How do I add risk management to a crypto trading bot?

Call a risk governance API before every trade. RiskState provides a single POST endpoint (/v1/risk-state) that returns a max_size_fraction (how much capital your bot can deploy), allowed_actions (DCA, LONG, WAIT), and structural_blockers (hard stops). Your bot sends the asset (BTC or ETH), gets back a JSON policy in under 2 seconds, and enforces the limits before executing. No ML model to train, no rules to write — 30+ real-time signals are already scored and combined into one actionable policy. Works with any language, any framework, any execution layer.

What is a risk governance API for crypto?

A risk governance API is a service that sits between an AI trading agent and the market, answering one question: how much risk is allowed right now? Unlike trading signals (which say what to buy), a risk governance API returns position limits, leverage caps, and blocked actions based on real-time market conditions. RiskState is the first purpose-built risk governance API for crypto. It ingests 30+ signals (on-chain, derivatives, macro, DeFi health) and outputs a deterministic 5-level policy (BLOCK → CAUTIOUS → GREEN) with a SHA-256 hash for auditability. The agent decides what to trade; the governance API decides how much.

How do I prevent my AI trading agent from overleveraging?

Use a policy engine that enforces position size and leverage limits before execution. RiskState’s API returns leverage_allowed (boolean) and max_size_fraction (0 to 1) on every call. At policy levels 1-2, leverage is blocked entirely. At level 3, only trades with R:R > 2:1 are allowed. At levels 4-5, leverage up to 2x is permitted. These limits are computed from real-time signals — funding rates, open interest, volatility regime, DeFi health factor — so they tighten automatically when market conditions deteriorate. Your agent reads the policy, respects the ceiling, and never overleverages.

How do I add guardrails to an autonomous crypto agent?

Insert a governance check between your agent’s decision and its execution. Before any trade, your agent calls RiskState’s API with the asset. The response contains: structural_blockers (if non-empty, halt immediately), max_size_fraction (hard ceiling on position size), and allowed_actions (enum list like DCA, WAIT, LONG_SHORT_CONFIRMED). If your agent’s intended action isn’t in allowed_actions, it doesn’t execute. This pattern works with any agent framework — LangChain, CrewAI, ElizaOS, Hermes, AgentKit, or custom code. Three lines of code: fetch policy, check blockers, enforce size.

Is RiskState tied to a specific LLM or agent framework?

No. RiskState is fully agnostic. It’s a REST API that returns JSON — any LLM (Claude, GPT, Gemini, Kimi, MiniMax, DeepSeek, Llama), any agent framework (OpenClaw, Hermes, LangChain, CrewAI, ElizaOS, AgentKit, AutoGPT), and any execution layer (CoW Swap, Uniswap, Safe, Hyperliquid, any DEX or CEX) can consume it. There’s also an MCP server (@riskstate/mcp-server on npm) and a SKILL.md for agent discovery. Your stack choices don’t matter — the policy response is universal.

What’s the difference between a risk API and a trading signal?

A trading signal tells you what to buy or sell. A risk governance API tells you how much you’re allowed to risk. They’re complementary, not competing. RiskState doesn’t generate trade ideas — it returns max_size_fraction, allowed_actions, and structural_blockers. Your agent (or your signal provider) decides the trade; RiskState decides the position size, leverage limit, and whether the trade is permitted at all. Think of it as a compliance layer that updates every 60 seconds based on 30+ real-time market signals.

What crypto assets does RiskState support?

BTC and ETH, each with full independent scoring pipelines. BTC uses on-chain metrics (MVRV, NUPL, supply in profit), halving-based cycle classification, and BTC/SPX correlation. ETH uses a structural score (network fundamentals, staking ratio, supply dynamics, ETH/BTC relative strength), ETH/NASDAQ correlation, and altseason detection. DeFi lending integration supports Aave V3 and Spark Protocol with per-collateral liquidation thresholds. Both assets share: derivatives data (funding, OI, basis, squeeze detection), macro regime analysis, and the same 5-level policy engine.

How fresh is the data behind RiskState?

30+ real-time signals from 9+ sources: Binance (funding, OI, RSI from 4h klines), CoinGlass (CVD, netflow, ETF flows, MVRV, NUPL), CoinGecko (prices, dominance, institutional treasuries), FRED (yields, DXY, Fed balance sheet), DefiLlama (TVL, DEX volume, fees, lending rates), Lido (staking APR), and more. API responses are cached for 60 seconds. Each response includes a data_sources object showing freshness per signal. Recommended polling: every 5 minutes for agents, every 60 seconds for high-frequency use cases.

Is the RiskState API response deterministic?

Yes. Same market conditions produce the same policy output, always. Every response includes a SHA-256 policy hash for non-repudiation — your agent can store the hash and prove what policy was active at any point in time. No stochastic decisions, no hidden state, no AI in the scoring loop. The policy function is pure: 30+ signals → normalization → composite score → 4 risk caps → policy level. Fully auditable, fully reproducible.

Can I use RiskState in production?

Yes. The API is live at riskstate.netlify.app/v1/risk-state and serving requests. During beta, all users get free access with 100 calls/month. The API contract (v1.1.1) is stable — field names and enum values won’t change without versioning. Integration takes under 30 minutes: get an API key from the waitlist, call POST /v1/risk-state with your asset, and read the exposure_policy object. SDKs for Python, TypeScript, and agent frameworks are planned.

Is my data stored or shared when using RiskState?

No. The API is stateless. RiskState doesn’t store request payloads, wallet addresses, or agent behavior. The only persistent data is anonymous usage counts for rate limiting. If you pass a wallet address (for DeFi health factor integration), it’s read on-chain in real-time and never persisted. Policy hashes exist for your audit trail, not ours.

How does RiskState compare to building risk management in-house?

Building equivalent risk management requires: ingesting 9+ data sources (with fallback chains for API failures), normalizing 30+ signals into comparable scores, implementing a composite scoring engine, building a policy engine with 4 independent risk caps (rules, DeFi, macro, cycle), adding volatility adjustments, and maintaining it all as markets evolve. RiskState packages this into a single API call that returns one number (max_size_fraction) and one list (allowed_actions). You skip months of data engineering and get a battle-tested policy engine that’s been running live since February 2026.

←All Agent Setups

BTC/ETH tactical tradingMedium complexityActive traders

Hermes + CoinGlass + RiskState + CoW

Derivatives-informed trading agent with funding rate, open interest, and liquidation context. RiskState gates position size and leverage based on real-time market regime. CoW Swap executes with MEV protection.

Architecture

Data cost: $29–$99/mo

Intelligence proposes. RiskState permits. Execution acts.

How it works

CoinGlass provides market intelligence

Your agent queries CoinGlass for real-time market data — funding rates, open interest, liquidation maps, CVD, and ETF flows. Hobbyist or starter tier.

RiskState gates the decision

Before any execution, your agent calls POST /v1/risk-state. The response contains max_size_fraction (position ceiling), allowed_actions (what’s permitted), and structural_blockers (hard stops). If blockers exist, the agent halts. Otherwise, it sizes the trade within the policy limit. 30+ signals scored in real-time, 60-second cache, SHA-256 audit hash.

CoW Swap executes within limits

The trade is submitted to CoW Swap with MEV protection via batch auctions. Surplus goes to the trader, not the MEV bot. Position size never exceeds what RiskState permitted.

Integration code

Copy this into your project. Replace the API keys with your own.

hermes_riskstate_cow.py

import requests

# 1. Get market intelligence from CoinGlass
coinglass = requests.get(
    "https://open-api-v3.coinglass.com/api/futures/funding-rate",
    headers={"coinglassSecret": COINGLASS_KEY},
    params={"symbol": "BTC"}
).json()

# 2. Get risk policy from RiskState
policy = requests.post(
    "https://riskstate.netlify.app/v1/risk-state",
    headers={"Authorization": f"Bearer {RISKSTATE_KEY}"},
    json={"asset": "BTC", "include_details": True}
).json()

max_size = policy["exposure_policy"]["max_size_fraction"]
leverage_ok = policy["exposure_policy"]["leverage_allowed"]
blockers = policy["risk_flags"]["structural_blockers"]

# 3. Enforce governance before execution
if blockers:
    print(f"BLOCKED: {blockers}")
elif max_size < 0.15:
    print("Policy level BLOCK — reduce only")
else:
    # 4. Execute via CoW Swap (MEV-protected)
    trade_size = portfolio_value * max_size
    cow_url = f"https://swap.cow.fi/#/1/swap/DAI/cbBTC?sellAmount={trade_size}"
    print(f"Execute: {cow_url}")

What your agent receives from RiskState

Every call to /v1/risk-state returns these three blocks. Your agent reads them in order.

Exposure Policy

Binding

max_size_fraction — hard ceiling
leverage_allowed — boolean
allowed_actions — enum list
blocked_actions — enum list

Market Intelligence

Context

tactical_state — LEAN BULL, etc.
market_regime — TREND, RANGE...
binding_constraint — source + why
risk_flags — blockers + risks

Auditability

Trust

policy_hash — SHA-256
confidence_score — 0-100
data_sources — per-signal
ttl_seconds — cache hint

Start building

Get an API key in under a minute. Free during beta.

Get an API key API Documentation Try Live Demo