charieswei
/
TradingAgents
mirror of https://github.com/TauricResearch/TradingAgents.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
74 Commits 2 Branches 6 Tags 543 MiB
Commit Graph

5 Commits

Author SHA1 Message Date
Claude bf25282518
feat: Add multi-LLM support, paper trading, web UI, and Docker deployment 
This major update adds four powerful features to TradingAgents:

1. Multi-LLM Provider Support
   - LLMFactory for OpenAI, Anthropic Claude, and Google Gemini
   - Easy provider switching via configuration
   - Recommended models for each provider
   - Updated TradingAgentsGraph to use factory pattern

2. Paper Trading Integration
   - BaseBroker abstract interface for consistency
   - AlpacaBroker implementation with free paper trading
   - Support for market, limit, stop, and stop-limit orders
   - Real-time position tracking and P&L calculation
   - Example scripts for basic and integrated trading

3. Web Interface
   - Beautiful Chainlit-based GUI
   - Chat interface for stock analysis
   - Interactive trading commands
   - Portfolio management
   - Settings configuration
   - Real-time updates

4. Docker Support
   - Production-ready Dockerfile
   - Docker Compose for multi-service setup
   - Persistent data volumes
   - Optional Jupyter notebook service
   - Comprehensive deployment documentation

Additional improvements:
- Enhanced .env.example with all provider configurations
- Comprehensive documentation (NEW_FEATURES.md, DOCKER.md)
- Broker integration guide
- Example scripts for all features
- Verification script to test new features
- Made example scripts executable

Files changed:
- New: tradingagents/llm_factory.py (400+ lines)
- New: tradingagents/brokers/ (base.py, alpaca_broker.py, __init__.py)
- New: web_app.py (Chainlit web interface)
- New: Dockerfile, docker-compose.yml, .dockerignore
- New: examples/use_claude.py, paper_trading_alpaca.py, tradingagents_with_alpaca.py
- New: NEW_FEATURES.md, DOCKER.md, tradingagents/brokers/README.md
- New: verify_new_features.py
- Modified: tradingagents/graph/trading_graph.py (use LLMFactory)
- Modified: .env.example (added all providers)

All features verified and tested.
 2025-11-14 23:36:16 +00:00
Claude 475e7c143f
feat: Add comprehensive security improvements and documentation 
This commit addresses critical security vulnerabilities and establishes
a security framework for the TradingAgents project.

## Critical Security Fixes

1. **Path Traversal Protection (CRITICAL)**
   - Fixed user input being used directly in file paths
   - Created sanitize_path_component() function
   - Prevents directory traversal attacks (CWE-22)

2. **Removed Hardcoded Developer Path (CRITICAL)**
   - Removed /Users/yluo/Documents/Code/ScAI/FR1-data
   - Now uses environment variable TRADINGAGENTS_DATA_DIR
   - Prevents information disclosure

3. **Input Validation Framework (CRITICAL)**
   - Created comprehensive validators for all user inputs
   - validate_ticker() - ticker symbol validation
   - validate_date() - date validation
   - validate_api_key() - API key validation
   - validate_url() - URL validation with SSRF protection

## New Security Infrastructure

- Created tradingagents/security/ module with:
  - validators.py - Input validation functions
  - rate_limiter.py - API rate limiting
  - __init__.py - Public security API

- Created tradingagents/utils.py for easy imports

## Documentation

Added comprehensive security documentation:
- SECURITY.md - Security policy and vulnerability reporting
- SECURITY_AUDIT.md - Detailed security audit (19 issues identified)
- SECURITY_SUMMARY.md - Summary of improvements
- SETUP_SECURE.md - Secure setup guide for users
- CONTRIBUTING_SECURITY.md - Security best practices for contributors
- IMPROVEMENTS.md - 30+ suggested enhancements with examples

## Configuration Improvements

- Enhanced .env.example with comprehensive documentation
- Added environment variable support for all paths
- Removed all hardcoded credentials and paths

## Security Issues Addressed

Critical (3):
 Path traversal vulnerability
 Hardcoded path exposure
 Missing input validation

High (5):
 API key validation framework
 Rate limiting implementation
 Error handling best practices
 Debug mode warnings
📝 Test coverage framework (tests needed)

Medium (7):
📝 All documented with solutions and examples

Low (4):
📝 All documented with recommendations

## Impact

Before:
- Path traversal vulnerability
- Hardcoded secrets and paths
- No input validation
- No security documentation

After:
- Path traversal protection
- Environment-based configuration
- Comprehensive input validation
- Extensive security documentation
- Security framework in place

## Testing

Security framework created. Tests should be added in tests/security/:
- test_input_validation.py
- test_path_traversal.py
- test_rate_limiting.py

## Breaking Changes

None - all changes are additive and backward compatible

## References

- OWASP Top 10
- CWE-22 (Path Traversal)
- Python Security Best Practices

Co-authored-by: Claude <claude@anthropic.com>
 2025-11-14 22:16:44 +00:00
luohy15 7fc9c28a94 Add environment variable configuration support 
- Add .env.example file with API key placeholders
- Update README.md with .env file setup instructions
- Add dotenv loading in main.py for environment variables

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-09-26 23:58:51 +08:00
Yijia Xiao 26c5ba5a78
Revert "Docker support and Ollama support (#47)" (#57) 
This reverts commit 78ea029a0b.
 2025-06-26 00:07:58 -04:00
Geeta Chauhan 78ea029a0b
Docker support and Ollama support (#47) 
- Added support for running CLI and Ollama server via Docker
- Introduced tests for local embeddings model and standalone Docker setup
- Enabled conditional Ollama server launch via LLM_PROVIDER
 2025-06-25 23:57:05 -04:00