fix: resolve open bug issues#51
Conversation
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
dceoy
left a comment
There was a problem hiding this comment.
Reviewed the changes for #45-#48. The reconnect, config-validation, and flat Problem Details changes are directionally sound, but I found a couple of issues that should be fixed before merge.
Blocking:
- The package version is bumped to 1.0.1, but the API still advertises 1.0.0 via
API_VERSION, so/healthand generated OpenAPI remain stale. - #47 is not fully closed yet: runtime 422 responses are now RFC 7807, but the generated OpenAPI schema will still advertise FastAPI's default
HTTPValidationErrorunless the route responses/custom OpenAPI schema are updated. That leaves clients with the same contract mismatch at schema level.
Also consider broadening the /health MT5 probe exception handling so arbitrary MT5 DLL/IPC or pdmt5 failures cannot escape as 500s.
Keep runtime/OpenAPI version in sync with the package release, ensure unexpected MT5 probe failures return unhealthy instead of 500, and document RFC 7807 Problem Details for validation errors. Co-authored-by: Cursor <cursoragent@cursor.com>
dceoy
left a comment
There was a problem hiding this comment.
Reviewed the latest revision. The previously noted version/OpenAPI/health issues appear addressed, and the reconnect/config changes are directionally sound. I found one remaining blocker: the new RFC 7807 request-validation handler serializes str(exc) directly, which can echo raw request input for invalid fields. Because /connection/login includes a password, malformed password validation can leak credentials in the response body. Please sanitize validation details before merge and add a regression test for /connection/login validation errors.
Co-authored-by: Cursor <cursoragent@cursor.com>
dceoy
left a comment
There was a problem hiding this comment.
Reviewed the latest revision.
No additional blocking code issues found. The previously raised blockers appear addressed:
API_VERSIONis now bumped with the package version.- OpenAPI 422 responses are patched to advertise
ErrorResponseinstead of FastAPI's default validation schema. /healthprobes MT5 through the threadpool and converts broad MT5/pdmt5 probe failures tomt5_connected=false/status=unhealthy./connection/loginnow replaces the singleton before clearing market-book tracking, so failed reconnects preserve existing subscription state.- Request-validation details are sanitized to loc+message summaries and a regression test covers password non-disclosure.
CI is still in progress on the latest head, so keep that as the remaining merge gate.
Summary
Closes #45.
Closes #46.
Closes #47.
Closes #48.
Verification
Runtime Impact