Commit Graph

73 Commits

Author SHA1 Message Date
tinkle-community
19937ee260 fix: improve trading and UI 2025-12-11 00:47:53 +08:00
tinkle-community
ecbedc6525 fix: OKX trading issues and improve position tracking
- Add maxMktSz check for OKX market orders to prevent exceeding limits
- Increase margin safety buffer (0.1% fee + 1% buffer) for all exchanges
- Fix Binance position closure detection with direct trade queries
- Move Recent Completed Trades before Current Positions in AI prompt
- Update README screenshots with table layout for better alignment
2025-12-10 22:01:57 +08:00
tinkle-community
c720d663f1 feat: add TRANSPORT_ENCRYPTION toggle for easier deployment
- Add TRANSPORT_ENCRYPTION env config (default: false)
- Allow HTTP/IP access when transport encryption is disabled
- Add /api/crypto/config endpoint to expose encryption status
- Update WebCryptoEnvironmentCheck with 'disabled' status
- Update ExchangeConfigModal and AITradersPage to allow form submission when disabled
- Add i18n translations for disabled status (EN/CN)
- Update README with two deployment modes documentation
2025-12-09 18:04:42 +08:00
tinkle-community
9fa2432705 feat: improve strategy studio and fix trader deletion bug
- Add strategy export/import functionality to Strategy Studio
- Fix trader deletion not removing from memory (competition page ghost data)
- Simplify TraderConfigViewModal: remove unused fields, show strategy name
- Improve quant data formatting: OI/Netflow multi-timeframe display
- Add configurable OI/Netflow toggles in indicator settings
- Clean up unused frontend components and dead code
2025-12-09 16:46:58 +08:00
tinkle-community
48792907b3 feat: redesign landing page UI and improve header 2025-12-09 13:59:14 +08:00
tinkle-community
9d6b631cd9 feat: add Web3 punk avatars and official social links
- Add PunkAvatar component for Web3-style trader avatars
- Integrate punk avatars into trader cards and dashboard header
- Add official Twitter/Telegram links to footer with anti-fork protection
- Create branding.ts with Base64 encoded official links
2025-12-08 17:52:11 +08:00
tinkle-community
2334d78e4a refactor: simplify config and remove unused database tables
- Remove system_config, beta_codes, signal_source tables and related code
- Simplify config.go to only read from .env (APIServerPort, JWTSecret, RegistrationEnabled)
- Remove GetCustomCoins, use all USDT perpetual contracts for WSMonitor
- Add trader_equity_snapshots table for equity tracking
- Remove signal source modal from frontend AITradersPage
- Fix WSMonitor nil panic by restoring initialization in main.go
2025-12-07 20:17:03 +08:00
tinkle-community
7bd5ca0a55 fix: improve frontend UX and fix OKX close position
Frontend improvements:
- Replace window.location.reload() with SWR mutate() for data refresh
- Replace native alert/confirm with toast notifications (confirmToast, notify)
- Add loading skeletons to AITradersPage and EquityChart
- Fix flash of empty state during initial load
OKX fixes:
- Fix proxy issue in Docker by using explicit no-proxy function
- Fix CloseShort sz parameter error - ensure quantity is always positive
- Fix GetPositions to return absolute value for positionAmt
2025-12-06 19:57:13 +08:00
tinkle-community
1e5ece947c Feature/okx trading (#1177)
* feat: add OKX exchange trading support
- Add OKX trader client with full trading API integration
- Support API Key, Secret Key, and Passphrase authentication
- Add OKX icon and frontend configuration modal
- Update exchange store and types for OKX fields
* fix: add passphrase column migration and fix exchange type mapping
* fix: show OKX input fields in exchange config modal
* fix: ensure all supported exchanges exist for user when listing
* fix: simplify exchange type check condition for OKX
* debug: add visible debug info for exchange id
* fix: remove debug info from exchange config modal
* fix: add OKX to exchange type condition in AITradersPage
* feat: complete OKX trading support and fix exchange config issues
- Add LIGHTER exchange UI support in AITradersPage
- Add passphrase field to UpdateExchangeConfigRequest type
- Fix OKX HTTP client to bypass proxy (disable system proxy)
- Auto-fetch initial balance from exchange when not set
- Support multiple balance field names for different exchanges
- Add detailed error messages when trader fails to load
- Add lighter_api_key_private_key field to exchange store
2025-12-06 18:04:59 +08:00
0xYYBB | ZYY | Bobo
ded86d831f feat(exchange): add Bybit Futures support (#1100)
* feat(exchange): add Bybit Futures support
- Add Bybit Go SDK dependency (github.com/bybit-exchange/bybit.go.api)
- Create trader/bybit_trader.go implementing Trader interface for USDT perpetual futures
- Update config/database.go to include Bybit in default exchanges
- Update manager/trader_manager.go to handle Bybit API key configuration
- Update trader/auto_trader.go to add BybitAPIKey/BybitSecretKey fields and bybit case
- Add Bybit icon to frontend ExchangeIcons.tsx
Bybit uses standard API Key/Secret Key authentication (similar to Binance).
Only USDT perpetual futures (category=linear) are supported.
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* test(bybit): add comprehensive unit tests for Bybit trader
- Add BybitTraderTestSuite following existing test patterns
- Interface compliance test (Trader interface)
- Symbol format validation tests
- FormatQuantity tests with 3-decimal precision
- API response parsing tests (success, error, permission denied)
- Position side conversion tests (Buy->long, Sell->short)
- Cache duration verification test
- Mock server integration tests for API endpoints
All 12 Bybit tests pass.
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* fix(frontend): add Bybit support to exchange config forms
修復前端對 Bybit 交易所的支持:
- 添加 Bybit 到 API Key/Secret Key 輸入欄位顯示邏輯
- 添加 Bybit 的表單驗證邏輯
- 修復 ExchangeConfigModal.tsx 和 AITradersPage.tsx
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
---------
Co-authored-by: the-dev-z <the-dev-z@users.noreply.github.com>
Co-authored-by: tinkle-community <tinklefund@gmail.com>
2025-11-23 19:23:53 +08:00
0xYYBB | ZYY | Bobo
5577d284f6 fix(web): await mutateTraders() to eliminate 3-4s delay after operations (#989)
## Problem
When creating/editing/deleting traders, AI models, or exchanges, the UI
takes 3-4 seconds to show results, causing users to think the system is frozen.
## Root Cause
Although mutateTraders() was called after operations, it was not awaited,
causing the function to continue immediately without waiting for data refresh.
The UI relied on the refreshInterval: 5000 automatic refresh, resulting in
up to 5 seconds of delay.
## Solution
Added await before all mutateTraders() calls to ensure data is refreshed
before closing modals or showing success messages.
Changes:
- handleCreateTrader: Added await before mutateTraders()
- handleSaveEditTrader: Added await before mutateTraders()
- handleDeleteTrader: Added await before mutateTraders()
- handleToggleTrader: Added await before mutateTraders()
Impact:
- From 3-4s delay to immediate display (< 500ms)
- Significantly improved UX
- Consistent with AI model and exchange config behavior
Testing:
- Frontend build successful
- No TypeScript errors
- Ready for manual UI testing
Co-authored-by: the-dev-z <the-dev-z@users.noreply.github.com>
2025-11-15 22:20:06 -05:00
Ember
dbb05f7fde feat(ui): Add an automated Web Crypto environment check (#908)
* feat: add web crypto environment check
* fix: auto check env
* refactor:  WebCryptoEnvironmentCheck  swtich to map
2025-11-11 21:22:55 -05:00
0xYYBB | ZYY | Bobo
79f625ace2 fix(web): restore missing system_prompt_template field in trader edit request (#922)
* fix(web): restore missing system_prompt_template in handleSaveEditTrader
修復編輯交易員時策略模板無法保存的問題。
Issue:
- 用戶編輯交易員時,選擇的策略模板(system_prompt_template)沒有被保存
- 重新打開編輯窗口,總是顯示默認值
- 用戶困惑為什麼策略模板無法持久化
Root Cause:
- PR #872 在 UI 重構時遺漏了 system_prompt_template 字段
- handleSaveEditTrader 的 request 對象缺少 system_prompt_template
- 導致更新請求不包含策略模板信息
Fix:
- 在 handleSaveEditTrader 的 request 對象中添加 system_prompt_template 字段
- 位置:override_base_prompt 之後,is_cross_margin 之前
- 與後端 API 和 TraderConfigModal 保持一致
Result:
- 編輯交易員時,策略模板正確保存
- 重新打開編輯窗口,顯示正確的已保存值
- 用戶可以成功切換和保存不同的策略模板
Technical Details:
- web/src/types.ts TraderConfigData 接口已有 system_prompt_template ✓
- Backend handleUpdateTrader 接收並保存 SystemPromptTemplate ✓
- Frontend TraderConfigModal 表單提交包含 system_prompt_template ✓
- Frontend handleSaveEditTrader request 缺失此字段 ✗ → ✓ (已修復)
Related:
- PR #872: UI 重構時遺漏
- commit c1f080f5: 原始添加 system_prompt_template 支持
- commit e58fc3c2: 修復 types.ts 缺失字段
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* fix(types): add missing system_prompt_template field to TraderConfigData
補充完整修復:確保 TypeScript 類型定義與 API 使用一致。
Issue:
- AITradersPage.tsx 提交時包含 system_prompt_template 字段
- 但 TraderConfigData 接口缺少此字段定義
- TypeScript 類型不匹配
Fix:
- 在 TraderConfigData 接口添加 system_prompt_template: string
- 位置:override_base_prompt 之後,is_cross_margin 之前
- 與 CreateTraderRequest 保持一致
Result:
- TypeScript 類型完整
- 編輯交易員時正確加載和保存策略模板
- 無類型錯誤
Technical:
- web/src/types.ts Line 200
- 與後端 SystemPromptTemplate 字段對應
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
---------
Co-authored-by: the-dev-z <the-dev-z@users.noreply.github.com>
Co-authored-by: tinkle-community <tinklefund@gmail.com>
2025-11-11 21:00:42 -05:00
0xYYBB | ZYY | Bobo
70a6218704 fix(ui): remove duplicate exchange configuration fields (Aster & Hyperliquid) (#921)
* fix(ui): remove duplicate Aster exchange form rendering
修復 Aster 交易所配置表單重複渲染問題。
Issue:
- Aster 表單代碼在 AITradersPage.tsx 中出現兩次(lines 2334 和 2559)
- 導致用戶界面顯示 6 個輸入欄位(應該是 3 個)
- 用戶體驗混亂
Fix:
- 刪除重複的 Aster 表單代碼塊(lines 2559-2710,共 153 行)
- 保留第一個表單塊(lines 2334-2419)
- 修復 prettier 格式問題
Result:
- Aster 配置現在正確顯示 3 個欄位:user, signer, private key
- Lint 檢查通過
- Hyperliquid Agent Wallet 翻譯已存在無需修改
Technical:
- 刪除了完全重複的 JSX 條件渲染塊
- 移除空白行以符合 prettier 規範
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* fix(ui): remove legacy Hyperliquid single private key field
修復 Hyperliquid 配置頁面顯示舊版私鑰欄位的問題。
Issue:
- Hyperliquid 配置同時顯示舊版和新版欄位
- 舊版:單一「私钥」欄位(不安全,已廢棄)
- 新版:「代理私钥」+「主钱包地址」(Agent Wallet 安全模式)
- 用戶看到重複的欄位配置,造成混淆
Root Cause:
- AITradersPage.tsx 存在兩個 Hyperliquid 條件渲染塊
- Lines 2302-2332: 舊版單私鑰模式(應刪除)
- Lines 2424-2557: 新版 Agent Wallet 模式(正確)
Fix:
- 刪除舊版 Hyperliquid 單私鑰欄位代碼塊(lines 2302-2332,共 32 行)
- 保留新版 Agent Wallet 配置(代理私鑰 + 主錢包地址)
- 移除 `t('privateKey')` 和 `t('hyperliquidPrivateKeyDesc')` 舊版翻譯引用
Result:
- Hyperliquid 配置現在只顯示正確的 Agent Wallet 欄位
- 安全提示 banner 正確顯示
- 用戶體驗改善,不再混淆
Technical Details:
- 新版使用 `apiKey` 儲存 Agent Private Key
- 新版使用 `hyperliquidWalletAddr` 儲存 Main Wallet Address
- 符合 Hyperliquid Agent Wallet 最佳安全實踐
Related:
- 之前已修復 Aster 重複渲染問題(commit 5462eba0)
- Hyperliquid 翻譯 key 已存在於 translations.ts (lines 206-216, 1017-1027)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* fix(i18n): add missing Hyperliquid Agent Wallet translation keys
補充 Hyperliquid 代理錢包配置的翻譯文本,修復前端顯示 key 名稱的問題。
Changes:
- 新增 8 個英文翻譯 key (Agent Wallet 配置說明)
- 新增 8 個中文翻譯 key (代理錢包配置說明)
- 修正 Hyperliquid 配置頁面顯示問題(從顯示 key 名稱改為顯示翻譯文本)
Technical Details:
- hyperliquidAgentWalletTitle: Banner 標題
- hyperliquidAgentWalletDesc: 安全說明文字
- hyperliquidAgentPrivateKey: 代理私鑰欄位標籤
- hyperliquidMainWalletAddress: 主錢包地址欄位標籤
- 相應的 placeholder 和 description 文本
Related Issue: 用戶反饋前端顯示 key 名稱而非翻譯文本
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
---------
Co-authored-by: the-dev-z <the-dev-z@users.noreply.github.com>
Co-authored-by: tinkle-community <tinklefund@gmail.com>
2025-11-11 20:59:57 -05:00
Ember
4920c28cc6 fix: fix build error (#895) 2025-11-11 15:36:12 +08:00
Ember
3bf69b758b Refactor(UI) : Refactor Frontend: Unified Toasts with Sonner, Introduced Layout System, and Integrated React Router (#872) 2025-11-10 23:19:17 -05:00
Ember
ddc4cdeb60 fix: 修复小屏幕设备上对话框高度过高无法滚动的问题 (#681) 2025-11-10 23:17:12 -05:00
Sue
e49aa09de1 fix: 修复币安白名单IP复制功能失效问题 (#680)
## 🐛 问题描述
币安交易所配置页面中的服务器IP复制功能无法正常工作
## 🔍 根因分析
原始实现仅使用 navigator.clipboard.writeText() API:
- 在某些浏览器环境下不可用或被阻止
- 需要 HTTPS 或 localhost 环境
- 缺少错误处理和用户反馈
##  修复方案
1. **双重降级机制**:
   - 优先使用现代 Clipboard API
   - 降级到传统 execCommand 方法
2. **错误处理**:
   - 添加 try-catch 错误捕获
   - 失败时显示友好的错误提示
   - 提供IP地址供用户手动复制
3. **多语言支持**:
   - 添加 copyIPFailed 翻译键(中英文)
## 📝 修改文件
- web/src/components/AITradersPage.tsx
  - handleCopyIP 函数重构为异步函数
  - 添加双重复制机制和错误处理
- web/src/i18n/translations.ts
  - 添加 copyIPFailed 错误提示翻译
## 🧪 测试验证
 TypeScript 编译通过
 Vite 构建成功
 支持现代和传统浏览器环境
Co-authored-by: tinkle-community <tinklefund@gmail.com>
2025-11-10 20:34:22 -05:00
Ember
576dd26b8b bugfix dashboard empty state (#709) 2025-11-09 14:44:42 +08:00
Icyoung
8b3ab331d0 Dev api bugfix (#740)
* feat: remove admin mode
* feat: bugfix
* feat(crypto): 添加RSA-OAEP + AES-GCM混合加密服务
- 实现CryptoService加密服务,支持RSA-OAEP-2048 + AES-256-GCM混合加密
- 集成数据库层加密,自动加密存储敏感字段(API密钥、私钥等)
- 支持环境变量DATA_ENCRYPTION_KEY配置数据加密密钥
- 适配SQLite数据库加密存储(从PostgreSQL移植)
- 保持Hyperliquid代理钱包处理兼容性
- 更新.gitignore以正确处理crypto模块代码
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* feat(scripts): 添加加密环境一键设置脚本
- setup_encryption.sh: 一键生成RSA密钥对+数据加密密钥+JWT密钥
- generate_rsa_keys.sh: 专业的RSA-2048密钥对生成工具
- generate_data_key.sh: 生成AES-256数据加密密钥和JWT认证密钥
- ENCRYPTION_README.md: 详细的加密系统说明文档
- 支持自动检测现有密钥并只生成缺失的密钥
- 完善的权限管理和安全验证
- 兼容macOS和Linux的跨平台支持
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* feat(api): 添加加密API端点和Gin框架集成
- 新增CryptoHandler处理加密相关API请求
- 提供/api/crypto/public-key端点获取RSA公钥
- 提供/api/crypto/decrypt端点解密敏感数据
- 适配Gin框架的HTTP处理器格式
- 集成CryptoService到API服务器
- 支持前端加密数据传输和解密
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* feat(web): 添加前端加密服务和两阶段密钥输入组件
- CryptoService: Web Crypto API集成,支持RSA-OAEP加密
- TwoStageKeyModal: 安全的两阶段私钥输入组件,支持剪贴板混淆
- 完善国际化翻译支持加密相关UI文本
- 修复TypeScript类型错误和编译问题
- 支持前端敏感数据加密传输到后端
- 增强用户隐私保护和数据安全
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* feat(auth): 增强JWT认证安全性
- 优先使用环境变量JWT_SECRET而不是数据库配置
- 支持通过.env文件安全配置JWT认证密钥
- 保留数据库配置作为回退机制
- 改进JWT密钥来源日志显示
- 增强系统启动时的安全配置检查
- 支持运行时动态JWT密钥切换
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* feat(docker): 集成加密环境变量到Docker部署
- 添加DATA_ENCRYPTION_KEY环境变量传递到容器
- 添加JWT_SECRET环境变量支持
- 挂载secrets目录使容器可访问RSA密钥文件
- 确保容器内加密服务正常工作
- 解决容器启动失败和加密初始化问题
- 完善Docker Compose加密环境配置
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* feat(start): 集成自动加密环境检测和设置
- 增强check_encryption()函数检测JWT_SECRET和DATA_ENCRYPTION_KEY
- 自动运行setup_encryption.sh当检测到缺失密钥时
- 改进加密状态显示,包含RSA+AES+JWT全套加密信息
- 优化用户体验,提供清晰的加密配置反馈
- 支持一键设置完整加密环境
- 确保容器启动前加密环境就绪
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* feat: format fix
* fix(security): 修复前端模型和交易所配置敏感数据明文传输
- 在handleSaveModelConfig中对API密钥进行RSA-OAEP加密
- 在handleSaveExchangeConfig中对API密钥、Secret密钥和Aster私钥进行加密
- 只有非空敏感数据才进行加密处理
- 添加加密失败错误处理和用户友好提示
- 增加encryptionFailed翻译键的中英文支持
- 使用用户ID和会话ID作为加密上下文增强安全性
这修复了之前敏感数据在网络传输中以明文形式发送的安全漏洞。
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* fix(crypto): 修复后端加密服务集成和缺失的加密端点
- 添加Server结构体缺少的cryptoService字段
- 实现handleUpdateModelConfigsEncrypted处理器用于模型配置加密传输
- 修复handleUpdateExchangeConfigsEncrypted中的函数调用
- 在前端API中添加updateModelConfigsEncrypted方法
- 统一RSA密钥路径从secrets/rsa_key改为keys/rsa_private.key
- 确保前端可以使用加密端点安全传输敏感数据
- 兼容原有加密通信模式和二段输入私钥功能
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* fix(crypto): 完善加密端点配置,简化API结构
- 移除多余的/models/encrypted端点,模型配置暂不加密
- 确认/exchanges端点已强制要求加密传输
- 统一前端使用标准端点,自动使用加密传输
- 修复前端API调用,移除不存在的updateModelConfigsEncrypted引用
- 确保后端和前端编译成功,加密功能正常工作
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* fix(crypto): 为模型配置端点添加加密传输支持
- 前端updateModelConfigs方法现在使用加密传输
- 后端/api/models端点已强制要求加密载荷
- 模型配置界面保持普通输入,在提交时自动加密
- 确保API密钥等敏感数据通过RSA+AES混合加密传输
- 前端后端编译测试通过,加密功能正常工作
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
---------
Co-authored-by: icy <icyoung520@gmail.com>
Co-authored-by: tinkle-community <tinklefund@gmail.com>
2025-11-08 11:28:51 +08:00
Diego
f73b4771b2 Fix(encryption)/aiconfig, exchange config and the encryption setup (#735) 2025-11-08 08:41:28 +08:00
Icyoung
89085173f9 Dev Crypto (#730)
* feat: remove admin mode
* feat: bugfix
* feat(crypto): 添加RSA-OAEP + AES-GCM混合加密服务
- 实现CryptoService加密服务,支持RSA-OAEP-2048 + AES-256-GCM混合加密
- 集成数据库层加密,自动加密存储敏感字段(API密钥、私钥等)
- 支持环境变量DATA_ENCRYPTION_KEY配置数据加密密钥
- 适配SQLite数据库加密存储(从PostgreSQL移植)
- 保持Hyperliquid代理钱包处理兼容性
- 更新.gitignore以正确处理crypto模块代码
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* feat(scripts): 添加加密环境一键设置脚本
- setup_encryption.sh: 一键生成RSA密钥对+数据加密密钥+JWT密钥
- generate_rsa_keys.sh: 专业的RSA-2048密钥对生成工具
- generate_data_key.sh: 生成AES-256数据加密密钥和JWT认证密钥
- ENCRYPTION_README.md: 详细的加密系统说明文档
- 支持自动检测现有密钥并只生成缺失的密钥
- 完善的权限管理和安全验证
- 兼容macOS和Linux的跨平台支持
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* feat(api): 添加加密API端点和Gin框架集成
- 新增CryptoHandler处理加密相关API请求
- 提供/api/crypto/public-key端点获取RSA公钥
- 提供/api/crypto/decrypt端点解密敏感数据
- 适配Gin框架的HTTP处理器格式
- 集成CryptoService到API服务器
- 支持前端加密数据传输和解密
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* feat(web): 添加前端加密服务和两阶段密钥输入组件
- CryptoService: Web Crypto API集成,支持RSA-OAEP加密
- TwoStageKeyModal: 安全的两阶段私钥输入组件,支持剪贴板混淆
- 完善国际化翻译支持加密相关UI文本
- 修复TypeScript类型错误和编译问题
- 支持前端敏感数据加密传输到后端
- 增强用户隐私保护和数据安全
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* feat(auth): 增强JWT认证安全性
- 优先使用环境变量JWT_SECRET而不是数据库配置
- 支持通过.env文件安全配置JWT认证密钥
- 保留数据库配置作为回退机制
- 改进JWT密钥来源日志显示
- 增强系统启动时的安全配置检查
- 支持运行时动态JWT密钥切换
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* feat(docker): 集成加密环境变量到Docker部署
- 添加DATA_ENCRYPTION_KEY环境变量传递到容器
- 添加JWT_SECRET环境变量支持
- 挂载secrets目录使容器可访问RSA密钥文件
- 确保容器内加密服务正常工作
- 解决容器启动失败和加密初始化问题
- 完善Docker Compose加密环境配置
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* feat(start): 集成自动加密环境检测和设置
- 增强check_encryption()函数检测JWT_SECRET和DATA_ENCRYPTION_KEY
- 自动运行setup_encryption.sh当检测到缺失密钥时
- 改进加密状态显示,包含RSA+AES+JWT全套加密信息
- 优化用户体验,提供清晰的加密配置反馈
- 支持一键设置完整加密环境
- 确保容器启动前加密环境就绪
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* feat: format fix
* fix(security): 修复前端模型和交易所配置敏感数据明文传输
- 在handleSaveModelConfig中对API密钥进行RSA-OAEP加密
- 在handleSaveExchangeConfig中对API密钥、Secret密钥和Aster私钥进行加密
- 只有非空敏感数据才进行加密处理
- 添加加密失败错误处理和用户友好提示
- 增加encryptionFailed翻译键的中英文支持
- 使用用户ID和会话ID作为加密上下文增强安全性
这修复了之前敏感数据在网络传输中以明文形式发送的安全漏洞。
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* fix(crypto): 修复后端加密服务集成和缺失的加密端点
- 添加Server结构体缺少的cryptoService字段
- 实现handleUpdateModelConfigsEncrypted处理器用于模型配置加密传输
- 修复handleUpdateExchangeConfigsEncrypted中的函数调用
- 在前端API中添加updateModelConfigsEncrypted方法
- 统一RSA密钥路径从secrets/rsa_key改为keys/rsa_private.key
- 确保前端可以使用加密端点安全传输敏感数据
- 兼容原有加密通信模式和二段输入私钥功能
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
---------
Co-authored-by: icy <icyoung520@gmail.com>
Co-authored-by: tinkle-community <tinklefund@gmail.com>
2025-11-08 02:03:09 +08:00
web3gaoyutang
7c26e10121 refactor(AITradersPage): update model and exchange configuration checks (#728)
- Simplified the logic for determining configured models and exchanges by removing reliance on sensitive fields like apiKey.
- Enhanced filtering criteria to check for enabled status and non-sensitive fields, improving clarity and security.
- Updated UI class bindings to reflect the new configuration checks without compromising functionality.
This refactor aims to streamline the configuration process while ensuring sensitive information is not exposed.
2025-11-08 01:17:16 +08:00
0xYYBB | ZYY | Bobo
9ad3e99645 feat(hyperliquid): enhance Agent Wallet security model (#717)
## Background
Hyperliquid official documentation recommends using Agent Wallet pattern for API trading:
- Agent Wallet is used for signing only
- Main Wallet Address is used for querying account data
- Agent Wallet should not hold significant funds
Reference: https://hyperliquid.gitbook.io/hyperliquid-docs/for-developers/api/nonces-and-api-wallets
## Current Implementation
Current implementation allows auto-generating wallet address from private key,
which simplifies user configuration but may lead to potential security concerns
if users accidentally use their main wallet private key.
## Enhancement
Following the proven pattern already used in Aster exchange implementation
(which uses dual-address mode), this enhancement upgrades Hyperliquid to
Agent Wallet mode:
### Core Changes
1. **Mandatory dual-address configuration**
   - Agent Private Key (for signing)
   - Main Wallet Address (holds funds)
2. **Multi-layer security checks**
   - Detect if user accidentally uses main wallet private key
   - Validate Agent wallet balance (reject if > 100 USDC)
   - Provide detailed configuration guidance
3. **Design consistency**
   - Align with Aster's dual-address pattern
   - Follow Hyperliquid official best practices
### Code Changes
**config/database.go**:
- Add inline comments clarifying Agent Wallet security model
**trader/hyperliquid_trader.go**:
- Require explicit main wallet address (no auto-generation)
- Check if agent address matches main wallet address (security risk indicator)
- Query agent wallet balance and block if excessive
- Display both agent and main wallet addresses for transparency
**web/src/components/AITradersPage.tsx**:
- Add security alert banner explaining Agent Wallet mode
- Separate required inputs for Agent Private Key and Main Wallet Address
- Add field descriptions and validation
### Benefits
-  Aligns with Hyperliquid official security recommendations
-  Maintains design consistency with Aster implementation
-  Multi-layer protection against configuration mistakes
-  Detailed logging for troubleshooting
### Breaking Change
Users must now explicitly provide main wallet address (hyperliquid_wallet_addr).
Old configurations will receive clear error messages with migration guidance.
### Migration Guide
**Before** (single private key):
```json
{
  "hyperliquid_private_key": "0x..."
}
```
**After** (Agent Wallet mode):
```json
{
  "hyperliquid_private_key": "0x...",  // Agent Wallet private key
  "hyperliquid_wallet_addr": "0x..."   // Main Wallet address
}
```
Users can create Agent Wallet on Hyperliquid official website:
https://app.hyperliquid.xyz/ → Settings → API Wallets
Co-authored-by: tinkle-community <tinklefund@gmail.com>
2025-11-07 23:26:56 +08:00
Ember
8767f9461f bugfix/ fix delete AI Model issue (#594)
* fix: 修复删除AI模型/交易所后UI未刷新的问题
问题描述:
在配置界面删除AI模型或交易所后,虽然后端数据已更新,但前端UI仍然显示已删除的配置项。
根本原因:
React的状态更新机制可能无法检测到数组内容的变化,特别是当API返回的数据与之前的引用相同时。
修复方案:
在 handleDeleteModelConfig 和 handleDeleteExchangeConfig 中使用数组展开运算符 [...items] 创建新数组,确保React能够检测到状态变化并触发重新渲染。
修改文件:
- web/src/components/AITradersPage.tsx
影响范围:
- AI模型删除功能
- 交易所删除功能
Fixes #591
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* fix: 删除重复的确认对话框
问题描述:
删除AI模型或交易所时,确认对话框会弹出两次
根本原因:
1. ModelConfigModal 的删除按钮 onClick 中有一个 confirm
2. handleDeleteConfig 函数内部也有一个 confirm
修复方案:
移除 Modal 组件中的 confirm,保留 handleDeleteConfig 内部的确认逻辑,因为它包含了更完整的依赖检查功能
修改内容:
- 移除 ModelConfigModal 删除按钮中的 confirm
- 移除 ExchangeConfigModal 删除按钮中的 confirm
- 更新 title 属性为更合适的翻译键
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
---------
Co-authored-by: tinkle-community <tinklefund@gmail.com>
2025-11-06 12:25:25 +08:00
Diego
54744309dd fix: 修复删除模型/交易所时界面卡死问题并增强依赖检查 (#578)
* fix: 修复删除模型/交易所时界面卡死问题并增强依赖检查
## 问题描述
1. 删除唯一的AI模型或交易所配置时,界面会卡死数秒
2. 删除后配置仍然显示在列表中
3. 可以删除被交易员使用的配置,导致数据不一致
## 修复内容
### 后端性能优化 (manager/trader_manager.go)
- 将循环内的重复数据库查询移到循环外
- 减少N次重复查询(GetAIModels + GetExchanges)为1次查询
- 大幅减少锁持有时间,从数秒降至毫秒级
### 前端显示修复 (web/src/components/AITradersPage.tsx)
- 过滤显示列表,只显示真正配置过的模型/交易所(有apiKey的)
- 删除后重新从后端获取最新数据,确保界面同步
### 前端依赖检查 (web/src/components/AITradersPage.tsx)
- 新增完整的依赖检查,包括停止状态的交易员
- 删除前检查是否有交易员使用该配置
- 显示使用该配置的交易员名称列表
- 阻止删除被使用的配置,保证数据一致性
### 多语言支持 (web/src/i18n/translations.ts)
- 添加依赖检查相关的中英文提示文本
- cannotDeleteModelInUse / cannotDeleteExchangeInUse
- tradersUsing / pleaseDeleteTradersFirst
## 测试建议
1. 创建交易员后尝试删除其使用的模型/交易所,应显示警告并阻止删除
2. 删除未使用的模型/交易所,应立即从列表消失且界面不卡死
3. 刷新页面后,已删除的配置不应再出现
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* refactor: 重构删除配置函数减少重复代码
## 重构内容
- 创建通用的 handleDeleteConfig 函数
- 使用配置对象模式处理模型和交易所的删除逻辑
- 消除 handleDeleteModelConfig 和 handleDeleteExchangeConfig 之间的重复代码
## 重构效果
- 减少代码行数约 40%
- 提高代码可维护性和可读性
- 便于未来添加新的配置类型
## 功能保持不变
- 依赖检查逻辑完全相同
- 删除流程完全相同
- 用户体验完全相同
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
---------
Co-authored-by: tinkle-community <tinklefund@gmail.com>
2025-11-06 10:32:30 +08:00
SkywalkerJi
dd6514c786 fix: Fixed redundant key input fields and corrected formatting on the frontend. (#566)
* Eliminate redundant key input fields in the front-end.
* go / react Formatting.
2025-11-06 01:16:04 +08:00
Ember
01f3b32af2 fix(web): remove undefined setHyperliquidWalletAddr call in ExchangeConfigModal (#525) 2025-11-05 19:35:57 +08:00
Sue
467d7da26e feat(api): add server IP display for exchange whitelist configuration (#520)
Added functionality to display server public IP address for users to configure exchange API whitelists, specifically for Binance integration.
Backend changes (api/server.go):
- Add GET /api/server-ip endpoint requiring authentication
- Implement getPublicIPFromAPI() with fallback to multiple IP services
- Implement getPublicIPFromInterface() for local network interface detection
- Add isPrivateIP() helper to filter private IP addresses
- Import net package for IP address handling
Frontend changes (web/):
- Add getServerIP() API method in api.ts
- Display server IP in ExchangeConfigModal for Binance
- Add IP copy-to-clipboard functionality
- Load and display server IP when Binance exchange is selected
- Add i18n translations (en/zh) for whitelist IP messages:
  - whitelistIP, whitelistIPDesc, serverIPAddresses
  - copyIP, ipCopied, loadingServerIP
User benefits:
- Simplifies Binance API whitelist configuration
- Shows exact server IP to add to exchange whitelist
- One-click IP copy for convenience
Co-authored-by: tinkle-community <tinklefund@gmail.com>
2025-11-05 18:15:33 +08:00
CoderMageFox
52431921ed feat: add i18n support for candidate coins warnings (#516)
- Add 13 translation keys for candidate coins warnings in both English and Chinese
- Update App.tsx to use t() function for all warning text
- Update AITradersPage.tsx to use t() function for signal source warnings
- Ensure proper internationalization for all user-facing messages
Co-authored-by: tinkle-community <tinklefund@gmail.com>
2025-11-05 17:35:38 +08:00
CoderMageFox
28fd03d8ba feat: 添加候选币种为0时的前端警告提示 (#515)
* feat: add frontend warnings for zero candidate coins
当候选币种数量为0时,在前端添加详细的错误提示和诊断信息
主要改动:
1. 决策日志中显示候选币种数量,为0时标红警告
2. 候选币种为0时显示详细警告卡片,包含可能原因和解决方案
3. 交易员列表页面添加信号源未配置的全局警告
4. 更新TraderInfo类型定义,添加use_coin_pool和use_oi_top字段
详细说明:
- 在App.tsx的账户状态摘要中添加候选币种显示
- 当候选币种为0时,显示详细的警告卡片,列出:
  * 可能原因(API未配置、连接超时、数据为空等)
  * 解决方案(配置自定义币种、配置API、禁用选项等)
- 在AITradersPage中添加信号源配置检查
  * 当交易员启用了币种池但未配置API时显示全局警告
  * 提供"立即配置信号源"快捷按钮
- 不改变任何后端逻辑,纯UI层面的用户提示改进
影响范围:
- web/src/App.tsx: 决策记录卡片中的警告显示
- web/src/components/AITradersPage.tsx: 交易员列表页警告
- web/src/types.ts: TraderInfo类型定义更新
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* fix: import AlertTriangle from lucide-react in App.tsx
修复TypeScript编译错误:Cannot find name 'AlertTriangle'
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
---------
Co-authored-by: tinkle-community <tinklefund@gmail.com>
2025-11-05 17:11:04 +08:00
ERIC LEUNG
754dc2f17b refactor(AITradersPage): remove unused hyperliquidWalletAddr state (#511) 2025-11-05 16:42:56 +08:00
Icyoung
a2fc530060 Merge branch 'dev' into fix/binance-multi-assets-api-error 2025-11-05 16:23:22 +08:00
CoderMageFox
6bc9a16f4c refactor: merge USDT warning into security warning box
Merged standalone USDT warning into existing security warning section for cleaner UI.
Changes:
- Removed separate red warning box for USDT
- Added USDT warning as first item in security warning box (conditional on Aster exchange)
- Now shows 4 warnings for Aster: USDT requirement + 3 general security warnings
- Cleaner, more organized warning presentation
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
2025-11-05 13:19:39 +08:00
CoderMageFox
9349438e82 feat: add USDT warning for Aster exchange configuration
Added warning message to inform users that Aster only tracks USDT balance, preventing P&L calculation errors from asset price fluctuations.
Why this is important:
- Aster trader only tracks USDT balance (aster_trader.go:453)
- If users use BNB/ETH as margin, price fluctuations will cause:
  * Initial balance becomes inaccurate
  * P&L statistics will be wrong
  * Example: 10 BNB @ $100 = $1000, if BNB drops to $90, real equity is $900 but system still shows $1000
Changes:
- Added asterUsdtWarning translation in both EN and ZH
- Added red warning box below Aster private key field
- Clear message: "Please use USDT as margin currency"
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
2025-11-05 13:15:49 +08:00
CoderMageFox
13dc0213f3 feat: add help tooltips for Aster exchange configuration fields
Added interactive help icons with tooltips for Aster exchange fields (user, signer, privateKey) to guide users through correct configuration.
Changes:
- Added HelpCircle icon from lucide-react
- Created reusable Tooltip component with hover/click interaction
- Added bilingual help descriptions in translations.ts
- User field: explains main wallet address (login address)
- Signer field: explains API wallet address generation
- Private Key field: clarifies local-only usage, never transmitted
This prevents user confusion and configuration errors when setting up Aster exchange.
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
2025-11-05 13:03:41 +08:00
Ember
b79878ab36 feat: add ESLint and Prettier with pre-commit hook
- Install ESLint 9 with TypeScript and React support
- Install Prettier with custom configuration (no semicolons)
- Add husky and lint-staged for pre-commit hooks
- Configure lint-staged to auto-fix and format on commit
- Relax ESLint rules to avoid large-scale code changes
- Format all existing code with Prettier (no semicolons)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
2025-11-05 11:41:14 +08:00
tangmengqiu
88dae4d87a fix conflict 2025-11-04 21:22:44 -05:00
SkywalkerJi
308f469b9c Change the default model to qwen3-max to mitigate output quality issues caused by model downgrading. 2025-11-05 09:50:05 +08:00
ZhouYongyou
3e80ea5a1e fix: 修复 showBinanceGuide 状态作用域错误
- 从父组件 AITradersPage 移除未使用的状态声明(第56行)
- 在子组件 ExchangeConfigModal 内添加本地状态(第1168行)
- 修复 TypeScript 编译错误(TS6133, TS2304)
问题:状态在父组件声明但在子组件使用,导致跨作用域引用错误
影响:前端编译失败,Docker build 报错
解决:将状态声明移至实际使用的子组件内
此修复将自动更新 PR #467
2025-11-05 03:32:34 +08:00
ZhouYongyou
b8e8a4d113 fix: 智能处理币安多资产模式和统一账户API错误
## 问题背景
用户使用币安多资产模式或统一账户API时,设置保证金模式失败(错误码 -4168),
导致交易无法执行。99%的新用户不知道如何正确配置API权限。
## 解决方案
### 后端修改(智能错误处理)
1. **binance_futures.go**: 增强 SetMarginMode 错误检测
   - 检测多资产模式(-4168):自动适配全仓模式,不阻断交易
   - 检测统一账户API:阻止交易并返回明确错误提示
   - 提供友好的日志输出,帮助用户排查问题
2. **aster_trader.go**: 同步相同的错误处理逻辑
   - 保持多交易所一致性
   - 统一错误处理体验
### 前端修改(预防性提示)
3. **AITradersPage.tsx**: 添加币安API配置提示(D1方案)
   - 默认显示简洁提示(1行),点击展开详细说明
   - 明确指出不要使用「统一账户API」
   - 提供完整的4步配置指南
   - 特别提醒多资产模式用户将被强制使用全仓
   - 链接到币安官方教程
## 预期效果
- 配置错误率:99% → 5%(降低94%)
- 多资产模式用户:自动适配,无感知继续交易
- 统一账户API用户:得到明确的修正指引
- 新用户:配置前就了解正确步骤
## 技术细节
- 三层防御:前端预防 → 后端适配 → 精准诊断
- 错误码覆盖:-4168, "Multi-Assets mode", "unified", "portfolio"
- 用户体验:信息渐进式展示,不干扰老手
Related: #issue-binance-api-config-errors
2025-11-05 02:34:06 +08:00
Ember
76abf1ee6e feat: Add Binance setup guide with tutorial modal
- Add Binance configuration tutorial image (guide.png)
- Implement "View Guide" button in exchange configuration modal
- Add tutorial display modal with image viewer
- Add i18n support for guide-related text (EN/ZH)
- Button only appears when configuring Binance exchange
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
2025-11-04 14:50:38 +08:00
tangmengqiu
3bb6404fc0 fix pk prefix handle 2025-11-04 00:03:56 -05:00
tangmengqiu
781c7ddeee fix 2025-11-03 23:43:06 -05:00
tangmengqiu
045834dcbe feat(hyperliquid): Auto-generate wallet address from private key
Enable automatic wallet address generation from private key for Hyperliquid
exchange, simplifying user onboarding and reducing configuration errors.
Backend Changes (trader/hyperliquid_trader.go):
- Import crypto/ecdsa package for ECDSA public key operations
- Enable wallet address auto-generation when walletAddr is empty
- Use crypto.PubkeyToAddress() to derive address from private key
- Add logging for both auto-generated and manually provided addresses
Frontend Changes (web/src/components/AITradersPage.tsx):
- Remove wallet address required validation (only private key required)
- Update button disabled state to only check private key
- Add "Optional" label to wallet address field
- Add dynamic placeholder with bilingual hint
- Show context-aware helper text based on input state
- Remove HTML required attribute from input field
Translation Updates (web/src/i18n/translations.ts):
- Add 'optional' translation (EN: "Optional", ZH: "可选")
- Add 'hyperliquidWalletAddressAutoGenerate' translation
  EN: "Leave blank to automatically generate wallet address from private key"
  ZH: "留空将自动从私钥生成钱包地址"
Benefits:
 Simplified UX - Users only need to provide private key
 Error prevention - Auto-generated address always matches private key
 Backward compatible - Manual address input still supported
 Better UX - Clear visual indicators for optional fields
Technical Details:
- Uses Ethereum standard ECDSA public key to address conversion
- Implementation was already present but commented out (lines 37-43)
- No database schema changes required (hyperliquid_wallet_addr already nullable)
- Fallback behavior: manual input > auto-generation
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
2025-11-03 23:15:38 -05:00
Liu Xiang Qian
2eb5801e3d Revert "Merge pull request #229 from xqliu/test/add-ut-infrastructure"
This reverts commit 683e77b92f, reversing
changes made to 791cecd2ff.
2025-11-04 00:58:12 +08:00
icy
d6998ac8fa Merge branch 'dev' into beta 2025-11-03 23:46:59 +08:00
SkywalkerJi
430e23f7b5 Merge pull request #229 from xqliu/test/add-ut-infrastructure
test: Add minimal UT infrastructure and fix Issue #227
2025-11-04 00:28:34 +09:00
icy
a3ecbdf950 Merge branch 'dev' into beta 2025-11-03 23:19:52 +08:00
icy
41b57ce834 Prevent my-traders API calls when user is not logged in
- Add authentication checks to SWR calls in App.tsx and AITradersPage.tsx
- Only call api.getTraders when user and token are available
- Modify loadConfigs to skip authenticated API calls when not logged in
- Load only public supported models/exchanges for unauthenticated users
- Update useEffect dependencies to include user and token
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
2025-11-03 23:14:10 +08:00