This repository contains a fully‑functional, production‑grade Telegram trading bot built for the Aster chain and its decentralised exchange. The bot is designed to be non‑custodial by default, with opt‑in custodial functionality, and implements secure wallet management, basic trading flows, fee and rebate logic, and an admin broadcast channel. It is modular, well‑documented, and comes with a Docker‑based development environment and CI pipeline.

• Non‑custodial wallets — users can create or import wallets; mnemonics are displayed once and encrypted before storage using Argon2id‑derived keys and AES‑GCM (falling back to a simple cipher if the cryptography library is unavailable). Custodial mode is available behind an opt‑in flow with KMS/HSM integration.
• Trading flows — supports market buy/sell (mocked by default), limit orders, take profit/stop loss and DCA scheduling. All trades require explicit confirmation through Telegram inline keyboards.
• Token inspection — paste a contract address or use /check_contract to retrieve metadata, current price, market cap and liquidity (via a pluggable AsterAdapter).
• Fee mechanism — configurable fee splitter sends portions of each trade to the master wallet, a gas rebate pool, and a developer fund. A sustainable gas rebate algorithm is included.
• Admin tools — administrators can broadcast messages, adjust fee settings and view audit logs. Two‑factor authentication (TOTP) is required for privileged actions: an admin must first send their 6‑digit TOTP code as a slash command (e.g. /123456) to unlock admin commands.
• Security first — encrypted key storage, message deletion, client‑side encryption flows, rate limiting and RBAC. A threat model and audit checklist are provided.
• Observability — exports Prometheus metrics (active users, trade volume, fee revenue) and includes a Grafana dashboard template.
• Testing and CI — unit tests and integration tests using mocks, with a GitHub Actions workflow that runs linting, tests and builds a Docker image.

The bot is packaged as a Docker composition for easy local development. You will need Docker and Docker Compose installed.

git clone https://github.com/yourname/aster-trading-bot.git
cd aster-trading-bot
cp .env.example .env  # edit with your Telegram token and other configuration
docker-compose up --build

The bot will start polling Telegram for updates. In development, it uses long polling; in production, configure webhooks.

• /create_wallet — generates a new mnemonic and displays it once. The mnemonic will self‑destruct after 10 seconds. An encrypted keystore is stored in Postgres.
• /import_wallet — allows users to import a mnemonic or private key. The bot immediately deletes the message and prompts for an encryption passphrase.

Use /check_contract <token_address> or simply paste an Aster token address into the chat. The bot validates the address and returns a compact card showing the token’s name, symbol, decimals, current price, market cap and liquidity. The default implementation uses a mocked adapter; swap in a real AsterAdapter implementation when RPC endpoints are available.

Use /buy <token> <amount> to simulate a market buy. The bot displays an order preview with estimated price, fees and slippage, and asks you to confirm via inline keyboard. Upon confirmation, the trade is recorded in the database. A stubbed execution engine is provided; integrate with the Aster DEX router to execute real trades.

├── docker/             # Dockerfile and docker-compose for dev
├── docs/               # Architecture and operations documentation
├── src/                # Python source code
│   ├── bot/            # Telegram handlers, UI, message flows
│   ├── blockchain/     # Aster chain adapters, signing utilities
│   ├── orders/         # Order management and scheduling
│   ├── fees/           # Fee splitter and rebate logic
│   ├── db/             # SQLAlchemy models and session management
│   ├── admin/          # Admin commands and RBAC
│   └── tests/          # Unit and integration tests
├── ci/                 # GitHub Actions workflows
├── security/           # Threat model and audit checklist
├── .env.example        # Example environment variables
└── README.md           # This file

• Aster chain RPC — the Layer‑1 Aster chain remains in testing and no public RPC endpoints exist yet, so on‑chain queries still rely on mocks. However, the bot integrates the live AsterDEX REST API (https://fapi.asterdex.com) for market data and order submission. Set ASTER_API_KEY and ASTER_API_SECRET in your .env to enable live trading; otherwise a mock adapter is used for price and order simulation.
• KMS/HSM integration — the custodial key storage uses a mock KMSAdapter. Integrate with AWS KMS, GCP KMS or Hashicorp Vault by implementing the same interface.
• Trading engine — market orders are executed via the AsterDEX API and limit/DCA orders are managed off‑chain by the built‑in scheduler. Additional order types (e.g. on‑chain limit orders) can be added by extending the AsterAdapter once the Aster chain publishes on‑chain swap contracts.
• Prometheus and Grafana — metrics instrumentation is wired in but some dashboards are empty. Provide real endpoints when deploying.
• CI/CD — the GitHub Actions workflow builds and tests the bot but does not push images. Extend as needed.

See docs/architecture.md and docs/operations.md for detailed design and operational procedures.