ChainUp Spot (Script-First)
Why This Skill
Use this skill immediately when the user mentions OpenAPI V2, spot trading, margin trading, X-CH-SIGN, /sapi/v2/order, /sapi/v1/margin/*, /sapi/v1/account, or similar ChainUp trading/account scenarios.
Goals:
- - Prefer the script entrypoint instead of rebuilding signing logic each time.
- Return raw exchange JSON by default.
- If some parameters are still unknown, keep placeholders (
TODO) first and let the user fill them in later. - After the skill triggers, move to the script call quickly and avoid unnecessary explanation, extra reasoning, or repeated confirmation.
Runtime Entry
Unified entry script:
Core capabilities:
- - Built-in signing:
X-CH-APIKEY, X-CH-SIGN, �INLINECODE8 - Built-in common headers:
Content-Type, admin-language, �INLINECODE11 - Unified
action -> endpoint mapping - Real balance-changing actions require
--confirm CONFIRM by default - Order actions support
--prepare-only: fetch symbol rules via spot_symbols first, then preprocess price / �INLINECODE17 - Supports
--show-todo to display unresolved required placeholders for the current action
Execution Rules
- - When this skill is triggered, call
scripts/chainup_api.py first. Do not restate API parameter planning in natural language before using the script. - For read-only actions that do not affect balances or order state, call the script directly once parameters are clear. Only ask follow-up questions when required parameters are missing and cannot be inferred safely.
- For any action that can change balances, positions, open orders, or fills, provide a short execution summary in natural language before the live request, then wait for the user to reply with an exact standalone
Confirm before calling the script. - For non-fund-changing queries, avoid extra confirmation and execute directly.
- Do not treat "the user wants to place/cancel/transfer" as execution permission. No live request is allowed until a separate user message contains
Confirm. - For
spot_create_order, spot_test_order, and margin_create_order, run the script with --prepare-only before asking for confirmation. The script will call spot_symbols, fetch symbol precision, and round down using pricePrecision / quantityPrecision. - When showing parameters that need confirmation, always use the
preparedBody from --prepare-only. Do not show the unadjusted raw order payload. - After the user sends a standalone
Confirm, execute the live balance-changing action and keep using --confirm CONFIRM. - If
spot_create_order succeeds, follow up with spot_get_order by default. - All HTTP requests must be sent through
scripts/chainup_api.py. - If the script call fails, return the script failure result and continue debugging through the Python script only. Do not switch to
curl, handwritten signing, or any backup HTTP implementation. - Do not add a second implementation "just to verify the API". Avoid branching logic and duplicated reasoning.
Required Config
Prefer /root/TOOLS.md first:
- - �INLINECODE38
- INLINECODE39
- INLINECODE40
Use environment variables only as the next fallback:
- - �INLINECODE41
- INLINECODE42
- INLINECODE43
CLI arguments are also supported:
- - �INLINECODE44
- INLINECODE45
- INLINECODE46
Config resolution priority:
- -
CLI arguments > /root/TOOLS.md > �INLINECODE49 - If
/root/TOOLS.md already contains usable credentials, use them directly and do not require the user to set environment variables first.
Sensitive data handling:
- -
CHAINUP_API_KEY and CHAINUP_SECRET_KEY are sensitive. Never print them in full in the terminal, natural-language responses, execution summaries, error relays, or example commands. - If they must be referenced, only show masked values: keep the first 4 and last 4 characters and replace the middle with
***, for example 915c***815e. - Avoid inlining secrets in visible commands whenever possible. If a command must include them, do not repeat that full secret-bearing command in the response.
- Even if the user provides the full secret explicitly, never echo it back verbatim later.
Call Template
CODEBLOCK0
Notes:
- - Use
--query-json for GET actions - Use
--body-json for POST actions - For order actions,
--prepare-only can be used first to return precision-adjusted preparedBody for confirmation - For actions that change balances or orders, append
--confirm CONFIRM only after the user sends a standalone �INLINECODE62 - Unless the user asks for explanation, prefer executing first and returning the result instead of giving a long preface
Action Map
Public:
- -
spot_ping -> �INLINECODE64 - INLINECODE65� -> �INLINECODE66
- INLINECODE67� -> �INLINECODE68
- INLINECODE69� -> �INLINECODE70
- INLINECODE71� -> �INLINECODE72
- INLINECODE73� -> �INLINECODE74
- INLINECODE75� -> �INLINECODE76
Spot Signed:
- -
spot_create_order -> �INLINECODE78 - INLINECODE79� -> �INLINECODE80
- INLINECODE81� -> �INLINECODE82
- INLINECODE83� -> �INLINECODE84
- INLINECODE85� -> �INLINECODE86
- INLINECODE87� -> �INLINECODE88
- INLINECODE89� -> �INLINECODE90
- INLINECODE91� -> �INLINECODE92
Account Signed:
- -
spot_account -> �INLINECODE94 - INLINECODE95� -> �INLINECODE96
- INLINECODE97� -> �INLINECODE98
Margin Signed:
- -
margin_create_order -> �INLINECODE100 - INLINECODE101� -> �INLINECODE102
- INLINECODE103� -> �INLINECODE104
- INLINECODE105� -> �INLINECODE106
- INLINECODE107� -> �INLINECODE108
Response Rules
- - Return raw JSON by default (script stdout).
- INLINECODE109� returns
originalBody, preparedBody, adjustments, and symbolRule so the user can review the precision-adjusted live order payload before confirmation. - After a successful
spot_create_order, immediately follow with spot_get_order by default and return the latest order details. - When fetching the follow-up order, prefer
symbol + orderId from the create-order response. If the gateway also returns orderIdString, preserve it as well. - INLINECODE118� is filtered directly in the Python script and returns only assets where
free > 0 or locked > 0. - Add a short summary only when the user asks to "show just the key points".
- If returned content, errors, or debug output contains full
api-key, secret-key, or other credentials, mask them before showing anything.
Safety Rules
- - All live balance-changing actions (place order, cancel order, transfer) require the user to send
Confirm manually before execution, then use --confirm CONFIRM. - Any action that affects balances, even if it may not fill immediately, is still treated as a live balance-changing action. This includes but is not limited to limit orders, batch orders, cancellations, transfers, margin orders, and margin cancellations.
- Query actions can execute directly, including but not limited to balance queries, order queries, trade history queries, market data queries, and open-order queries.
- Precision prechecks are mandatory before order confirmation so the script does not send prices or quantities that exceed symbol precision to the live gateway.
- If the user explicitly requests to bypass confirmation,
--no-confirm-gate may be used. This is high risk and should only be used with explicit user authorization. - Never print full credentials in the terminal or reply. If the script throws an error that could expose secrets, summarize the failure rather than copying the raw sensitive output.
Examples
Query spot balances:
�CODEBLOCK1
Spot market order preparation (live request requires confirmation):
�CODEBLOCK2
Execute the live request after confirmation:
�CODEBLOCK3
Additional spot order conventions:
- - When
type=MARKET and side=BUY, volume is interpreted in the quote asset. - For example, for
ETH/USDT, volume=1 with side=BUY means buying ETH with 1 USDT at market. - When
type=MARKET and side=SELL, volume is interpreted in the base asset amount. - For example, for
ETH/USDT, volume=0.1 with side=SELL means selling 0.1 ETH at market. - For non-market order types such as
LIMIT, volume is still interpreted as the base asset amount. - After
spot_create_order succeeds, the default next step is not just returning the order receipt. The script should continue with spot_get_order and return the latest order information.
Margin limit order:
�CODEBLOCK4
References
ChainUp Spot(脚本优先)
为何使用此技能
当用户提及 OpenAPI V2、现货交易、保证金交易、X-CH-SIGN、/sapi/v2/order、/sapi/v1/margin/*、/sapi/v1/account 或类似的 ChainUp 交易/账户场景时,请立即使用此技能。
目标:
- - 优先使用脚本入口,而不是每次都重新构建签名逻辑。
- 默认返回原始交易所 JSON。
- 如果某些参数仍未知,先保留占位符(TODO),让用户稍后填写。
- 技能触发后,快速进入脚本调用,避免不必要的解释、额外推理或重复确认。
运行时入口
统一入口脚本:
核心能力:
- - 内置签名:X-CH-APIKEY、X-CH-SIGN、X-CH-TS
- 内置通用请求头:Content-Type、admin-language、User-Agent
- 统一的 action -> endpoint 映射
- 实际改变余额的操作默认需要 --confirm CONFIRM
- 订单操作支持 --prepare-only:先通过 spot_symbols 获取交易对规则,然后预处理 price / volume
- 支持 --show-todo 显示当前操作未解决的必需占位符
执行规则
- - 当此技能被触发时,首先调用 scripts/chainupapi.py。不要在使用脚本之前用自然语言重新陈述 API 参数规划。
- 对于不影响余额或订单状态的只读操作,一旦参数明确,直接调用脚本。仅在必需参数缺失且无法安全推断时,才提出后续问题。
- 对于任何可能改变余额、持仓、未成交订单或成交记录的操作,在实时请求之前,先用自然语言提供简短的执行摘要,然后等待用户回复一个确切的独立 Confirm 后再调用脚本。
- 对于非资金变更的查询,避免额外确认,直接执行。
- 不要将用户想要下单/撤单/转账视为执行许可。在独立的用户消息包含 Confirm 之前,不允许进行实时请求。
- 对于 spotcreateorder、spottestorder 和 margincreateorder,在请求确认之前,先使用 --prepare-only 运行脚本。脚本将调用 spotsymbols,获取交易对精度,并使用 pricePrecision / quantityPrecision 向下取整。
- 在展示需要确认的参数时,始终使用 --prepare-only 返回的 preparedBody。不要显示未经调整的原始订单负载。
- 在用户发送独立的 Confirm 后,执行实时的余额变更操作,并持续使用 --confirm CONFIRM。
- 如果 spotcreateorder 成功,默认后续执行 spotgetorder。
- 所有 HTTP 请求必须通过 scripts/chainup_api.py 发送。
- 如果脚本调用失败,返回脚本失败结果,并仅通过 Python 脚本继续调试。不要切换到 curl、手写签名或任何备份 HTTP 实现。
- 不要添加第二个实现只是为了验证 API。避免分支逻辑和重复推理。
必需配置
优先使用 /root/TOOLS.md:
- - BASEURL: ...
- APIKEY: ...
- SECRET_KEY: ...
其次使用环境变量:
- - CHAINUPBASEURL
- CHAINUPAPIKEY
- CHAINUPSECRETKEY
也支持 CLI 参数:
- - --base-url
- --api-key
- --secret-key
配置解析优先级:
- - CLI 参数 > /root/TOOLS.md > 环境变量
- 如果 /root/TOOLS.md 已包含可用的凭证,直接使用,无需要求用户先设置环境变量。
敏感数据处理:
- - CHAINUPAPIKEY 和 CHAINUPSECRETKEY 是敏感信息。切勿在终端、自然语言回复、执行摘要、错误转述或示例命令中完整打印。
- 如果必须引用,只显示脱敏值:保留前 4 个和后 4 个字符,中间用 替换,例如 915c815e。
- 尽可能避免在可见命令中内联密钥。如果命令必须包含密钥,不要在回复中重复该包含完整密钥的命令。
- 即使用户明确提供了完整密钥,之后也切勿逐字回显。
调用模板
bash
python /root/.codex/skills/chainup-spot/scripts/chainup_api.py \
--query-json \
--body-json \
--show-todo
注意:
- - 对于 GET 操作使用 --query-json
- 对于 POST 操作使用 --body-json
- 对于订单操作,可先使用 --prepare-only 返回经精度调整的 preparedBody 以供确认
- 对于改变余额或订单的操作,仅在用户发送独立的 Confirm 后追加 --confirm CONFIRM
- 除非用户要求解释,否则优先执行并返回结果,而不是给出冗长的前言
操作映射
公开:
- - spotping -> GET /sapi/v2/ping
- spottime -> GET /sapi/v2/time
- spotsymbols -> GET /sapi/v2/symbols
- spotdepth -> GET /sapi/v2/depth
- spotticker -> GET /sapi/v2/ticker
- spottrades -> GET /sapi/v2/trades
- spot_klines -> GET /sapi/v2/klines
现货签名:
- - spotcreateorder -> POST /sapi/v2/order
- spottestorder -> POST /sapi/v2/order/test
- spotbatchorders -> POST /sapi/v2/batchOrders
- spotgetorder -> GET /sapi/v2/order
- spotcancelorder -> POST /sapi/v2/cancel
- spotbatchcancel -> POST /sapi/v2/batchCancel
- spotopenorders -> GET /sapi/v2/openOrders
- spotmytrades -> GET /sapi/v2/myTrades
账户签名:
- - spotaccount -> GET /sapi/v1/account
- assettransfer -> POST /sapi/v1/asset/transfer
- assettransferquery -> POST /sapi/v1/asset/transferQuery
保证金签名:
- - margincreateorder -> POST /sapi/v1/margin/order
- margingetorder -> GET /sapi/v1/margin/order
- margincancelorder -> POST /sapi/v1/margin/cancel
- marginopenorders -> GET /sapi/v1/margin/openOrders
- marginmytrades -> GET /sapi/v1/margin/myTrades
响应规则
- - 默认返回原始 JSON(脚本标准输出)。
- --prepare-only 返回 originalBody、preparedBody、adjustments 和 symbolRule,以便用户在确认前查看经精度调整的实时订单负载。
- 在 spotcreateorder 成功后,默认立即执行 spotgetorder 并返回最新的订单详情。
- 获取后续订单时,优先使用创建订单响应中的 symbol + orderId。如果网关也返回 orderIdString,一并保留。
- spot_account 在 Python 脚本中直接过滤,仅返回 free > 0 或 locked > 0 的资产。
- 仅在用户要求只显示关键点时添加简短摘要。
- 如果返回的内容、错误或调试输出包含完整的 api-key、secret-key 或其他凭证,在显示任何内容之前进行脱敏处理。
安全规则
- - 所有实时的余额变更操作(下单、撤单、转账)需要用户在执行前手动发送 Confirm,然后使用 --confirm CONFIRM。
- 任何影响余额的操作,即使可能不会立即成交,仍被视为实时的余额变更操作。这包括但不限于限价单、批量订单、撤单、转账、保证金订单和保证金撤单。
- 查询操作可以直接执行,包括但不限于余额查询、订单查询、交易历史查询、市场数据查询和未成交订单查询。
- 在订单确认前必须进行精度预检查,以确保脚本不会向实时网关发送超出交易对精度的价格或数量。
- 如果用户明确要求绕过确认,可使用 --no-confirm-gate。此操作风险极高,仅在用户明确授权的情况下使用。
- 切勿在终端或回复中打印完整凭证。如果脚本抛出可能暴露密钥的错误,应总结失败原因,而不是复制原始的敏感输出。
示例
查询现货余额:
