Three pre-launch audit findings:
launch_seed.py — destructive cleanup is now OPT-IN
Previously `launch_seed.py --yes` truncated KOL history (divergence /
holdings / posts older than 30d) by default — an accidental run erased
unrecoverable data, and abort_if_live_user_state() only guards on
subscriptions/bindings, not KOL history. Now nothing is deleted unless
--wipe is passed; the safe path is --seed-only (pure fetch). Bare/--yes
without --wipe refuses and prints guidance.
/api/health/deep — monitor the price feeds, not just scrapers
The deep healthcheck only watched the (redundant) Trump scrapers + DB, so a
dead Binance/HL price feed — which silently stops ALL tp_sl_monitor stop-loss
/ take-profit firing on live trades — left health green. Added per-feed
liveness (binance.last_tick_at, hl_price_feed.last_tick_at) with a 180s boot
grace so startup doesn't false-503. Body now includes price_feeds[].
Single-process enforcement (multi-worker safety)
The backend is single-process by design (in-memory scheduler, replay cache,
tp_sl table, price_store). systemd unit lacked the --workers 1 + rationale
that supervisor.conf already had; added it. Added a runtime advisory file
lock (app.main._acquire_singleton_lock): only the leader starts background
tasks; extra workers serve HTTP reads only and log CRITICAL. health/deep now
reports is_leader so the misconfig is visible to monitors.
72 tests pass.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Three plumbing fixes + one ops doc that close the gaps from the audit.
scripts/rescore_v5.py
Was overwriting only signal/conf/reasoning/sentiment/relevant/
prefilter_reason/analysis_version. Now also persists target_asset,
category, expected_move_pct — without these the bot can't route
rescored posts correctly (would silently fall back to BTC).
app/schemas.py + app/api/posts.py
TrumpPost response model didn't expose target_asset/category/
expected_move_pct, so the frontend had no way to display "this
signal will trade SOL". Added the three fields + mapping in
_post_to_schema(). Pre-v5 posts return null. No frontend changes
yet — display work is a follow-up.
app/services/hyperliquid.py
HL caps max leverage per asset (BTC/ETH 50×, SOL 20×, memes 3-5×).
set_leverage() always tried to push self._leverage — if user set
30× and bot routed to TRUMP, HL rejected the order and the trade
silently dropped. Added _get_max_leverage() (queries meta()'s
maxLeverage field) and _clip_leverage() that caps to HL's max.
set_leverage now returns the effective leverage so callers can
use it for notional sizing if needed.
deploy/ENCRYPTION_KEY_BACKUP.md
Documented mandatory backup procedure for the symmetric key that
encrypts every user's HL API key. Lost key = all users' bots dead
with no recovery. Includes rotation procedure + quarterly test
step + things-not-to-do list.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- New migrations for daily_budget, active_window, and bottrade snapshot
- Add trumpstruth scraper and price_impact_monitor service
- Expand bot_engine, hyperliquid, recovery, and tp_sl_monitor logic
- Update API/schemas/models for new features
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>