Pre-launch controls
Before any live execution, confirm dry-run mode works, broker readiness is visible, credentials are encrypted, unsupported symbols are blocked, and risk limits are configured. Live trading should remain off until the checklist is complete.
- Dry-run receipt shown for every order command.
- Human confirmation required for live execution.
- Broker credentials redacted from logs and screenshots.
- Static IP and callback readiness verified where required.
Command controls
Commands should be explicit and structured. The bot should reject ambiguous messages, stale confirmations, duplicate payloads, and commands from unknown chats or users.
- Reject vague order requests.
- Expire confirmation tokens.
- Bind confirmation to exact payload.
- Log blocked commands.
Risk controls
Risk controls should run before broker calls. Common controls include max order value, max quantity, symbol whitelist, product restrictions, duplicate guard, stale command rejection, and a kill switch.
- Max order value set.
- Duplicate guard enabled.
- Symbol whitelist optional but supported.
- Manual kill switch tested.
Audit and review
The audit trail should show original command, parsed payload, validation result, confirmation status, broker response, and timestamps without exposing secrets. Review audit logs weekly during beta.
Incident response
Define what happens when a command is misparsed, a token expires, a broker error repeats, or a user reports an unexpected state. Incident response should include live execution block, audit review, user notification, and remediation notes.
FAQ
Does this checklist remove trading risk?
No. It reduces operational workflow risk. Market risk remains.
Should every trading bot have dry-run mode?
Yes. Dry-run mode is one of the safest ways to test parsing and broker readiness before live execution.