feat(trader): wire Hyperliquid wallet and quick trade flow

- Add wallet API endpoints and exchange storage fields for Hyperliquid - Normalize quick trade order paths, symbols, and builder fee coverage - Add frontend wallet connect and quick trade helpers
2026-06-06 05:51:19 +08:00 · 2026-05-25 01:24:58 +08:00
parent f37fc9f887
commit c7c003cc3c
16 changed files with 1731 additions and 253 deletions
--- a/api/handler_exchange.go
+++ b/api/handler_exchange.go
@@ -26,84 +26,88 @@ type ExchangeConfig struct {

 // SafeExchangeConfig Safe exchange configuration structure (does not contain sensitive information)
 type SafeExchangeConfig struct {
-	ID                    string `json:"id"`            // UUID
-	ExchangeType          string `json:"exchange_type"` // "binance", "bybit", "okx", "hyperliquid", "aster", "lighter"
-	AccountName           string `json:"account_name"`  // User-defined account name
-	Name                  string `json:"name"`          // Display name
-	Type                  string `json:"type"`          // "cex" or "dex"
-	Enabled               bool   `json:"enabled"`
-	HasAPIKey             bool   `json:"has_api_key"`
-	HasSecretKey          bool   `json:"has_secret_key"`
-	HasPassphrase         bool   `json:"has_passphrase"`
-	Testnet               bool   `json:"testnet,omitempty"`
-	HyperliquidWalletAddr string `json:"hyperliquidWalletAddr"` // Hyperliquid wallet address (not sensitive)
-	HasAsterPrivateKey    bool   `json:"has_aster_private_key"`
-	AsterUser             string `json:"asterUser"`         // Aster username (not sensitive)
-	AsterSigner           string `json:"asterSigner"`       // Aster signer (not sensitive)
-	LighterWalletAddr     string `json:"lighterWalletAddr"` // LIGHTER wallet address (not sensitive)
-	HasLighterPrivateKey  bool   `json:"has_lighter_private_key"`
-	HasLighterAPIKey      bool   `json:"has_lighter_api_key_private_key"`
+	ID                         string `json:"id"`            // UUID
+	ExchangeType               string `json:"exchange_type"` // "binance", "bybit", "okx", "hyperliquid", "aster", "lighter"
+	AccountName                string `json:"account_name"`  // User-defined account name
+	Name                       string `json:"name"`          // Display name
+	Type                       string `json:"type"`          // "cex" or "dex"
+	Enabled                    bool   `json:"enabled"`
+	HasAPIKey                  bool   `json:"has_api_key"`
+	HasSecretKey               bool   `json:"has_secret_key"`
+	HasPassphrase              bool   `json:"has_passphrase"`
+	Testnet                    bool   `json:"testnet,omitempty"`
+	HyperliquidWalletAddr      string `json:"hyperliquidWalletAddr"` // Hyperliquid wallet address (not sensitive)
+	HyperliquidBuilderApproved bool   `json:"hyperliquidBuilderApproved"`
+	HasAsterPrivateKey         bool   `json:"has_aster_private_key"`
+	AsterUser                  string `json:"asterUser"`         // Aster username (not sensitive)
+	AsterSigner                string `json:"asterSigner"`       // Aster signer (not sensitive)
+	LighterWalletAddr          string `json:"lighterWalletAddr"` // LIGHTER wallet address (not sensitive)
+	HasLighterPrivateKey       bool   `json:"has_lighter_private_key"`
+	HasLighterAPIKey           bool   `json:"has_lighter_api_key_private_key"`
 }

 func safeExchangeConfigFromStore(exchange *store.Exchange) SafeExchangeConfig {
 	return SafeExchangeConfig{
-		ID:                    exchange.ID,
-		ExchangeType:          exchange.ExchangeType,
-		AccountName:           exchange.AccountName,
-		Name:                  exchange.Name,
-		Type:                  exchange.Type,
-		Enabled:               exchange.Enabled,
-		HasAPIKey:             exchange.APIKey != "",
-		HasSecretKey:          exchange.SecretKey != "",
-		HasPassphrase:         exchange.Passphrase != "",
-		Testnet:               exchange.Testnet,
-		HyperliquidWalletAddr: exchange.HyperliquidWalletAddr,
-		HasAsterPrivateKey:    exchange.AsterPrivateKey != "",
-		AsterUser:             exchange.AsterUser,
-		AsterSigner:           exchange.AsterSigner,
-		LighterWalletAddr:     exchange.LighterWalletAddr,
-		HasLighterPrivateKey:  exchange.LighterPrivateKey != "",
-		HasLighterAPIKey:      exchange.LighterAPIKeyPrivateKey != "",
+		ID:                         exchange.ID,
+		ExchangeType:               exchange.ExchangeType,
+		AccountName:                exchange.AccountName,
+		Name:                       exchange.Name,
+		Type:                       exchange.Type,
+		Enabled:                    exchange.Enabled,
+		HasAPIKey:                  exchange.APIKey != "",
+		HasSecretKey:               exchange.SecretKey != "",
+		HasPassphrase:              exchange.Passphrase != "",
+		Testnet:                    exchange.Testnet,
+		HyperliquidWalletAddr:      exchange.HyperliquidWalletAddr,
+		HyperliquidBuilderApproved: exchange.HyperliquidBuilderApproved,
+		HasAsterPrivateKey:         exchange.AsterPrivateKey != "",
+		AsterUser:                  exchange.AsterUser,
+		AsterSigner:                exchange.AsterSigner,
+		LighterWalletAddr:          exchange.LighterWalletAddr,
+		HasLighterPrivateKey:       exchange.LighterPrivateKey != "",
+		HasLighterAPIKey:           exchange.LighterAPIKeyPrivateKey != "",
 	}
 }

 type UpdateExchangeConfigRequest struct {
 	Exchanges map[string]struct {
-		Enabled                 bool   `json:"enabled"`
-		APIKey                  string `json:"api_key"`
-		SecretKey               string `json:"secret_key"`
-		Passphrase              string `json:"passphrase"` // OKX specific
-		Testnet                 bool   `json:"testnet"`
-		HyperliquidWalletAddr   string `json:"hyperliquid_wallet_addr"`
-		HyperliquidUnifiedAcct  bool   `json:"hyperliquid_unified_account"` // Unified Account mode
-		AsterUser               string `json:"aster_user"`
-		AsterSigner             string `json:"aster_signer"`
-		AsterPrivateKey         string `json:"aster_private_key"`
-		LighterWalletAddr       string `json:"lighter_wallet_addr"`
-		LighterPrivateKey       string `json:"lighter_private_key"`
-		LighterAPIKeyPrivateKey string `json:"lighter_api_key_private_key"`
-		LighterAPIKeyIndex      int    `json:"lighter_api_key_index"`
+		Enabled                    bool   `json:"enabled"`
+		APIKey                     string `json:"api_key"`
+		SecretKey                  string `json:"secret_key"`
+		Passphrase                 string `json:"passphrase"` // OKX specific
+		Testnet                    bool   `json:"testnet"`
+		HyperliquidWalletAddr      string `json:"hyperliquid_wallet_addr"`
+		HyperliquidUnifiedAcct     bool   `json:"hyperliquid_unified_account"` // Unified Account mode
+		HyperliquidBuilderApproved *bool  `json:"hyperliquid_builder_approved"`
+		AsterUser                  string `json:"aster_user"`
+		AsterSigner                string `json:"aster_signer"`
+		AsterPrivateKey            string `json:"aster_private_key"`
+		LighterWalletAddr          string `json:"lighter_wallet_addr"`
+		LighterPrivateKey          string `json:"lighter_private_key"`
+		LighterAPIKeyPrivateKey    string `json:"lighter_api_key_private_key"`
+		LighterAPIKeyIndex         int    `json:"lighter_api_key_index"`
 	} `json:"exchanges"`
 }

 // CreateExchangeRequest request structure for creating a new exchange account
 type CreateExchangeRequest struct {
-	ExchangeType            string `json:"exchange_type" binding:"required"` // "binance", "bybit", "okx", "hyperliquid", "aster", "lighter"
-	AccountName             string `json:"account_name"`                     // User-defined account name
-	Enabled                 bool   `json:"enabled"`
-	APIKey                  string `json:"api_key"`
-	SecretKey               string `json:"secret_key"`
-	Passphrase              string `json:"passphrase"`
-	Testnet                 bool   `json:"testnet"`
-	HyperliquidWalletAddr   string `json:"hyperliquid_wallet_addr"`
-	HyperliquidUnifiedAcct  bool   `json:"hyperliquid_unified_account"` // Unified Account mode: Spot as Perp collateral
-	AsterUser               string `json:"aster_user"`
-	AsterSigner             string `json:"aster_signer"`
-	AsterPrivateKey         string `json:"aster_private_key"`
-	LighterWalletAddr       string `json:"lighter_wallet_addr"`
-	LighterPrivateKey       string `json:"lighter_private_key"`
-	LighterAPIKeyPrivateKey string `json:"lighter_api_key_private_key"`
-	LighterAPIKeyIndex      int    `json:"lighter_api_key_index"`
+	ExchangeType               string `json:"exchange_type" binding:"required"` // "binance", "bybit", "okx", "hyperliquid", "aster", "lighter"
+	AccountName                string `json:"account_name"`                     // User-defined account name
+	Enabled                    bool   `json:"enabled"`
+	APIKey                     string `json:"api_key"`
+	SecretKey                  string `json:"secret_key"`
+	Passphrase                 string `json:"passphrase"`
+	Testnet                    bool   `json:"testnet"`
+	HyperliquidWalletAddr      string `json:"hyperliquid_wallet_addr"`
+	HyperliquidUnifiedAcct     bool   `json:"hyperliquid_unified_account"` // Unified Account mode: Spot as Perp collateral
+	HyperliquidBuilderApproved bool   `json:"hyperliquid_builder_approved"`
+	AsterUser                  string `json:"aster_user"`
+	AsterSigner                string `json:"aster_signer"`
+	AsterPrivateKey            string `json:"aster_private_key"`
+	LighterWalletAddr          string `json:"lighter_wallet_addr"`
+	LighterPrivateKey          string `json:"lighter_private_key"`
+	LighterAPIKeyPrivateKey    string `json:"lighter_api_key_private_key"`
+	LighterAPIKeyIndex         int    `json:"lighter_api_key_index"`
 }

 // handleGetExchangeConfigs Get exchange configurations
@@ -241,6 +245,11 @@ func (s *Server) handleUpdateExchangeConfigs(c *gin.Context) {
 		if effectiveLighterWalletAddr == "" {
 			effectiveLighterWalletAddr = strings.TrimSpace(existing.LighterWalletAddr)
 		}
+		effectiveHyperliquidBuilderApproved := existing.HyperliquidBuilderApproved
+		if exchangeData.HyperliquidBuilderApproved != nil {
+			effectiveHyperliquidBuilderApproved = *exchangeData.HyperliquidBuilderApproved
+		}
+
 		if missing := store.MissingRequiredExchangeCredentialFields(
 			existing.ExchangeType,
 			effectiveAPIKey,
@@ -266,7 +275,7 @@ func (s *Server) handleUpdateExchangeConfigs(c *gin.Context) {
 			tradersToReload[t.ID] = true
 		}

-		err = s.store.Exchange().Update(userID, exchangeID, true, exchangeData.APIKey, exchangeData.SecretKey, exchangeData.Passphrase, exchangeData.Testnet, effectiveHyperliquidWalletAddr, exchangeData.HyperliquidUnifiedAcct, effectiveAsterUser, effectiveAsterSigner, exchangeData.AsterPrivateKey, effectiveLighterWalletAddr, exchangeData.LighterPrivateKey, exchangeData.LighterAPIKeyPrivateKey, exchangeData.LighterAPIKeyIndex)
+		err = s.store.Exchange().Update(userID, exchangeID, true, exchangeData.APIKey, exchangeData.SecretKey, exchangeData.Passphrase, exchangeData.Testnet, effectiveHyperliquidWalletAddr, exchangeData.HyperliquidUnifiedAcct, effectiveHyperliquidBuilderApproved, effectiveAsterUser, effectiveAsterSigner, exchangeData.AsterPrivateKey, effectiveLighterWalletAddr, exchangeData.LighterPrivateKey, exchangeData.LighterAPIKeyPrivateKey, exchangeData.LighterAPIKeyIndex)
 		if err != nil {
 			SafeInternalError(c, fmt.Sprintf("Update exchange %s", exchangeID), err)
 			return
@@ -375,7 +384,7 @@ func (s *Server) handleCreateExchange(c *gin.Context) {
 	id, err := s.store.Exchange().Create(
 		userID, req.ExchangeType, req.AccountName, true,
 		req.APIKey, req.SecretKey, req.Passphrase, req.Testnet,
-		req.HyperliquidWalletAddr, req.HyperliquidUnifiedAcct,
+		req.HyperliquidWalletAddr, req.HyperliquidUnifiedAcct, req.HyperliquidBuilderApproved,
 		req.AsterUser, req.AsterSigner, req.AsterPrivateKey,
 		req.LighterWalletAddr, req.LighterPrivateKey, req.LighterAPIKeyPrivateKey, req.LighterAPIKeyIndex,
 	)
--- a/api/handler_hyperliquid_wallet.go
+++ b/api/handler_hyperliquid_wallet.go
@@ -0,0 +1,308 @@
+package api
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/gin-gonic/gin"
+)
+
+const (
+	defaultHyperliquidBuilderAddress = "0x891dc6f05ad47a3c1a05da55e7a7517971faaf0d"
+	defaultHyperliquidBuilderMaxFee  = "0.1%"
+	hyperliquidExchangeURL           = "https://api.hyperliquid.xyz/exchange"
+	hyperliquidInfoURL               = "https://api.hyperliquid.xyz/info"
+)
+
+type hyperliquidSubmitRequest struct {
+	Action    map[string]any `json:"action" binding:"required"`
+	Nonce     int64          `json:"nonce" binding:"required"`
+	Signature struct {
+		R string `json:"r" binding:"required"`
+		S string `json:"s" binding:"required"`
+		V int    `json:"v"`
+	} `json:"signature" binding:"required"`
+}
+
+type hyperliquidConfigResponse struct {
+	BuilderAddress string `json:"builderAddress"`
+	BuilderMaxFee  string `json:"builderMaxFee"`
+	Chain          string `json:"chain"`
+	SignatureChain string `json:"signatureChainId"`
+}
+
+type hyperliquidAccountSummary struct {
+	Address         string  `json:"address"`
+	AccountValue    float64 `json:"accountValue"`
+	Withdrawable    float64 `json:"withdrawable"`
+	TotalMarginUsed float64 `json:"totalMarginUsed"`
+	UnrealizedPnl   float64 `json:"unrealizedPnl"`
+	OpenPositions   int     `json:"openPositions"`
+	UpdatedAt       int64   `json:"updatedAt"`
+}
+
+type hyperliquidClearinghouseState struct {
+	MarginSummary struct {
+		AccountValue    string `json:"accountValue"`
+		TotalMarginUsed string `json:"totalMarginUsed"`
+	} `json:"marginSummary"`
+	CrossMarginSummary struct {
+		AccountValue    string `json:"accountValue"`
+		TotalMarginUsed string `json:"totalMarginUsed"`
+	} `json:"crossMarginSummary"`
+	Withdrawable   string `json:"withdrawable"`
+	AssetPositions []struct {
+		Position struct {
+			Szi           string `json:"szi"`
+			UnrealizedPnl string `json:"unrealizedPnl"`
+		} `json:"position"`
+	} `json:"assetPositions"`
+}
+
+func hyperliquidBuilderAddress() string {
+	return defaultHyperliquidBuilderAddress
+}
+
+func hyperliquidBuilderMaxFee() string {
+	return defaultHyperliquidBuilderMaxFee
+}
+
+func (s *Server) handleHyperliquidConnectConfig(c *gin.Context) {
+	c.JSON(http.StatusOK, hyperliquidConfigResponse{
+		BuilderAddress: hyperliquidBuilderAddress(),
+		BuilderMaxFee:  hyperliquidBuilderMaxFee(),
+		Chain:          "Mainnet",
+		SignatureChain: "0x66eee",
+	})
+}
+
+func (s *Server) handleHyperliquidAccount(c *gin.Context) {
+	address := strings.ToLower(strings.TrimSpace(c.Query("address")))
+	if !isEVMAddress(address) {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid Hyperliquid wallet address"})
+		return
+	}
+
+	requestBody := map[string]any{
+		"type": "clearinghouseState",
+		"user": address,
+	}
+	body, err := json.Marshal(requestBody)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to encode Hyperliquid balance request"})
+		return
+	}
+
+	req, err := http.NewRequestWithContext(c.Request.Context(), http.MethodPost, hyperliquidInfoURL, bytes.NewReader(body))
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to create Hyperliquid balance request"})
+		return
+	}
+	req.Header.Set("Content-Type", "application/json")
+
+	client := &http.Client{Timeout: 20 * time.Second}
+	resp, err := client.Do(req)
+	if err != nil {
+		c.JSON(http.StatusBadGateway, gin.H{"error": "failed to reach Hyperliquid", "detail": err.Error()})
+		return
+	}
+	defer resp.Body.Close()
+
+	respBody, _ := io.ReadAll(io.LimitReader(resp.Body, 1<<20))
+	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
+		c.JSON(http.StatusBadGateway, gin.H{"error": "Hyperliquid rejected the balance request", "status": resp.StatusCode})
+		return
+	}
+
+	var state hyperliquidClearinghouseState
+	if err := json.Unmarshal(respBody, &state); err != nil {
+		c.JSON(http.StatusBadGateway, gin.H{"error": "failed to parse Hyperliquid balance response"})
+		return
+	}
+
+	accountValue := parseFloatOrZero(state.MarginSummary.AccountValue)
+	if accountValue == 0 {
+		accountValue = parseFloatOrZero(state.CrossMarginSummary.AccountValue)
+	}
+	marginUsed := parseFloatOrZero(state.MarginSummary.TotalMarginUsed)
+	if marginUsed == 0 {
+		marginUsed = parseFloatOrZero(state.CrossMarginSummary.TotalMarginUsed)
+	}
+
+	var unrealizedPnl float64
+	openPositions := 0
+	for _, position := range state.AssetPositions {
+		size := parseFloatOrZero(position.Position.Szi)
+		if size != 0 {
+			openPositions++
+		}
+		unrealizedPnl += parseFloatOrZero(position.Position.UnrealizedPnl)
+	}
+
+	c.JSON(http.StatusOK, hyperliquidAccountSummary{
+		Address:         address,
+		AccountValue:    accountValue,
+		Withdrawable:    parseFloatOrZero(state.Withdrawable),
+		TotalMarginUsed: marginUsed,
+		UnrealizedPnl:   unrealizedPnl,
+		OpenPositions:   openPositions,
+		UpdatedAt:       time.Now().UnixMilli(),
+	})
+}
+
+func (s *Server) handleHyperliquidSubmitExchange(c *gin.Context) {
+	var req hyperliquidSubmitRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid Hyperliquid submit payload"})
+		return
+	}
+
+	if err := validateSubmittedNonce(req.Action, req.Nonce); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	actionType, _ := req.Action["type"].(string)
+	switch actionType {
+	case "approveAgent":
+		if err := validateApproveAgentAction(req.Action); err != nil {
+			c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+			return
+		}
+	case "approveBuilderFee":
+		if err := validateApproveBuilderFeeAction(req.Action); err != nil {
+			c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+			return
+		}
+	default:
+		c.JSON(http.StatusBadRequest, gin.H{"error": "unsupported Hyperliquid action"})
+		return
+	}
+
+	payload := map[string]any{
+		"action":    req.Action,
+		"nonce":     req.Nonce,
+		"signature": req.Signature,
+	}
+	body, err := json.Marshal(payload)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to encode Hyperliquid payload"})
+		return
+	}
+
+	client := &http.Client{Timeout: 20 * time.Second}
+	hlReq, err := http.NewRequestWithContext(c.Request.Context(), http.MethodPost, hyperliquidExchangeURL, bytes.NewReader(body))
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to create Hyperliquid request"})
+		return
+	}
+	hlReq.Header.Set("Content-Type", "application/json")
+
+	resp, err := client.Do(hlReq)
+	if err != nil {
+		c.JSON(http.StatusBadGateway, gin.H{"error": "failed to reach Hyperliquid", "detail": err.Error()})
+		return
+	}
+	defer resp.Body.Close()
+
+	respBody, _ := io.ReadAll(io.LimitReader(resp.Body, 1<<20))
+	var decoded any
+	if len(respBody) > 0 {
+		_ = json.Unmarshal(respBody, &decoded)
+	}
+	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
+		c.JSON(http.StatusBadGateway, gin.H{"error": "Hyperliquid rejected the action", "status": resp.StatusCode, "response": decoded})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{"success": true, "response": decoded})
+}
+
+func validateApproveAgentAction(action map[string]any) error {
+	if strings.TrimSpace(fmt.Sprint(action["agentAddress"])) == "" {
+		return fmt.Errorf("missing agentAddress")
+	}
+	if strings.TrimSpace(fmt.Sprint(action["agentName"])) == "" {
+		return fmt.Errorf("missing agentName")
+	}
+	return validateCommonHyperliquidSignedAction(action)
+}
+
+func validateApproveBuilderFeeAction(action map[string]any) error {
+	builder := strings.ToLower(strings.TrimSpace(fmt.Sprint(action["builder"])))
+	if builder != hyperliquidBuilderAddress() {
+		return fmt.Errorf("builder address mismatch")
+	}
+	if strings.TrimSpace(fmt.Sprint(action["maxFeeRate"])) != hyperliquidBuilderMaxFee() {
+		return fmt.Errorf("builder max fee mismatch")
+	}
+	return validateCommonHyperliquidSignedAction(action)
+}
+
+func validateCommonHyperliquidSignedAction(action map[string]any) error {
+	if strings.TrimSpace(fmt.Sprint(action["signatureChainId"])) != "0x66eee" {
+		return fmt.Errorf("invalid signatureChainId")
+	}
+	if strings.TrimSpace(fmt.Sprint(action["hyperliquidChain"])) != "Mainnet" {
+		return fmt.Errorf("invalid hyperliquidChain")
+	}
+	if _, err := actionNonce(action); err != nil {
+		return err
+	}
+	return nil
+}
+
+func validateSubmittedNonce(action map[string]any, submitted int64) error {
+	actionValue, err := actionNonce(action)
+	if err != nil {
+		return err
+	}
+	if actionValue != submitted {
+		return fmt.Errorf("nonce mismatch")
+	}
+	return nil
+}
+
+func isEVMAddress(address string) bool {
+	if len(address) != 42 || !strings.HasPrefix(address, "0x") {
+		return false
+	}
+	for _, char := range address[2:] {
+		if (char < '0' || char > '9') && (char < 'a' || char > 'f') {
+			return false
+		}
+	}
+	return true
+}
+
+func parseFloatOrZero(value string) float64 {
+	parsed, err := strconv.ParseFloat(strings.TrimSpace(value), 64)
+	if err != nil {
+		return 0
+	}
+	return parsed
+}
+
+func actionNonce(action map[string]any) (int64, error) {
+	raw, ok := action["nonce"]
+	if !ok {
+		return 0, fmt.Errorf("missing nonce")
+	}
+	switch value := raw.(type) {
+	case float64:
+		return int64(value), nil
+	case int64:
+		return value, nil
+	case json.Number:
+		return value.Int64()
+	case string:
+		return strconv.ParseInt(value, 10, 64)
+	default:
+		return 0, fmt.Errorf("invalid nonce")
+	}
+}
--- a/api/handler_trader.go
+++ b/api/handler_trader.go
@@ -80,6 +80,14 @@ func validateTraderLeverageRange(btcEthLeverage, altcoinLeverage int) (string, s
 	return "", ""
 }

+func isSupportedTraderSymbol(symbol string) bool {
+	normalized := strings.ToUpper(strings.TrimSpace(symbol))
+	if normalized == "" {
+		return true
+	}
+	return strings.HasSuffix(normalized, "USDT") || strings.HasSuffix(normalized, "-USDC") || strings.HasPrefix(normalized, "XYZ:")
+}
+
 func exchangeDisplayName(exchange *store.Exchange) string {
 	if exchange == nil {
 		return "所选交易所账户"
@@ -173,12 +181,12 @@ func validateExchangeForTraderCreation(exchange *store.Exchange) (string, string
 	missing := missingExchangeFields(exchange)
 	if len(missing) > 0 {
 		return formatTraderCreationError(
-			fmt.Sprintf("交易所账户「%s」的配置还不完整，缺少 %s", exchangeDisplayName(exchange), strings.Join(missing, "、")),
-			"请前往「设置 > 交易所配置」补全该账户的必填信息后，再重新创建机器人",
-		), "trader.create.exchange_missing_fields", mapStringPairs(
-			"exchange_name", exchangeDisplayName(exchange),
-			"missing_fields", strings.Join(missing, ", "),
-		)
+				fmt.Sprintf("交易所账户「%s」的配置还不完整，缺少 %s", exchangeDisplayName(exchange), strings.Join(missing, "、")),
+				"请前往「设置 > 交易所配置」补全该账户的必填信息后，再重新创建机器人",
+			), "trader.create.exchange_missing_fields", mapStringPairs(
+				"exchange_name", exchangeDisplayName(exchange),
+				"missing_fields", strings.Join(missing, ", "),
+			)
 	}

 	switch exchange.ExchangeType {
@@ -186,12 +194,12 @@ func validateExchangeForTraderCreation(exchange *store.Exchange) (string, string
 		return "", "", nil
 	default:
 		return formatTraderCreationError(
-			fmt.Sprintf("交易所账户「%s」使用了当前版本暂不支持的类型 %s", exchangeDisplayName(exchange), exchange.ExchangeType),
-			"请改用当前版本支持的交易所账户后，再重新创建机器人",
-		), "trader.create.exchange_unsupported", mapStringPairs(
-			"exchange_name", exchangeDisplayName(exchange),
-			"exchange_type", exchange.ExchangeType,
-		)
+				fmt.Sprintf("交易所账户「%s」使用了当前版本暂不支持的类型 %s", exchangeDisplayName(exchange), exchange.ExchangeType),
+				"请改用当前版本支持的交易所账户后，再重新创建机器人",
+			), "trader.create.exchange_unsupported", mapStringPairs(
+				"exchange_name", exchangeDisplayName(exchange),
+				"exchange_type", exchange.ExchangeType,
+			)
 	}
 }

@@ -327,14 +335,16 @@ func (s *Server) handleCreateTrader(c *gin.Context) {
 		return
 	}

-	// Validate trading symbol format
+	// Validate trading symbol format. Hyperliquid xyz dex markets (stocks,
+	// commodities, indices, FX, Pre-IPO) are user-facing SYMBOL-USDC pairs,
+	// while standard crypto/perp markets keep the legacy USDT suffix format.
 	if req.TradingSymbols != "" {
 		symbols := strings.Split(req.TradingSymbols, ",")
 		for _, symbol := range symbols {
 			symbol = strings.TrimSpace(symbol)
-			if symbol != "" && !strings.HasSuffix(strings.ToUpper(symbol), "USDT") {
+			if !isSupportedTraderSymbol(symbol) {
 				SafeBadRequestWithDetails(c, traderCreationRequestError(
-					fmt.Sprintf("交易对 %s 的格式不正确，目前只支持以 USDT 结尾的合约交易对", symbol),
+					fmt.Sprintf("交易对 %s 的格式不正确，目前只支持 USDT 合约或 Hyperliquid XYZ USDC 标的（SYMBOL-USDC）", symbol),
 				), "trader.create.invalid_symbol", mapStringPairs("symbol", symbol))
 				return
 			}
@@ -531,14 +541,14 @@ func (s *Server) handleCreateTrader(c *gin.Context) {

 	if startupWarning == "" {
 		if loadErr := s.traderManager.GetLoadError(traderID); loadErr != nil {
-		logger.Infof("⚠️ Trader %s failed to load after creation: %v", traderID, loadErr)
+			logger.Infof("⚠️ Trader %s failed to load after creation: %v", traderID, loadErr)
 			startupWarning = describeTraderCreationWarning(req.Name, loadErr)
 		}
 	}

 	if startupWarning == "" {
 		if _, getErr := s.traderManager.GetTrader(traderID); getErr != nil {
-		logger.Infof("⚠️ Trader %s not found in memory after creation: %v", traderID, getErr)
+			logger.Infof("⚠️ Trader %s not found in memory after creation: %v", traderID, getErr)
 			startupWarning = describeTraderCreationWarning(req.Name, getErr)
 		}
 	}
@@ -546,11 +556,11 @@ func (s *Server) handleCreateTrader(c *gin.Context) {
 	logger.Infof("✓ Trader created successfully: %s (model: %s, exchange: %s)", req.Name, req.AIModelID, req.ExchangeID)

 	c.JSON(http.StatusCreated, gin.H{
-		"trader_id":        traderID,
-		"trader_name":      req.Name,
-		"ai_model":         req.AIModelID,
-		"is_running":       false,
-		"startup_warning":  startupWarning,
+		"trader_id":       traderID,
+		"trader_name":     req.Name,
+		"ai_model":        req.AIModelID,
+		"is_running":      false,
+		"startup_warning": startupWarning,
 	})
 }

@@ -767,6 +777,14 @@ func (s *Server) handleStartTrader(c *gin.Context) {
 		traderName = fullCfg.Trader.Name
 	}

+	if fullCfg != nil && fullCfg.Exchange != nil && fullCfg.Exchange.ExchangeType == "hyperliquid" && !fullCfg.Exchange.HyperliquidBuilderApproved {
+		SafeBadRequestWithDetails(c, formatTraderStartError(
+			fmt.Sprintf("机器人「%s」的 Hyperliquid 交易授权尚未完成", traderName),
+			"请重新连接 Hyperliquid 钱包并完成交易授权后，再启动机器人",
+		), "trader.start.hyperliquid_builder_not_approved", mapStringPairs("trader_name", traderName, "exchange_name", exchangeDisplayName(fullCfg.Exchange)))
+		return
+	}
+
 	// Check if trader exists in memory and if it's running
 	existingTrader, _ := s.traderManager.GetTrader(traderID)
 	if existingTrader != nil {
--- a/api/server.go
+++ b/api/server.go
@@ -92,6 +92,9 @@ func (s *Server) setupRoutes() {
 		// Wallet validation (no authentication required — used by frontend config form)
 		api.POST("/wallet/validate", s.handleWalletValidate)
 		api.POST("/wallet/generate", s.handleWalletGenerate)
+		s.route(api, "GET", "/hyperliquid/connect-config", "Get NOFX Hyperliquid builder authorization config", s.handleHyperliquidConnectConfig)
+		s.route(api, "GET", "/hyperliquid/account", "Get Hyperliquid account balance summary", s.handleHyperliquidAccount)
+		s.route(api, "POST", "/hyperliquid/submit-exchange", "Submit a user-signed Hyperliquid approval action", s.handleHyperliquidSubmitExchange)

 		// Crypto related endpoints (no authentication required, not exposed to bot)
 		api.GET("/crypto/config", s.cryptoHandler.HandleGetCryptoConfig)