MBMarket BenderSpecification system
02.01 · Context

Upstream runtime, additive product, external authorities

PlayerSteer · direct controls · consent
Market Bender UI/APICloudflare additive layer
t3code upstreamProvider runtime · tools · streaming
Risk + executionValidate · sign · reconcile
HyperliquidNative + allowed HIP-3

Privy spans identity and master-wallet authority. It is not collapsed into the agent runtime. The t3code server may run alongside Cloudflare where its Node/process requirements demand it; Cloudflare remains the approved additive product layer.

02.02 · Authority

Who is allowed to decide what

AuthorityMay decideMust never decide
ModelStrategy, instrument preference, direction, target size within budget, display-safe rationaleCredentials, limits, deadlines, signing, settlement, final truth
PlayerConsent, funding, steering, pause, bounded direct commands, Exit AllBypass risk or match-state guards
Risk kernelAccept/clamp/reject, price bands, exposure, cadence, deadline and reduce-only rulesCreate a strategy or sign an unvalidated action
Signing serviceSign only an authenticated, allowlisted request tied to an accepted verdictInterpret free text or expand action scope
Match objectState revision, clock/deadlines, transition guards, effect commandsUse client clocks or KV as match truth
SettlementCalculate from immutable authorized inputs and execute an idempotent payout/refund planChange the frozen snapshot or improvise custody
02.03 · Trust and credentials

No secret crosses into the model or browser

Privy user sessionDID + explicit wallet mapping
Master pathApprove agent · transfers · withdrawals
Signer referenceEncrypted per-user material / policy
Signing serviceAllowlist + verdict binding + nonce
Exchange APISigned L1 action
Correction to the legacy blueprint: Worker deployment secrets are not a complete per-user agent-key store. The implementation must specify encrypted per-user storage, key wrapping/access policy, rotation and audit behavior.
02.04 · Data flows

Intent and human override share one boundary

  1. Context builder reads versioned MarketFrame, PortfolioSnapshot, match revision, clock and user steering.
  2. A validated model tool call becomes a TradeIntent. A direct human command creates the same contract with actor: human.
  3. The risk kernel produces an immutable RiskVerdict. Only an accepted/clamped verdict can create an ExecutionRequest.
  4. The signing service verifies principal, policy, deadline, idempotency key and signer scope; the exchange adapter submits.
  5. Streams report provisional lifecycle events. Reconciliation produces account truth and post-action verification.
  6. All display-safe events enter replay; private reasoning and credentials never do.
02.05 · Failure boundaries

Contain locally; reconcile before resuming

Provider failure

Produces no new intent. Existing deterministic controls and reconciler continue.

Signer/exchange failure

Submission becomes unknown/failed, new risk pauses, and reconciliation decides the next safe action.

Match/platform failure

Reload persisted revision and timestamps; alarms only wake work and never define the deadline.

02.06 · Repository

Proposed additive layout

t3code/                         # pinned upstream, substantially unmodified
market-bender/
  apps/web/                    # product UI
  workers/api/                 # authenticated API edge
  workers/matches/             # Match Durable Object
  services/signing/            # credential-isolated signer boundary
  packages/contracts/          # versioned domain contracts
  packages/risk-kernel/        # pure deterministic rules
  packages/exchange-hyperliquid/
  packages/t3code-adapter/     # tools, auth and event bridge
  packages/replay/
  infra/                       # Cloudflare config and migrations
  docs/evidence/               # stage reports; no secrets
02.07 · Deployment

Planned runtime topology

Pages or Workers Assets serves the web shell; Workers own authenticated APIs; one SQLite-backed Durable Object owns each active match; WebSockets attach to that object; D1 indexes users, wallets, challenges, matches, decisions and evidence; R2 stores replay segments/manifests; Queues buffer idempotent derived work; Workflows coordinate durable settlement/recovery; KV caches public non-authoritative configuration. The t3code Node runtime runs in a compatible controlled environment and connects through the additive adapter.

Navigate specification

Search pages and sections