Record the implementation commit that removes FMP demo-key ambiguity and documents the required API key.
Refs: docs/AUDIT_REDESIGN.md item C6.
Co-Authored-By: GPT-5 Codex <noreply@openai.com>
Record the implementation commit that pauses Header market-index polling while the tab is hidden.
Refs: docs/AUDIT_REDESIGN.md item C5.
Co-Authored-By: GPT-5 Codex <noreply@openai.com>
Record the implementation commit that validates /api/news symbol filters before proxying.
Refs: docs/AUDIT_REDESIGN.md item C4.
Co-Authored-By: GPT-5 Codex <noreply@openai.com>
Record the implementation commit that adds mobile-width web dashboard breakpoints.
Refs: docs/AUDIT_REDESIGN.md item D5.
Co-Authored-By: GPT-5 Codex <noreply@openai.com>
Record the implementation commit that replaces dashboard loading copy with skeleton layouts.
Refs: docs/AUDIT_REDESIGN.md item D1.
Co-Authored-By: GPT-5 Codex <noreply@openai.com>
Record the implementation commit that persists CodeStrategyEditor saves through the canonical profile API.
Refs: docs/AUDIT_REDESIGN.md item B6.
Co-Authored-By: GPT-5 Codex <noreply@openai.com>
Record the implementation commit that refuses unsafe code strategy backtests before execution.
Refs: docs/AUDIT_REDESIGN.md item C1.
Co-Authored-By: GPT-5 Codex <noreply@openai.com>
Record the implementation commit that adds backend contract coverage for the new market data and research proxy endpoints.
Refs: docs/AUDIT_REDESIGN.md item F6.
Co-Authored-By: GPT-5 Codex <noreply@openai.com>
Record the ticker header implementation commit in the redesign audit table.
Refs: docs/AUDIT_REDESIGN.md items B2 and B3.
Co-Authored-By: GPT-5 Codex <noreply@openai.com>
Record the B1 chart indicator implementation commit in the redesign audit table now that RSI, MACD, and Bollinger toggles are wired in StockChart.
Refs: docs/AUDIT_REDESIGN.md item B1.
Co-Authored-By: GPT-5 Codex <noreply@openai.com>
Record the F7/F8 test fix commit in the redesign audit table now that the tab flag cache and EntryForm alert specs are green.
Refs: docs/AUDIT_REDESIGN.md items F7 and F8.
Co-Authored-By: GPT-5 Codex <noreply@openai.com>
Record the final E2 lockfile commit in the audit table so the redesign backlog accurately reflects the closed CI lockfile item.
Refs: docs/AUDIT_REDESIGN.md item E2.
Co-Authored-By: GPT-5 Codex <noreply@openai.com>
Regenerate the root pnpm lockfile from the web workspace so CI can resolve the redesigned dashboard dependencies without relying on stray subpackage locks. The full recursive install path is still blocked locally by the mobile private-registry tarball route, so this keeps the E2 scope focused on the web importer entries and their package snapshots.
Refs: docs/AUDIT_REDESIGN.md item E2.
Co-Authored-By: GPT-5 Codex <noreply@openai.com>
Partial fix for the lockfile drift caught in the audit. The previous
session ran `npm install` inside web/ as a workaround for a Vite vendor-
resolution issue, which left three lockfiles in the wrong places:
- web/package-lock.json (npm artifact in a pnpm monorepo)
- web/pnpm-lock.yaml (per-package pnpm lockfile, also wrong)
- backend/pnpm-lock.yaml (same issue)
This commit:
- Deletes those three files from the working tree.
- Adds .gitignore entries so they can't be re-committed by accident.
- Also gitignores .claude/ (Claude Code session metadata).
What's still missing: the root pnpm-lock.yaml needs `react-router-dom`,
`@monaco-editor/react`, `@dnd-kit/{core,sortable,utilities}` added to
its resolution graph. That requires `pnpm install -r --no-frozen-lockfile`
from the repo root on a workstation with GITEA_NPM_TOKEN exported (the
mobile workspace pulls @bytelyst/* private packages from the org's
private registry; this session has no token so the install errors out
on the mobile resolve). It's a one-line follow-up — tracked in
AUDIT_REDESIGN.md item E2.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
A1+A2 — CodeStrategyEditor backtest call
Was: POST /api/backtest with { symbol, strategyCode, mode: 'code' }
Now: POST /api/backtest/run with { symbols: [s], strategyConfig: {
type: 'code', language: 'javascript', code } }
The backend route is /api/backtest/run (not /api/backtest), and
/api/backtest/run validates `symbols[]` and `strategyConfig`, not the
ad-hoc fields we were sending. Also unwraps the { success, results }
envelope the engine returns and surfaces success:false errors.
A3 — VisualRuleBuilder save shape
Was: hand-rolled fetch to /api/profiles with { name, symbol, strategyType,
visualRules, description } — backend's saveTradeProfileForUser ignored
all of that and either 400'd or persisted a half-empty row.
Now: uses the canonical createTradeProfile() helper from lib/profileApi
with the documented TradeProfilePayload shape. Visual rules go inside
strategy_config.{type:'visual', version:1, rules:[...]} so the engine
can fan out to a visual interpreter without conflicting with the
existing rule-based engine. Allocated capital + risk pct pulled from
botState.settings so the profile inherits the user's current sizing.
is_active defaults false so the user activates explicitly.
A4+A5 — RightPanel.NewsFeed auth + runtime
Was: raw fetch() to import.meta.env.VITE_TRADING_API_URL with no
Authorization header → 401 on every render in any environment that
requires auth, and prod-broken where the runtime resolver is the
only source of truth for the API base URL.
Now: uses fetchNews() from lib/marketApi which already carries the
platform Bearer token and routes through tradingRuntime.tradingApiUrl.
Adds an error state in the UI for visibility instead of silently
leaving the panel blank.
Verified: web/ tsc --noEmit passes. No behavioural change to non-affected
code paths (RightPanel portfolio summary, ResearchView other tabs, etc.).
Refs: docs/AUDIT_REDESIGN.md items A1–A5.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Catalogues every gap, bug, and miss found in the web redesign work:
- A: critical broken integrations (wrong endpoint, wrong payload, missing auth)
- B: functional gaps from the original plan (chart indicators, watchlist
buttons, company name placeholder, etc.)
- C: security & correctness (sandboxing, FMP cache, query-param leakage)
- D: UX/UI polish (skeletons, dark-tab contrast, responsive breakpoints)
- E: build/infra (1 MB bundle, lockfile drift, Monaco workers, README)
- F: test coverage (zero tests for marketApi, builders, screener, endpoints)
- G: mobile parity (none of the new features exist on mobile)
Each row has a severity tag, status box, and a slot for the fix-commit hash.
Subsequent commits will reference items by ID (e.g. fix(A1): ...).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
