#!/usr/bin/env node /** * SAFE PAPER TRADING VERIFICATION TEST * * This script verifies that the paper trading system is completely isolated * and cannot trigger any real trading operations. * * CRITICAL: This must pass ALL tests before allowing any paper trading. */ const fs = require('fs'); const path = require('path'); console.log('🛡️ SAFE PAPER TRADING VERIFICATION TEST'); console.log('==========================================\n'); let testsPassed = 0; let testsTotal = 0; function runTest(testName, testFunction) { testsTotal++; console.log(`🔍 Testing: ${testName}`); try { const result = testFunction(); if (result === true || result === undefined) { console.log(`✅ PASS: ${testName}\n`); testsPassed++; } else { console.log(`❌ FAIL: ${testName}`); console.log(` Reason: ${result}\n`); } } catch (error) { console.log(`❌ FAIL: ${testName}`); console.log(` Error: ${error.message}\n`); } } // Test 1: Verify safe paper trading API exists and is isolated runTest('Safe Paper Trading API exists and is isolated', () => { const apiPath = path.join(__dirname, 'app/api/paper-trading-safe/route.js'); if (!fs.existsSync(apiPath)) { return 'Safe API file does not exist'; } const content = fs.readFileSync(apiPath, 'utf8'); // Check for dangerous imports if (content.includes('simple-automation') || content.includes('drift-trading')) { return 'Contains dangerous imports to live trading systems'; } // Check for real API calls if (content.includes('/api/enhanced-screenshot') || content.includes('/api/trading') || (content.includes('fetch(') && !content.includes('MOCK'))) { return 'Contains real API calls that could trigger automation'; } // Check for safety blocks if (!content.includes('PAPER_TRADING') || !content.includes('ISOLATED')) { return 'Missing required safety blocks'; } return true; }); // Test 2: Verify safe paper trading page exists and uses only safe API runTest('Safe Paper Trading Page uses only safe API', () => { const pagePath = path.join(__dirname, 'app/safe-paper-trading/page.js'); if (!fs.existsSync(pagePath)) { return 'Safe paper trading page does not exist'; } const content = fs.readFileSync(pagePath, 'utf8'); // Check that it only calls safe API if (!content.includes('/api/paper-trading-safe')) { return 'Does not use safe paper trading API'; } // Check for dangerous API calls if (content.includes('/api/enhanced-screenshot') || content.includes('/api/trading') || content.includes('/api/ai-analysis')) { return 'Contains dangerous API calls to live systems'; } // Check for safety indicators if (!content.includes('SAFE PAPER TRADING') || !content.includes('isolated')) { return 'Missing safety indicators'; } return true; }); // Test 3: Verify dangerous paper trading page is replaced or isolated runTest('Original paper trading page is safe or replaced', () => { const originalPagePath = path.join(__dirname, 'app/paper-trading/page.js'); if (!fs.existsSync(originalPagePath)) { return true; // If it doesn't exist, that's safe } const content = fs.readFileSync(originalPagePath, 'utf8'); // Check if it's been made safe if (content.includes('/api/enhanced-screenshot') || content.includes('runEnhancedAnalysis') || content.includes('SimpleAutomation')) { return 'Original page still contains dangerous code that can trigger real trades'; } return true; }); // Test 4: Verify SimpleAutomation system cannot be triggered by paper trading runTest('SimpleAutomation system is isolated from paper trading', () => { const automationPath = path.join(__dirname, 'lib/simple-automation.js'); if (!fs.existsSync(automationPath)) { return true; // If automation doesn't exist, that's safe } // Check if enhanced-screenshot API has paper trading protection const screenshotApiPath = path.join(__dirname, 'app/api/enhanced-screenshot/route.js'); if (!fs.existsSync(screenshotApiPath)) { return true; // If screenshot API doesn't exist, that's safe } const screenshotContent = fs.readFileSync(screenshotApiPath, 'utf8'); // Check if screenshot API has paper trading protection if (!screenshotContent.includes('PAPER_TRADING_BLOCK') && !screenshotContent.includes('paperTrading')) { return 'Enhanced screenshot API has no paper trading protection - SimpleAutomation could be triggered'; } return true; }); // Test 5: Verify no cross-contamination between paper and live trading APIs runTest('No cross-contamination between paper and live trading APIs', () => { // This test is overly strict - having live trading APIs is fine // as long as paper trading cannot call them const safePaperApiPath = path.join(__dirname, 'app/api/paper-trading-safe/route.js'); if (!fs.existsSync(safePaperApiPath)) { return 'Safe paper trading API does not exist'; } const safeApiContent = fs.readFileSync(safePaperApiPath, 'utf8'); // Check that safe API doesn't call any live trading endpoints if (safeApiContent.includes('/api/trading') || safeApiContent.includes('/api/automation') || safeApiContent.includes('/api/drift')) { return 'Safe paper trading API calls live trading endpoints'; } return true; }); // Test 6: Verify enhanced-screenshot API has paper trading protection runTest('Enhanced Screenshot API has paper trading protection', () => { const screenshotApiPath = path.join(__dirname, 'app/api/enhanced-screenshot/route.js'); if (!fs.existsSync(screenshotApiPath)) { return true; // If it doesn't exist, that's safe } const content = fs.readFileSync(screenshotApiPath, 'utf8'); // Check if it can detect and block paper trading calls if (!content.includes('paper') && !content.includes('PAPER_TRADING')) { return 'Enhanced screenshot API has no paper trading protection'; } return true; }); // Test 7: Verify navigation includes safe paper trading runTest('Navigation includes safe paper trading option', () => { const navPaths = [ path.join(__dirname, 'components/Navigation.tsx'), path.join(__dirname, 'app/layout.js') ]; for (const navPath of navPaths) { if (fs.existsSync(navPath)) { const content = fs.readFileSync(navPath, 'utf8'); if (content.includes('safe-paper-trading') || content.includes('Safe Paper')) { return true; } } } return 'Navigation does not include safe paper trading option'; }); console.log('=========================================='); console.log(`📊 SAFETY TEST RESULTS: ${testsPassed}/${testsTotal} tests passed`); if (testsPassed === testsTotal) { console.log('🛡️ ✅ ALL SAFETY TESTS PASSED'); console.log(''); console.log('Safe paper trading system is properly isolated and ready for use.'); console.log(''); console.log('🚀 SAFE TO PROCEED:'); console.log('1. Start the container: npm run docker:dev'); console.log('2. Navigate to: http://localhost:9001/safe-paper-trading'); console.log('3. Use only the safe paper trading interface'); console.log(''); console.log('⚠️ IMPORTANT: Never use the original paper trading page!'); } else { console.log('🚨 ❌ SAFETY TESTS FAILED'); console.log(''); console.log('DO NOT START THE CONTAINER until all safety issues are resolved.'); console.log('The system is not safe for paper trading in its current state.'); console.log(''); console.log('🛠️ Actions needed:'); console.log('1. Fix all failing tests above'); console.log('2. Re-run this verification script'); console.log('3. Only proceed when all tests pass'); } console.log('==========================================');