From ff738b6b4022ef31f847ec399b7ea8490dcf2997 Mon Sep 17 00:00:00 2001 From: Saravana Achu Mac Date: Mon, 4 May 2026 16:07:03 -0700 Subject: [PATCH] docs(C2): tick FMP cache audit row Record the implementation commit in the redesign audit table. Refs: docs/AUDIT_REDESIGN.md item C2. Co-Authored-By: GPT-5 Codex --- docs/AUDIT_REDESIGN.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/AUDIT_REDESIGN.md b/docs/AUDIT_REDESIGN.md index d440f29..6d094ad 100644 --- a/docs/AUDIT_REDESIGN.md +++ b/docs/AUDIT_REDESIGN.md @@ -42,7 +42,7 @@ Status: โฌœ open ยท ๐ŸŸฆ in PR ยท โœ… fixed (commit hash on the right). | # | Issue | Severity | Status | Fix commit | | --- | ---------------------------------------------------------------------------------------------------------------------------------- | :------: | :----: | ---------- | | C1 | Backend posts arbitrary user JS (`strategyCode`) to `/api/backtest` if A1+A2 are "fixed" naively. Must sandbox or refuse. | ๐Ÿ”ด | โฌœ | | -| C2 | No FMP response cache. Free tier = 250 req/day. Every Home view load = 3 req. 80 page loads/day โ†’ quota burnt by lunch. | ๐ŸŸ  | โฌœ | | +| C2 | No FMP response cache. Free tier = 250 req/day. Every Home view load = 3 req. 80 page loads/day โ†’ quota burnt by lunch. | ๐ŸŸ  | โœ… | 0828007 | | C3 | `/api/screener` passes `sector` query through to FMP without an allow-list. Low-impact injection, but should validate. | ๐ŸŸก | โฌœ | | | C4 | `/api/news` passes `symbols` through to Alpaca without validation. | ๐ŸŸก | โฌœ | | | C5 | Header `fetchMarketIndices` polls every 60 s even when the tab is hidden. Should pause via `document.visibilityState`. | ๐ŸŸก | โฌœ | |