deriv-ea-lab

A safety-first, research-only Deriv/MT5 Expert Advisor (EA) lab.

This repository demonstrates engineering patterns for building trading-research tooling responsibly: MQL5 architecture organized by concern, an ML/data pipeline scaffold, dry-run validation gates, secret hygiene, and agent-friendly repo workflows. It is a scaffold and reference, not a trading system.

What this is — and is not

• ✅ Research-only. Everything runs on synthetic, clearly-fake data.
• ✅ Demonstrates architecture, safety gates, and secret hygiene.
• ❌ No live trading. There is no order-placement or position-mutation code anywhere in this repo, and the test suite proves it.
• ❌ No real Deriv data, no trained models, no scalers, no checkpoints, no databases, no .ex5 builds, no strategy-tester artifacts.
• ❌ No profitability or performance is claimed or implied. The numbers in this lab are illustrative placeholders, not research results.

Not financial advice. Trading carries risk. Nothing here is a recommendation to trade any instrument.

---

Why this exists

Serious trading-research codebases contain real edge, real credentials, real data, and real execution paths — none of which belong in public. But the discipline around such a codebase is shareable and worth showing:

• how to keep secrets out of version control,
• how to structure an MQL5 EA into clean modules,
• how to scaffold an ML pipeline that is reproducible and testable,
• how to make safety properties machine-checkable so they cannot silently regress,
• how to make a repo easy for coding agents to work in safely.

deriv-ea-lab is the public, sanitized expression of that discipline.

Repository layout

deriv-ea-lab/
├── mql5/                 # Research-only, non-execution EA skeleton (logs only)
│   ├── Experts/          #   ResearchSkeletonEA.mq5 — reads a dry-run signal, logs it
│   └── Include/          #   Core / Signals / Risk / Analytics modules (no order surface)
├── pipeline/             # Synthetic-data ML scaffold (stdlib only)
│   ├── synthetic_data.py #   deterministic, clearly-fake candles
│   ├── features.py       #   generic feature transforms
│   ├── labeler.py        #   generic forward-window labels
│   ├── train_stub.py     #   trivial baseline; saves NO model artifact
│   ├── export_stub.py    #   export interface stub; produces NO binary model
│   └── signal_bridge.py  #   emits a DRY-RUN research annotation; never an order
├── scripts/              # Safety + validation tooling
│   ├── scan_secrets.py        #   credential-hygiene scan (fail-closed)
│   ├── scan_safety_surface.py #   forbidden trade-surface scan (fail-closed)
│   ├── validate.py            #   one command to run every gate + tests
│   └── dry_run_report.py      #   synthetic dry-run summary
├── tests/                # Proof suite (see "What the tests prove")
├── examples/             # Synthetic candle fixtures, clearly marked fake
└── docs/                 # Architecture + safety boundary + roadmap

Quickstart

Requires Python 3.10+ (the runtime uses only the standard library; pytest is the sole dev dependency).

git clone https://github.com/wrayboss/deriv-ea-lab.git
cd deriv-ea-lab
python -m pip install -r requirements.txt   # installs pytest only

# Run the synthetic pipeline end-to-end (dry-run, no network, no orders):
python scripts/dry_run_report.py

# Run every safety/validation gate (this is the merge gate):
python scripts/validate.py

Copy .env.example to .env (git-ignored) if you want to experiment with config loading. Even with values filled in, nothing connects to a broker.

Validation commands

python scripts/validate.py is fail-closed and runs, in order:

Gate	Command	Proves
Secret scan	python scripts/scan_secrets.py	no credential-shaped values outside placeholders
Safety-surface scan	python scripts/scan_safety_surface.py	no trade-execution surface in any source
Tracked-artifact scan	(built into validate.py)	no models/data/binaries committed
Test suite	python -m pytest -q	all safety properties hold

CI runs the same gates plus a full-history secret scan (gitleaks) on every push and pull request — see .github/workflows/safety-gates.yml.

What the tests prove

The suite under tests/ is the point of this repo. It asserts:

• No forbidden trade surfaces — no order-placement/position-mutation API appears in any tracked source (test_no_trade_surfaces.py).
• Config examples are placeholders only (test_config_placeholders.py).
• Example data is synthetic and marked fake (test_fake_data_is_fake.py).
• No model/data artifacts are tracked or present (test_no_model_artifacts.py).
• No live-trading mode or enabling flag exists; the signal bridge is dry-run-only and fail-closed (test_no_live_trading.py).
• The README carries the required safety disclaimers (test_readme_safety_claims.py).
• The synthetic pipeline runs end-to-end producing only in-memory results (test_pipeline_smoke.py).

How this relates to codex-tradingview-mcp-trading

This lab is a conceptual companion to the public wrayboss/codex-tradingview-mcp-trading repository, which is a separately-maintained Deriv synthetic-indices automation project with its own fail-closed safety gates, dry-run flows, and secret-hygiene checks.

deriv-ea-lab does not share code, data, or strategy with that project. It isolates and demonstrates the reusable engineering patterns — the MQL5 module shape, the pipeline scaffold, and the machine-checkable safety gates — in a form that is safe to publish and easy for others (and for coding agents) to study. Neither repository is a claim of profitability, and neither should be treated as ready for live trading.

License

Apache-2.0.

Security

See SECURITY.md for how to report issues and the execution boundary this project guarantees.