Commit Graph

90 Commits

Author SHA1 Message Date
tinklefund
e638ba8d8f feat: redesign Claw402 model config UI — friendly wallet setup, USDC guide, official logo, nginx no-cache for index.html 2026-03-11 04:37:50 +08:00
tinkle-community
c5c5ed2a4d merge: resolve conflict in api/server.go (dev → openclaw)
Keep s.route() wrapper style from openclaw, add reset-password route from dev.
2026-03-10 17:04:46 +08:00
1bcMax
6f77ed2fcb feat: add BlockRun wallet provider for pay-per-request AI access (#1408)
Integrates BlockRun (blockrun.ai) as a new AI provider option via x402
micropayment protocol, allowing users to access top AI models with USDC
without requiring individual API keys.

- Add BlockRun Base (EVM) and Solana wallet providers to model selector
- Implement x402 v2 EIP-712 payment signing for Base (mcp/blockrun_base.go)
- Implement x402 v2 SPL TransferChecked signing for Solana (mcp/blockrun_sol.go)
- Wire blockrun-base and blockrun-sol into trader factory (auto_trader.go)
- Register both providers in supported models API (server.go)
- Add BlockRun card UI with wallet key input in Step 0/1 of model config modal
- Add BlockRun SVG icon and ModelIcons support
- Add setup guides for Base and Solana wallet configuration (docs/)
- Available flagship models: GPT-5.4, Claude Opus 4.6, Gemini 3.1 Pro,
  Grok 3, DeepSeek Chat, MiniMax M2.5
2026-03-10 14:54:50 +08:00
tinkle-community
fcb90b77ae Merge branch 'dev' into openclaw 2026-03-10 00:19:42 +08:00
tinkle-community
3ed0aec0ff refactor: single-user web-based setup — replace env config with Settings UI
Move from multi-user env-var config to single-user web-first architecture:
- Add SetupPage for first-time initialization (replaces /register)
- Add SettingsPage for AI models, exchanges, Telegram, and password management
- Enrich all API route schemas with exact ID usage documentation
- Add PUT /user/password endpoint for in-app password changes
- Remove REGISTRATION_ENABLED, MAX_USERS, TELEGRAM_BOT_TOKEN from env config
- Simplify LoginPage design, remove admin mode and registration links
- Telegram bot now resolves user email for identity display
- start.sh no longer runs interactive Telegram setup
2026-03-09 23:55:39 +08:00
ximi
8406f2f998 feat: add MiniMax provider support (#1406)
Add MiniMax as a new AI model provider with OpenAI-compatible API.

Supported models:
- MiniMax-M2.5 (default) - Peak Performance, Ultimate Value
- MiniMax-M2.5-highspeed - Same performance, faster and more agile

Changes:
- Add MiniMax client (mcp/minimax_client.go) with OpenAI-compatible API
- Add comprehensive unit tests (mcp/minimax_client_test.go)
- Add WithMiniMaxConfig option (mcp/options.go)
- Register MiniMax provider in trader, debate engine, backtest, and API
- Add MiniMax to frontend provider config and model icons
- Add MiniMax SVG icon

API Base URL: https://api.minimax.io/v1
2026-03-09 23:18:51 +08:00
tinkle-community
3168a18c0d feat(telegram): add AI agent bot with streaming and account context
- Add Telegram bot with long-polling and AI agent loop (api_call tool)
- SSE streaming with real-time message editing and  placeholder
- Account state injection at conversation start (models, exchanges,
  strategies, traders, per-trader PnL and statistics)
- Lane semaphore per chat serializes concurrent messages (60s timeout)
- Idle timeout watchdog (60s) prevents hung streaming connections
- Look-ahead buffer prevents partial <api_call> tag leaking to user
- Fix PUT /strategies/:id to merge config (read-then-merge pattern)
- Add route registry with full API schema for LLM documentation
- Add TelegramConfig store and Web UI config modal
- Add GetAnyEnabled to AIModel store for bot LLM client selection
2026-03-08 00:19:38 +08:00
tinkle-community
24700d3a73 chore: upgraded Claude model to Opus 4.6
- Update mcp/claude_client.go default model
- Update api/server.go supported models list
- Update web AITradersPage.tsx default model
2026-02-08 14:06:39 +08:00
tinkle-community
40474d258c feat: improve UI/UX for exchange and model configuration
- Redesign ExchangeConfigModal with icon card selection grid
- Add step indicator for multi-step exchange configuration flow
- Redesign ModelConfigModal with icon card selection pattern
- Add KuCoin Futures exchange support with icon
- Fix IPv4 detection for IP whitelist display
2026-01-31 20:23:13 +08:00
tinkle-community
50923f6a2e feat: add DeepVoidBackground and update UI theme across pages
- Add DeepVoidBackground component with animated gradient effects
- Apply nofx theme classes to StrategyStudioPage, AITradersPage, etc.
- Update styling for consistent dark theme with gold accents
- Add PageNotFound and TraderDashboardPage components
2026-01-04 17:49:59 +08:00
tinkle-community
8e57fb986f fix: improve exchange/model edit and usage status display
- Fixed ExchangeConfigModal to use allExchanges for editing
- Improved wallet address display layout (moved to right side)
- Added privacy toggle and copy button for addresses
- Enhanced usage status for both AI models and exchanges:
  - Shows '2/3 Running' when traders are active (green badge)
  - Shows '2 Traders' when assigned but stopped (yellow badge)
  - Shows 'Idle' when enabled but not used
  - Shows 'Configured' when not enabled
2025-12-20 15:53:43 +08:00
tinkle-community
d1ff1c2375 fix: exchange edit modal now shows account data correctly
Fixed ExchangeConfigModal to receive allExchanges (user's configured accounts)
instead of supportedExchanges (templates only), so editing an exchange now
properly displays account name and other non-sensitive information.
2025-12-20 15:30:54 +08:00
tinkle-community
5534861fe5 feat: display wallet address for perp-dex exchanges with visibility toggle
- Add wallet address display for perp-dex exchanges (hyperliquid, lighter, aster)
- Add eye icon to toggle address visibility (truncated/full)
- Add copy to clipboard functionality
- Fix dashboard refresh losing selected trader
- Use URL slug format (name-id4) for trader identification
2025-12-19 18:38:21 +08:00
tinkle-community
4725548a55 feat: fix Lighter V2 integration and improve error handling
- Fix Lighter API field name mismatches (position/size, avg_entry_price/entry_price, sign/side)
- Fix GetBalance return format to match standard fields (totalWalletBalance, totalUnrealizedProfit)
- Fix GetPositions return format to match standard fields (positionAmt, markPrice, unRealizedProfit)
- Add API Key Index field to frontend with explanation
- Update Lighter referral link
- Disable Lighter testnet (mainnet only)
- Add load error tracking for better error messages
- Remove old Lighter V1 implementation files
- Remove test credentials from test files
2025-12-14 20:50:10 +08:00
tinkle-community
5391f39749 chore: upgrade OpenAI default model to gpt-5.2 2025-12-12 23:30:24 +08:00
tinkle-community
cc390706d0 feat: add OI ranking data support and fix trader config update issues
- Add OI ranking data fetching and formatting for AI prompts
- Fix trader update not saving strategy_id, ai_model_id, initial_balance
- Fix AI API key not set for non-qwen/deepseek providers
- Add strategy_id to trader config API response
- Remove old trader from memory before reloading on update
- Clean up unused useTraderActions.ts
2025-12-12 16:08:21 +08:00
tinkle-community
e5703ffab6 feat: add Grok, OpenAI, Claude, Gemini, Kimi AI providers
- Add new MCP clients for Grok (xAI), OpenAI, Claude, Gemini, Kimi
- Update auto_trader, backtest, and strategy to support all providers
- Add provider icons and fix SVG gradient conflicts
- Add API application links and hints in model config modal
- Show model version in AI model list cards
- Add Chinese/English translations for provider hints
- Remove deprecated traders component files
2025-12-11 15:16:59 +08:00
tinkle-community
19937ee260 fix: improve trading and UI 2025-12-11 00:47:53 +08:00
tinkle-community
ecbedc6525 fix: OKX trading issues and improve position tracking
- Add maxMktSz check for OKX market orders to prevent exceeding limits
- Increase margin safety buffer (0.1% fee + 1% buffer) for all exchanges
- Fix Binance position closure detection with direct trade queries
- Move Recent Completed Trades before Current Positions in AI prompt
- Update README screenshots with table layout for better alignment
2025-12-10 22:01:57 +08:00
tinkle-community
c720d663f1 feat: add TRANSPORT_ENCRYPTION toggle for easier deployment
- Add TRANSPORT_ENCRYPTION env config (default: false)
- Allow HTTP/IP access when transport encryption is disabled
- Add /api/crypto/config endpoint to expose encryption status
- Update WebCryptoEnvironmentCheck with 'disabled' status
- Update ExchangeConfigModal and AITradersPage to allow form submission when disabled
- Add i18n translations for disabled status (EN/CN)
- Update README with two deployment modes documentation
2025-12-09 18:04:42 +08:00
tinkle-community
9fa2432705 feat: improve strategy studio and fix trader deletion bug
- Add strategy export/import functionality to Strategy Studio
- Fix trader deletion not removing from memory (competition page ghost data)
- Simplify TraderConfigViewModal: remove unused fields, show strategy name
- Improve quant data formatting: OI/Netflow multi-timeframe display
- Add configurable OI/Netflow toggles in indicator settings
- Clean up unused frontend components and dead code
2025-12-09 16:46:58 +08:00
tinkle-community
48792907b3 feat: redesign landing page UI and improve header 2025-12-09 13:59:14 +08:00
tinkle-community
9d6b631cd9 feat: add Web3 punk avatars and official social links
- Add PunkAvatar component for Web3-style trader avatars
- Integrate punk avatars into trader cards and dashboard header
- Add official Twitter/Telegram links to footer with anti-fork protection
- Create branding.ts with Base64 encoded official links
2025-12-08 17:52:11 +08:00
tinkle-community
2334d78e4a refactor: simplify config and remove unused database tables
- Remove system_config, beta_codes, signal_source tables and related code
- Simplify config.go to only read from .env (APIServerPort, JWTSecret, RegistrationEnabled)
- Remove GetCustomCoins, use all USDT perpetual contracts for WSMonitor
- Add trader_equity_snapshots table for equity tracking
- Remove signal source modal from frontend AITradersPage
- Fix WSMonitor nil panic by restoring initialization in main.go
2025-12-07 20:17:03 +08:00
tinkle-community
7bd5ca0a55 fix: improve frontend UX and fix OKX close position
Frontend improvements:
- Replace window.location.reload() with SWR mutate() for data refresh
- Replace native alert/confirm with toast notifications (confirmToast, notify)
- Add loading skeletons to AITradersPage and EquityChart
- Fix flash of empty state during initial load
OKX fixes:
- Fix proxy issue in Docker by using explicit no-proxy function
- Fix CloseShort sz parameter error - ensure quantity is always positive
- Fix GetPositions to return absolute value for positionAmt
2025-12-06 19:57:13 +08:00
tinkle-community
1e5ece947c Feature/okx trading (#1177)
* feat: add OKX exchange trading support
- Add OKX trader client with full trading API integration
- Support API Key, Secret Key, and Passphrase authentication
- Add OKX icon and frontend configuration modal
- Update exchange store and types for OKX fields
* fix: add passphrase column migration and fix exchange type mapping
* fix: show OKX input fields in exchange config modal
* fix: ensure all supported exchanges exist for user when listing
* fix: simplify exchange type check condition for OKX
* debug: add visible debug info for exchange id
* fix: remove debug info from exchange config modal
* fix: add OKX to exchange type condition in AITradersPage
* feat: complete OKX trading support and fix exchange config issues
- Add LIGHTER exchange UI support in AITradersPage
- Add passphrase field to UpdateExchangeConfigRequest type
- Fix OKX HTTP client to bypass proxy (disable system proxy)
- Auto-fetch initial balance from exchange when not set
- Support multiple balance field names for different exchanges
- Add detailed error messages when trader fails to load
- Add lighter_api_key_private_key field to exchange store
2025-12-06 18:04:59 +08:00
0xYYBB | ZYY | Bobo
ded86d831f feat(exchange): add Bybit Futures support (#1100)
* feat(exchange): add Bybit Futures support
- Add Bybit Go SDK dependency (github.com/bybit-exchange/bybit.go.api)
- Create trader/bybit_trader.go implementing Trader interface for USDT perpetual futures
- Update config/database.go to include Bybit in default exchanges
- Update manager/trader_manager.go to handle Bybit API key configuration
- Update trader/auto_trader.go to add BybitAPIKey/BybitSecretKey fields and bybit case
- Add Bybit icon to frontend ExchangeIcons.tsx
Bybit uses standard API Key/Secret Key authentication (similar to Binance).
Only USDT perpetual futures (category=linear) are supported.
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* test(bybit): add comprehensive unit tests for Bybit trader
- Add BybitTraderTestSuite following existing test patterns
- Interface compliance test (Trader interface)
- Symbol format validation tests
- FormatQuantity tests with 3-decimal precision
- API response parsing tests (success, error, permission denied)
- Position side conversion tests (Buy->long, Sell->short)
- Cache duration verification test
- Mock server integration tests for API endpoints
All 12 Bybit tests pass.
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* fix(frontend): add Bybit support to exchange config forms
修復前端對 Bybit 交易所的支持:
- 添加 Bybit 到 API Key/Secret Key 輸入欄位顯示邏輯
- 添加 Bybit 的表單驗證邏輯
- 修復 ExchangeConfigModal.tsx 和 AITradersPage.tsx
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
---------
Co-authored-by: the-dev-z <the-dev-z@users.noreply.github.com>
Co-authored-by: tinkle-community <tinklefund@gmail.com>
2025-11-23 19:23:53 +08:00
0xYYBB | ZYY | Bobo
5577d284f6 fix(web): await mutateTraders() to eliminate 3-4s delay after operations (#989)
## Problem
When creating/editing/deleting traders, AI models, or exchanges, the UI
takes 3-4 seconds to show results, causing users to think the system is frozen.
## Root Cause
Although mutateTraders() was called after operations, it was not awaited,
causing the function to continue immediately without waiting for data refresh.
The UI relied on the refreshInterval: 5000 automatic refresh, resulting in
up to 5 seconds of delay.
## Solution
Added await before all mutateTraders() calls to ensure data is refreshed
before closing modals or showing success messages.
Changes:
- handleCreateTrader: Added await before mutateTraders()
- handleSaveEditTrader: Added await before mutateTraders()
- handleDeleteTrader: Added await before mutateTraders()
- handleToggleTrader: Added await before mutateTraders()
Impact:
- From 3-4s delay to immediate display (< 500ms)
- Significantly improved UX
- Consistent with AI model and exchange config behavior
Testing:
- Frontend build successful
- No TypeScript errors
- Ready for manual UI testing
Co-authored-by: the-dev-z <the-dev-z@users.noreply.github.com>
2025-11-15 22:20:06 -05:00
Ember
dbb05f7fde feat(ui): Add an automated Web Crypto environment check (#908)
* feat: add web crypto environment check
* fix: auto check env
* refactor:  WebCryptoEnvironmentCheck  swtich to map
2025-11-11 21:22:55 -05:00
0xYYBB | ZYY | Bobo
79f625ace2 fix(web): restore missing system_prompt_template field in trader edit request (#922)
* fix(web): restore missing system_prompt_template in handleSaveEditTrader
修復編輯交易員時策略模板無法保存的問題。
Issue:
- 用戶編輯交易員時,選擇的策略模板(system_prompt_template)沒有被保存
- 重新打開編輯窗口,總是顯示默認值
- 用戶困惑為什麼策略模板無法持久化
Root Cause:
- PR #872 在 UI 重構時遺漏了 system_prompt_template 字段
- handleSaveEditTrader 的 request 對象缺少 system_prompt_template
- 導致更新請求不包含策略模板信息
Fix:
- 在 handleSaveEditTrader 的 request 對象中添加 system_prompt_template 字段
- 位置:override_base_prompt 之後,is_cross_margin 之前
- 與後端 API 和 TraderConfigModal 保持一致
Result:
- 編輯交易員時,策略模板正確保存
- 重新打開編輯窗口,顯示正確的已保存值
- 用戶可以成功切換和保存不同的策略模板
Technical Details:
- web/src/types.ts TraderConfigData 接口已有 system_prompt_template ✓
- Backend handleUpdateTrader 接收並保存 SystemPromptTemplate ✓
- Frontend TraderConfigModal 表單提交包含 system_prompt_template ✓
- Frontend handleSaveEditTrader request 缺失此字段 ✗ → ✓ (已修復)
Related:
- PR #872: UI 重構時遺漏
- commit c1f080f5: 原始添加 system_prompt_template 支持
- commit e58fc3c2: 修復 types.ts 缺失字段
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* fix(types): add missing system_prompt_template field to TraderConfigData
補充完整修復:確保 TypeScript 類型定義與 API 使用一致。
Issue:
- AITradersPage.tsx 提交時包含 system_prompt_template 字段
- 但 TraderConfigData 接口缺少此字段定義
- TypeScript 類型不匹配
Fix:
- 在 TraderConfigData 接口添加 system_prompt_template: string
- 位置:override_base_prompt 之後,is_cross_margin 之前
- 與 CreateTraderRequest 保持一致
Result:
- TypeScript 類型完整
- 編輯交易員時正確加載和保存策略模板
- 無類型錯誤
Technical:
- web/src/types.ts Line 200
- 與後端 SystemPromptTemplate 字段對應
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
---------
Co-authored-by: the-dev-z <the-dev-z@users.noreply.github.com>
Co-authored-by: tinkle-community <tinklefund@gmail.com>
2025-11-11 21:00:42 -05:00
0xYYBB | ZYY | Bobo
70a6218704 fix(ui): remove duplicate exchange configuration fields (Aster & Hyperliquid) (#921)
* fix(ui): remove duplicate Aster exchange form rendering
修復 Aster 交易所配置表單重複渲染問題。
Issue:
- Aster 表單代碼在 AITradersPage.tsx 中出現兩次(lines 2334 和 2559)
- 導致用戶界面顯示 6 個輸入欄位(應該是 3 個)
- 用戶體驗混亂
Fix:
- 刪除重複的 Aster 表單代碼塊(lines 2559-2710,共 153 行)
- 保留第一個表單塊(lines 2334-2419)
- 修復 prettier 格式問題
Result:
- Aster 配置現在正確顯示 3 個欄位:user, signer, private key
- Lint 檢查通過
- Hyperliquid Agent Wallet 翻譯已存在無需修改
Technical:
- 刪除了完全重複的 JSX 條件渲染塊
- 移除空白行以符合 prettier 規範
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* fix(ui): remove legacy Hyperliquid single private key field
修復 Hyperliquid 配置頁面顯示舊版私鑰欄位的問題。
Issue:
- Hyperliquid 配置同時顯示舊版和新版欄位
- 舊版:單一「私钥」欄位(不安全,已廢棄)
- 新版:「代理私钥」+「主钱包地址」(Agent Wallet 安全模式)
- 用戶看到重複的欄位配置,造成混淆
Root Cause:
- AITradersPage.tsx 存在兩個 Hyperliquid 條件渲染塊
- Lines 2302-2332: 舊版單私鑰模式(應刪除)
- Lines 2424-2557: 新版 Agent Wallet 模式(正確)
Fix:
- 刪除舊版 Hyperliquid 單私鑰欄位代碼塊(lines 2302-2332,共 32 行)
- 保留新版 Agent Wallet 配置(代理私鑰 + 主錢包地址)
- 移除 `t('privateKey')` 和 `t('hyperliquidPrivateKeyDesc')` 舊版翻譯引用
Result:
- Hyperliquid 配置現在只顯示正確的 Agent Wallet 欄位
- 安全提示 banner 正確顯示
- 用戶體驗改善,不再混淆
Technical Details:
- 新版使用 `apiKey` 儲存 Agent Private Key
- 新版使用 `hyperliquidWalletAddr` 儲存 Main Wallet Address
- 符合 Hyperliquid Agent Wallet 最佳安全實踐
Related:
- 之前已修復 Aster 重複渲染問題(commit 5462eba0)
- Hyperliquid 翻譯 key 已存在於 translations.ts (lines 206-216, 1017-1027)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* fix(i18n): add missing Hyperliquid Agent Wallet translation keys
補充 Hyperliquid 代理錢包配置的翻譯文本,修復前端顯示 key 名稱的問題。
Changes:
- 新增 8 個英文翻譯 key (Agent Wallet 配置說明)
- 新增 8 個中文翻譯 key (代理錢包配置說明)
- 修正 Hyperliquid 配置頁面顯示問題(從顯示 key 名稱改為顯示翻譯文本)
Technical Details:
- hyperliquidAgentWalletTitle: Banner 標題
- hyperliquidAgentWalletDesc: 安全說明文字
- hyperliquidAgentPrivateKey: 代理私鑰欄位標籤
- hyperliquidMainWalletAddress: 主錢包地址欄位標籤
- 相應的 placeholder 和 description 文本
Related Issue: 用戶反饋前端顯示 key 名稱而非翻譯文本
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
---------
Co-authored-by: the-dev-z <the-dev-z@users.noreply.github.com>
Co-authored-by: tinkle-community <tinklefund@gmail.com>
2025-11-11 20:59:57 -05:00
Ember
4920c28cc6 fix: fix build error (#895) 2025-11-11 15:36:12 +08:00
Ember
3bf69b758b Refactor(UI) : Refactor Frontend: Unified Toasts with Sonner, Introduced Layout System, and Integrated React Router (#872) 2025-11-10 23:19:17 -05:00
Ember
ddc4cdeb60 fix: 修复小屏幕设备上对话框高度过高无法滚动的问题 (#681) 2025-11-10 23:17:12 -05:00
Sue
e49aa09de1 fix: 修复币安白名单IP复制功能失效问题 (#680)
## 🐛 问题描述
币安交易所配置页面中的服务器IP复制功能无法正常工作
## 🔍 根因分析
原始实现仅使用 navigator.clipboard.writeText() API:
- 在某些浏览器环境下不可用或被阻止
- 需要 HTTPS 或 localhost 环境
- 缺少错误处理和用户反馈
##  修复方案
1. **双重降级机制**:
   - 优先使用现代 Clipboard API
   - 降级到传统 execCommand 方法
2. **错误处理**:
   - 添加 try-catch 错误捕获
   - 失败时显示友好的错误提示
   - 提供IP地址供用户手动复制
3. **多语言支持**:
   - 添加 copyIPFailed 翻译键(中英文)
## 📝 修改文件
- web/src/components/AITradersPage.tsx
  - handleCopyIP 函数重构为异步函数
  - 添加双重复制机制和错误处理
- web/src/i18n/translations.ts
  - 添加 copyIPFailed 错误提示翻译
## 🧪 测试验证
 TypeScript 编译通过
 Vite 构建成功
 支持现代和传统浏览器环境
Co-authored-by: tinkle-community <tinklefund@gmail.com>
2025-11-10 20:34:22 -05:00
Ember
576dd26b8b bugfix dashboard empty state (#709) 2025-11-09 14:44:42 +08:00
Icyoung
8b3ab331d0 Dev api bugfix (#740)
* feat: remove admin mode
* feat: bugfix
* feat(crypto): 添加RSA-OAEP + AES-GCM混合加密服务
- 实现CryptoService加密服务,支持RSA-OAEP-2048 + AES-256-GCM混合加密
- 集成数据库层加密,自动加密存储敏感字段(API密钥、私钥等)
- 支持环境变量DATA_ENCRYPTION_KEY配置数据加密密钥
- 适配SQLite数据库加密存储(从PostgreSQL移植)
- 保持Hyperliquid代理钱包处理兼容性
- 更新.gitignore以正确处理crypto模块代码
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* feat(scripts): 添加加密环境一键设置脚本
- setup_encryption.sh: 一键生成RSA密钥对+数据加密密钥+JWT密钥
- generate_rsa_keys.sh: 专业的RSA-2048密钥对生成工具
- generate_data_key.sh: 生成AES-256数据加密密钥和JWT认证密钥
- ENCRYPTION_README.md: 详细的加密系统说明文档
- 支持自动检测现有密钥并只生成缺失的密钥
- 完善的权限管理和安全验证
- 兼容macOS和Linux的跨平台支持
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* feat(api): 添加加密API端点和Gin框架集成
- 新增CryptoHandler处理加密相关API请求
- 提供/api/crypto/public-key端点获取RSA公钥
- 提供/api/crypto/decrypt端点解密敏感数据
- 适配Gin框架的HTTP处理器格式
- 集成CryptoService到API服务器
- 支持前端加密数据传输和解密
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* feat(web): 添加前端加密服务和两阶段密钥输入组件
- CryptoService: Web Crypto API集成,支持RSA-OAEP加密
- TwoStageKeyModal: 安全的两阶段私钥输入组件,支持剪贴板混淆
- 完善国际化翻译支持加密相关UI文本
- 修复TypeScript类型错误和编译问题
- 支持前端敏感数据加密传输到后端
- 增强用户隐私保护和数据安全
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* feat(auth): 增强JWT认证安全性
- 优先使用环境变量JWT_SECRET而不是数据库配置
- 支持通过.env文件安全配置JWT认证密钥
- 保留数据库配置作为回退机制
- 改进JWT密钥来源日志显示
- 增强系统启动时的安全配置检查
- 支持运行时动态JWT密钥切换
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* feat(docker): 集成加密环境变量到Docker部署
- 添加DATA_ENCRYPTION_KEY环境变量传递到容器
- 添加JWT_SECRET环境变量支持
- 挂载secrets目录使容器可访问RSA密钥文件
- 确保容器内加密服务正常工作
- 解决容器启动失败和加密初始化问题
- 完善Docker Compose加密环境配置
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* feat(start): 集成自动加密环境检测和设置
- 增强check_encryption()函数检测JWT_SECRET和DATA_ENCRYPTION_KEY
- 自动运行setup_encryption.sh当检测到缺失密钥时
- 改进加密状态显示,包含RSA+AES+JWT全套加密信息
- 优化用户体验,提供清晰的加密配置反馈
- 支持一键设置完整加密环境
- 确保容器启动前加密环境就绪
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* feat: format fix
* fix(security): 修复前端模型和交易所配置敏感数据明文传输
- 在handleSaveModelConfig中对API密钥进行RSA-OAEP加密
- 在handleSaveExchangeConfig中对API密钥、Secret密钥和Aster私钥进行加密
- 只有非空敏感数据才进行加密处理
- 添加加密失败错误处理和用户友好提示
- 增加encryptionFailed翻译键的中英文支持
- 使用用户ID和会话ID作为加密上下文增强安全性
这修复了之前敏感数据在网络传输中以明文形式发送的安全漏洞。
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* fix(crypto): 修复后端加密服务集成和缺失的加密端点
- 添加Server结构体缺少的cryptoService字段
- 实现handleUpdateModelConfigsEncrypted处理器用于模型配置加密传输
- 修复handleUpdateExchangeConfigsEncrypted中的函数调用
- 在前端API中添加updateModelConfigsEncrypted方法
- 统一RSA密钥路径从secrets/rsa_key改为keys/rsa_private.key
- 确保前端可以使用加密端点安全传输敏感数据
- 兼容原有加密通信模式和二段输入私钥功能
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* fix(crypto): 完善加密端点配置,简化API结构
- 移除多余的/models/encrypted端点,模型配置暂不加密
- 确认/exchanges端点已强制要求加密传输
- 统一前端使用标准端点,自动使用加密传输
- 修复前端API调用,移除不存在的updateModelConfigsEncrypted引用
- 确保后端和前端编译成功,加密功能正常工作
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* fix(crypto): 为模型配置端点添加加密传输支持
- 前端updateModelConfigs方法现在使用加密传输
- 后端/api/models端点已强制要求加密载荷
- 模型配置界面保持普通输入,在提交时自动加密
- 确保API密钥等敏感数据通过RSA+AES混合加密传输
- 前端后端编译测试通过,加密功能正常工作
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
---------
Co-authored-by: icy <icyoung520@gmail.com>
Co-authored-by: tinkle-community <tinklefund@gmail.com>
2025-11-08 11:28:51 +08:00
Diego
f73b4771b2 Fix(encryption)/aiconfig, exchange config and the encryption setup (#735) 2025-11-08 08:41:28 +08:00
Icyoung
89085173f9 Dev Crypto (#730)
* feat: remove admin mode
* feat: bugfix
* feat(crypto): 添加RSA-OAEP + AES-GCM混合加密服务
- 实现CryptoService加密服务,支持RSA-OAEP-2048 + AES-256-GCM混合加密
- 集成数据库层加密,自动加密存储敏感字段(API密钥、私钥等)
- 支持环境变量DATA_ENCRYPTION_KEY配置数据加密密钥
- 适配SQLite数据库加密存储(从PostgreSQL移植)
- 保持Hyperliquid代理钱包处理兼容性
- 更新.gitignore以正确处理crypto模块代码
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* feat(scripts): 添加加密环境一键设置脚本
- setup_encryption.sh: 一键生成RSA密钥对+数据加密密钥+JWT密钥
- generate_rsa_keys.sh: 专业的RSA-2048密钥对生成工具
- generate_data_key.sh: 生成AES-256数据加密密钥和JWT认证密钥
- ENCRYPTION_README.md: 详细的加密系统说明文档
- 支持自动检测现有密钥并只生成缺失的密钥
- 完善的权限管理和安全验证
- 兼容macOS和Linux的跨平台支持
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* feat(api): 添加加密API端点和Gin框架集成
- 新增CryptoHandler处理加密相关API请求
- 提供/api/crypto/public-key端点获取RSA公钥
- 提供/api/crypto/decrypt端点解密敏感数据
- 适配Gin框架的HTTP处理器格式
- 集成CryptoService到API服务器
- 支持前端加密数据传输和解密
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* feat(web): 添加前端加密服务和两阶段密钥输入组件
- CryptoService: Web Crypto API集成,支持RSA-OAEP加密
- TwoStageKeyModal: 安全的两阶段私钥输入组件,支持剪贴板混淆
- 完善国际化翻译支持加密相关UI文本
- 修复TypeScript类型错误和编译问题
- 支持前端敏感数据加密传输到后端
- 增强用户隐私保护和数据安全
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* feat(auth): 增强JWT认证安全性
- 优先使用环境变量JWT_SECRET而不是数据库配置
- 支持通过.env文件安全配置JWT认证密钥
- 保留数据库配置作为回退机制
- 改进JWT密钥来源日志显示
- 增强系统启动时的安全配置检查
- 支持运行时动态JWT密钥切换
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* feat(docker): 集成加密环境变量到Docker部署
- 添加DATA_ENCRYPTION_KEY环境变量传递到容器
- 添加JWT_SECRET环境变量支持
- 挂载secrets目录使容器可访问RSA密钥文件
- 确保容器内加密服务正常工作
- 解决容器启动失败和加密初始化问题
- 完善Docker Compose加密环境配置
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* feat(start): 集成自动加密环境检测和设置
- 增强check_encryption()函数检测JWT_SECRET和DATA_ENCRYPTION_KEY
- 自动运行setup_encryption.sh当检测到缺失密钥时
- 改进加密状态显示,包含RSA+AES+JWT全套加密信息
- 优化用户体验,提供清晰的加密配置反馈
- 支持一键设置完整加密环境
- 确保容器启动前加密环境就绪
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* feat: format fix
* fix(security): 修复前端模型和交易所配置敏感数据明文传输
- 在handleSaveModelConfig中对API密钥进行RSA-OAEP加密
- 在handleSaveExchangeConfig中对API密钥、Secret密钥和Aster私钥进行加密
- 只有非空敏感数据才进行加密处理
- 添加加密失败错误处理和用户友好提示
- 增加encryptionFailed翻译键的中英文支持
- 使用用户ID和会话ID作为加密上下文增强安全性
这修复了之前敏感数据在网络传输中以明文形式发送的安全漏洞。
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* fix(crypto): 修复后端加密服务集成和缺失的加密端点
- 添加Server结构体缺少的cryptoService字段
- 实现handleUpdateModelConfigsEncrypted处理器用于模型配置加密传输
- 修复handleUpdateExchangeConfigsEncrypted中的函数调用
- 在前端API中添加updateModelConfigsEncrypted方法
- 统一RSA密钥路径从secrets/rsa_key改为keys/rsa_private.key
- 确保前端可以使用加密端点安全传输敏感数据
- 兼容原有加密通信模式和二段输入私钥功能
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
---------
Co-authored-by: icy <icyoung520@gmail.com>
Co-authored-by: tinkle-community <tinklefund@gmail.com>
2025-11-08 02:03:09 +08:00
web3gaoyutang
7c26e10121 refactor(AITradersPage): update model and exchange configuration checks (#728)
- Simplified the logic for determining configured models and exchanges by removing reliance on sensitive fields like apiKey.
- Enhanced filtering criteria to check for enabled status and non-sensitive fields, improving clarity and security.
- Updated UI class bindings to reflect the new configuration checks without compromising functionality.
This refactor aims to streamline the configuration process while ensuring sensitive information is not exposed.
2025-11-08 01:17:16 +08:00
0xYYBB | ZYY | Bobo
9ad3e99645 feat(hyperliquid): enhance Agent Wallet security model (#717)
## Background
Hyperliquid official documentation recommends using Agent Wallet pattern for API trading:
- Agent Wallet is used for signing only
- Main Wallet Address is used for querying account data
- Agent Wallet should not hold significant funds
Reference: https://hyperliquid.gitbook.io/hyperliquid-docs/for-developers/api/nonces-and-api-wallets
## Current Implementation
Current implementation allows auto-generating wallet address from private key,
which simplifies user configuration but may lead to potential security concerns
if users accidentally use their main wallet private key.
## Enhancement
Following the proven pattern already used in Aster exchange implementation
(which uses dual-address mode), this enhancement upgrades Hyperliquid to
Agent Wallet mode:
### Core Changes
1. **Mandatory dual-address configuration**
   - Agent Private Key (for signing)
   - Main Wallet Address (holds funds)
2. **Multi-layer security checks**
   - Detect if user accidentally uses main wallet private key
   - Validate Agent wallet balance (reject if > 100 USDC)
   - Provide detailed configuration guidance
3. **Design consistency**
   - Align with Aster's dual-address pattern
   - Follow Hyperliquid official best practices
### Code Changes
**config/database.go**:
- Add inline comments clarifying Agent Wallet security model
**trader/hyperliquid_trader.go**:
- Require explicit main wallet address (no auto-generation)
- Check if agent address matches main wallet address (security risk indicator)
- Query agent wallet balance and block if excessive
- Display both agent and main wallet addresses for transparency
**web/src/components/AITradersPage.tsx**:
- Add security alert banner explaining Agent Wallet mode
- Separate required inputs for Agent Private Key and Main Wallet Address
- Add field descriptions and validation
### Benefits
-  Aligns with Hyperliquid official security recommendations
-  Maintains design consistency with Aster implementation
-  Multi-layer protection against configuration mistakes
-  Detailed logging for troubleshooting
### Breaking Change
Users must now explicitly provide main wallet address (hyperliquid_wallet_addr).
Old configurations will receive clear error messages with migration guidance.
### Migration Guide
**Before** (single private key):
```json
{
  "hyperliquid_private_key": "0x..."
}
```
**After** (Agent Wallet mode):
```json
{
  "hyperliquid_private_key": "0x...",  // Agent Wallet private key
  "hyperliquid_wallet_addr": "0x..."   // Main Wallet address
}
```
Users can create Agent Wallet on Hyperliquid official website:
https://app.hyperliquid.xyz/ → Settings → API Wallets
Co-authored-by: tinkle-community <tinklefund@gmail.com>
2025-11-07 23:26:56 +08:00
Ember
8767f9461f bugfix/ fix delete AI Model issue (#594)
* fix: 修复删除AI模型/交易所后UI未刷新的问题
问题描述:
在配置界面删除AI模型或交易所后,虽然后端数据已更新,但前端UI仍然显示已删除的配置项。
根本原因:
React的状态更新机制可能无法检测到数组内容的变化,特别是当API返回的数据与之前的引用相同时。
修复方案:
在 handleDeleteModelConfig 和 handleDeleteExchangeConfig 中使用数组展开运算符 [...items] 创建新数组,确保React能够检测到状态变化并触发重新渲染。
修改文件:
- web/src/components/AITradersPage.tsx
影响范围:
- AI模型删除功能
- 交易所删除功能
Fixes #591
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* fix: 删除重复的确认对话框
问题描述:
删除AI模型或交易所时,确认对话框会弹出两次
根本原因:
1. ModelConfigModal 的删除按钮 onClick 中有一个 confirm
2. handleDeleteConfig 函数内部也有一个 confirm
修复方案:
移除 Modal 组件中的 confirm,保留 handleDeleteConfig 内部的确认逻辑,因为它包含了更完整的依赖检查功能
修改内容:
- 移除 ModelConfigModal 删除按钮中的 confirm
- 移除 ExchangeConfigModal 删除按钮中的 confirm
- 更新 title 属性为更合适的翻译键
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
---------
Co-authored-by: tinkle-community <tinklefund@gmail.com>
2025-11-06 12:25:25 +08:00
Diego
54744309dd fix: 修复删除模型/交易所时界面卡死问题并增强依赖检查 (#578)
* fix: 修复删除模型/交易所时界面卡死问题并增强依赖检查
## 问题描述
1. 删除唯一的AI模型或交易所配置时,界面会卡死数秒
2. 删除后配置仍然显示在列表中
3. 可以删除被交易员使用的配置,导致数据不一致
## 修复内容
### 后端性能优化 (manager/trader_manager.go)
- 将循环内的重复数据库查询移到循环外
- 减少N次重复查询(GetAIModels + GetExchanges)为1次查询
- 大幅减少锁持有时间,从数秒降至毫秒级
### 前端显示修复 (web/src/components/AITradersPage.tsx)
- 过滤显示列表,只显示真正配置过的模型/交易所(有apiKey的)
- 删除后重新从后端获取最新数据,确保界面同步
### 前端依赖检查 (web/src/components/AITradersPage.tsx)
- 新增完整的依赖检查,包括停止状态的交易员
- 删除前检查是否有交易员使用该配置
- 显示使用该配置的交易员名称列表
- 阻止删除被使用的配置,保证数据一致性
### 多语言支持 (web/src/i18n/translations.ts)
- 添加依赖检查相关的中英文提示文本
- cannotDeleteModelInUse / cannotDeleteExchangeInUse
- tradersUsing / pleaseDeleteTradersFirst
## 测试建议
1. 创建交易员后尝试删除其使用的模型/交易所,应显示警告并阻止删除
2. 删除未使用的模型/交易所,应立即从列表消失且界面不卡死
3. 刷新页面后,已删除的配置不应再出现
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* refactor: 重构删除配置函数减少重复代码
## 重构内容
- 创建通用的 handleDeleteConfig 函数
- 使用配置对象模式处理模型和交易所的删除逻辑
- 消除 handleDeleteModelConfig 和 handleDeleteExchangeConfig 之间的重复代码
## 重构效果
- 减少代码行数约 40%
- 提高代码可维护性和可读性
- 便于未来添加新的配置类型
## 功能保持不变
- 依赖检查逻辑完全相同
- 删除流程完全相同
- 用户体验完全相同
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
---------
Co-authored-by: tinkle-community <tinklefund@gmail.com>
2025-11-06 10:32:30 +08:00
SkywalkerJi
dd6514c786 fix: Fixed redundant key input fields and corrected formatting on the frontend. (#566)
* Eliminate redundant key input fields in the front-end.
* go / react Formatting.
2025-11-06 01:16:04 +08:00
Ember
01f3b32af2 fix(web): remove undefined setHyperliquidWalletAddr call in ExchangeConfigModal (#525) 2025-11-05 19:35:57 +08:00
Sue
467d7da26e feat(api): add server IP display for exchange whitelist configuration (#520)
Added functionality to display server public IP address for users to configure exchange API whitelists, specifically for Binance integration.
Backend changes (api/server.go):
- Add GET /api/server-ip endpoint requiring authentication
- Implement getPublicIPFromAPI() with fallback to multiple IP services
- Implement getPublicIPFromInterface() for local network interface detection
- Add isPrivateIP() helper to filter private IP addresses
- Import net package for IP address handling
Frontend changes (web/):
- Add getServerIP() API method in api.ts
- Display server IP in ExchangeConfigModal for Binance
- Add IP copy-to-clipboard functionality
- Load and display server IP when Binance exchange is selected
- Add i18n translations (en/zh) for whitelist IP messages:
  - whitelistIP, whitelistIPDesc, serverIPAddresses
  - copyIP, ipCopied, loadingServerIP
User benefits:
- Simplifies Binance API whitelist configuration
- Shows exact server IP to add to exchange whitelist
- One-click IP copy for convenience
Co-authored-by: tinkle-community <tinklefund@gmail.com>
2025-11-05 18:15:33 +08:00
CoderMageFox
52431921ed feat: add i18n support for candidate coins warnings (#516)
- Add 13 translation keys for candidate coins warnings in both English and Chinese
- Update App.tsx to use t() function for all warning text
- Update AITradersPage.tsx to use t() function for signal source warnings
- Ensure proper internationalization for all user-facing messages
Co-authored-by: tinkle-community <tinklefund@gmail.com>
2025-11-05 17:35:38 +08:00
CoderMageFox
28fd03d8ba feat: 添加候选币种为0时的前端警告提示 (#515)
* feat: add frontend warnings for zero candidate coins
当候选币种数量为0时,在前端添加详细的错误提示和诊断信息
主要改动:
1. 决策日志中显示候选币种数量,为0时标红警告
2. 候选币种为0时显示详细警告卡片,包含可能原因和解决方案
3. 交易员列表页面添加信号源未配置的全局警告
4. 更新TraderInfo类型定义,添加use_coin_pool和use_oi_top字段
详细说明:
- 在App.tsx的账户状态摘要中添加候选币种显示
- 当候选币种为0时,显示详细的警告卡片,列出:
  * 可能原因(API未配置、连接超时、数据为空等)
  * 解决方案(配置自定义币种、配置API、禁用选项等)
- 在AITradersPage中添加信号源配置检查
  * 当交易员启用了币种池但未配置API时显示全局警告
  * 提供"立即配置信号源"快捷按钮
- 不改变任何后端逻辑,纯UI层面的用户提示改进
影响范围:
- web/src/App.tsx: 决策记录卡片中的警告显示
- web/src/components/AITradersPage.tsx: 交易员列表页警告
- web/src/types.ts: TraderInfo类型定义更新
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
* fix: import AlertTriangle from lucide-react in App.tsx
修复TypeScript编译错误:Cannot find name 'AlertTriangle'
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
---------
Co-authored-by: tinkle-community <tinklefund@gmail.com>
2025-11-05 17:11:04 +08:00
ERIC LEUNG
754dc2f17b refactor(AITradersPage): remove unused hyperliquidWalletAddr state (#511) 2025-11-05 16:42:56 +08:00
Icyoung
a2fc530060 Merge branch 'dev' into fix/binance-multi-assets-api-error 2025-11-05 16:23:22 +08:00