Legend
- Solid arrows → Allowed flow
- Red dashed arrows → Forbidden paths
- Red nodes → Fail-closed gates / blocking decisions
- Green nodes → Source-of-truth operations
Security Gates
- TopstepX State Fetch: Always fetched in live mode (line 89)
- Validity Check: Invalid/stale state blocks trading (fail-closed)
- Verification: Mismatch blocks if
fail_closed=true
- Payout Lock: Blocks entries during payout processing
- Floor Check: Blocks if equity at/below floor (funded MLL=0)
- Consistency Cap: Blocks if daily P&L exceeds cap
- Risk Limits: Blocks if exceeds daily loss, trailing DD, or margin
Source of Truth
- Live Mode: TopstepX API (via
getTopstepXRiskState)
- Simulation Mode: Database state (via
getAccountState)
Forbidden Paths
- ❌ UI → TopstepX direct
- ❌ UI → Executor direct
- ❌ Live mode using DB state without TopstepX verification