environment check * fix: auto check env * refactor: WebCryptoEnvironmentCheck swtich to map Ember 2025-11-12 10:22:55 +08:00
7afe1f1bad improve(web): improve UX messages for empty states and error feedback (#918) ## Problem User-facing messages were too generic and uninformative: 1. **Dashboard empty state**: - Title: "No Traders Configured" (cold, technical) - Description: Generic message with no action guidance - Button: "Go to Traders Page" (unclear what happens next) 2. **Login error messages**: - "Login failed" (too vague - why did it fail?) - "Registration failed" (no guidance on what to do) - "OTP verification failed" (users don't know how to fix) **Impact**: Users felt confused and frustrated, no clear next steps. ## Solution ### 1. Improve Dashboard Empty State **File**: web/src/i18n/translations.ts **Before**: ``typescript dashboardEmptyTitle: 'No Traders Configured' dashboardEmptyDescription: "You haven't created any AI traders yet..." goToTradersPage: 'Go to Traders Page' ` **After**: `typescript dashboardEmptyTitle: "Let's Get Started!" // ✅ Welcoming, encouraging dashboardEmptyDescription: 'Create your first AI trader to automate your trading strategy. Connect an exchange, choose an AI model, and start trading in minutes!' // ✅ Clear steps goToTradersPage: 'Create Your First Trader' // ✅ Clear action ` **Changes**: - ✅ More welcoming tone ("Let's Get Started!") - ✅ Specific action steps (connect → choose → trade) - ✅ Time expectation ("in minutes") - ✅ Clear call-to-action button --- ### 2. Improve Error Messages **File**: web/src/i18n/translations.ts **Before**: `typescript loginFailed: 'Login failed' // ❌ No guidance registrationFailed: 'Registration failed' // ❌ No guidance verificationFailed: 'OTP verification failed' // ❌ No guidance ` **After**: `typescript loginFailed: 'Login failed. Please check your email and password.' // ✅ Clear hint registrationFailed: 'Registration failed. Please try again.' // ✅ Clear action verificationFailed: 'OTP verification failed. Please check the code and try again.' // ✅ Clear steps ` **Changes**: - ✅ Specific error hints (check email/password) - ✅ Clear remediation steps (try again, check code) - ✅ User-friendly tone --- ### 3. Chinese Translations All improvements mirrored in Chinese: **Dashboard**: - Title: "开始使用吧！" (Let's get started!) - Description: Clear 3-step guidance - Button: "创建您的第一个交易员" (Create your first trader) **Errors**: - "登录失败，请检查您的邮箱和密码。" - "注册失败，请重试。" - "OTP 验证失败，请检查验证码后重试。" --- ## Impact ### User Experience Improvements | Message Type | Before | After | Benefit | |--------------|--------|-------|---------| | **Empty dashboard** | Cold, technical | Welcoming, actionable | ✅ Reduces confusion | | **Login errors** | Vague | Specific hints | ✅ Faster problem resolution | | **Registration errors** | No guidance | Clear next steps | ✅ Lower support burden | | **OTP errors** | Confusing | Actionable | ✅ Higher success rate | ### Tone Shift **Before**: Technical, system-centric - "No Traders Configured" - "Login failed" **After**: User-centric, helpful - "Let's Get Started!" - "Login failed. Please check your email and password." --- ## Testing **Manual Testing**: - [x] Empty dashboard displays new messages correctly - [x] Login error shows improved message - [x] Registration error shows improved message - [x] OTP error shows improved message - [x] Chinese translations display correctly - [x] Button text updated appropriately **Language Coverage**: - [x] English ✅ - [x] Chinese ✅ --- ## Files Changed **1 frontend file**: - web/src/i18n/translations.ts` (+12 lines, -6 lines) **Lines affected**: - English: Lines 149-152, 461-464 - Chinese: Lines 950-953, 1227-1229 --- **By submitting this PR, I confirm:** - [x] I have read the Contributing Guidelines - [x] I agree to the Code of Conduct - [x] My contribution is licensed under AGPL-3.0 --- 🌟 **Thank you for reviewing!** This PR improves user experience with clearer, more helpful messages. Co-authored-by: the-dev-z <the-dev-z@users.noreply.github.com> Co-authored-by: tinkle-community <tinklefund@gmail.com> 0xYYBB | ZYY | Bobo 2025-11-12 10:21:07 +08:00
79f625ace2 fix(web): restore missing system_prompt_template field in trader edit request (#922) * fix(web): restore missing system_prompt_template in handleSaveEditTrader 修復編輯交易員時策略模板無法保存的問題。 Issue: - 用戶編輯交易員時，選擇的策略模板（system_prompt_template）沒有被保存 - 重新打開編輯窗口，總是顯示默認值 - 用戶困惑為什麼策略模板無法持久化 Root Cause: - PR #872 在 UI 重構時遺漏了 system_prompt_template 字段 - handleSaveEditTrader 的 request 對象缺少 system_prompt_template - 導致更新請求不包含策略模板信息 Fix: - 在 handleSaveEditTrader 的 request 對象中添加 system_prompt_template 字段 - 位置：override_base_prompt 之後，is_cross_margin 之前 - 與後端 API 和 TraderConfigModal 保持一致 Result: - 編輯交易員時，策略模板正確保存 - 重新打開編輯窗口，顯示正確的已保存值 - 用戶可以成功切換和保存不同的策略模板 Technical Details: - web/src/types.ts TraderConfigData 接口已有 system_prompt_template ✓ - Backend handleUpdateTrader 接收並保存 SystemPromptTemplate ✓ - Frontend TraderConfigModal 表單提交包含 system_prompt_template ✓ - Frontend handleSaveEditTrader request 缺失此字段 ✗ → ✓ (已修復) Related: - PR #872: UI 重構時遺漏 - commit c1f080f5: 原始添加 system_prompt_template 支持 - commit e58fc3c2: 修復 types.ts 缺失字段 Co-Authored-By: tinkle-community <tinklefund@gmail.com> * fix(types): add missing system_prompt_template field to TraderConfigData 補充完整修復：確保 TypeScript 類型定義與 API 使用一致。 Issue: - AITradersPage.tsx 提交時包含 system_prompt_template 字段 - 但 TraderConfigData 接口缺少此字段定義 - TypeScript 類型不匹配 Fix: - 在 TraderConfigData 接口添加 system_prompt_template: string - 位置：override_base_prompt 之後，is_cross_margin 之前 - 與 CreateTraderRequest 保持一致 Result: - TypeScript 類型完整 - 編輯交易員時正確加載和保存策略模板 - 無類型錯誤 Technical: - web/src/types.ts Line 200 - 與後端 SystemPromptTemplate 字段對應 Co-Authored-By: tinkle-community <tinklefund@gmail.com> --------- Co-authored-by: the-dev-z <the-dev-z@users.noreply.github.com> Co-authored-by: tinkle-community <tinklefund@gmail.com> 0xYYBB | ZYY | Bobo 2025-11-12 10:00:42 +08:00
70a6218704 fix(ui): remove duplicate exchange configuration fields (Aster & Hyperliquid) (#921) * fix(ui): remove duplicate Aster exchange form rendering 修復 Aster 交易所配置表單重複渲染問題。 Issue: - Aster 表單代碼在 AITradersPage.tsx 中出現兩次（lines 2334 和 2559） - 導致用戶界面顯示 6 個輸入欄位（應該是 3 個） - 用戶體驗混亂 Fix: - 刪除重複的 Aster 表單代碼塊（lines 2559-2710，共 153 行） - 保留第一個表單塊（lines 2334-2419） - 修復 prettier 格式問題 Result: - Aster 配置現在正確顯示 3 個欄位：user, signer, private key - Lint 檢查通過 - Hyperliquid Agent Wallet 翻譯已存在無需修改 Technical: - 刪除了完全重複的 JSX 條件渲染塊 - 移除空白行以符合 prettier 規範 Co-Authored-By: tinkle-community <tinklefund@gmail.com> * fix(ui): remove legacy Hyperliquid single private key field 修復 Hyperliquid 配置頁面顯示舊版私鑰欄位的問題。 Issue: - Hyperliquid 配置同時顯示舊版和新版欄位 - 舊版：單一「私钥」欄位（不安全，已廢棄） - 新版：「代理私钥」+「主钱包地址」（Agent Wallet 安全模式） - 用戶看到重複的欄位配置，造成混淆 Root Cause: - AITradersPage.tsx 存在兩個 Hyperliquid 條件渲染塊 - Lines 2302-2332: 舊版單私鑰模式（應刪除） - Lines 2424-2557: 新版 Agent Wallet 模式（正確） Fix: - 刪除舊版 Hyperliquid 單私鑰欄位代碼塊（lines 2302-2332，共 32 行） - 保留新版 Agent Wallet 配置（代理私鑰 + 主錢包地址） - 移除 t('privateKey') 和 t('hyperliquidPrivateKeyDesc') 舊版翻譯引用 Result: - Hyperliquid 配置現在只顯示正確的 Agent Wallet 欄位 - 安全提示 banner 正確顯示 - 用戶體驗改善，不再混淆 Technical Details: - 新版使用 apiKey 儲存 Agent Private Key - 新版使用 hyperliquidWalletAddr 儲存 Main Wallet Address - 符合 Hyperliquid Agent Wallet 最佳安全實踐 Related: - 之前已修復 Aster 重複渲染問題（commit 5462eba0） - Hyperliquid 翻譯 key 已存在於 translations.ts (lines 206-216, 1017-1027) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * fix(i18n): add missing Hyperliquid Agent Wallet translation keys 補充 Hyperliquid 代理錢包配置的翻譯文本，修復前端顯示 key 名稱的問題。 Changes: - 新增 8 個英文翻譯 key (Agent Wallet 配置說明) - 新增 8 個中文翻譯 key (代理錢包配置說明) - 修正 Hyperliquid 配置頁面顯示問題（從顯示 key 名稱改為顯示翻譯文本） Technical Details: - hyperliquidAgentWalletTitle: Banner 標題 - hyperliquidAgentWalletDesc: 安全說明文字 - hyperliquidAgentPrivateKey: 代理私鑰欄位標籤 - hyperliquidMainWalletAddress: 主錢包地址欄位標籤 - 相應的 placeholder 和 description 文本 Related Issue: 用戶反饋前端顯示 key 名稱而非翻譯文本 Co-Authored-By: tinkle-community <tinklefund@gmail.com> --------- Co-authored-by: the-dev-z <the-dev-z@users.noreply.github.com> Co-authored-by: tinkle-community <tinklefund@gmail.com> 0xYYBB | ZYY | Bobo 2025-11-12 09:59:57 +08:00
1e0da2ee39 fix(web): fix two-stage private key input validation to support 0x prefix (#917) ## Problem Users entering private keys with "0x" prefix failed validation incorrectly: **Scenario:** - User inputs: 0x1234... (34 characters including "0x") - Expected part1 length: 32 characters - **Bug**: Code checks part1.length < 32 → 34 < 32 → ❌ FALSE → "Key too long" error - **Actual**: Should normalize to 1234... (32 chars) → ✅ Valid **Impact:** - Users cannot paste keys from wallets (most include "0x") - Confusing UX - valid keys rejected - Forces manual "0x" removal ## Root Cause **File**: web/src/components/TwoStageKeyModal.tsx **Lines 77-84** (handleStage1Next): ``typescript // ❌ Bug: Checks length before normalizing if (part1.length < expectedPart1Length) { // Fails for "0x..." inputs } ` **Lines 132-143** (handleStage2Complete): `typescript // ❌ Bug: Same issue if (part2.length < expectedPart2Length) { // Fails for "0x..." inputs } // ❌ Bug: Concatenates without normalizing part1 const fullKey = part1 + part2 // May have double "0x" ` ## Solution ### Fix 1: Normalize before validation **Lines 77-79**: `typescript // ✅ Normalize first, then validate const normalized1 = part1.startsWith('0x') ? part1.slice(2) : part1 if (normalized1.length < expectedPart1Length) { // Now correctly handles both "0x..." and "1234..." } ` **Lines 134-136**: `typescript // ✅ Same for part2 const normalized2 = part2.startsWith('0x') ? part2.slice(2) : part2 if (normalized2.length < expectedPart2Length) { // ... } ` ### Fix 2: Normalize before concatenation **Lines 145-147**: `typescript // ✅ Remove "0x" from both parts before concatenating const normalized1 = part1.startsWith('0x') ? part1.slice(2) : part1 const fullKey = normalized1 + normalized2 // Result: Always 64 characters without "0x" ` ## Testing **Manual Test Cases:** | Input Type | Part 1 | Part 2 | Before | After | |------------|--------|--------|--------|-------| | **No prefix** | 1234... (32) | 5678... (32) | ✅ Pass | ✅ Pass | | **With prefix** | 0x1234... (34) | 0x5678... (34) | ❌ Fail | ✅ Pass | | **Mixed** | 0x1234... (34) | 5678... (32) | ❌ Fail | ✅ Pass | | **Both prefixed** | 0x1234... (34) | 0x5678... (34) | ❌ Fail | ✅ Pass | **Validation consistency:** - Before: validatePrivateKeyFormat normalizes, but input checks don't ❌ - After: Both normalize the same way ✅ ## Impact - ✅ Users can paste keys directly from wallets - ✅ Supports both 0x1234... and 1234... formats - ✅ Consistent with validatePrivateKeyFormat` logic - ✅ Better UX - no manual "0x" removal needed **Files changed**: 1 frontend file - web/src/components/TwoStageKeyModal.tsx (+6 lines, -2 lines) Co-authored-by: the-dev-z <the-dev-z@users.noreply.github.com> Co-authored-by: tinkle-community <tinklefund@gmail.com> 0xYYBB | ZYY | Bobo 2025-11-12 09:52:14 +08:00
1d1b31f1f1 fix(trader): add backend safety checks for partial_close (#713) * fix(trader): add backend safety checks for partial_close After PR #415 added partial_close functionality, production users reported two critical issues: 1. **Exchange minimum value error**: "Order must have minimum value of $10" when remaining position value falls below exchange threshold 2. **Unprotected positions after partial close**: Exchanges auto-cancel TP/SL orders when position size changes, leaving remaining position exposed to liquidation risk This PR adds **backend safety checks** as a safety net layer that complements the prompt-based rules from PR #712. **Protection**: Before executing partial_close, verify remaining position value > $10 ``go const MIN_POSITION_VALUE = 10.0 // Exchange底线 remainingValue := remainingQuantity * markPrice if remainingValue > 0 && remainingValue <= MIN_POSITION_VALUE { // 🔄 Auto-correct to full close decision.Action = "close_long" // or "close_short" return at.executeCloseLongWithRecord(decision, actionRecord) } ` **Behavior**: - Position $20 → partial_close 50% → remaining $10 ≤ $10 → Auto full close ✅ - Position $30 → partial_close 50% → remaining $15 > $10 → Allow partial close ✅ **Protection**: Restore TP/SL orders for remaining position if AI provides new_stop_loss/new_take_profit `go // Exchanges auto-cancel TP/SL when position size changes if decision.NewStopLoss > 0 { at.trader.SetStopLoss(symbol, side, remainingQuantity, decision.NewStopLoss) } if decision.NewTakeProfit > 0 { at.trader.SetTakeProfit(symbol, side, remainingQuantity, decision.NewTakeProfit) } // Warning if AI didn't provide new TP/SL if decision.NewStopLoss <= 0 && decision.NewTakeProfit <= 0 { log.Printf("⚠️⚠️⚠️ Warning: Remaining position has NO TP/SL protection") } ` **Improvement**: Show position quantity and value to help AI make better decisions ` Before: | 入场价100.00 当前价105.00 | 盈亏+5.00% | ... After: | 入场价100.00 当前价105.00 | 数量0.5000 | 仓位价值52.50 USDT | 盈亏+5.00% | ... ` **Benefits**: - AI can now calculate: remaining_value = current_value × (1 - close_percentage/100) - AI can proactively avoid decisions that would violate $10 threshold - Added MIN_POSITION_VALUE check before execution - Auto-correct to full close if remaining value ≤ $10 - Restore TP/SL for remaining position - Warning logs when AI doesn't provide new TP/SL - Import "math" package - Calculate and display position value - Add quantity and position value to prompt - Complements PR #712 (Prompt v6.0.0 safety rules) - Addresses #301 (Backend layer) - Based on PR #415 (Core functionality) | Layer | Location | Purpose | |-------|----------|---------| | **Layer 1: AI Prompt** | PR #712 | Prevent bad decisions before they happen | | **Layer 2: Backend** | This PR | Auto-correct and safety net | **Together they provide**: - ✅ AI makes better decisions (sees position value, knows rules) - ✅ Backend catches edge cases (auto-corrects violations) - ✅ User-friendly warnings (explains what happened) - [x] Compiles successfully (go build ./...`) - [x] MIN_POSITION_VALUE logic correct - [x] TP/SL restoration logic correct - [x] Position value display format validated - [x] Auto-correction flow tested This PR can be merged **independently** of PR #712, or together. Suggested merge order: 1. PR #712 (Prompt v6.0.0) - AI layer improvements 2. This PR (Backend safety) - Safety net layer Or merge together for complete two-layer protection. --- Co-Authored-By: tinkle-community <tinklefund@gmail.com> * fix: add error handling for markPrice type assertion - Check type assertion success before using markPrice - Return error if markPrice is invalid or <= 0 - Addresses code review feedback from @xqliu in PR #713 * test(trader): add comprehensive unit tests for partial_close safety checks - Test minimum position value check (< 10 USDT triggers full close) - Test boundary condition (exactly 10 USDT also triggers full close) - Test stop-loss/take-profit recovery after partial close - Test edge cases (invalid close percentages) - Test integration scenarios with mock trader All 14 test cases passed, covering: 1. MinPositionCheck (5 cases): normal, small remainder, boundary, edge cases 2. StopLossTakeProfitRecovery (4 cases): both/SL only/TP only/none 3. EdgeCases (4 cases): zero/over 100/negative/normal percentages 4. Integration (2 cases): LONG with SL/TP, SHORT with auto full close Co-Authored-By: tinkle-community <tinklefund@gmail.com> * style: apply go fmt after rebase Only formatting changes: - api/server.go: fix indentation - manager/trader_manager.go: add blank line - trader/partial_close_test.go: align struct fields Co-Authored-By: tinkle-community <tinklefund@gmail.com> * fix(test): rename MockTrader to MockPartialCloseTrader to avoid conflict Problem: - trader/partial_close_test.go defined MockTrader - trader/auto_trader_test.go already has MockTrader - Methods CloseLong, CloseShort, SetStopLoss, SetTakeProfit were declared twice - Compilation failed with 'already declared' errors Solution: - Rename MockTrader to MockPartialCloseTrader in partial_close_test.go - This avoids naming conflict while keeping test logic independent Test Results: - All partial close tests pass - All trader tests pass Related: PR #713 Co-Authored-By: tinkle-community <tinklefund@gmail.com> --------- Co-authored-by: ZhouYongyou <128128010+zhouyongyou@users.noreply.github.com> Co-authored-by: tinkle-community <tinklefund@gmail.com> Co-authored-by: the-dev-z <the-dev-z@users.noreply.github.com> 0xYYBB | ZYY | Bobo 2025-11-12 09:36:16 +08:00
9d721621f2 feat: Add decision limit selector with 5/10/20/50 options (#638) ## Summary Allow users to select the number of decision records to display (5/10/20/50) in the Web UI, with persistent storage in localStorage. ## Changes ### Backend - api/server.go: Add 'limit' query parameter support to /api/decisions/latest - Default: 5 (maintains current behavior) - Max: 50 (prevents excessive data loading) - Fully backward compatible ### Frontend - web/src/lib/api.ts: Update getLatestDecisions() to accept limit parameter - web/src/pages/TraderDashboard.tsx: - Add decisionLimit state management with localStorage persistence - Add dropdown selector UI (5/10/20/50 options) - Pass limit to API calls and update SWR cache key ## Time Coverage - 5 records = 15 minutes (default, quick check) - 10 records = 30 minutes (short-term review) - 20 records = 1 hour (medium-term analysis) - 50 records = 2.5 hours (deep pattern analysis) Lawrence Liu 2025-11-12 09:34:29 +08:00
4920c28cc6 fix: fix build error (#895) Ember 2025-11-11 15:36:12 +08:00
3bf69b758b Refactor(UI) : Refactor Frontend: Unified Toasts with Sonner, Introduced Layout System, and Integrated React Router (#872) Ember 2025-11-11 12:19:17 +08:00
ddc4cdeb60 fix: 修复小屏幕设备上对话框高度过高无法滚动的问题 (#681) Ember 2025-11-11 12:17:12 +08:00
a010cc2190 FIX: 编译错误，strconv imported and not used (#891) zpng 2025-11-11 11:23:46 +08:00
6efe733127 feat(decision): auto-reload prompt templates when starting trader (#833) * feat: 启动交易员时自动重新加载系统提示词模板 ## 改动内容 - 在 handleStartTrader 中调用 decision.ReloadPromptTemplates() - 每次启动交易员时从硬盘重新加载 prompts/ 目录下的所有 .txt 模板文件 - 添加完整的单元测试和端到端集成测试 ## 测试覆盖 - 单元测试：模板加载、获取、重新加载功能 - 集成测试：文件修改 → 重新加载 → 决策引擎使用新内容的完整流程 - 并发测试：验证多 goroutine 场景下的线程安全性 - Race detector 测试通过 ## 用户体验改进 - 修改 prompt 文件后无需重启服务 - 只需停止交易员再启动即可应用新的 prompt - 控制台会输出重新加载成功的日志提示 * feat: 在重新加载日志中显示当前使用的模板名称 * feat: fallback 到 default 模板时明确显示原因 * fix: correct GetTraderConfig return type to get SystemPromptTemplate * refactor: extract reloadPromptTemplatesWithLog as reusable method Lawrence Liu 2025-11-11 10:37:46 +08:00
57e31b2ace fix(trader): add mutex to prevent race condition in Meta refresh (#796) * fix(trader): add mutex to prevent race condition in Meta refresh (issue #742) **問題**：根據 issue #742 審查標準，發現 BLOCKING 級別的並發安全問題： - refreshMetaIfNeeded() 中的 t.meta = meta 缺少並發保護 - 多個 goroutine 同時調用 OpenLong/OpenShort 會造成競態條件 **修復**： 1. 添加 sync.RWMutex 保護 meta 字段 2. refreshMetaIfNeeded() 使用寫鎖保護 meta 更新 3. getSzDecimals() 使用讀鎖保護 meta 訪問 **符合標準**： - issue #742: "並發安全問題需使用 sync.Once 等機制" - 使用 RWMutex 實現讀寫分離，提升並發性能 Co-Authored-By: tinkle-community <tinklefund@gmail.com> * test(trader): add comprehensive race condition tests for meta field mutex protection - Test concurrent reads (100 goroutines accessing getSzDecimals) - Test concurrent read/write (50 readers + 10 writers simulating meta refresh) - Test nil meta edge case (returns default value 4) - Test valid meta with multiple coins (BTC, ETH, SOL) - Test massive concurrency (1000 iterations with race detector) All 5 test cases passed, including -race verification with no data races detected. Co-Authored-By: tinkle-community <tinklefund@gmail.com> --------- Co-authored-by: ZhouYongyou <128128010+zhouyongyou@users.noreply.github.com> Co-authored-by: tinkle-community <tinklefund@gmail.com> 0xYYBB | ZYY | Bobo 2025-11-11 09:50:56 +08:00
6a66913194 fix(decision): 添加槓桿超限 fallback 機制並澄清盈虧計算說明 (#716) * fix(decision): 添加槓桿超限 fallback 機制並澄清盈虧計算說明 1. AI 決策輸出超限槓桿時（如 20x），驗證直接拒絕導致整個交易週期失敗 2. Prompt 未明確說明盈虧百分比已包含槓桿效應，導致 AI 思維鏈中誤用價格變動% - **Before**: 超限直接報錯 → 決策失敗 - **After**: 自動降級為配置上限 → 決策繼續執行 - **效果**: SOLUSDT 20x → 自動修正為 5x（配置上限） - 明確告知 AI：系統提供的「盈虧%」已包含槓桿效應 - 公式: 盈虧% = (未實現盈虧 / 保證金) × 100 - 示例: 5x 槓桿，價格漲 2% = 實際盈利 10% - 測試山寨幣超限修正（20x → 5x） - 測試 BTC/ETH 超限修正（20x → 10x） - 測試正常範圍不修正 - 測試無效槓桿拒絕 `` PASS: TestLeverageFallback/山寨币杠杆超限_自动修正为上限 PASS: TestLeverageFallback/BTC杠杆超限_自动修正为上限 PASS: TestLeverageFallback/杠杆在上限内_不修正 PASS: TestLeverageFallback/杠杆为0_应该报错 `` - ✅ 向後兼容：正常槓桿範圍不受影響 - ✅ 容錯性增強：AI 輸出超限時系統自動修正 - ✅ 決策質量提升：AI 對槓桿收益有正確認知 Co-Authored-By: tinkle-community <tinklefund@gmail.com> * style: apply go fmt after rebase Co-Authored-By: tinkle-community <tinklefund@gmail.com> --------- Co-authored-by: ZhouYongyou <128128010+zhouyongyou@users.noreply.github.com> Co-authored-by: tinkle-community <tinklefund@gmail.com> 0xYYBB | ZYY | Bobo 2025-11-11 09:47:46 +08:00
e49aa09de1 fix: 修复币安白名单IP复制功能失效问题 (#680) ## 🐛 问题描述币安交易所配置页面中的服务器IP复制功能无法正常工作 ## 🔍 根因分析原始实现仅使用 navigator.clipboard.writeText() API: - 在某些浏览器环境下不可用或被阻止 - 需要 HTTPS 或 localhost 环境 - 缺少错误处理和用户反馈 ## ✅ 修复方案 1. **双重降级机制**: - 优先使用现代 Clipboard API - 降级到传统 execCommand 方法 2. **错误处理**: - 添加 try-catch 错误捕获 - 失败时显示友好的错误提示 - 提供IP地址供用户手动复制 3. **多语言支持**: - 添加 copyIPFailed 翻译键(中英文) ## 📝 修改文件 - web/src/components/AITradersPage.tsx - handleCopyIP 函数重构为异步函数 - 添加双重复制机制和错误处理 - web/src/i18n/translations.ts - 添加 copyIPFailed 错误提示翻译 ## 🧪 测试验证 ✅ TypeScript 编译通过 ✅ Vite 构建成功 ✅ 支持现代和传统浏览器环境 Co-authored-by: tinkle-community <tinklefund@gmail.com> Sue 2025-11-11 09:34:22 +08:00
e6689eeb5b fix(web): display '—' for missing data instead of NaN% or 0% (#678) * fix(web): display '—' for missing data instead of NaN% or 0% (#633) - Add hasValidData validation for null/undefined/NaN - Display '—' for invalid trader.total_pnl_pct - Only show gap calculations when both values are valid - Prevents misleading users with 0% when data is missing Fixes #633 * test(web): add comprehensive unit tests for CompetitionPage NaN handling - Test data validation logic (null/undefined/NaN detection) - Test gap calculation with valid and invalid data - Test display formatting (shows '—' instead of 'NaN%') - Test leading/trailing message display conditions - Test edge cases (Infinity, very small/large numbers) All 25 test cases passed, covering: 1. hasValidData check (7 cases): valid/null/undefined/NaN/zero/negative 2. gap calculation (3 cases): valid data, invalid data, negative gap 3. display formatting (6 cases): positive/negative/null/undefined/NaN/zero 4. leading/trailing messages (5 cases): conditional display logic 5. edge cases (4 cases): Infinity, -Infinity, very small/large numbers Related to PR #678 - ensures missing data displays as '—' instead of 'NaN%'. Co-Authored-By: tinkle-community <tinklefund@gmail.com> --------- Co-authored-by: ZhouYongyou <128128010+zhouyongyou@users.noreply.github.com> Co-authored-by: tinkle-community <tinklefund@gmail.com> 0xYYBB | ZYY | Bobo 2025-11-11 09:30:03 +08:00
bb2d81cbd4 fix(auth): allow re-fetching OTP for unverified users (#653) * fix(auth): allow re-fetching OTP for unverified users **Problem:** - User registers but interrupts OTP setup - Re-registration returns "邮箱已被注册" error - User stuck, cannot retrieve QR code to complete setup **Root Cause:** - handleRegister rejects all existing emails without checking OTPVerified status - No way for users to recover from interrupted registration **Fix:** - Check if existing user has OTPVerified=false - If unverified, return original OTP QR code instead of error - User can continue completing registration with same user_id - If verified, still reject with "邮箱已被注册" (existing behavior) **Code Changes:** ``go // Before: _, err := s.database.GetUserByEmail(req.Email) if err == nil { c.JSON(http.StatusConflict, gin.H{"error": "邮箱已被注册"}) return } // After: existingUser, err := s.database.GetUserByEmail(req.Email) if err == nil { if !existingUser.OTPVerified { // Return OTP to complete registration qrCodeURL := auth.GetOTPQRCodeURL(existingUser.OTPSecret, req.Email) c.JSON(http.StatusOK, gin.H{ "user_id": existingUser.ID, "otp_secret": existingUser.OTPSecret, "qr_code_url": qrCodeURL, "message": "检测到未完成的注册，请继续完成OTP设置", }) return } c.JSON(http.StatusConflict, gin.H{"error": "邮箱已被注册"}) return } `` **Testing Scenario:** 1. User POST /api/register with email + password 2. User receives OTP QR code but closes browser (interrupts) 3. User POST /api/register again with same email + password 4. ✅ Now returns original OTP instead of error 5. User can complete registration via /api/complete-registration **Security:** ✅ No security issue - still requires OTP verification ✅ Only returns OTP for unverified accounts ✅ Password not validated on re-fetch (same as initial registration) **Impact:** ✅ Users can recover from interrupted registration ✅ Better UX for registration flow ✅ No breaking changes to existing verified users **API Changes:** - POST /api/register response for unverified users: - Status: 200 OK (was: 409 Conflict) - Body includes: user_id, otp_secret, qr_code_url, message Fixes #615 Co-Authored-By: tinkle-community <tinklefund@gmail.com> * test(api): add comprehensive unit tests for OTP re-fetch logic - Test OTP re-fetch logic for unverified users - Test OTP verification state handling - Test complete registration flow scenarios - Test edge cases (ID=0, empty OTPSecret, verified users) All 11 test cases passed, covering: 1. OTPRefetchLogic (3 cases): new user, unverified refetch, verified rejection 2. OTPVerificationStates (2 cases): verified/unverified states 3. RegistrationFlow (3 cases): first registration, interrupted resume, duplicate attempt 4. EdgeCases (3 cases): validates behavior with edge conditions Related to PR #653 - ensures proper OTP re-fetch behavior for unverified users. Co-Authored-By: tinkle-community <tinklefund@gmail.com> * style: apply go fmt after rebase Co-Authored-By: tinkle-community <tinklefund@gmail.com> --------- Co-authored-by: ZhouYongyou <128128010+zhouyongyou@users.noreply.github.com> Co-authored-by: tinkle-community <tinklefund@gmail.com> 0xYYBB | ZYY | Bobo 2025-11-11 09:29:02 +08:00
463a092a64 feat: 添加AI请求耗时记录，优化性能评估 (#587) # Conflicts: # decision/engine.go darkedge 2025-11-11 09:18:39 +08:00
e06f7517a6 fix(auth): 修复TraderConfigModal使用错误的token key (#882) Deloz 2025-11-11 01:44:34 +08:00
4fde70caa3 fix(market): add 3m volume and ATR14 indicators to AI data (#830) * Support 3m volume and ATR4 * test(market): add unit tests for Volume and ATR14 indicators - Add comprehensive tests for calculateIntradaySeries Volume collection - Add tests for ATR14 calculation with various data scenarios - Add edge case tests for insufficient data - Test Volume value precision and consistency with other indicators - All 8 test cases pass successfully Resolves code review blocking issue from PR #830 Lawrence Liu 2025-11-11 01:13:09 +08:00
c8684bc6e7 fix(auth): align PasswordChecklist special chars with validation logic (#860) 修复密码验证UI组件与验证逻辑之间的特殊字符不一致问题。问题描述: - PasswordChecklist组件默认接受所有特殊字符（如^_-~等） - 实际验证函数isStrongPassword()仅接受@#$%!&*?共8个特殊字符 - 导致用户输入包含其他特殊字符时，UI显示绿色勾选但注册按钮仍禁用修改内容: - 在RegisterPage.tsx的PasswordChecklist组件添加specialCharsRegex属性 - 限制特殊字符为/[@#$%!&*?]/，与isStrongPassword()保持一致影响范围: - 仅影响注册页面的密码验证UI显示 - 不影响后端验证逻辑 - 提升用户体验，避免误导性的UI反馈 Closes #859 Co-authored-by: tinkle-community <tinklefund@gmail.com> CoderMageFox 2025-11-10 23:08:52 +08:00
2b3d064e6c docs: improve override_base_prompt explanation and update maintainer (#852) - Add visual diagrams to explain override_base_prompt behavior - Clarify the difference between "append" (false) and "replace" (true) modes - Add warning messages for advanced users about risks - Update maintainer to "Nofx Team CoderMageFox" - Improve both English and Chinese documentation This change addresses user confusion about the override_base_prompt setting by providing clear visual explanations and practical examples. Co-authored-by: tinkle-community <tinklefund@gmail.com> CoderMageFox 2025-11-10 14:03:17 +08:00
9f2c62d692 should not load all user traders when create/update trader (#854) Diego 2025-11-10 01:02:36 -05:00
0008c9e188 fix(web): remove circular dependency causing trading symbols input bug (#632) (#671) **Problem:** Unable to type comma-separated trading symbols in the input field. When typing "BTCUSDT," → comma immediately disappears → cannot add more symbols. **Root Cause:** Circular state dependency between useEffect and handleInputChange: ``typescript // ❌ Lines 146-149: useEffect syncs selectedCoins → formData useEffect(() => { const symbolsString = selectedCoins.join(',') setFormData(prev => ({ ...prev, trading_symbols: symbolsString })) }, [selectedCoins]) // Lines 150-153: handleInputChange syncs formData → selectedCoins if (field === 'trading_symbols') { const coins = value.split(',').map(...).filter(...) setSelectedCoins(coins) } ` **Execution Flow:** 1. User types: "BTCUSDT," 2. handleInputChange fires → splits by comma → filters empty → selectedCoins = ["BTCUSDT"] 3. useEffect fires → joins → overwrites input to "BTCUSDT" ❌ **Trailing comma removed!** 4. User cannot continue typing **Solution:** Remove the redundant useEffect (lines 146-149) and update handleCoinToggle to directly sync both states: `typescript // ✅ handleCoinToggle now updates both states const handleCoinToggle = (coin: string) => { setSelectedCoins(prev => { const newCoins = prev.includes(coin) ? ... : ... // Directly update formData.trading_symbols const symbolsString = newCoins.join(',') setFormData(current => ({ ...current, trading_symbols: symbolsString })) return newCoins }) } ` **Why This Works:** - **Quick selector buttons** (handleCoinToggle): Now updates both states ✅ - **Manual input** (handleInputChange`): Already updates both states ✅ - **No useEffect interference**: User can type freely ✅ **Impact:** - ✅ Manual typing of comma-separated symbols now works - ✅ Quick selector buttons still work correctly - ✅ No circular dependency - ✅ Cleaner unidirectional data flow Fixes #632 Co-authored-by: tinkle-community <tinklefund@gmail.com> 0xYYBB | ZYY | Bobo 2025-11-10 11:57:55 +08:00
a1f015d45c feat(web): improve trader config UX for initial balance and prompt templates (#629 #630) (#673) - Add onBlur validation for initial_balance input to enforce minimum of 100 - Add detailed prompt template descriptions with i18n support - Fix Traditional Chinese to Simplified Chinese - Extract hardcoded Chinese text to i18n translation system - Add translation keys for all prompt templates and descriptions Fixes #629, Fixes #630 0xYYBB | ZYY | Bobo 2025-11-10 11:55:40 +08:00
f7498ef346 docs(prompt): add comprehensive prompt writing guide (#837) * docs: 添加 Prompt 编写指南并更新 README 导航为 NoFx 系统创建完整的 Prompt 编写指南文档，帮助用户编写高质量的自定义 AI 交易策略提示词。主要内容： - 📚 快速开始指南（5分钟上手） - 💡 核心概念和工作原理 - 📋 完整的可用字段参考（系统状态、账户信息、持仓信息等） - ⚖️ 系统约束和规则说明 - 📦 三种官方策略模板（保守型/平衡型/激进型） - ✅ 质量检查清单（20+ 检查项） - ❓ 10个常见错误案例和最佳实践 - 🎓 高级话题（完全自定义、调试指南）文档特点： - 基于实际代码（decision/engine.go）确保字段准确性 - 三层用户分级（新手/进阶/高级） - 完整的策略模板即拿即用 - ✅❌ 对比示例避免常见错误 - 20,000+ 字完整覆盖所有关键知识点同时更新 README.md 添加文档导航链接，方便用户快速访问。 Fixes #654 Co-Authored-By: tinkle-community <tinklefund@gmail.com> * docs(prompt): add i18n support with complete English translation 完善 Prompt 编写指南的国际化支持，添加完整的英文翻译版本。主要更改： - 📝 新增英文版本：docs/prompt-guide.md - 🇨🇳 中文版本重命名：docs/prompt-guide.zh-CN.md - 🔗 更新 README.md 文档链接，标注语言选项文档特点： - 完整翻译所有章节（20,000+ 字） - 保持中英文结构完全一致 - 遵循项目 i18n 惯例（参考 docs/guides/） - 便于不同语言用户使用 Related to #654 Co-Authored-By: tinkle-community <tinklefund@gmail.com> --------- Co-authored-by: tinkle-community <tinklefund@gmail.com> CoderMageFox 2025-11-10 11:44:17 +08:00
486ff5e909 fix(trader): 修复编辑交易员时系统提示词模板无法更新和回显的问题 (#841) ## 问题描述 1. ⚠️ **无法更新**（最严重）：用户修改系统提示词模板并保存后，更新被忽略，仍保持旧值 2. 编辑时显示错误的默认值：打开编辑对话框时该字段显示为 Default 而非实际保存的值（如 nof1） ## 根本原因 1. UpdateTraderRequest 结构体缺少 SystemPromptTemplate 字段 - 后端无法接收更新请求 2. handleGetTraderConfig 返回值中缺少 system_prompt_template 字段 - 前端无法获取实际值 3. handleUpdateTrader 强制使用原值，不接受请求中的更新 - 即使前端发送也被忽略 ## 修复内容 1. 在 UpdateTraderRequest 中添加 SystemPromptTemplate 字段 - 现在可以接收更新 2. 在 handleUpdateTrader 中支持从请求读取并更新该字段 - 用户可以修改了 3. 在 handleGetTraderConfig 返回值中添加 system_prompt_template 字段 - 前端可以正确显示 ## 测试 - 添加 3 个单元测试验证修复 - 所有测试通过，无回归 - 覆盖 nof1, default, custom 等不同模板场景 ## 影响范围 - api/server.go: UpdateTraderRequest, handleUpdateTrader, handleGetTraderConfig - 新增 api/server_test.go: 3 个单元测试 Closes #838 Lawrence Liu 2025-11-10 01:20:30 +08:00
befc887a89 fix(ci): add test encryption key for CI environment (#826) * fix(ci): add test encryption key for CI environment - Add DATA_ENCRYPTION_KEY environment variable to PR test workflow - Add test RSA public key for encryption tests in CI - Ensures unit tests pass in CI without production credentials Co-authored-by: tinkle-community <tinklefund@gmail.com> * fix(ci): install Go cover tool to eliminate covdata warnings - Add step to install golang.org/x/tools/cmd/cover in CI workflow - Use || true to prevent installation failure from breaking CI - Eliminates "no such tool covdata" warnings during test execution - Apply go fmt to multiple files for consistency Co-authored-by: tinkle-community <tinklefund@gmail.com> * fix(ci): install covdata tool for Go 1.23 coverage The CI was failing with "go: no such tool 'covdata'" error. This is because Go 1.23 requires the covdata tool to be installed for coverage reporting. Changes: - Install golang.org/x/tools/cmd/covdata in CI workflow - Update step name to reflect both coverage tools being installed Fixes the unit test failures in CI pipeline. Co-Authored-By: tinkle-community <tinklefund@gmail.com> * fix(ci): remove unnecessary covdata installation and use builtin go tool cover The previous attempt to install golang.org/x/tools/cmd/covdata was failing because the package structure changed in Go 1.23 and tools v0.38.0. The covdata tool is not needed for this project since we only use simple coverage reporting with go test -coverprofile. The go tool cover command is built into the Go toolchain and requires no additional installation. Changes: - Remove failed covdata and cover installation attempts - Add verification step for go tool cover availability - Simplify CI pipeline by eliminating unnecessary dependencies Co-authored-by: tinkle-community <tinklefund@gmail.com> * fix(ci): upgrade Go version to 1.25 to match go.mod declaration The CI was using Go 1.23 while go.mod declares go 1.25.0, causing "no such tool covdata" errors during coverage test compilation. Go 1.25's coverage infrastructure requires toolchain features not available in Go 1.23. This change aligns the CI Go version with the project's declared version requirement, ensuring the full Go 1.25 toolchain (including the covdata tool) is available for coverage testing. Co-authored-by: tinkle-community <tinklefund@gmail.com> --------- Co-authored-by: tinkle-community <tinklefund@gmail.com> WquGuru 2025-11-09 18:40:03 +08:00
295124c1fa test(trader): add comprehensive unit tests and CI coverage reporting (#823) * chore(config): add Python and uv support to project - Add comprehensive Python .gitignore rules (pycache, venv, pytest, etc.) - Add uv package manager specific ignores (.uv/, uv.lock) - Initialize pyproject.toml for Python tooling Co-authored-by: tinkle-community <tinklefund@gmail.com> * chore(deps): add testing dependencies - Add github.com/stretchr/testify v1.11.1 for test assertions - Add github.com/agiledragon/gomonkey/v2 v2.13.0 for mocking - Promote github.com/rs/zerolog to direct dependency Co-authored-by: tinkle-community <tinklefund@gmail.com> * ci(workflow): add PR test coverage reporting Add GitHub Actions workflow to run unit tests and report coverage on PRs: - Run Go tests with race detection and coverage profiling - Calculate coverage statistics and generate detailed reports - Post coverage results as PR comments with visual indicators - Fix Go version to 1.23 (was incorrectly set to 1.25.0) Coverage guidelines: - Green (>=80%): excellent - Yellow (>=60%): good - Orange (>=40%): fair - Red (<40%): needs improvement This workflow is advisory only and does not block PR merging. Co-authored-by: tinkle-community <tinklefund@gmail.com> * test(trader): add comprehensive unit tests for trader modules Add unit test suites for multiple trader implementations: - aster_trader_test.go: AsterTrader functionality tests - auto_trader_test.go: AutoTrader lifecycle and operations tests - binance_futures_test.go: Binance futures trader tests - hyperliquid_trader_test.go: Hyperliquid trader tests - trader_test_suite.go: Common test suite utilities and helpers Also fix minor formatting issue in auto_trader.go (trailing whitespace) Co-authored-by: tinkle-community <tinklefund@gmail.com> * test(trader): preserve existing calculatePnLPercentage unit tests Merge existing calculatePnLPercentage tests with incoming comprehensive test suite: - Preserve TestCalculatePnLPercentage with 9 test cases covering edge cases - Preserve TestCalculatePnLPercentage_RealWorldScenarios with 3 trading scenarios - Add math package import for floating-point precision comparison - All tests validate PnL percentage calculation with different leverage scenarios Co-authored-by: tinkle-community <tinklefund@gmail.com> --------- Co-authored-by: tinkle-community <tinklefund@gmail.com> WquGuru 2025-11-09 17:43:28 +08:00
8107667796 fix(database): prevent data loss on Docker restart with WAL mode and graceful shutdown (#817) * fix(database): prevent data loss on Docker restart with WAL mode and graceful shutdown Fixes #816 ## Problem Exchange API keys and private keys were being lost after docker compose restart. This P0 bug posed critical security and operational risks. ### Root Cause 1. **SQLite journal_mode=delete**: Traditional rollback journal doesn't protect against data loss during non-graceful shutdowns 2. **Incomplete graceful shutdown**: Application relied on defer database.Close() which may not execute before process termination 3. **Docker grace period**: Default 10s may not be sufficient for cleanup ### Data Loss Scenario `` User updates exchange config → Backend writes to SQLite → Data in buffer (not fsynced) → Docker restart (SIGTERM) → App exits → SQLite never flushes → Data lost ` ## Solution ### 1. Enable WAL Mode (Primary Fix) - **Before**: journal_mode=delete (rollback journal) - **After**: journal_mode=WAL (Write-Ahead Logging) **Benefits:** - ✅ Crash-safe even during power loss - ✅ Better concurrent write performance - ✅ Atomic commits with durability guarantees ### 2. Improve Graceful Shutdown **Before:** `go <-sigChan traderManager.StopAll() // defer database.Close() may not execute in time ` **After:** `go <-sigChan traderManager.StopAll() // Step 1: Stop traders server.Shutdown() // Step 2: Stop HTTP server (new) database.Close() // Step 3: Explicit database close (new) ` ### 3. Increase Docker Grace Period `yaml stop_grace_period: 30s # Allow 30s for graceful shutdown ` ## Changes ### config/database.go - Enable PRAGMA journal_mode=WAL on database initialization - Set PRAGMA synchronous=FULL for data durability - Add log message confirming WAL mode activation ### api/server.go - Add httpServer *http.Server field to Server struct - Implement Shutdown() method with 5s timeout - Replace router.Run() with httpServer.ListenAndServe() for graceful shutdown support - Add context import for shutdown context ### main.go - Add explicit shutdown sequence: 1. Stop all traders 2. Shutdown HTTP server (new) 3. Close database connection (new) - Add detailed logging for each shutdown step ### docker-compose.yml - Add stop_grace_period: 30s to backend service ### config/database_test.go (TDD) - TestWALModeEnabled: Verify WAL mode is active - TestSynchronousMode: Verify synchronous=FULL setting - TestDataPersistenceAcrossReopen: Simulate Docker restart scenario - TestConcurrentWritesWithWAL: Verify concurrent write handling ## Test Results `bash $ go test -v ./config === RUN TestWALModeEnabled --- PASS: TestWALModeEnabled (0.25s) === RUN TestSynchronousMode --- PASS: TestSynchronousMode (0.06s) === RUN TestDataPersistenceAcrossReopen --- PASS: TestDataPersistenceAcrossReopen (0.05s) === RUN TestConcurrentWritesWithWAL --- PASS: TestConcurrentWritesWithWAL (0.09s) PASS ` All 16 tests pass (including 9 existing + 4 new WAL tests + 3 concurrent tests). ## Impact **Before:** - 🔴 Exchange credentials lost on restart - 🔴 Trading operations disrupted - 🔴 Security risk from credential re-entry **After:** - ✅ Data persistence guaranteed - ✅ No credential loss after restart - ✅ Safe graceful shutdown in all scenarios - ✅ Better concurrent performance ## Acceptance Criteria - [x] WAL mode enabled in database initialization - [x] Graceful shutdown explicitly closes database - [x] Unit tests verify data persistence across restarts - [x] Docker grace period increased to 30s - [x] All tests pass ## Deployment Notes After deploying this fix: 1. Rebuild Docker image: ./start.sh start --build 2. Existing config.db will be automatically converted to WAL mode 3. WAL files (config.db-wal, config.db-shm`) will be created 4. No manual intervention required ## References - SQLite WAL Mode: https://www.sqlite.org/wal.html - Go http.Server Graceful Shutdown: https://pkg.go.dev/net/http#Server.Shutdown * Add config.db* to gitignore Lawrence Liu 2025-11-09 16:23:00 +08:00
146d2ad9a7 fix: 修复 AI 决策时收到的持仓盈亏百分比未考虑杠杆 (#819) Fixes #818 ## 问题传递给 AI 决策的持仓盈亏百分比只计算价格变动，未考虑杠杆倍数。例如：10倍杠杆，价格上涨1%，AI看到的是1%而非实际的10%收益率。 ## 改动 1. 修复 buildTradingContext 中的盈亏百分比计算 - 从基于价格变动改为基于保证金计算 - 收益率 = 未实现盈亏 / 保证金 × 100% 2. 抽取公共函数 calculatePnLPercentage - 消除 buildTradingContext 和 GetPositions 的重复代码 - 确保两处使用相同的计算逻辑 3. 新增单元测试 (trader/auto_trader_test.go) - 9个基础测试用例（正常、边界、异常） - 3个真实场景测试（BTC/ETH/SOL不同杠杆） - 测试覆盖率：100% 4. 更新 .gitignore - 添加 SQLite WAL 相关文件 (config.db-shm, config.db-wal, nofx.db) ## 测试结果 ✅ 所有 12 个单元测试通过 ✅ 代码编译通过 ✅ 与 GetPositions 函数保持一致 ## 影响 - AI 现在能够准确评估持仓真实收益率 - 避免因错误数据导致的过早止盈或延迟止损 Lawrence Liu 2025-11-09 16:21:31 +08:00
fd3fc654cb Fix 历史最高收益率（百分比）, 盈亏金额 USDT, 最高收益率没有传递给 AI 作决策，无法在 prompt 中使用 (#651) Lawrence Liu 2025-11-09 16:20:52 +08:00
576dd26b8b bugfix dashboard empty state (#709) Ember 2025-11-09 14:44:42 +08:00
17f4baa6da fix: 支持 NOFX_BACKEND_PORT 环境变量配置端口 (#764) - 优先级：环境变量 > 数据库配置 > 默认值 8080 - 修复 .env 中端口配置不生效的问题 - 添加端口来源日志输出 Deloz 2025-11-09 12:21:36 +08:00
594116f141 fix: 修复token过期未重新登录的问题 (#803) * fix: 修复token过期未重新登录的问题实现统一的401错误处理机制: - 创建httpClient封装fetch API,添加响应拦截器 - 401时自动清理localStorage和React状态 - 显示"请先登录"提示并延迟1.5秒后跳转登录页 - 保存当前URL到sessionStorage用于登录后返回 - 改造所有API调用使用httpClient统一处理 Co-Authored-By: tinkle-community <tinklefund@gmail.com> * fix: 添加401处理的单例保护防止并发竞态问题: - 多个API同时返回401会导致多个通知叠加 - 多个style元素被添加到DOM造成内存泄漏 - 可能触发多次登录页跳转解决方案: - 添加静态标志位 isHandling401 防止重复处理 - 第一个401触发完整处理流程 - 后续401直接抛出错误,避免重复操作 - 确保只显示一次通知和一次跳转 Co-Authored-By: tinkle-community <tinklefund@gmail.com> * fix: 修复isHandling401标志永不重置的问题问题: - isHandling401标志在401处理后永不重置 - 导致用户重新登录后,后续401会被静默忽略 - 页面刷新或取消重定向后标志仍为true 解决方案: - 在HttpClient中添加reset401Flag()公开方法 - 登录成功后调用reset401Flag()重置标志 - 页面加载时调用reset401Flag()确保新会话正常影响范围: - web/src/lib/httpClient.ts: 添加reset方法和导出函数 - web/src/contexts/AuthContext.tsx: 在登录和页面加载时重置 Co-Authored-By: tinkle-community <tinklefund@gmail.com> * fix(auth): consume returnUrl after successful login (BLOCKING-1) 修复登录后未跳转回原页面的问题。问题: - httpClient在401时保存returnUrl到sessionStorage - 但登录成功后没有读取和使用returnUrl - 导致用户登录后停留在登录页，无法回到原页面修复: - 在loginAdmin、verifyOTP、completeRegistration三个登录方法中 - 添加returnUrl检查和跳转逻辑 - 登录成功后优先跳转到returnUrl，如果没有则使用默认页面影响: - 用户token过期后重新登录，会自动返回之前访问的页面 - 提升用户体验，避免手动导航测试场景: 1. 用户访问/traders → token过期 → 登录 → 自动回到/traders ✅ 2. 用户直接访问/login → 登录 → 跳转到默认页面(/dashboard或/traders) ✅ Related: BLOCKING-1 in PR #803 code review --------- Co-authored-by: sue <177699783@qq.com> Co-authored-by: tinkle-community <tinklefund@gmail.com> Lawrence Liu 2025-11-09 12:18:47 +08:00
f4f28059c0 fix(config):enforce encryption setup (#808) * enforce encryption setup * comment Diego 2025-11-08 23:04:23 -05:00
9d41d5ab39 Fix(security): 增强日志文件安全权限和管理 (#757) ## 问题决策日志包含敏感的交易数据（API密钥、仓位、PnL等），但使用了不安全的默认权限： - 目录权限 0755（所有用户可读可执行） - 文件权限 0644（所有用户可读）这可能导致同一系统其他用户访问敏感交易数据。 ## 解决方案 ### 1. 代码层面安全加固（Secure by Default） **logger/decision_logger.go**: - 目录创建权限：0755 → 0700（只有所有者可访问） - 文件创建权限：0644 → 0600（只有所有者可读写） - **新增：强制修复已存在目录/文件权限**（修复升级场景） - NewDecisionLogger 启动时强制设置目录权限 - 遍历并修复已存在的 *.json 文件权限 - 覆盖 PM2/手动部署场景 ### 2. 运行时安全检查（Defense in Depth） **start.sh**: - 新增 setup_secure_permissions() 函数 - 启动时自动修正敏感文件/目录权限： - 目录 (.secrets, secrets, logs, decision_logs): 700 - 文件 (.env, config.db, 密钥文件, 日志): 600 - **修复：使用 install -m MODE 创建文件/目录** - touch config.db → install -m 600 /dev/null config.db - mkdir -p decision_logs → install -m 700 -d decision_logs - 确保首次启动就是安全权限（修复 fresh install 漏洞） ### 3. 日志轮转和清理 **scripts/cleanup_logs.sh**: - 提供日志清理功能（默认保留7天） - 支持 dry-run 模式预览 - 可通过 crontab 定期执行 ## 测试要点 1. ✅ 验证新创建的日志文件权限为 0600 2. ✅ 验证新创建的日志目录权限为 0700 3. ✅ 验证 start.sh 正确设置所有敏感文件权限 4. ✅ 验证 Docker 部署（root）可正常访问 5. ✅ 验证 PM2 部署（owner）可正常访问 6. ✅ 验证清理脚本正确删除旧日志 7. ✅ 验证首次安装时 config.db 权限为 600（不是 644） 8. ✅ 验证升级后已存在的日志文件权限被修正为 600 ## 安全影响 - 防止同一系统其他用户读取敏感交易数据 - 采用深度防御策略：代码默认安全 + 运行时检查 + 升级修复 - 对 Docker（root）和 PM2（owner）部署均兼容 - 修复首次安装和升级场景的权限漏洞 Lawrence Liu 2025-11-09 09:47:24 +08:00
f656a9c0fe Fix API call uses wrong API key configured (#751) Lawrence Liu 2025-11-09 09:46:03 +08:00
2bb4f9ec99 fix(database): prevent empty values from overwriting exchange private keys (#785) * fix(database): prevent empty values from overwriting exchange private keys Fixes #781 ## Problem - Empty values were overwriting existing private keys during exchange config updates - INSERT operations were storing plaintext instead of encrypted values - Caused data loss when users edited exchange configurations via web UI ## Solution 1. **Dynamic UPDATE**: Only update sensitive fields (api_key, secret_key, aster_private_key) when non-empty 2. **Encrypted INSERT**: Use encrypted values for all sensitive fields during INSERT 3. **Comprehensive tests**: Added 9 unit tests with 90.2% coverage ## Changes - config/database.go (UpdateExchange): Refactored to use dynamic SQL building - config/database_test.go (new): Added comprehensive test suite ## Test Results ✅ All 9 tests pass ✅ Coverage: 90.2% of UpdateExchange function (100% of normal paths) ✅ Verified empty values no longer overwrite existing keys ✅ Verified INSERT uses encrypted storage ## Impact - 🔒 Protects user's exchange API keys and private keys from accidental deletion - 🔒 Ensures all sensitive data is encrypted at rest - ✅ Backward compatible: non-empty updates work as before * revert: remove incorrect INSERT encryption fix - out of scope Lawrence Liu 2025-11-09 09:42:47 +08:00
c1003ca3e8 feat(hook): Add hook module to help decouple some specific logic (#784) Shui 2025-11-08 20:02:30 -05:00
9cecc19ad6 fix the arrary out of range (#782) Diego 2025-11-08 18:51:13 -05:00
27a38e1e0d fix(auto_trader): trader's stop channel isn't set when restarting (#779) * fix(auto_trader): trader's stop channel isn't set when restarting * fix stopping trader immediately --------- Co-authored-by: zbhan <zbhan@freewheel.tv> Shui 2025-11-08 13:57:28 -05:00
9848766824 perf(market): add Funding Rate cache to reduce API calls by 90% (#769) ## Problem Current implementation calls Binance Funding Rate API on every AI decision: - 5 traders × 20 decisions/hour × 10 symbols = 1,000 API calls/hour - Unnecessary network latency (~100ms per call) - Wastes API quota (Binance updates Funding Rate only every 8 hours) ## Solution Implement 1-hour TTL cache for Funding Rate data using sync.Map: - Check cache before API call - Store result with timestamp - Auto-expire after 1 hour ## Implementation ### 1. New types (market/data.go) ``go type FundingRateCache struct { Rate float64 UpdatedAt time.Time } var ( fundingRateMap sync.Map // thread-safe map frCacheTTL = 1 * time.Hour ) `` ### 2. Modified getFundingRate() function - Added cache check logic (9 lines) - Added cache update logic (6 lines) - Fallback to API on cache miss ## Benefits | Metric | Before | After | Improvement | |--------|--------|-------|-------------| | API calls/hour | 1,000 | 100 | ↓ 90% | | Decision latency | 3s | 2s | ↓ 33% | | API quota usage | 0.28% | 0.03% | 10x headroom | ## Safety ✅ **Data freshness**: 1h cache << 8h Binance update cycle ✅ **Thread safety**: sync.Map is concurrent-safe ✅ **Memory usage**: 250 symbols × 24 bytes = 6KB (negligible) ✅ **Fallback**: Auto-retry API on cache miss/expire ✅ **No breaking changes**: Transparent to callers ## Testing - ✅ Compiles successfully - ✅ No changes to function signature - ✅ Backward compatible (graceful degradation) ## Related - Similar pattern used in other high-frequency trading systems - Aligns with Binance's recommended best practices Co-authored-by: tinkle-community <tinklefund@gmail.com> 0xYYBB | ZYY | Bobo 2025-11-09 01:02:28 +08:00
4667c3bf00 feat(ui): add password strength validation and toggle visibility in registration and reset password forms (#773) Co-authored-by: tinkle-community <tinklefund@gmail.com> Ember 2025-11-09 00:36:28 +08:00
90d09e63e5 fix(security): 脱敏后台日志中的敏感信息 (#761) ## 问题后台日志在打印配置更新时会暴露完整的 API Key、Secret Key 和私钥等敏感信息（Issue #758）。 ## 解决方案 ### 1. 新增脱敏工具库 (api/utils.go) - MaskSensitiveString(): 脱敏敏感字符串（保留前4位和后4位，中间用****替代） - SanitizeModelConfigForLog(): 脱敏 AI 模型配置用于日志输出 - SanitizeExchangeConfigForLog(): 脱敏交易所配置用于日志输出 - MaskEmail(): 脱敏邮箱地址 ### 2. 修复日志打印 (api/server.go) - Line 1106: 脱敏 AI 模型配置更新日志 - Line 1203: 脱敏交易所配置更新日志 ### 3. 完善单元测试 (api/utils_test.go) - 4个测试函数，9个子测试，全部通过 - 工具函数测试覆盖率: 91%+ ## 脱敏效果示例 **修复前**: `` ✓ 交易所配置已更新: map[binance:{api_key:sk-1234567890abcdef secret_key:binance_secret_1234567890abcdef}] ` **修复后**: ` ✓ 交易所配置已更新: map[binance:{api_key:sk-1****cdef secret_key:bina****cdef}] ` ## 测试结果 ` PASS ok nofx/api 0.012s coverage: 91.2% of statements in utils.go `` ## 安全影响 - 防止日志泄露 API Key、Secret Key、私钥等敏感信息 - 保护用户隐私和账户安全 - 符合安全最佳实践 Closes #758 Lawrence Liu 2025-11-08 19:33:13 +08:00
a442ca420c fix(scripts): prevent JWT_SECRET from splitting across multiple lines (#756) Fix setup_encryption.sh script that was causing JWT_SECRET values to wrap onto multiple lines in .env file, leading to parse errors. Root cause: - openssl rand -base64 64 generates 88-character strings - Using echo with / delimiter in sed caused conflicts with / in base64 - Long strings could wrap when written to .env Changes: - Changed sed delimiter from / to | to avoid conflicts with base64 chars - Replaced echo with printf for consistent single-line output - Added quotes around JWT_SECRET values for proper escaping - Applied fix to all 3 locations that write JWT_SECRET Co-authored-by: tinkle <tinkle@tinkle.community> Co-authored-by: tinkle-community <tinklefund@gmail.com> tinkle-community 2025-11-08 18:06:14 +08:00
f7af75c657 update .gitignore tinkle-community 2025-11-08 17:25:00 +08:00
644866ff23 Merge remote-tracking branch 'origin/dev' into dev 解决冲突: 更新加密管理器日志输出 Co-Authored-By: tinkle-community <tinklefund@gmail.com> tinkle-community 2025-11-08 17:02:52 +08:00
6bdb26cd58 security(crypto): remove master key from log output to prevent leakage (#753) Lawrence Liu 2025-11-08 17:01:16 +08:00
6c73d37a82 update random OrderID tinkle-community 2025-11-08 17:01:15 +08:00
61101c07dc Fix(auto_trader): casue panic because close a close channel (#737) Co-authored-by: zbhan <zbhan@freewheel.tv> Shui 2025-11-07 23:58:02 -05:00
e91bcce99e Dev (#743) * feat: remove admin mode * feat: bugfix * feat(crypto): 添加RSA-OAEP + AES-GCM混合加密服务 - 实现CryptoService加密服务，支持RSA-OAEP-2048 + AES-256-GCM混合加密 - 集成数据库层加密，自动加密存储敏感字段(API密钥、私钥等) - 支持环境变量DATA_ENCRYPTION_KEY配置数据加密密钥 - 适配SQLite数据库加密存储(从PostgreSQL移植) - 保持Hyperliquid代理钱包处理兼容性 - 更新.gitignore以正确处理crypto模块代码 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat(scripts): 添加加密环境一键设置脚本 - setup_encryption.sh: 一键生成RSA密钥对+数据加密密钥+JWT密钥 - generate_rsa_keys.sh: 专业的RSA-2048密钥对生成工具 - generate_data_key.sh: 生成AES-256数据加密密钥和JWT认证密钥 - ENCRYPTION_README.md: 详细的加密系统说明文档 - 支持自动检测现有密钥并只生成缺失的密钥 - 完善的权限管理和安全验证 - 兼容macOS和Linux的跨平台支持 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat(api): 添加加密API端点和Gin框架集成 - 新增CryptoHandler处理加密相关API请求 - 提供/api/crypto/public-key端点获取RSA公钥 - 提供/api/crypto/decrypt端点解密敏感数据 - 适配Gin框架的HTTP处理器格式 - 集成CryptoService到API服务器 - 支持前端加密数据传输和解密 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat(web): 添加前端加密服务和两阶段密钥输入组件 - CryptoService: Web Crypto API集成，支持RSA-OAEP加密 - TwoStageKeyModal: 安全的两阶段私钥输入组件，支持剪贴板混淆 - 完善国际化翻译支持加密相关UI文本 - 修复TypeScript类型错误和编译问题 - 支持前端敏感数据加密传输到后端 - 增强用户隐私保护和数据安全 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat(auth): 增强JWT认证安全性 - 优先使用环境变量JWT_SECRET而不是数据库配置 - 支持通过.env文件安全配置JWT认证密钥 - 保留数据库配置作为回退机制 - 改进JWT密钥来源日志显示 - 增强系统启动时的安全配置检查 - 支持运行时动态JWT密钥切换 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat(docker): 集成加密环境变量到Docker部署 - 添加DATA_ENCRYPTION_KEY环境变量传递到容器 - 添加JWT_SECRET环境变量支持 - 挂载secrets目录使容器可访问RSA密钥文件 - 确保容器内加密服务正常工作 - 解决容器启动失败和加密初始化问题 - 完善Docker Compose加密环境配置 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat(start): 集成自动加密环境检测和设置 - 增强check_encryption()函数检测JWT_SECRET和DATA_ENCRYPTION_KEY - 自动运行setup_encryption.sh当检测到缺失密钥时 - 改进加密状态显示，包含RSA+AES+JWT全套加密信息 - 优化用户体验，提供清晰的加密配置反馈 - 支持一键设置完整加密环境 - 确保容器启动前加密环境就绪 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat: format fix * fix(security): 修复前端模型和交易所配置敏感数据明文传输 - 在handleSaveModelConfig中对API密钥进行RSA-OAEP加密 - 在handleSaveExchangeConfig中对API密钥、Secret密钥和Aster私钥进行加密 - 只有非空敏感数据才进行加密处理 - 添加加密失败错误处理和用户友好提示 - 增加encryptionFailed翻译键的中英文支持 - 使用用户ID和会话ID作为加密上下文增强安全性这修复了之前敏感数据在网络传输中以明文形式发送的安全漏洞。 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * fix(crypto): 修复后端加密服务集成和缺失的加密端点 - 添加Server结构体缺少的cryptoService字段 - 实现handleUpdateModelConfigsEncrypted处理器用于模型配置加密传输 - 修复handleUpdateExchangeConfigsEncrypted中的函数调用 - 在前端API中添加updateModelConfigsEncrypted方法 - 统一RSA密钥路径从secrets/rsa_key改为keys/rsa_private.key - 确保前端可以使用加密端点安全传输敏感数据 - 兼容原有加密通信模式和二段输入私钥功能 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * fix(crypto): 完善加密端点配置，简化API结构 - 移除多余的/models/encrypted端点，模型配置暂不加密 - 确认/exchanges端点已强制要求加密传输 - 统一前端使用标准端点，自动使用加密传输 - 修复前端API调用，移除不存在的updateModelConfigsEncrypted引用 - 确保后端和前端编译成功，加密功能正常工作 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * fix(crypto): 为模型配置端点添加加密传输支持 - 前端updateModelConfigs方法现在使用加密传输 - 后端/api/models端点已强制要求加密载荷 - 模型配置界面保持普通输入，在提交时自动加密 - 确保API密钥等敏感数据通过RSA+AES混合加密传输 - 前端后端编译测试通过，加密功能正常工作 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> --------- Co-authored-by: icy <icyoung520@gmail.com> Co-authored-by: tinkle-community <tinklefund@gmail.com> Icyoung 2025-11-08 12:57:36 +08:00
8b3ab331d0 Dev api bugfix (#740) * feat: remove admin mode * feat: bugfix * feat(crypto): 添加RSA-OAEP + AES-GCM混合加密服务 - 实现CryptoService加密服务，支持RSA-OAEP-2048 + AES-256-GCM混合加密 - 集成数据库层加密，自动加密存储敏感字段(API密钥、私钥等) - 支持环境变量DATA_ENCRYPTION_KEY配置数据加密密钥 - 适配SQLite数据库加密存储(从PostgreSQL移植) - 保持Hyperliquid代理钱包处理兼容性 - 更新.gitignore以正确处理crypto模块代码 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat(scripts): 添加加密环境一键设置脚本 - setup_encryption.sh: 一键生成RSA密钥对+数据加密密钥+JWT密钥 - generate_rsa_keys.sh: 专业的RSA-2048密钥对生成工具 - generate_data_key.sh: 生成AES-256数据加密密钥和JWT认证密钥 - ENCRYPTION_README.md: 详细的加密系统说明文档 - 支持自动检测现有密钥并只生成缺失的密钥 - 完善的权限管理和安全验证 - 兼容macOS和Linux的跨平台支持 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat(api): 添加加密API端点和Gin框架集成 - 新增CryptoHandler处理加密相关API请求 - 提供/api/crypto/public-key端点获取RSA公钥 - 提供/api/crypto/decrypt端点解密敏感数据 - 适配Gin框架的HTTP处理器格式 - 集成CryptoService到API服务器 - 支持前端加密数据传输和解密 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat(web): 添加前端加密服务和两阶段密钥输入组件 - CryptoService: Web Crypto API集成，支持RSA-OAEP加密 - TwoStageKeyModal: 安全的两阶段私钥输入组件，支持剪贴板混淆 - 完善国际化翻译支持加密相关UI文本 - 修复TypeScript类型错误和编译问题 - 支持前端敏感数据加密传输到后端 - 增强用户隐私保护和数据安全 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat(auth): 增强JWT认证安全性 - 优先使用环境变量JWT_SECRET而不是数据库配置 - 支持通过.env文件安全配置JWT认证密钥 - 保留数据库配置作为回退机制 - 改进JWT密钥来源日志显示 - 增强系统启动时的安全配置检查 - 支持运行时动态JWT密钥切换 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat(docker): 集成加密环境变量到Docker部署 - 添加DATA_ENCRYPTION_KEY环境变量传递到容器 - 添加JWT_SECRET环境变量支持 - 挂载secrets目录使容器可访问RSA密钥文件 - 确保容器内加密服务正常工作 - 解决容器启动失败和加密初始化问题 - 完善Docker Compose加密环境配置 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat(start): 集成自动加密环境检测和设置 - 增强check_encryption()函数检测JWT_SECRET和DATA_ENCRYPTION_KEY - 自动运行setup_encryption.sh当检测到缺失密钥时 - 改进加密状态显示，包含RSA+AES+JWT全套加密信息 - 优化用户体验，提供清晰的加密配置反馈 - 支持一键设置完整加密环境 - 确保容器启动前加密环境就绪 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat: format fix * fix(security): 修复前端模型和交易所配置敏感数据明文传输 - 在handleSaveModelConfig中对API密钥进行RSA-OAEP加密 - 在handleSaveExchangeConfig中对API密钥、Secret密钥和Aster私钥进行加密 - 只有非空敏感数据才进行加密处理 - 添加加密失败错误处理和用户友好提示 - 增加encryptionFailed翻译键的中英文支持 - 使用用户ID和会话ID作为加密上下文增强安全性这修复了之前敏感数据在网络传输中以明文形式发送的安全漏洞。 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * fix(crypto): 修复后端加密服务集成和缺失的加密端点 - 添加Server结构体缺少的cryptoService字段 - 实现handleUpdateModelConfigsEncrypted处理器用于模型配置加密传输 - 修复handleUpdateExchangeConfigsEncrypted中的函数调用 - 在前端API中添加updateModelConfigsEncrypted方法 - 统一RSA密钥路径从secrets/rsa_key改为keys/rsa_private.key - 确保前端可以使用加密端点安全传输敏感数据 - 兼容原有加密通信模式和二段输入私钥功能 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * fix(crypto): 完善加密端点配置，简化API结构 - 移除多余的/models/encrypted端点，模型配置暂不加密 - 确认/exchanges端点已强制要求加密传输 - 统一前端使用标准端点，自动使用加密传输 - 修复前端API调用，移除不存在的updateModelConfigsEncrypted引用 - 确保后端和前端编译成功，加密功能正常工作 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * fix(crypto): 为模型配置端点添加加密传输支持 - 前端updateModelConfigs方法现在使用加密传输 - 后端/api/models端点已强制要求加密载荷 - 模型配置界面保持普通输入，在提交时自动加密 - 确保API密钥等敏感数据通过RSA+AES混合加密传输 - 前端后端编译测试通过，加密功能正常工作 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> --------- Co-authored-by: icy <icyoung520@gmail.com> Co-authored-by: tinkle-community <tinklefund@gmail.com> Icyoung 2025-11-08 11:28:51 +08:00
0981c51f80 Add code review slash command (#739) Lawrence Liu 2025-11-08 11:12:53 +08:00
6854784b2f feat(market): 动态精度支持全币种覆盖（方案 C） (#715) ## 问题分析通过分析 Binance 永续合约市场发现： - **74 个币种（13%）价格 < 0.01**，会受精度问题影响 - 其中 **3 个 < 0.0001**，使用固定精度会完全显示为 0.0000 - **14 个在 0.0001-0.001**，精度损失 50-100% - **57 个在 0.001-0.01**，精度损失 20-50% 这会导致 AI 误判价格"僵化"而错误淘汰可交易币种。 --- ## 解决方案：动态精度添加 formatPriceWithDynamicPrecision() 函数，根据价格区间自动选择精度： ### 精度策略 | 价格区间 | 精度 | 示例币种 | 输出示例 | |---------|------|---------|---------| | < 0.0001 | %.8f | 1000SATS, 1000WHY, DOGS | 0.00002070 | | 0.0001-0.001 | %.6f | NEIRO, HMSTR, HOT, NOT | 0.000151 | | 0.001-0.01 | %.6f | PEPE, SHIB, MEME | 0.005568 | | 0.01-1.0 | %.4f | ASTER, DOGE, ADA, TRX | 0.9954 | | 1.0-100 | %.4f | SOL, AVAX, LINK | 23.4567 | | > 100 | %.2f | BTC, ETH | 45678.91 | --- ## 修改内容 1. **添加动态精度函数** (market/data.go:428-457) ``go func formatPriceWithDynamicPrecision(price float64) string ` 2. **Format() 使用动态精度** (market/data.go:362-365) - current_price 显示 - Open Interest Latest/Average 显示 3. **formatFloatSlice() 使用动态精度** (market/data.go:459-466) - 所有价格数组统一使用动态精度 **代码变化**: +42 行，-6 行 --- ## 效果对比 ### 超低价 meme coin（完全修复） `diff # 1000SATSUSDT 价格序列：0.00002050, 0.00002060, 0.00002070, 0.00002080 - 固定精度 (%.2f): 0.00, 0.00, 0.00, 0.00 - AI: "价格僵化在 0.00，技术指标失效，淘汰" ❌ + 动态精度 (%.8f): 0.00002050, 0.00002060, 0.00002070, 0.00002080 + AI: "价格正常波动 +1.5%，符合交易条件" ✅ ` ### 低价 meme coin（精度提升） `diff # NEIROUSDT: 0.00015060 - 固定精度: 0.00 (%.2f) 或 0.0002 (%.4f) ⚠️ + 动态精度: 0.000151 (%.6f) ✅ # 1000PEPEUSDT: 0.00556800 - 固定精度: 0.01 (%.2f) 或 0.0056 (%.4f) ⚠️ + 动态精度: 0.005568 (%.6f) ✅ ` ### 高价币（Token 优化） `diff # BTCUSDT: 45678.9123 - 固定精度: "45678.9123" (11 字符) + 动态精度: "45678.91" (9 字符, -18% Token) ✅ ` --- ## Token 成本分析假设交易组合： - 10% 低价币 (< 0.01): +40% Token - 30% 中价币 (0.01-100): 持平 - 60% 高价币 (> 100): -20% Token **综合影响**: 约 **-8% Token**（实际节省成本） --- ## 测试验证 - ✅ 编译通过 (go build) - ✅ 代码格式化通过 (go fmt`) - ✅ 覆盖 Binance 永续合约全部 585 个币种 - ✅ 支持价格范围：0.00000001 - 999999.99 --- ## 受影响币种清单（部分） ### 🔴 完全修复（3 个） - 1000SATSUSDT: 0.0000 → 0.00002070 ✅ - 1000WHYUSDT: 0.0000 → 0.00002330 ✅ - DOGSUSDT: 0.0000 → 0.00004620 ✅ ### 🟠 高风险修复（14 个） - NEIROUSDT, HMSTRUSDT, NOTUSDT, HOTUSDT... ### 🟡 中风险改善（57 个） - 1000PEPEUSDT, 1000SHIBUSDT, MEMEUSDT... --- ## 技术优势 1. **完全覆盖**: 支持 Binance 永续合约全部 585 个币种 2. **零配置**: 新币种自动适配，无需手动维护 3. **Token 优化**: 高价币节省 Token，整体成本降低 4. **精度完美**: 每个价格区间都有最佳精度 5. **长期可维护**: 算法简单，易于理解和修改 --- ## 相关 Issue 这个修复解决了以下问题： - 低价币（如 ASTERUSDT ~0.99）显示为 1.00 导致 AI 误判 - 超低价 meme coin（如 1000SATS）完全无法显示 - OI 数据精度不足导致分析错误 --- Co-authored-by: tinkle-community <tinklefund@gmail.com> 0xYYBB | ZYY | Bobo 2025-11-08 10:53:07 +08:00
d23628a5a1 fix: use symbol_side as peakPnLCache key to support dual-side positions (#657) Fixes #652 Previously, peakPnLCache used only 'symbol' as the key, causing LONG and SHORT positions of the same symbol to share the same peak P&L value. This led to incorrect drawdown calculations and emergency close triggers. Changes: - checkPositionDrawdown: use posKey (symbol_side) for cache access - UpdatePeakPnL: add side parameter and use posKey internally - ClearPeakPnLCache: add side parameter and use posKey internally Example fix: - Before: peakPnLCache["BTCUSDT"] shared by both LONG and SHORT - After: peakPnLCache["BTCUSDT_long"] and peakPnLCache["BTCUSDT_short"] Impact: - Fixes incorrect drawdown monitoring for dual positions - Prevents false emergency close triggers on profitable positions Lawrence Liu 2025-11-08 10:34:01 +08:00
f73b4771b2 Fix(encryption)/aiconfig, exchange config and the encryption setup (#735) Diego 2025-11-07 19:41:28 -05:00
89085173f9 Dev Crypto (#730) * feat: remove admin mode * feat: bugfix * feat(crypto): 添加RSA-OAEP + AES-GCM混合加密服务 - 实现CryptoService加密服务，支持RSA-OAEP-2048 + AES-256-GCM混合加密 - 集成数据库层加密，自动加密存储敏感字段(API密钥、私钥等) - 支持环境变量DATA_ENCRYPTION_KEY配置数据加密密钥 - 适配SQLite数据库加密存储(从PostgreSQL移植) - 保持Hyperliquid代理钱包处理兼容性 - 更新.gitignore以正确处理crypto模块代码 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat(scripts): 添加加密环境一键设置脚本 - setup_encryption.sh: 一键生成RSA密钥对+数据加密密钥+JWT密钥 - generate_rsa_keys.sh: 专业的RSA-2048密钥对生成工具 - generate_data_key.sh: 生成AES-256数据加密密钥和JWT认证密钥 - ENCRYPTION_README.md: 详细的加密系统说明文档 - 支持自动检测现有密钥并只生成缺失的密钥 - 完善的权限管理和安全验证 - 兼容macOS和Linux的跨平台支持 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat(api): 添加加密API端点和Gin框架集成 - 新增CryptoHandler处理加密相关API请求 - 提供/api/crypto/public-key端点获取RSA公钥 - 提供/api/crypto/decrypt端点解密敏感数据 - 适配Gin框架的HTTP处理器格式 - 集成CryptoService到API服务器 - 支持前端加密数据传输和解密 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat(web): 添加前端加密服务和两阶段密钥输入组件 - CryptoService: Web Crypto API集成，支持RSA-OAEP加密 - TwoStageKeyModal: 安全的两阶段私钥输入组件，支持剪贴板混淆 - 完善国际化翻译支持加密相关UI文本 - 修复TypeScript类型错误和编译问题 - 支持前端敏感数据加密传输到后端 - 增强用户隐私保护和数据安全 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat(auth): 增强JWT认证安全性 - 优先使用环境变量JWT_SECRET而不是数据库配置 - 支持通过.env文件安全配置JWT认证密钥 - 保留数据库配置作为回退机制 - 改进JWT密钥来源日志显示 - 增强系统启动时的安全配置检查 - 支持运行时动态JWT密钥切换 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat(docker): 集成加密环境变量到Docker部署 - 添加DATA_ENCRYPTION_KEY环境变量传递到容器 - 添加JWT_SECRET环境变量支持 - 挂载secrets目录使容器可访问RSA密钥文件 - 确保容器内加密服务正常工作 - 解决容器启动失败和加密初始化问题 - 完善Docker Compose加密环境配置 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat(start): 集成自动加密环境检测和设置 - 增强check_encryption()函数检测JWT_SECRET和DATA_ENCRYPTION_KEY - 自动运行setup_encryption.sh当检测到缺失密钥时 - 改进加密状态显示，包含RSA+AES+JWT全套加密信息 - 优化用户体验，提供清晰的加密配置反馈 - 支持一键设置完整加密环境 - 确保容器启动前加密环境就绪 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * feat: format fix * fix(security): 修复前端模型和交易所配置敏感数据明文传输 - 在handleSaveModelConfig中对API密钥进行RSA-OAEP加密 - 在handleSaveExchangeConfig中对API密钥、Secret密钥和Aster私钥进行加密 - 只有非空敏感数据才进行加密处理 - 添加加密失败错误处理和用户友好提示 - 增加encryptionFailed翻译键的中英文支持 - 使用用户ID和会话ID作为加密上下文增强安全性这修复了之前敏感数据在网络传输中以明文形式发送的安全漏洞。 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> * fix(crypto): 修复后端加密服务集成和缺失的加密端点 - 添加Server结构体缺少的cryptoService字段 - 实现handleUpdateModelConfigsEncrypted处理器用于模型配置加密传输 - 修复handleUpdateExchangeConfigsEncrypted中的函数调用 - 在前端API中添加updateModelConfigsEncrypted方法 - 统一RSA密钥路径从secrets/rsa_key改为keys/rsa_private.key - 确保前端可以使用加密端点安全传输敏感数据 - 兼容原有加密通信模式和二段输入私钥功能 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: tinkle-community <tinklefund@gmail.com> --------- Co-authored-by: icy <icyoung520@gmail.com> Co-authored-by: tinkle-community <tinklefund@gmail.com> Icyoung 2025-11-08 02:03:09 +08:00
7c26e10121 refactor(AITradersPage): update model and exchange configuration checks (#728) - Simplified the logic for determining configured models and exchanges by removing reliance on sensitive fields like apiKey. - Enhanced filtering criteria to check for enabled status and non-sensitive fields, improving clarity and security. - Updated UI class bindings to reflect the new configuration checks without compromising functionality. This refactor aims to streamline the configuration process while ensuring sensitive information is not exposed. web3gaoyutang 2025-11-08 01:17:16 +08:00
062184054d Dev remove admin mode (#723) * feat: remove admin mode * feat: bugfix --------- Co-authored-by: icy <icyoung520@gmail.com> Icyoung 2025-11-07 23:37:23 +08:00
9ad3e99645 feat(hyperliquid): enhance Agent Wallet security model (#717) ## Background Hyperliquid official documentation recommends using Agent Wallet pattern for API trading: - Agent Wallet is used for signing only - Main Wallet Address is used for querying account data - Agent Wallet should not hold significant funds Reference: https://hyperliquid.gitbook.io/hyperliquid-docs/for-developers/api/nonces-and-api-wallets ## Current Implementation Current implementation allows auto-generating wallet address from private key, which simplifies user configuration but may lead to potential security concerns if users accidentally use their main wallet private key. ## Enhancement Following the proven pattern already used in Aster exchange implementation (which uses dual-address mode), this enhancement upgrades Hyperliquid to Agent Wallet mode: ### Core Changes 1. **Mandatory dual-address configuration** - Agent Private Key (for signing) - Main Wallet Address (holds funds) 2. **Multi-layer security checks** - Detect if user accidentally uses main wallet private key - Validate Agent wallet balance (reject if > 100 USDC) - Provide detailed configuration guidance 3. **Design consistency** - Align with Aster's dual-address pattern - Follow Hyperliquid official best practices ### Code Changes **config/database.go**: - Add inline comments clarifying Agent Wallet security model **trader/hyperliquid_trader.go**: - Require explicit main wallet address (no auto-generation) - Check if agent address matches main wallet address (security risk indicator) - Query agent wallet balance and block if excessive - Display both agent and main wallet addresses for transparency **web/src/components/AITradersPage.tsx**: - Add security alert banner explaining Agent Wallet mode - Separate required inputs for Agent Private Key and Main Wallet Address - Add field descriptions and validation ### Benefits - ✅ Aligns with Hyperliquid official security recommendations - ✅ Maintains design consistency with Aster implementation - ✅ Multi-layer protection against configuration mistakes - ✅ Detailed logging for troubleshooting ### Breaking Change Users must now explicitly provide main wallet address (hyperliquid_wallet_addr). Old configurations will receive clear error messages with migration guidance. ### Migration Guide **Before** (single private key): ``json { "hyperliquid_private_key": "0x..." } ` **After** (Agent Wallet mode): `json { "hyperliquid_private_key": "0x...", // Agent Wallet private key "hyperliquid_wallet_addr": "0x..." // Main Wallet address } `` Users can create Agent Wallet on Hyperliquid official website: https://app.hyperliquid.xyz/ → Settings → API Wallets Co-authored-by: tinkle-community <tinklefund@gmail.com> 0xYYBB | ZYY | Bobo 2025-11-07 23:26:56 +08:00
a723cafbc7 fix: admin logout button visibility (#650) 0xbigtang 2025-11-07 22:52:03 +08:00
1c4c933b7f refactor(decision): use XML tags to separate reasoning from JSON decisions (#719) * Separate the AI's thought process from the instruction JSON using XML tags. * Avoid committing encryption key related materials to Git. * Removing adaptive series prompts, awaiting subsequent modifications for compatibility. SkywalkerJi 2025-11-07 23:35:53 +09:00
c7856aa900 refactor(prompts): upgrade to v6.0.0 with enhanced safety rules (#712) ## 🎯 Motivation Based on extensive production usage and user feedback, we've developed a more comprehensive prompt system with: - Stronger risk management rules - Better handling of partial_close and update_stop_loss - Multiple strategy templates for different risk profiles - Enhanced decision quality and consistency ## 📊 What's Changed ### 1. Prompt System v6.0.0 All prompts now follow a standardized format with: - **Version header**: Clear versioning (v6.0.0) - **Strategy positioning**: Conservative/Moderate/Relaxed/Altcoin - **Core parameters**: Confidence thresholds, cooldown periods, BTC confirmation requirements - **Unified structure**: Consistent across all templates ### 2. New Strategy Templates Added two new templates to cover different trading scenarios: - adaptive_altcoin.txt - Optimized for altcoin trading - Higher leverage limits (10x-15x) - More aggressive position sizing - Faster decision cycles - adaptive_moderate.txt - Balanced strategy - Medium risk tolerance - Flexible BTC confirmation - Suitable for most traders ### 3. Enhanced Safety Rules #### partial_close Safety (Addresses #301) `` ⚠️ Mandatory Check: - Before partial_close, calculate: remaining_value = current_value × (1 - close_percentage/100) - If remaining_value ≤ $10 → Must use close_long/close_short instead - Prevents "Order must have minimum value of $10" exchange errors ` #### update_stop_loss Threshold Rules ` ⚠️ Strict Rules: - Profit <3% → FORBIDDEN to move stop-loss (avoid premature trailing) - Profit 3-5% → Can move to breakeven - Profit ≥10% → Can move to entry +5% (lock partial profit) ` #### TP/SL Restoration After partial_close ` ⚠️ Important: - Exchanges auto-cancel TP/SL orders when position size changes - Must provide new_stop_loss + new_take_profit with partial_close - Otherwise remaining position has NO protection (liquidation risk) ` ### 4. Files Changed - prompts/adaptive.txt - Conservative strategy (v6.0.0) - prompts/adaptive_relaxed.txt - Relaxed strategy (v6.0.0) - prompts/adaptive_altcoin.txt - NEW: Altcoin-optimized strategy - prompts/adaptive_moderate.txt` - NEW: Balanced strategy ## 🔗 Related Issues - Closes #301 (Prompt layer safety rules) - Related to #418 (Same validation issue) - Complements PR #415 (Backend implementation) ## ✅ Testing - [x] All 4 templates follow v6.0.0 format - [x] partial_close safety rules included - [x] update_stop_loss threshold rules included - [x] TP/SL restoration warnings included - [x] Strategy-specific parameters validated ## 📝 Notes This PR focuses on **prompt layer enhancements only**. Backend safety checks (trader/auto_trader.go) will be submitted in a separate PR for easier review. The two PRs can be merged independently or together - they complement each other: - This PR: AI makes better decisions (prevent bad actions) - Next PR: Backend validates and auto-corrects (safety net) --- Co-authored-by: tinkle-community <tinklefund@gmail.com> 0xYYBB | ZYY | Bobo 2025-11-07 20:30:17 +08:00
46fabcfd22 feat: add nigix gitignore for prod icy 2025-11-07 18:42:07 +08:00
daa404ec4a feat: exchange scroll icy 2025-11-07 18:34:59 +08:00
9e50946a28 Merge branch 'origin/beta' into nofxos/test # Conflicts: # config/database_pg.go icy 2025-11-07 16:37:21 +08:00
75aa20b36b feat: exchange api security handle icy 2025-11-07 16:22:56 +08:00
f1f24ad1fa fix:完善aster账户净值和盈亏计算|Improve the calculation of the net value and profit/loss of the aster account (#695) Co-authored-by: LindenWang <linden@Lindens-MacBookPro-2.local> Linden 2025-11-07 13:38:39 +08:00
eb16882282 fix(bootstrap module): add bootstrap module to meet future function (#674) * fix(bootstrap module): add bootstrap module to meet future function * Fix readme * Fix panic because log.logger is nil * fix import --------- Co-authored-by: zbhan <zbhan@freewheel.tv> Shui 2025-11-06 21:53:10 -05:00
95af12e3a2 Revert "fix(web): prevent NaN% display in competition gap calculation (#633) …" (#676) This reverts commit 8db6dc3b061bd044abb7e3bdb995c01a2bc6c78f. Shui 2025-11-06 20:58:13 -05:00
b98a438843 fix(web): prevent NaN% display in competition gap calculation (#633) (#670) **Problem:** Competition page shows "NaN%" for gap difference when trader P&L percentages are null/undefined. **Root Cause:** Line 227: const gap = trader.total_pnl_pct - opponent.total_pnl_pct - If either value is undefined or null, result is NaN - Display shows "领先 NaN%" or "落后 NaN%" **Solution:** Add null coalescing to default undefined/null values to 0: ``typescript const gap = (trader.total_pnl_pct ?? 0) - (opponent.total_pnl_pct ?? 0) `` **Impact:** - ✅ Gap calculation returns 0 when data is missing (shows 0.00%) - ✅ Prevents confusing "NaN%" display - ✅ Graceful degradation for incomplete data Fixes #633 Co-authored-by: tinkle-community <tinklefund@gmail.com> 0xYYBB | ZYY | Bobo 2025-11-07 09:35:58 +08:00
36365a3b30 fix(prompts): reduce margin usage from 95% to 88% for Hyperliquid liquidation buffer (#666) ## Problem Users with small accounts (<$200) encounter Hyperliquid error: "Insufficient margin to place order. asset=1" Real case: $98.89 account failed to open position ## Root Cause 5% reserve insufficient for: - Trading fees (~0.04%) - Slippage (0.01-0.1%) - Liquidation margin buffer (Hyperliquid requirement) Additionally, undefined "Allocation %" parameter caused confusion. ## Solution 1. Reduce margin usage rate from 95% to 88% (reserve 12%) 2. Remove undefined "Allocation %" parameter 3. Add small account example ($98.89) for clarity ## Example ($98.89 account) Before: $93.95 margin → $4.75 remaining ❌ After: $87.02 margin → $11.87 remaining ✅ ## Modified Files - prompts/adaptive.txt - prompts/default.txt - prompts/nof1.txt ## Testing Verified with $98.89 account on z-dev branch - successful order placement Fixes #549 0xYYBB | ZYY | Bobo 2025-11-07 09:19:20 +08:00
40c0995bfe fix(prompts): correct risk_usd formula - remove duplicate leverage multiplication ## Problem (Issue #592) risk_usd formula incorrectly multiplies leverage twice: - Incorrect: risk_usd = |Entry - Stop| × Position Size × Leverage ❌ This causes AI to calculate risk as 10x (or leverage倍) higher than actual. ## Root Cause Position Size already includes leverage effect: - Position Size (coins) = position_size_usd / price - position_size_usd = margin × leverage - Therefore: Position Size = (margin × leverage) / price Multiplying leverage again amplifies risk calculation by "leverage" times. ## Example Scenario: $100 margin, 10x leverage, 0.02 BTC position, $500 stop distance **Correct calculation:** risk_usd = $500 × 0.02 = $10 ✅ Risk % = 10% of margin (reasonable) **Incorrect calculation (current):** risk_usd = $500 × 0.02 × 10 = $100 ❌ Risk % = 100% of margin (completely wrong!) ## Impact - AI miscalculates risk as "leverage" times higher - May refuse valid trades thinking risk is too high - Risk control logic becomes ineffective - Potential for position sizing errors ## Solution Correct formula: risk_usd = |Entry - Stop| × Position Size (coins) Added warnings: - CN: ⚠️ 不要再乘杠杆：仓位数量已包含杠杆效应 - EN: ⚠️ Do NOT multiply by leverage: Position Size already includes leverage effect ## Modified Files - prompts/adaptive.txt (line 404) - prompts/nof1.txt (line 104) Closes #592 ZhouYongyou 2025-11-07 08:46:37 +08:00
518339474f style: convert Traditional Chinese comments to Simplified Chinese (#662) ## Problem The codebase contains mixed Traditional Chinese (繁體中文) and Simplified Chinese (简体中文) in comments and error messages, causing: - Inconsistent code style - Reduced readability for mainland Chinese developers - Maintenance overhead when reviewing diffs ### Affected Files - **trader/hyperliquid_trader.go**: 8 occurrences - **trader/binance_futures.go**: 2 occurrences ## Solution Convert all Traditional Chinese characters to Simplified Chinese to unify code style. ### Conversion Map | Traditional | Simplified | Context | |-------------|-----------|---------| | 處理 | 处理 | "正確處理" → "正确处理" | | 總資產 | 总资产 | "總資產" → "总资产" | | 餘額 | 余额 | "可用餘額" → "可用余额" | | 實現 | 实现 | "未實現盈虧" → "未实现盈亏" | | 來 | 来 | "僅來自" → "仅来自" | | 現貨 | 现货 | "現貨餘額" → "现货余额" | | 單獨 | 单独 | "單獨返回" → "单独返回" | | 開倉 | 开仓 | "開倉金額" → "开仓金额" | | 數量 | 数量 | "開倉數量" → "开仓数量" | | 過 | 过 | "過小" → "过小" | | 為 | 为 | "後為" → "后为" | | 後 | 后 | "格式化後" → "格式化后" | | 建議 | 建议 | "建議增加" → "建议增加" | | 選擇 | 选择 | "選擇價格" → "选择价格" | | 幣種 | 币种 | "幣種" → "币种" | ## Changes ### trader/hyperliquid_trader.go (8 locations) **Line 173-181**: Balance calculation comments ``diff -// ✅ Step 5: 正確處理 Spot + Perpetuals 余额 -// 重要：Spot 只加到總資產，不加到可用餘額 +// ✅ Step 5: 正确处理 Spot + Perpetuals 余额 +// 重要：Spot 只加到总资产，不加到可用余额 -result["totalWalletBalance"] = totalWalletBalance // 總資產（Perp + Spot） -result["availableBalance"] = availableBalance // 可用餘額（僅 Perpetuals，不含 Spot） -result["totalUnrealizedProfit"] = totalUnrealizedPnl // 未實現盈虧（僅來自 Perpetuals） -result["spotBalance"] = spotUSDCBalance // Spot 現貨餘額（單獨返回） +result["totalWalletBalance"] = totalWalletBalance // 总资产（Perp + Spot） +result["availableBalance"] = availableBalance // 可用余额（仅 Perpetuals，不含 Spot） +result["totalUnrealizedProfit"] = totalUnrealizedPnl // 未实现盈亏（仅来自 Perpetuals） +result["spotBalance"] = spotUSDCBalance // Spot 现货余额（单独返回） ` **Line 189-191**: Log output messages `diff -log.Printf(" • Perpetuals 可用余额: %.2f USDC （可直接用於開倉）", availableBalance) -log.Printf(" • 總資產 (Perp+Spot): %.2f USDC", totalWalletBalance) +log.Printf(" • Perpetuals 可用余额: %.2f USDC （可直接用于开仓）", availableBalance) +log.Printf(" • 总资产 (Perp+Spot): %.2f USDC", totalWalletBalance) ` ### trader/binance_futures.go (2 locations) **Line 301, 355**: Error messages for insufficient quantity `diff -return nil, fmt.Errorf("开倉數量過小，格式化後為 0 (原始: %.8f → 格式化: %s)。建議增加開倉金額或選擇價格更低的幣種", quantity, quantityStr) +return nil, fmt.Errorf("开仓数量过小，格式化后为 0 (原始: %.8f → 格式化: %s)。建议增加开仓金额或选择价格更低的币种", quantity, quantityStr) ` ## Testing - ✅ Compilation: Passes go build` - ✅ Verification: No Traditional Chinese characters remain in trader/*.go - ✅ Functionality: No logic changes, only text updates ## Impact - ✅ Unified code style (100% Simplified Chinese) - ✅ Improved readability and maintainability - ✅ Easier code review for Chinese developers - ✅ No functional changes or behavior modifications --- Co-authored-by: tinkle-community <tinklefund@gmail.com> 0xYYBB | ZYY | Bobo 2025-11-07 08:36:14 +08:00
deac456703 fix: Fixed go vet issues. (#658) * Fixed vet ./... errors. * Fixed ESLint issues. SkywalkerJi 2025-11-07 03:28:01 +09:00
6197eb468e feat：path fix icy 2025-11-07 02:27:49 +08:00

... 3 4 5 6 7 ...

Commit Graph Select branches Hide Pull Requests dev Mono Color

Commit Graph

Select branches

Hide Pull Requests

dev