Siebly.ioSiebly.io - Cryptocurrency Exchange SDKs
AI Guide Map
Core pattern

Exchange State Management

Build one local exchange-state workflow for in-flight mutations, active orders, account state, order intent, and managed slots such as DCA/TP/SL. After startup, healthy private events are the normal state path; REST hydration is reserved for trust boundaries such as reconnects, gaps, missing prerequisites, unknown outcomes, or conflicting evidence.

Open manifestBuild a prompt

Default Scope

  • Runtime: Node.js LTS
  • Recommended language: TypeScript
  • Implement execution for when EXECUTION_MODE=DEMO, TESTNET, or LIVE is enabled and all gates pass, but keep that path disabled by default.
  • EXECUTION_MODE=DRY_RUN_PRIVATE is the default local mode for building and logging final place/amend/cancel request candidates.

Resources

Start with the task-specific resources below, then use SDK and exchange docs to verify exact method names, request fields, topics, and product rules.

Guides

Read the core spec first, then use the exchange implementation guides for SDK clients, fields, topics, product terms, and rejection codes.

Guide

Position Management with Binance APIs & WebSockets

Guide

Position Management with Bybit APIs & WebSockets

Machine resources

Use these after the guide path is selected: manifest, recipe, runtime contracts, behavior-contract fixtures, and prompt artifact.

Machine

Exchange State Management Agent Manifest

Machine

Exchange State Management recipe

Machine

Exchange State Management Runtime Kit

Machine

Exchange State Management Runtime Types

Machine

Exchange State Management Integration Kit

Machine

Exchange State Management Conformance Pack

Machine

Exchange State Management Conformance Schema

Machine

Exchange State Management Conformance Fixtures

Machine

Exchange State Management Conformance Runner

Machine

Exchange State Management Prompt Artifact

Implementation Steps

Follow these in order; use the linked artifacts only where they clarify the current step.

1. Implementation sequence

Keep the initial scope narrow and prove runtime behavior before optional strategy knobs.

  • Save this exact prompt or spec in docs/AI_PROMPT.md (or docs/SPEC.md when that is the project standard), plus the prompt manifest, workflow state machine, private-event routing table, confirmation lifecycle, durable-context lifecycle, plan, and environment example before exchange calls.
  • Verify installed SDK/API clients, request builders, custom ID fields, private topics, filters, error shapes, reconnect hooks, and shutdown methods from installed declarations/source before coding exchange adapters.
  • Create the exchange-state runtime modules before exchange-specific adapters. Use the runtime kit when reusable scaffolding or typed module contracts are needed.
  • After implementation, generate or run local tests from the applicable behavior-contract fixtures in the exchange-state and selected exchange conformance packs before enabling write-capable execution modes.
  • Implement the event-driven private-state loop (ws_symbol_side_action_gated). Private events update Account State, record the affected scope, give related events a short bounded window to arrive, and one workflow owner chooses one action family. Accepted mutations stay pending confirmation until private confirmation or scoped recovery, and REST state fetches happen only at trust boundaries.
  • Each reconciliation pass chooses one action family only: recover uncertain state, clean up stale app-owned orders, repair/place protection, place/repair DCA, do nothing, or wait because required evidence or configuration is missing.
  • Do not enter REST recovery just because private order, execution, fill, or position events arrived. If the private stream is healthy and Account State has ingested the matching order evidence plus the matching position or account evidence, continue from private-stream account state without REST hydration. For products without exchange-provided position rows, locally derived position evidence fills the same role.
  • Plan protective SL/TP before exposure-increasing DCA for a fresh managed position. DCA runs only after protection is trusted or scoped recovery proves the account state.

2. Architecture

Build an order/account/position state machine. Keep one WebSocket-driven product/account workflow owner that drains product/symbol/side work items.

  • Private events update Account State immediately.
  • Affected scopes are precise where possible and bounded where not.
  • The scheduler uses a short event-burst wait (150ms, configurable) for related events in the same burst, then runs one workflow pass from settled account state.
  • One workflow owner drains one symbol-side scope at a time.
  • Keep one planner/recovery loop for each product/account; do not add a second lifecycle path for the same scope.
  • A REST submit response creates Pending Confirmation state; it is not Trusted State.

3. Non-confirmation evidence

These inputs can update local state, clear latches, or schedule work, but they do not prove that a protective slot is safely active.

  • REST place/amend/cancel acceptance: record or match Pending Confirmation. Transport or request success does not prove active open-order state.
  • Terminal order row: clear or terminalize the matching latch. Cancelled, rejected, filled, deactivated, triggered, or equivalent rows are not active slot evidence.
  • Execution or fill row: update fills and record the affected scope. Fill evidence can change position/order state but does not confirm active open-order existence or Position Trust.
  • Private order update: update Order Trust, match pending confirmations, and record the affected scope. Order Trust is not Position Trust. When the exchange provides position rows, replacement planning waits for a matching position or account-state update or Scoped Recovery.
  • Private stream open or subscription event: update transport readiness only. Account State readiness still needs hydration, replay, and private account-state evidence.
  • Active DCA order for the current step: hold dependent DCA work. An active DCA order is not permission to place the next DCA step.

4. Required checks

Required checks use this compact behavior set. After implementation, run the complete behavior-contract fixtures set from the conformance pack before enabling EXECUTION_MODE=DEMO, TESTNET, or LIVE order paths. conformance packs are the machine-readable fixture sources for these checks.

  • startup_hydrated_position_queues_work_before_service_ready: REST-hydrated open positions queue work before service readiness.
  • private_event_records_scope_and_schedules_reconcile: Private event ingestion leads to scoped workflow scheduling.
  • private_event_burst_waits_for_related_events: Account State ingestion is immediate while workflow execution briefly waits for related events in the same burst.
  • custom_order_id_registry_routes_exchange_echoes: Exchange-visible custom IDs are lookup keys into one order-context store.
  • pending_confirmation_does_not_unlock_dependent_action_family: Accepted mutation responses are provisional and cannot unlock dependent action families.
  • context_write_failure_blocks_submission: A failed durable order-context write must block exchange submission.
  • private_confirmation_before_rest_accept_is_consumed: A private confirmation can arrive before the REST submit promise resolves.
  • side_flip_cleans_old_side_before_new_side_work: A one-way side flip cleans old-side app-owned orders before new-side protection or DCA.
  • pending_place_blocks_duplicate_place: A pending place confirmation blocks another place for the same slot.
  • pending_cancel_blocks_duplicate_cancel: A pending cancel confirmation blocks another cancel for the same target.
  • decimal_and_default_equivalent_active_order_does_not_replace: Equivalent active orders do not churn because of display precision or hydrated defaults.
  • terminal_event_during_cancel_or_amend_is_benign_race: Terminal private evidence can make later missing-target cancel/amend errors benign.
  • reconnect_queues_known_scopes_for_recovery_even_when_quiet: Reconnect schedules recovery even without a later private event.
  • slot_filter_failures_are_blocked_not_silent_or_retried: Exchange filters and local sizing gates produce explicit blocks.
  • flat_position_cleans_app_owned_orders: A flat position cleans remaining managed orders.

5. Exchange overlay

Exchange-state lifecycle behavior stays reusable. Exchange pages add venue-specific names, request shapes, topics, and rejection handling.

  • Binance overlay covers newClientOrderId, clientAlgoId, SDK ID utilities, regular TP order shape, Algo SL order shape, and Binance rejection codes.
  • Bybit overlay covers orderLinkId, positionIdx, V5 private topics, retCode behavior, durable context defaults, and close-all SL request shapes.
  • Shared behavior belongs in the exchange-state manifest, runtime kit, integration kit, and behavior-contract fixtures.

6. Fallback sources

Use general SDK docs and examples only after task-specific artifacts establish the runtime contract.

  • Use the manifest as the first executable artifact.
  • Use this spec for workflow review.
  • Use SDK docs, endpoint maps, repository examples, SDK catalog, and llms-full only for unresolved method or request-shape details.

Runtime sequence

Module names can vary. These transitions should remain visible and testable.

  1. Startup hydration loads filters, positions or inputs for local position tracking, open orders, fills or executions, wallet or margin state, account mode, risk/readiness state, and stored contexts.
  2. Private stream readiness is established and buffered private events replay into Account State.
  3. Service readiness opens only after hydration, replay, and configuration gates pass.
  4. A private event updates Account State immediately.
  5. The affected product/symbol/side is recorded as the affected scope.
  6. A short event-burst wait gives related order, execution, position, and wallet events time to arrive.
  7. One workflow owner drains one affected scope.
  8. The planner chooses one action family.
  9. The submitter sends only the mutations approved by that pass after final gates pass.
  10. Accepted mutations become pending confirmations.
  11. Private Stream Confirmation updates Account State, or Scoped Recovery resolves unknown outcomes.
  12. Follow-up scopes are requeued only when trusted state changed.
Minimal systemReference

Build this before optional strategy controls.

  • Use Account State or the project-local account cache as the only planning state.
  • After readiness, private events update Account State as the normal state path.
  • Use REST state fetches only at trust boundaries: startup, restart, reconnect or gap, missing prerequisites, unknown outcome, timeout, conflict, or explicit recovery.
  • Order and fill updates trigger reconciliation, but dependent replacement planning waits for matching position or account-state evidence or scoped recovery.
  • When the exchange does not provide position rows, derive local position state from fills, fees, and balance/account events before managed exits or exposure changes.
  • DCA is a configured exposure-increasing order unless another execution style is explicitly selected. TP and SL are protective managed slots.
Files to create firstReference

These files preserve the prompt, plan, and runtime lifecycle before exchange calls are implemented.

  • docs/AI_PROMPT.md (or docs/SPEC.md when that is the project standard)
  • docs/AI_PROMPT_MANIFEST.json
  • docs/PLAN.md
  • docs/WORKFLOW_STATE_MACHINE.md
  • docs/PRIVATE_EVENT_ROUTING_TABLE.md
  • docs/CONFIRMATION_LIFECYCLE.md
  • docs/DURABLE_CONTEXT_LIFECYCLE.md
  • .env.example
Runtime modulesReference

Create these local boundaries before exchange-specific request builders. Use the runtime kit for full interfaces.

  • OrderContextStore: customOrderId -> order context. Register context before submit, persist when configured, prune against trusted active orders, and never recover slot meaning by parsing custom IDs.
  • AccountState: subject trust for position state, active orders, fills, balances, filters, contexts, readiness, and sync/recovery flags. Apply startup/recovery REST snapshots and private events into one account view. REST submit acceptance is coordination evidence only. Track order trust separately from position trust, filter trust, context trust, and readiness trust.
  • PrivateEventRouter: event classification, accountstate ingestion, affected-scope recording, and pending-confirmation matches. Ingest private rows immediately, route known custom IDs through OrderContextStore, use bounded fallback scopes for ambiguous rows, and keep wallet-only events out of broad DCA/TP/SL planning unless configured.
  • AffectedScopeQueue: deduped product/symbol/side work items. Canonicalize scope keys, dedupe repeats, preserve bounded follow-up reasons, and drain through one workflow owner.
  • EventBurstReconciler: short-delay reconciliation for private event bursts. Apply events to AccountState immediately, record the exact product/symbol/side that changed, wait briefly so related events in the same burst can arrive, then run one reconciliation pass from the settled account state with a bounded max delay.
  • ConfirmationTracker: pending place/amend/cancel confirmations and in-flight custom IDs. REST acceptance creates pending coordination state. Trusted private state or scoped recovery clears it. Timeout enters scoped recovery.
  • RecoveryHydrator: scoped REST hydration for untrusted subjects. When recoveryRequired or sync-required state is set, hydrate positions, open orders, fills/executions, balances/readiness, replay buffered events, clear recovery on success, and requeue affected scopes.
  • WorkflowOwner: single active reconciliation/planning/submission pass. Drain one affected scope at a time. If already active, record follow-up work and let the owner schedule one deferred pass.
  • Planner: desired managed slots and one selected action family. Plan from trusted AccountState subjects. Products with exchange-provided position rows wait for matching position or account-state trust after order/fill events; products without exchange-provided position rows require trusted local position state. Each reconciliation pass chooses one action family only: recover uncertain state, clean up stale app-owned orders, repair/place protection, place/repair DCA, do nothing, or wait because required evidence or configuration is missing.
  • SubmissionExecutor: preflight, context registration, exchange call dispatch, and provisional mutation records. Pre-register contexts, preflight filters, risk geometry, and duplicate IDs, dispatch fresh SL/TP concurrently by default, and never unlock dependent action families from REST acceptance alone.
  • ExchangeErrorClassifier: deterministic block, benign race, retry/backoff, and scoped recovery decisions. Classify by action, role, exchange code, current trusted state, and proof. Unknown mutation status enters scoped recovery.
  • StructuredLogger: redacted lifecycle, planner, submission, recovery, and shutdown logs. Emit semantic counters and reasons without raw private payloads, secrets, signatures, listen keys, or raw order intents.
Exchange implementationsReference

Use exchange implementation pages for SDK clients, request fields, private topics, product terms, rejection codes, and venue-specific fixtures.

Runtime invariants

  • Default behavior is read-only hydration and EXECUTION_MODE=DRY_RUN_PRIVATE order intents.
  • A private exchange-state manager is a long-running service, not a run-once order placer.
  • No exchange write path can run before EXECUTION_MODE=DEMO, TESTNET, or LIVE is explicitly selected and every configured gate allows it.
  • For broad TP/SL/DCA position managers, use percentage-based strategy inputs by default: derive TP, DCA, and SL prices plus DCA size from trusted entry and position size before order planning. Absolute TP/DCA/SL prices or DCA quantities are advanced per-symbol operator overrides, not the primary config model. If allowed, they must be explicit, scoped, compatible with percentage defaults, and validated through the same filters and risk geometry. Startup validation rejects missing, invalid, contradictory, or non-finite strategy inputs before private clients, WebSocket subscriptions, hydration, or exchange mutation.
  • Symbol scope, subject trust, position trust, and TP/DCA/SL geometry follow the shared exchange-state rules before any exchange write.
  • No unowned manual order is cancelled or amended by default.
  • Generated managers use Custom Order IDs plus an order-context registry and deterministic internal SlotKey/context by default.
  • Use REST state fetches only at trust boundaries: startup, restart, reconnect or gap, missing prerequisites, unknown outcome, timeout, conflict, or explicit recovery.
  • Do not enter REST recovery just because private order, execution, fill, or position events arrived. If the private stream is healthy and Account State has ingested the matching order evidence plus the matching position or account evidence, continue from private-stream account state without REST hydration. For products without exchange-provided position rows, locally derived position evidence fills the same role.
  • The order workflow is ws_symbol_side_action_gated; affected work items are symbol-side scoped. Each reconciliation pass chooses one action family only: recover uncertain state, clean up stale app-owned orders, repair/place protection, place/repair DCA, do nothing, or wait because required evidence or configuration is missing.
  • Desired-vs-active comparison normalizes exchange-hydrated defaults by order kind before suppressing replacement; raw field-by-field object equality is forbidden. When an accountstate or exchange-overlay comparison helper is available, compare NormalizedOrder-to-NormalizedOrder: convert desired slot/request objects into the accountstate NormalizedOrder shape first, mapping local managedSide/managedStrategySide to strategySide, then compare them with active normalized orders. Do not pass strategy-local DesiredManagedOrder/request objects directly or hand-roll raw exchange-object equality.
  • Same-slot amendable changes are amended first instead of cancel/placed by default.
  • Workflow-active events record bounded follow-up reasons and cannot start recursive replans.
  • Protective exits are pre-registered, dispatched concurrently by default, and confirmed before exposure-increasing DCA for a new managed position.
  • DCA risk-limit failures do not pause or churn protective TP/SL management.
  • Reconnect, restart, rejection, and unknown submission paths enter recoveryRequired or syncRequired and reconcile before new exposure resumes.
  • Advanced lifecycle/generation recovery is opt-in persistent strategy behavior, not the simple prompt-generated default.

Disclaimer: AI is an exciting and promising technology, but content, prompts, code, examples, strategy ideas, and tool outputs produced with AI can be incomplete, incorrect, insecure, outdated, or unsuitable for your circumstances. Anything produced from these prompts or from any AI coding agent must be independently reviewed by qualified professionals before use. You are responsible for testing, security review, compliance review, exchange-rule review, credential controls, trading-risk controls, and any decision to deploy or rely on the resulting work. Siebly provides this page and generated prompt text for informational purposes only. They are not financial, investment, legal, security, compliance, or professional engineering advice. To the maximum extent permitted by law, Siebly accepts no responsibility for losses, claims, damages, failed orders, missed trades, security incidents, regulatory issues, or other consequences arising from AI-generated output, your prompts, your code, your trading strategy, or your implementation decisions.