dantraynor · dantraynor · Apr 8, 2026 · Apr 8, 2026 · Apr 8, 2026 · Apr 8, 2026
diff --git a/.env.example b/.env.example
@@ -67,6 +67,16 @@ IMAGE_TAG=latest
 # ================================
 GRAFANA_ADMIN_PASSWORD=
 
+# ================================
+# Dashboard (Next.js UI)
+# ================================
+# Optional label in the sidebar / login (default: Trading Terminal)
+# NEXT_PUBLIC_APP_NAME=
+# Required for production: min 16 characters. Signs the session cookie only (not sent to Polymarket).
-# Required for production: min 16 characters. Signs the session cookie only (not sent to Polymarket).
+# Required for production: min 16 characters. Used as both the dashboard login password
+# (submitted to /api/auth/login during sign-in) and the HMAC key for signing the session cookie; not sent to Polymarket.
-# Required for production: min 16 characters. Signs the session cookie only (not sent to Polymarket).
+# Required for production: min 16 characters. Used as both the dashboard login password
+# (submitted to /api/auth/login during sign-in) and the HMAC key for signing the session cookie; not sent to Polymarket.
+DASHBOARD_API_SECRET=
+# Local dev only: set to "true" to skip dashboard login (never use in production)
+# DASHBOARD_INSECURE_DEV_BYPASS=true
+
 # ================================
 # Trading Parameters
 # ================================

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -5,6 +5,16 @@ on:
     branches: [main]
 
 jobs:
+  gitleaks:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: gitleaks/gitleaks-action@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
   build-rust:
     runs-on: ubuntu-latest
     strategy:
@@ -48,9 +58,24 @@ jobs:
         run: npm run build
         working-directory: ${{ matrix.service }}
 
+  build-dashboard:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: npm
+          cache-dependency-path: dashboard/package-lock.json
+      - name: Install and build
+        env:
+          DASHBOARD_API_SECRET: ci_placeholder_secret_min_len_16
+        run: npm ci && npm run build
+        working-directory: dashboard
+
   build-docker:
     runs-on: ubuntu-latest
-    needs: [build-rust, build-typescript]
+    needs: [build-rust, build-typescript, build-dashboard]
     steps:
       - uses: actions/checkout@v4
       - name: Build all images

diff --git a/.gitleaks.toml b/.gitleaks.toml
@@ -0,0 +1,16 @@
+# Gitleaks: extend defaults; allowlist known false positives from generic-api-key.
+# Re-run after edits: gitleaks git . -c .gitleaks.toml -v
+
+title = "algorithmic-trading-polymarket"
+
+[extend]
+useDefault = true
+
+[allowlist]
+description = "Hardhat/Anvil test key #0; Redis kill-switch key names (not API secrets)"
+regexes = [
+  '''0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80''',
+  '''^BTC_5M_TRADING_ENABLED$''',
+  '''^BTC_5M_LATENCY_TRADING_ENABLED$''',
+  '''^BTC_5M_MOMENTUM_TRADING_ENABLED$''',
+]
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -2,6 +2,8 @@
 
 Thanks for your interest in contributing to the Polymarket trading platform.
 
+The codebase is meant as a **neutral, structured deployment**: every environment brings its own wallets, RPC URLs, and API keys via `.env` — nothing in the tree should assume a specific operator.
+
 ## Getting Started
 
 1. Fork the repo and clone it locally

diff --git a/README.md b/README.md
@@ -1,8 +1,8 @@
 # Polymarket Trading Platform
 
-A 12-service automated trading system for [Polymarket](https://polymarket.com) prediction markets, running multiple strategies simultaneously — from sub-second arbitrage scanning to Bayesian sports modeling. Built with Rust and TypeScript, orchestrated via Docker Compose, with a real-time Bloomberg terminal-style dashboard.
+**Deployment template** — this repo ships **no** accounts, wallets, or API secrets. Fork or clone it, copy [`.env.example`](.env.example) to `.env`, and fill in **your** Polygon RPC, Gnosis Safe, Polymarket CLOB credentials, dashboard password, and optional GCP settings. Behavior is strategy-agnostic: the same layout runs paper or live depending on your env flags.
 
-This started as a box spread arbitrage bot and grew into a multi-strategy platform handling live capital on Polygon L2.
+A 12-service automated trading system for [Polymarket](https://polymarket.com) prediction markets, running multiple strategies simultaneously — from sub-second arbitrage scanning to Bayesian sports modeling. Built with Rust and TypeScript, orchestrated via Docker Compose, with a real-time terminal-style dashboard.
 
 ## Architecture
 
@@ -122,12 +122,12 @@ Key features:
 ### Setup
 
 ```bash
-git clone https://github.com/dantraynor/algorithmic-trading-polymarket.git
-cd algorithmic-trading-polymarket
+git clone https://github.com/<your-org>/<your-repo>.git
+cd <your-repo>
 
 # Configure credentials
 cp .env.example .env
-# Edit .env: PRIVATE_KEY, GNOSIS_SAFE_ADDRESS, POLYGON_RPC_URL
+# Edit .env: PRIVATE_KEY, GNOSIS_SAFE_ADDRESS, POLYGON_RPC_URL, DASHBOARD_API_SECRET (min 16 chars)
 
 # Derive CLOB API keys (must run from the server that will trade)
 cd scripts && npm install && PRIVATE_KEY=0x... node derive-keys.js

diff --git a/dashboard/next.config.js b/dashboard/next.config.js
@@ -1,7 +1,9 @@
 /** @type {import('next').NextConfig} */
 const nextConfig = {
   output: 'standalone',
-  serverExternalPackages: ['better-sqlite3'],
+  experimental: {
+    serverComponentsExternalPackages: ['better-sqlite3'],
+  },
 };
 
 module.exports = nextConfig;