Environment Variables¶

Configuration via environment variables.

Required Variables¶

Polymarket¶

Variable	Description	Example
`POLY_PRIVATE_KEY`	Ethereum private key (hex, no 0x prefix)	`abc123...`
`POLY_API_KEY`	CLOB API key	`pk_...`
`POLY_API_SECRET`	CLOB API secret	`sk_...`
`POLY_API_PASSPHRASE`	CLOB API passphrase	`passphrase123`

Kalshi (Production)¶

Variable	Description	Example
`KALSHI_KEY_ID`	API key identifier	`key_abc123`
`KALSHI_PRIVATE_KEY`	RSA private key (PEM format)	See below

Kalshi (Demo)¶

For testing with Kalshi's demo environment (mock funds, no real money):

Variable	Description	Example
`KALSHI_DEMO_KEY_ID`	Demo API key identifier	`demo_key_abc123`
`KALSHI_DEMO_PRIVATE_KEY`	Demo RSA private key (PEM format)	See below

Use with --kalshi-demo flag. See Kalshi Demo Environment to create demo credentials.

RSA Key Format¶

The KALSHI_PRIVATE_KEY must be in PEM format:

-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA...
...
-----END RSA PRIVATE KEY-----

When setting in shell, use quotes to preserve newlines:

export KALSHI_PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA...
-----END RSA PRIVATE KEY-----"

Or use a file:

export KALSHI_PRIVATE_KEY="$(cat /path/to/key.pem)"

Optional Variables¶

General¶

Variable	Description	Default
`RUST_LOG`	Log level	`info`

Paper Trading¶

Variable	Description	Default
`ARBITER_PAPER_TRADE`	Enable paper trading mode	`false`
`ARBITER_FIDELITY`	Fill fidelity (`basic` or `realistic`)	`basic`
`ARBITER_LATENCY_MS`	Simulated network latency in milliseconds	none

Market Discovery¶

Feature Flag Required

Market discovery requires building with --features discovery.

Core Settings¶

Variable	Description	Default
`DISCOVERY_SCAN_INTERVAL_SECS`	Interval between automatic scans	`3600` (1 hour)
`DISCOVERY_POLYMARKET_DELAY_MS`	Delay between Polymarket API requests	`100`
`DISCOVERY_KALSHI_DELAY_MS`	Delay between Kalshi API requests	`100`
`DISCOVERY_SIMILARITY_THRESHOLD`	Minimum similarity score for candidates	`0.6`
`DISCOVERY_DB_PATH`	Path to discovery SQLite database	`discovery.db`

Phase 2-3: Scoring Configuration¶

Variable	Description	Default
`DISCOVERY_AUTO_APPROVE_THRESHOLD`	Score threshold for automatic approval	`0.85`
`DISCOVERY_AUTO_REJECT_THRESHOLD`	Score threshold for automatic rejection	`0.40`
`DISCOVERY_FINGERPRINT_WEIGHT`	Weight for fingerprint matching score	`0.50`
`DISCOVERY_EMBEDDING_WEIGHT`	Weight for embedding similarity score	`0.40`
`DISCOVERY_TEXT_WEIGHT`	Weight for text similarity score	`0.10`
`DISCOVERY_EMBEDDING_DIM`	Dimension of embedding vectors	`256`
`DISCOVERY_EMBEDDING_BATCH_SIZE`	Batch size for embedding generation	`100`

The hybrid scoring formula combines these weights (must sum to 1.0):

final_score = FINGERPRINT_WEIGHT × fingerprint + EMBEDDING_WEIGHT × embedding + TEXT_WEIGHT × text

Phase 4: LLM Verification¶

Variable	Description	Default
`DISCOVERY_LLM_ENABLED`	Enable LLM verification for uncertain cases	`false`
`DISCOVERY_LLM_BUDGET`	Daily budget in USD for LLM calls	`50.00`
`DISCOVERY_ESCALATION_LOW`	Lower threshold for LLM escalation	`0.60`
`DISCOVERY_ESCALATION_HIGH`	Upper threshold for LLM escalation	`0.85`

Candidates with scores between ESCALATION_LOW and ESCALATION_HIGH are escalated to LLM verification when LLM_ENABLED is true. The system uses a tiered approach:

Score Range	Escalation Tier	Approximate Cost
≥ 0.85	None	$0
0.70-0.85	Haiku	~$0.001/call
0.60-0.70	Sonnet	~$0.01/call
< 0.60	Auto-reject	$0

Budget Management

When DISCOVERY_LLM_BUDGET is exhausted for the day, LLM verification is disabled and all uncertain cases are flagged for human review.

Security Best Practices¶

Never commit credentials

Add .env to .gitignore
Use secret management in production (AWS Secrets Manager, Vault, etc.)
Rotate keys regularly

Using .env Files¶

For local development, create a .env file:

# .env (DO NOT COMMIT)
POLY_PRIVATE_KEY=your_key_here
POLY_API_KEY=your_key_here
POLY_API_SECRET=your_secret_here
POLY_API_PASSPHRASE=your_passphrase_here
KALSHI_KEY_ID=your_key_id_here
KALSHI_PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----"

Production¶

In production environments:

Use environment-native secret management
Inject secrets at runtime
Avoid writing secrets to disk
Use IAM roles where possible

Verification¶

Verify your configuration with:

cargo run --manifest-path arbiter-engine/Cargo.toml -- --check-connectivity

This validates credentials without starting the trading loop.