02 · Architecture
The architecture separates reasoning from execution, the player from the signer, active match authority from derived records, and upstream t3code from the Cloudflare-hosted product layer.
Upstream runtime, additive product, external authorities
Privy spans identity and master-wallet authority. It is not collapsed into the agent runtime. The t3code server may run alongside Cloudflare where its Node/process requirements demand it; Cloudflare remains the approved additive product layer.
Who is allowed to decide what
| Authority | May decide | Must never decide |
|---|---|---|
| Model | Strategy, instrument preference, direction, target size within budget, display-safe rationale | Credentials, limits, deadlines, signing, settlement, final truth |
| Player | Consent, funding, steering, pause, bounded direct commands, Exit All | Bypass risk or match-state guards |
| Risk kernel | Accept/clamp/reject, price bands, exposure, cadence, deadline and reduce-only rules | Create a strategy or sign an unvalidated action |
| Signing service | Sign only an authenticated, allowlisted request tied to an accepted verdict | Interpret free text or expand action scope |
| Match object | State revision, clock/deadlines, transition guards, effect commands | Use client clocks or KV as match truth |
| Settlement | Calculate from immutable authorized inputs and execute an idempotent payout/refund plan | Change the frozen snapshot or improvise custody |
No secret crosses into the model or browser
Intent and human override share one boundary
- Context builder reads versioned
MarketFrame,PortfolioSnapshot, match revision, clock and user steering. - A validated model tool call becomes a
TradeIntent. A direct human command creates the same contract withactor: human. - The risk kernel produces an immutable
RiskVerdict. Only an accepted/clamped verdict can create anExecutionRequest. - The signing service verifies principal, policy, deadline, idempotency key and signer scope; the exchange adapter submits.
- Streams report provisional lifecycle events. Reconciliation produces account truth and post-action verification.
- All display-safe events enter replay; private reasoning and credentials never do.
Contain locally; reconcile before resuming
Provider failure
Produces no new intent. Existing deterministic controls and reconciler continue.
Signer/exchange failure
Submission becomes unknown/failed, new risk pauses, and reconciliation decides the next safe action.
Match/platform failure
Reload persisted revision and timestamps; alarms only wake work and never define the deadline.
Proposed additive layout
t3code/ # pinned upstream, substantially unmodified
market-bender/
apps/web/ # product UI
workers/api/ # authenticated API edge
workers/matches/ # Match Durable Object
services/signing/ # credential-isolated signer boundary
packages/contracts/ # versioned domain contracts
packages/risk-kernel/ # pure deterministic rules
packages/exchange-hyperliquid/
packages/t3code-adapter/ # tools, auth and event bridge
packages/replay/
infra/ # Cloudflare config and migrations
docs/evidence/ # stage reports; no secretsPlanned runtime topology
Pages or Workers Assets serves the web shell; Workers own authenticated APIs; one SQLite-backed Durable Object owns each active match; WebSockets attach to that object; D1 indexes users, wallets, challenges, matches, decisions and evidence; R2 stores replay segments/manifests; Queues buffer idempotent derived work; Workflows coordinate durable settlement/recovery; KV caches public non-authoritative configuration. The t3code Node runtime runs in a compatible controlled environment and connects through the additive adapter.