You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This PR increases the miner_order_uuid field max length from 256 to 2048 characters to support batch operations (closing up to 55 positions/orders). When UUIDs exceed standard length (36 chars), the code generates a new UUID for file system operations while preserving the original for processing.
✅ Strengths
Clear purpose: Enables batch operations for multiple position/order closes
Backwards compatible: Standard UUIDs (≤36 chars) continue to work as before
Logging added for UUID mapping operations for debugging
Minimal surface area change reduces risk
⚠️ Concerns
Critical:
UUID Mapping Loss (Lines 392-395)
The mapping between order_uuid and file_uuid is created but never persisted
If an error occurs, audit trail will be broken - no way to correlate the original order_uuid to the archived file
Example: Original UUID "pos1|pos2|pos3" maps to random file_uuid, but this mapping exists only in memory
Inconsistent Error Handling (Lines 466-475)
In the exception handler, file_uuid might not be defined if the error occurs before line 392
This could cause a NameError when trying to write to failed signals directory
Magic Number (Line 393)
Hard-coded 36 should be a named constant (e.g., STANDARD_UUID_LENGTH = 36)
The PR description mentions 2048 // 37 = 55 but uses 36 in code - inconsistency
Moderate:
No Validation on UUID Format (Line 388+)
Long UUIDs are accepted without format validation
Could lead to issues if malformed data is passed
Consider validating the structure if it's meant to be pipe-delimited UUIDs
Import Added but Standard UUID Used (Line 10)
import uuid added, but uuid.uuid4() generates a completely new UUID
Consider using a deterministic hash of the original order_uuid instead for reproducibility
💡 Suggestions
Persist UUID Mapping:
file_uuid=order_uuiduuid_mapping=Noneiflen(file_uuid) >STANDARD_UUID_LENGTH:
file_uuid=str(uuid.uuid4())
uuid_mapping= {"original": order_uuid, "file": file_uuid}
bt.logging.info(f"Mapping long uuid to file uuid {file_uuid}")
# Persist mapping to a lookup file/databaseself._persist_uuid_mapping(uuid_mapping)
Use Deterministic Hashing:
importhashlibiflen(file_uuid) >STANDARD_UUID_LENGTH:
# Create deterministic UUID from hashhash_digest=hashlib.sha256(order_uuid.encode()).hexdigest()
file_uuid=str(uuid.UUID(hash_digest[:32]))
bt.logging.info(f"Hashed long uuid ({len(order_uuid)} chars) to file uuid {file_uuid}")
This allows reproducible mapping without persistence.
Update docstring for process_rest_order to explain the UUID mapping behavior
Document the expected format for concatenated UUIDs (appears to be pipe-delimited based on description)
🔒 Security Notes
Input Length Validation - While max_length is set to 2048 in the protocol, there's no explicit validation before processing. Consider adding bounds checking.
File Path Injection - fake_signal_file_path = f"/rest-api/{file_uuid}" could theoretically be vulnerable if file_uuid contains path traversal characters. The new random UUID generation actually improves security here, but validate if accepting the original long UUID.
Information Disclosure - Long UUIDs might contain sensitive concatenated data. Logging the full order_uuid could expose this. Consider truncating in logs:
bt.logging.info(f"Mapping long uuid (length: {len(order_uuid)}) to file uuid {file_uuid}")
DOS Risk - 2048-char strings in database/protocol fields could be used for DOS. Ensure downstream systems can handle this length efficiently.
Additional Questions for PR Author:
What format are the concatenated UUIDs? (pipe-delimited, comma-separated?)
Is there a requirement to retrieve orders by original UUID later?
Have you tested the failure path where file_uuid might be undefined?
Why 2048 specifically? Is this an arbitrary choice or based on system constraints?
Recommendation: Request changes to address the UUID mapping persistence issue and error handling scope before merging.
should we add a dedicated field to the Signal model (e.g. position_ids: Optional[List[str]]) and keep miner_order_uuid as a unique identifier for the FLAT_ALL action itself. The protocol's miner_order_uuid max_length stays at 256
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Increase signal uuid max length for multiple position/order closes.
allows close up to 2048 // 37 = 55 positions or orders