Skip to content

feat: bind private TQQQ offline baseline snapshot#262

Closed
Pigbibi wants to merge 2 commits into
mainfrom
codex/tqqq-offline-baseline-v1
Closed

feat: bind private TQQQ offline baseline snapshot#262
Pigbibi wants to merge 2 commits into
mainfrom
codex/tqqq-offline-baseline-v1

Conversation

@Pigbibi

@Pigbibi Pigbibi commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

Scope

Research-only offline binding for an explicitly supplied private Yahoo adjusted_daily snapshot.

  • Validates generic manifest/artifact schema, exact bytes SHA/readback, aligned QQQ/TQQQ dates, finite OHLCV, deterministic input digest.
  • Controls-disabled baseline identity is explicit; provider/calendar completeness remain unverified.
  • No private payload/path/provider response is committed. No QPK sizing/store, broker, network, live, account or position logic.

Verification

  • focused: PYTHONPATH=src python3 -m pytest -q tests/test_tqqq_offline_baseline_binding.py (7 passed)
  • ruff, compileall passed
  • private full artifact readback: 1506 rows; SHA a40254c7e31d6b49b4a2db5ec57b1b65215a3ab1ee33df879d9e5e2b4dae6551 (not committed)

Full suite was started but interrupted after 209 passed/333 subtests due to an unrelated long-running test; not merge-ready until CI and private readback evidence are confirmed.

Co-Authored-By: Codex <noreply@openai.com>
@github-actions

github-actions Bot commented Jul 16, 2026

Copy link
Copy Markdown

🤖 Codex PR Review

🚫 Merge blocked: 1 serious issue(s) found in high-risk files

⚖️ Codex Review Arbitration

🚫 block: load_offline_baseline_input() still sets input_digest = hashlib.sha256(raw).hexdigest() while the returned OfflineBaselineInput also carries manifest-derived fields (source_revision, request_start, request_end_exclusive) that are not bound into that digest. The manifest validator permits those fields to change without changing the CSV bytes: source_revision is only checked as non-empty text, and the request window only has to contain all row dates, not match the dataset boundaries exactly. That means two distinct accepted inputs can produce the same input_digest, so the current finding remains valid. There is no contract conflict with the prior finding; the PR now rejects mismatched QQQ/TQQQ date sets via dates_by_symbol[QQQ] != dates_by_symbol[TQQQ].

🚫 Blocking Issues

These issues must be fixed before this PR can be merged:

1. 🟠 [HIGH] Logic in src/us_equity_strategies/research/tqqq_offline_baseline.py

input_digest is derived only from the raw CSV bytes, even though the returned OfflineBaselineInput also includes manifest-controlled fields such as source_revision, request_start, and request_end_exclusive. A manifest can change those accepted values without changing the CSV payload, causing distinct validated inputs to collapse to the same digest and making cache keys / baseline identity ambiguous. (line 166)

Suggestion: Compute input_digest from all semantically relevant validated inputs, not just raw. For example, hash a canonical encoding of PROFILE, source_revision, the request window, and the canonical CSV bytes so different accepted manifests cannot share the same digest.

ℹ️ Other Findings

1. 🟡 [MEDIUM] Bug in src/us_equity_strategies/research/tqqq_offline_baseline.py

volume is parsed through the generic floating-point path, so fractional values like 1.5 are accepted as valid baseline rows. Yahoo daily volume is an integer field; allowing non-integer volumes admits invalid market data and can skew any downstream logic that treats volume as a count. (line 151)

Suggestion: Validate volume with a dedicated integer parser that rejects booleans, decimals, and scientific-notation non-integers, and store it as an integer type in PriceRow.


Review by Codex PR Review bot • PR

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 4c9e931369

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment on lines +165 to +166
if len({(row.symbol, row.as_of) for row in rows}) != len(rows) or {row.symbol for row in rows} != set(SYMBOLS):
_fail()

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Reject snapshots with non-matching date sets

This check only enforces uniqueness and that both symbols appear; it does not compare the per-symbol date sets. For example, an artifact with QQQ rows on 2026-01-02, 2026-01-05 and TQQQ rows on 2026-01-02, 2026-01-06 passes as long as the manifest counts, coverage, bytes, and SHA match, so downstream research can consume misaligned QQQ/TQQQ observations even though this binding is supposed to fail closed on aligned dates.

Useful? React with 👍 / 👎.

Comment on lines +127 to +129
request_start, request_end = _date_text(request["start"]), _date_text(request["end_exclusive"])
if request_start >= request_end:
_fail()

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Enforce the manifest request window

This validates only that start < end_exclusive, but the artifact rows are never checked against that window. If the manifest says end_exclusive is 2026-01-05 and the CSV contains aligned rows dated 2026-01-05 (or later), the snapshot still loads and the returned input advertises an exclusive request window that the data violates, which can shift offline research windows without failing closed.

Useful? React with 👍 / 👎.

Co-Authored-By: Codex <noreply@openai.com>

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 205af4921b

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

for record in records:
if set(record) != set(COLUMNS):
_fail()
rows_list.append(PriceRow(_text(record["symbol"]), _date_text(record["as_of"]), *(_number(record[key], positive=key != "volume", nonnegative=key == "volume") for key in COLUMNS[2:])))

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Reject impossible OHLC ranges

When a supplied snapshot and manifest agree on a row whose values are individually finite but impossible as a bar (for example high below open/close, or low above them), this accepts the row because each numeric field is validated independently. Since this binding is the fail-closed gate for private research prices, such a malformed or tampered artifact can flow into downstream baseline experiments as valid OHLCV data.

Useful? React with 👍 / 👎.

Comment on lines +185 to +186
digest = hashlib.sha256(raw).hexdigest()
return OfflineBaselineInput(PROFILE, manifest["source_revision"], manifest["request"]["start"], manifest["request"]["end_exclusive"], rows, raw, digest)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Include manifest fields in the input digest

When the same artifact is loaded with different accepted manifest metadata, such as a wider request window or a different source_revision, the returned OfflineBaselineInput changes but input_digest remains just the artifact SHA. Any evidence or cache keyed by this advertised input digest can therefore conflate distinct baseline inputs even though the object exposes different request/provenance fields.

Useful? React with 👍 / 👎.

@Pigbibi

Pigbibi commented Jul 16, 2026

Copy link
Copy Markdown
Contributor Author

PERMANENT_FREEZE: closure exhausted; preserving review/test evidence. Fresh reslice required for OHLC/provenance contract.

@Pigbibi Pigbibi closed this Jul 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant