Add 4 new trading logic rules, fix 3 existing rule bugs

New rules:
- Extended Hours Without Limit Order (HIGH)
- Leverage Without Cap (HIGH)
- Hardcoded Notional Amount (MEDIUM)
- Hardcoded Crypto Pair (LOW)

Bug fixes:
- Infinite Loop Risk now catches while 1: in addition to while True:
- Sleep Without Kill Switch now matches single decimal (time.sleep(0.5))
- load_custom_rules() reads category from YAML for mode filtering

20 tests passing.

Author: Prakashgode

src/quanttape/rules.py

@@ -252,14 +252,14 @@ def compile(self) -> re.Pattern:
     ),
     Rule(
         name="Infinite Loop Risk",
-        pattern=r"^\s*while\s+True\s*:\s*(?:#.*)?$",
+        pattern=r"^\s*while\s+(?:True|1)\s*:\s*(?:#.*)?$",
         severity="LOW",
         description="Infinite loop detected. Ensure there is a break condition or kill switch to prevent runaway execution.",
         category="trading_logic",
     ),
     Rule(
         name="Sleep Without Kill Switch",
-        pattern=r"(?ix)^\s*time\.sleep\(\s*(?:[1-9]\d*(?:\.\d+)?|0?\.\d{2,})\s*\)\s*(?:\#.*)?$",
+        pattern=r"(?ix)^\s*time\.sleep\(\s*(?:[1-9]\d*(?:\.\d+)?|0?\.\d+)\s*\)\s*(?:\#.*)?$",
         severity="LOW",
         description="Hardcoded numeric sleep detected. Prefer configurable polling intervals with explicit shutdown/kill-switch checks around the loop.",
         category="trading_logic",
@@ -271,6 +271,36 @@ def compile(self) -> re.Pattern:
         description="Hardcoded ticker symbol. Consider making this configurable for reusability and testing.",
         category="trading_logic",
     ),
+    Rule(
+        name="Extended Hours Without Limit Order",
+        pattern=r"(?i)extended_hours\s*[=:]\s*True",
+        severity="HIGH",
+        description="Extended hours trading requires limit orders with time_in_force=day. Market orders and non-day TIF are rejected in extended sessions.",
+        category="trading_logic",
+    ),
+    Rule(
+        name="Leverage Without Cap",
+        pattern=r"(?ix)^\s*(?:leverage|margin_multiplier|margin_ratio)\s*=\s*"
+                r"(?!.*\b(?:min|max|cap|limit|clamp|config|env|setting)\b)"
+                r"\d+",
+        severity="HIGH",
+        description="Leverage or margin multiplier set without an explicit cap or config reference. Over-leverage amplifies losses and can trigger margin calls.",
+        category="trading_logic",
+    ),
+    Rule(
+        name="Hardcoded Notional Amount",
+        pattern=r"(?ix)\b(?:notional|order_value|trade_value)\s*=\s*['\"]?\d{5,}['\"]?",
+        severity="MEDIUM",
+        description="Large hardcoded notional/dollar amount in order. Use calculated position sizing with risk budgets instead of fixed dollar values.",
+        category="trading_logic",
+    ),
+    Rule(
+        name="Hardcoded Crypto Pair",
+        pattern=r"(?i)\b(?:symbol|ticker|pair)\s*=\s*['\"](?:[A-Z]{2,5}(?:USDT|BUSD|USD|USDC|BTC|ETH)|[A-Z]{2,5}/[A-Z]{2,5})['\"]",
+        severity="LOW",
+        description="Hardcoded crypto trading pair. Consider making this configurable for reusability across markets and testing.",
+        category="trading_logic",
+    ),
 ]
 
 # --- AI agent egress rules (PII, env files, SSH keys in payloads) ---
@@ -372,6 +402,7 @@ def load_custom_rules(config_path: str) -> List[Rule]:
                 pattern=entry["pattern"],
                 severity=entry.get("severity", "MEDIUM"),
                 description=entry.get("description", ""),
+                category=entry.get("category", "general"),
             )
         )
     return rules

tests/test_rules.py

@@ -45,12 +45,15 @@ def test_infinite_loop_risk_matches_plain_while_true(self):
         pattern = _compiled_rule("Infinite Loop Risk")
         self.assertIsNotNone(pattern.search("while True:"))
         self.assertIsNotNone(pattern.search("    while True:  # daemon"))
+        self.assertIsNotNone(pattern.search("while 1:"))
+        self.assertIsNotNone(pattern.search("    while 1:  # spin"))
 
     def test_infinite_loop_risk_ignores_noncanonical_loops(self):
         pattern = _compiled_rule("Infinite Loop Risk")
         self.assertIsNone(pattern.search("while not stopped:"))
         self.assertIsNone(pattern.search("if cond: while True:"))
         self.assertIsNone(pattern.search("while True: do_work()"))
+        self.assertIsNone(pattern.search("while 1: do_work()"))
 
     def test_hardcoded_ticker_symbol_matches_real_single_symbol_assignments(self):
         pattern = _compiled_rule("Hardcoded Ticker Symbol")
@@ -67,6 +70,8 @@ def test_sleep_without_kill_switch_matches_hardcoded_sleep_calls(self):
         pattern = _compiled_rule("Sleep Without Kill Switch")
         self.assertIsNotNone(pattern.search("time.sleep(5)"))
         self.assertIsNotNone(pattern.search("time.sleep(0.25)  # poll"))
+        self.assertIsNotNone(pattern.search("time.sleep(0.5)"))
+        self.assertIsNotNone(pattern.search("time.sleep(1.0)"))
 
     def test_sleep_without_kill_switch_ignores_variable_or_inline_sleep(self):
         pattern = _compiled_rule("Sleep Without Kill Switch")
@@ -89,5 +94,56 @@ def test_no_position_size_limit_ignores_capped_or_risk_budget_sizing(self):
         self.assertIsNone(pattern.search("qty = clip(balance / price, 0, max_qty)"))
 
 
+    # --- Extended Hours Without Limit Order ---
+    def test_extended_hours_matches_true_assignments(self):
+        pattern = _compiled_rule("Extended Hours Without Limit Order")
+        self.assertIsNotNone(pattern.search("extended_hours=True"))
+        self.assertIsNotNone(pattern.search("extended_hours = True"))
+        self.assertIsNotNone(pattern.search('extended_hours: True'))
+
+    def test_extended_hours_ignores_false_or_variable(self):
+        pattern = _compiled_rule("Extended Hours Without Limit Order")
+        self.assertIsNone(pattern.search("extended_hours=False"))
+        self.assertIsNone(pattern.search("extended_hours = use_ext"))
+
+    # --- Leverage Without Cap ---
+    def test_leverage_without_cap_matches_bare_numeric(self):
+        pattern = _compiled_rule("Leverage Without Cap")
+        self.assertIsNotNone(pattern.search("leverage = 4"))
+        self.assertIsNotNone(pattern.search("margin_multiplier = 10"))
+        self.assertIsNotNone(pattern.search("margin_ratio = 2"))
+
+    def test_leverage_without_cap_ignores_capped_or_config(self):
+        pattern = _compiled_rule("Leverage Without Cap")
+        self.assertIsNone(pattern.search("leverage = min(4, max_leverage)"))
+        self.assertIsNone(pattern.search("leverage = config.get('leverage')"))
+        self.assertIsNone(pattern.search("margin_multiplier = env.MAX_LEVERAGE"))
+
+    # --- Hardcoded Notional Amount ---
+    def test_hardcoded_notional_matches_large_values(self):
+        pattern = _compiled_rule("Hardcoded Notional Amount")
+        self.assertIsNotNone(pattern.search("notional = 100000"))
+        self.assertIsNotNone(pattern.search("order_value = 50000"))
+        self.assertIsNotNone(pattern.search("trade_value = 25000"))
+
+    def test_hardcoded_notional_ignores_small_or_variable(self):
+        pattern = _compiled_rule("Hardcoded Notional Amount")
+        self.assertIsNone(pattern.search("notional = 999"))
+        self.assertIsNone(pattern.search("notional = computed_value"))
+        self.assertIsNone(pattern.search("order_value = get_notional()"))
+
+    # --- Hardcoded Crypto Pair ---
+    def test_hardcoded_crypto_pair_matches_common_pairs(self):
+        pattern = _compiled_rule("Hardcoded Crypto Pair")
+        self.assertIsNotNone(pattern.search('symbol="BTCUSDT"'))
+        self.assertIsNotNone(pattern.search("pair='ETH/USD'"))
+        self.assertIsNotNone(pattern.search('ticker="SOLUSDC"'))
+
+    def test_hardcoded_crypto_pair_ignores_variables_and_equity_tickers(self):
+        pattern = _compiled_rule("Hardcoded Crypto Pair")
+        self.assertIsNone(pattern.search("symbol = get_pair()"))
+        self.assertIsNone(pattern.search('symbol="AAPL"'))
+
+
 if __name__ == "__main__":
     unittest.main()