Vadim's blog

Agent Skills spec + Mastra integration

February 8, 2026 · 9 min read

Vadim Nicolai

Senior Software Engineer

Agent Skills Specification

Source: https://agentskills.io/specification

This document defines the Agent Skills format.

Directory structure

A skill is a directory containing at minimum a SKILL.md file:

skill-name/
└── SKILL.md          # Required

Tip: You can optionally include additional directories such as scripts/, references/, and assets/ to support your skill.

SKILL.md format

The SKILL.md file must contain YAML frontmatter followed by Markdown content.

Frontmatter (required)

Minimal example:

---
name: skill-name
description: A description of what this skill does and when to use it.
---

With optional fields:

---
name: pdf-processing
description: Extract text and tables from PDF files, fill forms, merge documents.
license: Apache-2.0
metadata:
  author: example-org
  version: "1.0"
---

Field	Required	Notes
name	Yes	Max 64 characters. Lowercase letters, numbers, and hyphens only. Must not start or end with a hyphen.
description	Yes	Max 1024 characters. Non-empty. Describes what the skill does and when to use it.
license	No	License name or reference to a bundled license file.
compatibility	No	Max 500 characters. Indicates environment requirements (intended product, system packages, network access, etc.).
metadata	No	Arbitrary key-value mapping for additional metadata.
allowed-tools	No	Space-delimited list of pre-approved tools the skill may use. (Experimental)

`name` field

The required name field:

Must be 1-64 characters
May only contain unicode lowercase alphanumeric characters and hyphens (a-z and -)
Must not start or end with -
Must not contain consecutive hyphens (--)
Must match the parent directory name

Valid examples:

name: pdf-processing

name: data-analysis

name: code-review

Invalid examples:

name: PDF-Processing  # uppercase not allowed

name: -pdf  # cannot start with hyphen

name: pdf--processing  # consecutive hyphens not allowed

`description` field

The required description field:

Must be 1-1024 characters
Should describe both what the skill does and when to use it
Should include specific keywords that help agents identify relevant tasks

Good example:

description: Extracts text and tables from PDF files, fills PDF forms, and merges multiple PDFs. Use when working with PDF documents or when the user mentions PDFs, forms, or document extraction.

Poor example:

description: Helps with PDFs.

`license` field

The optional license field:

Specifies the license applied to the skill
We recommend keeping it short (either the name of a license or the name of a bundled license file)

Example:

license: Proprietary. LICENSE.txt has complete terms

`compatibility` field

The optional compatibility field:

Must be 1-500 characters if provided
Should only be included if your skill has specific environment requirements
Can indicate intended product, required system packages, network access needs, etc.

Examples:

compatibility: Designed for Claude Code (or similar products)

compatibility: Requires git, docker, jq, and access to the internet

Note: Most skills do not need the compatibility field.

`metadata` field

The optional metadata field:

A map from string keys to string values
Clients can use this to store additional properties not defined by the Agent Skills spec
We recommend making your key names reasonably unique to avoid accidental conflicts

Example:

metadata:
  author: example-org
  version: "1.0"

`allowed-tools` field

The optional allowed-tools field:

A space-delimited list of tools that are pre-approved to run
Experimental. Support for this field may vary between agent implementations

Example:

allowed-tools: Bash(git:*) Bash(jq:*) Read

Body content

The Markdown body after the frontmatter contains the skill instructions. There are no format restrictions. Write whatever helps agents perform the task effectively.

Recommended sections:

Step-by-step instructions
Examples of inputs and outputs
Common edge cases

Note: The agent will load this entire file once it's decided to activate a skill. Consider splitting longer SKILL.md content into referenced files.

Optional directories

scripts/

Contains executable code that agents can run. Scripts should:

Be self-contained or clearly document dependencies
Include helpful error messages
Handle edge cases gracefully

Supported languages depend on the agent implementation. Common options include Python, Bash, and JavaScript.

references/

Contains additional documentation that agents can read when needed:

REFERENCE.md - Detailed technical reference
FORMS.md - Form templates or structured data formats
Domain-specific files (finance.md, legal.md, etc.)

Keep individual reference files focused. Agents load these on demand, so smaller files mean less use of context.

assets/

Contains static resources:

Templates (document templates, configuration templates)
Images (diagrams, examples)
Data files (lookup tables, schemas)

Progressive disclosure

Skills should be structured for efficient use of context:

Metadata (~100 tokens): The name and description fields are loaded at startup for all skills
Instructions (< 5000 tokens recommended): The full SKILL.md body is loaded when the skill is activated
Resources (as needed): Files (e.g. those in scripts/, references/, or assets/) are loaded only when required

Keep your main SKILL.md under 500 lines. Move detailed reference material to separate files.

File references

When referencing other files in your skill, use relative paths from the skill root:

See [the reference guide](references/REFERENCE.md) for details.

Run the extraction script:
scripts/extract.py

Keep file references one level deep from SKILL.md. Avoid deeply nested reference chains.

Validation

Use the skills-ref reference library to validate your skills:

skills-ref validate ./my-skill

This checks that your SKILL.md frontmatter is valid and follows all naming conventions.

Documentation index first

The Agent Skills docs are designed to be discovered via a single index file (llms.txt). Use that as the entrypoint whenever you’re exploring the spec surface area.

What are skills?

Agent Skills are a lightweight, file-based format for packaging reusable agent instructions and workflows (plus optional scripts/assets). Agents use progressive disclosure:

Discovery: load only name + description metadata
Activation: load the full SKILL.md body for a matching task
Execution: read references / run scripts as needed
oaicite:1

Skill directory structure

Minimum required:

skill-name/
└── SKILL.md

Common optional directories (same convention is used by Mastra workspaces):

skill-name/
├── SKILL.md
├── references/   # extra docs (optional)
├── scripts/      # executable code (optional)
└── assets/       # templates/images/etc. (optional)

SKILL.md specification essentials

Frontmatter requirements

SKILL.md must start with YAML frontmatter with at least:

name (strict naming constraints; should match the folder name)
description (non-empty; should say what + when; include “trigger keywords”)

Optional fields defined by the spec include license, compatibility, metadata, and experimental allowed-tools.

Body content

After frontmatter: normal Markdown instructions. The spec recommends practical steps, examples, and edge cases (and keeping SKILL.md reasonably small to support progressive disclosure).

A spec-friendly template

---
name: code-review
description: Reviews code for quality, style, and potential issues. Use when asked to review PRs, diffs, TypeScript/Node projects, or linting failures.
license: Apache-2.0
compatibility: Requires node and access to repository files
metadata:
  version: "1.0.0"
  tags: "development review"
---

# Code Review

## When to use this skill
- Trigger phrases: "review this PR", "code review", "lint errors", "style guide"

## Procedure
1. Identify the change scope and risk.
2. Check for correctness, edge cases, and error handling.
3. Verify style rules in references/style-guide.md.
4. If available, run scripts/lint.ts and summarize results.

## Output format
- Summary
- Issues (by severity)
- Suggested diffs
- Follow-ups/tests

Note: Mastra’s docs show version and tags as top-level keys in frontmatter. Depending on your validator/tooling, the safest cross-implementation choice is to store extras under metadata. (mastra.ai)

Mastra integration

Mastra workspaces support skills starting in @mastra/core@1.1.0. (mastra.ai)

1) Place skills under your workspace filesystem basePath

Mastra treats skill paths as relative to the workspace filesystem basePath. (mastra.ai)

In your repo, the main workspace is configured with:

basePath: "./src/workspace"
skills: ["/skills"]

That means the actual on-disk skills folder should be:

./src/workspace/skills/
  /your-skill-name/
    SKILL.md

2) Configure skills on a workspace

Mastra enables discovery by setting skills on the workspace. (mastra.ai)

import { Workspace, LocalFilesystem } from "@mastra/core/workspace";

export const workspace = new Workspace({
  filesystem: new LocalFilesystem({ basePath: "./src/workspace" }),
  skills: ["/skills"],
});

You can provide multiple skill directories (still relative to basePath). (mastra.ai)

skills: [
  "/skills",      // Project skills
  "/team-skills", // Shared team skills
],

3) Dynamic skill directories (context-aware)

Mastra also supports a function form for skills, so you can vary skill sets by user role, tenant, environment, etc. (mastra.ai)

skills: (context) => {
  const paths = ["/skills"];
  if (context.user?.role === "developer") paths.push("/dev-skills");
  return paths;
},

4) What Mastra does “under the hood”

When a skill is activated, its instructions are added to the conversation context and the agent can access references/scripts in that skill folder. Mastra describes the runtime flow as: (mastra.ai)

List available skills in the system message
Allow agents to activate skills during conversation
Provide access to skill references and scripts

This maps cleanly onto the Agent Skills “discovery → activation → execution” model. (agentskills.io)

5) Skill search and indexing in Mastra

Mastra workspaces support BM25, vector, and hybrid search. (mastra.ai)

If BM25 or vector search is enabled, Mastra will automatically index skills so agents can search within skill content to find relevant instructions. (mastra.ai)

Example (BM25-only):

const workspace = new Workspace({
  filesystem: new LocalFilesystem({ basePath: "./src/workspace" }),
  skills: ["/skills"],
  bm25: true,
});

If you enable vector or hybrid search, indexing uses your embedder and vector store (and BM25 uses tokenization + term statistics). (mastra.ai)

Repo conventions that work well

One skill per folder, folder name matches frontmatter.name.
Keep SKILL.md focused on the “operator manual”; push deep theory to references/.
Put runnable helpers in scripts/ and make them deterministic (clear inputs/outputs).
Treat destructive actions as opt-in:
- Use workspace tool gating (approval required, delete disabled) for enforcement.
- Optionally declare allowed-tools in SKILL.md for portability across other skill runtimes. (agentskills.io)

AI-Powered Skill Extraction with Cloudflare Embeddings and a Vector Taxonomy

February 8, 2026 · 4 min read

Vadim Nicolai

Senior Software Engineer

This bulk processor extracts structured skill tags for job postings using an AI pipeline that combines:

Embedding generation via Cloudflare Workers AI (@cf/baai/bge-small-en-v1.5, 384-dim)
Vector retrieval over a skills taxonomy (Turso/libSQL index skills_taxonomy) for candidate narrowing
Mastra workflow orchestration for LLM-based structured extraction + validation + persistence
Production-grade run controls: robust logging, progress metrics, graceful shutdown, and per-item failure isolation

It’s designed for real-world runs where you expect rate limits, transient failures, and safe restarts.

Core constraint: embedding dimension ↔ vector index schema

The taxonomy retrieval layer is backed by a Turso/libSQL vector index:

Index name: skills_taxonomy
Embedding dimension (required): 384
Embedding model: @cf/baai/bge-small-en-v1.5 (384-dim)

If the index dimension isn’t 384, vector search can fail or degrade into meaningless similarity scores.
The script prevents this by validating stats.dimension === 384 before processing.

Architecture overview (pipeline flow)

Retrieval + extraction: what happens per job

1) Retrieval: taxonomy candidate narrowing (vector search)

Convert relevant job text to embeddings using Cloudflare Workers AI.
Use vector similarity search in skills_taxonomy to retrieve top-N candidate skills.
Candidates constrain the downstream LLM step (better precision, lower cost).

2) Extraction: structured inference via Mastra workflow

A cached Mastra workflow (extractJobSkillsWorkflow) performs:

prompt + schema-driven extraction
normalization (matching to taxonomy terms/ids)
validation (reject malformed outputs)
persistence into job_skill_tags

On failure, the script logs workflow status and step details for debugging.

Cloudflare Workers AI embeddings

Model contract and hardening

Model: @cf/baai/bge-small-en-v1.5
Vectors: 384 dimensions
Input contract: strict array of strings
Timeout: 45s (AbortController)
Output contract: explicit response shape checks (fail early on unexpected payloads)

This is important because embedding pipelines can silently drift if the response shape changes or inputs are malformed.

Dimension enforcement (non-negotiable)

If skills_taxonomy was created/seeded with a different dimension:

similarity search becomes invalid (best case: errors; worst case: plausible-but-wrong matches)

The script enforces stats.dimension === 384 to keep retrieval semantically meaningful.

Turso/libSQL vector taxonomy index

Storage: Turso (libSQL)
Index: skills_taxonomy
Schema dimension: 384
Role: retrieval layer for skills ontology/taxonomy

The script also ensures the index is populated (count > 0), otherwise it fails fast and directs you to seed.

Reliability and operational controls

Observability: console + file tee logs

tees console.log/warn/error to a timestamped file and the terminal
log naming: extract-job-skills-<ISO timestamp>-<pid>.log
degrades to console-only logging if file IO fails

Graceful termination

SIGINT / SIGTERM sets a shouldStop flag
the loop exits after the current job completes
avoids interrupting in-flight workflow steps (embedding/LLM/DB writes)

Idempotency / restart safety

Even after selecting jobs without tags, the script re-checks:

jobAlreadyHasSkills(jobId)

This avoids duplicate inference when:

you restart mid-run
multiple workers run concurrently
the initial query snapshot becomes stale

Throughput shaping

sequential processing
a fixed 1s backoff between jobs (simple, reliable rate-limit mitigation)

Failure modes

Retrieval layer failures (index health)

Triggers:

index missing
dimension mismatch (not 384)
empty index (count === 0)

Behavior: fail fast with actionable logs (recreate index / re-seed / verify DB target).

Embedding timeouts

Symptom: embedding call exceeds 45s and aborts. Behavior: job fails; run continues.

Mitigations:

chunk long descriptions upstream
add retry/backoff on transient 429/5xx
monitor Workers AI service health

Workflow failures

Behavior: job is marked failed; run continues. Logs include step trace and error payload to accelerate debugging.

Quick reference

Embeddings: Cloudflare Workers AI @cf/baai/bge-small-en-v1.5 (384-dim)
Retrieval: Turso/libSQL vector index skills_taxonomy (384-dim)
Orchestration: Mastra workflow extractJobSkillsWorkflow
Persistence: job_skill_tags
Embedding timeout: 45s
Stop behavior: graceful after current job (SIGINT / SIGTERM)

AI Observability for LLM Evals with Langfuse

February 7, 2026 · 10 min read

Vadim Nicolai

Senior Software Engineer

This article documents an evaluation harness for a Remote EU job classifier—but the real focus is AI observability: how to design traces, spans, metadata, scoring, and run-level grouping so you can debug, compare, and govern LLM behavior over time.

The script runs a batch of curated test cases, loads the latest production prompt from Langfuse (with a safe fallback), executes a structured LLM call, scores results, and publishes metrics back into Langfuse. That gives you:

Reproducibility (prompt versions + test set + session IDs)
Debuggability (one trace per test case; inspect inputs/outputs)
Comparability (run-level aggregation; trend metrics across changes)
Operational safety (flush guarantees, CI thresholds, rate-limit control)

Why "observability-first" evals matter

A typical eval script prints expected vs actual and calls it a day. That's not enough once you:

iterate prompts weekly,
swap models,
add guardrails,
change schemas,
tune scoring rubrics,
and need to explain regressions to humans.

Observability-first evals answer questions like:

Which prompt version produced the regression?
Is accuracy stable but confidence becoming overconfident?
Are failures clustered by location phrasing ("EMEA", "EU timezone", "Worldwide")?
Did we increase tokens/latency without improving correctness?
Can we click from CI logs straight into the trace of the failing example?

Langfuse becomes your "flight recorder": the trace is the unit of truth for what happened.

End-to-end architecture

Observability design: what gets traced and why

Trace strategy: one trace per test case

Principle: if you can't click into an individual example, you can't debug.

Each test case produces a Langfuse trace (think "request-level unit"), tagged with:

sessionId: groups a full run (critical for comparisons)
testCaseId, description: anchors the trace to your dataset
prompt metadata: name/label/version/hash (ideal)
model metadata: provider, model name, parameters (ideal)

This makes failures navigable and filterable.

Span strategy: one generation per model call

Inside each trace, you create a generation span for the model call:

captures input (prompt + job posting)
captures output (structured object + reason)
captures usage (token counts)
optionally captures latency (recommended)
optionally captures model params (temperature, top_p, etc.)

Even if the script is "just evals," treat each example like production traffic. That's how you build a reliable debugging workflow.

Prompt governance: Langfuse prompts + fallback behavior

Your harness fetches a prompt by name and label:

name: job-classifier
label: production

If prompt retrieval fails or is disabled (e.g., SKIP_LANGFUSE_PROMPTS=true), it uses a local fallback prompt.

Observability tip: always record the effective prompt identity

To compare runs, you want "which exact prompt did this use?" in trace metadata. If your prompt fetch returns versioning info, store:

promptName
promptLabel
promptVersion or promptId or promptHash

If it does not return version info, you can compute a stable hash of the prompt text and store that (lightweight, extremely useful).

Structured output: Zod as an observability contract

The classifier returns:

isRemoteEU: boolean
confidence: "high" | "medium" | "low"
reason: string

Why structured output is observability, not just "parsing"

A strict schema:

removes ambiguity ("was that JSON-ish text or valid data?")
enables stable scoring and aggregation
prevents downstream drift as prompts change
improves triage because the same fields are always present

If you ever add fields like region, countryHints, remotePolicy, do it via schema extension and keep historical compatibility in your scorer.

The full eval lifecycle as a trace model

This is what you want stored per test case:

When a case fails, you should be able to answer in one click:

Which prompt version?
What input text exactly?
What output object exactly?
What scoring decision and why?
Was the model "confidently wrong"?

Scoring and metrics: accuracy is necessary, insufficient

Your harness logs two scores:

remote-eu-accuracy A numeric score from your scorer. This can be binary (0/1) or continuous (0..1). Continuous is often better because it supports partial credit and more informative trend analysis.
confidence-match A binary score (1/0) tracking whether the model's confidence matches expected confidence.

Observability tip: store scorer metadata as the comment (or trace metadata)

A score without context is hard to debug. For incorrect cases, write comments like:

expected vs actual isRemoteEU
expected vs actual confidence
a short reason ("Predicted EU-only due to 'EMEA' but posting says US time zones")

Also consider storing structured metadata (if your Langfuse SDK supports it) so you can filter/group later.

Run-level grouping: session IDs as your "eval run" primitive

A sessionId = eval-${Date.now()} groups the whole batch. This enables:

"show me all traces from the last run"
comparisons across runs
slicing by prompt version across sessions
CI links that land you on the run dashboard

Recommendation: include additional stable tags:

gitSha, branch, ciBuildId (if running in CI)
model and promptVersion (for quick comparisons)

Even if you don't have them now, design the metadata schema so adding them later doesn't break anything.

Mermaid: evaluation flow, sequence, and data model (together)

1) Flow: control plane of the batch run

2) Sequence: what actually happens per case

3) Data model: eval artifacts

How to run (and make it debuggable in one click)

Environment variables

Required:

LANGFUSE_SECRET_KEY
LANGFUSE_PUBLIC_KEY
LANGFUSE_BASE_URL
DEEPSEEK_API_KEY

Optional:

SKIP_LANGFUSE_PROMPTS=true (use local prompt fallback)

Run:

pnpm tsx scripts/eval-remote-eu-langfuse.ts

Local prompt fallback:

SKIP_LANGFUSE_PROMPTS=true pnpm tsx scripts/eval-remote-eu-langfuse.ts

Observability tip: print a stable "run header"

In console output (and CI logs), it helps to print:

sessionId
model name
prompt version/hash
total test cases

That turns logs into an index into Langfuse.

Debugging workflow: from CI failure to root cause

When accuracy drops below threshold and CI fails, you want a deterministic workflow:

Open the Langfuse session for the run (grouped by sessionId)
Filter traces where remote-eu-accuracy = 0 (or below some threshold)
For each failing trace:
- check prompt version/hash
- check job posting input text (location phrasing is often the culprit)
- inspect structured output (especially confidence)
- read the reason for the scorer's decision

Practical tips & gotchas (observability edition)

1) Always flush telemetry

If you exit early, you can lose the most important traces. Ensure flushAsync() happens even on errors (e.g., in a finally block) and only exit after flush completes.

2) Don't parallelize blindly

Parallel execution improves speed but can:

amplify rate limits
introduce noisy latency
create non-deterministic output ordering in logs

If you do parallelize, use bounded concurrency and capture per-case timing.

3) Track prompt identity, not just prompt text

Prompt text alone is hard to compare across runs. Record version/hash so you can correlate changes with performance.

4) Separate "correctness" from "calibration"

A model can get higher accuracy while becoming confidently wrong on edge cases. Keeping confidence-match (or richer calibration metrics later) prevents hidden regressions.

5) Add slice metrics before you add more test cases

Instead of only "overall accuracy," compute accuracy by category:

"EU-only"
"Worldwide remote"
"EMEA" phrasing
"Hybrid" / "On-site"
"Contractor / employer-of-record constraints"

This reveals what's actually breaking when a prompt changes.

Suggested next upgrades (high leverage)

A) Add latency and cost proxies

Record:

duration per generation span (ms)
token totals per case

Then you can chart:

cost/latency vs accuracy
regressions where prompt got longer but not better

B) Add a "reason quality" score (optional, small rubric)

Create a third score like reason-quality to detect when explanations degrade (too vague, irrelevant, or missing key constraints). Keep it light—don't overfit to phrasing.

C) Prompt A/B within the same run

Evaluate production vs candidate prompts on the same test set:

two sessions (or two labels within one session)
compare metrics side-by-side in Langfuse

Docusaurus note: Mermaid support

If Mermaid isn't rendering, enable it in Docusaurus:

// docusaurus.config.js
const config = {
  markdown: { mermaid: true },
  themes: ["@docusaurus/theme-mermaid"],
};
module.exports = config;

The takeaway: observability is the eval superpower

A well-instrumented eval harness makes improvements measurable and regressions explainable:

traces turn examples into clickable evidence
structured outputs stabilize scoring
session IDs make runs comparable
multiple metrics prevent hidden failure modes

If you treat evals like production requests—with traces, spans, and scores—you'll iterate faster and break less.

Schema-First RAG with Eval-Gated Grounding and Claim-Card Provenance

February 5, 2026 · 7 min read

Vadim Nicolai

Senior Software Engineer

This article documents a production-grade architecture for generating research-grounded therapeutic content. The system prioritizes verifiable artifacts (papers → structured extracts → scored outputs → claim cards) over unstructured text.

You can treat this as a “trust pipeline”: retrieve → normalize → extract → score → repair → persist → generate.

Evals for Workflow-First Production LLMs: Contracts, Rubrics, Sampling, and Observability

February 3, 2026 · 12 min read

Vadim Nicolai

Senior Software Engineer

Building Production Evals for LLM Systems

Building LLM systems you can measure, monitor, and improve

Large language models feel like software, but they don’t behave like software.

With conventional programs, behavior is mostly deterministic: if tests pass, you ship, and nothing changes until you change the code. With LLM systems, behavior can drift without touching a line—model updates, prompt edits, temperature changes, tool availability, retrieval results, context truncation, and shifts in real-world inputs all move the output distribution.

So “it seems to work” isn’t a strategy. Evals are how you turn an LLM feature from a demo into an engineered system you can:

Measure (quantify quality across dimensions)
Monitor (detect drift and regressions early)
Improve (pinpoint failure modes and iterate)

This doc builds evals from first principles and anchors everything in a concrete example: a workflow that classifies job postings as Remote EU (or not), outputs a structured JSON contract, and attaches multiple scorers (deterministic + LLM-as-judge) to generate reliable evaluation signals.

1) The core idea: make quality observable

An eval is a function:

Eval(input, output, context?, ground_truth?) → score + reason + metadata

A single scalar score is rarely enough. You want:

Score: for trendlines, comparisons, and gating
Reason: for debugging and iteration
Metadata: to reproduce and slice results (model version, prompt version, retrieval config, toolset, sampling rate, time)

When you do this consistently, evals become the LLM equivalent of:

unit tests + integration tests,
observability (logs/metrics/traces),
QA plus post-release monitoring.

2) “Correct” is multi-dimensional

In LLM systems, quality is a vector.

Even if the final label is right, the output can still be unacceptable if:

it invents support in the explanation (hallucination),
it violates the rubric (misalignment),
it fails formatting constraints (schema noncompliance),
it’s unhelpful or vague (low completeness),
it includes unsafe content (safety).

So you don’t build one eval. You build a panel of scorers that measure different axes.

3) Deterministic vs model-judged evals

3.1 Deterministic evals (cheap, stable, strict)

No model involved. Examples:

schema validation
required fields present (e.g., reason non-empty)
bounds checks (confidence ∈ {low, medium, high})
regex checks (must not include disallowed fields)

Strengths: fast, repeatable, low variance Limitations: shallow; can’t grade nuance like “is this reason actually supported?”

3.2 LLM-as-judge evals (powerful, fuzzy, variable)

Use a second model (the judge) to grade output against a rubric and evidence.

Strengths: can evaluate nuanced properties like grounding, rubric adherence, and relevance Limitations: cost/latency, judge variance, judge drift, and susceptibility to prompt hacking if unconstrained

In production, the winning pattern is: deterministic guardrails + rubric-based judge scoring + sampling.

4) The “Remote EU” running example

4.1 Task

Input:

title
location
description

Output contract:

{
  "isRemoteEU": true,
  "confidence": "high",
  "reason": "Short evidence-based justification."
}

4.2 Why this is a great eval example

Job posts are full of ambiguous and misleading phrases:

“EMEA” is not EU-only
“CET/CEST” is a timezone, not eligibility
UK is not in the EU
Switzerland/Norway are in Europe but not EU
“Hybrid” is not fully remote
Multi-location lists can mix EU and non-EU constraints

This creates exactly the kind of environment where “vibes” fail and measurement matters.

5) Workflow-first evaluation architecture

A practical production architecture separates:

serving (fast path that returns a result),
measurement (scoring and diagnostics, often sampled).

Why this split matters

If your most expensive scorers run inline on every request, your feature inherits their cost and latency. A workflow-first approach gives you options:

always-on “must-have” scoring,
sampled deep diagnostics,
offline golden-set evaluation in CI.

6) Contracts make evaluation reliable: rubric + schema

6.1 Rubric is the spec

If you can’t state what “correct” means, you can’t measure it consistently.

Your rubric should define:

positive criteria (what qualifies),
explicit negatives (what disqualifies),
ambiguous cases and how to resolve them,
precedence rules (what overrides what).

6.2 Schema is the contract

Structured output makes evaluation composable:

score isRemoteEU separately from reason,
validate confidence vocabulary,
enforce required fields deterministically.

7) Design the scorer suite as a “sensor panel”

A robust suite typically includes:

7.1 Always-on core

Domain correctness judge (rubric-based)
Deterministic sanity (schema + hasReason)
Optionally: lightweight grounding check (if user-facing)

7.2 Sampled diagnostics

Faithfulness / hallucination (judge-based)
Prompt alignment
Answer relevancy
Completeness / keyword coverage (careful: can be gamed)

7.3 Low-rate tail-risk

Toxicity
Bias
(Domain-dependent) policy checks

8) The anchor metric: domain correctness as a strict judge

Generic “relevance” is not enough. You need:

“Is isRemoteEU correct under this rubric for this job text?”

8.1 What a good judge returns

A strong judge returns structured, actionable feedback:

score ∈ [0, 1]
isCorrect boolean
mainIssues[] (typed failure modes)
reasoning (short justification)
optional evidenceQuotes[] (snippets that support the judgment)

8.2 The “use only evidence” constraint

The most important instruction to judges:

Use ONLY the job text + rubric. Do not infer missing facts.

Without this, your judge will “helpfully” hallucinate implied constraints, and your metric becomes untrustworthy.

9) Deterministic sanity checks: tiny effort, huge payoff

Even with a schema, add simple checks:

reason.trim().length > 0
confidence in an allowed set
optional length bounds for reason (prevents rambling)

These are cheap, stable, and catch silent regressions early.

10) Grounding: the trust layer

In many real products, the worst failure is not “wrong label.” It’s unsupported justification.

A model can guess the right label but invent a reason. Users trust the reason more than the label. When the reason lies, trust is gone.

Useful grounding dimensions:

Faithfulness: does the reason match the job text?
Non-hallucination: does it avoid adding unsupported claims?
Context relevance: does it actually use provided context?

Normalize score direction

If a scorer returns “lower is better” (hallucination/toxicity), invert it so higher is always better:

This prevents endless mistakes in dashboards and thresholds.

11) Aggregation: how many metrics become decisions

You typically want three layers:

11.1 Hard gates (binary invariants)

Examples:

schema valid
hasReason = 1
correctness score ≥ threshold
non-hallucination ≥ threshold (if user-facing)

11.2 Soft composite score (trend tracking)

A weighted score helps compare versions, but should not hide hard failures.

11.3 Diagnostics (why it failed)

Store mainIssues[] and judge reasons so you can cluster and fix.

12) Slicing: where the real insight lives

A single global average is rarely useful. You want to slice by meaningful features:

For Remote EU:

contains “EMEA”
contains “CET/CEST”
mentions UK
mentions hybrid/on-site
mentions “Europe” (ambiguous)
multi-location list present
mentions “EU work authorization”

This turns “accuracy dropped” into “accuracy dropped specifically on CET-only job posts.”

13) The Remote EU rubric as a decision tree

A rubric becomes much easier to debug when you can visualize precedence rules.

Here’s an example decision tree (adapt to your policy):

This makes edge cases explicit and makes judge behavior easier to audit.

14) Sampling strategy: cost-aware measurement

A practical scoring policy:

Always-on: correctness + sanity
25% sampled: grounding + alignment + completeness
10% sampled: safety canaries
0%: tool-call accuracy until you actually use tools

This gives you statistical visibility with bounded cost.

If you want deeper rigor:

increase sampling on releases,
reduce sampling during stable periods,
bias sampling toward risky slices (e.g., posts containing “EMEA” or “CET”).

15) Calibration: make “confidence” mean something

If you output confidence: high|medium|low, treat it as a measurable claim.

Track:

P(correct | high)
P(correct | medium)
P(correct | low)

A healthy confidence signal produces a separation like:

high ≫ medium ≫ low

If “high” is only marginally better than “medium,” you’re emitting vibes, not confidence.

16) Turning evals into improvement: the feedback loop

Evals are not a report card. They’re a loop.

Collect runs + eval artifacts
Cluster failures by mainIssues[]
Fix prompt/rubric/routing/post-processing
Re-run evals (golden set + sampled prod)
Gate release based on regressions

The key operational shift: you stop debating anecdotes and start shipping changes backed by measured deltas.

17) Golden sets: fast regression detection

A golden set is a curated collection of test cases representing:

core behavior,
common edge cases,
historical failures.

Even 50–200 examples catch a shocking amount of regression.

For Remote EU, include cases mentioning:

“Remote EU only”
“Remote Europe” (ambiguous)
“EMEA only”
“CET/CEST only”
UK-only
Switzerland/Norway-only
hybrid-only (single city)
multi-location lists mixing EU and non-EU
“EU work authorization required” without explicit countries

Run the golden set:

on every prompt/model change (CI),
nightly as a drift canary.

18) Judge reliability: making LLM-as-judge dependable

Judge scoring is powerful, but you must treat the judge prompt like production code.

18.1 Techniques that reduce variance

force structured judge output (JSON schema)
use a clear rubric with precedence rules
include explicit negative examples
constrain the judge: “use only provided evidence”
keep judge temperature low
store judge prompt version + rubric version

18.2 Disagreement as signal

If you run multiple judges or compare judge vs deterministic heuristics, disagreement highlights ambiguous cases worth:

rubric refinement,
targeted prompt updates,
additional training data,
routing policies.

19) Production gating patterns

Not every system should block on evals, but you can safely gate high-risk cases.

Common gates:

schema invalid → retry
correctness below threshold → rerun with stronger model or request clarification (if user-facing)
low grounding score → regenerate explanation constrained to cite evidence
confidence low → route or mark uncertain

20) Beyond classifiers: evals for tool-using agents

Once your agent calls tools (search, databases, parsers, RAG), evals expand to include:

Tool selection correctness: did it call tools when needed?
Argument correctness: were tool parameters valid?
Faithful tool usage: did the model use tool outputs correctly?
Over-calling: did it waste calls?

This is where agentic systems often succeed or fail in production.

21) A practical checklist

Spec & contracts

Rubric defines positives, negatives, precedence, ambiguous cases
Output schema enforced
Prompt and rubric are versioned artifacts

Scorers

Always-on: correctness + sanity
Sampled: grounding + alignment + completeness
Low-rate: safety checks
Scores normalized so higher is better

Ops

Metrics stored with reasons + metadata
Slices defined for high-risk patterns
Golden set exists and runs in CI/nightly
Feedback loop ties evals directly to prompt/rubric/routing changes

Closing

Without evals, you can demo. With evals, you can ship—and keep shipping.

A workflow-first pattern—rubric + schema + domain correctness judge + grounding diagnostics + sampling + feedback loop—turns an LLM from a “text generator” into an engineered system you can measure, monitor, and improve like any serious production service.

Appendix: Reusable Mermaid snippets

A) System architecture

B) Eval taxonomy

C) Feedback loop

Agentic Job Pre-Screening with LangGraph + DeepSeek: Auto-Reject Fake “Remote” Roles

January 25, 2026 · 7 min read

Vadim Nicolai

Senior Software Engineer

Introduction

Remote job postings are noisy, inconsistent, and often misleading. A role is labeled “Remote”, but the actual constraints show up in one sentence buried halfway down the description:

“Remote (US only)”
“Must be authorized to work in the U.S. without sponsorship”
“EU/EEA only due to payroll constraints”
“Must overlap PST business hours”
“Hybrid, 2 days/week in-office”

This article breaks down a LangGraph System that pre-screens job postings using DeepSeek structured extraction, then applies deterministic rules to instantly decide:

✅ Apply
❌ Reject (with reasons + quotes)

The goal is simple: filter out non-viable jobs before you spend time applying.

The Problem: “Remote” Doesn’t Mean “Work From Anywhere”

Why Traditional Filters Fail

Keyword filters (“remote”, “anywhere”) fail because job descriptions are written inconsistently and constraints can be phrased in dozens of ways:

Remote but country-restricted
Remote but timezone-restricted
Remote but payroll-limited
Remote but no visa sponsorship
Remote but actually hybrid

Instead of relying on fragile string matching, we use an LLM to read the description like a human, but output machine-usable constraints.

System Overview

This agent evaluates job postings in two phases:

Analyze job text (DeepSeek + structured schema)
Check eligibility (deterministic rules)

What It Detects

Location scope
- US-only / EU-only / Global / Specific regions / Unknown
Remote status
- fully-remote / remote-with-restrictions / hybrid / on-site / unknown
Visa sponsorship
- explicit yes/no/unknown
Work authorization requirements
- must be authorized in US/EU, or not specified
Timezone restrictions
- PST overlap / CET overlap / etc.

Tech Stack

LangGraph: workflow orchestration and state transitions
DeepSeek: high-signal extraction from messy job text (deepseek-chat)
LangChain structured output: strict schema → stable parsing
Deterministic rules engine: eligibility enforcement without “LLM vibes”

Architecture Patterns

1) LangGraph Workflow

Instead of a linear script, the system is a graph-driven workflow:

This shape is production-friendly because the workflow can expand safely:

add salary checks
add tech stack fit scoring
add seniority mismatch detection
add contractor vs employee constraints

Typed State + Structured Extraction

State Model (TypedDict)

LangGraph becomes far more reliable when state is explicit:

class JobScreeningState(TypedDict):
    job_title: str
    company: str
    description: str
    location: str
    url: str

    # Candidate requirements
    candidate_needs_visa_sponsorship: bool
    requires_fully_remote: bool
    requires_worldwide_remote: bool
    candidate_locations: List[str]

    # Output
    is_eligible: bool
    rejection_reasons: List[str]

    # Extracted requirements
    location_requirement: Optional[str]
    specific_regions: List[str]
    excluded_regions: List[str]
    visa_sponsorship_available: Optional[bool]
    work_authorization_required: Optional[str]
    remote_status: str
    timezone_restrictions: List[str]
    confidence: str
    key_phrases: List[str]
    analysis_explanation: Optional[str]

DeepSeek Extraction: Converting Messy Text Into Policy Constraints

Why Structured Output Is Non-Negotiable

Freeform LLM output is fragile. A production system needs predictable extraction. This agent forces DeepSeek into a strict schema:

class JobAnalysisSchema(TypedDict):
    location_requirement: Literal["US-only", "EU-only", "Global", "Specific-regions", "Unknown"]
    specific_regions: List[str]
    excluded_regions: List[str]
    remote_status: Literal["fully-remote", "remote-with-restrictions", "hybrid", "on-site", "unknown"]
    visa_sponsorship_available: Optional[bool]
    work_authorization_required: Literal["US-only", "EU-only", "Any", "Unknown"]
    timezone_restrictions: List[str]
    confidence: Literal["high", "medium", "low"]
    key_phrases: List[str]
    explanation: str

With this contract, the agent can safely feed extracted requirements into deterministic logic.

Token Efficiency: Keep Only High-Signal Lines

Job descriptions are long. Constraints are usually short. To reduce tokens and improve extraction precision, the system trims input to keyword-adjacent lines:

KEYWORDS = (
    "remote", "anywhere", "worldwide", "timezone", "sponsor", "visa",
    "authorized", "work authorization", "must be located", "eligible to work",
    "location", "region", "country", "overlap", "hours", "time zone"
)

def _keep_relevant(text: str, window: int = 2) -> str:
    lines = text.splitlines()
    keep = set()
    for i, ln in enumerate(lines):
        if any(k in ln.lower() for k in KEYWORDS):
            for j in range(max(0, i - window), min(len(lines), i + window + 1)):
                keep.add(j)
    return "\n".join(lines[i] for i in sorted(keep)) or text

This improves the system in four ways:

lower inference cost
faster runtime
less noise
fewer hallucination opportunities

Heuristics + DeepSeek: Hybrid Extraction That Wins

Before invoking DeepSeek, the system runs a tiny heuristic pre-check:

detects obvious “Remote (Worldwide)”
detects “Remote (US only)”
detects “Hybrid / On-site”

def _fast_heuristic_precheck(state: JobScreeningState) -> Optional[Dict[str, Any]]:
    loc = state.get("location", "") or ""
    desc = state.get("description", "") or ""
    seed: Dict[str, Any] = {}

    if _looks_worldwide(loc) or _looks_worldwide(desc):
        seed["location_requirement"] = "Global"
        seed["remote_status"] = "fully-remote"

    if (_looks_us_only(loc) or _looks_us_only(desc)) and not seed.get("location_requirement"):
        seed["location_requirement"] = "US-only"

    if _looks_hybrid_or_onsite(loc):
        seed["remote_status"] = "hybrid"

    return seed if seed else None

DeepSeek still performs the full extraction, but seeding improves resilience against incomplete metadata.

Eligibility Rules: Enforcing Worldwide Remote Strictly

The most valuable mode is strict worldwide remote filtering:

If requires_worldwide_remote=True, the job must satisfy ALL of the following:

remote_status == "fully-remote"
location_requirement == "Global"
no specific_regions
no timezone_restrictions

if state["requires_worldwide_remote"]:
    if state["remote_status"] != "fully-remote":
        rejection_reasons.append(
            f"Not worldwide-remote: remote status is '{state['remote_status']}'"
        )
    if state["location_requirement"] != "Global":
        rejection_reasons.append(
            f"Not worldwide-remote: location requirement is '{state['location_requirement']}'"
        )
    if state["specific_regions"]:
        rejection_reasons.append(
            f"Not worldwide-remote: restricted to {state['specific_regions']}"
        )
    if state["timezone_restrictions"]:
        rejection_reasons.append(
            f"Not worldwide-remote: timezone restrictions {state['timezone_restrictions']}"
        )

This instantly rejects “remote marketing” jobs like:

“Remote, EU only”
“Remote, US/Canada preferred”
“Remote, PST overlap required”

Visa Sponsorship Semantics: Correct and Safe

Sponsorship logic is easy to get wrong. The correct behavior:

reject only when sponsorship is explicitly not available (False)
do not reject on unknown (None)

if state["candidate_needs_visa_sponsorship"]:
    if state["visa_sponsorship_available"] is False:
        rejection_reasons.append(
            "Job does not offer visa sponsorship, but candidate needs sponsorship"
        )

This avoids dropping jobs that simply don’t mention sponsorship.

Explainability: Rejection Reasons + Key Phrases

Trust requires receipts. The system stores:

rejection_reasons (deterministic outcomes)
key_phrases (quotes that triggered the decision)
analysis_explanation (LLM summary for debugging)

That produces outputs like:

“Job requires US location; candidate is not in US”
“Not worldwide-remote: timezone restrictions ['US Pacific business hours']”
key phrases like “Must be authorized to work in the U.S. without sponsorship”

Real-World Test Scenarios

The included test suite covers the most common job board traps:

US-only remote + no sponsorship
Remote worldwide (work from anywhere)
EU-only remote
Remote with timezone overlap requirement

This validates both extraction quality and deterministic enforcement.

Production Enhancements

1) Add a Match Score (Not Only Pass/Fail)

Binary decisions are clean, but scoring improves ranking:

100 = perfect match
70 = acceptable
30 = not worth it
0 = reject

2) Cache Results by URL Hash

You already compute a stable thread_id from the job URL. Persist results keyed by:

url_hash
model version
rule version

This prevents re-analyzing duplicate postings.

3) Detect Payroll Constraints Explicitly

Add signals for:

“We can only hire in countries where we have an entity”
“Deel/Remote.com limited coverage”
“W2 only / no contractors”

This is one of the highest ROI improvements for global applicants.

Conclusion

This LangGraph System turns job descriptions into enforceable constraints:

DeepSeek extracts remote reality, location scope, and sponsorship signals
Structured output makes extraction stable and machine-safe
Deterministic rules enforce candidate requirements precisely
Worldwide-remote mode filters out fake “remote” listings instantly
Decisions are explainable with reasons and quotes

This is how you scale job hunting without wasting time: automate rejection early, apply only where it can actually work.

References

Building Long-Running TTS Pipelines with LangGraph: Orchestrating Long-Form Audio Generation

January 18, 2026 · 17 min read

Vadim Nicolai

Senior Software Engineer

Introduction

Generating long-form audio content—audiobooks spanning hours, educational courses, or extended podcasts—presents unique challenges: API rate limits, network failures, resource constraints, and the sheer duration of processing. This article explores a production-ready architecture for long-running TTS pipelines that can gracefully handle long-form generation tasks, resume after failures, and maintain state across distributed systems.

Built with LangGraph, the system orchestrates complex workflows involving AI content generation (DeepSeek), text-to-speech conversion (OpenAI TTS), and distributed storage (Cloudflare R2). The key innovation: PostgreSQL checkpointing enables resumable execution, making it possible to generate 5-30+ minute audio segments reliably, even when individual API calls or processing steps fail.

The Challenge: Long-Form Audio at Scale

Why Long-Running Pipelines Are Hard

Traditional TTS approaches fail at scale:

Time Constraints: A 30-minute audio narrative requires ~4,500 words, chunked into 10-15 API calls, taking 2-5 minutes to generate
Failure Points: Each step (text generation, chunking, TTS, storage) can fail independently
Memory Pressure: Holding all audio segments in memory for hours is impractical
Cost Management: Retrying from scratch wastes API credits and compute time
State Loss: Without persistence, crashes mean starting over

Our Solution: Stateful Orchestration

LangGraph manages workflow state transitions
PostgreSQL persists checkpoints after each successful step
R2 provides durable storage for completed segments
Resumable execution using thread_id for job recovery

System Overview

The pipeline orchestrates three main workflows:

Research Generation: Structured content research using DeepSeek
Narrative Text Generation: Long-form content creation with context awareness
Audio Synthesis: Text-to-speech conversion with OpenAI TTS and Cloudflare R2 storage

Tech Stack

LangGraph: State machine orchestration with built-in checkpointing
DeepSeek: Long-form text generation (deepseek-chat, 2500+ token outputs)
OpenAI TTS: Streaming audio synthesis (gpt-4o-mini-tts, 4096 char limit per request)
PostgreSQL: Durable checkpointing for long-running jobs (Neon serverless for production)
Cloudflare R2: S3-compatible storage with zero egress fees (critical for multi-GB audio)
FastAPI: Async REST API for non-blocking long operations
Docker: Containerized deployment with ffmpeg for audio merging

Why This Stack for Long-Running Jobs:

Postgres checkpointing: Resume from any point in the workflow (text generation → chunking → TTS → upload)
Streaming TTS: Memory-efficient direct-to-disk writes (no buffering entire audio in RAM)
R2 durability: Segments uploaded immediately, survive process crashes
Async execution: Non-blocking background processing for hours-long jobs

Architecture Patterns

1. Core LangGraph State Machine

The system implements three distinct LangGraph workflows, each optimized for specific tasks.

2. Research Generation Pipeline

The research pipeline generates structured research content using a focused LangGraph workflow.

Key Features:

Low temperature (0.3) for factual accuracy
Structured JSON output with validation
Evidence level classification (A/B/C)
Relevance scoring for topic matching

3. Long-Form Text Generation Pipeline

The most sophisticated workflow, supporting both full generation and audio-only modes.

Conditional Routing Logic:

def should_skip_text_generation(state: TextState) -> str:
    """Route to text generation or skip to audio."""
    if state.get("existing_content") and state["existing_content"].get("text"):
        return "chunk_text"  # Audio-only mode
    return "generate_text"  # Full generation

def should_generate_audio(state: TextState) -> str:
    """Route to audio generation or end."""
    if state.get("generate_audio", True):
        return "chunk_text"
    return END  # Text-only mode

4. Audio Generation Pipeline (Standalone)

A simplified pipeline for generic long-form narration.

Iterative Chunk Processing:

The system uses a recursive edge pattern for processing chunks:

g.add_conditional_edges(
    "tts_one_chunk",
    edge_should_continue,
    {
        "tts_one_chunk": "tts_one_chunk",  # Loop back
        "finalize": "finalize",             # Exit loop
    },
)

def edge_should_continue(state: JobState) -> str:
    if state["chunk_index"] < len(state["chunks"]):
        return "tts_one_chunk"
    return "finalize"

Deep Dive: Key Architectural Components

State Management

LangGraph uses typed state dictionaries for type safety and IDE support:

class TextState(TypedDict):
    # Input metadata
    content_id: int
    title: str
    content_type: str
    language: str
    target_duration_minutes: int | None
    
    # Generation data
    research_items: list[dict]
    existing_content: dict | None
    generated_text: str | None
    
    # TTS fields
    voice: str
    chunks: List[str]
    segment_urls: List[str]
    manifest_url: Optional[str]
    audio_url: Optional[str]
    
    # Control flow
    generate_audio: bool
    database_saved: bool
    error: str | None

Postgres Checkpointing: The Key to Long-Running Resilience

For long-running jobs, checkpointing is non-negotiable. Without it, a network glitch at minute 25 of a 30-minute generation means restarting from scratch.

How Checkpointing Works:

async def run_pipeline(state: TextState, thread_id: str):
    db_url = os.getenv("DATABASE_URL")
    
    async with AsyncPostgresSaver.from_conn_string(db_url) as checkpointer:
        await checkpointer.setup()  # Creates checkpoint tables
        app = build_graph(checkpointer=checkpointer)
        config = {"configurable": {"thread_id": thread_id}}
        
        # LangGraph automatically saves state after each node execution
        final_state = await app.ainvoke(state, config=config)
        return final_state

What Gets Checkpointed:

Complete state dictionary after each node
Edge transitions and routing decisions
Timestamps and execution metadata
Partial results (generated text, uploaded segment URLs)

Recovery Example:

# Job crashes after generating 8 of 12 TTS segments
# Resume with same thread_id:
final_state = await run_pipeline(initial_state, thread_id="job-12345")

# LangGraph:
# 1. Loads last checkpoint from Postgres
# 2. Sees 8 segments already uploaded to R2
# 3. Continues from segment 9
# 4. Completes remaining 4 segments

Production Benefits:

Cost Savings: No wasted API calls on retry
Time Efficiency: Resume from 80% complete, not 0%
Reliability: Transient failures (rate limits, timeouts) don't kill long-form jobs
Observability: Query checkpoint table to monitor progress
Parallel Execution: Multiple jobs with different thread_id values

Text Chunking Algorithm: Optimizing for Long-Form Narration

For 30-minute audio (4,500+ words), naive chunking creates jarring transitions. Our algorithm balances API constraints with narrative flow:

Constraints:

OpenAI TTS: 4,096 character limit per request
Target: ~4,000 chars per chunk (safety margin)
Goal: Natural pauses at paragraph/sentence boundaries

Strategy:

def chunk_text(text: str, max_chars: int = 4000) -> List[str]:
    """
    Multi-level chunking for long-form content:
    
    1. Split by paragraphs (\n\n) - natural topic boundaries
    2. Accumulate paragraphs until approaching 4K limit
    3. If single paragraph > 4K, split by sentences
    4. If single sentence > 4K, split mid-sentence (rare edge case)
    
    Result: 10-15 chunks for 30-min audio, each ending at natural pause
    """
    paragraphs = [p.strip() for p in text.split("\n\n") if p.strip()]
    chunks = []
    buf = []
    
    for p in paragraphs:
        candidate = "\n\n".join(buf + [p]) if buf else p
        if len(candidate) <= max_chars:
            buf.append(p)
        else:
            if not buf:
                # Paragraph too large - split by sentences
                sentences = re.split(r"(?<=[.!?])\s+", p)
                # Accumulate sentences with same logic...
            else:
                chunks.append("\n\n".join(buf))
                buf = [p]
    
    return chunks

Why This Matters for Long-Form:

Seamless Merging: Chunk boundaries at natural pauses prevent audio glitches
Even Distribution: Avoids tiny final chunks (better for progress tracking)
Memory Efficiency: Process one chunk at a time, not entire 4,500-word text
Resumability: Each chunk is independent; can resume mid-sequence

OpenAI TTS Streaming

Efficient audio generation using streaming responses:

async def node_tts_one_chunk(state: JobState) -> JobState:
    chunk_text = state["chunks"][state["chunk_index"]]
    segment_path = f"segment_{state['chunk_index']:04d}.mp3"
    
    client = OpenAI()
    
    # Stream directly to disk (memory efficient)
    with client.audio.speech.with_streaming_response.create(
        model="gpt-4o-mini-tts",
        voice=state["voice"],
        input=chunk_text,
        response_format="mp3",
    ) as response:
        response.stream_to_file(segment_path)
    
    # Upload to R2
    r2_url = upload_to_r2(segment_path, state["job_id"])
    
    return {
        **state,
        "segment_urls": [*state["segment_urls"], r2_url],
        "chunk_index": state["chunk_index"] + 1,
    }

Audio Merging Strategy

The system uses ffmpeg for high-quality concatenation:

async def node_generate_audio(state: TextState) -> TextState:
    # Generate all segments...
    
    # Create concat list for ffmpeg
    file_list_path.write_text(
        "\n".join(f"file '{segment}'" for segment in segment_paths)
    )
    
    # Merge using ffmpeg (codec copy - fast and lossless)
    subprocess.run([
        "ffmpeg", "-f", "concat", "-safe", "0",
        "-i", str(file_list_path),
        "-c", "copy",  # No re-encoding
        str(merged_path)
    ])
    
    # Fallback to binary concatenation if ffmpeg unavailable
    if not merged_path.exists():
        with open(merged_path, "wb") as merged:
            for segment in segment_paths:
                merged.write(segment.read_bytes())

Cloudflare R2 Integration

S3-compatible storage for globally distributed audio:

def get_r2_client():
    return boto3.client(
        's3',
        endpoint_url=f'https://{R2_ACCOUNT_ID}.r2.cloudflarestorage.com',
        aws_access_key_id=R2_ACCESS_KEY_ID,
        aws_secret_access_key=R2_SECRET_ACCESS_KEY,
        config=Config(signature_version='s3v4'),
    )

def upload_to_r2(file_path: Path, job_id: str) -> str:
    key = f"{job_id}/{file_path.name}"
    
    client.put_object(
        Bucket=R2_BUCKET_NAME,
        Key=key,
        Body=file_path.read_bytes(),
        ContentType='audio/mpeg',
    )
    
    return f"{R2_PUBLIC_DOMAIN}/{key}"

Structured Content Generation

Narrative Architecture Framework

The system implements a flexible content framework with customizable sections:

Key Components:

Introduction (2-3 min): Hook the listener and set expectations
Context: Background information and relevance
Core Content: Main topic introduction with clear structure
Examples: Concrete illustrations and case studies
Deep Dive: Detailed exploration of key concepts
Applications: Practical use cases and implementation
Advanced Topics: Nuanced discussion for engaged learners
Synthesis: Connect all concepts together
Takeaways: Summary of key points
Conclusion: Clear closing and next steps

Dynamic Content Adaptation

def build_content_prompt(state: TextState) -> str:
    minutes = state.get("target_duration_minutes") or 5
    target_words = int(minutes * 150)  # 150 words per minute narration
    
    content_type = state.get("content_type")
    
    # Select architecture based on content type
    architecture = generate_content_architecture(content_type)
    
    return f"""
Create a {state['language']} narrative for audio:

TOPIC: {state['title']}
TYPE: {content_type}
TARGET: {target_words} words ({minutes} minutes)

{architecture}

RESEARCH CONTEXT:
{format_research_summary(state['research_items'])}

Requirements:
- Plain text only (no markdown)
- Natural paragraph breaks
- Engaging, clear tone
- Appropriate language for audio listening
"""

API Endpoints

FastAPI Service Layer

Endpoint Implementations:

@app.post("/api/research/generate")
async def research_endpoint(req: ResearchRequest):
    """Generate research context using LangGraph + DeepSeek."""
    return await generate_research(req)

@app.post("/api/text/generate")
async def text_endpoint(req: TextGenerationRequest):
    """Generate long-form text content (text-only mode)."""
    return await generate_text(req)

@app.post("/api/audio/generate")
async def audio_endpoint(req: TextGenerationRequest):
    """Generate audio from existing content (audio-only mode)."""
    return await generate_audio(req)

@app.post("/api/tts/generate")
async def tts_endpoint(req: TTSRequest, background_tasks: BackgroundTasks):
    """Generic TTS generation (fire-and-forget)."""
    return await generate_tts(req, background_tasks)

Deployment Architecture

Docker Containerization

FROM python:3.12-slim

WORKDIR /app

# Install ffmpeg for audio merging
RUN apt-get update && apt-get install -y ffmpeg && rm -rf /var/lib/apt/lists/*

# Install Python dependencies
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

# Copy application code
COPY . .

# Expose port
EXPOSE 8080

# Run FastAPI server
CMD ["uvicorn", "langgraph_server:app", "--host", "0.0.0.0", "--port", "8080"]

Environment Configuration

# AI Services
DEEPSEEK_API_KEY=sk-...
OPENAI_API_KEY=sk-...

# Database (Neon Postgres)
DATABASE_URL=postgresql://user:pass@host/db?sslmode=require

# Cloudflare R2
R2_ACCOUNT_ID=...
R2_ACCESS_KEY_ID=...
R2_SECRET_ACCESS_KEY=...
R2_BUCKET_NAME=longform-tts
R2_PUBLIC_DOMAIN=https://pub-longform-tts.r2.dev

Cloudflare Workers Deployment

# wrangler.toml
name = "langgraph-tts"
compatibility_date = "2024-01-01"

[build]
command = "docker build -t langgraph-tts ."

[[services]]
name = "langgraph-tts"
image = "langgraph-tts:latest"

[env]
PORT = "8080"

[[r2_buckets]]
binding = "LONGFORM_TTS"
bucket_name = "longform-tts"

Production Considerations

Performance Metrics for Long-Running Jobs

Benchmarks (30-minute audio generation):

Stage	Duration	Checkpointed	Retryable
Text Generation (DeepSeek)	30-60s	✅ After completion	✅ Full retry
Text Chunking	<1s	✅ After completion	✅ Instant
TTS Segments (1–12)	10-20s each	✅ After each segment	✅ Per-segment
Audio Merging (ffmpeg)	1–3s	✅ After completion	✅ Full retry
R2 Upload (merged)	2-5s	✅ After completion	✅ Full retry
Total Pipeline	3-5 minutes	15+ checkpoints	Granular recovery

Long-Running Job Profile:

# Example: 2-hour audiobook chapter
text_length = 18,000 words
chunks = 45  # ~4,000 chars each
tts_time = 45 * 15s = 11.25 minutes
text_gen_time = 2-3 minutes
total_time = ~15 minutes for 2-hour audio

# Checkpoint frequency:
# - 1 after text generation
# - 45 after each TTS segment
# - 1 after merge
# Total: 47 recovery points

Failure Recovery Times:

Crash at 80% complete → Resume in 1–2 seconds, continue from segment 36/45
Network timeout on segment 20 → Retry only segment 20, not segments 1–19
Database connection loss → Reconnect and load last checkpoint (<500ms)

Error Handling & Resilience

async def node_generate_text(state: TextState) -> TextState:
    try:
        llm = ChatDeepSeek(model="deepseek-chat", temperature=0.7, max_tokens=2500)
        prompt = build_therapeutic_prompt(state)
        
        resp = await llm.ainvoke([HumanMessage(content=prompt)])
        text = clean_for_tts(resp.content)
        
        return {**state, "generated_text": text, "error": None}
    except Exception as e:
        print(f"❌ Text generation failed: {e}")
        return {**state, "error": str(e)}

Monitoring & Observability

Key metrics to track:

Generation Metrics:
- Text generation latency (DeepSeek)
- TTS latency per chunk (OpenAI)
- Total pipeline duration
Quality Metrics:
- Text length vs target duration
- Chunk count and size distribution
- Audio segment file sizes
Infrastructure Metrics:
- R2 upload success rate
- Database checkpoint writes
- ffmpeg merge success rate
Cost Metrics:
- DeepSeek token usage
- OpenAI TTS character count
- R2 storage and bandwidth

Scaling Patterns

Horizontal Scaling:

FastAPI instances behind load balancer
Stateless design (state in Postgres)
R2 for distributed storage

Batch Processing:

async def batch_generate_audio(goal_ids: List[int]):
    """Process multiple goals in parallel."""
    tasks = [run_pipeline(build_state(id), f"batch-{id}") for id in goal_ids]
    results = await asyncio.gather(*tasks, return_exceptions=True)
    return results

Queue-Based Processing:

Use background tasks for long-running jobs
Celery/Redis for distributed task queue
Webhook callbacks for completion notifications

Performance Optimization

Chunking Optimization

# Optimize chunk size for TTS quality vs API limits
OPTIMAL_CHUNK_SIZE = 3000  # Sweet spot for natural pauses

# Parallel TTS generation (with rate limiting)
async def parallel_tts_generation(chunks: List[str], max_concurrent: int = 3):
    semaphore = asyncio.Semaphore(max_concurrent)
    
    async def generate_with_limit(chunk, index):
        async with semaphore:
            return await generate_tts_segment(chunk, index)
    
    tasks = [generate_with_limit(c, i) for i, c in enumerate(chunks)]
    return await asyncio.gather(*tasks)

Caching Strategy

# Cache research results for similar goals
@lru_cache(maxsize=100)
def get_research_for_goal_type(therapeutic_type: str, age: int):
    """Cache research by type + age bracket."""
    return fetch_research(therapeutic_type, age)

# Cache text generation for re-use
async def get_or_generate_text(goal_id: int):
    existing = await db.fetch_story(goal_id)
    if existing and existing.created_at > datetime.now() - timedelta(days=7):
        return existing.text
    return await generate_new_text(goal_id)

Testing Strategy

Unit Tests

def test_chunk_text_respects_limit():
    long_text = "word " * 2000
    chunks = chunk_text(long_text, max_chars=4000)
    
    for chunk in chunks:
        assert len(chunk) <= 4000

def test_clean_for_tts_removes_markdown():
    text = "# Title\n\n**bold** and `code`"
    cleaned = clean_for_tts(text)
    assert "#" not in cleaned
    assert "**" not in cleaned
    assert "`" not in cleaned

Integration Tests

@pytest.mark.asyncio
async def test_full_pipeline():
    state = {
        "goal_id": 1,
        "goal_title": "Test anxiety reduction",
        "therapeutic_goal_type": "anxiety_reduction",
        "age": 8,
        # ... other fields
    }
    
    result = await run_pipeline(state, "test-thread-1")
    
    assert result["generated_text"] is not None
    assert len(result["chunks"]) > 0
    assert result["audio_url"] is not None
    assert result["error"] is None

Lessons Learned

1. State Design is Critical

Use TypedDict for type safety
Keep state flat (avoid deep nesting)
Include metadata for debugging (timestamps, IDs)

2. Checkpoint Strategically

Not all workflows need checkpointing
Audio-only mode: disable checkpoints to avoid schema issues
Use thread_id conventions: {workflow}-{entity_id}-{timestamp}

3. Error Recovery

Graceful degradation (segments work even if merge fails)
Fallback strategies (binary concat if ffmpeg unavailable)
Preserve partial results (individual segments in R2)

4. Cost Management

Monitor token usage (DeepSeek is cost-effective at $0.14/$ 0.28 per 1M tokens)
OpenAI TTS: $15 per 1M characters
R2 storage: $0.015/GB/month (much cheaper than S3)

5. Content Quality

Structured frameworks improve consistency
Repetition aids retention and comprehension
Audience-appropriate language is crucial for engagement

Future Enhancements

1. Multi-Voice Narratives

# Support character dialogue with different voices
voices = {
    "narrator": "cedar",
    "child_character": "nova",
    "parent_character": "marin"
}

2. Emotion-Adaptive TTS

# Adjust voice parameters based on content emotion
def get_tts_params(text: str) -> dict:
    sentiment = analyze_sentiment(text)
    
    if sentiment == "calm":
        return {"speed": 0.9, "pitch": 0}
    elif sentiment == "energetic":
        return {"speed": 1.1, "pitch": 2}

3. Real-Time Streaming

# Stream audio as it's generated (SSE)
async def stream_audio_generation(goal_id: int):
    async for chunk_url in generate_audio_stream(goal_id):
        yield f"data: {json.dumps({'chunk_url': chunk_url})}\n\n"

4. Multilingual Support

Expand beyond Romanian and English
Voice selection per language
Cultural adaptation of content frameworks

Conclusion

This LangGraph-based TTS architecture demonstrates several key patterns:

Composable Workflows: Three distinct pipelines sharing common components
Conditional Routing: Smart flow control based on state
Durable Execution: PostgreSQL checkpointing for resilience
Streaming Efficiency: Direct-to-disk TTS for memory optimization
Distributed Storage: R2 for globally accessible audio

The system successfully processes 5-30+ minute long-form narratives (up to 7,000+ words), generating research-backed content, converting to high-quality audio, and delivering via CDN—all while maintaining resumability after failures and full observability.

Real-World Performance:

30-minute generation: 12-15 TTS chunks, ~3-5 minutes total processing time
Failure recovery: Resume from any checkpoint in <1 second
Cost efficiency: $0.02-$ 0.07 per 30-minute audio (DeepSeek + OpenAI TTS)
Throughput: 10+ concurrent jobs on single instance

Key Takeaways for Long-Running Pipelines:

LangGraph + Postgres checkpointing is essential for long-form workflows
Streaming TTS to disk prevents memory exhaustion on long generations
Smart chunking (4K chars) balances API limits with narrative coherence
Immediate R2 uploads ensure partial results survive crashes
Async architecture enables fire-and-forget long operations
Thread-based recovery makes interrupted jobs trivial to resume

The architecture scales to long-form audio generation: audiobooks (10+ hours), comprehensive courses, documentary narration, or serialized storytelling—any use case where reliability and resumability are non-negotiable.

References

This architecture powers long-form audio generation, combining LangGraph orchestration, OpenAI TTS streaming, and distributed storage for production-ready AI audio systems.

DeFiTuna: On-Chain Limit Orders on Solana

January 10, 2026 · 14 min read

Vadim Nicolai

Senior Software Engineer

TL;DR

This guide demonstrates real-world implementation of DeFiTuna limit orders on Solana mainnet, focusing on:

Direct RPC Interaction: Building and submitting transactions without high-level SDKs
On-Chain Limit Order Storage: How limit order parameters are encoded in account data
Position Lifecycle: Open position → Set limits → Close position with actual mainnet transactions
Account Derivation: PDA calculations for spot positions and associated token accounts
DeFiTuna SDK Patterns: Insights from the official TypeScript/Rust SDK implementation

Live Mainnet Transactions:

Position Created: 4J9XJxHUDmSUV...
Limit Orders Set: 5ouHm9mVroRGz...
Position Closed: 44aWvGvPEWGK...

Introduction

DeFiTuna combines Orca Whirlpools with on-chain limit orders, enabling automated trading triggers without requiring active monitoring. Unlike traditional AMMs where you passively provide liquidity, DeFiTuna positions execute predefined trades when price conditions are met.

This article walks through the complete implementation—from deriving PDAs to encoding instruction data—using Rust with solana-sdk and insights from the DeFiTuna SDK.

Architecture Overview

DeFiTuna + Orca Integration

Key Insight: DeFiTuna is a Protocol Layer

DeFiTuna doesn't implement its own AMM. Instead, it:

Wraps existing AMMs (Orca Whirlpools, Fusion pools)
Adds limit order logic on top
Manages leveraged positions and lending vaults

On-Chain Account Structure

Position Account Data Layout (346 bytes)

From our mainnet position 8wvKhHXHfzY4eQZTyK4kTfUtGj46XX5UX8P4S5kBbJ5:

Offset   Field                    Type     Bytes   Description
------   -----                    ----     -----   -----------
0-8      Discriminator            u64      8       Account type identifier
8-40     Authority                Pubkey   32      Position owner
40-72    Pool                     Pubkey   32      Orca Whirlpool address
72-73    Position Token           u8       1       0=TokenA, 1=TokenB
73-74    Collateral Token         u8       1       0=TokenA, 1=TokenB
92-100   Amount                   u64      8       Position size
100-108  Borrowed                 u64      8       Borrowed amount
184-200  Lower Limit √Price       u128     16      Buy trigger price
200-216  Upper Limit √Price       u128     16      Sell trigger price

Hex dump from mainnet:

00b8:   60 e4 c0 d6 1c 8e 68 01  00 00 00 00 00 00 00 00   Lower limit
00c8:   70 17 34 50 e5 c9 7c 01  00 00 00 00 00 00 00 00   Upper limit

These bytes encode:

Lower: 6651068162312125808640 → $130
Upper: 7024310870365581606912 → $145

Implementation: Rust Binaries

Project Structure

bots/defituna-bot/
├── Cargo.toml
├── .env                    # Configuration
├── defituna.json          # Program IDL
└── src/
    ├── config.rs          # Shared config
    └── bin/
        ├── open_spot_position.rs    # Create position
        ├── set_limit_orders.rs      # Configure triggers
        ├── check_position.rs        # Query state
        └── close_position.rs        # Cleanup

1. Opening a Spot Position

File: src/bin/open_spot_position.rs

use solana_sdk::{
    instruction::{AccountMeta, Instruction},
    signature::{Keypair, Signer},
    transaction::Transaction,
};
use spl_associated_token_account::get_associated_token_address;

// DeFiTuna program ID (mainnet)
const DEFITUNA_PROGRAM: &str = "tuna4uSQZncNeeiAMKbstuxA9CUkHH6HmC64wgmnogD";

// Orca SOL/USDC Whirlpool
const WHIRLPOOL: &str = "Czfq3xZZDmsdGdUyrNLtRhGc47cXcZtLG4crryfu44zE";

fn main() -> Result<()> {
    let program_id = Pubkey::from_str(DEFITUNA_PROGRAM)?;
    let whirlpool = Pubkey::from_str(WHIRLPOOL)?;
    let authority = executor_keypair.pubkey();
    
    // Derive spot position PDA
    let (tuna_spot_position, _bump) = Pubkey::find_program_address(
        &[
            b"tuna_spot_position",
            authority.as_ref(),
            whirlpool.as_ref(),
        ],
        &program_id,
    );
    
    // Token program IDs
    let token_program_a = spl_token::ID; // SOL uses standard program
    let token_program_b = spl_token::ID; // USDC uses standard program
    
    // Derive associated token accounts for position
    let tuna_position_ata_a = get_associated_token_address(
        &tuna_spot_position,
        &SOL_MINT
    );
    let tuna_position_ata_b = get_associated_token_address(
        &tuna_spot_position,
        &USDC_MINT
    );
    
    // Build instruction
    // Discriminator from IDL: [87, 208, 173, 48, 231, 62, 210, 220]
    let mut data = vec![87, 208, 173, 48, 231, 62, 210, 220];
    
    // Args: position_token (PoolToken::A=0), collateral_token (PoolToken::B=1)
    data.push(0); // Trading SOL (position_token = A)
    data.push(1); // Collateral is USDC (collateral_token = B)
    
    let instruction = Instruction {
        program_id,
        accounts: vec![
            AccountMeta::new(authority, true),                  // authority (signer, writable)
            AccountMeta::new_readonly(SOL_MINT, false),        // mint_a
            AccountMeta::new_readonly(USDC_MINT, false),       // mint_b
            AccountMeta::new_readonly(token_program_a, false), // token_program_a
            AccountMeta::new_readonly(token_program_b, false), // token_program_b
            AccountMeta::new(tuna_spot_position, false),       // tuna_position (writable)
            AccountMeta::new(tuna_position_ata_a, false),      // tuna_position_ata_a
            AccountMeta::new(tuna_position_ata_b, false),      // tuna_position_ata_b
            AccountMeta::new_readonly(whirlpool, false),       // pool (Orca Whirlpool)
            AccountMeta::new_readonly(system_program::ID, false), // system_program
            AccountMeta::new_readonly(
                spl_associated_token_account::ID, 
                false
            ), // associated_token_program
        ],
        data,
    };
    
    // Create and sign transaction
    let recent_blockhash = rpc_client.get_latest_blockhash()?;
    let transaction = Transaction::new_signed_with_payer(
        &[instruction],
        Some(&authority),
        &[&executor_keypair],
        recent_blockhash,
    );
    
    // Send to RPC
    let signature = rpc_client.send_and_confirm_transaction(&transaction)?;
    println!("Position created: {}", signature);
    
    Ok(())
}

Key Points:

No collateral required to open position (just creates account structure)
Position PDA seeds: ["tuna_spot_position", authority, whirlpool]
Instruction creates position account + 2 associated token accounts
Cost: ~0.00329904 SOL rent + ~0.000005 SOL gas

2. Setting Limit Orders

File: src/bin/set_limit_orders.rs

/// Convert price to sqrt_price format
/// Formula: sqrt_price = sqrt(price) * 2^64, adjusted for decimals
fn price_to_sqrt_price(price: f64, decimals_a: u8, decimals_b: u8) -> u128 {
    let decimal_diff = decimals_a as i32 - decimals_b as i32;
    let adjusted_price = if decimal_diff >= 0 {
        price * 10_f64.powi(decimal_diff)
    } else {
        price / 10_f64.powi(-decimal_diff)
    };
    
    let sqrt_price_f64 = adjusted_price.sqrt() * (1u128 << 64) as f64;
    sqrt_price_f64 as u128
}

fn main() -> Result<()> {
    // Derive same position PDA
    let (tuna_spot_position, _) = Pubkey::find_program_address(
        &[b"tuna_spot_position", authority.as_ref(), whirlpool.as_ref()],
        &program_id,
    );
    
    // Set limit prices
    let lower_price = 130.0; // Buy if SOL drops to $130
    let upper_price = 145.0; // Sell if SOL rises to $145
    
    // Convert to sqrt_price (SOL=9 decimals, USDC=6 decimals)
    let lower_sqrt_price = price_to_sqrt_price(lower_price, 9, 6);
    let upper_sqrt_price = price_to_sqrt_price(upper_price, 9, 6);
    
    // Build instruction
    // Discriminator: [10, 180, 19, 205, 169, 133, 52, 118]
    let mut data = vec![10, 180, 19, 205, 169, 133, 52, 118];
    
    // Args: lower_limit_order_sqrt_price (u128), upper_limit_order_sqrt_price (u128)
    data.extend_from_slice(&lower_sqrt_price.to_le_bytes());
    data.extend_from_slice(&upper_sqrt_price.to_le_bytes());
    
    let instruction = Instruction {
        program_id,
        accounts: vec![
            AccountMeta::new_readonly(authority, true),    // authority (signer)
            AccountMeta::new(tuna_spot_position, false),  // tuna_position (writable)
        ],
        data,
    };
    
    let transaction = Transaction::new_signed_with_payer(
        &[instruction],
        Some(&authority),
        &[&executor_keypair],
        recent_blockhash,
    );
    
    let signature = rpc_client.send_and_confirm_transaction(&transaction)?;
    println!("Limit orders set: {}", signature);
    
    Ok(())
}

Output (mainnet):

Lower (buy): $130 → sqrt_price: 6651068162312125808640
Upper (sell): $145 → sqrt_price: 7024310870365581606912

Verification on-chain:

solana account 8wvKhHXHfzY4eQZTyK4kTfUtGj46XX5UX8P4S5kBbJ5

# Bytes 184-200 (lower limit):
60 e4 c0 d6 1c 8e 68 01 00 00 00 00 00 00 00 00

# Bytes 200-216 (upper limit):
70 17 34 50 e5 c9 7c 01 00 00 00 00 00 00 00 00

3. Closing a Position

File: src/bin/close_position.rs

fn main() -> Result<()> {
    // Derive position PDA (same as open)
    let (tuna_spot_position, _) = Pubkey::find_program_address(
        &[b"tuna_spot_position", authority.as_ref(), whirlpool.as_ref()],
        &program_id,
    );
    
    // Build close instruction
    // Discriminator: [4, 189, 171, 84, 110, 220, 10, 8]
    let data = vec![4, 189, 171, 84, 110, 220, 10, 8];
    
    let instruction = Instruction {
        program_id,
        accounts: vec![
            AccountMeta::new(authority, true),                 // authority
            AccountMeta::new_readonly(SOL_MINT, false),       // mint_a
            AccountMeta::new_readonly(USDC_MINT, false),      // mint_b
            AccountMeta::new_readonly(spl_token::ID, false),  // token_program_a
            AccountMeta::new_readonly(spl_token::ID, false),  // token_program_b
            AccountMeta::new(tuna_spot_position, false),      // tuna_position
            AccountMeta::new(tuna_position_ata_a, false),     // tuna_position_ata_a
            AccountMeta::new(tuna_position_ata_b, false),     // tuna_position_ata_b
        ],
        data,
    };
    
    let signature = rpc_client.send_and_confirm_transaction(&transaction)?;
    println!("Position closed, rent recovered: {}", signature);
    
    Ok(())
}

Result: Rent (0.00329904 SOL) returned to wallet, position account deleted.

DeFiTuna SDK Patterns

TypeScript SDK Structure

From DefiTuna/tuna-sdk repository:

// ts-sdk/client/src/txbuilder/openTunaSpotPosition.ts
export async function openTunaSpotPositionInstructions(
  rpc: Rpc<GetAccountInfoApi & GetMultipleAccountsApi>,
  authority: TransactionSigner,
  poolAddress: Address,
  args: OpenTunaSpotPositionInstructionDataArgs,
): Promise<IInstruction[]> {
  // 1. Derive position PDA
  const tunaPositionAddress = (
    await getTunaSpotPositionAddress(authority.address, poolAddress)
  )[0];

  // 2. Get associated token accounts
  const tunaPositionAtaA = (
    await findAssociatedTokenPda({
      owner: tunaPositionAddress,
      mint: mintA.address,
      tokenProgram: mintA.programAddress,
    })
  )[0];

  const tunaPositionAtaB = (
    await findAssociatedTokenPda({
      owner: tunaPositionAddress,
      mint: mintB.address,
      tokenProgram: mintB.programAddress,
    })
  )[0];

  // 3. Build instruction
  return getOpenTunaSpotPositionInstruction({
    authority,
    mintA: mintA.address,
    mintB: mintB.address,
    tokenProgramA: mintA.programAddress,
    tokenProgramB: mintB.programAddress,
    tunaPosition: tunaPositionAddress,
    tunaPositionAtaA,
    tunaPositionAtaB,
    pool: poolAddress,
    associatedTokenProgram: ASSOCIATED_TOKEN_PROGRAM_ADDRESS,
    ...args,
  });
}

Rust SDK Patterns

From rust-sdk/client/src/txbuilder/open_tuna_spot_position.rs:

pub fn open_tuna_spot_position_instructions(
    rpc: &RpcClient,
    authority: &Pubkey,
    pool_address: &Pubkey,
    args: OpenTunaSpotPositionInstructionArgs,
) -> Result<Vec<Instruction>> {
    // 1. Fetch pool account to determine token mints
    let pool_account = rpc.get_account(pool_address)?;
    
    // Decode based on program owner
    let (mint_a_address, mint_b_address) = if pool_account.owner == FUSIONAMM_ID {
        let pool: FusionPool = decode_account(&pool_account)?;
        (pool.token_mint_a, pool.token_mint_b)
    } else if pool_account.owner == WHIRLPOOL_ID {
        let pool: Whirlpool = decode_account(&pool_account)?;
        (pool.token_mint_a, pool.token_mint_b)
    } else {
        return Err(anyhow!("Unsupported pool type"));
    };

    // 2. Get mint accounts to determine token programs
    let mint_accounts = rpc.get_multiple_accounts(&[
        mint_a_address.into(),
        mint_b_address.into()
    ])?;
    
    let mint_a_account = mint_accounts[0].as_ref()
        .ok_or(anyhow!("Token A mint not found"))?;
    let mint_b_account = mint_accounts[1].as_ref()
        .ok_or(anyhow!("Token B mint not found"))?;

    // 3. Build instruction
    Ok(vec![open_tuna_spot_position_instruction(
        authority,
        pool_address,
        &mint_a_address,
        &mint_b_address,
        &mint_a_account.owner, // Token program
        &mint_b_account.owner,
        args,
    )])
}

Key SDK Features:

Pool Type Detection: Automatically handles Orca vs Fusion pools
Token Program Discovery: Supports both SPL Token and Token-2022
Account Pre-Validation: Checks accounts exist before building transaction
Error Handling: Detailed error messages for debugging

Solana RPC Interaction Patterns

1. Account Fetching with Commitment

use solana_client::rpc_client::RpcClient;
use solana_sdk::commitment_config::CommitmentConfig;

let rpc_client = RpcClient::new_with_commitment(
    "https://api.mainnet-beta.solana.com",
    CommitmentConfig::confirmed()
);

// Fetch account with specific commitment
let account = rpc_client.get_account_with_commitment(
    &position_address,
    CommitmentConfig::finalized()
)?;

if let Some(account) = account.value {
    println!("Account exists: {} bytes", account.data.len());
}

2. Transaction Simulation Before Sending

// Build transaction
let transaction = Transaction::new_signed_with_payer(
    &[instruction],
    Some(&payer.pubkey()),
    &[&payer],
    recent_blockhash,
);

// Simulate first
match rpc_client.simulate_transaction(&transaction) {
    Ok(result) => {
        if let Some(err) = result.value.err {
            println!("Simulation failed: {:?}", err);
            if let Some(logs) = result.value.logs {
                for log in logs {
                    println!("  {}", log);
                }
            }
            return Err(anyhow!("Simulation error"));
        }
        println!("✅ Simulation successful");
    }
    Err(e) => {
        println!("RPC error during simulation: {}", e);
        return Err(e.into());
    }
}

// Now send for real
let signature = rpc_client.send_and_confirm_transaction(&transaction)?;

3. Parsing Account Data

fn parse_position_limits(account_data: &[u8]) -> Result<(u128, u128)> {
    if account_data.len() < 216 {
        return Err(anyhow!("Account data too short"));
    }
    
    // Extract limit order sqrt prices
    let lower_bytes: [u8; 16] = account_data[184..200]
        .try_into()
        .unwrap();
    let upper_bytes: [u8; 16] = account_data[200..216]
        .try_into()
        .unwrap();
    
    let lower_sqrt_price = u128::from_le_bytes(lower_bytes);
    let upper_sqrt_price = u128::from_le_bytes(upper_bytes);
    
    Ok((lower_sqrt_price, upper_sqrt_price))
}

// Usage
let account = rpc_client.get_account(&position_pda)?;
let (lower, upper) = parse_position_limits(&account.data)?;

// Convert to human-readable prices
let lower_price = sqrt_price_to_price(lower, 9, 6);
let upper_price = sqrt_price_to_price(upper, 9, 6);

println!("Buy limit: ${:.2}", lower_price);
println!("Sell limit: ${:.2}", upper_price);

4. Watching for Transaction Confirmation

use solana_sdk::signature::Signature;
use std::time::Duration;

fn wait_for_confirmation(
    rpc_client: &RpcClient,
    signature: &Signature,
    max_retries: u32,
) -> Result<()> {
    for i in 0..max_retries {
        std::thread::sleep(Duration::from_secs(2));
        
        if let Ok(status) = rpc_client.get_signature_status(signature) {
            if let Some(result) = status {
                if let Err(e) = result {
                    return Err(anyhow!("Transaction failed: {:?}", e));
                }
                println!("✅ Transaction confirmed in slot");
                return Ok(());
            }
        }
        
        if i == max_retries - 1 {
            return Err(anyhow!("Transaction timeout"));
        }
    }
    
    Ok(())
}

Advanced: Modify Position with Collateral

The modify_tuna_spot_position_orca instruction adds collateral and activates trading:

// From IDL
pub struct ModifyTunaSpotPositionOrca {
    pub decrease_percent: u32,      // 0 for increase
    pub collateral_amount: u64,     // USDC to deposit
    pub borrow_amount: u64,         // SOL to borrow from vault
    pub required_swap_amount: u64,  // 0 for auto-calc
    pub remaining_accounts_info: RemainingAccountsInfo,
}

// Required accounts (24 total)
accounts: vec![
    AccountMeta::new(authority, true),
    AccountMeta::new_readonly(tuna_config, false),
    AccountMeta::new_readonly(mint_a, false),
    AccountMeta::new_readonly(mint_b, false),
    AccountMeta::new_readonly(token_program_a, false),
    AccountMeta::new_readonly(token_program_b, false),
    AccountMeta::new(market, false),
    AccountMeta::new(vault_a, false),
    AccountMeta::new(vault_b, false),
    AccountMeta::new(vault_a_ata, false),
    AccountMeta::new(vault_b_ata, false),
    AccountMeta::new(tuna_spot_position, false),
    AccountMeta::new(tuna_position_ata_a, false),
    AccountMeta::new(tuna_position_ata_b, false),
    AccountMeta::new(authority_ata_a, false),
    AccountMeta::new(authority_ata_b, false),
    AccountMeta::new(fee_recipient_ata_a, false),
    AccountMeta::new(fee_recipient_ata_b, false),
    AccountMeta::new_readonly(pyth_oracle_price_feed_a, false),
    AccountMeta::new_readonly(pyth_oracle_price_feed_b, false),
    AccountMeta::new_readonly(whirlpool_program, false),
    AccountMeta::new(whirlpool, false),
    AccountMeta::new_readonly(memo_program, false),
    AccountMeta::new_readonly(system_program::ID, false),
]

Why so many accounts?

DeFiTuna needs to interact with lending vaults
Price oracles (Pyth) for health checks
Fee collection accounts
Orca Whirlpool state for actual swaps
Multiple token accounts for each token in the pair

Price Calculation Mathematics

Square Root Price Encoding

DeFiTuna stores prices as $\sqrt{P} \cdot 2^{64}$ (same as Uniswap V3):

\text{sqrt\_price} = \sqrt{P} \cdot 2^{64} \cdot 10^{(decimals_a - decimals_b)}

Example: SOL/USDC at $130

SOL decimals: 9
USDC decimals: 6
Adjustment: $10^{(9-6)} = 1000$

\text{sqrt\_price} = \sqrt{130 \cdot 1000} \cdot 2^{64}

= \sqrt{130000} \cdot 18446744073709551616

= 360.555 \cdot 18446744073709551616

= 6651068162312125808640

Converting Back to Price

fn sqrt_price_to_price(sqrt_price: u128, decimals_a: u8, decimals_b: u8) -> f64 {
    let decimal_diff = decimals_a as i32 - decimals_b as i32;
    let price_raw = (sqrt_price as f64 / (1u128 << 64) as f64).powi(2);
    
    if decimal_diff >= 0 {
        price_raw / 10_f64.powi(decimal_diff)
    } else {
        price_raw * 10_f64.powi(-decimal_diff)
    }
}

// Verify on-chain data
let lower_sqrt_price = 6651068162312125808640u128;
let price = sqrt_price_to_price(lower_sqrt_price, 9, 6);
assert_eq!(price, 130.0);

Testing on Mainnet vs Devnet

Devnet Limitations

# DeFiTuna pools don't exist on devnet
$ solana account 9m96e4CieVMjTC7vP1a1pM3qfn5A5kHRPs3SrsVZBGqt --url devnet
Error: AccountNotFound

# Orca Whirlpools also limited on devnet

Recommendation: Test on mainnet with minimal amounts (0.01-0.1 SOL).

Mainnet Testing Strategy

Fund wallet: 0.1 SOL (~$13.65 at current prices)
Gas budget: ~0.000005 SOL per transaction
Rent: ~0.00329904 SOL (recoverable on close)
Test sequence:
- Open position: ~$0.0007 gas
- Set limits: ~$0.0007 gas
- Close position: ~$0.0007 gas + recover rent

Total cost: ~$0.002 for full testing cycle

Production Considerations

1. Error Handling

#[derive(Debug)]
pub enum DefiTunaError {
    #[error("Position does not exist")]
    PositionNotFound,
    
    #[error("Invalid tick range")]
    InvalidTickRange,
    
    #[error("Insufficient collateral")]
    InsufficientCollateral,
    
    #[error("RPC error: {0}")]
    RpcError(#[from] solana_client::client_error::ClientError),
}

// Usage
match rpc_client.get_account(&position_pda) {
    Ok(_) => { /* process */ },
    Err(_) => return Err(DefiTunaError::PositionNotFound),
}

2. Rate Limiting

use std::time::{Duration, Instant};

struct RateLimiter {
    last_request: Instant,
    min_interval: Duration,
}

impl RateLimiter {
    pub fn new(requests_per_second: u32) -> Self {
        Self {
            last_request: Instant::now(),
            min_interval: Duration::from_millis(1000 / requests_per_second as u64),
        }
    }
    
    pub fn wait(&mut self) {
        let elapsed = self.last_request.elapsed();
        if elapsed < self.min_interval {
            std::thread::sleep(self.min_interval - elapsed);
        }
        self.last_request = Instant::now();
    }
}

// Usage with public RPC (limit to 10 req/s)
let mut limiter = RateLimiter::new(10);

for position in positions {
    limiter.wait();
    let account = rpc_client.get_account(&position)?;
    // process...
}

3. Transaction Retry Logic

const MAX_RETRIES: u32 = 3;

fn send_with_retry(
    rpc_client: &RpcClient,
    transaction: &Transaction,
) -> Result<Signature> {
    let mut last_error = None;
    
    for attempt in 1..=MAX_RETRIES {
        match rpc_client.send_and_confirm_transaction(transaction) {
            Ok(signature) => return Ok(signature),
            Err(e) => {
                println!("Attempt {}/{} failed: {}", attempt, MAX_RETRIES, e);
                last_error = Some(e);
                
                if attempt < MAX_RETRIES {
                    std::thread::sleep(Duration::from_secs(2_u64.pow(attempt)));
                }
            }
        }
    }
    
    Err(last_error.unwrap().into())
}

Complete Working Example

Here's a full program that opens a position, sets limits, and closes:

use anyhow::Result;
use solana_client::rpc_client::RpcClient;
use solana_sdk::{
    instruction::{AccountMeta, Instruction},
    pubkey::Pubkey,
    signature::{Keypair, Signer},
    transaction::Transaction,
};
use std::str::FromStr;

const DEFITUNA_PROGRAM: &str = "tuna4uSQZncNeeiAMKbstuxA9CUkHH6HmC64wgmnogD";
const WHIRLPOOL: &str = "Czfq3xZZDmsdGdUyrNLtRhGc47cXcZtLG4crryfu44zE";
const SOL_MINT: &str = "So11111111111111111111111111111111111111112";
const USDC_MINT: &str = "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v";

fn main() -> Result<()> {
    // Initialize
    let rpc_url = "https://api.mainnet-beta.solana.com";
    let rpc_client = RpcClient::new(rpc_url);
    
    let executor_keypair = read_keypair_from_env()?;
    let program_id = Pubkey::from_str(DEFITUNA_PROGRAM)?;
    let whirlpool = Pubkey::from_str(WHIRLPOOL)?;
    
    // Derive position PDA
    let (position_pda, _) = Pubkey::find_program_address(
        &[
            b"tuna_spot_position",
            executor_keypair.pubkey().as_ref(),
            whirlpool.as_ref(),
        ],
        &program_id,
    );
    
    println!("Position PDA: {}", position_pda);
    
    // Step 1: Open position
    let open_ix = build_open_position_instruction(
        &program_id,
        &executor_keypair.pubkey(),
        &whirlpool,
        &position_pda,
    )?;
    
    let sig1 = send_instruction(&rpc_client, &executor_keypair, open_ix)?;
    println!("✅ Position opened: {}", sig1);
    
    // Step 2: Set limit orders
    let limits_ix = build_set_limits_instruction(
        &program_id,
        &executor_keypair.pubkey(),
        &position_pda,
        130.0, // buy at $130
        145.0, // sell at $145
    )?;
    
    let sig2 = send_instruction(&rpc_client, &executor_keypair, limits_ix)?;
    println!("✅ Limits set: {}", sig2);
    
    // Step 3: Verify on-chain
    std::thread::sleep(std::time::Duration::from_secs(5));
    let account = rpc_client.get_account(&position_pda)?;
    let (lower, upper) = parse_limits(&account.data)?;
    println!("📊 On-chain limits: ${:.2} / ${:.2}", lower, upper);
    
    // Step 4: Close position
    let close_ix = build_close_position_instruction(
        &program_id,
        &executor_keypair.pubkey(),
        &position_pda,
    )?;
    
    let sig3 = send_instruction(&rpc_client, &executor_keypair, close_ix)?;
    println!("✅ Position closed: {}", sig3);
    
    Ok(())
}

fn send_instruction(
    rpc_client: &RpcClient,
    payer: &Keypair,
    instruction: Instruction,
) -> Result<String> {
    let recent_blockhash = rpc_client.get_latest_blockhash()?;
    let transaction = Transaction::new_signed_with_payer(
        &[instruction],
        Some(&payer.pubkey()),
        &[payer],
        recent_blockhash,
    );
    
    let signature = rpc_client.send_and_confirm_transaction(&transaction)?;
    Ok(signature.to_string())
}

// Helper functions omitted for brevity
// See full implementation in GitHub repository

Deployment Checklist

Before deploying to production:

Conclusion

Building on DeFiTuna requires understanding:

PDA Derivation: Positions are deterministic based on authority + pool
Instruction Encoding: Discriminators + args in little-endian format
RPC Patterns: Simulation, confirmation, retry logic
On-Chain Data: Reading and parsing account bytes
SDK Integration: When to use SDK vs raw transactions

The mainnet transactions in this guide prove that limit orders are truly stored on-chain and executable without active monitoring. Once set, the DeFiTuna protocol monitors prices and executes trades automatically.

Key Insight: DeFiTuna is a protocol abstraction layer, not a standalone AMM. It wraps existing liquidity sources (Orca, Fusion) with advanced order types, making it a powerful tool for automated trading strategies on Solana.

Resources

DeFiTuna SDK: https://github.com/DefiTuna/tuna-sdk
Orca Whirlpools: https://docs.orca.so/
Solana RPC Docs: https://solana.com/docs/rpc

Deploying Real-Time Solana Data Streams on Cloudflare Containers with LaserStream

January 9, 2026 · 12 min read

Vadim Nicolai

Senior Software Engineer

LaserStream deployed on Cloudflare Containers

TL;DR: Deploy a production-ready real-time Solana slot streaming service using Helius LaserStream SDK on Cloudflare Containers.

Ultra-low latency: Real-time slot updates via gRPC
Global edge deployment: Cloudflare's global network
Auto-scaling: Container lifecycle managed by Durable Objects
Production-ready: Health checks, error handling, and observability

Why LaserStream on Cloudflare?

Helius LaserStream provides ultra-low latency access to Solana data via gRPC streaming. Traditional WebSocket polling introduces delays; LaserStream eliminates this with direct gRPC connections to Helius nodes.

Why Cloudflare Containers?

Traditional deployments require server provisioning, load balancing, and scaling. Cloudflare Containers solve this:

Feature	Traditional VPS	Cloudflare Containers
Global deployment	Manual multi-region setup	Automatic edge deployment
Scaling	Manual or autoscaling groups	Auto-scaling via Durable Objects
Cold start	Always running (cost)	Sleep after inactivity
gRPC support	Yes	Yes (in Containers, not Workers)
SSL/TLS	Manual cert management	Automatic
DDoS protection	Additional service	Built-in

Architecture overview

Key components:

Cloudflare Worker (TypeScript/Hono): HTTP API layer, routing, health checks
Durable Object: Singleton manager for container lifecycle
Rust Container (Axum): gRPC client for LaserStream, HTTP server for API
Helius LaserStream: Real-time Solana data via gRPC

Project structure

laserstream-container/
├── src/
│   └── index.ts              # Worker (Hono API + Durable Object routing)
├── container_src/
│   ├── Cargo.toml            # Rust dependencies
│   └── src/
│       ├── main.rs           # Axum HTTP server
│       └── stream.rs         # LaserStream gRPC client
├── Dockerfile                # Multi-stage Rust build
├── wrangler.jsonc            # Cloudflare configuration
├── package.json              # Build and deployment scripts
└── tsconfig.json             # TypeScript configuration

Prerequisites

Before deploying, ensure you have:

Cloudflare account with Workers enabled
Helius API key (get one here - free tier available)
Docker Desktop (for building container images)
Node.js 20+ and pnpm
Wrangler CLI (npm install -g wrangler)

Authenticate with Cloudflare

wrangler login

This opens a browser to authorize Wrangler with your Cloudflare account.

Step 1: Worker implementation

The Worker provides the HTTP API layer and routes requests to the container.

Install dependencies

pnpm install @cloudflare/containers hono
pnpm install -D typescript wrangler

Worker code (`src/index.ts`)

import { Container } from "@cloudflare/containers";
import { Hono } from "hono";

// Define the container class
export class LaserStreamContainer extends Container<Env> {
  defaultPort = 8080;
  sleepAfter = "2m"; // Sleep after 2 minutes of inactivity
  
  envVars = {
    HELIUS_API_KEY: "", // Set via wrangler secret
    LASERSTREAM_ENDPOINT: "https://laserstream-devnet-ewr.helius-rpc.com",
    RUST_LOG: "info",
  };

  override onStart() {
    console.log("LaserStream container started");
  }

  override onStop() {
    console.log("LaserStream container stopped");
  }

  override onError(error: unknown) {
    console.error("LaserStream container error:", error);
  }
}

// Create Hono app
const app = new Hono<{ Bindings: Env }>();

// Service information endpoint
app.get("/", (c) => {
  return c.text(
    "LaserStream on Cloudflare Containers\n\n" +
      "Endpoints:\n" +
      "GET  /health - Health check\n" +
      "POST /start - Start LaserStream subscription\n" +
      "GET  /latest - Get latest slot update\n"
  );
});

// Worker health check
app.get("/health", (c) => {
  return c.json({ 
    status: "ok", 
    timestamp: new Date().toISOString() 
  });
});

// Proxy all other requests to the singleton container
app.all("*", async (c) => {
  try {
    // Get singleton container by name
    const containerId = c.env.LASERSTREAM_CONTAINER.idFromName("laserstream-main");
    const container = c.env.LASERSTREAM_CONTAINER.get(containerId);
    
    // Forward request to container
    return await container.fetch(c.req.raw);
  } catch (error) {
    console.error("Container error:", error);
    return c.json(
      { error: "Container unavailable", details: String(error) },
      500
    );
  }
});

export default app;

Key concepts

Durable Object singleton: idFromName("laserstream-main") ensures only one container instance handles all requests
Sleep after inactivity: Container sleeps after 2 minutes, saving costs
Error handling: Graceful fallback if container is unavailable
Environment variables: Container receives config via envVars

Step 2: Rust container implementation

The Rust container runs the LaserStream gRPC client and exposes an HTTP API.

Container dependencies (`container_src/Cargo.toml`)

[package]
name = "laserstream_container"
version = "0.1.0"
edition = "2021"

[dependencies]
anyhow = "1.0"
axum = "0.7"
chrono = { version = "0.4", features = ["serde"] }
futures-util = "0.3"
helius-laserstream = "0.1.5"
serde = { version = "1.0", features = ["derive"] }
tokio = { version = "1.49", features = ["full"] }
tracing = "0.1"
tracing-subscriber = { version = "0.3", features = ["env-filter"] }

HTTP server (`container_src/src/main.rs`)

use std::{
    net::SocketAddr,
    sync::{
        atomic::{AtomicBool, Ordering},
        Arc,
    },
};

use axum::{
    extract::State,
    http::StatusCode,
    response::IntoResponse,
    routing::{get, post},
    Json, Router,
};
use serde::Serialize;
use tokio::sync::RwLock;
use tracing::{error, info};
use tracing_subscriber::EnvFilter;

mod stream;

#[derive(Clone)]
struct AppState {
    started: Arc<AtomicBool>,
    latest: Arc<RwLock<Option<LatestSlot>>>,
}

#[derive(Debug, Clone, Serialize)]
struct LatestSlot {
    slot: u64,
    parent: Option<u64>,
    status: String,
    created_at_rfc3339: Option<String>,
}

#[tokio::main]
async fn main() -> anyhow::Result<()> {
    // Initialize logging
    tracing_subscriber::fmt()
        .with_env_filter(EnvFilter::from_default_env())
        .init();

    let port: u16 = std::env::var("PORT")
        .unwrap_or_else(|_| "8080".to_string())
        .parse()?;

    let state = AppState {
        started: Arc::new(AtomicBool::new(false)),
        latest: Arc::new(RwLock::new(None)),
    };

    // Start stream on boot
    ensure_stream_started(state.clone()).await;

    // Define routes
    let app = Router::new()
        .route("/health", get(health))
        .route("/start", post(start))
        .route("/latest", get(latest))
        .with_state(state);

    let addr = SocketAddr::from(([0, 0, 0, 0], port));
    info!("listening on {}", addr);

    let listener = tokio::net::TcpListener::bind(addr).await?;
    axum::serve(listener, app).await?;

    Ok(())
}

async fn health() -> impl IntoResponse {
    (StatusCode::OK, "ok\n")
}

async fn start(State(state): State<AppState>) -> impl IntoResponse {
    ensure_stream_started(state).await;
    (StatusCode::OK, "started\n")
}

async fn latest(State(state): State<AppState>) -> impl IntoResponse {
    let guard = state.latest.read().await;
    match guard.as_ref() {
        Some(slot) => (StatusCode::OK, Json(slot.clone())),
        None => (
            StatusCode::NOT_FOUND,
            Json(LatestSlot {
                slot: 0,
                parent: None,
                status: "no data".to_string(),
                created_at_rfc3339: None,
            }),
        ),
    }
}

async fn ensure_stream_started(state: AppState) {
    if !state.started.swap(true, Ordering::SeqCst) {
        tokio::spawn(async move {
            if let Err(e) = stream::run_slot_stream(state.clone()).await {
                error!("Stream error: {}", e);
                state.started.store(false, Ordering::SeqCst);
            }
        });
    }
}

LaserStream client (`container_src/src/stream.rs`)

use anyhow::{anyhow, Context};
use chrono::{DateTime, Utc};
use futures_util::StreamExt;
use tokio::pin;
use tracing::{info, warn};

use crate::{AppState, LatestSlot};
use helius_laserstream::{
    config::LaserstreamConfig,
    grpc::{subscribe_update::UpdateOneof, SubscribeRequest},
    client::subscribe,
};

pub async fn run_slot_stream(state: AppState) -> anyhow::Result<()> {
    let endpoint = std::env::var("LASERSTREAM_ENDPOINT")
        .context("LASERSTREAM_ENDPOINT is required")?;
    let api_key = std::env::var("HELIUS_API_KEY")
        .context("HELIUS_API_KEY is required")?;

    info!("connecting to LaserStream at {}", endpoint);

    let config = LaserstreamConfig {
        endpoint,
        x_token: Some(api_key),
    };

    let request = SubscribeRequest {
        slots: HashMap::new(),
        accounts: HashMap::new(),
        transactions: HashMap::new(),
        blocks: HashMap::new(),
        blocks_meta: HashMap::new(),
        entry: HashMap::new(),
        commitment: None,
        accounts_data_slice: vec![],
        ping: None,
    };

    let mut stream = subscribe(config, request).await?;
    pin!(stream);

    info!("LaserStream connected, waiting for updates...");

    while let Some(msg) = stream.next().await {
        match msg {
            Ok(update) => {
                if let Some(UpdateOneof::Slot(slot_update)) = update.update_oneof {
                    let created_at = slot_update
                        .created_at
                        .and_then(|ts| {
                            DateTime::from_timestamp(ts.seconds, ts.nanos as u32)
                        })
                        .map(|dt: DateTime<Utc>| dt.to_rfc3339());

                    let latest = LatestSlot {
                        slot: slot_update.slot,
                        parent: Some(slot_update.parent),
                        status: format!("{:?}", slot_update.status),
                        created_at_rfc3339: created_at,
                    };

                    *state.latest.write().await = Some(latest.clone());
                    info!("slot update: {:?}", latest);
                }
            }
            Err(e) => {
                warn!("stream error: {}", e);
                return Err(anyhow!("stream error: {}", e));
            }
        }
    }

    Ok(())
}

Step 3: Dockerfile

Build the Rust container with a multi-stage Dockerfile for minimal image size.

# syntax=docker/dockerfile:1

FROM rust:1.83-slim AS build

WORKDIR /app

# Install build dependencies
RUN apt-get update && apt-get install -y \
    pkg-config \
    libssl-dev \
    protobuf-compiler \
    build-essential \
    g++ \
    && rm -rf /var/lib/apt/lists/*

# Copy Rust source
COPY container_src/Cargo.toml ./
COPY container_src/src ./src

# Build release binary
RUN cargo build --release

# Runtime image
FROM debian:bookworm-slim
RUN apt-get update && \
    apt-get install -y ca-certificates libssl3 && \
    rm -rf /var/lib/apt/lists/*

COPY --from=build /app/target/release/laserstream_container /laserstream_container
EXPOSE 8080

CMD ["/laserstream_container"]

Build optimizations

Multi-stage build: Build stage uses full Rust toolchain, runtime uses minimal Debian
Dependency caching: Cargo dependencies cached in Docker layers
Release build: Optimized binary with --release
Minimal runtime: Only ca-certificates and libssl3 in final image

Step 4: Wrangler configuration

Configure the Worker and Container deployment.

`wrangler.jsonc`

{
  "$schema": "node_modules/wrangler/config-schema.json",
  "name": "laserstream-container",
  "main": "src/index.ts",
  "compatibility_date": "2025-01-08",
  "compatibility_flags": ["nodejs_compat"],
  
  "observability": {
    "enabled": true
  },
  
  "containers": [
    {
      "class_name": "LaserStreamContainer",
      "image": "registry.cloudflare.com/<ACCOUNT_ID>/laserstream-container-rust:v1.0.0",
      "max_instances": 10
    }
  ],
  
  "durable_objects": {
    "bindings": [
      {
        "class_name": "LaserStreamContainer",
        "name": "LASERSTREAM_CONTAINER"
      }
    ]
  },
  
  "migrations": [
    {
      "new_sqlite_classes": ["LaserStreamContainer"],
      "tag": "v1"
    }
  ],
  
  "vars": {
    "LASERSTREAM_ENDPOINT": "https://laserstream-devnet-ewr.helius-rpc.com"
  }
}

Replace <ACCOUNT_ID> with your Cloudflare account ID (find it in the Cloudflare dashboard).

Configuration explained

compatibility_date: API version for Workers runtime
containers: Container image registry path and scaling settings
durable_objects: Singleton container manager binding
migrations: Database schema for Durable Objects
vars: Environment variables (non-sensitive)

Step 5: Build and deploy

Build scripts (`package.json`)

{
  "name": "laserstream-container",
  "version": "1.0.0",
  "scripts": {
    "build": "tsc && cargo build --release --manifest-path=container_src/Cargo.toml",
    "build:container": "wrangler containers build . --tag laserstream-container-rust:latest",
    "push:container": "wrangler containers push laserstream-container-rust:latest",
    "deploy": "wrangler deploy",
    "dev": "wrangler dev",
    "tail": "wrangler tail",
    "secret:set": "wrangler secret put"
  },
  "dependencies": {
    "@cloudflare/containers": "^0.0.21",
    "hono": "4.11.1"
  },
  "devDependencies": {
    "@types/node": "^25.0.3",
    "typescript": "5.9.3",
    "wrangler": "4.58.0"
  }
}

Build the container image

# Build Rust container locally
pnpm run build:container

# Tag with version
docker tag laserstream-container-rust:latest laserstream-container-rust:v1.0.0

# Push to Cloudflare registry
pnpm run push:container

Expected output:

Building container image...
Successfully tagged laserstream-container-rust:latest
Pushing to registry.cloudflare.com/...
Image pushed successfully
Digest: sha256:59c03a69b057...

Set secrets

Before deploying, set the Helius API key:

echo "YOUR_HELIUS_API_KEY" | pnpm run secret:set HELIUS_API_KEY

Alternatively, use interactive mode:

pnpm run secret:set HELIUS_API_KEY
# Paste your API key when prompted

Deploy to Cloudflare

pnpm run deploy

Expected output:

Uploading Worker...
Published laserstream-container (0.42 sec)
  https://laserstream-container.<your-subdomain>.workers.dev

Step 6: Testing the deployment

Health check

curl https://laserstream-container.<your-subdomain>.workers.dev/health

Expected response:

{
  "status": "ok",
  "timestamp": "2025-01-09T12:34:56.789Z"
}

Start LaserStream

curl -X POST https://laserstream-container.<your-subdomain>.workers.dev/start

Expected response:

started

Get latest slot update

curl https://laserstream-container.<your-subdomain>.workers.dev/latest

Expected response:

{
  "slot": 285432167,
  "parent": 285432166,
  "status": "Confirmed",
  "created_at_rfc3339": "2025-01-09T12:35:01.234Z"
}

Monitoring and debugging

View live logs

pnpm run tail

Expected output:

2025-01-09T12:34:56.789Z INFO laserstream_container: listening on 0.0.0.0:8080
2025-01-09T12:35:01.234Z INFO laserstream_container: connecting to LaserStream at https://laserstream-devnet-ewr.helius-rpc.com
2025-01-09T12:35:02.456Z INFO laserstream_container: LaserStream connected, waiting for updates...
2025-01-09T12:35:03.678Z INFO laserstream_container: slot update: LatestSlot { slot: 285432167, ... }

Common issues

"Missing or invalid API key"

Cause: HELIUS_API_KEY secret not set or incorrect.

Fix:

# Verify secret is set
wrangler secret list

# Re-set if missing
echo "YOUR_KEY" | pnpm run secret:set HELIUS_API_KEY

# Redeploy
pnpm run deploy

Container not starting

Cause: Docker image not pushed or incorrect registry path.

Fix:

# Verify image exists
docker images | grep laserstream

# Rebuild and push
pnpm run build:container
pnpm run push:container
pnpm run deploy

"Container unavailable" errors

Cause: Container sleeping or crashed.

Fix:

# Check logs
pnpm run tail

# Restart container
curl -X POST https://<your-url>/start

Production considerations

Scaling and costs

Cold starts: First request after sleep takes ~2-5 seconds to spin up container
Warm instances: Subsequent requests are instant while container is active
Sleep after: Configure sleepAfter based on request frequency
Max instances: Set max_instances based on expected load

Cost optimization

export class LaserStreamContainer extends Container<Env> {
  sleepAfter = "5m"; // Sleep after 5 minutes for dev
  // sleepAfter = "30m"; // Sleep after 30 minutes for production
}

Error handling

Add retry logic and circuit breakers:

// In stream.rs
pub async fn run_slot_stream(state: AppState) -> anyhow::Result<()> {
    let mut retry_count = 0;
    const MAX_RETRIES: u32 = 5;
    
    loop {
        match try_connect(&state).await {
            Ok(_) => {
                retry_count = 0; // Reset on success
            }
            Err(e) => {
                retry_count += 1;
                if retry_count >= MAX_RETRIES {
                    return Err(anyhow!("Max retries exceeded: {}", e));
                }
                let backoff = std::time::Duration::from_secs(2_u64.pow(retry_count));
                warn!("Retry {} after {:?}: {}", retry_count, backoff, e);
                tokio::time::sleep(backoff).await;
            }
        }
    }
}

Multi-region deployment

For global low-latency access, use Cloudflare's automatic edge deployment:

{
  "placement": { "mode": "smart" }
}

This automatically routes requests to the nearest Cloudflare edge location.

Security

API key rotation: Regularly rotate HELIUS_API_KEY
Rate limiting: Add rate limiting in Worker
Authentication: Add bearer tokens for production

// In Worker
app.use("*", async (c, next) => {
  const token = c.req.header("Authorization");
  if (!token || token !== `Bearer ${c.env.API_SECRET}`) {
    return c.json({ error: "Unauthorized" }, 401);
  }
  await next();
});

Integration examples

Polling from a trading bot

// jupiter-laserstream-bot/src/poller.ts
import { setInterval } from "timers/promises";

const CONTAINER_URL = "https://laserstream-container.<subdomain>.workers.dev";

async function pollLatestSlot() {
  const response = await fetch(`${CONTAINER_URL}/latest`);
  const data = await response.json();
  
  console.log(`Latest slot: ${data.slot}`);
  
  // Trigger trading logic
  await handleSlotUpdate(data);
}

// Poll every 2 seconds
for await (const _ of setInterval(2000)) {
  await pollLatestSlot();
}

WebSocket broadcasting

Convert HTTP polling to WebSocket for browser clients:

// websocket-bridge.ts
import { WebSocketServer } from "ws";

const wss = new WebSocketServer({ port: 8080 });
const CONTAINER_URL = "https://laserstream-container.<subdomain>.workers.dev";

wss.on("connection", (ws) => {
  const interval = setInterval(async () => {
    const response = await fetch(`${CONTAINER_URL}/latest`);
    const data = await response.json();
    ws.send(JSON.stringify(data));
  }, 1000);
  
  ws.on("close", () => clearInterval(interval));
});

Comparison with alternatives

Approach	Latency	Cost	Complexity	Scalability
WebSocket polling	~500ms	Low	Low	Manual
Traditional VPS	~100ms	Medium	High	Manual
LaserStream + Cloudflare	~50ms	Low (pay-per-use)	Medium	Automatic
Direct gRPC	~30ms	Medium	High	Manual

When to use this approach

✅ Use Cloudflare Containers when:

You need global low-latency access
You want automatic scaling
You prefer pay-per-use pricing
You need DDoS protection

❌ Use traditional VPS when:

You need full control over infrastructure
You have consistent high traffic (24/7)
You need specialized networking configurations

Conclusion

Deploying LaserStream on Cloudflare Containers provides a production-ready solution for real-time Solana data streaming with:

Global edge deployment: Automatic routing to nearest edge location
Auto-scaling: Container lifecycle managed by Durable Objects
Cost efficiency: Pay only for active container time
Developer experience: Simple deployment with Wrangler CLI

The combination of Helius LaserStream's ultra-low latency gRPC streaming and Cloudflare's global network creates a powerful platform for building real-time Solana applications.

Next steps

Add caching: Cache slot updates in Durable Object storage
Add metrics: Integrate with Cloudflare Analytics
Add filtering: Filter specific accounts or programs
Add historical replay: Use LaserStream's historical slot replay (up to 3000 slots)

Resources

DefiTuna AMM Smart Contract — Anchor Implementation Guide

December 26, 2025 · 11 min read

Vadim Nicolai

Senior Software Engineer

TL;DR

DefiTuna AMM combines concentrated liquidity, on-chain limit orders, and leveraged liquidity provision in a unique AMM design. This article focuses on the Anchor smart contract that implements this protocol, specifically examining:

Program Architecture: A hybrid AMM with integrated limit order book, implemented as a multi-instruction Anchor program
Key Instructions: initialize_pool, create_position, place_limit_order, swap, leverage_position
Account Structure: Complex PDA hierarchies for pools, positions, orders, and leveraged positions with proper rent management
Mathematical Core: Concentrated liquidity calculations with leverage multipliers
Security Patterns: Comprehensive validation, owner controls, and reentrancy protection through Solana's native constraints

Introduction

DefiTuna AMM represents an innovative approach to decentralized exchanges by integrating traditional AMM mechanics with orderbook-style limit orders and leverage capabilities. This Anchor smart contract implements the core on-chain logic that makes this possible, providing developers with a practical example of advanced Solana DeFi programming patterns.

The program follows a modular architecture with separate handlers for pool management, position creation, order placement, and swap execution. All state is managed through PDAs to ensure secure ownership and access control.

Architecture Diagrams

Account Relationships

Instruction Flow for Limit Order Execution

Account Structure

Account	Type	PDA Seeds	Purpose
`Pool`	State	`["pool", base_mint, quote_mint]`	Stores pool configuration and global state
`Position`	State	`["position", pool, owner, position_id]`	Tracks user's concentrated liquidity position
`LimitOrder`	State	`["order", pool, owner, order_id]`	Stores limit order parameters and status
`LeveragedPosition`	State	`["leverage", pool, owner, leverage_id]`	Manages leveraged liquidity positions
`ProtocolConfig`	State	`["config"]`	Global protocol parameters and fee accounts
`Tick`	State	`["tick", pool, tick_index]`	Stores liquidity data for specific price ticks

PDA Derivation Example

#[account]
#[derive(InitSpace)]
pub struct Pool {
    pub base_mint: Pubkey,
    pub quote_mint: Pubkey,
    pub fee_rate: u16, // basis points
    pub protocol_fee_rate: u16,
    pub tick_spacing: i32,
    pub current_tick_index: i32,
    pub liquidity: u128,
    pub sqrt_price: u128,
    pub fee_growth_global_0: u128,
    pub fee_growth_global_1: u128,
    pub protocol_fees_0: u64,
    pub protocol_fees_1: u64,
    pub bump: u8,
}

// PDA derivation for pool
let (pool_pda, pool_bump) = Pubkey::find_program_address(
    &[
        b"pool",
        base_mint.as_ref(),
        quote_mint.as_ref(),
    ],
    program_id
);

## Instruction Handlers Deep Dive

### 1. `initialize_pool` - Pool Creation

This instruction creates a new liquidity pool with specified parameters:

```rust
#[derive(Accounts)]
pub struct InitializePool<'info> {
    #[account(mut)]
    pub payer: Signer<'info>,
    
    #[account(
        init,
        payer = payer,
        space = 8 + Pool::INIT_SPACE,
        seeds = [
            b"pool",
            base_mint.key().as_ref(),
            quote_mint.key().as_ref()
        ],
        bump
    )]
    pub pool: Account<'info, Pool>,
    
    pub base_mint: Account<'info, Mint>,
    pub quote_mint: Account<'info, Mint>,
    
    pub system_program: Program<'info, System>,
}

pub fn initialize_pool(
    ctx: Context<InitializePool>,
    fee_rate: u16,
    tick_spacing: i32,
    initial_sqrt_price: u128,
) -> Result<()> {
    let pool = &mut ctx.accounts.pool;
    
    // Validate parameters
    require!(fee_rate <= MAX_FEE_RATE, ErrorCode::InvalidFeeRate);
    require!(tick_spacing > 0, ErrorCode::InvalidTickSpacing);
    
    // Initialize pool state
    pool.base_mint = ctx.accounts.base_mint.key();
    pool.quote_mint = ctx.accounts.quote_mint.key();
    pool.fee_rate = fee_rate;
    pool.tick_spacing = tick_spacing;
    pool.sqrt_price = initial_sqrt_price;
    pool.current_tick_index = calculate_tick_from_sqrt_price(initial_sqrt_price);
    pool.bump = ctx.bumps.pool;
    
    Ok(())
}

### 2. `create_position` - Concentrated Liquidity Position

Creates a position with liquidity concentrated between specified ticks:

```rust
#[derive(Accounts)]
#[instruction(position_id: u64)]
pub struct CreatePosition<'info> {
    #[account(mut)]
    pub owner: Signer<'info>,
    
    #[account(
        seeds = [
            b"pool",
            pool.base_mint.as_ref(),
            pool.quote_mint.as_ref()
        ],
        bump = pool.bump
    )]
    pub pool: Account<'info, Pool>,
    
    #[account(
        init,
        payer = owner,
        space = 8 + Position::INIT_SPACE,
        seeds = [
            b"position",
            pool.key().as_ref(),
            owner.key().as_ref(),
            &position_id.to_le_bytes()
        ],
        bump
    )]
    pub position: Account<'info, Position>,
    
    #[account(mut)]
    pub token_account_a: Account<'info, TokenAccount>,
    #[account(mut)]
    pub token_account_b: Account<'info, TokenAccount>,
    
    pub token_program: Program<'info, Token>,
    pub system_program: Program<'info, System>,
}

#[account]
#[derive(InitSpace)]
pub struct Position {
    pub pool: Pubkey,
    pub owner: Pubkey,
    pub liquidity: u128,
    pub tick_lower: i32,
    pub tick_upper: i32,
    pub fee_growth_inside_0_last: u128,
    pub fee_growth_inside_1_last: u128,
    pub tokens_owed_0: u64,
    pub tokens_owed_1: u64,
    pub bump: u8,
}

pub fn create_position(
    ctx: Context<CreatePosition>,
    position_id: u64,
    tick_lower: i32,
    tick_upper: i32,
    liquidity_delta: u128,
) -> Result<()> {
    let pool = &mut ctx.accounts.pool;
    let position = &mut ctx.accounts.position;
    
    // Validate tick bounds
    require!(tick_lower < tick_upper, ErrorCode::InvalidTickRange);
    require!(tick_lower % pool.tick_spacing == 0, ErrorCode::TickNotSpaced);
    require!(tick_upper % pool.tick_spacing == 0, ErrorCode::TickNotSpaced);
    
    // Calculate required token amounts
    let (amount_a, amount_b) = calculate_liquidity_amounts(
        pool.sqrt_price,
        tick_lower,
        tick_upper,
        liquidity_delta
    );
    
    // Transfer tokens from user
    transfer_tokens_in(
        &ctx.accounts.token_account_a,
        &ctx.accounts.token_account_b,
        amount_a,
        amount_b,
        &ctx.accounts.token_program,
        &ctx.accounts.owner
    )?;
    
    // Update position state
    position.pool = ctx.accounts.pool.key();
    position.owner = ctx.accounts.owner.key();
    position.liquidity = liquidity_delta;
    position.tick_lower = tick_lower;
    position.tick_upper = tick_upper;
    position.bump = ctx.bumps.position;
    
    // Update pool liquidity
    update_ticks_liquidity(pool, tick_lower, tick_upper, liquidity_delta, true)?;
    
    Ok(())
}

### 3. `place_limit_order` - Orderbook Integration

Creates a limit order that sits on the order book until matched:

```rust
#[derive(Accounts)]
#[instruction(order_id: u64)]
pub struct PlaceLimitOrder<'info> {
    #[account(mut)]
    pub owner: Signer<'info>,
    
    #[account(
        seeds = [
            b"pool",
            pool.base_mint.as_ref(),
            pool.quote_mint.as_ref()
        ],
        bump = pool.bump
    )]
    pub pool: Account<'info, Pool>,
    
    #[account(
        init,
        payer = owner,
        space = 8 + LimitOrder::INIT_SPACE,
        seeds = [
            b"order",
            pool.key().as_ref(),
            owner.key().as_ref(),
            &order_id.to_le_bytes()
        ],
        bump
    )]
    pub order: Account<'info, LimitOrder>,
    
    #[account(
        mut,
        token::mint = pool.base_mint,
        token::authority = owner
    )]
    pub user_token_account: Account<'info, TokenAccount>,
    
    #[account(
        init,
        payer = owner,
        token::mint = pool.base_mint,
        token::authority = order,
        seeds = [
            b"order_vault",
            order.key().as_ref()
        ],
        bump
    )]
    pub order_vault: Account<'info, TokenAccount>,
    
    pub token_program: Program<'info, Token>,
    pub system_program: Program<'info, System>,
}

#[account]
#[derive(InitSpace)]
pub struct LimitOrder {
    pub pool: Pubkey,
    pub owner: Pubkey,
    pub order_id: u64,
    pub tick: i32,
    pub amount: u64,
    pub is_bid: bool,
    pub filled_amount: u64,
    pub status: OrderStatus,
    pub bump: u8,
}

pub fn place_limit_order(
    ctx: Context<PlaceLimitOrder>,
    order_id: u64,
    tick: i32,
    amount: u64,
    is_bid: bool,
) -> Result<()> {
    let order = &mut ctx.accounts.order;
    
    // Validate tick alignment
    let pool = &ctx.accounts.pool;
    require!(tick % pool.tick_spacing == 0, ErrorCode::TickNotSpaced);
    
    // Transfer tokens to order vault
    let transfer_ctx = CpiContext::new(
        ctx.accounts.token_program.to_account_info(),
        Transfer {
            from: ctx.accounts.user_token_account.to_account_info(),
            to: ctx.accounts.order_vault.to_account_info(),
            authority: ctx.accounts.owner.to_account_info(),
        }
    );
    
    transfer(transfer_ctx, amount)?;
    
    // Initialize order
    order.pool = ctx.accounts.pool.key();
    order.owner = ctx.accounts.owner.key();
    order.order_id = order_id;
    order.tick = tick;
    order.amount = amount;
    order.is_bid = is_bid;
    order.filled_amount = 0;
    order.status = OrderStatus::Open;
    order.bump = ctx.bumps.order;
    
    // Emit order placed event
    emit!(OrderPlaced {
        pool: ctx.accounts.pool.key(),
        owner: ctx.accounts.owner.key(),
        order_id,
        tick,
        amount,
        is_bid,
        timestamp: Clock::get()?.unix_timestamp,
    });
    
    Ok(())
}

### 4. `swap` - Execution with Order Matching

Executes a swap, potentially matching against limit orders:

```rust
pub fn swap(
    ctx: Context<Swap>,
    amount: u64,
    sqrt_price_limit: u128,
    is_exact_input: bool,
) -> Result<()> {
    let pool = &mut ctx.accounts.pool;
    
    // Calculate swap amounts
    let (amount_in, amount_out, sqrt_price_new, liquidity) =
        compute_swap_step(
            pool.sqrt_price,
            sqrt_price_limit,
            pool.liquidity,
            amount,
            pool.fee_rate,
            is_exact_input
        )?;
    
    // Check against limit orders in this tick range
    let matched_orders = find_matching_orders(
        pool,
        pool.current_tick_index,
        get_tick_from_sqrt_price(sqrt_price_new),
        !is_exact_input // opposite side of trade
    );
    
    let mut total_matched = 0;
    for order_info in matched_orders {
        let order_account = &ctx.remaining_accounts[order_info.index];
        let mut order = Account::<LimitOrder>::try_from(order_account)?;
        
        let match_amount = min(order.amount - order.filled_amount, amount_out - total_matched);
        
        // Execute against limit order
        execute_against_limit_order(
            &mut order,
            match_amount,
            &ctx.accounts.token_program,
            &ctx.accounts.user_token_account,
            &ctx.accounts.order_vaults[order_info.vault_index]
        )?;
        
        total_matched += match_amount;
        if total_matched >= amount_out {
            break;
        }
    }
    
    // Update pool state
    pool.sqrt_price = sqrt_price_new;
    pool.liquidity = liquidity;
    
    // Apply fees
    let protocol_fee = amount_in
        .checked_mul(pool.protocol_fee_rate as u64)
        .unwrap()
        .checked_div(10_000)
        .unwrap();
    
    if is_exact_input {
        pool.protocol_fees_0 = pool.protocol_fees_0
            .checked_add(protocol_fee)
            .unwrap();
    } else {
        pool.protocol_fees_1 = pool.protocol_fees_1
            .checked_add(protocol_fee)
            .unwrap();
    }
    
    Ok(())
}

### 5. `leverage_position` - Leveraged Liquidity

Enables leveraged liquidity provision with up to 5x multiplier:

```rust
pub fn leverage_position(
    ctx: Context<LeveragePosition>,
    leverage_id: u64,
    position_key: Pubkey,
    leverage_multiplier: u8,
    collateral_amount: u64,
) -> Result<()> {
    require!(leverage_multiplier >= 1, ErrorCode::InvalidLeverage);
    require!(leverage_multiplier <= MAX_LEVERAGE, ErrorCode::ExceedsMaxLeverage);
    
    let position = &ctx.accounts.position;
    let leveraged_position = &mut ctx.accounts.leveraged_position;
    
    // Calculate borrowed amounts
    let total_liquidity_value = calculate_position_value(position, ctx.accounts.pool.sqrt_price);
    let collateral_value = calculate_token_value(collateral_amount, ctx.accounts.pool.sqrt_price);
    
    let max_borrow_value = collateral_value
        .checked_mul(leverage_multiplier as u64)
        .unwrap()
        .checked_sub(collateral_value)
        .unwrap();
    
    // Create leveraged position
    leveraged_position.position = position_key;
    leveraged_position.owner = ctx.accounts.owner.key();
    leveraged_position.leverage_multiplier = leverage_multiplier;
    leveraged_position.collateral_amount = collateral_amount;
    leveraged_position.borrowed_amount_0 = calculate_borrow_amount_0(total_liquidity_value, max_borrow_value);
    leveraged_position.borrowed_amount_1 = calculate_borrow_amount_1(total_liquidity_value, max_borrow_value);
    leveraged_position.bump = ctx.bumps.leveraged_position;
    
    // Health check: ensure position remains safe
    let health_ratio = calculate_health_ratio(leveraged_position, ctx.accounts.pool.sqrt_price);
    require!(health_ratio > MIN_HEALTH_RATIO, ErrorCode::InsufficientCollateral);
    
    Ok(())
}

## Mathematical Formulas

### Concentrated Liquidity Calculations

The amount of token X and Y required for a liquidity position between ticks $t_L$ and $t_U$ is given by:

$$
\Delta x = \Delta L \cdot \left( \frac{1}{\sqrt{P}} - \frac{1}{\sqrt{P_U}} \right)
$$

$$
\Delta y = \Delta L \cdot \left( \sqrt{P} - \sqrt{P_L} \right)
$$

Where:
- $\Delta L$ is the liquidity delta
- $\sqrt{P}$ is the current square root price
- $\sqrt{P_L}, \sqrt{P_U}$ are square root prices at lower and upper ticks

### Swap Computation

For a swap with fee $f$ (in basis points):

Effective amount in after fees:

$$
\Delta x_{eff} = \Delta x \cdot \left(1 - \frac{f}{10^4}\right)
$$

Output amount:

$$
\Delta y = \frac{y \cdot \Delta x_{eff}}{x + \Delta x_{eff}}
$$

### Leverage Health Ratio

$$
\text{Health Ratio} = \frac{\text{Position Value}}{\text{Borrowed Value} \cdot \text{Liquidation Threshold}}
$$

Positions are liquidated when:

$$
\text{Health Ratio} < 1
$$

## Solana & Anchor Best Practices

### 1. Account Validation Patterns

Always validate accounts using Anchor's type system:

```rust
#[account(
    constraint = token_account.mint == pool.base_mint,
    constraint = token_account.owner == owner.key()
)]
pub token_account: Account<'info, TokenAccount>,

### 2. Compute Unit Optimization

Use iteration limits and batch processing for order matching:

```rust
const MAX_ORDERS_PER_SWAP: usize = 10;

for i in 0..min(remaining_orders.len(), MAX_ORDERS_PER_SWAP) {
    // Process order
    if compute_units_remaining() < SAFE_COMPUTE_LIMIT {
        break;
    }
}

### 3. Token-2022 Compatibility

Handle transfer fees by checking received amounts:

```rust
let balance_before = token_account.amount;
transfer(transfer_ctx, amount)?;
let balance_after = token_account.reload()?.amount;
let received_amount = balance_after.checked_sub(balance_before).unwrap();

### 4. Event Emission for Indexers

Emit structured events for easy off-chain processing:

```rust
#[event]
pub struct SwapEvent {
    pub pool: Pubkey,
    pub trader: Pubkey,
    pub amount_in: u64,
    pub amount_out: u64,
    pub sqrt_price_before: u128,
    pub sqrt_price_after: u128,
    pub liquidity: u128,
    pub timestamp: i64,
}

## Security Considerations

### 1. Access Control

All critical operations use PDA-based authority:

```rust
#[account(
    seeds = [b"config"],
    bump = config.bump,
    constraint = config.admin == admin.key()
)]
pub config: Account<'info, ProtocolConfig>,

### 2. Input Validation

Validate all user inputs with appropriate bounds:

```rust
require!(tick_lower < tick_upper, ErrorCode::InvalidTickRange);
require!(fee_rate <= MAX_FEE_RATE, ErrorCode::InvalidFeeRate);
require!(amount > 0, ErrorCode::ZeroAmount);

### 3. Arithmetic Safety

Use checked arithmetic to prevent overflows:

```rust
let total = amount_a
    .checked_add(amount_b)
    .ok_or(ErrorCode::ArithmeticOverflow)?;

### 4. Reentrancy Protection

Solana's transaction model prevents reentrancy, but validate cross-program interactions:

```rust
// Ensure token accounts belong to the expected mints
require!(
    token_account_a.mint == pool.base_mint &&
    token_account_b.mint == pool.quote_mint,
    ErrorCode::InvalidTokenAccount
);

### 5. Oracle Manipulation Protection

Use time-weighted prices for sensitive operations:

```rust
let price = calculate_time_weighted_price(
    pool.sqrt_price_history,
    Clock::get()?.unix_timestamp
);

## How to Use This Contract

### Building and Deploying

```bash
# Build the program
anchor build

# Deploy to devnet
anchor deploy --provider.cluster devnet

# Verify deployment
solana program show --programs

### Example TypeScript Client

```typescript
import * as anchor from "@coral-xyz/anchor";
import { Program } from "@coral-xyz/anchor";
import { DefiTunaAmm } from "../target/types/defi_tuna_amm";

async function createPosition() {
  const provider = anchor.AnchorProvider.env();
  anchor.setProvider(provider);
  
  const program = anchor.workspace.DefiTunaAmm as Program<DefiTunaAmm>;
  
  const [poolPda] = anchor.web3.PublicKey.findProgramAddressSync(
    [
      Buffer.from("pool"),
      baseMint.toBuffer(),
      quoteMint.toBuffer()
    ],
    program.programId
  );
  
  const positionId = new anchor.BN(Date.now());
  const [positionPda] = anchor.web3.PublicKey.findProgramAddressSync(
    [
      Buffer.from("position"),
      poolPda.toBuffer(),
      provider.wallet.publicKey.toBuffer(),
      positionId.toArrayLike(Buffer, "le", 8)
    ],
    program.programId
  );
  
  const tx = await program.methods
    .createPosition(
      positionId,
      -6000, // tick_lower
      6000,  // tick_upper
      new anchor.BN(1000000) // liquidity
    )
    .accounts({
      pool: poolPda,
      position: positionPda,
      owner: provider.wallet.publicKey,
      tokenAccountA: tokenAccountA,
      tokenAccountB: tokenAccountB,
    })
    .rpc();
    
  console.log("Transaction signature:", tx);
}

### Required Pre-Instructions

For complex operations like leveraged positions, you may need to:

1. Create associated token accounts
2. Approve token transfers
3. Initialize required PDAs
4. Fund accounts with minimum rent

## Extending the Contract

### Adding New Instructions

1. Define new account structs in `#[derive(Accounts)]`
2. Implement handler function with proper validation
3. Add to the `lib.rs` module exports
4. Update IDL generation

### Customization Points

- **Fee Models**: Modify `compute_swap_step` for dynamic fees
- **Order Types**: Extend `LimitOrder` for different order types (FOK, IOC)
- **Leverage Models**: Add new collateral types or liquidation mechanisms
- **Oracle Integration**: Incorporate Pyth or Switchboard for price feeds

### Testing Strategies

```rust
#[tokio::test]
async fn test_swap_with_limit_order_match() {
    let mut test = ProgramTest::new(
        "defi_tuna_amm",
        id(),
        processor!(processor::Processor::process)
    );
    
    // Add accounts and mints
    test.add_account(mint_pubkey, mint_account);
    
    let (mut banks_client, payer, recent_blockhash) = test.start().await;
    
    // Create and place limit order
    let place_order_ix = Instruction {
        program_id: id(),
        accounts: place_order_accounts,
        data: place_order_data,
    };
    
    // Execute swap that should match
    let swap_ix = Instruction {
        program_id: id(),
        accounts: swap_accounts,
        data: swap_data,
    };
    
    let transaction = Transaction::new_signed_with_payer(
        &[place_order_ix, swap_ix],
        Some(&payer.pubkey()),
        &[&payer],
        recent_blockhash
    );
    
    banks_client.process_transaction(transaction).await.unwrap();
}

## Conclusion

The DefiTuna AMM smart contract demonstrates advanced Anchor patterns for building sophisticated DeFi protocols on Solana. By combining concentrated liquidity, limit orders, and leverage in a single program, it showcases how to manage complex state relationships while maintaining security and efficiency.

Key takeaways for developers:
1. Use PDA hierarchies for secure ownership and access control
2. Implement mathematical operations with overflow protection
3. Design for composability with other Solana programs
4. Emit comprehensive events for off-chain indexing
5. Optimize for compute units in iteration-heavy operations

This contract serves as a foundation for building next-generation AMMs that bridge the gap between traditional order books and automated market makers.

Agent Skills Specification​

Directory structure​

SKILL.md format​

Frontmatter (required)​

name field​

description field​

license field​

compatibility field​

metadata field​

allowed-tools field​

Body content​

Optional directories​

scripts/​

references/​

assets/​

Progressive disclosure​

File references​

Validation​

Documentation index first​

What are skills?​

Skill directory structure​

SKILL.md specification essentials​

Frontmatter requirements​

Body content​

A spec-friendly template​

Mastra integration​

1) Place skills under your workspace filesystem basePath​

2) Configure skills on a workspace​

3) Dynamic skill directories (context-aware)​

4) What Mastra does “under the hood”​

5) Skill search and indexing in Mastra​

Repo conventions that work well​

Core constraint: embedding dimension ↔ vector index schema​

Architecture overview (pipeline flow)​

Retrieval + extraction: what happens per job​

1) Retrieval: taxonomy candidate narrowing (vector search)​

2) Extraction: structured inference via Mastra workflow​

Cloudflare Workers AI embeddings​

Model contract and hardening​

Dimension enforcement (non-negotiable)​

Turso/libSQL vector taxonomy index​

Reliability and operational controls​

Observability: console + file tee logs​

Graceful termination​

Idempotency / restart safety​

Throughput shaping​

Failure modes​

Retrieval layer failures (index health)​

Embedding timeouts​

Workflow failures​

Quick reference​

Why "observability-first" evals matter​

End-to-end architecture​

Observability design: what gets traced and why​

Trace strategy: one trace per test case​

Span strategy: one generation per model call​

Prompt governance: Langfuse prompts + fallback behavior​

Observability tip: always record the effective prompt identity​

Structured output: Zod as an observability contract​

Why structured output is observability, not just "parsing"​

The full eval lifecycle as a trace model​

Scoring and metrics: accuracy is necessary, insufficient​

Observability tip: store scorer metadata as the comment (or trace metadata)​

Run-level grouping: session IDs as your "eval run" primitive​

Mermaid: evaluation flow, sequence, and data model (together)​

1) Flow: control plane of the batch run​

2) Sequence: what actually happens per case​

3) Data model: eval artifacts​

How to run (and make it debuggable in one click)​

Environment variables​

Observability tip: print a stable "run header"​

Debugging workflow: from CI failure to root cause​

Practical tips & gotchas (observability edition)​

1) Always flush telemetry​

2) Don't parallelize blindly​

3) Track prompt identity, not just prompt text​

4) Separate "correctness" from "calibration"​

5) Add slice metrics before you add more test cases​

Suggested next upgrades (high leverage)​

A) Add latency and cost proxies​

Agent Skills Specification

Directory structure

SKILL.md format

Frontmatter (required)

`name` field

`description` field

`license` field

`compatibility` field

`metadata` field

`allowed-tools` field

Body content

Optional directories

scripts/

references/

assets/

Progressive disclosure

File references

Validation

Documentation index first

What are skills?

Skill directory structure

SKILL.md specification essentials

Frontmatter requirements

Body content

A spec-friendly template

Mastra integration

1) Place skills under your workspace filesystem basePath

2) Configure skills on a workspace

3) Dynamic skill directories (context-aware)

4) What Mastra does “under the hood”

5) Skill search and indexing in Mastra

Repo conventions that work well

Core constraint: embedding dimension ↔ vector index schema

Architecture overview (pipeline flow)

Retrieval + extraction: what happens per job

1) Retrieval: taxonomy candidate narrowing (vector search)

2) Extraction: structured inference via Mastra workflow

Cloudflare Workers AI embeddings

Model contract and hardening

Dimension enforcement (non-negotiable)

Turso/libSQL vector taxonomy index

Reliability and operational controls

Observability: console + file tee logs

Graceful termination

Idempotency / restart safety

Throughput shaping

Failure modes

Retrieval layer failures (index health)

Embedding timeouts

Workflow failures

Quick reference

Why "observability-first" evals matter

End-to-end architecture

Observability design: what gets traced and why

Trace strategy: one trace per test case

Span strategy: one generation per model call

Prompt governance: Langfuse prompts + fallback behavior

Observability tip: always record the effective prompt identity

Structured output: Zod as an observability contract

Why structured output is observability, not just "parsing"

The full eval lifecycle as a trace model

Scoring and metrics: accuracy is necessary, insufficient

Observability tip: store scorer metadata as the comment (or trace metadata)

Run-level grouping: session IDs as your "eval run" primitive

Mermaid: evaluation flow, sequence, and data model (together)

1) Flow: control plane of the batch run

2) Sequence: what actually happens per case

3) Data model: eval artifacts

How to run (and make it debuggable in one click)

Environment variables

Observability tip: print a stable "run header"

Debugging workflow: from CI failure to root cause

Practical tips & gotchas (observability edition)

1) Always flush telemetry

2) Don't parallelize blindly

3) Track prompt identity, not just prompt text

4) Separate "correctness" from "calibration"

5) Add slice metrics before you add more test cases

Suggested next upgrades (high leverage)

A) Add latency and cost proxies