Guardrail

LiquidityGuard prevents strategies from placing orders that would consume too much of the visible order-book depth on a given market. It checks book depth, spread, and top-of-book freshness on every OrderIntent and either approves, downsizes, or rejects the order. It cannot change the market, the direction, or the strategy intent — only the size and the timing of execution.

InventoryUnwinder detects when a position has breached its concentration or capital limit — either because an OrderIntent would push it over, or because an existing position is already over the limit (e.g. after a parameter change or strategy crash). When a breach is detected it generates unwind OrderIntents targeting the source bot, using the NegRiskAdapter on Polygon for negRisk markets, and routes them back into the execution pipeline. It can also hard-reject incoming intents that would worsen an already-breached position. Builder codes from the original strategy are preserved on unwind intents for attribution. Fail-closed: if position data is unavailable, all new intents for the affected market are rejected.

RateLimitGovernor prevents the system from exceeding Polymarket's CLOB order send-rate limits at both the per-market and per-account levels. It reads live rate-limit headers from CLOB responses (X-RateLimit-Remaining, X-RateLimit-Reset), maintains sliding-window counters, and either delays (reshapes) or rejects OrderIntents when the remaining budget falls below configured thresholds. Cancel and risk-flatten requests always receive priority allocation over new open orders. The bot is fail-closed: if rate-limit state cannot be determined, new order intents are rejected until state is re-established.

BlacklistKeeper maintains a dual-registry of banned market condition IDs and banned counterparty wallet addresses. On every OrderIntent it checks both registries and hard-rejects any intent whose target market or counterparty appears on either list. The bot also monitors for ambiguity signals (undefined resolution sources, prior dispute history, time-to-resolution below threshold) and rejects structurally hostile markets before execution. It is fail-closed: if the registry cannot be read, the intent is rejected.

CorrelationShockGuard monitors the rolling pairwise return correlation of open positions and blocks new orders when the portfolio correlation exceeds the configured ceiling. It detects sudden hidden correlation shocks where previously independent markets begin resolving together, increasing tail risk beyond what the capital model assumes.

FeeAndGasGuard estimates the total transaction cost (CLOB maker/taker fee plus Polygon gas) for a proposed order and rejects or downsizes it when the cost-to-edge ratio exceeds the configured ceiling. It prevents strategies from placing orders where fee drag exceeds the expected edge, turning a positive-expected-value intent into a negative-EV execution.

ManualOverrideAuditor intercepts every request to bypass or adjust a guardrail, enforces a rate limit on overrides per time window, requires a non-empty justification string, and emits an immutable RiskVote audit record for every approved or rejected override attempt. It ensures that manual guardrail bypasses cannot occur silently and that every override is visible to the risk team.

Prevents Polytraders from trading against itself. If an outgoing OrderIntent would cross with one of our own resting orders on the same market and outcome, SelfTradeWashGuard rejects it (full overlap) or downsizes it (partial overlap). This protects against wash-trade exposure and inadvertent self-fills.

StrategySuitabilityGate screens every OrderIntent against the user's declared experience tier and capital envelope, blocking strategy types that exceed the user's configured risk profile. It prevents novice-tier users from executing advanced multi-leg or high-leverage strategies without explicit elevation.

TailLossSimulator applies scripted adverse shock scenarios to the combined portfolio (open positions plus the proposed order) and rejects or downsizes the order if the simulated tail loss exceeds the configured maximum. It acts as a pre-trade stress test, replacing post-hoc margin calls with a forward-looking gate.

Track ERC-20 allowances per token and contract; alert and shrink to a tight ceiling on idle.

Cross-check every order’s chain-derived inputs (nonce, balance, allowance) against multiple sources before signing.

Nag the user to rotate signing keys on a schedule; prevent key reuse across environments.

Probe RPC providers continuously and fail over before a stale endpoint poisons our chain view.

Render a plain-English summary of every EIP-712 signature before the wallet shows the modal.

Rejects any OrderIntent whose required pUSD collateral cannot be covered by the funded balance of the assigned wallet, including a configurable buffer. Prevents the system from submitting orders that would fail at the exchange for insufficient funds, which burns latency and creates noisy reject metrics.