Reset Api Balance

Reset the user’s API wallet to their tier baseline and close all open API positions.

Tier-aware reset (Codex P2 review on PR #1499):

• Pro grant → $10,000
• Pro+ grant → $25,000
• Enterprise → $10,000 (admin-only tier, Pro-equivalent baseline)
• No grant / Free / unknown tier → $10,000 fallback (preserves the legacy behaviour for users with a key but no active grant — e.g., lapsed beta members)

Resolution uses app.api_access._tier_api_baseline which reads FEATURE_MATRIX["wallets.api_baseline"] so a plans.py edit propagates here automatically.

Accepts both X-API-Key and Authorization: Bearer <jwt> auth so the website’s API-keys dashboard can trigger a reset via the cookie session, AND an API client can self-reset programmatically (the bot use case — “give me a clean wallet so the next strategy backtest starts fresh”). The wallet that gets reset is always the API wallet regardless of auth source — JWT-auth from the UI does NOT touch the MAIN wallet.

Enforces a cooldown period defined by the API_RESET_COOLDOWN_DAYS environment variable (default 0 = no cooldown during beta).

D1 — wrap in the per-user advisory lock so a concurrent reset + place-trade / cancel for the same user serialize at the application layer instead of contending on accounts FOR UPDATE. Reset rewrites api_balance and closes every open API position; holding the lock across the body prevents the trade-vs-reset race that would otherwise let a fill commit against the pre-reset balance while the reset commit is mid-flight. See PR #1208 for the original advisory-lock landing.