npm v7+ automatically marks packages as peer dependencies when they are
declared in peerDependencies of installed packages. This commit adds
these markers to ensure consistent dependency resolution across all
development environments and CI/CD pipelines.
Affected packages (10):
- @babel/core (dev peer)
- @types/react (devOptional peer)
- browserslist
- jiti (dev peer)
- postcss
- react
- react-dom
- picomatch (2 instances, dev peer)
- vite (dev peer)
Benefits:
- Prevents duplicate installations of peer dependencies
- Ensures consistent package versions across the project
- Improves npm install performance
- Reduces package-lock.json conflicts
Features:
- Limit leaderboard to top 50 traders sorted by PnL percentage
- Add top 10 traders endpoint for performance comparison
- Create batch equity history endpoint to optimize frontend performance
- Add public trader config endpoint without sensitive data
Security:
- Add user ownership validation for start/stop trader operations
- Prevent users from controlling other users' traders
- Maintain consistent error messages for security
Performance:
- Reduce API calls from 10 to 1 for performance comparison page
- Add data limits and error handling for batch operations
- Sort traders by performance across all endpoints
API Changes:
- GET /api/traders - now returns top 50 sorted traders
- GET /api/top-traders - new endpoint for top 10 traders
- GET /api/equity-history-batch - batch endpoint for multiple trader histories
- GET /api/traders/:id/public-config - public config without secrets
- POST /api/traders/:id/start - now validates user ownership
- POST /api/traders/:id/stop - now validates user ownership
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
Replace log.Printf with log.Print for static strings to resolve
go vet warnings about non-constant format strings.
This is a security best practice as using Printf with dynamic strings
can lead to format string vulnerabilities.
Fixed 6 instances in trader/auto_trader.go:
- Line 260: Decision cycle separator (=)
- Line 262: Decision cycle separator (=)
- Line 349: System prompt separator (=)
- Line 353: System prompt separator (=)
- Line 357: CoT trace separator (-)
- Line 361: CoT trace separator (-)
- Run go mod tidy to regenerate correct go.sum entries
- Ensure all dependencies are properly resolved
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
- Keep newer version of go-sqlite3 (v1.14.32)
- Complete merge from dev branch
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
- Move /api/equity-history from protected to public routes group
- Remove token authentication requirement for equity history data
- Update API documentation to reflect public access
- Enable direct access to trader equity curves for competition comparison
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
Add CGO_CFLAGS="-D_LARGEFILE64_SOURCE" to resolve musl libc compatibility
issues. This enables the Large File Support feature macros which map
pread64/pwrite64/off64_t symbols (used by SQLite) to musl's native
pread/pwrite/off_t implementations.
This fix eliminates the "undeclared identifier" errors during CGO
compilation without requiring additional sqlite-dev dependencies.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
Update documentation to use placeholder values instead of real credentials
in example configurations for enhanced security.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>
- Change validation to check allModels first, then supportedModels
- This allows saving new model configurations without "model does not exist" error
- Fixes issue where users couldn't save AI model config after selecting from dropdown
Fixes#245🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: tinkle-community <tinklefund@gmail.com>