Skip to content

[Audit] 2026-05-21 post-v2.4 multi-reviewer SDK sweep — 34-issue umbrella #273

Description

@TexasCoding

Audit: 2026-05-21 (post-v2.4) multi-reviewer SDK sweep

This umbrella tracks the 34 issues opened from a parallel-reviewer audit of v2.4.0 spanning security/auth, HTTP transport + retry, WebSocket subsystem, REST resources, models + types + errors, performance hot paths, and public API surface + docs + testing.

Goal: harden the SDK against the workloads it markets to — real-time orderbook streaming, automated trading, integration into production trading systems. v2.4.0 (closure of audit #224) already shipped 33 fixes; this sweep covers the regressions and gaps that remained or were introduced by that work.

Reviewer outputs are captured in the orchestrator's agent:// artifacts (one per reviewer). All evidence is cross-referenced inline in each child issue with file:line + verbatim code excerpts.

Tier 1 — High (release-blocking class)

Money-risk, correctness, performance-cliff, or first-impression-quality defects on the hot paths. These should land before the next minor release.

Tier 2 — Medium (next minor)

Important correctness, consistency, security-defense-in-depth, and DX gaps.

Tier 3 — Polish bundles (opportunistic)

Each is a small atomic refactor; bundled to keep the issue tracker focused.

Suggested release plan

  1. Patch (v2.4.1)Docs: README pagination quickstart references non-existent Page.has_more (should be has_next) #248 (README has_more), Docs: orders.md batch_create example crashes under the v2.4 return type #247 (batch_create example), Docs: migration guide is missing the v2.3 → v2.4 section that documents #194 batch breaking shape #246 (migration v2.3→v2.4), Docs: breaking-change docstrings tag the change as v3.0.0 but it shipped in v2.4.0 #265 (v3.0.0 docstring tags). Docs-only, ship same day.
  2. Patch (v2.4.2)WS: validation failure on sequenced frame advances seq watermark — silent orderbook desync #241 (seq watermark advances on validation failure), Orders: CreateOrderRequest.buy_max_cost validator accepts bool — silently becomes 1 cent #243 (buy_max_cost bool), Config: demo=True + base_url override silently produces split REST/WS environment #239 (split REST/WS env), Transport: httpx network errors (ConnectError/NetworkError/etc.) never retry, even for GET/HEAD/OPTIONS #240 (network-error retry), orders.create() silently defaults count=1 and action="buy" on the kwarg path #242 (orders.create silent defaults). All money-risk fixes, non-breaking.
  3. Minor (v2.5.0) — bulk of Tier 1 perf (WS perf: subscribe_book iterator re-materializes the entire orderbook on every delta #244, WS perf: per-frame asyncio.Task + asyncio.shield allocation in WS recv loop #245) + Tier 2 (errors, WS reliability, model typing, perf). Most are non-breaking; Models: WS payloads use raw str for _fp / _dollars fields (OrderGroup, Ticker) #258 / Models: Strike + fee-multiplier fields use bare Decimal/float, bypass #225 coercion #259 / Polish bundle: model small items (AwareDatetime in WS, V1 Literal, default=None, timestamp typing, Decimal NaN) #270 widen a string field to Decimal which is technically breaking but caller-friendly.
  4. Polish bundles (Polish bundle: auth + transport small items (sign-executor race, Retry-After negative) #267Polish bundle: docs cleanup (stale ROADMAP entry, missing PyPI classifiers) #272) — fold into v2.4.x / v2.5.0 wherever a bundle item naturally co-occurs with a tracked issue.

Surface coverage

Surface Tier 1 Tier 2 Tier 3
Security / Auth #239 #249, #250 #267
HTTP Transport #240 #251, #252, #253 #267
WebSocket #241, #244, #245 #254, #255, #256, #257, #258 #268
REST Resources #242 #269
Models / Types #243 #258, #259 #270
Performance hot paths #244, #245 #260, #261, #262, #263, #264 #271
Public API / Docs / Testing #246, #247, #248 #265, #266 #271, #272

Source

Identified during the 2026-05-21 parallel-reviewer audit (7 subagents: security/auth, HTTP transport, WebSocket, REST resources, models + types, performance hot paths, public API + docs + testing).

Metadata

Metadata

Assignees

No one assigned

    Labels

    infraInfrastructure/tooling

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions