shield_lock
金大哥
返回 Skill 列表
extension
分类: 其它需要 API Key

DDDD Trade API

构建、审计和扩展东方财富网页版交易 API 项目的 Codex Skill,强调 dry-run 优先、敏感信息脱敏、持仓查询、委托 payload 生成、做T/ETF/可转债策略示例与 GitHub 公开发布安全检查。

person作者: user_d0d68871hubcommunity
download下载资源包

DDDD Trade API

Overview

Use this skill to create or improve a sanitized Python wrapper around Eastmoney web trading. Prioritize safety, reproducibility, and public-release hygiene: credentials must come from environment variables, order submission must default to dry-run, and logs/docs must not expose account IDs, cookies, validatekeys, or passwords.

Default Workflow

  1. Inspect the existing project before editing.
  2. Preserve a dry-run-first design: never make real order submission the default.
  3. Keep the public API small and typed: client, models, settings, CLI, and optional strategy helpers.
  4. Separate strategy generation from order submission. Strategy functions should return order payloads or Order objects; callers decide whether to submit.
  5. Add or update README usage examples, security warnings, and publishing checklist.
  6. Scan for secrets before declaring the project ready.

Recommended Package Shape

Use this structure for a clean public project:

dddd-trade-api/
├── .env.example
├── .gitignore
├── LICENSE
├── README.md
├── pyproject.toml
├── examples/
│   └── basic_usage.py
├── src/
│   └── eastmoney_trade_api/
│       ├── __init__.py
│       ├── cli.py
│       ├── client.py
│       ├── models.py
│       ├── settings.py
│       └── strategy.py
└── tests/
    └── test_models.py

Keep the Python import package as eastmoney_trade_api even when the repository or distribution name is dddd-trade-api; the import name is clearer for users.

Safety Rules

  • Read account IDs, passwords, and optional third-party credentials from .env or environment variables only.
  • Add .env, logs, exported holdings, Excel/CSV files, and browser profiles to .gitignore.
  • Do not print full cookies, validatekeys, tokens, account IDs, passwords, or order-session material.
  • Mask sensitive values in diagnostics with helpers such as mask_secret() and mask_cookie_header().
  • Keep dry_run=True by default in constructors, CLI examples, tests, and README snippets.
  • Require an explicit flag such as --live-trade before calling the real SubmitTradeV2 endpoint.
  • Include a financial-risk disclaimer. Do not present strategy screenshots or success rates as guaranteed future performance.

Eastmoney Client Pattern

Implement browser-backed login with DrissionPage, then capture validatekey and cookies from the position query request. Use them only for the current runtime session.

Core methods:

  • start() opens https://jywg.18.cn/.
  • login() fills account/password, handles captcha, and detects login success.
  • query_positions() listens for Com/queryAssetAndPositionV1?validatekey, returns a DataFrame, and stores an AuthSession.
  • submit_order(order) returns payload when dry-run is enabled; otherwise POSTs to Trade/SubmitTradeV2?validatekey=....

Use Eastmoney payload fields:

{
    "stockCode": "510300",
    "price": "3.5",
    "amount": "100",
    "tradeType": "B",
    "zqmc": "沪深300ETF",
    "market": "HA",
}

Strategy Guidance

When converting a private trading strategy:

  • Move broker/session concerns into client.py.
  • Move payload models into models.py.
  • Put strategy-specific order generation into strategy.py.
  • Keep market data fetching optional dependencies, for example under .[strategy].
  • Save examples as payload generation or dry-run demos, not live trading scripts.

For convertible-bond or ETF strategies, normalize raw Eastmoney position rows first, classify security types by code prefix, then generate Order objects.

README Guidance

README should include:

  • One-sentence purpose in Chinese and/or English.
  • Default dry-run behavior.
  • Installation commands.
  • .env.example usage.
  • CLI examples for position query and dry-run orders.
  • Python API example.
  • Security checklist.
  • Roadmap for future interfaces such as cancel order, daily orders, fills, and account assets.
  • Public-risk disclaimer.

When including proof screenshots, ensure all money amounts, account names, IDs, and personal details are masked.

Secret Scan Checklist

Before publishing or pushing:

rg -n --hidden -g '!.git' 'password|passwd|cookie|token|secret|validatekey|资金账号|交易密码|手机号|用户名|密码' .
rg -n --hidden -g '!.git' '[0-9]{11,}|[0-9]{6}' .
git grep -n -I -E 'password|cookie|token|secret|validatekey|资金账号|交易密码' HEAD

Review all hits manually. Field names and placeholders are acceptable; real values are not.

References

Read references/release-checklist.md when preparing a repository for public GitHub release or SkillHub upload.