Bureau — Red Team (offensive)
Market-Honest
Best-execution and disclosed-strategy claims in equity markets are typically enforced through self-reporting and periodic audit. Market-Honest signs every fill, evaluates each fill against the NBBO at execution time, and detects cross-exchange pump-and-dump patterns. When a dossier is decisive, Bounty auto-files with FINRA or the SEC.
Posture: 🔴 Red Team (offensive) · Status: alpha
What it does
US securities markets run on three claims that today are mostly enforced by self-reporting plus periodic audit. Best execution means a broker has to fill your order at or better than the NBBO (National Best Bid and Offer – the best available bid and ask across all US exchanges at the time of execution). Disclosed strategy means a hedge fund or market-maker has to behave consistently with the trading approach they registered with regulators. Manipulation prohibitions (SEC Rule 10b-5 under the Securities Exchange Act of 1934) prohibit pump-and-dump schemes – coordinated buying that inflates a stock followed by coordinated selling at the top. all three are routinely violated and enforcement is slow because the observations are messy.
Market-Honest signs the relevant data per-fill and runs three detectors continuously. Model swap: the issuer registers a StrategyFingerprint – a centroid feature vector over order-flow stochastics. Every signed Fill carries its actual order-flow vector. Deviation more than 3 sigma fires a model-swap proof. Best-execution-fail: every fill carries the NBBO at execution. The arithmetic is purely mechanical – buy filled above NBBO ask plus tolerance (default 5 basis points = 0.05%) or sell below NBBO bid minus tolerance fires best-execution-fail. Pump-and-dump: synchronized buys across 3+ distinct venues within 60 seconds, followed by synchronized sells across the same venues within 5 minutes. Single-venue whales (legitimate large institutional fills) do not fire – only coordinated cross-exchange rings.
Who would use it
- A retail broker (Robinhood, Schwab) that wants verifiable best-execution attestation as a competitive differentiator.
- A regulator (SEC, FINRA) building an enforcement observation base independent of broker self-reporting.
- A hedge fund's compliance officer continuously verifying their own deployed strategy matches disclosure.
- An institutional investor measuring real best-execution quality across counterparty brokers.
- A short-seller or activist investor building a pump-and-dump dossier for an SEC complaint.
What you'll need
- The Pluck CLI (
npm install -g @sizls/pluck-cli). - For per-fill signing: integration with your order management system to emit a signed
Fillfor every execution. Pluck ships reference adapters for FIX 4.4 and FIX 5.0. - An NBBO feed at execution time. The Pluck CLI accepts SIP feed (CTA, UTP) or proprietary consolidated feeds.
- A registered
StrategyFingerprint– the issuer's auditor signs this when the strategy is disclosed to FINRA or SEC. - For the regulator side: a verifier that re-derives centroid math and NBBO arithmetic from signed fills. Runs on a regulator laptop, no broker cooperation needed.
Step-by-step
The alpha runs the full constraint chain on synthetic fills, NBBO data, and strategy fingerprints – there is no live FIX integration yet. Production capture and verify ship in a follow-up. To exercise the system today:
pluck bureau market-honest demo
Expected output: the system ingests one disclosed strategy and eight signed fills (one baseline, one model-swap, one best-execution-fail, three pump, three dump), and emits three signed proofs (model-swap, best-execution-fail, pump-and-dump). Each proof carries the offending fills, the NBBO arithmetic when applicable, and the cross-venue ring membership when applicable.
What to do with the output: in production, brokers stream signed fills to their own Rekor namespace. Regulators run continuous verifiers that re-derive every claim. A pump-and-dump dossier auto-files via Bounty to FINRA or SEC; a best-execution-fail proof becomes the basis for a customer-facing PFOF rebate or a regulatory action.
Run it yourself
Drop this into a Node 18+ project (npm install @sizls/pluck-bureau-market-honest @sizls/pluck-bureau-core tsx):
// index.ts
import { createHash } from "node:crypto";
import {
createMarketHonestSystem,
fingerprintPrivateKey,
signCanonicalBody,
} from "@sizls/pluck-bureau-market-honest";
import { generateOperatorKey } from "@sizls/pluck-bureau-core";
const sha256 = (s: string) => createHash("sha256").update(s).digest("hex");
const flush = (n = 60) => new Promise<void>((r) => { let i = 0; const tick = () => (++i >= n ? r() : setImmediate(tick)); setImmediate(tick); });
async function main() {
const op = generateOperatorKey();
const venue = generateOperatorKey();
const venueFp = fingerprintPrivateKey(venue.privateKeyPem);
const system = createMarketHonestSystem({
signingKey: op.privateKeyPem,
disablePausePoll: true,
disableLogging: true,
tolerances: { deviationSigmaThreshold: 3, bestExecutionBps: 5, minPumpVenues: 3, pumpWindowMs: 60_000, dumpWindowMs: 300_000 },
});
// One best-execution fail: buy at 10.50 when NBBO ask is 10.00 (500 bps over a 5 bps tolerance).
const skeleton = {
schemaVersion: 1 as const, side: "buy" as const, qty: 50, price: 10.5,
venue: "venue-b", symbol: "ACME", modelIdHash: sha256("model:salt"),
nbboBid: 9.99, nbboAsk: 10.0, counterpartyIdHash: sha256("cp:1"),
orderFlowVector: [10, 0.5, 0.2, 0.8, 0.4],
observedAt: "2026-04-26T03:00:00.000Z", observerFingerprint: venueFp,
};
const fillId = sha256(JSON.stringify(skeleton));
const { signature } = signCanonicalBody({ ...skeleton, fillId }, venue.privateKeyPem);
try {
system.observeFill({ ...skeleton, fillId, signature });
await flush();
for (const p of system.facts.proofs()) {
console.log(`proof kind=${p.kind} id=${p.proofId.slice(0, 16)}…`);
}
} finally {
await system.shutdown();
}
}
main().catch((err) => { console.error(err); process.exit(1); });
Run with tsx index.ts. Expected output:
proof kind=best-execution-fail id=…
▶ Open in StackBlitz – runs in your browser, no install required.
What you get
A signed MarketHonest.Proof with one of three kind values:
model-swap– deployed order-flow vector deviates more than 3 sigma from the disclosed strategy centroid.best-execution-fail– buy fill above NBBO ask plus tolerance, or sell below NBBO bid minus tolerance.pump-and-dump– synchronized buys across 3+ venues within 60 seconds followed by synchronized sells within 5 minutes.
The Bureau never carries raw client-account identifiers. Counterparty IDs and model IDs are hashed before signing. Notarized proofs cannot dox a brokerage's client list or enumerate vendor model catalogs.
What it can't do
- Market-Honest cannot evaluate the quality of a disclosed strategy – only its consistency with deployment.
- Single-venue manipulation (e.g., a fund running a wash-trade ring on one exchange) requires cross-tick analysis Market-Honest does not yet implement.
- The NBBO feed is a trust anchor. If you trust an inaccurate consolidated feed, your best-execution arithmetic is wrong. Use a regulator-published reference SIP feed for litigation-grade attestation.
- Coordinated-but-legal trading (e.g., index rebalance windows) can superficially resemble pump-and-dump. The 60s-then-5min pattern is tuned to minimize false positives but cannot be eliminated.
A real-world example
A retail trader observes a small-cap stock spiking 40% on no news, then collapsing within 4 minutes. The trader retrieves the public Market-Honest Rekor entries for that ticker on that day. The verifier re-derives the activity: synchronized buys at venues A, B, and C within a 38-second window, followed by synchronized sells at the same three venues within 4 minutes 12 seconds. A pump-and-dump proof has already been auto-filed with FINRA via Bounty. The trader files an SEC tip referencing the Rekor entry. The ring's operators are subsequently charged, and the trader is eligible for a whistleblower award under SEC Section 21F.
For developers
Predicate URIs
| URI | What it attests |
|---|---|
https://pluck.run/MarketHonest.Fill/v1 | Per-fill signed trade observation plus NBBO plus order-flow vector. |
https://pluck.run/MarketHonest.BotProbe/v1 | Dragnet-style external probe of a market-maker public API. |
https://pluck.run/MarketHonest.Strategy/v1 | Disclosed strategy fingerprint (vendor / regulator commitment). |
https://pluck.run/MarketHonest.Proof/v1 | Published proof with kind (model-swap, best-execution-fail, pump-and-dump). |
Programs composed
- Dragnet – probe-pack scraping of public market-maker and trading-bot APIs.
- Fingerprint – order-flow centroid math for model-swap detection.
- Custody – fill → reporting-leg → regulator submission chain.
- Bounty – auto-file routing to FINRA and SEC.
Threat model + adversary
Adversaries: a broker who routes orders to internalized venues at worse than NBBO, a hedge fund that swaps strategies post-disclosure, a coordinated pump ring, a regulator who would prefer the observations didn't surface. Market-Honest closes the per-fill, per-strategy, and cross-venue holes. See Threat Model.
Verify a published cassette
pluck bureau verify <bundle-dir>
cosign verify-blob --key <pubkey.pem> --signature <sig> --type https://pluck.run/MarketHonest.Proof/v1 <body.json>
Every proof is a DSSE envelope notarized to Rekor. SEC and FINRA verifiers re-derive the centroid math from signed Fill bodies, recompute the NBBO arithmetic, verify Ed25519 signatures against each venue's published signing-key fingerprint, and confirm pump-and-dump ring membership. Verification requires only Rekor plus the published StrategyFingerprint – no broker cooperation.
See also
- Bureau Foundations
- Threat Model
- Verify a dossier
- Dragnet – Dragnet probe-pack composition
- Fingerprint – order-flow / strategy centroid math
- Custody – chain-of-custody for fill → regulator submission
- Bounty – auto-file routing (FINRA / SEC)