rave-trading docs
Local

Operator Actions

Bounded mutable controls — spreads, asset toggles, and market-closure overrides.

Operator write access is intentionally narrow in Track A. The console exposes exactly the mutable controls the engine already understands via its operator config API; everything else (key material, contract admin actions, Ondo API key management) stays off the console entirely.

In scope for Track A

  • Spreads — base spread, vol-scaling multiplier, size tiers, after-hours adjustment. See Pricing Controls.
  • Asset toggles — enable or disable individual GM tokens. The engine refuses quotes for disabled assets immediately.
  • Market-closure overrides — force-close or force-open the market with an audit reason. Used for holiday schedules and incident response.

Not in scope

  • Contract upgrades, role grants, or UUPS admin calls.
  • Withdrawing funds from the vault.
  • Rotating the Ondo API key or Bearer tokens.
  • Writing the whitelist section; it is read-only from the console and still requires the operator secret on the engine.

Audit contract

Every operator action goes through the audited() wrapper, which enforces authentication and role before the engine is called and emits a structured JSON log line containing actor, role, section, reason, checksum, and outcome. Reasons are required — the engine rejects PUT requests to /api/v1/operator/config/{section} that omit them.

Quote Testing

Soft vs firm quotes and the three safety labels — quote-only, execution-preparatory, blocked.

Pricing Controls

Spread fields, vol-scaling multiplier bounds, and size-tier rules that are live today.

On this page

In scope for Track ANot in scopeAudit contract