RSX v0

spec-first perpetuals exchange in rust · spec phase

Status: v0 / Spec Phase. RSX is a design exercise and proof-of-concept. The specs are written, the core is implemented, but this is not production software. No real money. No live trading. Research and exploration only.

TL;DR

A perpetual futures exchange designed from the ground up in Rust. 35 spec documents before any code. 960 tests. Target: <50us end-to-end latency, <500ns matching engine. Zero heap on the hot path. Core built in three days. Still in spec/prototype phase.

Origin Story

RSX started with a simple question: what if you wrote all the specs before any code?

Feb 7-8, 2026

35 specification documents. 5,000 lines of markdown. Every interface, every failure mode, every invariant written down before a single impl block.

Feb 9

Day 1 of coding. Orderbook, matching engine, WAL writer, DXS replay. 400 tests by end of day.

Feb 10

Risk engine, gateway, market data, liquidations, mark price. CMP wire protocol finalized. 960 tests. Spec compliance audit passed.

Feb 11+

Playground dashboard, trading UI, bug fixes, parallel agent audits that found 90 more bugs. Hardening.

Key Insight

The spec-first approach meant we discovered protocol mismatches at spec review time, not integration time. The CRITIQUE.md identified 36 design gaps. All 36 were resolved before writing code.

Architecture Overview

Six process types. Nine Rust crates. One wire format.

                    Internet
                       |
                   [WebSocket]
                       |
                  +----------+
                  | Gateway  |  auth, rate limit, validation
                  +----+-----+
                       |
                  [CMP/UDP]
                       |
                  +----------+
                  |   Risk   |  margin, positions, liquidation
                  |  (shard) |  per user_id hash
                  +----+-----+
                       |
                  [CMP/UDP]
                       |
          +------------+------------+
          |            |            |
     +----+----+  +----+----+  +---+-----+
     | ME: BTC |  | ME: ETH |  | ME: ... |
     +---------+  +---------+  +---------+

The Crates

rsx-types

Price, Qty, Side, SymbolConfig. Fixed-point i64 newtypes. Zero-cost abstractions.

rsx-book

Orderbook with slab allocator. CompressionMap turns 20M price levels into 617K slots.

rsx-matching

Single-threaded matching engine. FIFO price-time priority. GTC, IOC, FOK, post-only.

rsx-risk

Portfolio margin. Position tracking. Liquidation triggers. Funding payments.

rsx-dxs

WAL writer/reader. CMP protocol. DXS replay service. No Kafka, no NATS.

rsx-gateway

WebSocket ingress. JWT auth. Rate limiting. Circuit breaker. CMP bridge to risk.

Communication

Transport Modes

CMP/UDP hot path, <10us latency

WAL/TCP cold path, replay, archival

SPSC Rings intra-process, 50-170ns per hop

monoio io_uring for network I/O

Design Principles

Zero Heap on Hot Path

Slab allocators for orders. CompressionMap for price levels. Pre-allocated event buffers. No malloc during matching. The matching engine sees 100-500ns per order.

Fixed-Point Everywhere

All values are i64 in smallest units. No floats, anywhere. Deterministic across architectures. Type-safe newtypes prevent mixing Price and Qty at compile time.

One Wire Format

WAL bytes = disk bytes = wire bytes = memory bytes

No serialization layer. No protobuf. No FlatBuffers. Just #[repr(C, align(64))] and CRC32.

Backpressure, Not Drops

When a buffer fills, the producer stalls. Never drop data silently. A delayed fill is acceptable. A lost fill means incorrect positions.

Asymmetric Durability

Fills: 0ms loss (fsync before send). Orders: ephemeral (user retries on crash). Positions: derived (replay fills to rebuild).

Current Progress

v0 / Spec Phase

RSX is a design study, not a production system. The architecture is validated through specs and unit tests. No E2E integration. No load testing. No security audit. This is research-grade code exploring exchange architecture patterns.

Metric	Value
Rust LOC	~34,000
Tests	960 Rust + 156 Playwright
Spec docs	35 files, 5k lines
Crates	9
V1 spec coverage	~99% (unit level)
E2E integration	not yet
Production ready	no

What Works (in isolation)

Full order lifecycle: submit, match, fill, position update
GTC, IOC, FOK, post-only, reduce-only orders
Cross-margin with liquidation triggers
Mark price aggregation from external feeds
WAL-based crash recovery
Playground dev dashboard with process control
Trading UI (Bybit-style)

Blog Posts

19 engineering posts document the journey. Design philosophy, matching engine internals, wire protocols, hostile testing, and the bugs we found.

Highlights

Design Philosophy — why we wrote 35 specs before code
The Matching Engine That Runs at 100ns — slab allocators, cache alignment, pinned cores
DXS: Every Producer Is the Broker — no Kafka, 10us vs 10ms
Parallel Agent Audits — 4 AI agents found 90 bugs in 3 hours

What's Next

Coming Soon

Full E2E smoke test

The complete pipeline: WS client → Gateway → Risk → ME → back. Individual components tested. Now the full loop.

Stress testing

Target: 1M fills/sec sustained. Criterion benchmarks exist. Sustained load testing pending.

V2 features

Market orders. Variable tick sizes. Multi-datacenter replication. Each a spec-first effort.

RSX v0 aims to be the smallest exchange design that is correct. The specs and unit tests validate the architecture. Production deployment is a different project entirely.

Links

Explore

💻 GitHub source, specs, blog 📜 Specifications 35 v1 docs 📝 Engineering Blog 19 posts 🎮 Playground dev dashboard