ibkr-agent-gateway 0.5.2

Unofficial local-first CLI and MCP gateway for Interactive Brokers workflows.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147

//! Live bracket submit flow.

use super::{
    IdempotencyKey, IdempotencyStore, KillSwitch, LiveOrderGroupWriter,
    PaperToLiveMigrationChecklist, idempotency::stable_request_hash,
    live_migration::validate_paper_to_live_migration,
};
use crate::internal::config::LiveTradingConfig;
use crate::internal::domain::{
    ErrorCode, GatewayError, OrderGroupLifecycle, OrderGroupStatus, ValidatedOrderGroup,
};
use crate::internal::risk::{
    LiveLimitContext, LiveLimitPolicy, RiskDecision, RiskRefusal, evaluate_live_limits,
};

/// Live group submit request.
#[derive(Clone, Debug)]
pub struct LiveGroupSubmitRequest {
    /// Validated group.
    pub group: ValidatedOrderGroup,
    /// Idempotency key.
    pub idempotency_key: IdempotencyKey,
    /// Live trading config.
    pub live_config: LiveTradingConfig,
    /// Whether caller has live submit scope.
    pub live_scope_granted: bool,
    /// Kill switch.
    pub kill_switch: KillSwitch,
    /// Whether audit storage is available.
    pub audit_available: bool,
    /// Live hard-limit policy loaded from trusted runtime configuration.
    pub live_limit_policy: LiveLimitPolicy,
    /// Live hard-limit contexts for parent, take-profit, and stop-loss legs.
    pub live_limit_contexts: Vec<LiveLimitContext>,
    /// Migration acknowledgement.
    pub migration_checklist: PaperToLiveMigrationChecklist,
}

/// Submits a live group through the configured writer.
///
/// # Safety
///
/// This lower-level service assumes the caller already loaded an approved,
/// unexpired bracket group and supplied the trusted live limit policy plus
/// per-leg contexts. MCP handlers enforce the approval and preview-expiration
/// gates before building this request; additional call-sites must do the same
/// before invoking the live writer.
pub async fn submit_live_group_order(
    request: LiveGroupSubmitRequest,
    writer: &dyn LiveOrderGroupWriter,
    idempotency_store: &mut IdempotencyStore,
) -> Result<OrderGroupLifecycle, GatewayError> {
    if !request.live_config.enabled {
        return Err(live_error(
            ErrorCode::LiveTradingDisabled,
            "Live trading is disabled",
            "Enable live trading explicitly in configuration",
        ));
    }
    if !request
        .live_config
        .allowed_accounts
        .contains(&request.group.account_id)
    {
        return Err(live_error(
            ErrorCode::LiveGateMissing,
            "Account is not in the live trading allowlist",
            "Use an explicitly allowlisted live account",
        ));
    }
    if !request.live_scope_granted {
        return Err(live_error(
            ErrorCode::LiveGateMissing,
            "Live group submit scope is missing",
            "Grant the live submit scope",
        ));
    }
    if !request.kill_switch.is_open() {
        return Err(live_error(
            ErrorCode::LiveKillSwitchClosed,
            "Live kill switch is closed",
            "Open the live kill switch only after operator review",
        ));
    }
    if !request.audit_available {
        return Err(live_error(
            ErrorCode::LiveGateMissing,
            "Live group submit requires audit storage",
            "Restore audit storage before live trading",
        ));
    }
    validate_paper_to_live_migration(&request.migration_checklist)?;
    evaluate_group_limits(
        &request.group,
        &request.live_limit_policy,
        &request.live_limit_contexts,
    )?;

    let request_hash = stable_request_hash("live.group.submit", &request.group)?;
    idempotency_store.record_or_replay(request.idempotency_key.clone(), request_hash)?;
    let receipt = writer
        .submit_live_group(&request.group, &request.idempotency_key)
        .await?;
    Ok(OrderGroupLifecycle {
        group_id: request.group.group_id,
        account_id: request.group.account_id,
        broker_order_ids: receipt.broker_order_ids,
        status: OrderGroupStatus::Submitted,
    })
}

fn evaluate_group_limits(
    group: &ValidatedOrderGroup,
    policy: &LiveLimitPolicy,
    contexts: &[LiveLimitContext],
) -> Result<(), GatewayError> {
    if contexts.len() != 3 {
        return Err(live_error(
            ErrorCode::LiveGateMissing,
            "Live group submit requires limit context for all three legs",
            "Load live limit context for parent, take-profit, and stop-loss",
        ));
    }
    for (order, context) in [
        (&group.parent, &contexts[0]),
        (&group.take_profit, &contexts[1]),
        (&group.stop_loss, &contexts[2]),
    ] {
        if let RiskDecision::Refuse { refusals } = evaluate_live_limits(order, policy, context) {
            return Err(live_limit_error(&refusals));
        }
    }
    Ok(())
}

fn live_limit_error(refusals: &[RiskRefusal]) -> GatewayError {
    GatewayError::new(
        ErrorCode::LiveLimitRefused,
        format!("Live limit refused bracket leg: {}", refusals[0].code),
        false,
        refusals[0].user_action.clone(),
    )
}

fn live_error(code: ErrorCode, message: &str, user_action: &str) -> GatewayError {
    GatewayError::new(code, message, false, Some(user_action.to_string()))
}