This bot is a policy-controlled AI market maker for Perp DEX trading. It replaces direct private key signing with OWS-based authorization.

What Problem It Solves

Most trading bots sign directly from PRIVATE_KEY in .env. That is simple but risky.

This bot flow:

• Bot proposes an action.
• Policy engine evaluates limits and rules.
• OWS signs only if policy allows.
• Unsafe actions are blocked and logged.

Who This Is For

• Builders running automated trading agents with real funds.
• Individuals who don’t want private keys exposed inside bot logic.
• Developers integrating AI agents with on-chain execution.
• Market makers who need enforceable risk limits, not just configs.

Validation

This setup was tested with 01.xyz market maker flow using OWS signing mode.

Extensibility

This bot is also a ready-to-use market maker baseline. You can tune your own parameters and build your own strategy and automation layers on top of it.

Key Features

• OWS wallet mode (OWS_WALLET).
• Runtime policy checks before sensitive actions.
• Daily spend/loss protection.
• Allowed target and operation restrictions.
• Kill switch after repeated violations.
• Telegram alerts.
• Security dashboard.

Quick Setup (Only What This Bot Needs)

1) Install Node with nvm

curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash
source ~/.bashrc
nvm install --lts

2) Install OWS CLI

npm install -g @open-wallet-standard/core

3) Install project dependencies

npm install

4) Prepare .env

cp .env.example .env

Fill trading + RPC values.

5) Import your existing private key into OWS

1. Keep your current key only in local .env as PRIVATE_KEY=....
2. Run:

export PRIVATE_KEY_B58="$(grep '^PRIVATE_KEY=' .env | cut -d '=' -f2-)"
node import-ows.mjs
unset PRIVATE_KEY_B58

This imports your key into your local OWS vault.

6) Switch this bot to OWS mode in .env

OWS_WALLET=my-agent
OWS_INDEX=0
OWS_VAULT_PATH=/home/<user>/.ows
OWS_PASSPHRASE=<your-local-passphrase>
PRIVATE_KEY=

PRIVATE_KEY= empty means runtime signing path is OWS-based.

7) Run this bot

npm run bot -- btc

If logs show Using OWS wallet "my-agent", OWS mode is active.

8) Open dashboard (optional)

http://localhost:8787

Dashboard Purpose

The dashboard was designed to show in real time that external intervention attempts are blocked by OWS. I am still including it in case you want to build more on top of it.

Core Environment Variables

• OWS_WALLET
• OWS_INDEX
• OWS_PASSPHRASE
• OWS_VAULT_PATH
• OWS_MAX_DAILY_SPEND_USD
• OWS_KILL_SWITCH_THRESHOLD
• RPC_URL
• TELEGRAM_BOT_TOKEN
• TELEGRAM_CHAT_ID
• SECURITY_TELEGRAM_ALERTS_ENABLED

Legacy fallback:

• PRIVATE_KEY (not recommended after OWS mode activation)

Project Structure

.
├─ src/
│  ├─ bots/
│  │  └─ mm/
│  │     ├─ index.ts
│  │     ├─ config.ts
│  │     ├─ position.ts
│  │     └─ quoter.ts
│  ├─ sdk/
│  │  ├─ client.ts
│  │  ├─ account.ts
│  │  ├─ orders.ts
│  │  └─ orderbook.ts
│  ├─ security/
│  │  ├─ policy-engine.ts
│  │  ├─ runtime.ts
│  │  ├─ dashboard.ts
│  │  ├─ onchain-policy.ts
│  │  └─ types.ts
│  ├─ pricing/
│  ├─ risk/
│  ├─ signals/
│  ├─ strategy/
│  ├─ telegram/
│  ├─ utils/
│  ├─ types.ts
│  └─ viem-shim.d.ts
├─ contracts/
│  └─ OwsPolicyRegistry.sol
├─ docs/
├─ dist/
├─ logs/
├─ import-ows.mjs
├─ .env.example
├─ package.json
├─ tsconfig.json
└─ Dockerfile