feat: enforce min/max sats amount on orders

[ToRyVand]

Summary

Adds configurable MAX_PAYMENT_AMT environment variable alongside the existing MIN_PAYMENT_AMT to enforce sats amount limits on all orders.

Closes #406

Changes

File	What
.env-sample	Added MAX_PAYMENT_AMT=10000000
bot/validations.ts	Max check in validateSellOrder and validateBuyOrder
bot/messages.ts	New mustBeLessEqThan message helper
bot/modules/orders/scenes.ts	Min/max validation in the interactive wizard
locales/*.yaml (10 files)	Added must_be_lt_or_eq key in all languages
tests/bot/validation.spec.ts	9 new tests for boundary and edge cases

Behavior

• Backwards compatible: if MAX_PAYMENT_AMT is not set, no upper limit is enforced
• Market price orders (amount=0) always bypass both min/max checks
• Boundary: amount == MAX_PAYMENT_AMT is accepted, amount > MAX_PAYMENT_AMT is rejected
• Wizard fix: the interactive order wizard now also validates MIN_PAYMENT_AMT (previously only the command-line path did)

Tests

141/141 passing — includes new tests:

• Amount exceeds maximum → rejected
• Amount equals maximum → accepted
• Amount one above maximum → rejected
• Market price (amount=0) with max set → accepted
• No MAX_PAYMENT_AMT configured → no limit (retrocompatible)

npm run lint   ✅
npm run format ✅  
npm test       ✅ 141 passing

Summary by CodeRabbit

• New Features

  • Order processing now enforces a configurable maximum payment amount (defaults provided in the sample env). Orders exceeding the limit are rejected.
  • Users receive clear, localized validation messages when amounts exceed the allowed maximum; translations added for 11 languages.

• Tests

  • Validation behavior around maximum payment limits covered by new automated tests (including edge cases and zero-amount handling).

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: a1809736-d22f-44cb-afe5-720413e64911

📥 Commits

Reviewing files that changed from the base of the PR and between 2129a12 and 4afcbee.

📒 Files selected for processing (15)

• .env-sample
• bot/messages.ts
• bot/modules/orders/scenes.ts
• bot/validations.ts
• locales/de.yaml
• locales/en.yaml
• locales/es.yaml
• locales/fa.yaml
• locales/fr.yaml
• locales/it.yaml
• locales/ko.yaml
• locales/pt.yaml
• locales/ru.yaml
• locales/uk.yaml
• tests/bot/validation.spec.ts

✅ Files skipped from review due to trivial changes (10)

• .env-sample
• locales/de.yaml
• locales/ko.yaml
• locales/it.yaml
• locales/fr.yaml
• locales/uk.yaml
• locales/pt.yaml
• bot/messages.ts
• locales/es.yaml
• locales/ru.yaml

🚧 Files skipped from review as they are similar to previous changes (4)

• locales/fa.yaml
• locales/en.yaml
• tests/bot/validation.spec.ts
• bot/modules/orders/scenes.ts

---

Walkthrough

Introduces a MAX_PAYMENT_AMT environment variable and enforces an upper payment bound across order creation and validation; adds a new i18n message helper and corresponding "less or equal" translations; tests updated to cover max-amount behavior.

Changes

Cohort / File(s)	Summary
Configuration \.env-sample	Added MAX_PAYMENT_AMT=10000000 (maximum payment amount in satoshis).
Message Helpers bot/messages.ts	Added exported async helper mustBeLessEqThan(ctx, fieldName, qty) to send "less or equal" i18n messages and log errors.
Order Creation Handlers bot/modules/orders/scenes.ts	createOrderHandlers.sats now enforces min/max payment bounds using process.env.MIN_PAYMENT_AMT and process.env.MAX_PAYMENT_AMT, sets wizard error and updates UI on violations.
Validation Logic bot/validations.ts	validateSellOrder and validateBuyOrder now parse and enforce MAX_PAYMENT_AMT (reject when amount > max and max > 0), calling the new message helper on failure.
Localization locales/(de.yaml|en.yaml|es.yaml|fa.yaml|fr.yaml|it.yaml|ko.yaml|pt.yaml|ru.yaml|uk.yaml)	Added must_be_lt_or_eq translation key in all listed locale files with ${fieldName}/${qty} template.
Tests tests/bot/validation.spec.ts	Expanded tests to cover rejecting amounts > MAX_PAYMENT_AMT, accepting equal amounts, skipping when unset, and allowing zero amounts; stubs/reset env per case.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Suggested reviewers

• mostronatorcoder
• grunch

Poem

🐰 I hopped through code with careful cheer,
A ceiling set for sats so dear,
Ten tongues now tell the new rule true,
Bounds in place for me and you,
Hooray — precise limits, clear and new!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat: enforce min/max sats amount on orders' is a clear, concise summary of the primary change—adding enforcement of minimum and maximum satoshi amounts on orders.
Linked Issues check	✅ Passed	All primary coding requirements from issue #406 are met: MAX_PAYMENT_AMT configuration added, enforcement in validations, interactive wizard bounds checking, localization for error messages, and comprehensive tests.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to implementing min/max satoshi amount enforcement; no unrelated or out-of-scope modifications were introduced.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

bot/modules/orders/scenes.ts (1)

307-339: ⚠️ Potential issue | 🟡 Minor

Validate limits against the normalized sats value.

At Line [329], max validation compares the raw numeric input, but at Line [337] the stored amount is Math.floor(input). This can reject inputs that would persist as valid integer sats, diverging from command-path behavior.

💡 Suggested patch

-    const input = Number(ctx.message?.text);
+    const rawInput = Number(ctx.message?.text);
     await ctx.deleteMessage();
-    if (isNaN(input)) {
+    if (isNaN(rawInput)) {
       ctx.wizard.state.error = ctx.i18n.t('not_number');
       await ctx.wizard.state.updateUI();
       return;
     }
-    if (input < 0) {
+    if (rawInput < 0) {
       ctx.wizard.state.error = ctx.i18n.t('not_negative');
       await ctx.wizard.state.updateUI();
       return;
     }
+    const input = Math.floor(rawInput);
     const minPaymentAmt = Number(process.env.MIN_PAYMENT_AMT) || 0;
     const maxPaymentAmt = Number(process.env.MAX_PAYMENT_AMT) || 0;
@@
-    ctx.wizard.state.sats = Math.floor(input);
+    ctx.wizard.state.sats = input;

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@bot/modules/orders/scenes.ts` around lines 307 - 339, The validation uses the
raw Number(input) for min/max checks but later stores Math.floor(input) into
ctx.wizard.state.sats, causing mismatches; normalize the input once (e.g., const
normalized = Math.floor(input)) immediately after the NaN/negative checks and
use that normalized value for the minPaymentAmt/maxPaymentAmt comparisons and
for assigning ctx.wizard.state.sats, while preserving the existing guards that
allow 0 as a special case.

🧹 Nitpick comments (2)

.env-sample (1)

54-55: Consider clarifying optional behavior in the sample comment.
To avoid confusion, add a note that leaving MAX_PAYMENT_AMT unset disables the upper bound (as intended for backward compatibility).

Based on learnings: document new environment variables in .env-sample and keep behavior clear for .env users.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.env-sample around lines 54 - 55, Update the comment above the
MAX_PAYMENT_AMT env var to explicitly state that this setting is optional and
that leaving MAX_PAYMENT_AMT unset disables the upper bound (preserving backward
compatibility); mention the units (satoshis) and the default behavior so users
know the sample value (10000000) is only an example and not required.

tests/bot/validation.spec.ts (1)

146-209: Good boundary coverage for command validations; add wizard-path parity tests too.

These additions cover command-based max checks well. Since wizard flow has separate min/max logic, add corresponding tests for createOrderHandlers.sats to prevent command/wizard drift on edge inputs.

Also applies to: 285-342

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/bot/validation.spec.ts` around lines 146 - 209, Add parallel tests that
exercise the wizard flow handler createOrderHandlers.sats mirroring the
command-path cases you added for validateSellOrder: stub process.env for
MIN_PAYMENT_AMT and MAX_PAYMENT_AMT and test scenarios for amount > MAX (expect
failure and reply), amount == MAX (expect success/object), MAX unset (skip max
check and succeed), amount 0 with range (market price allowed and result.amount
=== 0), and amount == MAX+1 (expect failure). Reuse the same sandbox setup and
assertion style (replyStub checks, expect(...).to.equal(false) or
.to.be.an('object')) so wizard-path logic stays in parity with
validateSellOrder.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@bot/validations.ts`:
- Around line 215-226: Normalize and cache MAX_PAYMENT_AMT as a numeric value
before the max-amount guard in both validateSellOrder and validateBuyOrder:
parse process.env.MAX_PAYMENT_AMT into a const (e.g., maxPaymentAmt =
Number(process.env.MAX_PAYMENT_AMT)), treat non-finite or zero values as
“disabled” (skip the cap), and then only enforce the check when maxPaymentAmt is
a finite > 0 by replacing the existing condition (amount !== 0 &&
process.env.MAX_PAYMENT_AMT && amount > Number(...)) with a condition that uses
maxPaymentAmt (e.g., amount !== 0 && Number.isFinite(maxPaymentAmt) &&
maxPaymentAmt > 0 && amount > maxPaymentAmt) and keep the same
messages.mustBeLessEqThan call using maxPaymentAmt.

---

Outside diff comments:
In `@bot/modules/orders/scenes.ts`:
- Around line 307-339: The validation uses the raw Number(input) for min/max
checks but later stores Math.floor(input) into ctx.wizard.state.sats, causing
mismatches; normalize the input once (e.g., const normalized =
Math.floor(input)) immediately after the NaN/negative checks and use that
normalized value for the minPaymentAmt/maxPaymentAmt comparisons and for
assigning ctx.wizard.state.sats, while preserving the existing guards that allow
0 as a special case.

---

Nitpick comments:
In @.env-sample:
- Around line 54-55: Update the comment above the MAX_PAYMENT_AMT env var to
explicitly state that this setting is optional and that leaving MAX_PAYMENT_AMT
unset disables the upper bound (preserving backward compatibility); mention the
units (satoshis) and the default behavior so users know the sample value
(10000000) is only an example and not required.

In `@tests/bot/validation.spec.ts`:
- Around line 146-209: Add parallel tests that exercise the wizard flow handler
createOrderHandlers.sats mirroring the command-path cases you added for
validateSellOrder: stub process.env for MIN_PAYMENT_AMT and MAX_PAYMENT_AMT and
test scenarios for amount > MAX (expect failure and reply), amount == MAX
(expect success/object), MAX unset (skip max check and succeed), amount 0 with
range (market price allowed and result.amount === 0), and amount == MAX+1
(expect failure). Reuse the same sandbox setup and assertion style (replyStub
checks, expect(...).to.equal(false) or .to.be.an('object')) so wizard-path logic
stays in parity with validateSellOrder.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 4c284b48-2a37-4002-a663-ac1b39bf3f63

📥 Commits

Reviewing files that changed from the base of the PR and between 02145ef and 2129a12.

📒 Files selected for processing (15)

• .env-sample
• bot/messages.ts
• bot/modules/orders/scenes.ts
• bot/validations.ts
• locales/de.yaml
• locales/en.yaml
• locales/es.yaml
• locales/fa.yaml
• locales/fr.yaml
• locales/it.yaml
• locales/ko.yaml
• locales/pt.yaml
• locales/ru.yaml
• locales/uk.yaml
• tests/bot/validation.spec.ts