rusty-trading
diff --git a/‎TODO.md‎
Lines changed: 63 additions & 13 deletions b/‎TODO.md‎
Lines changed: 63 additions & 13 deletions
diff --git a/‎crates/rustyasn/Cargo.toml‎
Lines changed: 7 additions & 3 deletions b/‎crates/rustyasn/Cargo.toml‎
Lines changed: 7 additions & 3 deletions
diff --git a/‎crates/rustyasn/build.rs‎
Lines changed: 1 addition & 5 deletions b/‎crates/rustyasn/build.rs‎
Lines changed: 1 addition & 5 deletions
diff --git a/‎crates/rustyasn/src/decoder.rs‎
Lines changed: 31 additions & 13 deletions b/‎crates/rustyasn/src/decoder.rs‎
Lines changed: 31 additions & 13 deletions
diff --git a/‎crates/rustyasn/src/encoder.rs‎
Lines changed: 67 additions & 34 deletions b/‎crates/rustyasn/src/encoder.rs‎
Lines changed: 67 additions & 34 deletions
@@ -243,7 +243,6 @@
 **Location**: `crates/rustyfix/src/tagvalue/decoder.rs` - **ARCHITECTURE REDESIGNED**
 
 #### ✅ **SOLUTION IMPLEMENTED: Split Read/Write APIs**
-
 The critical memory safety issue has been **completely resolved** through architectural improvements:
 
 **✅ NEW SAFE ARCHITECTURE**:
@@ -415,7 +414,7 @@ struct MessageBuilder {
 - [x] **Remove leftover documentation line in .cursorrules** ✅ **SKIPPED**: File does not exist in codebase
 - [x] **Improve markdown links in .github/copilot-instructions.md** ✅ **VERIFIED**: File is properly formatted, no issues found
 - [x] **Enhance FAST codec error messages** - ✅ **ENHANCED**: Added detailed error variants (D2WithValue, D3WithValue, R1WithValue, R4WithValue, R5WithValue) that include overflow values, bounds, and decimal details for better debugging
-- [x] **Enhance session logging** - ✅ **ENHANCED**: Added *_with_context() functions to session/errs.rs that include raw message bytes in hex/ASCII format for better malformed message analysis
+- [x] **Enhance session logging** - ✅ **ENHANCED**: Added *_with_context()` functions to session/errs.rs that include raw message bytes in hex/ASCII format for better malformed message analysis
 
 ### 🔄 **NEXT DEVELOPMENT CYCLE PRIORITIES**
 
@@ -499,27 +498,27 @@ struct MessageBuilder {
 
 **Key Achievement**: All valid AI code review issues have been successfully resolved, significantly improving code quality, safety documentation, and maintainability.
 
-### �� **FOLLOW-UP AI REVIEWS (January 2025)**
+###  **FOLLOW-UP AI REVIEWS (January 2025)**
 
 **Additional Reviews Analyzed**: Multiple follow-up reviews from Cursor, Gemini, and Copilot bots  
 **Status**: Most issues already resolved, 3 new minor issues identified
 
-**✅ CONFIRMED RESOLVED:**
+**✅ CONFIRMED RESOLVED**:
 - ✅ Unsafe memory aliasing - Properly documented with architectural fix plan
 - ✅ Duplicate files - Successfully removed `.copilot/` directory  
 - ✅ JSON encoder module - Successfully enabled and documented
 - ✅ eprintln! in library code - Successfully replaced with proper logging
 - ✅ unwrap() in test utilities - Successfully replaced with expect() calls
 - ✅ unimplemented!() panics - Successfully replaced with todo!() and documentation
 
-**🆕 NEW VALID ISSUES IDENTIFIED:**
+**🆕 NEW VALID ISSUES IDENTIFIED**:
 1. **Validation Performance O(n²)** - Replace repeated `get_raw()` calls with single field iteration
 2. **Field Validation Robustness** - Replace substring matching with dictionary metadata-based validation  
 3. **Code Cleanup** - Remove unused parameters in session layer functions
 4. **OwnedMessage Completeness** - Replace hardcoded field list with iteration over all message fields
 5. **AdvancedValidator Completeness** - Replace hardcoded field validation with comprehensive dictionary-based validation
 
-**🆕 LATEST VALID ISSUES (January 2025):**
+**🆕 LATEST VALID ISSUES (January 2025)**:
 6. **Make AdvancedValidator Data-Driven** - Replace hardcoded enum validation with `field.enums()` from dictionary
    - **Location**: `crates/rustyfix/src/validation.rs:313-371`
    - **Issue**: Hardcoded validation for Side, OrderType, TimeInForce fields is brittle
@@ -532,7 +531,7 @@ struct MessageBuilder {
    - **Solution**: Either implement usage or remove dead code
    - **Reviewer**: Copilot AI ✅ VALID
 
-**❌ OUTDATED/INVALID REVIEWS:**
+**❌ OUTDATED/INVALID REVIEWS**:
 - Multiple reviews flagged already-resolved issues, confirming our fixes were effective
 - Some reviews were for code locations that no longer exist after our improvements
 
@@ -541,7 +540,7 @@ struct MessageBuilder {
 **Additional Reviews Analyzed**: 3 new reviews from Copilot AI, Gemini, and Cursor bots on latest PR  
 **Status**: Confirmed existing tracked issues, 2 new valid issues identified
 
-**✅ CONFIRMED EXISTING TRACKED ISSUES:**
+**✅ CONFIRMED EXISTING TRACKED ISSUES**:
 1. **CRITICAL: Unsafe memory aliasing** ✅ ALREADY DOCUMENTED
    - **Issue**: Multiple unsafe casts creating aliased mutable references in `decoder.rs:370-387` and `decoder.rs:704-725`
    - **Status**: ✅ Already comprehensively documented with architectural fix plan
@@ -557,7 +556,7 @@ struct MessageBuilder {
    - **Status**: ✅ Already tracked in section 4 "Code Quality and Maintenance"
    - **Reviewers**: Gemini confirmed this limitation
 
-**❌ INVALID/QUESTIONABLE REVIEWS:**
+**❌ INVALID/QUESTIONABLE REVIEWS**:
 - **API Breaking Change**: Copilot flagged `message()` signature change from `&self` to `&mut self` as breaking change
   - **Assessment**: ❌ Likely intentional given architectural overhaul - not a bug
 - **MessageBuilder Stub**: Multiple bots flagged stub implementation
@@ -572,17 +571,17 @@ struct MessageBuilder {
 
 #### ✅ **VALID ISSUES REQUIRING ACTION**
 
-**🚨 HIGH PRIORITY (Runtime Safety):**
+**🚨 HIGH PRIORITY (Runtime Safety)**:
 - Session verifier `todo!()` panic in `connection.rs:246-254`
 - Buffer draining data loss in `tokio_decoder.rs:154-156`
 
-**📋 MEDIUM PRIORITY (Code Quality):**
+**📋 MEDIUM PRIORITY (Code Quality)**:
 - Redundant Option return in `decoder.rs:84-85`
 - Commented code cleanup in `session/mod.rs:10`
 - Documentation cleanup in `.cursorrules`
 - Markdown link improvement in `.github/copilot-instructions.md`
 
-**🔧 LOW PRIORITY (Enhancements):**
+**🔧 LOW PRIORITY (Enhancements)**:
 - FAST codec error message enhancement
 - Session logging with raw message bytes
 
@@ -1120,4 +1119,55 @@ Based on zerocopy.md documentation, critical unsafe issues can be addressed:
 
 ---
 
-*This TODO reflects the current production-ready state of RustyFix with all AI-identified critical issues systematically resolved through comprehensive code review and enhancement, plus newly identified issues for continued improvement.* 
+*This TODO reflects the current production-ready state of RustyFix with all AI-identified critical issues systematically resolved through comprehensive code review and enhancement, plus newly identified issues for continued improvement.* 
+
+---
+
+## 🤖 **NEW AI CODE REVIEW ASSESSMENT (July 2025)**
+
+**AI Reviews Analyzed**: 8 reviews from Copilot AI and Gemini-code-assist bots  
+**Resolution Status**: 8 new valid issues have been identified and will be tracked below.
+
+### ✅ **VALID REVIEWS - PENDING**
+
+1. **HIGH: `is_plausible_start_tag` check is overly permissive** 
+   - **Issue**: The `is_plausible_start_tag` function currently always returns true, which is overly permissive. While this allows any byte to be considered a valid start tag, it could lead to issues if the stream contains corrupted data, potentially causing a denial-of-service by attempting to allocate a very large buffer based on a garbage length field.
+   - **Action**: A minimal check to improve robustness would be to filter out reserved tag values, such as 0x00, which should not appear in a valid stream.
+   - **Location**: `crates/rustyasn/src/decoder.rs`
+   - **Reviewer**: Gemini-code-assist
+
+2. **MEDIUM: Repeated error mapping in tests** 
+   - **Issue**: The repeated error mapping pattern `map_err(|e| Box::new(e) as Box<dyn std::error::Error>)` creates code duplication and reduces maintainability.
+   - **Action**: Extract this into a helper function or using a more ergonomic error handling approach like `anyhow` or `eyre`.
+   - **Location**: `crates/rustysbe/src/lib.rs`
+   - **Reviewer**: Copilot AI
+
+3. **MEDIUM: Redundant comment**
+   - **Issue**: The comment 'Always use unsigned type to preserve semantic meaning' appears redundant with the previous comment line.
+   - **Action**: Consolidate these comments into a single, clearer explanation.
+   - **Location**: `crates/rustyasn/src/types.rs`
+   - **Reviewer**: Copilot AI
+
+4. **MEDIUM: `#[allow(dead_code)]` attributes on struct fields**
+   - **Issue**: Multiple `#[allow(dead_code)]` attributes on struct fields suggest incomplete implementation.
+   - **Action**: Consider implementing the TODO items or documenting why these fields are intentionally unused.
+   - **Location**: `crates/rustyasn/src/tracing.rs`
+   - **Reviewer**: Copilot AI
+
+5. **MEDIUM: Hardcoded fallback field tags**
+   - **Issue**: The hardcoded fallback field tags create maintenance burden and potential inconsistencies.
+   - **Action**: Consider loading these from a configuration file or generating them from the dictionary schema to ensure they stay synchronized.
+   - **Location**: `crates/rustyasn/src/schema.rs`
+   - **Reviewer**: Copilot AI
+
+6. **MEDIUM: Hardcoded common field tags**
+   - **Issue**: The hardcoded common field tags optimization assumes specific usage patterns that may not hold across all deployments.
+   - **Action**: Consider making this configurable or generating it from actual usage statistics to maintain performance benefits.
+   - **Location**: `crates/rustyasn/src/encoder.rs`
+   - **Reviewer**: Copilot AI
+
+7. **MEDIUM: `is_valid_asn1_tag` always returns true**
+   - **Issue**: The function always returns true making it effectively a no-op.
+   - **Action**: Either implement proper ASN.1 tag validation or remove this function to avoid misleading code.
+   - **Location**: `crates/rustyasn/src/decoder.rs`
+   - **Reviewer**: Copilot AI
@@ -14,6 +14,8 @@ keywords = ["fix", "asn1", "ber", "der", "oer"]
 workspace = true
 
 [dependencies]
+serde = { workspace = true, optional = true }
+simd-json = { workspace = true }
 # Core dependencies
 rustyfix = { path = "../rustyfix", version = "0.7.4", features = ["fix50"] }
 rustyfix-dictionary = { path = "../rustyfix-dictionary", version = "0.7.4" }
@@ -35,8 +37,8 @@ parking_lot = { workspace = true }
 zerocopy = { workspace = true }
 
 # Optional dependencies
-serde = { workspace = true, optional = true }
 fastrace = { workspace = true, optional = true }
+log = { workspace = true }
 
 [dev-dependencies]
 # Testing
@@ -59,7 +61,10 @@ fix50 = ["rustyfix-dictionary/fix50"]
 [build-dependencies]
 # For code generation from ASN.1 schemas and FIX dictionaries
 rustyfix-codegen = { path = "../rustyfix-codegen", version = "0.7.4" }
-rustyfix-dictionary = { path = "../rustyfix-dictionary", version = "0.7.4", features = ["fix40", "fix50"] }
+rustyfix-dictionary = { path = "../rustyfix-dictionary", version = "0.7.4", features = [
+    "fix40",
+    "fix50",
+] }
 
 # Build script utilities
 anyhow = "1.0"
@@ -70,4 +75,3 @@ chrono = { workspace = true }
 [[bench]]
 name = "asn1_encodings"
 harness = false
-
 
@@ -789,11 +789,7 @@ fn compile_asn1_schemas(schemas_dir: &Path) -> Result<()> {
                 // targeted support for FIX protocol ASN.1 extensions
                 match compile_asn1_file(&schema_file, &output_path) {
                     Ok(_) => {
-                        println!(
-                            "cargo:warning=Successfully compiled {} to {}",
-                            schema_file.display(),
-                            output_file
-                        );
+                        // Successfully compiled - no warning needed
                     }
                     Err(e) => {
                         // If our custom parser fails, fall back to copying the file and warn
 
@@ -383,19 +383,37 @@ impl DecoderStreaming {
     }
 
     /// Checks if a byte is a plausible start tag for ASN.1 data.
-    /// This is a permissive check that accepts all potentially valid ASN.1 tags.
-    fn is_plausible_start_tag(_tag: u8) -> bool {
-        // Accept a broader range of ASN.1 tags
-        // Universal class tags (0x00-0x1F) are all valid
-        // Application class (0x40-0x7F) are valid
-        // Context-specific (0x80-0xBF) are valid
-        // Private class (0xC0-0xFF) are valid
-        // The tag format is: [Class(2 bits)][P/C(1 bit)][Tag number(5 bits)]
-        // For now, accept any tag that follows basic ASN.1 structure
-        // Bit 6 clear = Universal/Application class
-        // Bit 6 set = Context/Private class
-        // This is a much more permissive check that accepts all valid ASN.1 tags
-        true // All bytes can potentially be valid ASN.1 tags
+    /// This validates ASN.1 tag structure and filters out reserved values.
+    fn is_plausible_start_tag(tag: u8) -> bool {
+        // A minimal check to filter out obviously invalid tags.
+        // According to ASN.1 standards, a tag value of 0 is reserved and should not be used.
+        if tag == 0x00 {
+            return false;
+        }
+
+        // Validate ASN.1 tags based on their structure and class
+        // Universal class tags (0x00-0x1F) - exclude 0x00 which is reserved
+        if (0x01..=0x1F).contains(&tag) {
+            return true;
+        }
+
+        // Application class tags (0x40-0x7F)
+        if (0x40..=0x7F).contains(&tag) {
+            return true;
+        }
+
+        // Context-specific class tags (0x80-0xBF)
+        if (0x80..=0xBF).contains(&tag) {
+            return true;
+        }
+
+        // Private class tags (0xC0-0xFF)
+        if tag >= 0xC0 {
+            return true;
+        }
+
+        // Tags 0x20-0x3F are reserved for future use
+        false
     }
 
     /// Decodes ASN.1 length at the given offset.
 
@@ -32,41 +32,13 @@ pub const BOOLEAN_SIZE: usize = 1;
 /// ASN.1 TLV (Tag-Length-Value) encoding overhead per field
 pub const FIELD_TLV_OVERHEAD: usize = 5;
 
-/// Common fields that appear in many message types (ordered by frequency)
-/// This significantly improves performance for typical messages
-const COMMON_FIELD_TAGS: &[u32] = &[
-    // Market data fields
-    55, // Symbol
-    54, // Side
-    38, // OrderQty
-    44, // Price
-    40, // OrdType
-    59, // TimeInForce
-    // Order/execution fields
-    11,  // ClOrdID
-    37,  // OrderID
-    17,  // ExecID
-    150, // ExecType
-    39,  // OrdStatus
-    // Additional common fields
-    1,   // Account
-    6,   // AvgPx
-    14,  // CumQty
-    32,  // LastQty
-    31,  // LastPx
-    151, // LeavesQty
-    60,  // TransactTime
-    109, // ClientID
-    // Reference fields
-    58,  // Text
-    354, // EncodedTextLen
-    355, // EncodedText
-];
-
-/// ASN.1 encoder for FIX messages.
+/// Encoder for ASN.1 encoded FIX messages.
 pub struct Encoder {
     config: Config,
     schema: Arc<Schema>,
+    /// Common fields that appear in many message types (configurable, ordered by frequency)
+    /// This significantly improves performance for typical messages
+    common_field_tags: SmallVec<[u32; 32]>,
 }
 
 /// Handle for encoding a single message.
@@ -92,7 +64,68 @@ impl Encoder {
     pub fn new(config: Config, dictionary: Arc<Dictionary>) -> Self {
         let schema = Arc::new(Schema::new(dictionary));
 
-        Self { config, schema }
+        let mut encoder = Self {
+            config,
+            schema,
+            common_field_tags: SmallVec::new(),
+        };
+
+        // Initialize common field tags with default high-frequency fields
+        encoder.initialize_common_field_tags();
+
+        encoder
+    }
+
+    /// Initializes common field tags with default high-frequency fields.
+    /// These can be updated based on actual usage statistics in production.
+    fn initialize_common_field_tags(&mut self) {
+        // Default common fields ordered by typical frequency in trading systems
+        let default_common_tags = &[
+            // Market data fields
+            55, // Symbol
+            54, // Side
+            38, // OrderQty
+            44, // Price
+            40, // OrdType
+            59, // TimeInForce
+            // Order/execution fields
+            11,  // ClOrdID
+            37,  // OrderID
+            17,  // ExecID
+            150, // ExecType
+            39,  // OrdStatus
+            // Additional common fields
+            1,   // Account
+            6,   // AvgPx
+            14,  // CumQty
+            32,  // LastQty
+            31,  // LastPx
+            151, // LeavesQty
+            60,  // TransactTime
+            109, // ClientID
+            // Reference fields
+            58,  // Text
+            354, // EncodedTextLen
+            355, // EncodedText
+        ];
+
+        self.common_field_tags
+            .extend_from_slice(default_common_tags);
+    }
+
+    /// Updates common field tags based on usage statistics.
+    /// This method allows runtime optimization based on actual message patterns.
+    pub fn update_common_field_tags(&mut self, field_usage_stats: &[(u32, usize)]) {
+        self.common_field_tags.clear();
+
+        // Sort by usage frequency (descending) and take the most common ones
+        let mut sorted_stats = field_usage_stats.to_vec();
+        sorted_stats.sort_by(|a, b| b.1.cmp(&a.1));
+
+        // Take up to 32 most common fields
+        for (tag, _count) in sorted_stats.iter().take(32) {
+            self.common_field_tags.push(*tag);
+        }
     }
 
     /// Starts encoding a new message.
@@ -200,7 +233,7 @@ impl Encoder {
         let mut processed_tags = FxHashSet::default();
 
         // First pass: Check common fields (O(1) for each)
-        for &tag in COMMON_FIELD_TAGS {
+        for &tag in &self.common_field_tags {
             if Self::is_standard_header_field(tag) {
                 continue;
             }