Record the implementation commit that removes FMP demo-key ambiguity and documents the required API key.
Refs: docs/AUDIT_REDESIGN.md item C6.
Co-Authored-By: GPT-5 Codex <noreply@openai.com>
Record the implementation commit that pauses Header market-index polling while the tab is hidden.
Refs: docs/AUDIT_REDESIGN.md item C5.
Co-Authored-By: GPT-5 Codex <noreply@openai.com>
Record the implementation commit that validates /api/news symbol filters before proxying.
Refs: docs/AUDIT_REDESIGN.md item C4.
Co-Authored-By: GPT-5 Codex <noreply@openai.com>
Record the implementation commit that adds mobile-width web dashboard breakpoints.
Refs: docs/AUDIT_REDESIGN.md item D5.
Co-Authored-By: GPT-5 Codex <noreply@openai.com>
Record the implementation commit that replaces dashboard loading copy with skeleton layouts.
Refs: docs/AUDIT_REDESIGN.md item D1.
Co-Authored-By: GPT-5 Codex <noreply@openai.com>
Record the implementation commit that persists CodeStrategyEditor saves through the canonical profile API.
Refs: docs/AUDIT_REDESIGN.md item B6.
Co-Authored-By: GPT-5 Codex <noreply@openai.com>
Record the implementation commit that refuses unsafe code strategy backtests before execution.
Refs: docs/AUDIT_REDESIGN.md item C1.
Co-Authored-By: GPT-5 Codex <noreply@openai.com>
Record the implementation commit that adds backend contract coverage for the new market data and research proxy endpoints.
Refs: docs/AUDIT_REDESIGN.md item F6.
Co-Authored-By: GPT-5 Codex <noreply@openai.com>
Record the ticker header implementation commit in the redesign audit table.
Refs: docs/AUDIT_REDESIGN.md items B2 and B3.
Co-Authored-By: GPT-5 Codex <noreply@openai.com>
Add explicit sync, collision, reporting, multi-row, and newly-discovered-work rules so independent agents can safely make incremental commits, update audit rows with implementation hashes, and push without trampling parallel streams.
Co-Authored-By: GPT-5 Codex <noreply@openai.com>
Tighten the completion checklist so future agents can follow a deterministic start procedure, implementation/doc-tick commit loop, and safe parallelization model. Include one-line prompts for up to three parallel streams with explicit ownership, gates, push, and audit-update requirements.
Co-Authored-By: GPT-5 Codex <noreply@openai.com>
Add an execution-focused checklist that translates the redesign and platform audit ledgers into phases, acceptance criteria, gates, and final quality bars. This gives future work a single playbook while keeping AUDIT_REDESIGN.md and AUDIT_PLATFORM.md as the status sources of truth.
Co-Authored-By: GPT-5 Codex <noreply@openai.com>
Record the B1 chart indicator implementation commit in the redesign audit table now that RSI, MACD, and Bollinger toggles are wired in StockChart.
Refs: docs/AUDIT_REDESIGN.md item B1.
Co-Authored-By: GPT-5 Codex <noreply@openai.com>
Record the F7/F8 test fix commit in the redesign audit table now that the tab flag cache and EntryForm alert specs are green.
Refs: docs/AUDIT_REDESIGN.md items F7 and F8.
Co-Authored-By: GPT-5 Codex <noreply@openai.com>
Record the final E2 lockfile commit in the audit table so the redesign backlog accurately reflects the closed CI lockfile item.
Refs: docs/AUDIT_REDESIGN.md item E2.
Co-Authored-By: GPT-5 Codex <noreply@openai.com>
Regenerate the root pnpm lockfile from the web workspace so CI can resolve the redesigned dashboard dependencies without relying on stray subpackage locks. The full recursive install path is still blocked locally by the mobile private-registry tarball route, so this keeps the E2 scope focused on the web importer entries and their package snapshots.
Refs: docs/AUDIT_REDESIGN.md item E2.
Co-Authored-By: GPT-5 Codex <noreply@openai.com>
Self-contained brief that any coding agent (Codex, Claude, Gemini, etc.)
running on this machine can paste in to resume the redesign+audit work.
Covers, in order:
- Required reads (the 4 source-of-truth docs in both repos)
- Environment setup (source ~/.zshrc for GITEA_NPM_TOKEN)
- Verification gates per repo (must run before AND after every change)
- 12-item priority queue with effort estimates, top to bottom
- Commit conventions (subject `<type>(<id>):`, audit-doc tick, model
Co-Authored-By line)
- Six explicit "do not" rules (don't commit incidental lockfile
regens, don't touch nomgap WIP, don't skip gates, don't bulk-fix
platform lint, don't push --force, etc.)
- When-to-stop-and-ask criteria so the agent doesn't guess on
ambiguous specs or break public API surfaces
Bottom of the file has a short copy-paste prompt that points back at
this doc, so the human just pastes 7 lines into Codex and the agent
self-bootstraps from the full brief.
Refs: docs/HANDOVER.md, docs/AUDIT_REDESIGN.md.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Self-contained hand-off note covering:
- Current health snapshot (build/typecheck/test status, with the
4 known pre-existing test failures called out so they aren't
misread as regressions)
- Critical lockfile situation (web deps in package.json but not
in root pnpm-lock.yaml — needs `pnpm install -r` from a machine
with GITEA_NPM_TOKEN; tracked as audit item E2)
- Audit doc reference (docs/AUDIT_REDESIGN.md, 52 items, the 5
cleared so far + 47 still open)
- Suggested priority order: E2 lockfile → B1 chart indicators →
B2/B3 ticker header → C1 strategy code sandboxing → C2 FMP cache
→ F6 backend tests → G mobile parity
- Backup-branch reference for emergency rollback
- Note on vendored @bytelyst/* packages and the Vite alias resolver
Companion HANDOVER.md exists in the sibling learning_ai_common_plat
repo for the platform-side audit pushed in that repo's commit 8f541c9.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Partial fix for the lockfile drift caught in the audit. The previous
session ran `npm install` inside web/ as a workaround for a Vite vendor-
resolution issue, which left three lockfiles in the wrong places:
- web/package-lock.json (npm artifact in a pnpm monorepo)
- web/pnpm-lock.yaml (per-package pnpm lockfile, also wrong)
- backend/pnpm-lock.yaml (same issue)
This commit:
- Deletes those three files from the working tree.
- Adds .gitignore entries so they can't be re-committed by accident.
- Also gitignores .claude/ (Claude Code session metadata).
What's still missing: the root pnpm-lock.yaml needs `react-router-dom`,
`@monaco-editor/react`, `@dnd-kit/{core,sortable,utilities}` added to
its resolution graph. That requires `pnpm install -r --no-frozen-lockfile`
from the repo root on a workstation with GITEA_NPM_TOKEN exported (the
mobile workspace pulls @bytelyst/* private packages from the org's
private registry; this session has no token so the install errors out
on the mobile resolve). It's a one-line follow-up — tracked in
AUDIT_REDESIGN.md item E2.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
A1+A2 — CodeStrategyEditor backtest call
Was: POST /api/backtest with { symbol, strategyCode, mode: 'code' }
Now: POST /api/backtest/run with { symbols: [s], strategyConfig: {
type: 'code', language: 'javascript', code } }
The backend route is /api/backtest/run (not /api/backtest), and
/api/backtest/run validates `symbols[]` and `strategyConfig`, not the
ad-hoc fields we were sending. Also unwraps the { success, results }
envelope the engine returns and surfaces success:false errors.
A3 — VisualRuleBuilder save shape
Was: hand-rolled fetch to /api/profiles with { name, symbol, strategyType,
visualRules, description } — backend's saveTradeProfileForUser ignored
all of that and either 400'd or persisted a half-empty row.
Now: uses the canonical createTradeProfile() helper from lib/profileApi
with the documented TradeProfilePayload shape. Visual rules go inside
strategy_config.{type:'visual', version:1, rules:[...]} so the engine
can fan out to a visual interpreter without conflicting with the
existing rule-based engine. Allocated capital + risk pct pulled from
botState.settings so the profile inherits the user's current sizing.
is_active defaults false so the user activates explicitly.
A4+A5 — RightPanel.NewsFeed auth + runtime
Was: raw fetch() to import.meta.env.VITE_TRADING_API_URL with no
Authorization header → 401 on every render in any environment that
requires auth, and prod-broken where the runtime resolver is the
only source of truth for the API base URL.
Now: uses fetchNews() from lib/marketApi which already carries the
platform Bearer token and routes through tradingRuntime.tradingApiUrl.
Adds an error state in the UI for visibility instead of silently
leaving the panel blank.
Verified: web/ tsc --noEmit passes. No behavioural change to non-affected
code paths (RightPanel portfolio summary, ResearchView other tabs, etc.).
Refs: docs/AUDIT_REDESIGN.md items A1–A5.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Catalogues every gap, bug, and miss found in the web redesign work:
- A: critical broken integrations (wrong endpoint, wrong payload, missing auth)
- B: functional gaps from the original plan (chart indicators, watchlist
buttons, company name placeholder, etc.)
- C: security & correctness (sandboxing, FMP cache, query-param leakage)
- D: UX/UI polish (skeletons, dark-tab contrast, responsive breakpoints)
- E: build/infra (1 MB bundle, lockfile drift, Monaco workers, README)
- F: test coverage (zero tests for marketApi, builders, screener, endpoints)
- G: mobile parity (none of the new features exist on mobile)
Each row has a severity tag, status box, and a slot for the fix-commit hash.
Subsequent commits will reference items by ID (e.g. fix(A1): ...).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Records Cosmos DB setup (12 containers), Azure OpenAI deployments (gpt-4o,
gpt-4o-mini), Key Vault secrets, and pending work items.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
