3

[chpeu]

PR Type

Bug fix, Enhancement

---

Description

• Fix dynamic TP/SL configuration updates from TRADING_CONFIG in position manager

• Add startup event to reset frontend session before scanning begins

• Emit reset_session event on new WebSocket connections for proper frontend initialization

• Expand state config with all trading parameters (patterns, ATR, escalier, trailing stop)

• Improve config synchronization across position_config and tpsl_config instances

• Fix boolean value handling in frontend config updates for proper reactivity

---

Diagram Walkthrough

flowchart LR
  A["Backend Startup"] -->|emit reset_session| B["WebSocket Manager"]
  B -->|broadcast| C["Frontend"]
  C -->|clearHistory & resetStats| D["Stores Updated"]
  E["Config Update via WebSocket"] -->|sync| F["position_config & tpsl_config"]
  F -->|apply changes| G["Active Positions"]
  H["New WebSocket Connection"] -->|emit reset_session| C

Loading

File Walkthrough

Relevant files

Bug fix

position_manager.py Fix dynamic TP/SL configuration synchronization                    core/position_manager.py Add dynamic TP/SL percentage updates from TRADING_CONFIG instead of self.config Fetch fixed_tp_pct and fixed_sl_pct directly from TRADING_CONFIG with defaults Ensures TP/SL parameters are always synchronized with current configuration +3/-0      main.py Add startup reset event and expand config synchronization main.py Add FastAPI startup event to emit reset_session before scanning begins Emit reset_session on new WebSocket connections for late-connecting clients Expand state config with all trading parameters (patterns, ATR modes, money management) Improve config update handler to synchronize position_config and tpsl_config instances Add detailed config synchronization for TP/SL, ATR, and escalier parameters +121/-2  VariablesPanel.svelte Fix boolean value handling in config updates                          frontend/src/lib/components/VariablesPanel.svelte Add explicit boolean type checking when updating config from backend state Ensure boolean values are properly converted during config updates Improve reactivity handling for checkbox-based configuration options +12/-2    +page.svelte Refactor session reset to use backend event                            frontend/src/routes/+page.svelte Move reset_session event listener to separate handler from connect event Emit reset_session from backend on startup and new connections Clear trade history and reset stats when reset_session event is received Remove redundant reset logic from connect handler +11/-5

---

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Incomplete logging: New critical actions like config updates and session resets are logged generically without consistently including user identity/context, making audit trails potentially insufficient. Referred Code TRADING_CONFIG['atr_max'] = val updated['atr_max'] = val if position_config: position_config.atr_max = val if updated: logger.info(f"✅ Config mise à jour via WebSocket: {updated}") await add_log('INFO', 'Config mise à jour', str(updated)) # 🔥 FIX: Mettre à jour immédiatement toutes les instances qui utilisent la config # Mettre à jour position_config si nécessaire (sans réinitialiser complètement) if position_config: from config import TRADING_CONFIG # Mettre à jour les valeurs TP/SL si elles ont changé if 'tp_sl_mode' in updated: tp_sl_mode = TRADING_CONFIG.get('tp_sl_mode', 'FIXE') position_config.use_atr = (tp_sl_mode == 'ATR' or tp_sl_mode == 'TP_MULTI') if 'tp_percent' in updated: position_config.fixed_tp_pct = TRADING_CONFIG.get('tp_percent', 0.6) if 'sl_percent' in updated: position_config.fixed_sl_pct = TRADING_CONFIG.get('sl_percent', 0.25) ... (clipped 31 lines) Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Broad exceptions: Several new try/except blocks catch Exception and log minimal context without clearly handling edge cases like missing ws_manager or invalid websocket state. Referred Code @app.on_event("startup") async def startup_event(): """Événement de démarrage - réinitialiser le frontend AVANT le scan""" try: # Initialiser les instances si pas déjà fait init_instances() # Attendre un peu pour que les connexions WebSocket soient prêtes await asyncio.sleep(1.0) # 🔥 FIX: Émettre événement de réinitialisation pour synchroniser le frontend IMMÉDIATEMENT if ws_manager: await ws_manager.emit('reset_session', { 'timestamp': time.time(), 'reason': 'backend_startup' }) logger.info("✅ Événement reset_session émis au démarrage (AVANT le scan)") except Exception as e: logger.warning(f"⚠️ Erreur événement startup: {e}") # 🔥 PHASE 4: Fichier de persistance pour trade history ... (clipped 3 lines) Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Log content risk: Logging of updated runtime configuration via str(updated) could inadvertently include sensitive fields if present in TRADING_CONFIG. Referred Code if updated: logger.info(f"✅ Config mise à jour via WebSocket: {updated}") await add_log('INFO', 'Config mise à jour', str(updated)) # 🔥 FIX: Mettre à jour immédiatement toutes les instances qui utilisent la config # Mettre à jour position_config si nécessaire (sans réinitialiser complètement) if position_config: from config import TRADING_CONFIG # Mettre à jour les valeurs TP/SL si elles ont changé if 'tp_sl_mode' in updated: tp_sl_mode = TRADING_CONFIG.get('tp_sl_mode', 'FIXE') position_config.use_atr = (tp_sl_mode == 'ATR' or tp_sl_mode == 'TP_MULTI') if 'tp_percent' in updated: position_config.fixed_tp_pct = TRADING_CONFIG.get('tp_percent', 0.6) if 'sl_percent' in updated: position_config.fixed_sl_pct = TRADING_CONFIG.get('sl_percent', 0.25) if 'atr_mult_tp' in updated: position_config.atr_mult_tp = TRADING_CONFIG.get('atr_mult_tp', 1.5) if 'atr_mult_sl' in updated: position_config.atr_mult_sl = TRADING_CONFIG.get('atr_mult_sl', 1.0) if 'atr_min' in updated: ... (clipped 26 lines) Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Config updates trust: WebSocket-driven config updates are applied directly to TRADING_CONFIG and runtime objects without visible validation or authorization in the new code. Referred Code TRADING_CONFIG['atr_max'] = val updated['atr_max'] = val if position_config: position_config.atr_max = val if updated: logger.info(f"✅ Config mise à jour via WebSocket: {updated}") await add_log('INFO', 'Config mise à jour', str(updated)) # 🔥 FIX: Mettre à jour immédiatement toutes les instances qui utilisent la config # Mettre à jour position_config si nécessaire (sans réinitialiser complètement) if position_config: from config import TRADING_CONFIG # Mettre à jour les valeurs TP/SL si elles ont changé if 'tp_sl_mode' in updated: tp_sl_mode = TRADING_CONFIG.get('tp_sl_mode', 'FIXE') position_config.use_atr = (tp_sl_mode == 'ATR' or tp_sl_mode == 'TP_MULTI') if 'tp_percent' in updated: position_config.fixed_tp_pct = TRADING_CONFIG.get('tp_percent', 0.6) if 'sl_percent' in updated: position_config.fixed_sl_pct = TRADING_CONFIG.get('sl_percent', 0.25) ... (clipped 31 lines) Learn more about managing compliance generic rules or creating your own custom rules

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
⚪	WebSocket auth missing Description: The server emits a 'reset_session' event to any newly connected WebSocket without authenticating the client or authorizing event reception, which could disclose session timing/state behavior to unauthenticated parties and be abused for state manipulation if other privileged events are later added similarly. main.py [2101-2113] Referred Code try: await ws_manager.send_personal_message({ 'type': 'event', 'event': 'reset_session', 'data': { 'timestamp': time.time(), 'reason': 'new_connection' } }, websocket) logger.debug("✅ Événement reset_session envoyé à la nouvelle connexion") except Exception as e: logger.debug(f"⚠️ Erreur envoi reset_session: {e}")
	Event exposure Description: On startup the app emits a global 'reset_session' event to all connected WebSocket clients without authentication or origin checks, potentially allowing unauthorized clients to learn server lifecycle events and timing. main.py [189-207] Referred Code # 🔥 FIX: Événement de démarrage FastAPI pour réinitialiser le frontend AVANT le scan @app.on_event("startup") async def startup_event(): """Événement de démarrage - réinitialiser le frontend AVANT le scan""" try: # Initialiser les instances si pas déjà fait init_instances() # Attendre un peu pour que les connexions WebSocket soient prêtes await asyncio.sleep(1.0) # 🔥 FIX: Émettre événement de réinitialisation pour synchroniser le frontend IMMÉDIATEMENT if ws_manager: await ws_manager.emit('reset_session', { 'timestamp': time.time(), 'reason': 'backend_startup' }) logger.info("✅ Événement reset_session émis au démarrage (AVANT le scan)") except Exception as e:
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Missing audit logs: Newly added critical configuration updates and session reset events are not consistently logged with user ID and outcome, making audit reconstruction uncertain. Referred Code TRADING_CONFIG['atr_max'] = val updated['atr_max'] = val if position_config: position_config.atr_max = val if updated: logger.info(f"✅ Config mise à jour via WebSocket: {updated}") await add_log('INFO', 'Config mise à jour', str(updated)) # 🔥 FIX: Mettre à jour immédiatement toutes les instances qui utilisent la config # Mettre à jour position_config si nécessaire (sans réinitialiser complètement) if position_config: from config import TRADING_CONFIG # Mettre à jour les valeurs TP/SL si elles ont changé if 'tp_sl_mode' in updated: tp_sl_mode = TRADING_CONFIG.get('tp_sl_mode', 'FIXE') position_config.use_atr = (tp_sl_mode == 'ATR' or tp_sl_mode == 'TP_MULTI') if 'tp_percent' in updated: position_config.fixed_tp_pct = TRADING_CONFIG.get('tp_percent', 0.6) if 'sl_percent' in updated: position_config.fixed_sl_pct = TRADING_CONFIG.get('sl_percent', 0.25) ... (clipped 31 lines) Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Generic except: Broad exception handling around startup and websocket flows logs minimal context and may miss edge-case handling for null ws_manager or failed emits. Referred Code @app.on_event("startup") async def startup_event(): """Événement de démarrage - réinitialiser le frontend AVANT le scan""" try: # Initialiser les instances si pas déjà fait init_instances() # Attendre un peu pour que les connexions WebSocket soient prêtes await asyncio.sleep(1.0) # 🔥 FIX: Émettre événement de réinitialisation pour synchroniser le frontend IMMÉDIATEMENT if ws_manager: await ws_manager.emit('reset_session', { 'timestamp': time.time(), 'reason': 'backend_startup' }) logger.info("✅ Événement reset_session émis au démarrage (AVANT le scan)") except Exception as e: logger.warning(f"⚠️ Erreur événement startup: {e}") # 🔥 PHASE 4: Fichier de persistance pour trade history ... (clipped 1903 lines) Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Log structure: Logging of config updates and events uses free-form strings rather than structured logs, and it’s unclear whether sensitive fields could appear in emitted payloads or logs. Referred Code 'data': log_entry }, websocket) except Exception as e: logger.debug(f"⚠️ Erreur envoi log: {e}") break # Arrêter si erreur except Exception as e: logger.error(f"❌ Erreur envoi logs: {e}") # 🔥 FIX: Émettre reset_session à chaque nouvelle connexion pour réinitialiser le frontend # (en plus de l'événement startup, pour les clients qui se connectent après le démarrage) # Toujours émettre pour s'assurer que le frontend est réinitialisé même si connecté après le démarrage try: await ws_manager.send_personal_message({ 'type': 'event', 'event': 'reset_session', 'data': { 'timestamp': time.time(), 'reason': 'new_connection' } }, websocket) logger.debug("✅ Événement reset_session envoyé à la nouvelle connexion") ... (clipped 686 lines) Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Input validation: WebSocket-driven config updates appear to directly apply values from external input without visible validation of ranges or types in the new code. Referred Code TRADING_CONFIG['atr_max'] = val updated['atr_max'] = val if position_config: position_config.atr_max = val if updated: logger.info(f"✅ Config mise à jour via WebSocket: {updated}") await add_log('INFO', 'Config mise à jour', str(updated)) # 🔥 FIX: Mettre à jour immédiatement toutes les instances qui utilisent la config # Mettre à jour position_config si nécessaire (sans réinitialiser complètement) if position_config: from config import TRADING_CONFIG # Mettre à jour les valeurs TP/SL si elles ont changé if 'tp_sl_mode' in updated: tp_sl_mode = TRADING_CONFIG.get('tp_sl_mode', 'FIXE') position_config.use_atr = (tp_sl_mode == 'ATR' or tp_sl_mode == 'TP_MULTI') if 'tp_percent' in updated: position_config.fixed_tp_pct = TRADING_CONFIG.get('tp_percent', 0.6) if 'sl_percent' in updated: position_config.fixed_sl_pct = TRADING_CONFIG.get('sl_percent', 0.25) ... (clipped 31 lines) Learn more about managing compliance generic rules or creating your own custom rules

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-code-review]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
High-level	Centralize configuration management to simplify Refactor the fragmented configuration management by replacing the global TRADING_CONFIG dictionary and manual synchronization logic with a centralized configuration service. This service would be passed to all modules, ensuring they always access the most current settings without needing repetitive and error-prone updates. Examples: main.py [2754-2791] # 🔥 FIX: Mettre à jour immédiatement toutes les instances qui utilisent la config # Mettre à jour position_config si nécessaire (sans réinitialiser complètement) if position_config: from config import TRADING_CONFIG # Mettre à jour les valeurs TP/SL si elles ont changé if 'tp_sl_mode' in updated: tp_sl_mode = TRADING_CONFIG.get('tp_sl_mode', 'FIXE') position_config.use_atr = (tp_sl_mode == 'ATR' or tp_sl_mode == 'TP_MULTI') if 'tp_percent' in updated: position_config.fixed_tp_pct = TRADING_CONFIG.get('tp_percent', 0.6) ... (clipped 28 lines) core/position_manager.py [379-381] # 🔥 FIX: Mettre à jour paramètres FIXE depuis TRADING_CONFIG (au lieu de self.config qui n'est pas mis à jour dynamiquement) self.tpsl_config.fixed_tp_pct = TRADING_CONFIG.get('tp_percent', 0.6) self.tpsl_config.fixed_sl_pct = TRADING_CONFIG.get('sl_percent', 0.25) Solution Walkthrough: Before: # main.py # Global config dictionary TRADING_CONFIG = {...} # Separate config object instance position_config = PositionConfig() # When config is updated from frontend def handle_update_config(updated_keys): # Manually update the global dict for key, value in updated_keys.items(): TRADING_CONFIG[key] = value # Manually sync the separate config object if 'tp_percent' in updated_keys: position_config.fixed_tp_pct = TRADING_CONFIG.get('tp_percent') if 'sl_percent' in updated_keys: position_config.fixed_sl_pct = TRADING_CONFIG.get('sl_percent') # ... and so on for every parameter # core/position_manager.py def open_position(...): # Manually re-sync from global config before creating a position self.tpsl_config.fixed_tp_pct = TRADING_CONFIG.get('tp_percent') self.tpsl_config.fixed_sl_pct = TRADING_CONFIG.get('sl_percent') ... After: # config_service.py class ConfigService: def __init__(self): self._config = self.load_from_source() def get(self, key, default=None): return self._config.get(key, default) def update(self, new_values): self._config.update(new_values) # No manual sync needed # main.py config_service = ConfigService() position_manager = PositionManager(config_service) def handle_update_config(updated_keys): config_service.update(updated_keys) # core/position_manager.py class PositionManager: def __init__(self, config_service): self.config = config_service def open_position(...): # Always gets the latest value directly tp_pct = self.config.get('tp_percent') sl_pct = self.config.get('sl_percent') ... Suggestion importance[1-10]: 9 __ Why: The suggestion correctly identifies a critical architectural flaw—fragmented configuration management—which the PR only patches with complex, error-prone manual synchronization logic in main.py and position_manager.py.	High
General	Remove redundant conditional logic Simplify the code by removing the redundant if/else block since both branches perform the same assignment. frontend/src/lib/components/VariablesPanel.svelte [330-336] // 🔥 FIX: Pour les booléens (checkboxes), s'assurer qu'ils sont bien convertis -if (typeof stateData.config[key] === 'boolean') { - newConfig[key] = stateData.config[key]; -} else { - newConfig[key] = stateData.config[key]; -} +newConfig[key] = stateData.config[key]; Apply / Chat Suggestion importance[1-10]: 5 __ Why: The suggestion correctly identifies a redundant if/else block where both branches execute identical code, improving code clarity and removing unnecessary complexity.	Low
More