AI Trading Runtime and Risk
Trading docs should start from risk, not from agents.
The bot can reason with an AI harness, but capital moves only when the runtime, validator path, and vault policy allow it. If those boundaries are unclear, the operator should stay in paper mode.
Runtime backend
Provision requests can set:
{
"strategy_config_json": {
"runtime_backend": "docker"
}
}Supported values:
| Value | Meaning |
|---|---|
docker | Default sandbox sidecar path. |
firecracker | Intended microVM path. Current trading docs note this returns a validation error until provider wiring is enabled. |
tee | Confidential runtime selection. TEE instance blueprints pin this mode. |
Runtime choice is separate from trust mode. A TEE bot can still have bad policy, and a Docker bot can still be paper-only.
Paper mode
Paper mode is the safe default in the operator install path. It uses live market data and simulated fills. The operator repo has done work to model fees, impact, and gas so paper PnL is less fantasy than a frictionless simulator.
Paper mode should still be treated as real production behavior:
- The bot consumes CPU, disk, and model budget.
- Strategy bugs still matter.
- The same config may later be promoted to live execution.
- The Arena should label paper/live state clearly.
Validation trust
| Mode | Who checks trades | Latency profile | Use when |
|---|---|---|---|
PerTrade | Validator committee signs each trade intent. | 5 to 30 seconds. | The operator is untrusted or the vault needs external approval per trade. |
Envelope | A depositor-approved envelope bounds what can happen. | Immediate inside the envelope. | The user accepts bounded autonomy. |
SelfOperated | Local operator policy, still inside envelope limits. | Immediate. | The operator and depositor are the same trust domain. |
The envelope covers assets, position size, borrowed exposure, total exposure, drawdown, and stop-loss distance. Cancels can be instant.
Model keys
Trading bots can run deterministic ticks without model provider keys. Agentic activation and chat require keys.
Current repo examples include:
| Key | Used for |
|---|---|
ZAI_API_KEY | Z.ai based agentic flows. |
ANTHROPIC_API_KEY | Anthropic model access. |
TANGLE_API_KEY | Tangle Router model calls or Tangle-hosted telemetry paths depending on setup. |
OPENCODE_MODEL_* | OpenCode model settings when the sidecar advertises OpenCode beside the other supported harnesses. |
If an operator sets keys, the operator pays unless another billing path is wired. There is no default per-bot LLM budget guard. Use allowlists, capacity caps, and provider billing limits.
What the dapp must not imply
Do not show “AI approved” as if that is a safety property. The useful safety facts are:
- paper or live
- trust mode
- envelope present and not expired
- validators reachable when required
- vault policy loaded
- trade blocked or signed
- operator health
- model spend source
Those are the states a user can act on.
Runtime evidence
Before calling a trading operator production-ready, capture:
- build and contract tests
- operator health
- bot roster fetch
- one provisioned bot
- paper tick output
- policy or validator state
- service ID and operator address
- Arena route that resolves the bot from operator data