Replace locally-defined duplicate interfaces in page.tsx,
CandleChart.tsx, SpanAnnotationManager.tsx, Toolbox.tsx,
SpanAnnotationList.tsx, and SpanPopover.tsx with imports from @/types.
- SpanAnnotation, SpanLabelType: replaced in all 6 files
- Candle, AnnotationType: replaced in CandleChart.tsx, SpanAnnotationManager.tsx, Toolbox.tsx
- Annotation (with geometry): replaced in CandleChart.tsx and Toolbox.tsx
- Chart: kept local in page.tsx (shared type has created_at: Date|number vs local number)
- Annotation in page.tsx: kept local (geometry: any) but added missing color field for compatibility
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add SpanAnnotation, SpanLabelType, and SubSpan interfaces extracted from
duplicate inline definitions across SpanAnnotationManager, SpanAnnotationList,
SpanPopover, Toolbox, and page.tsx components.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds a shared Chart interface matching the DB schema (id, name, created_at)
and the existing usages in page.tsx and ChartSelector.tsx.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Creates src/types/annotations.ts with typed interfaces matching actual
usage in CandleChart.tsx, page.tsx, and DB schema. Marks task 9.2 done.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add shared Candle interface with time, open, high, low, close, and
optional volume fields. Volume is optional because the DB schema does
not store volume but the predict/patterns API routes accept it as an
optional field.
Mark task 9.1 as complete in tasks.md.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Move the inline 'new Set<string>()' default prop to a module-level constant
(EMPTY_STRING_SET) to prevent unnecessary Set instance creation on every render,
which could cause unnecessary re-renders in children or effects that depend on
reference equality.
Replace inline magic numbers (8px, 60s, 2, 1, 0.15, 0.25, 100) and hardcoded
color strings with named module-level constants for better maintainability and
clarity. Organized constants into logical groups:
- Magic number constants (tolerance, intervals, sizes, alphas)
- Dark theme colors
- Light theme colors
- Candlestick colors
- Prediction overlay colors
- Predefined label colors
This improves code readability and makes it easier to adjust UI parameters globally.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace the hardcoded 60-second assumption in CandleChart.tsx with
dynamic interval detection: compute interval as candles[1].time -
candles[0].time when at least 2 candles are available, fall back to
60 otherwise. Used for span-to-prediction-time mapping iteration.
Marks task 8.6 as done in tasks.md.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Before inserting into predictionCacheRef, check if size >= 100
- If so, evict oldest entry via cache.keys().next().value (FIFO)
- Applied at both cache write sites (lines ~549 and ~671 in page.tsx)
- Marks task 8.5 as done in tasks.md
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Separate the single reconciliation effect into:
1. Full reconciliation effect — runs only when spanAnnotations list,
series, chart, or candles change. Rebuilds all primitives.
2. Selection-only effect — runs only when selectedSpanId changes.
Calls setSelected() on existing primitives instead of detaching
and reattaching all of them.
This avoids tearing down and rebuilding every primitive on each
selection change, which was the main unnecessary overhead.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Move chart.timeScale().fitContent() out of the span annotation reconciliation
effect (which ran on every annotation/selection change) into a dedicated effect
guarded by a hasInitializedRef, so it fires only once when chart and series
first become available.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Remove resolvedTheme from the chart initialization useEffect dependency
array so theme changes no longer destroy and re-create the entire chart.
Add a separate useEffect that calls chartRef.current.applyOptions() with
the new layout, grid, timeScale and rightPriceScale colors whenever
resolvedTheme changes, avoiding the memory leak and flicker caused by
full chart reconstruction on every theme toggle.
Closes task 8.2.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The preview primitive in SpanAnnotationManager was stored in useState,
causing unnecessary re-renders and potential memory leaks since the
primitive was not cleaned up on unmount. Changed to useRef, updated all
read/write sites, removed from dependency arrays, and added unmount
cleanup effect that detaches the primitive from the series.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Use selectedSpanIdRef to avoid capturing stale selectedSpanId in the
keyboard event handler closure. Wrap handleDeleteSpan in useCallback
with stable dependencies (reads selectedSpanIdRef.current instead of
the prop directly). Remove selectedSpanId from the useEffect dependency
array since the ref is used instead.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Convert drawingState, selectedLineId, dragState, and annotations to
refs that stay in sync with state via useEffect. The chart click handler
(subscribeClick) captured stale closure values for these variables.
Now reads from refs (e.g. drawingStateRef.current) so the handler
always sees the latest state, and removed the stale state variables
from the useEffect dependency array.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Prevent race conditions by aborting in-flight requests when a new
request is triggered. Each function now:
- Aborts the previous request via a stored AbortController ref
- Passes signal to all fetch() calls
- Silently discards AbortError in catch blocks
Completes task 7.2.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Added HTTP error checks before calling .json() in the three fetch
functions (fetchCandles, fetchAnnotations, fetchAnnotationTypes)
to prevent silent failures on non-2xx responses.
Marks task 4.12 as complete in tasks.md.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Guard all four fetch() calls in src/app/page.tsx against non-2xx HTTP
responses by throwing before attempting to parse the body as JSON.
Affected functions: fetchCharts, fetchAnnotations, fetchSpanAnnotations,
fetchSpanLabelTypes.
Marks task 4.11 as completed in code-review-fix/tasks.md.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add sanitizeCsvCell() helper to both export routes that prefixes cell
values starting with =, +, @, or - with a single quote to prevent CSV
formula injection attacks.
Applied to:
- src/app/api/export/route.ts: timestamp and label_type columns
- src/app/api/span-annotations/export/route.ts: start_time, end_time,
label, and outcome columns
Closes task 4.10.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Import spanAnnotations from schema
- Wrap all delete operations in db.transaction() for atomicity
- Delete spanAnnotations first to satisfy FK constraints, then annotations, candles, chart
- Mark task 4.8 as done in tasks.md
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Reject DELETE ?all=true without chartId with HTTP 400 to prevent
accidental deletion of annotations across all charts.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Import z from zod
- Add CandleSchema validating time, open, high, low, close (number), volume (optional number)
- Add PatternDetectRequestSchema validating candles array and patterns array of non-empty strings
- Use safeParse() and return HTTP 400 with error details on validation failure
- Forward only validated data to the inference service
- Mark task 4.5 as completed in tasks.md
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Validates model_type as a non-empty string using .safeParse(); returns
HTTP 400 with error details on invalid input. Marks task 4.4 as done.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Validate run_id in POST /api/model/load using Zod:
- run_id must be a non-empty string matching /^[a-zA-Z0-9_-]+$/
- Returns HTTP 400 with error details if validation fails
- Validated data is forwarded to the inference service
Marks task 4.3 as complete in tasks.md.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add BatchPredictRequestSchema with Zod to validate pair, timeframe,
start_date, and end_date fields. Returns HTTP 400 with flattened error
details on invalid input. Forward only validated data to the inference
service.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add CandleSchema validating time, open, high, low, close (number) and optional volume
- Add PredictRequestSchema validating pair (non-empty string), timeframe (non-empty string), candles array
- Use safeParse() and return HTTP 400 with error details on invalid input
- Forward only validated data to the inference service
- Mark task 4.1 as done in tasks.md
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
All 12 Next.js API routes that proxy requests to the ML service
(INFERENCE_API_URL / localhost:8001) now include the X-API-Key header
read from process.env.API_KEY. Affected routes:
- /api/predict
- /api/predict/batch
- /api/model/info
- /api/model/load
- /api/training/start
- /api/training/runs
- /api/training/runs/[run_id] (DELETE)
- /api/training/dataset-info
- /api/training/active
- /api/training/build-dataset
- /api/patterns/available
- /api/patterns/detect
Marks task 3.3 as complete in openspec/changes/code-review-fix/tasks.md.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Create src/middleware.ts with Next.js middleware
- Reads API_KEY env var and checks X-API-Key header on all /api/* routes
- Skips auth for /api/health endpoint
- Fails open (with warning) when API_KEY is not configured
- Returns 401 Unauthorized when key is missing or mismatched
- Mark task 3.1 as complete in tasks.md
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Validate filename ends with .csv (case-insensitive)
- Validate MIME type is text/* or application/csv or text/csv
- Return HTTP 400 with error message if validation fails
- Mark task 2.4 as complete
