Status: Pre-v1 governance and architecture repository.
Hydra Core documents a governed, risk-first trading infrastructure. It describes how enforcement, observability, and fail-closed operations are expected to work across the Hydra system.
Losses are expected. Escalation is not.
Hydra is described publicly as three related parts:
- Hydra Core: public architecture, doctrine, governance, and operating principles
- Hydra Quant: private strategy and execution systems operating within those constraints
- Hydra Guardian: private supervisory and enforcement layer behind Hydra Quant, responsible for veto, disarm, and recovery decisions
This repository is hydra-core only.
It does not publish private implementation code from Hydra Quant or Hydra Guardian.
Hydra is designed around a simple assumption:
If a rule can be broken, it eventually will be.
That assumption drives a system model in which:
- risk is enforced at the system boundary, not left to operator discretion
- ambiguous state is treated as unsafe until proven otherwise
- observability is part of control, not an afterthought
- recovery requires verification rather than optimism
The goal is not uninterrupted activity. The goal is controlled survivability under loss, latency, ambiguity, and operator error.
flowchart TD
S[Strategies / Engines] -->|propose trades| G[Hydra Guardian]
G -->|approved execution| X[Execution Layer]
X -->|execution outcomes| G
M[Monitoring / Observability]
R[Recovery / Watchdog Layer]
S -. state / health .-> M
G -. decisions / events .-> M
X -. execution / fills / status .-> M
M -. alerts / anomalies .-> G
M -. watchdog signals .-> R
R -. restart / recovery controls .-> S
R -. restart / recovery controls .-> G
R -. restart / recovery controls .-> X
This diagram is conceptual. It shows supervisory relationships around the system, not private implementation details.
- Risk First: exposure is constrained before execution is allowed
- Fail Closed: uncertainty, stale state, or invalid constraints lead to rejection or disarm
- Engine Isolation: local failures should remain local unless supervisory policy escalates them
- Observability: enforcement decisions must leave enough evidence to reconstruct what happened
- No Escalation: losses do not justify larger size, looser rules, or bypassed controls
- Docs Map: recommended reading order for the public governance surface
- System Overview: high-level public architecture and control boundaries
- Control Boundaries: responsibilities and authority lines between engines, Guardian, execution, monitoring, and recovery
- State Model: public-safe operating states and their fail-closed meaning
- Hydra Guardian: the named supervisory and enforcement layer behind Hydra Quant
- Risk Doctrine: core operating principles for risk, disarm, and fail-closed behavior
- Why Most Bots Fail: strategy-agnostic doctrine on survivability and structural failure
- Docs Map
- System Overview
- Control Boundaries
- State Model
- Hydra Guardian
- Glossary
- Risk Doctrine
- Why Most Bots Fail
- Operating Principles
- Operator Runbook
- Failure Modes
- Release Posture
- Versioning Policy
- Risk Event Ledger
- Risk Event Ledger Policy
For edits that change governance meaning, enforcement expectations, or recovery semantics, review the change classification guidance in Versioning Policy before updating the ledger.
Hydra Core remains pre-v1.
This repository is intended to stabilize public doctrine and governance before any later v1 release decision. It should be read as architecture and operating policy, not as a public software distribution.