PINK DITAv2: kernel-level finiteness guard (no more null-string crash on inf/NaN)
The aborted hard cutover crash-looped with "Rust kernel returned null string" from process_intent on the first live trading step. Root cause (reproduced): a non-finite (inf/NaN) numeric field reaching the kernel — Python json.dumps emits the Infinity/NaN token, serde_json rejects it at parse, and the FFI returned null. Magnitude is fine; only finiteness was the problem. Defense in depth, kernel catches it: - Rust FFI (lib.rs): dita_kernel_process_intent_json / _on_venue_event_json now return a clean INVALID_INTENT KernelResult on parse failure (incl. Infinity/NaN tokens) AND on serialize failure (a non-finite produced internally) — never a null string. - Python bridge (rust_backend.py): ExecutionKernel.process_intent validates intent finiteness/bounds (target_size, reference_price, limit_price, leverage, exit_leg_ratios; size>=0) BEFORE the FFI and rejects INVALID_INTENT, naming the offending field+value. - contracts.py: add KernelDiagnosticCode.INVALID_INTENT. - pink_direct.py: on INVALID_INTENT, log full upstream provenance (snapshot.price, capital, leverage, sizes) so the numerical SOURCE can be located on the next live run. - on_venue_event bridge tolerates the fallback's null slot (uses the live slot). Verified: kernel recompiled; offline 65 + 7 new guard tests green (no regression); direct-FFI inf payload -> INVALID_INTENT (no null crash). NOTE: this turns the cutover crash into a clean rejection — the upstream source of the non-finite (the live run's inf) still needs locating, now aided by the provenance log. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Codex
73
prod/tests/test_pink_invalid_intent_guard.py
Normal file
73
prod/tests/test_pink_invalid_intent_guard.py
Normal file
@@ -0,0 +1,73 @@
|
||||
"""Kernel-level finiteness guard: non-finite (inf/NaN) intents must be rejected
|
||||
with INVALID_INTENT, never crash the kernel ("Rust kernel returned null string").
|
||||
|
||||
Two layers (defense in depth):
|
||||
- Python bridge (ExecutionKernel.process_intent): rejects non-finite/insane fields
|
||||
before the FFI call, naming the offending field for source-location.
|
||||
- Rust kernel (FFI): a payload that fails to parse (incl. the Infinity/NaN tokens
|
||||
serde rejects) or a result that fails to serialize returns a clean INVALID_INTENT
|
||||
outcome instead of a null string.
|
||||
"""
|
||||
|
||||
from __future__ import annotations
|
||||
|
||||
from datetime import datetime, timezone
|
||||
|
||||
import pytest
|
||||
|
||||
from prod.clean_arch.dita_v2 import (
|
||||
ExecutionKernel, InMemoryControlPlane, KernelCommandType, KernelControlSnapshot,
|
||||
KernelMode, KernelVerbosity, MemoryKernelJournal, MockVenueAdapter, MockVenueScenario,
|
||||
TradeSide,
|
||||
)
|
||||
from prod.clean_arch.dita_v2.contracts import KernelDiagnosticCode, KernelIntent
|
||||
from prod.clean_arch.dita_v2.rust_backend import _get_rust, _intent_to_payload
|
||||
|
||||
|
||||
def _kernel():
|
||||
return ExecutionKernel(
|
||||
control_plane=InMemoryControlPlane(
|
||||
KernelControlSnapshot(mode=KernelMode.DEBUG, verbosity=KernelVerbosity.TRACE)
|
||||
),
|
||||
venue=MockVenueAdapter(MockVenueScenario(emit_fill_on_submit=True, partial_fill_ratio=1.0)),
|
||||
journal=MemoryKernelJournal(),
|
||||
)
|
||||
|
||||
|
||||
def _intent(size, price, lev=3.0):
|
||||
return KernelIntent(
|
||||
timestamp=datetime.now(timezone.utc), intent_id="i", trade_id="T", slot_id=0,
|
||||
asset="BTCUSDT", side=TradeSide.SHORT, action=KernelCommandType.ENTER,
|
||||
reference_price=price, target_size=size, leverage=lev, exit_leg_ratios=(1.0,), reason="X",
|
||||
)
|
||||
|
||||
|
||||
@pytest.mark.parametrize("size,price,lev,field", [
|
||||
(float("inf"), 100.0, 3.0, "target_size"),
|
||||
(float("nan"), 100.0, 3.0, "target_size"),
|
||||
(0.1, float("inf"), 3.0, "reference_price"),
|
||||
(0.1, 100.0, float("nan"), "leverage"),
|
||||
(-0.1, 100.0, 3.0, "target_size"),
|
||||
])
|
||||
def test_bridge_rejects_nonfinite_intent(size, price, lev, field):
|
||||
out = _kernel().process_intent(_intent(size, price, lev))
|
||||
assert out.accepted is False
|
||||
assert out.diagnostic_code == KernelDiagnosticCode.INVALID_INTENT
|
||||
assert out.details.get("field") == field
|
||||
|
||||
|
||||
def test_finite_intent_still_accepted():
|
||||
out = _kernel().process_intent(_intent(0.15, 100000.0))
|
||||
assert out.accepted is True
|
||||
assert out.diagnostic_code == KernelDiagnosticCode.OK
|
||||
|
||||
|
||||
def test_rust_kernel_rejects_nonfinite_payload_without_null_crash():
|
||||
# Bypass the Python bridge guard: hand a non-finite payload straight to the
|
||||
# Rust FFI (json.dumps emits the Infinity token serde rejects). The kernel
|
||||
# must return a clean INVALID_INTENT outcome, not a null string.
|
||||
k = _kernel()
|
||||
payload = _intent_to_payload(_intent(float("inf"), 100.0))
|
||||
res = _get_rust().process_intent(k._backend, payload, mode="NORMAL", verbosity="QUIET")
|
||||
assert res["outcome"]["diagnostic_code"] == "INVALID_INTENT"
|
||||
assert res["outcome"]["accepted"] is False
|
||||
Reference in New Issue
Block a user