Add authenticated strategy switch console#9
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: ca61aadc8f
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| @@ -0,0 +1,17 @@ | |||
| name = "qsl-strategy-switch-console" | |||
| main = "worker.js" | |||
| compatibility_date = "2026-06-09" | |||
There was a problem hiding this comment.
As of this commit's review date (2026-06-08), this example config sets compatibility_date to tomorrow, while Cloudflare's Wrangler configuration guidance says to set this field to today's date. Anyone following the documented cp ... wrangler.toml then wrangler deploy path today can be blocked by the future runtime date; use 2026-06-08 or an earlier supported date instead.
Useful? React with 👍 / 👎.
Pigbibi
force-pushed
the
codex/strategy-switch-console
branch
from
ca61aad to
5083ad2
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 5083ad299e
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| extra_variables = {"CLOUD_RUN_SERVICE_TARGETS_JSON": patched_service_targets} | ||
| top_level_mounts = [] | ||
| plugin_mounts_variable = None |
There was a problem hiding this comment.
When IBKR has an existing CLOUD_RUN_SERVICE_TARGETS_JSON, these lines move the mounts into the nested service-target payload and then clear the top-level plugin_mounts_variable, so the later validate_target(target) call no longer validates custom mounts. For example, --plugin-mode custom with a mount whose signal_path is http://... is rejected without service-target patching, but is accepted and written into CLOUD_RUN_SERVICE_TARGETS_JSON in this branch, leaving the platform sync to consume invalid plugin config. Validate the mounts before clearing them or validate the patched service-target payload.
Useful? React with 👍 / 👎.
Pigbibi
force-pushed
the
codex/strategy-switch-console
branch
from
5083ad2 to
1553fe9
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 1553fe900a
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| mounts=mounts, | ||
| extra_variables=extra_variables, | ||
| ) | ||
| extra_variables = {"CLOUD_RUN_SERVICE_TARGETS_JSON": patched_service_targets} |
There was a problem hiding this comment.
When IBKR has an existing CLOUD_RUN_SERVICE_TARGETS_JSON, this replacement leaves validate_extra_variables() seeing only the wrapper variable name, after _build_target_entry() has already embedded the original extra_variables inside the service-target payload. In that scenario, an input like extra_variables_json={"BROKER_API_KEY":"..."} is rejected without service-target patching but is accepted and written into CLOUD_RUN_SERVICE_TARGETS_JSON here, bypassing the secret-name guard that was added for non-secret variables.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: e989834082
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| str(entry.get("ACCOUNT_GROUP") or "").strip(), | ||
| } | ||
| if service_name in candidates or account_scope in candidates: | ||
| entries[index] = {**entry, **replacement} |
There was a problem hiding this comment.
When patching an existing IBKR CLOUD_RUN_SERVICE_TARGETS_JSON entry, merging {**entry, **replacement} keeps any old IBKR_STRATEGY_PLUGIN_MOUNTS_JSON field if the new switch has no mounts, because _build_target_entry() omits that key for plugin_mode=none or for strategies without auto mounts. In that scenario the selected service gets the new runtime_target.strategy_profile but still deploys the previous plugin mount payload, so a user cannot actually disable or clear stale plugin mounts through the switch workflow.
Useful? React with 👍 / 👎.
1 participant
Summary
firsttradealias/adminwith Cloudflare KV-backed allowlist, admin list, account options, and audit loghk/sg/paper, IBKRu15998061/u16608560/u18336562, Schwabdefault, and FirstradedefaultVerification
node --check --input-type=module < web/strategy-switch-console/worker.jsnode --check --input-type=module < web/strategy-switch-console/page_asset.jssed -n '/<script>/,/<\\/script>/p' docs/index.html | sed '1d;$d' | node --check --input-type=commonjspython3 -m json.tool web/strategy-switch-console/account-options.example.json >/dev/nullpython3 -m py_compile scripts/sync_strategy_switch_page_asset.py scripts/build_runtime_switch.py scripts/runtime_settings.py tests/test_runtime_settings.pytimeout 120 python3 scripts/runtime_settings.py validatetimeout 180 python3 -m unittest discover -s tests -v/admin200, KV save 200validatechecks passed on PR Add authenticated strategy switch console #9