Backlog: backend WS/security hardening + frontend dashboard Wave 1#129
Open
cardosofede wants to merge 28 commits into
Open
Backlog: backend WS/security hardening + frontend dashboard Wave 1#129cardosofede wants to merge 28 commits into
cardosofede wants to merge 28 commits into
Conversation
El bloque EXECUTORS de WebSocketManager._on_data_update referenciaba self._executor_ws_tasks, atributo que nunca se define (el __init__ declara _executor_tasks). Al llegar data de tipo EXECUTORS por el WS se lanzaba AttributeError, crasheando el procesamiento. Se renombra a _executor_tasks, que es el dict real de tareas de stream de executors. Cierra CORR-001 del backlog improvements/. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…oso en ws_manager (PERF-004, READ-015, READ-017) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…o en config_manager (CORR-003, READ-016) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
… (CORR-002) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…oop del portfolio web (PERF-005) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…006) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…(SEC-007) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…EC-009, SEC-010) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…ntes de estado del portfolio (ARCH-011, ARCH-014, READ-018) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
… en utils/telegram_formatters (ARCH-012, ARCH-013) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Anota los commits de cada item implementado en paralelo y los mueve a improvements/done/. Items: PERF-004/005, CORR-002/003, SEC-006..010, ARCH-011..014, READ-015..018. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…EC-019..READ-026 Auditoría multi-agente de condor/web (FastAPI + WebSocket). 18 hallazgos confirmados deduplicados a 8 items atómicos: SEC-019 (acceso por servidor en subscribe WS), PERF-020 (broadcast gather), CORR-021/023/024 (tasks huérfanos, logging de broadcast, snapshot de conexiones), ARCH-025 (dedup lifecycle), READ-026 (helper has_subscribers). CORR-022 se cierra en el commit siguiente. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
El bare `except Exception: pass` en websocket_endpoint() tragaba en silencio todo error no-WebSocketDisconnect de handle_message() (subscribe/backfill de candles, polling REST, SDS, arranque de streams). Se reemplaza por `log.exception(...)` siguiendo la convención de chat_ws.py, preservando la semántica de no-crashear (sin re-raise; el finally sigue desconectando). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…provements/backend/
Espeja la estructura de improvements/frontend/: el backlog Python (bot Telegram,
core y API web condor/web) pasa de improvements/{todo,done}/ a
improvements/backend/{todo,done}/. Se preservan los IDs/NNN (001-026) para no
romper la trazabilidad commit↔item: los mensajes de commit referencian IDs como
CORR-022 que no cambian. Añade backend/README.md y actualiza el README raíz para
documentar los scopes por dominio.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
El scope frontend/ (47 items todo + README) existía en disco pero nunca se había commiteado. Se incorpora para que el backlog por dominios quede completo y versionado junto al scope backend/. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…-027) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
… (PERF-023) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Resumen
Este branch acumula trabajo de backlog auditado y shippeado en varias tandas. Reúne 28 commits en tres bloques:
1. Backend / Telegram bot (ya shippeado, scope
improvements/backend/)Fixes de correctness, seguridad y performance auditados y cerrados:
_executor_tasksen_on_data_update(AttributeError en runtime)_stopping_*conthreading.Lockdelete_user_preferencepersiste el borradoselectcontraallowed_valuesen api_keys/servers/{name}/status@restrictedenhandle_all_text_inputWEB_JWT_SECRETdedicado + hardening del one-time login tokenasyncio.gatheren refresh de historial2. Backlog (organización)
improvements/backend/condor/web): 8 items SEC-019..READ-026improvements/frontend/(47 items del dashboard React)3. Frontend dashboard — Wave 1 (9 items, scope
improvements/frontend/)Primera tanda de mejoras del dashboard React, cada una en su propio commit:
sandbox="allow-scripts allow-popups"en el iframe de reports (ReportBrowser)ReportViewer(segunda instancia del sink same-origin)encodeURIComponenten URLs de/api/v1/servers/*(lib/api.ts)["executors-infinite", server](la lista no actualizaba en vivo)SelectFieldya no pisa un valor persistido ausente de las opciones actualescontroller_id(evita colisiones de reconciliación)React.memoenChatMessageView(no re-parsear markdown en cada token del stream)AgentPnlChartactualiza la serie conseriesRef+ efecto[data](antes se congelaba tras el mount)candle-storeevicta LRU saltando colecciones activas (antes abortaba en la primera)Verificación (Wave 1 frontend)
tsc -b— limpio (exit 0)eslint— sin errores nuevos vs. baseline (114 preexistentes, 0 añadidos en archivos tocados)vite build— exit 0Notas para review
lib/api.ts): conviene smoke test de páginas de trading/portfolio/bots.if (data.length === 0) return nulldeAgentPnlChart(los consumidores ya gatean el mount con data no trivial; el guard causaba un self-unmount latente).🤖 Generated with Claude Code