trading/services/api_gateway/config.py

"""API Gateway configuration — extends shared BaseConfig with JWT, CORS, and WebAuthn settings."""

from shared.config import BaseConfig


class ApiGatewayConfig(BaseConfig):
    """Configuration for the API Gateway service.

    All settings can be overridden via environment variables
    prefixed with ``TRADING_``.
    """

    # Dev mode — bypasses authentication (set TRADING_DEV_MODE=true)
    dev_mode: bool = False

    # JWT settings — TRADING_JWT_SECRET_KEY must be set in environment
    jwt_secret_key: str = "dev-secret-not-for-production"
    jwt_algorithm: str = "HS256"
    access_token_expire_minutes: int = 15
    refresh_token_expire_days: int = 7

    # Alpaca brokerage credentials (for portfolio sync)
    alpaca_api_key: str = ""
    alpaca_secret_key: str = ""
    paper_trading: bool = True
    snapshot_interval_seconds: int = 60

    # CORS settings
    cors_origins: list[str] = ["http://localhost:5173"]

    # WebAuthn (passkey) relying party settings
    rp_id: str = "localhost"
    rp_name: str = "Trading Bot"
    rp_origin: str = "http://localhost:5173"
feat: API gateway with passkey (WebAuthn) authentication 2026-02-22 15:53:48 +00:00			`"""API Gateway configuration — extends shared BaseConfig with JWT, CORS, and WebAuthn settings."""`

			`from shared.config import BaseConfig`


			`class ApiGatewayConfig(BaseConfig):`
			`"""Configuration for the API Gateway service.`

			`All settings can be overridden via environment variables`
			prefixed with ``TRADING_``.
			`"""`

fix: resolve all remaining TODOs, add dev mode auth bypass - Learning engine: expand default weights from 3 to all 9 strategies - Learning engine: resolve placeholder strategy_id with DB lookup - Learning engine: pass strategy_sources from trade execution - Trade executor: respect trading:paused Redis flag in RiskManager - Portfolio sync: compute actual daily P&L from day-start snapshot - Portfolio API: cumulative P&L from first snapshot, read pause flag - Portfolio metrics: compute max drawdown and avg hold duration - Add strategy_sources field to TradeExecution schema - Add dev_mode config (TRADING_DEV_MODE) to bypass auth for local dev - Dashboard: VITE_DEV_MODE bypasses ProtectedRoute and 401 redirects - Vite proxy target configurable via VITE_API_TARGET - Add top-level README.md and remaining-work-plan.md - Update CLAUDE.md with correct counts and remove stale TODOs - 404 tests passing Made-with: Cursor 2026-02-25 22:02:25 +00:00			`# Dev mode — bypasses authentication (set TRADING_DEV_MODE=true)`
			`dev_mode: bool = False`

fix: resolve 8 critical issues from code review C1: Fix BacktestDataLoader constructor args (was passing wrong kwargs) C2: Fix BacktestResult attribute names (max_drawdown_pct, avg_hold_duration) C3: Remove insecure JWT secret default (now required via env var) C4: Fix .env.example to use TRADING_ prefix for all config vars C5: Add missing fields to portfolio endpoint (daily_pnl_pct, total_pnl, trading_active) C6: Add missing /portfolio/metrics endpoint C7: Add 'value' field to equity curve response for frontend compatibility C8: Add 6M/ALL periods and case-insensitive period enum parsing Also: make app creation lazy to avoid config validation at import time 2026-02-22 17:48:40 +00:00			`# JWT settings — TRADING_JWT_SECRET_KEY must be set in environment`
fix: resolve all remaining TODOs, add dev mode auth bypass - Learning engine: expand default weights from 3 to all 9 strategies - Learning engine: resolve placeholder strategy_id with DB lookup - Learning engine: pass strategy_sources from trade execution - Trade executor: respect trading:paused Redis flag in RiskManager - Portfolio sync: compute actual daily P&L from day-start snapshot - Portfolio API: cumulative P&L from first snapshot, read pause flag - Portfolio metrics: compute max drawdown and avg hold duration - Add strategy_sources field to TradeExecution schema - Add dev_mode config (TRADING_DEV_MODE) to bypass auth for local dev - Dashboard: VITE_DEV_MODE bypasses ProtectedRoute and 401 redirects - Vite proxy target configurable via VITE_API_TARGET - Add top-level README.md and remaining-work-plan.md - Update CLAUDE.md with correct counts and remove stale TODOs - 404 tests passing Made-with: Cursor 2026-02-25 22:02:25 +00:00			`jwt_secret_key: str = "dev-secret-not-for-production"`
feat: API gateway with passkey (WebAuthn) authentication 2026-02-22 15:53:48 +00:00			`jwt_algorithm: str = "HS256"`
			`access_token_expire_minutes: int = 15`
			`refresh_token_expire_days: int = 7`

feat: real data pipeline — market data, DB persistence, portfolio sync, signal-trade linkage Wire the trading bot to real Alpaca market data and persist pipeline state to the database so the dashboard displays live information. - Add market-data service fetching OHLCV bars from Alpaca, publishing to market:bars Redis Stream; signal generator consumes bars and injects current_price into signals for position sizing - Sentiment analyzer now persists Article + ArticleSentiment rows to DB after scoring, with duplicate and error handling - API gateway runs a background portfolio sync task that snapshots Alpaca account state into PortfolioSnapshot/Position DB tables during market hours - TradeSignal carries a signal_id UUID; signal generator and trade executor both persist their records to DB with cross-references - 303 unit tests pass (57 new tests added) 2026-02-22 19:52:45 +00:00			`# Alpaca brokerage credentials (for portfolio sync)`
			`alpaca_api_key: str = ""`
			`alpaca_secret_key: str = ""`
			`paper_trading: bool = True`
			`snapshot_interval_seconds: int = 60`

feat: API gateway with passkey (WebAuthn) authentication 2026-02-22 15:53:48 +00:00			`# CORS settings`
			`cors_origins: list[str] = ["http://localhost:5173"]`

			`# WebAuthn (passkey) relying party settings`
			`rp_id: str = "localhost"`
			`rp_name: str = "Trading Bot"`
			`rp_origin: str = "http://localhost:5173"`