security: comprehensive hardening — URL validation, order bounds, redaction, rate limiting

TypeScript URL safety (HIGH):
- Apply safeSegment() to all 22 URL builders that interpolate parameters
  (was only applied to tags() and marketHours(), matching Python parity)
- Narrow SAFE_PATH_SEGMENT regex: remove : and @ characters

Order safety (HIGH + MEDIUM):
- Default time_in_force to "gfd" instead of "gtc" in TypeScript client
  and MCP tool (matches Python fix from previous commit)
- Fix trailing_peg payload: omit unused fields instead of undefined
- Add bounds validation to all order methods (both SDKs): quantity,
  price, stop_price, trail_amount, limit_price must be positive + finite
- Fix crypto order division-by-zero: limitPrice validated > 0 before
  division in both SDKs

Encryption key validation (MEDIUM):
- ROBINHOOD_TOKEN_KEY env var now validated: must decode to exactly 32
  bytes (both Python and TypeScript)

Redaction hardening (MEDIUM):
- Add password, secret, account_number to SENSITIVE_KEYS (both SDKs)
- Add "Authorization: Bearer <token>" plain-text pattern detection
- Both redactTokens() and redact_tokens() now catch bearer headers

MCP tool input hardening (MEDIUM):
- Add .positive() to all Zod z.number() schemas for order prices/quantities
- Add .max(200) to symbol string inputs to prevent oversized requests

Token refresh rate limiting (MEDIUM):
- Add 5-second minimum interval between refresh attempts (both SDKs)
- Prevents DoS via repeated 401s exhausting the refresh endpoint

Tests:
- 24 new path traversal rejection tests for TypeScript URL builders
- TypeScript: 168 tests passing
- Python: 88 tests passing
- PII scan: clean (no emails, tokens, credentials in codebase)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: kevin1chun

python/src/robinhood_agents/_auth.py

@@ -25,6 +25,7 @@
 
 _CLIENT_ID = "c82SH0WZOsabOXGP2sxqcj34FxkvfnWRZBKlBjFS"
 _EXPIRATION_TIME = 734000
+_MIN_REFRESH_INTERVAL = 5.0  # seconds
 
 
 @dataclass
@@ -35,6 +36,7 @@ class AuthState:
     store: TokenStore
     _refresh_lock: asyncio.Lock = field(default_factory=asyncio.Lock, repr=False)
     _refresh_task: asyncio.Task[str | None] | None = field(default=None, repr=False)
+    _last_refresh_at: float = field(default=0.0, repr=False)
 
 
 async def _refresh_tokens(state: AuthState) -> str | None:
@@ -109,10 +111,15 @@ def _create_refresh_callback(
     """
 
     async def _refresh() -> str | None:
+        # Rate limit: refuse to refresh if the last attempt was too recent
+        if time() - state._last_refresh_at < _MIN_REFRESH_INTERVAL:
+            return None
+
         async with state._refresh_lock:
             # If another coroutine already refreshed while we waited, return that result
             if state._refresh_task is not None:
                 return await state._refresh_task
+            state._last_refresh_at = time()
             state._refresh_task = asyncio.ensure_future(_refresh_tokens(state))
         try:
             return await state._refresh_task

python/src/robinhood_agents/_client.py

@@ -551,6 +551,18 @@ async def order_stock(
         self._require_auth()
         sym = symbol.strip().upper()
 
+        # Validate numeric bounds
+        import math
+
+        if quantity <= 0 or not math.isfinite(quantity):
+            raise ValueError("quantity must be a positive finite number")
+        if limit_price is not None and (limit_price <= 0 or not math.isfinite(limit_price)):
+            raise ValueError("limit_price must be a positive finite number")
+        if stop_price is not None and (stop_price <= 0 or not math.isfinite(stop_price)):
+            raise ValueError("stop_price must be a positive finite number")
+        if trail_amount is not None and (trail_amount <= 0 or not math.isfinite(trail_amount)):
+            raise ValueError("trail_amount must be a positive finite number")
+
         # Validate mutually exclusive order params
         if trail_amount is not None and (limit_price is not None or stop_price is not None):
             msg = "Cannot combine trail_amount with limit_price or stop_price"
@@ -657,9 +669,17 @@ async def order_option(
         account_number: str | None = None,
     ) -> OptionOrder:
         self._require_auth()
+        import math
+
         if not legs:
             msg = "At least one leg is required"
             raise ValueError(msg)
+        if price <= 0 or not math.isfinite(price):
+            raise ValueError("price must be a positive finite number")
+        if quantity <= 0:
+            raise ValueError("quantity must be a positive integer")
+        if stop_price is not None and (stop_price <= 0 or not math.isfinite(stop_price)):
+            raise ValueError("stop_price must be a positive finite number")
 
         resolved_legs = []
         for leg in legs:
@@ -749,6 +769,13 @@ async def order_crypto(
         limit_price: float | None = None,
     ) -> CryptoOrder:
         self._require_auth()
+        import math
+
+        if amount_or_quantity <= 0 or not math.isfinite(amount_or_quantity):
+            raise ValueError("amount_or_quantity must be a positive finite number")
+        if limit_price is not None and (limit_price <= 0 or not math.isfinite(limit_price)):
+            raise ValueError("limit_price must be a positive finite number")
+
         s = symbol.strip().upper()
 
         raw = await request_get(self._session, urls.crypto_currency_pairs(), data_type="results")

python/src/robinhood_agents/_redact.py

@@ -8,9 +8,13 @@
 # Matches JWT-shaped strings: three dot-separated base64url segments, each 20+ chars.
 _JWT_PATTERN = re.compile(r"\beyJ[A-Za-z0-9_-]{20,}\.[A-Za-z0-9_-]{20,}\.[A-Za-z0-9_-]{20,}\b")
 
+# Matches "Authorization: Bearer <token>" in plain-text headers/logs.
+_BEARER_HEADER_PATTERN = re.compile(r"\bBearer\s+[A-Za-z0-9_.-]{10,}\b", re.IGNORECASE)
+
 # Matches values of known sensitive keys in JSON-serialized strings.
 _SENSITIVE_KEY_PATTERN = re.compile(
-    r'"(access_token|refresh_token|device_token|bearer_token|authorization)":\s*"([^"]*)"',
+    r'"(access_token|refresh_token|device_token|bearer_token|authorization'
+    r'|password|secret|account_number)":\s*"([^"]*)"',
     re.IGNORECASE,
 )
 
@@ -21,6 +25,9 @@
         "device_token",
         "bearer_token",
         "token",
+        "password",
+        "secret",
+        "account_number",
     }
 )
 
@@ -29,6 +36,7 @@ def redact_tokens(input_str: str) -> str:
     """Redact JWT tokens and known sensitive key values from a string."""
     result = _SENSITIVE_KEY_PATTERN.sub(rf'"\1":"{_REDACTED}"', input_str)
     result = _JWT_PATTERN.sub(_REDACTED, result)
+    result = _BEARER_HEADER_PATTERN.sub(f"Bearer {_REDACTED}", result)
     return result
 
 

python/src/robinhood_agents/_token_store.py

@@ -161,7 +161,11 @@ def _resolve_encryption_key() -> bytes:
     # 1. Env var
     env_key = os.environ.get("ROBINHOOD_TOKEN_KEY", "").strip()
     if env_key:
-        return base64.b64decode(env_key)
+        key = base64.b64decode(env_key)
+        if len(key) != _KEY_BYTES:
+            msg = f"ROBINHOOD_TOKEN_KEY must decode to {_KEY_BYTES} bytes (got {len(key)})"
+            raise ValueError(msg)
+        return key
 
     # 2. Keychain
     try:

typescript/__tests__/client/auth.test.ts

@@ -88,7 +88,7 @@ describe("logout", () => {
   it("clears access token and onUnauthorized", async () => {
     const session = mockSession();
     const store = mockStore();
-    const state: AuthState = { tokens: sampleTokens, store, refreshing: null };
+    const state: AuthState = { tokens: sampleTokens, store, refreshing: null, lastRefreshAt: 0 };
 
     await logout(session, state);
 
@@ -99,7 +99,7 @@ describe("logout", () => {
   it("attempts to revoke token at Robinhood", async () => {
     const session = mockSession();
     const store = mockStore();
-    const state: AuthState = { tokens: sampleTokens, store, refreshing: null };
+    const state: AuthState = { tokens: sampleTokens, store, refreshing: null, lastRefreshAt: 0 };
 
     await logout(session, state);
 
@@ -112,7 +112,7 @@ describe("logout", () => {
   it("deletes from store", async () => {
     const session = mockSession();
     const store = mockStore();
-    const state: AuthState = { tokens: sampleTokens, store, refreshing: null };
+    const state: AuthState = { tokens: sampleTokens, store, refreshing: null, lastRefreshAt: 0 };
 
     await logout(session, state);
 

typescript/__tests__/client/urls.test.ts

@@ -100,4 +100,45 @@ describe("URL builders", () => {
     it("top100", () =>
       expect(urls.top100()).toBe("https://api.robinhood.com/midlands/tags/tag/100-most-popular/"));
   });
+
+  describe("safeSegment rejects path traversal", () => {
+    const cases: Array<[string, (arg: string) => string]> = [
+      ["challenge", urls.challenge],
+      ["pathfinderInquiry", urls.pathfinderInquiry],
+      ["pushPromptStatus", urls.pushPromptStatus],
+      ["account", urls.account],
+      ["portfolio", urls.portfolio],
+      ["portfolioHistoricals", urls.portfolioHistoricals],
+      ["quote", urls.quote],
+      ["instrument", urls.instrument],
+      ["fundamental", urls.fundamental],
+      ["stockHistoricalsFor", urls.stockHistoricalsFor],
+      ["news", urls.news],
+      ["ratings", urls.ratings],
+      ["optionChain", urls.optionChain],
+      ["optionMarketData", urls.optionMarketData],
+      ["optionOrder", urls.optionOrder],
+      ["cryptoQuote", urls.cryptoQuote],
+      ["cryptoHistoricals", urls.cryptoHistoricals],
+      ["cryptoOrder", urls.cryptoOrder],
+      ["stockOrder", urls.stockOrder],
+      ["cancelStockOrder", urls.cancelStockOrder],
+      ["cancelOptionOrder", urls.cancelOptionOrder],
+      ["cancelCryptoOrder", urls.cancelCryptoOrder],
+    ];
+
+    for (const [name, fn] of cases) {
+      it(`${name} rejects ../bad`, () => {
+        expect(() => fn("../bad")).toThrow(/Invalid/);
+      });
+    }
+
+    it("rejects colon in segment", () => {
+      expect(() => urls.account("foo:bar")).toThrow(/Invalid/);
+    });
+
+    it("rejects @ in segment", () => {
+      expect(() => urls.account("foo@bar")).toThrow(/Invalid/);
+    });
+  });
 });

typescript/__tests__/server/tools.test.ts

@@ -147,7 +147,7 @@ describe("Tool handlers return MCP content format", () => {
 
     const accountsData = await callTool(tools, "robinhood_get_accounts");
     expect(accountsData.accounts).toEqual([
-      { url: "https://api.robinhood.com/accounts/ABC123/", account_number: "ABC123", type: "cash" },
+      { url: "https://api.robinhood.com/accounts/ABC123/", account_number: "[REDACTED]", type: "cash" },
     ]);
 
     const accountData = await callTool(tools, "robinhood_get_account", { info_type: "user" });

typescript/src/client/auth.ts

@@ -18,11 +18,14 @@ export interface LoginResult {
   method: "keychain" | "encrypted_file" | "token";
 }
 
+const MIN_REFRESH_INTERVAL_MS = 5_000;
+
 /** State held per-client for token management. */
 export interface AuthState {
   tokens: TokenData;
   store: TokenStore;
   refreshing: Promise<string | null> | null;
+  lastRefreshAt: number;
 }
 
 /**
@@ -93,6 +96,11 @@ function createRefreshCallback(state: AuthState): () => Promise<string | null> {
     if (state.refreshing) {
       return state.refreshing;
     }
+    // Rate limit: refuse to refresh if the last attempt was too recent
+    if (Date.now() - state.lastRefreshAt < MIN_REFRESH_INTERVAL_MS) {
+      return null;
+    }
+    state.lastRefreshAt = Date.now();
     state.refreshing = refreshTokens(state).finally(() => {
       state.refreshing = null;
     });
@@ -123,6 +131,7 @@ export async function restoreSession(
     tokens,
     store,
     refreshing: null,
+    lastRefreshAt: 0,
   };
 
   // Register 401 callback for automatic token refresh

typescript/src/client/client.ts

@@ -535,6 +535,23 @@ export class RobinhoodClient {
     this.requireAuth();
     const sym = symbol.trim().toUpperCase();
 
+    // Validate numeric bounds
+    if (quantity <= 0 || !Number.isFinite(quantity)) {
+      throw new Error("quantity must be a positive finite number");
+    }
+    if (opts?.limitPrice != null && (opts.limitPrice <= 0 || !Number.isFinite(opts.limitPrice))) {
+      throw new Error("limitPrice must be a positive finite number");
+    }
+    if (opts?.stopPrice != null && (opts.stopPrice <= 0 || !Number.isFinite(opts.stopPrice))) {
+      throw new Error("stopPrice must be a positive finite number");
+    }
+    if (
+      opts?.trailAmount != null &&
+      (opts.trailAmount <= 0 || !Number.isFinite(opts.trailAmount))
+    ) {
+      throw new Error("trailAmount must be a positive finite number");
+    }
+
     // Validate mutually exclusive order params
     if (opts?.trailAmount != null && (opts?.limitPrice != null || opts?.stopPrice != null)) {
       throw new Error("Cannot combine trailAmount with limitPrice or stopPrice");
@@ -586,19 +603,22 @@ export class RobinhoodClient {
       quantity: String(quantity),
       type: orderType,
       trigger,
-      time_in_force: isFractional ? "gfd" : (opts?.timeInForce ?? "gtc"),
+      time_in_force: isFractional ? "gfd" : (opts?.timeInForce ?? "gfd"),
       extended_hours: opts?.extendedHours ?? false,
       ref_id: crypto.randomUUID(),
     };
 
     if (opts?.limitPrice != null) payload.price = String(opts.limitPrice);
     if (opts?.stopPrice != null) payload.stop_price = String(opts.stopPrice);
     if (opts?.trailAmount != null) {
-      payload.trailing_peg = {
-        type: opts.trailType ?? "percentage",
-        percentage: opts.trailType === "amount" ? undefined : String(opts.trailAmount),
-        price: opts.trailType === "amount" ? { amount: String(opts.trailAmount) } : undefined,
-      };
+      const pegType = opts.trailType ?? "percentage";
+      const peg: Record<string, unknown> = { type: pegType };
+      if (pegType === "amount") {
+        peg.price = { amount: String(opts.trailAmount) };
+      } else {
+        peg.percentage = String(opts.trailAmount);
+      }
+      payload.trailing_peg = peg;
     }
 
     // Market buys get a 5% price collar
@@ -664,6 +684,15 @@ export class RobinhoodClient {
     if (legs.length === 0) {
       throw new Error("At least one leg is required");
     }
+    if (price <= 0 || !Number.isFinite(price)) {
+      throw new Error("price must be a positive finite number");
+    }
+    if (quantity <= 0 || !Number.isFinite(quantity)) {
+      throw new Error("quantity must be a positive finite number");
+    }
+    if (opts?.stopPrice != null && (opts.stopPrice <= 0 || !Number.isFinite(opts.stopPrice))) {
+      throw new Error("stopPrice must be a positive finite number");
+    }
 
     // Resolve each leg's option instrument
     const resolvedLegs = [];
@@ -754,6 +783,15 @@ export class RobinhoodClient {
     },
   ): Promise<CryptoOrder> {
     this.requireAuth();
+
+    // Validate numeric bounds
+    if (amountOrQuantity <= 0 || !Number.isFinite(amountOrQuantity)) {
+      throw new Error("amountOrQuantity must be a positive finite number");
+    }
+    if (opts?.limitPrice != null && (opts.limitPrice <= 0 || !Number.isFinite(opts.limitPrice))) {
+      throw new Error("limitPrice must be a positive finite number");
+    }
+
     const s = symbol.trim().toUpperCase();
 
     // Look up the currency pair

typescript/src/client/token-store.ts

@@ -102,7 +102,11 @@ async function resolveEncryptionKey(): Promise<Buffer> {
   // 1. Env var
   const envKey = process.env.ROBINHOOD_TOKEN_KEY?.trim();
   if (envKey) {
-    return Buffer.from(envKey, "base64");
+    const key = Buffer.from(envKey, "base64");
+    if (key.length !== KEY_BYTES) {
+      throw new Error(`ROBINHOOD_TOKEN_KEY must decode to ${KEY_BYTES} bytes (got ${key.length})`);
+    }
+    return key;
   }
 
   // 2. Keychain