Forem: Headless Oracle

I Built an MCP Server That Signs Market Data for 28 Exchanges

Headless Oracle — Wed, 08 Apr 2026 14:56:01 +0000

41 days ago I started building something I wasn't sure anyone needed. A cryptographically signed oracle for market hours. For AI agents. Not a dashboard. Not a webhook. An Ed25519-signed receipt that says "yes, this exchange is open right now" with a 60-second TTL and a fail-closed guarantee. Here's what I learned.

The Problem No One Talks About

AI agents are trading stocks, managing portfolios, and executing DeFi strategies. Most of them check market hours the same way: datetime.now() plus some hardcoded UTC offsets.

This breaks in ways that cost real money:

DST transitions: The US springs forward in March. Europe springs forward two weeks later. For those two weeks, the offset between NYSE and London is wrong. An agent using America/New_York = UTC-5 submits orders to a market that closed an hour ago.

Exchange holidays: Martin Luther King Day, Golden Week, Diwali. Your timezone library doesn't know about these. Your agent submits orders to a closed exchange and gets rejected fills — or worse, queued orders that execute at unpredictable prices at the next open.

Circuit breakers: NYSE Level 1 halt. Your agent has no idea. It keeps submitting orders into a halted market.

Lunch breaks: Tokyo and Shanghai close for lunch. Hong Kong too. Your "market is open from 9 to 3" check is wrong for half the trading day.

The root cause is the same every time: agents use boolean is_open() checks that don't account for the full complexity of real market schedules.

What I Built

Headless Oracle returns cryptographically signed receipts for 28 global exchanges. Each receipt includes:

Ed25519 signature — verifiable without trusting the server
60-second TTL — expires_at forces re-fetch, prevents stale OPEN acting
Fail-closed guarantee — UNKNOWN always means CLOSED, halt all execution
Receipt mode — demo vs live so agents know what they're working with

It's available as an MCP server that works with Claude Desktop, Cursor, and Windsurf:

{
  "mcpServers": {
    "headless-oracle": {
      "command": "npx",
      "args": ["headless-oracle-mcp"]
    }
  }
}

Or as a REST API:

$ curl https://headlessoracle.com/v5/demo?mic=XNYS
{
  "receipt": {
    "mic": "XNYS",
    "status": "OPEN",
    "issued_at": "2026-04-07T15:30:00.000Z",
    "expires_at": "2026-04-07T15:31:00.000Z",
    "issuer": "headlessoracle.com",
    "source": "SCHEDULE",
    "schema_version": "v5.0",
    "receipt_mode": "demo",
    "signature": "a3f8c1d2..."
  }
}

The Architecture

Agent
  │
  ├─ MCP ──→ Headless Oracle Worker (Cloudflare)
  │              │
  │              ├─ Schedule Engine (28 exchanges, IANA timezones)
  │              ├─ KV Override Check (circuit breakers)
  │              ├─ Ed25519 Sign (canonical payload, alphabetical sort)
  │              └─ Return signed receipt
  │
  └─ Agent verifies signature + TTL + status
       │
       └─ OPEN? → proceed
          NOT OPEN? → halt execution

The worker runs on Cloudflare's edge network — 42+ data centers globally. Schedule computation uses Intl.DateTimeFormat with IANA timezone names. No hardcoded UTC offsets anywhere. DST transitions are handled automatically by the runtime.

Signing uses @noble/ed25519 — a pure JavaScript implementation with no native dependencies. The canonical payload is built by sorting keys alphabetically and JSON-stringifying with no whitespace. Any consumer in any language can independently verify.

x402 micropayments are live on Base mainnet. Agents can pay $0.001 USDC per call with no API key, no signup, no human in the loop. The agent sends a USDC transaction, includes the proof in the X-Payment header, and gets a signed receipt back. Self-sovereign agent commerce.

The Numbers

714 tests passing (Vitest + Cloudflare Workers runtime)
28 exchanges across Americas, Europe, Middle East, Africa, Asia, Pacific
4 MCP tools: get_market_status, get_market_schedule, list_exchanges, verify_receipt
42+ Cloudflare edge locations serving requests
6 AI platforms already crawling our llms.txt (ClaudeBot, GPTBot, Applebot, Bytespider, PerplexityBot, AhrefsBot)
$0.001/call via x402 on Base mainnet — first autonomous agent payment processed on Day 41
1,319 schedule edge cases per year computed from the exchange configs (holidays, DST, lunch breaks, weekends)

What Surprised Me

x402 changed everything. The x402 protocol lets agents pay for API calls with USDC on Base — no API key, no signup form, no OAuth dance. An agent that hits a 402 response can read the payment details, sign a USDC transfer, and retry with the proof. Zero human interaction.

This isn't theoretical. We have a live 402 response with full x402 payment details. The first real payment was processed on Day 41. An agent paid for its own oracle call.

The compliance angle was unexpected. ESMA (Europe), NIST (US), and Singapore's MAS are all publishing requirements that map directly to what we built — pre-trade transparency, reliable AI systems, fail-closed risk management. The Ed25519 signatures and 60-second TTL aren't just engineering choices. They're regulatory compliance features.

Try It

Free trial: 3 signed receipts per day on /v5/status — no API key needed.

Demo endpoint: Always free, unlimited:

curl https://headlessoracle.com/v5/demo?mic=XNYS

MCP server: Install in 30 seconds:

npx headless-oracle-mcp

Python SDK:

pip install headless-oracle

JavaScript verification:

npm install @headlessoracle/verify

What's Next

More exchanges: 28 → 50 → 100. Architecture scales — each exchange is a config object.
Multi-party attestation (MPAS): Two or more independent operators verify before an agent acts. Ed25519 was chosen to compose cleanly into threshold signing.
Framework integrations: PRs submitted to TradingAgents and ai-hedge-fund. More coming.
LangChain + CrewAI: First-party PyPI packages already live (headless-oracle-langchain, headless-oracle-crewai).

Star us on GitHub if this is useful: github.com/LembaGang/headless-oracle-v5

What pre-trade checks do your agents run? I'd love to hear in the comments.

Market Hours APIs Are Not Enough for Autonomous Agents

Headless Oracle — Sun, 05 Apr 2026 13:59:42 +0000

Every developer building a trading agent checks market hours. Almost none check them correctly.

The standard approach: call an API, parse the response, check if a flag says is_open: true. Then proceed.

This works when a human is in the loop. It fails silently when an autonomous agent is running at 3am.

What the standard approach misses

A market data API tells you what the market data provider believes is true. It doesn't prove it.

Four things can go wrong:

1. Stale data. A cached response from 45 minutes ago says the market is open. The market closed 40 minutes ago. The cache TTL was set to 1 hour. Your agent executes into a closed book.

2. No authentication on the market state. Anyone — including a compromised service or a man-in-the-middle — can return is_open: true. The response has no signature. Your agent cannot tell the difference between a live authoritative response and a forged or stale one.

3. Ambiguous failure modes. The API call fails with a 503. What does your agent do? Most implementations default open ("I couldn't check, so I'll proceed"). That's the wrong default. The safe assumption when you can't verify state is: don't proceed.

4. DST transitions. Your API uses UTC offsets. The exchange observes daylight saving time. On March 8, the US springs forward. For 21 days, the US/UK DST offset compresses from 5 hours to 4 hours. If your API uses hardcoded UTC offsets, it's wrong for three weeks every spring and fall.

What autonomous agents actually need

An agent that executes trades without human oversight needs three things a standard market hours API cannot provide:

Cryptographic proof. The response must be signed so the agent can verify it wasn't forged, intercepted, or replayed from a previous session. Ed25519 is the right primitive here — compact signatures, deterministic, composable into multi-party schemes.

A TTL. The agent needs to know when the attestation expires. A receipt that says "NYSE is OPEN" is only meaningful for the next 60 seconds. After that, the agent must re-fetch. A receipt without an expiry is a receipt that can be used indefinitely — including after the market has moved.

Fail-closed semantics. If the agent can't reach the oracle, or if the oracle returns an ambiguous state, the safe default is CLOSED. Not open. Not "retry." Halt execution until the state can be verified.

A boolean is_open flag satisfies none of these requirements.

The signed attestation model

A signed market receipt looks like this:

{
  "mic": "XNYS",
  "status": "OPEN",
  "issued_at": "2026-04-04T14:30:00.000Z",
  "expires_at": "2026-04-04T14:31:00.000Z",
  "issuer": "headlessoracle.com",
  "schema_version": "v5.0",
  "source": "SCHEDULE",
  "receipt_mode": "live",
  "signature": "a7f3b2...c9d4"
}

The agent does four things with this:

Verify the Ed25519 signature against the oracle's public key
Check that expires_at is in the future
Check that status === "OPEN"
If any step fails — halt

The practical difference

Here's the naive version:

import requests

def is_market_open(symbol: str) -> bool:
    r = requests.get(f"https://some-api.com/market-hours/{symbol}")
    return r.json().get("is_open", False)

If this returns True, your agent proceeds. If the API is down, it returns False and your agent doesn't proceed — which is actually safe. But if the API returns stale data, if the response is cached at an intermediate layer, or if the TTL logic is wrong, you're trading blind.

Here's the safe version:

from headless_oracle import OracleClient, verify

oracle = OracleClient()

def safe_to_trade(mic: str) -> bool:
    receipt = oracle.get_status(mic)

    # Step 1: Verify cryptographic signature
    if not verify(receipt):
        return False  # Signature invalid — fail closed

    # Step 2: Check TTL
    # (verify() already checks expires_at — if expired, returns False)

    # Step 3: Check status
    return receipt["status"] == "OPEN"
    # UNKNOWN and HALTED both return False — fail closed

The difference is 4 lines. The second version is provably correct. The first version is probably correct, most of the time.

"Probably correct, most of the time" is fine when a human can catch the exception at 3am. It's not fine when no human is watching.

When this matters more than you think

The cost of getting market state wrong isn't just a bad fill. It's:

Executing a trade that can't settle (T+1/T+2 windows)
Triggering a circuit breaker with an order at a halted price
Trading into a pre-market session with 1/100th the liquidity
Executing through a DST transition window where the market is technically open but the clearing systems are running on reduced staffing

These aren't theoretical. They're the exact scenarios that the signed receipt model was designed to handle.

The three-line integration

from headless_oracle import OracleClient, verify

oracle = OracleClient()  # Auto-provisions a free sandbox key
receipt = oracle.get_status("XNYS")
assert verify(receipt) and receipt["status"] == "OPEN", "Market not verified open — trade blocked"

Free sandbox key at headlessoracle.com/v5/sandbox. No signup required.

The oracle covers 28 exchanges across 6 regions. Ed25519 signatures. 60-second TTL. MCP server for Claude Desktop, Cursor, and any MCP-compatible agent.

Full documentation: headlessoracle.com/docs

I'm building Headless Oracle — headlessoracle.com

Why Your Trading Agent Needs a Pre-Trade Gate

Headless Oracle — Sun, 05 Apr 2026 13:49:11 +0000

Your agent traded $50,000 into a halted market at 3am. Nobody was watching.
This isn't a hypothetical. It's the failure mode that autonomous trading agents are quietly running toward — and almost nobody has a circuit breaker in place.

The Blind Spot in Autonomous Execution
Agents that execute trades check a lot of things. Price feeds. Order book depth. Portfolio constraints. Risk limits. Slippage estimates.
What they almost never check: is the exchange actually open right now?
Price feeds don't tell you the exchange is closed. They serve you the last known price — which may be hours old — and they do it silently. A market data feed returning a stale quote and a market data feed returning a live quote look identical to an agent reading the response.
An agent that sees a valid price and a filled order book and a cleared risk check will execute. It has no reason not to.
Unless someone told it to check market state first.

The DST Bug Nobody Saw Coming
March 8, 2026. US clocks spring forward. European clocks don't change for another three weeks.
For exactly one hour, agents using hardcoded UTC-offset schedules believed European markets were open. Their local-time arithmetic said "09:30 Paris time" but their UTC math was wrong by an hour. The clocks disagreed.
Trades executed into closed markets. The positions sat there, unhedged, until European markets actually opened — 60 minutes and several volatility points later.
No error was thrown. No alert fired. The trades looked syntactically correct.
This is the class of bug that kills accounts: not a crash, not a panic, but a silent wrong answer that looks like a right answer.

What a Pre-Trade Gate Actually Does
A pre-trade gate is a check you run before any trade, payment, or capital commitment. It asks one question: is this exchange open right now, with cryptographic proof?
The answer comes back as a signed receipt:
json{
"mic": "XNYS",
"status": "OPEN",
"issued_at": "2026-04-03T14:32:10.000Z",
"expires_at": "2026-04-03T14:33:10.000Z",
"receipt_mode": "live",
"signature": "a3f9..."
}
The signature is Ed25519. The TTL is 60 seconds. If either check fails, you don't trade.

The Fail-Closed Contract
This is the design decision that separates a verification gate from a rubber stamp:
StatusActionOPENProceedCLOSEDHaltHALTEDHalt (circuit breaker active)UNKNOWNHalt (treat as CLOSED)
UNKNOWN is the critical case. It's what you get when the oracle can't determine the answer — network partition, data gap, signing infrastructure problem. An oracle that returns UNKNOWN is telling you it cannot confirm the safe state.
The fail-closed contract says: if you can't verify, don't trade. An agent that proceeds on UNKNOWN is choosing to skip the gate, not to pass it.

The Gate in 5 Lines of Python
pythonfrom headless_oracle import OracleClient, verify

client = OracleClient()

def safe_to_execute(mic: str = 'XNYS') -> bool:
receipt = client.get_status(mic)
return verify(receipt) and receipt['status'] == 'OPEN'
Call safe_to_execute() before any trade. If it returns False — for any reason — halt.
That's it. Five lines between your agent and a $50K mistake at 3am.

Why Cryptographic Signing Matters
A signed receipt isn't just a JSON response. It's a tamper-proof attestation you can pass between agents.
If your execution agent receives a market state receipt from a data collection agent, it doesn't have to trust the data pipeline. It verifies the Ed25519 signature against the oracle's public key. If the signature is invalid — whether from tampering, replay, or corruption — the receipt is rejected.
This is how you build multi-agent financial workflows without a single trusted intermediary.

The Question Isn't Whether Your Agent Will Encounter a Closed Market
Markets close. Exchanges halt. Holidays happen. DST transitions land on trading days.
In 2026 alone, there are over 5,000 schedule edge cases across 28 global exchanges — holidays, early closes, lunch breaks, circuit breakers, DST transitions, weekend rules for Middle Eastern markets that treat Friday as a non-trading day.
Your agent will encounter these. The question is whether it will know.
A pre-trade gate doesn't guarantee profit. It guarantees that when a market is closed, your agent knows it — and stops.

Get Started

MCP (Claude/Cursor/Windsurf): Add https://headlessoracle.com/mcp to your MCP config
Python: pip install headless-oracle
REST: GET https://headlessoracle.com/v5/demo?mic=XNYS
Free sandbox key: POST https://headlessoracle.com/v5/sandbox

I'm building Headless Oracle — signed market status for AI agents. headlessoracle.com

If your trading bot uses market hours, you have a hidden liquidation bug today.

Headless Oracle — Tue, 10 Mar 2026 14:46:36 +0000

US DST shifted on Sunday. UK/EU shifts March 29. For the next 3 weeks, any AI trading agent or DeFi bot using hardcoded UTC offsets for market hours is calculating time incorrectly.

If an automated liquidator tries to sell collateral while the NYSE is actually closed, the transaction fails and bad debt accrues.

"Just use a timezone library."
pytz handles DST. It does not handle the 67 exchange-specific holidays in 2026, early closes, Tokyo's daily lunch break, or emergency circuit breakers. A timezone library solves 80% of the problem. The other 20% is where protocols absorb bad debt.

The Exploit & The Fix
To fix this, I built Headless Oracle. It is a defensive execution layer for AI trading agents and DeFi bots that returns the real-time OPEN/CLOSED/HALTED status for 7 global exchanges.

Every response is an Ed25519 cryptographically signed receipt with a 60s expiry. The architecture is strictly fail-closed: if the signature is invalid, the receipt is expired, or the status is UNKNOWN, your bot halts. When dealing with autonomous capital, defaulting to closed is the only safe option.

I've open-sourced a demo that reproduces the DST exploit and shows the Ed25519 verification fix:
View the Exploit Demo on GitHub

You can also hit the live API demo (no API key needed): headlessoracle.com/v5/demo?mic=XNYS

AI agents need verifiable environmental data before touching capital. We are building the verification layer for autonomous finance. Let me know if you have questions on the fail-closed logic or the crypto implementation.