chore: bump pdmt5, python-multipart, and starlette; remove mt5cli references#42
Conversation
| graph is: | ||
|
|
||
| ``` | ||
| HTTP client -> mt5api -> pdmt5 -> MetaTrader 5 |
There was a problem hiding this comment.
The existing Architecture section uses a Mermaid graph TB block (further down in the file) that renders as a visual diagram on GitHub and in MkDocs. This new fenced block has no language tag, so it renders as plain preformatted text — an inconsistency in style.
If you'd like to keep a consistent look, wrapping in a Mermaid block would match the rest of the document:
| HTTP client -> mt5api -> pdmt5 -> MetaTrader 5 | |
| ```mermaid | |
| graph LR | |
| A[HTTP client] --> B[mt5api] --> C[pdmt5] --> D[MetaTrader 5] | |
| E[CLI/app] --> F[mt5cli] --> C |
There was a problem hiding this comment.
Intentionally keeping this as plain ASCII. The two-liner is meant as a quick conceptual reference, not a rendered diagram — a full Mermaid graph TB already appears in the Architecture section immediately below and covers the mt5api side in detail. Adding a second Mermaid block here would duplicate that without adding information.
Generated by Claude Code
dceoy
left a comment
There was a problem hiding this comment.
Review result: changes needed before merge.
Thanks for tightening the mt5api / mt5cli boundary. The AST guard itself looks directionally sound after the earlier fixes, and the test job is green.
I found two blockers before merge:
- The current README/docs changes no longer document the intended sibling-adapter graph. They remove the existing
mt5clisibling note, while the PR description and #41 acceptance criteria require README or docs to keep describingmt5apias a sibling adapter, not a wrapper aroundmt5cli. - The latest CI run still has a failing
python-lint-and-scan / lint-and-scanjob. The failed step is dependency installation, so this should be resolved or proven transient before merge.
Please restore a concise architecture note in both README.md and docs/index.md, for example:
HTTP client -> mt5api -> pdmt5 -> MetaTrader 5
CLI/app -> mt5cli -> pdmt5 -> MetaTrader 5
Also make sure the PR description matches the final diff after the fix.
dceoy
left a comment
There was a problem hiding this comment.
Thanks for tightening the dependency boundary. The AST guard itself now covers the static mt5cli import forms and the earlier vacuous-pass risk is addressed.
However, this PR still does not satisfy #41 because it removes the only user-facing README/docs statement that mt5cli is a sibling adapter and not an mt5api dependency. #41 explicitly asks for a short architecture note explaining why mt5api depends directly on pdmt5 rather than mt5cli, and its acceptance criteria require README or docs to continue describing mt5api as a sibling adapter rather than a wrapper around mt5cli.
Please restore or add that concise architecture note in the user-facing docs before merge. The test module docstring is useful, but it is not a substitute for README/docs documentation.
dceoy
left a comment
There was a problem hiding this comment.
Follow-up to my previous review: if the intended documentation policy is to avoid mentioning mt5cli in mt5api user-facing docs, then the docs concern is not a code blocker.
Under that premise, this PR is OK from the mt5api side: it keeps the production dependency boundary enforced by an AST-based test and avoids adding runtime coupling to mt5cli.
The only remaining cleanup I recommend is to update #41 so its acceptance criteria no longer require README/docs to describe mt5api as a sibling adapter to mt5cli. Otherwise the issue and PR intentionally disagree even though the implementation direction is sound.
dceoy
left a comment
There was a problem hiding this comment.
Blocking issue: the current head does not include the dependency-boundary check required by #41.
The PR description says it adds tests/test_boundary.py, but the current diff changes only README.md, docs/index.md, pyproject.toml, and uv.lock; tests/test_boundary.py is not present at b0f9f27e7680ec48218f3108f62f7a52da720ae6. As a result, this PR removes the user-facing mt5cli mention and bumps dependencies, but it does not satisfy the acceptance criterion that a test/static check prevents production mt5api modules from importing mt5cli.
Please add back a small boundary guard before merge. Either approach is fine:
- an AST-based pytest scanning
mt5api/**/*.pyfor bothimport mt5cli...andfrom mt5cli... import ...; or - a Ruff/static configuration that bans
mt5cliimports in productionmt5apimodules and is covered by CI.
For the pytest approach, make it non-vacuous: assert the package directory exists, assert at least one production .py file is scanned, exclude __pycache__, and include self-certifying unit cases for positive and clean import forms.
The docs dependency-boundary cleanup itself looks aligned with the current #41 text: README/docs should focus on mt5api -> pdmt5 -> MetaTrader 5 and do not need to mention mt5cli in user-facing docs.
b0f9f27 to
6e2d50a
Compare
Remove mt5cli references from README.md and docs/index.md.
Bump
pdmt5 >= 1.0.0(previously>= 0.3.0). Breaking: userswith
pdmt5 < 1.0.0pinned will need to upgrade. See thepdmt5 releases for changes
introduced in 1.0.0 before upgrading.
Bump
python-multipart >= 0.0.31(previously>= 0.0.9) and updatethe lock file to
python-multipart 0.0.32andstarlette 1.3.1toresolve 8 known vulnerabilities (GHSA-v9pg-7xvm-68hf,
GHSA-5rvq-cxj2-64vf, GHSA-6jv3-5f52-599m, GHSA-vffw-93wf-4j4q,
GHSA-x746-7m8f-x49c, GHSA-82w8-qh3p-5jfq, GHSA-wqp7-x3pw-xc5r,
GHSA-jp82-jpqv-5vv3).
Closes #41.