KeyRotationReminder
sec.keyrotationreminder
Security
planned
Spec started
frozen
Nag the user to rotate signing keys on a schedule; prevent key reuse across environments.
What it does
Nag the user to rotate signing keys on a schedule; prevent key reuse across environments.
Pipeline placement
runs after: Session key validation
→
KeyRotationReminder
→
runs before: Any signing call using a key past its rotation schedule
Applies to: All active signing keys per user across environments
Why it matters
| If this fails | Consequence |
|---|---|
| Signing key never rotated | A long-lived key that is compromised silently provides unlimited signing authority over time. |
| Same key used across prod and staging | A staging environment compromise exposes production signing capability. |
| No block on overdue rotation | Users ignore rotation reminders indefinitely, leaving stale keys in production. |
Inputs
Polymarket inputs
| Input | Source | Required | Use |
|---|---|---|---|
| ClobAuth API key registration timestamp | clob_auth | required | Determine when the current signing key was registered to calculate age. |
Internal inputs
| Input | Source | Required | Use |
|---|---|---|---|
| Configured rotate_every_days and block_on_overdue_h | Admin UI | required | Schedule and enforcement thresholds for key rotation. |
| KillSwitch active flag | KillSwitch | required | Block all signing during global pause. |
Authority
What this bot is permitted to do
Reject Pause
State
Readiness
Spec started
Status
planned
Class
Guardrail
Default mode
shadow_only
Developer owner
Polytraders core
Capital impact
Direct
Reason codes emitted
| Code | Severity | Meaning | Action |
|---|---|---|---|
| KILL_SWITCH_ACTIVE | HARD_REJECT | Global kill switch is active. | Immediately return DENY. |
| KEY_ROTATION_OVERDUE | HARD_REJECT | Signing key age exceeds rotate_every_days plus grace period. | Return DENY; prompt key rotation. |
| KEY_REUSE_ACROSS_ENV | HARD_REJECT | Key fingerprint detected in multiple environments. | Return DENY; require unique key per environment. |
| KEY_ROTATION_DUE_SOON | WARN | Key age exceeds 90% of rotate_every_days. | Warn user; allow signing to continue. |
| STALE_DATA | INFO | ClobAuth API unavailable; key age could not be verified. | Log; continue with cached data if available. |
Related bots in Security
Used by
Reverse index — strategies that currently reference sec.keyrotationreminder. If you change this bot's authority or reason codes, these strategies must re-pass shadow.
| Strategy | State | Activity |
|---|---|---|
| US Elect — book-builder | demo-wired | last triggered 43m ago |
| NBA H2H — moneyline market-make | demo-wired | last triggered 3m ago |
| US Elections — sentiment fade | demo-wired | last triggered 10m ago |
Showing 3 of 3 · demo-wired ≠ production-live
Why this matters
Security bots does NOT propose or execute trades; only guards signing and wallet operations. Understanding the authority boundary prevents misuse and makes promotion-gate reviews faster and more reliable. View raw spec JSON →