Cursor

[chpeu]

PR Type

Enhancement, Bug fix

---

Description

• Complete migration from Socket.IO to native WebSocket implementation

• Removed all Socket.IO dependencies and legacy fallback code

• Added bidirectional configuration synchronization between frontend and backend

• Enhanced WebSocket implementation with proper reconnection and heartbeat mechanisms

• Added support for 40+ new trading configuration parameters via WebSocket

---

Diagram Walkthrough

flowchart LR
  A["Socket.IO Legacy"] -->|"Remove"| B["Native WebSocket"]
  C["Frontend Config"] -->|"Sync via WS"| D["Backend Config"]
  D -->|"Emit Updates"| C
  E["Trading Parameters"] -->|"Add 40+ params"| F["Config Handler"]
  F -->|"Validate & Store"| G["TRADING_CONFIG"]

Loading

File Walkthrough

	Relevant files
Bug fix	3 files dashboard.py Remove Socket.IO fallbacks, use WebSocket only                      +8/-27    scanner_loop.py Remove Socket.IO fallback emit calls                                          +3/-13    +page.svelte Fix WebSocket type handling and add config listeners          +40/-3
Enhancement	8 files scanner.py Replace Socket.IO with WebSocket manager                                  +13/-7    position_check_loop.py Migrate position updates to native WebSocket                          +9/-11    scalability_refresh.py Update top pairs emission via WebSocket                                    +3/-3      main.py Add 40+ bidirectional trading config parameters                    +141/-0  SettingsPanel.svelte Listen to backend config updates via WebSocket                      +49/-1    VariablesPanel.svelte Add config_updated event listener for synchronization        +21/-4    websocket-impl.ts New native WebSocket implementation with full bidirectionality +302/-0  websocket.ts Refactor to re-export from websocket-impl for compatibility +28/-421
Dependencies	2 files package.json Remove socket.io-client dependency                                              +1/-2      requirements.txt Remove python-socketio and python-engineio dependencies    +3/-2

---

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Missing audit logs: Critical configuration changes are applied and broadcast over WebSocket without consistently recording who performed the change or including sufficient contextual audit information for all updated fields. Referred Code # 🔥 FIX: Support min_score_required dans update_config WebSocket if 'min_score_required' in params: val = float(params['min_score_required']) val = max(1.0, min(20.0, val)) # Clamp 1.0-20.0 TRADING_CONFIG['min_score_required'] = val updated['min_score_required'] = val # 🔥 BIDIRECTIONNEL: Patterns Techniques (use_breakout, use_snr, use_wick, use_divergence) if 'use_breakout' in params: TRADING_CONFIG['use_breakout'] = bool(params['use_breakout']) updated['use_breakout'] = TRADING_CONFIG['use_breakout'] if 'use_snr' in params: TRADING_CONFIG['use_snr'] = bool(params['use_snr']) updated['use_snr'] = TRADING_CONFIG['use_snr'] if 'use_wick' in params: TRADING_CONFIG['use_wick'] = bool(params['use_wick']) updated['use_wick'] = TRADING_CONFIG['use_wick'] ... (clipped 127 lines) Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Reconnect edge cases: The WebSocket heartbeat and reconnection logic may leave pending command promises unresolved on disconnects or timeouts, risking silent failures without user-visible fallback. Referred Code private scheduleReconnect(): void { if (this.isReconnecting) return; this.isReconnecting = true; this.reconnectTimeout = window.setTimeout(() => { if (this.reconnectAttempts < this.maxReconnectAttempts) { this.reconnectAttempts++; console.log(`🔄 Tentative de reconnexion WebSocket #${this.reconnectAttempts}...`); this.connect(); } else { console.error('❌ Nombre maximal de tentatives de reconnexion WebSocket atteint.'); this.emit('error', new Error('Max reconnect attempts reached')); } this.isReconnecting = false; }, this.reconnectDelay * Math.pow(2, this.reconnectAttempts)); // Backoff exponentiel } private startHeartbeat(): void { this.stopHeartbeat(); // S'assurer qu'il n'y a qu'un seul intervalle this.pingInterval = window.setInterval(() => { if (this.ws && this.ws.readyState === WebSocket.OPEN) { ... (clipped 10 lines) Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Weak input coercion: The API updates configuration by casting untrusted parameters to floats/bools without explicit type checks or error handling, which may raise exceptions or accept invalid types. Referred Code val = float(params['min_score_required']) val = max(1.0, min(20.0, val)) # Clamp 1.0-20.0 TRADING_CONFIG['min_score_required'] = val updated['min_score_required'] = val # 🔥 BIDIRECTIONNEL: Patterns Techniques (use_breakout, use_snr, use_wick, use_divergence) if 'use_breakout' in params: TRADING_CONFIG['use_breakout'] = bool(params['use_breakout']) updated['use_breakout'] = TRADING_CONFIG['use_breakout'] if 'use_snr' in params: TRADING_CONFIG['use_snr'] = bool(params['use_snr']) updated['use_snr'] = TRADING_CONFIG['use_snr'] if 'use_wick' in params: TRADING_CONFIG['use_wick'] = bool(params['use_wick']) updated['use_wick'] = TRADING_CONFIG['use_wick'] if 'use_divergence' in params: TRADING_CONFIG['use_divergence'] = bool(params['use_divergence']) updated['use_divergence'] = TRADING_CONFIG['use_divergence'] ... (clipped 107 lines) Learn more about managing compliance generic rules or creating your own custom rules

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
⚪	Broken heartbeat check Description: The heartbeat logic may never detect a missed pong because it compares Date.now() against (this.pingInterval as number) * 2, but this.pingInterval stores an interval ID rather than the interval duration, leading to unreliable disconnect detection and potential stale connection state. websocket-impl.ts [235-246] Referred Code this.stopHeartbeat(); // S'assurer qu'il n'y a qu'un seul intervalle this.pingInterval = window.setInterval(() => { if (this.ws && this.ws.readyState === WebSocket.OPEN) { this.sendRaw(JSON.stringify({ type: 'ping' })); // Si pas de pong en retour, considérer comme déconnecté if (Date.now() - this.lastPing > (this.pingInterval as number) * 2) { console.warn('⚠️ Pas de pong reçu, reconnexion forcée.'); this.ws.close(); // Force la reconnexion via onclose } } }, 10000); // Envoyer un ping toutes les 10 secondes }
	Missing WS availability check Description: Emitting 'config_updated' over WebSocket uses 'ws_manager' without a preceding null/connected check, which could raise exceptions and cause denial-of-service if the WebSocket manager is unavailable; add presence checks or exception handling. main.py [2485-2488] Referred Code await ws_manager.emit('config_updated', { 'updated': updated, 'timestamp': time.time() })
	Unsanitized WS data Description: The code trusts WebSocket 'state' responses to overwrite local settings without validating schema or sanitizing values, which could allow malicious or corrupted data to alter client configuration; add validation of received fields and types. SettingsPanel.svelte [41-63] Referred Code const { getWebSocket, sendRequestViaWS } = await import('$lib/utils/websocket'); const ws = getWebSocket(); if (ws && ws.connected) { try { const stateData = await sendRequestViaWS('state', {}); if (stateData && stateData.config) { backendConfig = stateData.config; // ✅ Synchroniser les paramètres qui existent dans le backend if (stateData.config.sl_percent !== undefined) { updateSetting('stopLossPercent', stateData.config.sl_percent); } if (stateData.config.tp_percent !== undefined) { updateSetting('takeProfitPercent', stateData.config.tp_percent); } if (stateData.config.trailing_trigger_pnl !== undefined) { updateSetting('trailingStopPercent', stateData.config.trailing_trigger_pnl); } return; } } catch (wsErr) { console.warn('⚠️ Erreur chargement config via WebSocket, fallback REST:', wsErr); ... (clipped 2 lines)
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Missing audit logs: New configuration-changing commands emit WebSocket events but do not consistently log who performed the action or detailed context for audit trails beyond generic 'Config mise à jour' entries. Referred Code # 🔥 BIDIRECTIONNEL: Patterns Techniques (use_breakout, use_snr, use_wick, use_divergence) if 'use_breakout' in params: TRADING_CONFIG['use_breakout'] = bool(params['use_breakout']) updated['use_breakout'] = TRADING_CONFIG['use_breakout'] if 'use_snr' in params: TRADING_CONFIG['use_snr'] = bool(params['use_snr']) updated['use_snr'] = TRADING_CONFIG['use_snr'] if 'use_wick' in params: TRADING_CONFIG['use_wick'] = bool(params['use_wick']) updated['use_wick'] = TRADING_CONFIG['use_wick'] if 'use_divergence' in params: TRADING_CONFIG['use_divergence'] = bool(params['use_divergence']) updated['use_divergence'] = TRADING_CONFIG['use_divergence'] # 🔥 BIDIRECTIONNEL: Patterns de Bougies if 'use_engulfing' in params: TRADING_CONFIG['use_engulfing'] = bool(params['use_engulfing']) updated['use_engulfing'] = TRADING_CONFIG['use_engulfing'] ... (clipped 119 lines) Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Reconnect edge cases: The WebSocket reconnection and heartbeat logic lacks explicit error propagation or backoff limits for queued messages which may grow unbounded, risking silent failures or memory growth. Referred Code private reconnectAttempts: number = 0; private maxReconnectAttempts: number = 10; private reconnectDelay: number = 1000; private messageQueue: any[] = []; private commandCallbacks: Map<number, CommandCallback> = new Map(); private commandIdCounter: number = 0; private eventHandlers: Map<string, Array<(data: any) => void>> = new Map(); private isReconnecting: boolean = false; private lastPing: number = Date.now(); private pingInterval: number | null = null; private reconnectTimeout: number | null = null; private rooms: Set<string> = new Set(); public connected: boolean = false; constructor(url: string = '') { // Détecter l'URL depuis window.location si non fournie if (!url) { const protocol = window.location.protocol === 'https:' ? 'wss:' : 'ws:'; const host = window.location.host; url = `${protocol}//${host}`; } ... (clipped 82 lines) Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Input validation: New WebSocket-driven config updates cast values but accept raw params without explicit type/range validation for booleans and missing authentication/authorization context in the diff. Referred Code # 🔥 BIDIRECTIONNEL: Patterns Techniques (use_breakout, use_snr, use_wick, use_divergence) if 'use_breakout' in params: TRADING_CONFIG['use_breakout'] = bool(params['use_breakout']) updated['use_breakout'] = TRADING_CONFIG['use_breakout'] if 'use_snr' in params: TRADING_CONFIG['use_snr'] = bool(params['use_snr']) updated['use_snr'] = TRADING_CONFIG['use_snr'] if 'use_wick' in params: TRADING_CONFIG['use_wick'] = bool(params['use_wick']) updated['use_wick'] = TRADING_CONFIG['use_wick'] if 'use_divergence' in params: TRADING_CONFIG['use_divergence'] = bool(params['use_divergence']) updated['use_divergence'] = TRADING_CONFIG['use_divergence'] # 🔥 BIDIRECTIONNEL: Patterns de Bougies if 'use_engulfing' in params: TRADING_CONFIG['use_engulfing'] = bool(params['use_engulfing']) updated['use_engulfing'] = TRADING_CONFIG['use_engulfing'] ... (clipped 119 lines) Learn more about managing compliance generic rules or creating your own custom rules

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-code-review]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	Fix a runtime name error Declare the global variable _ws_manager and add a set_websocket_manager function in core/callbacks/position_check_loop.py. This is necessary to prevent a NameError since the code was updated to use _ws_manager without it being defined or injected. core/callbacks/position_check_loop.py [13-20] # Variables globales injectées par init_instances() _position_manager = None _price_provider = None _app_state = None -_sio = None +_ws_manager = None _position_lock = None _analytics_db = None + + +def set_websocket_manager(ws_manager): + """Injecter l'instance WebSocketManager""" + global _ws_manager + _ws_manager = ws_manager def set_position_manager(position_manager): ... [To ensure code accuracy, apply this suggestion manually] Suggestion importance[1-10]: 10 __ Why: The suggestion correctly identifies a missing global variable _ws_manager which would cause a NameError at runtime, breaking all real-time position updates and making the application unusable.	High
	Fix incorrect WebSocket heartbeat check Fix the WebSocket heartbeat check by using the correct interval duration (10000ms) instead of the timer ID returned by setInterval. This prevents a bug that causes premature and frequent disconnections. frontend/src/lib/utils/websocket-impl.ts [234-246] private startHeartbeat(): void { this.stopHeartbeat(); // S'assurer qu'il n'y a qu'un seul intervalle + const PING_INTERVAL_MS = 10000; // Envoyer un ping toutes les 10 secondes this.pingInterval = window.setInterval(() => { if (this.ws && this.ws.readyState === WebSocket.OPEN) { this.sendRaw(JSON.stringify({ type: 'ping' })); // Si pas de pong en retour, considérer comme déconnecté - if (Date.now() - this.lastPing > (this.pingInterval as number) * 2) { + if (Date.now() - this.lastPing > PING_INTERVAL_MS * 2) { console.warn('⚠️ Pas de pong reçu, reconnexion forcée.'); this.ws.close(); // Force la reconnexion via onclose } } - }, 10000); // Envoyer un ping toutes les 10 secondes + }, PING_INTERVAL_MS); } Apply / Chat Suggestion importance[1-10]: 9 __ Why: This is a critical bug in the new WebSocket client implementation, as this.pingInterval holds a timer ID, not a duration, causing the heartbeat check to fail and forcing constant reconnections.	High
High-level	Centralize duplicated configuration update logic The configuration update logic is duplicated in the WebSocket command handler and the REST API endpoint in main.py. This should be refactored into a single, reusable function to avoid inconsistencies and improve maintainability. Examples: main.py [2225-2491] elif command == 'update_config': # 🔥 BIDIRECTIONNEL: Mettre à jour config avec validation complète (même logique que /api/config) from config import TRADING_CONFIG updated = {} # 🔥 Volume multiplier if 'volume_multiplier' in params: val = float(params['volume_multiplier']) val = max(0.1, min(2.0, val)) # Clamp 0.1-2.0 TRADING_CONFIG['volume_multiplier'] = val ... (clipped 257 lines) main.py [2574-2715] async def api_update_config(request: Request): """Modifier la configuration à la volée (tous les paramètres)""" from config import TRADING_CONFIG try: data = await request.json() if hasattr(request, 'json') else {} data = data if isinstance(data, dict) else {} updated = {} ... (clipped 132 lines) Solution Walkthrough: Before: # In main.py async def handle_client_command(command: str, params: dict): if command == 'update_config': updated = {} # ... extensive validation and update logic for dozens of params ... if 'sl_percent' in params: TRADING_CONFIG['sl_percent'] = float(params['sl_percent']) updated['sl_percent'] = TRADING_CONFIG['sl_percent'] # ... many more similar blocks ... if updated: await ws_manager.emit('config_updated', {'updated': updated}) return {'updated': updated} async def api_update_config(request: Request): data = await request.json() updated = {} # ... extensive, duplicated validation and update logic ... if 'sl_percent' in data: TRADING_CONFIG['sl_percent'] = float(data['sl_percent']) updated['sl_percent'] = TRADING_CONFIG['sl_percent'] # ... many more similar blocks ... if updated: await ws_manager.emit('config_updated', {'updated': updated}) return JSONResponse({'status': 'updated', 'updated': updated}) After: # In main.py def _update_config_logic(settings: dict) -> dict: """Centralized function to update TRADING_CONFIG.""" from config import TRADING_CONFIG updated = {} # ... extensive validation and update logic for dozens of settings ... if 'sl_percent' in settings: TRADING_CONFIG['sl_percent'] = float(settings['sl_percent']) updated['sl_percent'] = TRADING_CONFIG['sl_percent'] # ... many more similar blocks ... return updated async def handle_client_command(command: str, params: dict): if command == 'update_config': updated = _update_config_logic(params) if updated: await ws_manager.emit('config_updated', {'updated': updated}) return {'updated': updated} async def api_update_config(request: Request): data = await request.json() updated = _update_config_logic(data) if updated: await ws_manager.emit('config_updated', {'updated': updated}) return JSONResponse({'status': 'updated', 'updated': updated}) Suggestion importance[1-10]: 9 __ Why: The suggestion correctly identifies a critical design flaw—massive code duplication between the handle_client_command and api_update_config functions—which severely impacts maintainability and is a likely source of future bugs.	High
General	Improve robustness of event handling Improve the robustness of the handleEvent method by wrapping each event handler call in a try...catch block. This prevents an error in one handler from crashing the loop and stopping other handlers for the same event from executing. frontend/src/lib/utils/websocket-impl.ts [177-193] private handleEvent(event: string, data: any): void { const handlers = this.eventHandlers.get(event); if (handlers) { - handlers.forEach(handler => handler(data)); + handlers.forEach(handler => { + try { + handler(data); + } catch (error) { + console.error(`❌ Erreur dans le handler pour l'événement '${event}':`, error); + } + }); } } on(event: string, handler: (data: any) => void): () => void { if (!this.eventHandlers.has(event)) { this.eventHandlers.set(event, []); } this.eventHandlers.get(event)?.push(handler); // Retourne une fonction de désinscription return () => { this.off(event, handler); }; } Apply / Chat Suggestion importance[1-10]: 7 __ Why: The suggestion correctly points out that an error in one event handler would stop others from running, and proposes a try...catch block to improve the robustness of the event handling system.	Medium
More