docs(C5): mark visibility-aware polling complete

Record the implementation commit that pauses Header market-index polling while the tab is hidden. Refs: docs/AUDIT_REDESIGN.md item C5. Co-Authored-By: GPT-5 Codex <noreply@openai.com>
2026-05-04 16:50:47 -07:00 · 2026-05-04 16:50:47 -07:00 · 5ce3cc92f0
commit 5ce3cc92f0
parent e089832039
1 changed files with 1 additions and 1 deletions
--- a/docs/AUDIT_REDESIGN.md
+++ b/docs/AUDIT_REDESIGN.md
@ -45,7 +45,7 @@ Status: ⬜ open · 🟦 in PR · ✅ fixed (commit hash on the right).
 | C2  | No FMP response cache. Free tier = 250 req/day. Every Home view load = 3 req. 80 page loads/day → quota burnt by lunch.            | 🟠       | ✅     | 0828007    |
 | C3  | `/api/screener` passes `sector` query through to FMP without an allow-list. Low-impact injection, but should validate.              | 🟡       | ✅     | c173aeb    |
 | C4  | `/api/news` passes `symbols` through to Alpaca without validation.                                                                  | 🟡       | ✅     | 7c4b08c    |
-| C5  | Header `fetchMarketIndices` polls every 60 s even when the tab is hidden. Should pause via `document.visibilityState`.              | 🟡       | ⬜     |            |
+| C5  | Header `fetchMarketIndices` polls every 60 s even when the tab is hidden. Should pause via `document.visibilityState`.              | 🟡       | ✅     | e089832    |
 | C6  | `backend/.env.example` keeps `FMP_API_KEY=demo` AND `apiServer.ts` falls back to `'demo'`. Two sources of truth. Demo key is shared globally and rate-limited.  | 🟡       | ⬜     |            |
 | C7  | FMP `apikey` is sent as a query string → leaks into proxy / CDN logs. FMP doesn't support headers, so the only mitigation is server-side caching (see C2). | 🟡       | ⬜     |            |