Create debugging frontend for trading strategies #5
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
guzus
force-pushed
the
claude/debug-frontend-ui-018jdjxDiaLvxa8PPBEa7hFA
branch
from
3590f9d to
77bc2bc
Compare
Merged
Created a comprehensive TypeScript + Next.js + shadcn/ui + Tailwind CSS frontend for debugging prediction market trading strategies. Backend API (FastAPI): - REST API server exposing positions, balances, orders, and markets data - Endpoints for exchanges, balances, positions, orders, and markets - CORS enabled for frontend integration - Auto-initializes exchanges on startup Frontend (Next.js): - Dashboard with aggregated view across all exchanges - Real-time data fetching with auto-refresh (5s interval) - Exchange-specific views for Polymarket and Limitless - Tables for positions (with PnL), orders, and markets - Balances card showing total and per-token balances - Responsive UI with shadcn/ui components Components: - BalancesCard: Display balances with total - PositionsTable: Positions with unrealized PnL - OrdersTable: Active orders with status - MarketsTable: Available markets with details Additional: - Start script for launching both servers - Comprehensive documentation in FRONTEND_README.md - API client and custom hooks for data fetching - TypeScript types for all API responses Run with: ./start_debug_ui.sh Or separately: Backend: uv run python api/server.py Frontend: cd frontend && npm run dev
guzus
force-pushed
the
claude/debug-frontend-ui-018jdjxDiaLvxa8PPBEa7hFA
branch
from
77bc2bc to
6fe12b2
Compare
Pull Request Review: Debug Frontend UI for Trading StrategiesSummaryThis PR adds a comprehensive debugging dashboard with a FastAPI backend and Next.js frontend for monitoring prediction market trading strategies. The implementation is solid overall, but there are several areas that need attention based on the repository's CLAUDE.md guidelines. Critical Issues1. Violates Single Source of Truth Principle (CLAUDE.md #4)Location: The code relies heavily on environment variables for configuration, which directly violates CLAUDE.md guideline #4: "DO NOT place many variables in .env file. Place them in the code instead." Current: private_key = os.getenv('POLYMARKET_PRIVATE_KEY')
funder = os.getenv('POLYMARKET_FUNDER')Recommendation: Consider a configuration class with defaults in code, only using env vars for truly sensitive data like private keys. 2. Deprecated FastAPI Event HandlerLocation: @app.on_event("startup")This syntax is deprecated in FastAPI. Should use lifespan context manager instead. Recommended fix: from contextlib import asynccontextmanager
@asynccontextmanager
async def lifespan(app: FastAPI):
init_exchanges()
yield
# cleanup if needed
app = FastAPI(lifespan=lifespan, ...)3. Missing Test CoverageFinding: No tests added for new API endpoints or frontend components Per CLAUDE.md #5 ("Run and Debug yourself PROACTIVELY"), this feature should include tests. The existing test suite has Python tests but no coverage for:
4. Unnecessary Documentation Files (CLAUDE.md #2)Location: CLAUDE.md #2 explicitly states: "DO NOT create a new document." The PR adds two documentation files when this could be consolidated into the main README or removed entirely. Security Concerns5. Overly Permissive CORS ConfigurationLocation: allow_origins=["*"],
allow_credentials=True,This allows any origin with credentials, which is a security risk. For a debug tool, this should be restricted to localhost origins. Recommendation: allow_origins=["http://localhost:3000", "http://127.0.0.1:3000"],
allow_credentials=True,6. No Input Validation on API ParametersLocation: async def get_markets(exchange_id: str | None = None, limit: int = 20):The Recommendation: from fastapi import Query
async def get_markets(
exchange_id: str | None = None,
limit: int = Query(default=20, ge=1, le=100)
):7. Sensitive Data Exposure in Error MessagesLocation: result.append(BalanceResponse(
exchange=exchange_id,
balances={"error": str(e)}
))Error messages are returned directly to clients, potentially exposing internal details. Code Quality Issues8. Global Mutable StateLocation: exchanges = {}Global mutable dictionary is an anti-pattern. Should use dependency injection or FastAPI's dependency system. 9. Inefficient Re-renders in FrontendLocation: const [refreshInterval, setRefreshInterval] = useState(5000)The 10. Missing Error Handling in FrontendLocation: The 11. Potential Division by ZeroLocation: ({((totalPnL / (totalValue - totalPnL)) * 100).toFixed(2)}%)If 12. Unused State SetterLocation:
Performance Considerations13. No Request Caching or Rate LimitingThe API has no caching layer or rate limiting. With a 5-second auto-refresh on the frontend, this could hammer external APIs unnecessarily. Recommendation: Implement response caching with appropriate TTLs, especially for markets data. 14. Fetching All Markets Without PaginationLocation: markets = exchange.fetch_markets()
# Limit the number of markets to avoid overwhelming the frontend
for market in markets[:limit]:This fetches ALL markets then slices. Should fetch only what's needed from the source. 15. No Loading States OptimizationAll data is fetched in parallel on mount, but there's no skeleton loading or optimistic UI. Users see "Loading..." text which provides poor UX. Best Practices Violations16. Inconsistent Error HandlingSome endpoints silently swallow errors (positions, orders, markets) while others return error objects (balances). This inconsistency makes debugging harder. 17. Missing Type Safety in BackendLocation: from typing import List, Dict, Any
18. Hardcoded Magic NumbersLocation: Values like Positive Aspects
Recommendations SummaryMust Fix (Before Merge):
Should Fix (High Priority): Nice to Have (Lower Priority): Overall AssessmentThis is a well-structured feature that provides valuable debugging capabilities. However, it needs modifications to align with the repository's guidelines (particularly CLAUDE.md) and address several security/quality concerns before merging. The core functionality is sound, but the implementation details need refinement. Recommendation: Request changes before merge. |
This was referenced Dec 11, 2025
Draft
This was referenced Dec 20, 2025
This was referenced Dec 22, 2025
This was referenced Jan 2, 2026
bullish-lee
added a commit
that referenced
this pull request
Jan 3, 2026
Critical Issues Fixed: - #1: Status cache thread safety - protected with _instance_lock - #2: Global credentials thread safety - added _CREDENTIALS_LOCK - #3: RPC session race condition - double-checked locking pattern - #4: Signal handler deadlock - use flag instead of complex cleanup Quality Issues Fixed: - #5: Redundant singleton init - __init__ is now no-op - #6: Long if-elif chain - replaced with TOOL_DISPATCH dict - #7: ThreadPoolExecutor cleanup - unified _run_with_timeout() helper - #8: Rate limiter busy-wait - calculate exact wait time - #9: Status cache memory leak - added eviction and max size limit All 54 MCP tests passing. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
bullish-lee
added a commit
that referenced
this pull request
Jan 3, 2026
Critical Issues Fixed: - #1: Credential reload race condition - move reload_credentials() inside lock - #2: Status cache size check - evict BEFORE adding, check size limit - #3: RPC response validation - add JSON parsing error handling, dict type check - #4: Rate limiter init - add _rate_limiter_lock for thread-safe singleton Quality Issues Fixed: - #5: Orphan tracking verified as complete (already implemented correctly) - #8: Standardize error messages - add expected format to all "required" errors - #9: Magic numbers - add explanatory comments for rate limiter and shutdown flag All 54 MCP tests passing. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
guzus
added a commit
that referenced
this pull request
Jan 10, 2026
* Add MCP (Model Context Protocol) server support - Add MCP server implementation for Claude Desktop integration - Support Polymarket dual-wallet system (Funder + Proxy) - Configure signature_type=0 (EOA) for normal MetaMask accounts - Add comprehensive English documentation with examples - Include security measures and troubleshooting guide - Add tests for MCP functionality Features: - Exchange management (Polymarket, Opinion, Limitless) - Market data fetching and analysis - Order creation and management - Portfolio tracking (balance, positions, NAV) - Strategy execution (market making) - Dual-wallet balance display (Funder + Proxy) Technical: - MCP protocol integration with stdio transport - Thread-safe session management - Proper error handling and translation - Environment-based configuration - Polygon RPC integration for balance queries Version: 0.0.2 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> * fix(mcp): Address code review feedback High Priority Fixes: - Fix singleton race condition in ExchangeSessionManager and StrategySessionManager (moved initialization into __new__ with proper locking) - Add price validation (0-1 range) in create_order - Improve error handling in get_usdc_balance_polygon (no longer silently returns 0.0, now logs errors and returns None with warnings) - Add RPC endpoint fallbacks for better reliability Medium Priority Fixes: - Change strategy threads to daemon=True for clean shutdown - Make POLYGON_RPC_URL configurable via environment variable - Add fallback RPC endpoints for Polygon Code Quality: - Fix all ruff lint errors (import sorting, E402 noqa comments) - Add @pytest.mark.asyncio decorators to async tests - Fix test isolation issues with singleton cleanup 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(mcp): Fix remaining lint errors and improve robustness - Add credential validation in exchange_manager.py before exchange creation - Move JSON import to module level in server.py - Add thread join timeout verification in strategy_manager.py - Fix lint errors in test files (noqa for import tests, is True comparison) - All 54 MCP tests passing 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(mcp): Fix CI formatting and skip tests when mcp not installed - Apply ruff format to all MCP files - Add pytest.importorskip for mcp module in test_mcp_tools.py - Tests skip gracefully when mcp optional dependency is not installed 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * refactor(mcp): Address code review feedback - Remove emojis from log messages (CLAUDE.md compliance) - Fix misleading "lazy loading" comment for MCP_CREDENTIALS - Make timeout values configurable via environment variables: - MCP_EXCHANGE_INIT_TIMEOUT (default: 10s) - MCP_CLIENT_INIT_TIMEOUT (default: 5s) - Add comprehensive logging architecture documentation in server.py 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(mcp): Address all code review feedback - Remove unused _initialized flag from session managers - Add exception chaining (raise ... from e) to all tool functions - Fix test file path from mcp_server to dr_manhattan/mcp - Improve cleanup error handling (only remove successfully cleaned items) - All 54 MCP tests passing 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(mcp): Address CLAUDE.md Rule #4 and security concerns CLAUDE.md Rule #4 Compliance: - Move non-sensitive config defaults to code (signature_type, verbose) - Only keep sensitive data (private_key, funder) as required in .env - Add code constants DEFAULT_SIGNATURE_TYPE, DEFAULT_VERBOSE Security Improvements: - Add Security Warning section to documentation - Add private key security best practices - Clarify required vs optional environment variables Other: - Add clarifying comments for price validation logic - Make verbose logging configurable via MCP_VERBOSE env var 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(mcp): Address PR review - CLAUDE.md compliance and error handling CLAUDE.md Rule #4 Compliance: - Remove env var overrides for timeouts (now code constants only) - Remove POLYGON_RPC_URL env var (RPC list in code) - Remove MCP_VERBOSE env var (use DEFAULT_VERBOSE constant) - Document why only Polymarket uses MCP credentials Error Handling Improvements: - Fail fast on funder balance query failure (raise ValueError) - Proxy balance failure is non-fatal (returns error field) - Better error messages with wallet address context Code Quality: - Add ERC20_BALANCE_OF_SELECTOR constant with documentation - Add descriptive comments for POLYGON_USDC_ADDRESS - Add comments explaining RPC fallback strategy All 54 MCP tests passing. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(mcp): Address critical security and resource issues Security Improvements: - Add explicit ThreadPoolExecutor cleanup on timeout (prevent hanging threads) - Add RPC response validation for balance queries - Add connection pooling for RPC requests (requests.Session) - Add security warning comment for credential handling CLAUDE.md Rule #2 Compliance: - Remove non-existent doc references from tests - Keep only examples/mcp_usage_example.md as documentation Resource Management: - executor.shutdown(wait=False, cancel_futures=True) on timeout - Proper cleanup in finally blocks - Validate hex format before parsing RPC responses All 54 MCP tests passing. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(mcp): Address all PR review must-fix items Input Validation: - Add validation.py with comprehensive input validators - Validate all tool parameters (exchange, market_id, token_id, etc.) - Prevent injection attacks via strict format checking - Regex patterns for hex addresses, UUIDs, and alphanumeric IDs Security Improvements: - Add credential zeroization on cleanup (_zeroize_credentials) - Filter error context with SAFE_CONTEXT_FIELDS allowlist - Never expose sensitive data (private_key, funder, etc.) in errors - Add RPC session cleanup to prevent resource leaks Singleton Race Condition Fix: - Add _initialized flag in __new__ and __init__ - Defensive check in __init__ to ensure idempotency Resource Management: - cleanup_rpc_session() for HTTP connection pooling cleanup - ExchangeSessionManager.cleanup() now calls RPC session cleanup - Proper cleanup order: clients -> exchanges -> RPC -> credentials All 54 MCP tests passing. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: Fix placeholder GitHub URLs in MCP guide Replace yourusername with guzus/dr-manhattan for: - Clone URL - GitHub Issues link - Discussions link 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: Add MCP Server section to README for open source users - Add MCP to Key Features list - Add MCP Server subsection under Usage (follows existing convention) - Add MCP guide to examples list - Link to full documentation (examples/mcp_usage_example.md) - Update last updated date in MCP guide Makes it easy for open source users to discover and use the MCP server. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: Fix placeholder formatting in MCP guide - Change 'youruser' to '<username>' for clarity - Change 'YourName' to '<username>' for consistency - Makes it obvious these are placeholders to replace 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: Remove real wallet addresses from MCP guide examples Replace actual wallet address fragments with generic placeholders to avoid exposing real addresses in documentation. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(mcp): Implement PR review feedback and improve signature type docs PR Review Feedback (Issues & Concerns): - Add connection pooling with retry strategy for RPC sessions - Implement thread force-kill with two-phase shutdown and orphan tracking - Add credential refresh mechanism for runtime credential reload - Add pagination support for fetch_markets (limit/offset) - Implement status caching with TTL to reduce refresh_state() calls - Add rate limiter (token bucket: 10 req/s, burst 20) Documentation: - Clarify signature type 2 allows trading from Proxy wallet - Type 0: Funder = MetaMask address, trades from Funder wallet - Type 2: Funder = Proxy wallet address, trades from Proxy wallet - Update error messages and troubleshooting guide 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(mcp): Address all PR review critical and quality issues Critical Issues Fixed: - #1: Status cache thread safety - protected with _instance_lock - #2: Global credentials thread safety - added _CREDENTIALS_LOCK - #3: RPC session race condition - double-checked locking pattern - #4: Signal handler deadlock - use flag instead of complex cleanup Quality Issues Fixed: - #5: Redundant singleton init - __init__ is now no-op - #6: Long if-elif chain - replaced with TOOL_DISPATCH dict - #7: ThreadPoolExecutor cleanup - unified _run_with_timeout() helper - #8: Rate limiter busy-wait - calculate exact wait time - #9: Status cache memory leak - added eviction and max size limit All 54 MCP tests passing. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(mcp): Fix CI formatting and skip tests when mcp not installed - Apply ruff format to all MCP files - Add pytest.importorskip for mcp module in test_mcp_server_structure.py - Tests skip gracefully when mcp optional dependency is not installed 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(mcp): Address all 3rd PR review critical and quality issues Critical Issues Fixed: - #1: Credential reload race condition - move reload_credentials() inside lock - #2: Status cache size check - evict BEFORE adding, check size limit - #3: RPC response validation - add JSON parsing error handling, dict type check - #4: Rate limiter init - add _rate_limiter_lock for thread-safe singleton Quality Issues Fixed: - #5: Orphan tracking verified as complete (already implemented correctly) - #8: Standardize error messages - add expected format to all "required" errors - #9: Magic numbers - add explanatory comments for rate limiter and shutdown flag All 54 MCP tests passing. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(mcp): Address 5th review - register missing tools and improve tests 5th Review Fixes: - Register 12 missing tools in server.py (total 29 tools now) - fetch_order, fetch_positions_for_market - pause_strategy, resume_strategy, get_strategy_metrics - fetch_token_ids, find_tradeable_market, find_crypto_hourly_market - parse_market_identifier, get_tag_by_slug - Fix type hints: list[Tool] -> List[Tool] for consistency - Increase STATUS_CACHE_TTL from 1s to 3s for better performance - Fix RateLimiter.get_status() duplicate lock issue - Fix test assertions: return True/False -> proper assert statements - Remove emojis from test output (CLAUDE.md Rule #1) - Fix test_pyproject_config check for dr_manhattan package All 54 MCP tests passing. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * style(mcp): Fix formatting in test files Apply ruff format to test_comprehensive.py and test_mcp_server_structure.py 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(mcp): Fix stdout pollution causing JSON-RPC parse errors The MCP server was corrupting the JSON-RPC protocol with two issues: 1. **Logger import order bug**: dr_manhattan.utils was imported before patching setup_logger, causing default_logger to be created with stdout handler and ANSI colors. Fixed by: - Patch logger_module.setup_logger BEFORE importing dr_manhattan.utils - Recreate default_logger with patched function - Move third-party imports after patching 2. **Verbose mode stdout pollution**: DEFAULT_VERBOSE=True caused polymarket.py to print debug info (with checkmarks like ✓) to stdout. Fixed by setting DEFAULT_VERBOSE=False for MCP. These fixes prevent errors like: - "Unexpected token '✓'" - "Unexpected token '←[90m'" (ANSI escape codes) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(mcp): Fix duration_minutes parameter bug in create_strategy_session Strategy.__init__() does not accept duration_minutes parameter - it's only used by run(). The create_session() method was passing all params including duration_minutes to the constructor, causing: "Strategy.__init__() got an unexpected keyword argument 'duration_minutes'" Fix: Extract duration_minutes from params before passing to strategy constructor. Pass it directly to _run_strategy() instead. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * chore: Update .env.example and README for new trading configurations * feat(mcp): Add search_markets tool for keyword-based market retrieval - Introduced a new tool, `search_markets`, allowing users to search for markets by keyword with pagination support. - Updated `fetch_markets` description to clarify pagination usage. - Enhanced input schema for both tools to include limit and offset parameters for better control over results. This addition improves the functionality of the MCP by enabling more targeted market searches. * fix(mcp): Improve tool descriptions for better AI tool selection - Update fetch_markets description to warn about slowness (100+ results) - Update search_markets description with RECOMMENDED prefix - Guide AI to prefer search_markets for specific market queries --------- Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com> Co-authored-by: guzus <storminggalaxys3@gmail.com> Co-authored-by: guzus <50664161+guzus@users.noreply.github.com>
This was referenced Jan 10, 2026
Merged
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.