deribit-mcp 1.0.0

MCP (Model Context Protocol) server for Deribit trading platform
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459

//! Shared adapter context — the single value every handler holds.
//!
//! `AdapterContext` owns the configuration snapshot, the upstream HTTP
//! client (built eagerly), and a lazy WebSocket client (constructed on
//! first use, since live resources only land in v0.3 — ADR-0006).
//!
//! Handlers receive an `Arc<AdapterContext>`. The context is built once
//! at startup and never mutated; the `OnceCell` guards single-init of
//! the WS client.

use std::sync::Arc;

#[cfg(feature = "fix")]
use deribit_fix::DeribitFixClient;
#[cfg(feature = "fix")]
use deribit_fix::config::DeribitFixConfig;
use deribit_http::config::credentials::ApiCredentials;
use deribit_http::{DeribitHttpClient, HttpConfig};
use deribit_websocket::client::DeribitWebSocketClient;
use deribit_websocket::config::WebSocketConfig;
#[cfg(feature = "fix")]
use tokio::sync::Mutex;
use tokio::sync::OnceCell;
use url::Url;

use crate::config::Config;
#[cfg(feature = "fix")]
use crate::config::OrderTransport;
use crate::error::AdapterError;

const TESTNET_WS_URL: &str = "wss://test.deribit.com/ws/api/v2";
const MAINNET_WS_URL: &str = "wss://www.deribit.com/ws/api/v2";

/// Shared adapter context.
///
/// Cheap to clone via `Arc`; safe to share across tokio tasks. The
/// upstream HTTP client is constructed eagerly so a misconfiguration
/// surfaces at startup. The WebSocket client is lazy — most v0.1 tools
/// are HTTP-only.
///
/// `Debug` is implemented manually below so the upstream
/// `DeribitFixClient` (which does not derive `Debug`) doesn't leak
/// into the bound; the FIX field is rendered as a redacted
/// `<fix client>` placeholder.
pub struct AdapterContext {
    /// Resolved configuration. Frozen for the lifetime of the process.
    pub config: Arc<Config>,
    /// Upstream HTTP client used by every `Read` / `Account` / `Trading`
    /// tool.
    pub http: DeribitHttpClient,
    /// Upstream WebSocket client. Built lazily on first
    /// `websocket()` access.
    ws: OnceCell<DeribitWebSocketClient>,
    /// Upstream FIX 4.4 client. Built lazily on first
    /// [`ensure_fix`](Self::ensure_fix) call when
    /// `--order-transport=fix` is configured. Wrapped in a tokio
    /// [`Mutex`] because [`deribit_fix::DeribitFixClient`] takes
    /// `&mut self` for `connect` / `disconnect` / order operations.
    #[cfg(feature = "fix")]
    fix: OnceCell<Arc<Mutex<DeribitFixClient>>>,
}

impl std::fmt::Debug for AdapterContext {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        let mut s = f.debug_struct("AdapterContext");
        s.field("config", &self.config)
            .field("http", &"<DeribitHttpClient>")
            .field("ws", &self.ws);
        #[cfg(feature = "fix")]
        s.field(
            "fix",
            &if self.fix.initialized() {
                "<fix client>"
            } else {
                "<not initialized>"
            },
        );
        s.finish()
    }
}

impl AdapterContext {
    /// Build the adapter context from a resolved [`Config`].
    ///
    /// # Errors
    ///
    /// Returns [`AdapterError::Validation`] when the configured Deribit
    /// endpoint is not a valid URL. The upstream HTTP client itself is
    /// infallible to construct.
    pub fn new(config: Arc<Config>) -> Result<Self, AdapterError> {
        let http_cfg = http_config_from(&config)?;
        let http = DeribitHttpClient::with_config(http_cfg);

        Ok(Self {
            config,
            http,
            ws: OnceCell::new(),
            #[cfg(feature = "fix")]
            fix: OnceCell::new(),
        })
    }

    /// Whether the configuration carries both an OAuth client id and
    /// secret. The tool registry uses this to gate the `Account` and
    /// `Trading` families (ADR-0003 / ADR-0010).
    #[must_use]
    pub fn has_credentials(&self) -> bool {
        self.config.client_id.is_some() && self.config.client_secret.is_some()
    }

    /// Snapshot of the OAuth state. Drives registry decisions
    /// (whether `Account` / `Trading` tools register at all) and
    /// gives downstream callers a stable enum to match on instead
    /// of a free-form `bool`.
    ///
    /// Auth is **lazy** — `Configured` does not imply that
    /// `deribit-http` has yet issued a `public/auth` call. The
    /// upstream `AuthManager` triggers OAuth on the first private
    /// endpoint hit and refreshes ~30 s before `expires_in`
    /// (handled inside `deribit-http`).
    #[must_use]
    pub fn auth_state(&self) -> AuthState {
        if self.has_credentials() {
            AuthState::Configured
        } else {
            AuthState::Anonymous
        }
    }

    /// Lazily construct (or return) the WebSocket client.
    ///
    /// # Errors
    ///
    /// Returns [`AdapterError::Upstream`] (with
    /// [`UpstreamErrorKind::Websocket`]) when the upstream WebSocket
    /// crate refuses the configuration — typically a transport
    /// failure on the very first connect attempt.
    ///
    /// [`UpstreamErrorKind::Websocket`]: crate::error::UpstreamErrorKind::Websocket
    pub async fn websocket(&self) -> Result<&DeribitWebSocketClient, AdapterError> {
        self.ws
            .get_or_try_init(|| async {
                let cfg = ws_config_from(&self.config);
                DeribitWebSocketClient::new(&cfg)
            })
            .await
            .map_err(AdapterError::from)
    }

    /// Lazily construct, log on, and return a shared handle to the
    /// FIX 4.4 client.
    ///
    /// First call drives `DeribitFixClient::new` + `connect()`,
    /// which performs the FIX `Logon (A)` and starts the heartbeat
    /// task. Subsequent calls return the same `Arc<Mutex<…>>` so
    /// callers reuse a single session across the process lifetime.
    /// SIGTERM should drive [`shutdown_fix`](Self::shutdown_fix) so
    /// the session ends with a proper FIX `Logout (5)`.
    ///
    /// # Errors
    ///
    /// - [`AdapterError::Validation`] with `field = "order_transport"`
    ///   when the configuration does not select the FIX transport
    ///   (`OrderTransport::Http`); calling `ensure_fix` in that
    ///   state is a programmer error.
    /// - [`AdapterError::Auth`] with the upstream FIX rejection
    ///   reason when `Logon (A)` is rejected.
    /// - [`AdapterError::Upstream`] with [`UpstreamErrorKind::Fix`]
    ///   for transport, session, config, and protocol errors.
    ///
    /// [`UpstreamErrorKind::Fix`]: crate::error::UpstreamErrorKind::Fix
    #[cfg(feature = "fix")]
    pub async fn ensure_fix(&self) -> Result<Arc<Mutex<DeribitFixClient>>, AdapterError> {
        match self.config.order_transport {
            OrderTransport::Fix => {}
            OrderTransport::Http => {
                return Err(AdapterError::validation(
                    "order_transport",
                    "ensure_fix called but configured order_transport is `http`",
                ));
            }
        }
        let handle = self
            .fix
            .get_or_try_init(|| async {
                let cfg = fix_config_from(&self.config)?;
                let mut client = DeribitFixClient::new(&cfg).await?;
                client.connect().await?;
                Ok::<_, AdapterError>(Arc::new(Mutex::new(client)))
            })
            .await?;
        Ok(handle.clone())
    }

    /// Issue a FIX `Logout (5)` and tear down the session, if one
    /// has been established. No-op when the FIX session was never
    /// opened. Called from the SIGTERM handler at process shutdown.
    ///
    /// # Errors
    ///
    /// Surfaces any [`AdapterError`] that the upstream
    /// `disconnect` call produces. Best-effort — callers should
    /// log the error rather than abort the shutdown.
    #[cfg(feature = "fix")]
    pub async fn shutdown_fix(&self) -> Result<(), AdapterError> {
        if let Some(handle) = self.fix.get() {
            let mut guard = handle.lock().await;
            guard.disconnect().await?;
        }
        Ok(())
    }
}

/// Build the upstream `HttpConfig` from our resolved `Config`.
///
/// Forwards `client_id` / `client_secret` from our resolved `Config`
/// into the upstream `ApiCredentials`. Without this step, the upstream
/// `HttpConfig::testnet()` / `production()` constructors fall back to
/// `DERIBIT_CLIENT_ID` / `DERIBIT_CLIENT_SECRET` env vars — which may
/// already match, but only if dotenvy has populated the process
/// environment. Forwarding explicitly removes the dependency.
fn http_config_from(config: &Config) -> Result<HttpConfig, AdapterError> {
    let parsed = Url::parse(&config.endpoint)
        .map_err(|err| AdapterError::validation("endpoint", format!("invalid URL: {err}")))?;

    let testnet = !is_mainnet(&parsed);
    let mut cfg = if testnet {
        HttpConfig::testnet()
    } else {
        HttpConfig::production()
    };
    // Only override `base_url` when the caller has actually
    // supplied a custom path (proxy / fork). The upstream's
    // `testnet()` / `production()` constructors already pin
    // `https://(test|www).deribit.com/api/v2`. A bare host like
    // `https://test.deribit.com` (no trailing path) would strip
    // the `/api/v2` suffix and turn every request into a 404 —
    // see deribit-http's `TESTNET_BASE_URL` /
    // `PRODUCTION_BASE_URL` constants.
    let user_supplied_path = !matches!(parsed.path(), "" | "/");
    if user_supplied_path {
        cfg.base_url = parsed;
    }
    cfg.testnet = testnet;
    // Match on references first so we never clone the secret on the
    // partial-credential branch (where the clone would be discarded
    // and only inflate the number of in-memory copies of the secret
    // for `tracing`/heap dumps to potentially observe).
    cfg.credentials = match (config.client_id.as_ref(), config.client_secret.as_ref()) {
        (Some(client_id), Some(client_secret)) => Some(ApiCredentials {
            client_id: Some(client_id.clone()),
            client_secret: Some(client_secret.clone()),
        }),
        _ => None,
    };
    Ok(cfg)
}

/// OAuth posture the adapter advertises to its callers.
///
/// Returned by [`AdapterContext::auth_state`].
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum AuthState {
    /// No credentials configured — only public `Read` tools register.
    Anonymous,
    /// Credentials present in the config. The first private call
    /// triggers OAuth via the upstream `AuthManager`.
    Configured,
}

/// Build the upstream `WebSocketConfig` from our resolved `Config`.
///
/// Infallible: both URLs are compile-time constants and parse
/// successfully. The `expect` here would only fire if the upstream
/// crate's URL parser regressed.
fn ws_config_from(config: &Config) -> WebSocketConfig {
    let url = if endpoint_is_mainnet(&config.endpoint) {
        MAINNET_WS_URL
    } else {
        TESTNET_WS_URL
    };
    WebSocketConfig::with_url(url).expect("compile-time WS URL constant must parse")
}

fn endpoint_is_mainnet(endpoint: &str) -> bool {
    Url::parse(endpoint).ok().is_some_and(|u| is_mainnet(&u))
}

/// Build the upstream `DeribitFixConfig` from our resolved `Config`.
///
/// `client_id` becomes the FIX `Username` field; `client_secret`
/// is the password material the upstream library uses to sign the
/// logon (HMAC-SHA-256 with timestamp + nonce, per the Deribit
/// FIX spec). The host / port pair is picked by environment:
/// testnet → `fix-test.deribit.com:9881`, mainnet →
/// `fix.deribit.com:9881`.
#[cfg(feature = "fix")]
fn fix_config_from(config: &Config) -> Result<DeribitFixConfig, AdapterError> {
    let (Some(client_id), Some(client_secret)) =
        (config.client_id.as_ref(), config.client_secret.as_ref())
    else {
        return Err(AdapterError::validation(
            "credentials",
            "FIX transport requires DERIBIT_CLIENT_ID + DERIBIT_CLIENT_SECRET",
        ));
    };
    let mainnet = endpoint_is_mainnet(&config.endpoint);
    let (host, port) = if mainnet {
        ("fix.deribit.com", 9881_u16)
    } else {
        ("fix-test.deribit.com", 9881_u16)
    };
    let mut fix_cfg =
        DeribitFixConfig::new().with_credentials(client_id.clone(), client_secret.clone());
    fix_cfg.host = host.to_string();
    fix_cfg.port = port;
    fix_cfg.use_ssl = false;
    Ok(fix_cfg)
}

fn is_mainnet(url: &Url) -> bool {
    matches!(url.host_str(), Some(host) if host == "www.deribit.com" || host == "deribit.com")
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::config::{LogFormat, OrderTransport, Transport};
    use std::net::SocketAddr;

    fn cfg(endpoint: &str, with_creds: bool) -> Config {
        Config {
            endpoint: endpoint.to_string(),
            client_id: with_creds.then(|| "id".to_string()),
            client_secret: with_creds.then(|| "secret".to_string()),
            allow_trading: false,
            max_order_usd: None,
            transport: Transport::Stdio,
            http_listen: SocketAddr::from(([127, 0, 0, 1], 8723)),
            http_bearer_token: None,
            log_format: LogFormat::Text,
            order_transport: OrderTransport::Http,
        }
    }

    #[cfg(feature = "fix")]
    #[tokio::test]
    async fn ensure_fix_when_transport_is_http_returns_validation() {
        // Default `cfg(...)` builds with `OrderTransport::Http`. The
        // ensure_fix call must short-circuit with a structured
        // Validation error rather than attempt a network connect.
        let ctx =
            AdapterContext::new(Arc::new(cfg("https://test.deribit.com", true))).expect("ctx");
        // `Arc<Mutex<DeribitFixClient>>` doesn't derive `Debug`, so
        // we destructure the result manually instead of going
        // through `unwrap_err`.
        match ctx.ensure_fix().await {
            Ok(_) => panic!("expected Validation error, got Ok"),
            Err(AdapterError::Validation { field, .. }) => {
                assert_eq!(field, "order_transport");
            }
            Err(other) => panic!("unexpected: {other:?}"),
        }
    }

    #[cfg(feature = "fix")]
    #[tokio::test]
    async fn ensure_fix_without_credentials_returns_validation() {
        // Configure the FIX transport but with no creds; the
        // upstream `DeribitFixClient::new` would otherwise be
        // exercised. Adapter rejects up-front.
        let mut config = cfg("https://test.deribit.com", false);
        config.order_transport = OrderTransport::Fix;
        config.allow_trading = true;
        let ctx = AdapterContext::new(Arc::new(config)).expect("ctx");
        match ctx.ensure_fix().await {
            Ok(_) => panic!("expected Validation error, got Ok"),
            Err(AdapterError::Validation { field, .. }) => {
                assert_eq!(field, "credentials");
            }
            Err(other) => panic!("unexpected: {other:?}"),
        }
    }

    #[cfg(feature = "fix")]
    #[tokio::test]
    async fn shutdown_fix_when_never_opened_is_noop() {
        let ctx =
            AdapterContext::new(Arc::new(cfg("https://test.deribit.com", true))).expect("ctx");
        ctx.shutdown_fix().await.expect("noop ok");
    }

    #[test]
    fn context_builds_for_testnet_endpoint() {
        let ctx =
            AdapterContext::new(Arc::new(cfg("https://test.deribit.com", false))).expect("context");
        assert!(!ctx.has_credentials());
    }

    #[test]
    fn context_builds_for_mainnet_endpoint() {
        let ctx =
            AdapterContext::new(Arc::new(cfg("https://www.deribit.com", true))).expect("context");
        assert!(ctx.has_credentials());
    }

    #[test]
    fn context_rejects_invalid_endpoint() {
        let err = AdapterContext::new(Arc::new(cfg("not a url", false))).unwrap_err();
        assert!(matches!(
            err,
            AdapterError::Validation { ref field, .. } if field == "endpoint"
        ));
    }

    #[test]
    fn has_credentials_requires_both_id_and_secret() {
        let mut c = cfg("https://test.deribit.com", false);
        c.client_id = Some("id".into());
        let ctx = AdapterContext::new(Arc::new(c)).expect("context");
        assert!(!ctx.has_credentials());
    }

    #[test]
    fn auth_state_is_anonymous_without_credentials() {
        let ctx =
            AdapterContext::new(Arc::new(cfg("https://test.deribit.com", false))).expect("ctx");
        assert_eq!(ctx.auth_state(), AuthState::Anonymous);
    }

    #[test]
    fn auth_state_is_configured_with_credentials() {
        let ctx =
            AdapterContext::new(Arc::new(cfg("https://test.deribit.com", true))).expect("ctx");
        assert_eq!(ctx.auth_state(), AuthState::Configured);
    }

    #[test]
    fn http_config_carries_credentials_into_upstream() {
        // We can't observe `HttpConfig.credentials` from outside the
        // adapter (the field is `pub` but the client owns the value),
        // so this test pins the struct-level forwarding by building
        // the same config the constructor builds and asserting the
        // credentials it places on `HttpConfig`.
        let resolved = cfg("https://test.deribit.com", true);
        let http_cfg = http_config_from(&resolved).expect("http cfg");
        let creds = http_cfg.credentials.as_ref().expect("credentials present");
        assert_eq!(creds.client_id.as_deref(), Some("id"));
        assert_eq!(creds.client_secret.as_deref(), Some("secret"));
    }

    #[test]
    fn http_config_omits_credentials_without_both() {
        let mut resolved = cfg("https://test.deribit.com", false);
        resolved.client_id = Some("id".into());
        let http_cfg = http_config_from(&resolved).expect("http cfg");
        assert!(http_cfg.credentials.is_none());
    }
}