refactor: hide context parameters from AI model tool schema

Prevent AI hallucination of runtime parameters by hiding them from the tool schema.

Architecture:
- Public tool functions (buy/sell) only expose symbol and amount to AI
- Use **kwargs to accept hidden parameters (signature, job_id, today_date, session_id)
- Internal _impl functions contain the actual business logic
- ContextInjector injects parameters into kwargs (invisible to AI)

Benefits:
- AI cannot see or hallucinate signature/job_id/session_id parameters
- Cleaner tool schema focuses on trading-relevant parameters only
- Defense-in-depth: ContextInjector still overrides any provided values
- More maintainable: clear separation of public API vs internal implementation

Example AI sees:
  buy(symbol: str, amount: int) -> dict

Actual execution:
  buy(symbol="AAPL", amount=10, signature="gpt-5", job_id="...", ...)

Fixes #TBD

agent/context_injector.py

@@ -51,15 +51,14 @@ class ContextInjector:
         if request.name in ["buy", "sell"]:
             # Debug: Log self attributes BEFORE injection
             print(f"[ContextInjector.__call__] ENTRY: id={id(self)}, self.signature={self.signature}, self.today_date={self.today_date}, self.job_id={self.job_id}, self.session_id={self.session_id}")
+            print(f"[ContextInjector.__call__] Args BEFORE injection: {request.args}")
 
-            # Add signature and today_date to args if not present
-            if "signature" not in request.args:
-                request.args["signature"] = self.signature
-            if "today_date" not in request.args:
-                request.args["today_date"] = self.today_date
-            if "job_id" not in request.args and self.job_id:
+            # ALWAYS inject/override context parameters (don't trust AI-provided values)
+            request.args["signature"] = self.signature
+            request.args["today_date"] = self.today_date
+            if self.job_id:
                 request.args["job_id"] = self.job_id
-            if "session_id" not in request.args and self.session_id:
+            if self.session_id:
                 request.args["session_id"] = self.session_id
 
             # Debug logging

agent_tools/tool_trade.py

@@ -82,24 +82,13 @@ def get_current_position_from_db(job_id: str, model: str, date: str) -> Tuple[Di
         conn.close()
 
 
-@mcp.tool()
-def buy(symbol: str, amount: int, signature: str = None, today_date: str = None,
-        job_id: str = None, session_id: int = None) -> Dict[str, Any]:
+def _buy_impl(symbol: str, amount: int, signature: str = None, today_date: str = None,
+              job_id: str = None, session_id: int = None) -> Dict[str, Any]:
     """
-    Buy stock function - writes to SQLite database.
+    Internal buy implementation - accepts injected context parameters.
 
-    Args:
-        symbol: Stock symbol (e.g., "AAPL", "MSFT")
-        amount: Number of shares to buy (positive integer)
-        signature: Model signature (injected by ContextInjector)
-        today_date: Trading date YYYY-MM-DD (injected by ContextInjector)
-        job_id: Job UUID (injected by ContextInjector)
-        session_id: Trading session ID (injected by ContextInjector)
-
-    Returns:
-        Dict[str, Any]:
-          - Success: {"CASH": amount, symbol: quantity, ...}
-          - Failure: {"error": message, ...}
+    This function is not exposed to the AI model. It receives runtime context
+    (signature, today_date, job_id, session_id) from the ContextInjector.
     """
     # Validate required parameters
     if not job_id:
@@ -206,8 +195,31 @@ def buy(symbol: str, amount: int, signature: str = None, today_date: str = None,
 
 
 @mcp.tool()
-def sell(symbol: str, amount: int, signature: str = None, today_date: str = None,
-         job_id: str = None, session_id: int = None) -> Dict[str, Any]:
+def buy(symbol: str, amount: int, **kwargs) -> Dict[str, Any]:
+    """
+    Buy stock shares.
+
+    Args:
+        symbol: Stock symbol (e.g., "AAPL", "MSFT", "GOOGL")
+        amount: Number of shares to buy (positive integer)
+
+    Returns:
+        Dict[str, Any]:
+          - Success: {"CASH": remaining_cash, "SYMBOL": shares, ...}
+          - Failure: {"error": error_message, ...}
+    """
+    # Extract injected parameters (added by ContextInjector, hidden from AI)
+    signature = kwargs.get("signature")
+    today_date = kwargs.get("today_date")
+    job_id = kwargs.get("job_id")
+    session_id = kwargs.get("session_id")
+
+    # Delegate to internal implementation
+    return _buy_impl(symbol, amount, signature, today_date, job_id, session_id)
+
+
+def _sell_impl(symbol: str, amount: int, signature: str = None, today_date: str = None,
+               job_id: str = None, session_id: int = None) -> Dict[str, Any]:
     """
     Sell stock function - writes to SQLite database.
 
@@ -327,6 +339,30 @@ def sell(symbol: str, amount: int, signature: str = None, today_date: str = None
         conn.close()
 
 
+@mcp.tool()
+def sell(symbol: str, amount: int, **kwargs) -> Dict[str, Any]:
+    """
+    Sell stock shares.
+
+    Args:
+        symbol: Stock symbol (e.g., "AAPL", "MSFT", "GOOGL")
+        amount: Number of shares to sell (positive integer)
+
+    Returns:
+        Dict[str, Any]:
+          - Success: {"CASH": remaining_cash, "SYMBOL": shares, ...}
+          - Failure: {"error": error_message, ...}
+    """
+    # Extract injected parameters (added by ContextInjector, hidden from AI)
+    signature = kwargs.get("signature")
+    today_date = kwargs.get("today_date")
+    job_id = kwargs.get("job_id")
+    session_id = kwargs.get("session_id")
+
+    # Delegate to internal implementation
+    return _sell_impl(symbol, amount, signature, today_date, job_id, session_id)
+
+
 if __name__ == "__main__":
     port = int(os.getenv("TRADE_HTTP_PORT", "8002"))
     mcp.run(transport="streamable-http", port=port)