DEV Community: Headless Oracle

Market Hours APIs Are Not Enough for Autonomous Agents

Headless Oracle — Sun, 05 Apr 2026 13:59:42 +0000

Every developer building a trading agent checks market hours. Almost none check them correctly.

The standard approach: call an API, parse the response, check if a flag says is_open: true. Then proceed.

This works when a human is in the loop. It fails silently when an autonomous agent is running at 3am.

What the standard approach misses

A market data API tells you what the market data provider believes is true. It doesn't prove it.

Four things can go wrong:

1. Stale data. A cached response from 45 minutes ago says the market is open. The market closed 40 minutes ago. The cache TTL was set to 1 hour. Your agent executes into a closed book.

2. No authentication on the market state. Anyone — including a compromised service or a man-in-the-middle — can return is_open: true. The response has no signature. Your agent cannot tell the difference between a live authoritative response and a forged or stale one.

3. Ambiguous failure modes. The API call fails with a 503. What does your agent do? Most implementations default open ("I couldn't check, so I'll proceed"). That's the wrong default. The safe assumption when you can't verify state is: don't proceed.

4. DST transitions. Your API uses UTC offsets. The exchange observes daylight saving time. On March 8, the US springs forward. For 21 days, the US/UK DST offset compresses from 5 hours to 4 hours. If your API uses hardcoded UTC offsets, it's wrong for three weeks every spring and fall.

What autonomous agents actually need

An agent that executes trades without human oversight needs three things a standard market hours API cannot provide:

Cryptographic proof. The response must be signed so the agent can verify it wasn't forged, intercepted, or replayed from a previous session. Ed25519 is the right primitive here — compact signatures, deterministic, composable into multi-party schemes.

A TTL. The agent needs to know when the attestation expires. A receipt that says "NYSE is OPEN" is only meaningful for the next 60 seconds. After that, the agent must re-fetch. A receipt without an expiry is a receipt that can be used indefinitely — including after the market has moved.

Fail-closed semantics. If the agent can't reach the oracle, or if the oracle returns an ambiguous state, the safe default is CLOSED. Not open. Not "retry." Halt execution until the state can be verified.

A boolean is_open flag satisfies none of these requirements.

The signed attestation model

A signed market receipt looks like this:

{
  "mic": "XNYS",
  "status": "OPEN",
  "issued_at": "2026-04-04T14:30:00.000Z",
  "expires_at": "2026-04-04T14:31:00.000Z",
  "issuer": "headlessoracle.com",
  "schema_version": "v5.0",
  "source": "SCHEDULE",
  "receipt_mode": "live",
  "signature": "a7f3b2...c9d4"
}

The agent does four things with this:

Verify the Ed25519 signature against the oracle's public key
Check that expires_at is in the future
Check that status === "OPEN"
If any step fails — halt

The practical difference

Here's the naive version:

import requests

def is_market_open(symbol: str) -> bool:
    r = requests.get(f"https://some-api.com/market-hours/{symbol}")
    return r.json().get("is_open", False)

If this returns True, your agent proceeds. If the API is down, it returns False and your agent doesn't proceed — which is actually safe. But if the API returns stale data, if the response is cached at an intermediate layer, or if the TTL logic is wrong, you're trading blind.

Here's the safe version:

from headless_oracle import OracleClient, verify

oracle = OracleClient()

def safe_to_trade(mic: str) -> bool:
    receipt = oracle.get_status(mic)

    # Step 1: Verify cryptographic signature
    if not verify(receipt):
        return False  # Signature invalid — fail closed

    # Step 2: Check TTL
    # (verify() already checks expires_at — if expired, returns False)

    # Step 3: Check status
    return receipt["status"] == "OPEN"
    # UNKNOWN and HALTED both return False — fail closed

The difference is 4 lines. The second version is provably correct. The first version is probably correct, most of the time.

"Probably correct, most of the time" is fine when a human can catch the exception at 3am. It's not fine when no human is watching.

When this matters more than you think

The cost of getting market state wrong isn't just a bad fill. It's:

Executing a trade that can't settle (T+1/T+2 windows)
Triggering a circuit breaker with an order at a halted price
Trading into a pre-market session with 1/100th the liquidity
Executing through a DST transition window where the market is technically open but the clearing systems are running on reduced staffing

These aren't theoretical. They're the exact scenarios that the signed receipt model was designed to handle.

The three-line integration

from headless_oracle import OracleClient, verify

oracle = OracleClient()  # Auto-provisions a free sandbox key
receipt = oracle.get_status("XNYS")
assert verify(receipt) and receipt["status"] == "OPEN", "Market not verified open — trade blocked"

Free sandbox key at headlessoracle.com/v5/sandbox. No signup required.

The oracle covers 28 exchanges across 6 regions. Ed25519 signatures. 60-second TTL. MCP server for Claude Desktop, Cursor, and any MCP-compatible agent.

Full documentation: headlessoracle.com/docs

I'm building Headless Oracle — headlessoracle.com

Why Your Trading Agent Needs a Pre-Trade Gate

Headless Oracle — Sun, 05 Apr 2026 13:49:11 +0000

Your agent traded $50,000 into a halted market at 3am. Nobody was watching.
This isn't a hypothetical. It's the failure mode that autonomous trading agents are quietly running toward — and almost nobody has a circuit breaker in place.

The Blind Spot in Autonomous Execution
Agents that execute trades check a lot of things. Price feeds. Order book depth. Portfolio constraints. Risk limits. Slippage estimates.
What they almost never check: is the exchange actually open right now?
Price feeds don't tell you the exchange is closed. They serve you the last known price — which may be hours old — and they do it silently. A market data feed returning a stale quote and a market data feed returning a live quote look identical to an agent reading the response.
An agent that sees a valid price and a filled order book and a cleared risk check will execute. It has no reason not to.
Unless someone told it to check market state first.

The DST Bug Nobody Saw Coming
March 8, 2026. US clocks spring forward. European clocks don't change for another three weeks.
For exactly one hour, agents using hardcoded UTC-offset schedules believed European markets were open. Their local-time arithmetic said "09:30 Paris time" but their UTC math was wrong by an hour. The clocks disagreed.
Trades executed into closed markets. The positions sat there, unhedged, until European markets actually opened — 60 minutes and several volatility points later.
No error was thrown. No alert fired. The trades looked syntactically correct.
This is the class of bug that kills accounts: not a crash, not a panic, but a silent wrong answer that looks like a right answer.

What a Pre-Trade Gate Actually Does
A pre-trade gate is a check you run before any trade, payment, or capital commitment. It asks one question: is this exchange open right now, with cryptographic proof?
The answer comes back as a signed receipt:
json{
"mic": "XNYS",
"status": "OPEN",
"issued_at": "2026-04-03T14:32:10.000Z",
"expires_at": "2026-04-03T14:33:10.000Z",
"receipt_mode": "live",
"signature": "a3f9..."
}
The signature is Ed25519. The TTL is 60 seconds. If either check fails, you don't trade.

The Fail-Closed Contract
This is the design decision that separates a verification gate from a rubber stamp:
StatusActionOPENProceedCLOSEDHaltHALTEDHalt (circuit breaker active)UNKNOWNHalt (treat as CLOSED)
UNKNOWN is the critical case. It's what you get when the oracle can't determine the answer — network partition, data gap, signing infrastructure problem. An oracle that returns UNKNOWN is telling you it cannot confirm the safe state.
The fail-closed contract says: if you can't verify, don't trade. An agent that proceeds on UNKNOWN is choosing to skip the gate, not to pass it.

The Gate in 5 Lines of Python
pythonfrom headless_oracle import OracleClient, verify

client = OracleClient()

def safe_to_execute(mic: str = 'XNYS') -> bool:
receipt = client.get_status(mic)
return verify(receipt) and receipt['status'] == 'OPEN'
Call safe_to_execute() before any trade. If it returns False — for any reason — halt.
That's it. Five lines between your agent and a $50K mistake at 3am.

Why Cryptographic Signing Matters
A signed receipt isn't just a JSON response. It's a tamper-proof attestation you can pass between agents.
If your execution agent receives a market state receipt from a data collection agent, it doesn't have to trust the data pipeline. It verifies the Ed25519 signature against the oracle's public key. If the signature is invalid — whether from tampering, replay, or corruption — the receipt is rejected.
This is how you build multi-agent financial workflows without a single trusted intermediary.

The Question Isn't Whether Your Agent Will Encounter a Closed Market
Markets close. Exchanges halt. Holidays happen. DST transitions land on trading days.
In 2026 alone, there are over 5,000 schedule edge cases across 28 global exchanges — holidays, early closes, lunch breaks, circuit breakers, DST transitions, weekend rules for Middle Eastern markets that treat Friday as a non-trading day.
Your agent will encounter these. The question is whether it will know.
A pre-trade gate doesn't guarantee profit. It guarantees that when a market is closed, your agent knows it — and stops.

Get Started

MCP (Claude/Cursor/Windsurf): Add https://headlessoracle.com/mcp to your MCP config
Python: pip install headless-oracle
REST: GET https://headlessoracle.com/v5/demo?mic=XNYS
Free sandbox key: POST https://headlessoracle.com/v5/sandbox

I'm building Headless Oracle — signed market status for AI agents. headlessoracle.com

If your trading bot uses market hours, you have a hidden liquidation bug today.

Headless Oracle — Tue, 10 Mar 2026 14:46:36 +0000

US DST shifted on Sunday. UK/EU shifts March 29. For the next 3 weeks, any AI trading agent or DeFi bot using hardcoded UTC offsets for market hours is calculating time incorrectly.

If an automated liquidator tries to sell collateral while the NYSE is actually closed, the transaction fails and bad debt accrues.

"Just use a timezone library."
pytz handles DST. It does not handle the 67 exchange-specific holidays in 2026, early closes, Tokyo's daily lunch break, or emergency circuit breakers. A timezone library solves 80% of the problem. The other 20% is where protocols absorb bad debt.

The Exploit & The Fix
To fix this, I built Headless Oracle. It is a defensive execution layer for AI trading agents and DeFi bots that returns the real-time OPEN/CLOSED/HALTED status for 7 global exchanges.

Every response is an Ed25519 cryptographically signed receipt with a 60s expiry. The architecture is strictly fail-closed: if the signature is invalid, the receipt is expired, or the status is UNKNOWN, your bot halts. When dealing with autonomous capital, defaulting to closed is the only safe option.

I've open-sourced a demo that reproduces the DST exploit and shows the Ed25519 verification fix:
View the Exploit Demo on GitHub

You can also hit the live API demo (no API key needed): headlessoracle.com/v5/demo?mic=XNYS

AI agents need verifiable environmental data before touching capital. We are building the verification layer for autonomous finance. Let me know if you have questions on the fail-closed logic or the crypto implementation.