218cedf56f
security: Apply critical security fixes from PR #281 review
...
Implement the top 3 critical security fixes identified in Gemini code review:
**Fix 1: ChromaDB Reset Protection**
- Changed `allow_reset=True` to `False` in memory.py
- Prevents catastrophic database deletion in production
- File: tradingagents/agents/utils/memory.py:13
**Fix 2: Path Traversal Prevention**
- Added `validate_ticker_symbol()` function with comprehensive validation
- Applied validation to 5 functions using ticker in file paths:
- get_YFin_data_window()
- get_YFin_data()
- get_data_in_range()
- get_finnhub_company_insider_sentiment()
- get_finnhub_company_insider_transactions()
- Blocks: path traversal (../, \\), invalid chars, length > 10
- File: tradingagents/dataflows/local.py
**Fix 3: CLI Input Validation**
- Added validation loop to get_ticker() with user-friendly error messages
- Prevents malicious input at entry point
- Validates format, blocks traversal, limits length
- File: cli/main.py:499-521
**Testing:**
- Validation logic verified with attack vectors:
- ../../etc/passwd (blocked ✓)
- Long tickers (blocked ✓)
- Special characters (blocked ✓)
- Valid tickers: AAPL, BRK.B (pass ✓)
**Changes:**
- 3 files changed, 65 insertions(+), 3 deletions(-)
- Implementation time: ~20 minutes
- Zero breaking changes to existing functionality
**References:**
- Security analysis: docs/security/PR281_CRITICAL_FIXES.md
- Future roadmap: docs/security/FUTURE_HARDENING.md
Addresses critical path traversal (CWE-22) and data loss vulnerabilities.
2025-11-19 09:01:11 +00:00
7bb2941b07
optimized yfin fetching to be much faster
2025-10-06 19:58:01 -07:00
c07dcf026b
added fallbacks for tools
2025-10-03 22:40:09 -07:00
d23fb539e9
minor fix
2025-09-30 13:27:48 +08:00
b01051b9f4
Switch default data vendor
...
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-30 12:43:27 +08:00
6211b1132a
Improve Alpha Vantage indicator column parsing with robust mapping
...
- Replace hardcoded column indices with column name lookup
- Add mapping for all supported indicators to their expected CSV column names
- Handle missing columns gracefully with descriptive error messages
- Strip whitespace from header parsing for reliability
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-26 23:36:36 +08:00
8b04ec307f
minor fix
2025-09-26 23:25:33 +08:00
0ab323c2c6
Add Alpha Vantage API integration as primary data provider
...
- Replace FinnHub with Alpha Vantage API in README documentation
- Implement comprehensive Alpha Vantage modules:
- Stock data (daily OHLCV with date filtering)
- Technical indicators (SMA, EMA, MACD, RSI, Bollinger Bands, ATR)
- Fundamental data (overview, balance sheet, cashflow, income statement)
- News and sentiment data with insider transactions
- Update news analyst tools to use ticker-based news search
- Integrate Alpha Vantage vendor methods into interface routing
- Maintain backward compatibility with existing vendor system
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-26 22:57:50 +08:00
a6734d71bc
WIP
2025-09-26 16:17:50 +08:00
43aa9c5d09
Local Ollama ( #53 )
...
- Fix typo 'Start' 'End'
- Add llama3.1 selection
- Use 'quick_think_llm' model instead of hard-coding GPT
2025-06-26 00:27:01 -04:00
da84ef43aa
main works, cli bugs
2025-06-15 22:20:59 -07:00
90b23e72f5
Merge pull request #25 from maxer137/main
...
Add support for other backends, such as OpenRouter and Ollama
2025-06-15 16:06:20 -07:00
570644d939
Fix ticker hardcoding in prompt ( #28 )
2025-06-11 19:43:39 -07:00
99789f9cd1
Add support for other backends, such as OpenRouter and olama
...
This aims to offer alternative OpenAI capable api's.
This offers people to experiment with running the application locally
2025-06-11 14:19:25 +02:00
cc97cb6d5d
chore(release): v0.1.0 – initial public release of TradingAgents
2025-06-05 04:27:57 -07:00
Claude
Edward Sun
luohy15
Max Wong
Edward Sun
saksham0161
maxer137
Yijia-Xiao