mirror of
https://github.com/NoFxAiOS/nofx.git
synced 2026-07-02 18:41:01 +08:00
## Background Hyperliquid official documentation recommends using Agent Wallet pattern for API trading: - Agent Wallet is used for signing only - Main Wallet Address is used for querying account data - Agent Wallet should not hold significant funds Reference: https://hyperliquid.gitbook.io/hyperliquid-docs/for-developers/api/nonces-and-api-wallets ## Current Implementation Current implementation allows auto-generating wallet address from private key, which simplifies user configuration but may lead to potential security concerns if users accidentally use their main wallet private key. ## Enhancement Following the proven pattern already used in Aster exchange implementation (which uses dual-address mode), this enhancement upgrades Hyperliquid to Agent Wallet mode: ### Core Changes 1. **Mandatory dual-address configuration** - Agent Private Key (for signing) - Main Wallet Address (holds funds) 2. **Multi-layer security checks** - Detect if user accidentally uses main wallet private key - Validate Agent wallet balance (reject if > 100 USDC) - Provide detailed configuration guidance 3. **Design consistency** - Align with Aster's dual-address pattern - Follow Hyperliquid official best practices ### Code Changes **config/database.go**: - Add inline comments clarifying Agent Wallet security model **trader/hyperliquid_trader.go**: - Require explicit main wallet address (no auto-generation) - Check if agent address matches main wallet address (security risk indicator) - Query agent wallet balance and block if excessive - Display both agent and main wallet addresses for transparency **web/src/components/AITradersPage.tsx**: - Add security alert banner explaining Agent Wallet mode - Separate required inputs for Agent Private Key and Main Wallet Address - Add field descriptions and validation ### Benefits - ✅ Aligns with Hyperliquid official security recommendations - ✅ Maintains design consistency with Aster implementation - ✅ Multi-layer protection against configuration mistakes - ✅ Detailed logging for troubleshooting ### Breaking Change Users must now explicitly provide main wallet address (hyperliquid_wallet_addr). Old configurations will receive clear error messages with migration guidance. ### Migration Guide **Before** (single private key): ```json { "hyperliquid_private_key": "0x..." } ``` **After** (Agent Wallet mode): ```json { "hyperliquid_private_key": "0x...", // Agent Wallet private key "hyperliquid_wallet_addr": "0x..." // Main Wallet address } ``` Users can create Agent Wallet on Hyperliquid official website: https://app.hyperliquid.xyz/ → Settings → API Wallets 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude <noreply@anthropic.com>