feat: enforce min/max sats amount on orders

[ToRyVand]

Summary

Adds configurable MAX_PAYMENT_AMT environment variable alongside the existing MIN_PAYMENT_AMT to enforce sats amount limits on all orders.

Closes #406

Changes

File	What
.env-sample	Added MAX_PAYMENT_AMT=10000000
bot/validations.ts	Max check in validateSellOrder and validateBuyOrder
bot/messages.ts	New mustBeLessEqThan message helper
bot/modules/orders/scenes.ts	Min/max validation in the interactive wizard
locales/*.yaml (10 files)	Added must_be_lt_or_eq key in all languages
tests/bot/validation.spec.ts	9 new tests for boundary and edge cases

Behavior

• Backwards compatible: if MAX_PAYMENT_AMT is not set, no upper limit is enforced
• Market price orders (amount=0) always bypass both min/max checks
• Boundary: amount == MAX_PAYMENT_AMT is accepted, amount > MAX_PAYMENT_AMT is rejected
• Wizard fix: the interactive order wizard now also validates MIN_PAYMENT_AMT (previously only the command-line path did)

Tests

141/141 passing — includes new tests:

• Amount exceeds maximum → rejected
• Amount equals maximum → accepted
• Amount one above maximum → rejected
• Market price (amount=0) with max set → accepted
• No MAX_PAYMENT_AMT configured → no limit (retrocompatible)

npm run lint   ✅
npm run format ✅  
npm test       ✅ 141 passing

Summary by CodeRabbit

• New Features
  • Added configurable payment upper-bound enforcement via MAX_PAYMENT_AMT; orders beyond the limit are rejected with localized messages.
  • Enhanced market-price orders to validate against estimated sats min/max bounds (while allowing the zero/market-price flow).
• Documentation
  • Updated the sample environment file with MAX_PAYMENT_AMT=10000000 and notes on disabling the cap.
• Localization
  • Added “less than or equal” validation text (must_be_lt_or_eq) across supported languages.
• Tests
  • Expanded validation and wizard coverage for max-bound, flooring behavior, market-price estimates, and edge cases.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Adds a MAX_PAYMENT_AMT env var and enforces an upper payment bound across handlers and validators; introduces market-order sats estimation, updates wizard input parsing and state, and extends tests and locale messages for "less or equal" validations.

Changes

Payment upper-bound and validation flow

Layer / File(s)	Summary
Configuration and type updates .env-sample, bot/modules/community/communityContext.ts	Added MAX_PAYMENT_AMT=10000000 environment variable; made CommunityWizardState.fiatAmount optional.
Message helper and sats estimation utility bot/messages.ts, util/index.ts	Implemented mustBeLessEqThan helper to reply with must_be_lt_or_eq i18n messages; added checkMarketOrderSatsLimits function with SatsLimitCheck result type that estimates sats at market endpoints, applies optional margin, and validates against configured MIN/MAX bounds returning `ok
Order wizard handler flow bot/modules/orders/scenes.ts	Imported checkMarketOrderSatsLimits; added market-price estimation gate that enforces bounds and reroutes to fiatAmount on out-of-range estimates; updated createOrderHandlers.sats to parse/floor numeric input, validate against MIN_PAYMENT_AMT and MAX_PAYMENT_AMT, set i18n errors on violations; exported createOrderHandlers.
Sell and buy order validators bot/validations.ts	Both validators parse process.env.MAX_PAYMENT_AMT and reject amounts exceeding the bound; localize field names using sats_amount and fiat_amount i18n keys; for market-price orders (amount === 0), call checkMarketOrderSatsLimits to estimate sats and enforce MIN/MAX limits based on estimate status (below_min/above_max/ok/price_unavailable).
Localization strings locales/*	Added must_be_lt_or_eq translation key across all ten locale files (en, de, es, fa, fr, it, ko, pt, ru, uk) to support "less than or equal" validation messages with ${fieldName} and ${qty} template variables.
Comprehensive test coverage tests/bot/validation.spec.ts	Extended tests cover MAX_PAYMENT_AMT boundaries for sell/buy validators and wizard sats handler; added checkMarketOrderSatsLimits tests with stubbed oracle validating estimate outcomes and price margins; validated validator integration with market-price estimation flows.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Suggested reviewers

• grunch
• mostronatorcoder

Poem

🐰 I hopped through code with careful cheer,
A ceiling set for sats so dear,
Ten million marks the line we trace,
Tests and messages in every place,
Hooray — small bounds, a tidy space!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat: enforce min/max sats amount on orders' directly and clearly summarizes the main change: adding configurable min/max satoshi amount limits to orders.
Linked Issues check	✅ Passed	The PR successfully implements all coding requirements from #406: adds configurable MAX_PAYMENT_AMT env var, enforces min/max limits in validators and wizard, adds localization strings, and includes comprehensive test coverage.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to implementing min/max sats enforcement (#406). Optional field change to CommunityWizardState supports the interactive wizard flow and is appropriately necessary.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

bot/modules/orders/scenes.ts (1)

307-339: ⚠️ Potential issue | 🟡 Minor

Validate limits against the normalized sats value.

At Line [329], max validation compares the raw numeric input, but at Line [337] the stored amount is Math.floor(input). This can reject inputs that would persist as valid integer sats, diverging from command-path behavior.

💡 Suggested patch

-    const input = Number(ctx.message?.text);
+    const rawInput = Number(ctx.message?.text);
     await ctx.deleteMessage();
-    if (isNaN(input)) {
+    if (isNaN(rawInput)) {
       ctx.wizard.state.error = ctx.i18n.t('not_number');
       await ctx.wizard.state.updateUI();
       return;
     }
-    if (input < 0) {
+    if (rawInput < 0) {
       ctx.wizard.state.error = ctx.i18n.t('not_negative');
       await ctx.wizard.state.updateUI();
       return;
     }
+    const input = Math.floor(rawInput);
     const minPaymentAmt = Number(process.env.MIN_PAYMENT_AMT) || 0;
     const maxPaymentAmt = Number(process.env.MAX_PAYMENT_AMT) || 0;
@@
-    ctx.wizard.state.sats = Math.floor(input);
+    ctx.wizard.state.sats = input;

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@bot/modules/orders/scenes.ts` around lines 307 - 339, The validation uses the
raw Number(input) for min/max checks but later stores Math.floor(input) into
ctx.wizard.state.sats, causing mismatches; normalize the input once (e.g., const
normalized = Math.floor(input)) immediately after the NaN/negative checks and
use that normalized value for the minPaymentAmt/maxPaymentAmt comparisons and
for assigning ctx.wizard.state.sats, while preserving the existing guards that
allow 0 as a special case.

🧹 Nitpick comments (2)

.env-sample (1)

54-55: Consider clarifying optional behavior in the sample comment.
To avoid confusion, add a note that leaving MAX_PAYMENT_AMT unset disables the upper bound (as intended for backward compatibility).

Based on learnings: document new environment variables in .env-sample and keep behavior clear for .env users.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.env-sample around lines 54 - 55, Update the comment above the
MAX_PAYMENT_AMT env var to explicitly state that this setting is optional and
that leaving MAX_PAYMENT_AMT unset disables the upper bound (preserving backward
compatibility); mention the units (satoshis) and the default behavior so users
know the sample value (10000000) is only an example and not required.

tests/bot/validation.spec.ts (1)

146-209: Good boundary coverage for command validations; add wizard-path parity tests too.

These additions cover command-based max checks well. Since wizard flow has separate min/max logic, add corresponding tests for createOrderHandlers.sats to prevent command/wizard drift on edge inputs.

Also applies to: 285-342

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/bot/validation.spec.ts` around lines 146 - 209, Add parallel tests that
exercise the wizard flow handler createOrderHandlers.sats mirroring the
command-path cases you added for validateSellOrder: stub process.env for
MIN_PAYMENT_AMT and MAX_PAYMENT_AMT and test scenarios for amount > MAX (expect
failure and reply), amount == MAX (expect success/object), MAX unset (skip max
check and succeed), amount 0 with range (market price allowed and result.amount
=== 0), and amount == MAX+1 (expect failure). Reuse the same sandbox setup and
assertion style (replyStub checks, expect(...).to.equal(false) or
.to.be.an('object')) so wizard-path logic stays in parity with
validateSellOrder.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@bot/validations.ts`:
- Around line 215-226: Normalize and cache MAX_PAYMENT_AMT as a numeric value
before the max-amount guard in both validateSellOrder and validateBuyOrder:
parse process.env.MAX_PAYMENT_AMT into a const (e.g., maxPaymentAmt =
Number(process.env.MAX_PAYMENT_AMT)), treat non-finite or zero values as
“disabled” (skip the cap), and then only enforce the check when maxPaymentAmt is
a finite > 0 by replacing the existing condition (amount !== 0 &&
process.env.MAX_PAYMENT_AMT && amount > Number(...)) with a condition that uses
maxPaymentAmt (e.g., amount !== 0 && Number.isFinite(maxPaymentAmt) &&
maxPaymentAmt > 0 && amount > maxPaymentAmt) and keep the same
messages.mustBeLessEqThan call using maxPaymentAmt.

---

Outside diff comments:
In `@bot/modules/orders/scenes.ts`:
- Around line 307-339: The validation uses the raw Number(input) for min/max
checks but later stores Math.floor(input) into ctx.wizard.state.sats, causing
mismatches; normalize the input once (e.g., const normalized =
Math.floor(input)) immediately after the NaN/negative checks and use that
normalized value for the minPaymentAmt/maxPaymentAmt comparisons and for
assigning ctx.wizard.state.sats, while preserving the existing guards that allow
0 as a special case.

---

Nitpick comments:
In @.env-sample:
- Around line 54-55: Update the comment above the MAX_PAYMENT_AMT env var to
explicitly state that this setting is optional and that leaving MAX_PAYMENT_AMT
unset disables the upper bound (preserving backward compatibility); mention the
units (satoshis) and the default behavior so users know the sample value
(10000000) is only an example and not required.

In `@tests/bot/validation.spec.ts`:
- Around line 146-209: Add parallel tests that exercise the wizard flow handler
createOrderHandlers.sats mirroring the command-path cases you added for
validateSellOrder: stub process.env for MIN_PAYMENT_AMT and MAX_PAYMENT_AMT and
test scenarios for amount > MAX (expect failure and reply), amount == MAX
(expect success/object), MAX unset (skip max check and succeed), amount 0 with
range (market price allowed and result.amount === 0), and amount == MAX+1
(expect failure). Reuse the same sandbox setup and assertion style (replyStub
checks, expect(...).to.equal(false) or .to.be.an('object')) so wizard-path logic
stays in parity with validateSellOrder.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 4c284b48-2a37-4002-a663-ac1b39bf3f63

📥 Commits

Reviewing files that changed from the base of the PR and between 02145ef and 2129a12.

📒 Files selected for processing (15)

• .env-sample
• bot/messages.ts
• bot/modules/orders/scenes.ts
• bot/validations.ts
• locales/de.yaml
• locales/en.yaml
• locales/es.yaml
• locales/fa.yaml
• locales/fr.yaml
• locales/it.yaml
• locales/ko.yaml
• locales/pt.yaml
• locales/ru.yaml
• locales/uk.yaml
• tests/bot/validation.spec.ts

[ToRyVand]

Hey @mostronatorcoder @Catrya @grunch — pinging as suggested by CodeRabbit.

I've addressed the review feedback with a new commit:

Fix: normalize sats input before min/max validation

The wizard was comparing the raw decimal input against MAX_PAYMENT_AMT but storing Math.floor(input), causing inconsistency. For example, 5000.9 with MAX=5000 would be rejected even though it would have been stored as 5000 (a valid value). Now Math.floor is applied once before any comparison.

Also added 6 wizard-path tests for the min/max bounds (including the decimal normalization case), and exported createOrderHandlers to make it testable.

All 147 tests passing. Thanks for the review!

[knocte]

@ToRyVand monto_en_sats is Spanish, please use English

[ToRyVand]

Fixed in f29a398 — replaced hardcoded Spanish strings with ctx.i18n.t('sats_amount') so field names are now fully localized.

[ToRyVand]

All CodeRabbit suggestions are already addressed in previous commits: MAX_PAYMENT_AMT normalized with Number.isFinite (c241039), Math.floor applied before min/max validation in wizard (c57f157), .env-sample comment updated, and wizard path tests added. 146/146 passing.

[ToRyVand]

Hi @knocte — gentle nudge on this one (open since April). Your note about the Spanish field name is resolved: monto_en_sats is now i18n.t('sats_amount'), localized across all 10 locale files. CodeRabbit's points are addressed too. Anything else needed before review?

[Luquitasjeffrey]

Functionally it is broken on orders at market price, this allows me to publish orders for 10-20 ARS or for 20 ARS, which at the time of writing this comment is around 21 sats.
I set the minimum at 100 sats

in orders at market price it should get an estimate amount in sats at the current market price both for fixed amount and range orders

[ermeme]

Code Review Summary

Verdict: Changes Requested

I read the existing discussion and the CodeRabbit comments. Most of the follow-up has been addressed, but one blocking issue remains: market-price orders still bypass the new min/max sats checks because both paths exempt amount === 0. That means tiny fiat orders can still slip through even when their estimated sats value would be below MIN_PAYMENT_AMT or above MAX_PAYMENT_AMT.

Until the estimated sats amount is validated for market-price orders, I can’t approve this PR.

[ermeme]

Blocking: this still exempts amount === 0, so market-price orders bypass the new bounds entirely. If the rule is meant to apply to all orders, validate the estimated sats amount instead of skipping the check for zero-amount orders.

[ermeme]

Same blocker in the wizard flow: input === 0 skips both min and max checks. That allows market-price orders with tiny fiat values to pass even when the estimated sats amount would violate the configured limits.

[ToRyVand]

Thanks @luquitas, you were right. Market-price orders (amount === 0) were bypassing the bounds.

Fixed in 79a56b2: market-price orders now estimate the sats at the current market price and enforce MIN/MAX against that estimate — for both fixed-amount and range orders, as you suggested. Tests added.

[ToRyVand]

Rebased on main to clear the merge conflicts — the market-price bounds fix is intact and everything's green locally (162 tests passing, lint + format clean). Ready for another look whenever you have a moment, @Luquitasjeffrey @ermeme 🙏

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

tests/bot/validation.spec.ts (1)

147-155: ⚡ Quick win

Deduplicate repeated process.env sandbox setup in tests.

The same env sandbox bootstrap is copy-pasted across many cases. A small helper would reduce fixture drift and simplify future bounds-test additions.

Refactor sketch

+const stubEnv = (overrides = {}) => {
+  sandbox.restore();
+  sandbox = sinon.createSandbox();
+  sandbox.stub(process, 'env').value({
+    MIN_PAYMENT_AMT: 100,
+    NODE_ENV: 'test',
+    ...overrides,
+  });
+};

- sandbox.restore();
- sandbox = sinon.createSandbox();
- sandbox.stub(process, 'env').value({
-   MIN_PAYMENT_AMT: 100,
-   MAX_PAYMENT_AMT: 5000,
-   NODE_ENV: 'test',
- });
+ stubEnv({ MAX_PAYMENT_AMT: 5000 });

Also applies to: 163-170, 183-190, 199-206, 287-294, 303-309, 318-323, 334-339, 1251-1257, 1267-1272, 1289-1293, 1303-1307, 1317-1321, 1376-1383, 1447-1454, 1503-1510

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/bot/validation.spec.ts` around lines 147 - 155, The test file contains
repeated sandbox and process.env stub setup code across multiple test cases.
Create a helper function (e.g., setupEnvSandbox) that takes an environment
object as a parameter, restores any existing sandbox, creates a new sandbox, and
stubs process.env with the provided values. Then replace all instances of the
copy-pasted sandbox.restore(), sandbox creation, and env stub pattern throughout
the file with calls to this helper function, passing in the required environment
variables for each test case.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@tests/bot/validation.spec.ts`:
- Around line 1496-1531: Add two additional test cases to the validateBuyOrder
(market price sats estimate) describe block in validation.spec.ts to cover the
edge cases that the production logic handles. First, add a test that verifies
rejection when the checkMarketOrderSatsLimits stub resolves with status
'above_max' (similar to the below_min test, expecting false), and second, add a
test that verifies pass-through when the stub resolves with status
'price_unavailable' (similar to the ok test, expecting an object). Both tests
should follow the same pattern as the existing tests: create the stub, call
loadWith(checkStub) to get the validate function, set ctx.state.command.args,
call validate(ctx), and assert the expected result.

---

Nitpick comments:
In `@tests/bot/validation.spec.ts`:
- Around line 147-155: The test file contains repeated sandbox and process.env
stub setup code across multiple test cases. Create a helper function (e.g.,
setupEnvSandbox) that takes an environment object as a parameter, restores any
existing sandbox, creates a new sandbox, and stubs process.env with the provided
values. Then replace all instances of the copy-pasted sandbox.restore(), sandbox
creation, and env stub pattern throughout the file with calls to this helper
function, passing in the required environment variables for each test case.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: b06e2fe2-d983-4f37-a94c-fc9847bf2bd2

📥 Commits

Reviewing files that changed from the base of the PR and between 79a56b2 and 7e37d9a.

📒 Files selected for processing (17)

• .env-sample
• bot/messages.ts
• bot/modules/community/communityContext.ts
• bot/modules/orders/scenes.ts
• bot/validations.ts
• locales/de.yaml
• locales/en.yaml
• locales/es.yaml
• locales/fa.yaml
• locales/fr.yaml
• locales/it.yaml
• locales/ko.yaml
• locales/pt.yaml
• locales/ru.yaml
• locales/uk.yaml
• tests/bot/validation.spec.ts
• util/index.ts

✅ Files skipped from review due to trivial changes (7)

• locales/fr.yaml
• locales/ko.yaml
• locales/pt.yaml
• locales/es.yaml
• locales/ru.yaml
• locales/fa.yaml
• locales/uk.yaml

🚧 Files skipped from review as they are similar to previous changes (9)

• bot/modules/community/communityContext.ts
• locales/de.yaml
• locales/en.yaml
• bot/messages.ts
• .env-sample
• locales/it.yaml
• util/index.ts
• bot/validations.ts
• bot/modules/orders/scenes.ts

[ToRyVand]

Thanks @coderabbitai — added the two missing buy-side cases (above_max rejection + price_unavailable pass-through) in 39904a8, so validateBuyOrder now mirrors the sell-side coverage across all four statuses. 164 tests passing. The MAX_PAYMENT_AMT normalization point was already in place in both validators.

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

@ToRyVand That's great — validateBuyOrder now has full parity with the sell-side across all four statuses (below_min, ok, above_max, price_unavailable). 164 tests passing with the normalization already in place on both sides looks solid. Thanks for the thorough follow-through!

(ﾉ◕ヮ◕)ﾉ*:･ﾟ✧

---

If you found this review helpful, would you consider giving us a shout-out on X?

Thank you for using CodeRabbit!