- auth_service.py: RESET_OTP_SECRET no longer crashes at import; read lazily
inside _hash_otp() so the module always loads cleanly
- main.py: _validate_runtime_secrets() now checks both BROKER_TOKEN_KEY and
RESET_OTP_SECRET together, reporting all missing vars in one clear message
- .env.example: documents every required/optional env var with generation commands
With load_dotenv() + .env file, all secrets survive pm2 restarts automatically.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds python-dotenv so secrets survive pm2 restarts without relying on
PM2 env vars. Validates the Fernet key format at startup so a bad/missing
key fails immediately with a clear message rather than crashing mid-request.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- New auto_login_service.py: stores encrypted credentials (login ID,
password, TOTP secret), performs headless Zerodha login via pyotp,
and refreshes the session daily at 6:05 AM IST via background thread
- New auto_login router: setup, status, remove, and manual trigger endpoints
- Scheduler started at app boot alongside existing daemons
- Added pyotp==2.9.0 dependency
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Set connected=FALSE (was TRUE) when expiring broker session so the
dashboard correctly reflects disconnected state
- Notify user by email when their Zerodha session expires so they know
to reconnect before the next SIP execution
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
