arbitrade/CHANGELOG.md

Changelog

[Unreleased] - 2026-06-01

Added

• Added stop-condition risk controls for abnormal source/apply latency and repeated execution failures.
• Added a new stop-conditions guard and integration in market feed processing.
• Added multi-channel alerting infrastructure with Telegram, Discord webhook, and SMTP channel clients.
• Added alert configuration settings for severity threshold, category routing, and dedup cooldown.
• Added dashboard alert status surfacing with configured channels and last-send delivery outcome.
• Added append-only audit_events schema plus repository support for insert/query of recent audit records.
• Added dashboard audit fragment and protected API endpoint for recent audit entries.
• Added runtime lifecycle manager with startup recovery and graceful shutdown orchestration.
• Added runtime_state_snapshots persistence for control flags, open trade count, and last known balances.
• Added CI security gates for dependency auditing (pip-audit --strict) and a repository/worktree secret scan script.
• Added strict settings validators for auth pairing, Kraken credential pairing, alert severity bounds, and key-scope policy.

Changed

• Live execution path now auto-activates the kill switch when configured stop conditions are breached.
• Added configuration env keys for stop-condition thresholds.
• WebSocket client now emits system alerts for disconnect/reconnect and heartbeat staleness timeout events.
• Added explicit Kraken API key permission configuration (KRAKEN_API_KEY_PERMISSIONS) and docs for least-privilege key usage.

Removed

• None.

Fixed

• Added/expanded unit coverage for risk limits and kill-switch enforcement, including stop-condition scenarios.
• Added partial-fill recovery logic that cancels open orders when possible and hedges residual exposure on timeout or failure.
• Added deterministic order idempotency via Kraken userref plus reconciliation helpers for Kraken order history responses.
• Added execution journaling for trades, orders, and estimated P&L, plus a DuckDB startup fallback when the default file path is unavailable.
• Added a mocked execution integration test that drives the triangular sequencer through the execution journal and DuckDB persistence.
• Added a DuckDB-backed performance metrics calculator for realized P&L, win rate, trade duration, opportunities/min, fill rate, and latency percentiles.
• Added dashboard page plus HTMX metrics fragment and SSE metrics stream.
• Added dashboard live overview panel for status, balances, open trades, realized P&L, and opportunity feed with HTMX refresh and SSE updates.
• Added dashboard controls for start/stop, config edits, and manual kill-switch triggering via HTMX POST forms.
• Added Alpine.js interactivity and a Chart.js opportunity trend panel to the dashboard.
• Added optional HTTP Basic authentication for dashboard routes, fragments, streams, and control endpoints.
• Added alert wiring for dashboard control actions, execution success/failure, and threshold breaches in risk guards.
• Added unit/integration tests covering alert notifier behavior and alert emission paths.
• Added critical system alert emission when live opportunity executor raises an unhandled exception.
• Added WebSocket and market-feed tests for system-event alerting paths.
• Added notifier status snapshot tracking and protected alert-status API endpoint for operational visibility.
• Added audit event writes for dashboard controls and detector/risk/execution decision points.
• Added tests for audit repository and dashboard audit route coverage.
• Added startup restart safety guard that halts execution when open trades are detected after restart.
• Added lifecycle tests for snapshot persistence, worker draining, recovery restore, and startup reconciliation hook.
• Added unit coverage for security-related settings validation paths.