- start_strategy filters running check by mode so starting LIVE
won't clash with an active PAPER run and vice versa
- stop_strategy and resume_strategy accept optional mode param
so each tab stops/resumes only its own run
- paper_broker_service scopes all run lookups to mode=PAPER
- paper_mtm scopes run lookup to mode=PAPER
- routers/strategy exposes ?mode= query param on /stop and /resume
- run_service get_active_run_id and get_running_run_id already
support mode filtering (added in previous session)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Frontend (app.quantfortune.com) fetches API (api.quantfortune.com).
With SameSite=Lax the browser won't send the cookie on cross-origin
fetch calls, so the server sees no session and the request fails.
Adding COOKIE_DOMAIN=.quantfortune.com makes the cookie valid for
all subdomains. Mohan needs to add this to .env and restart.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Session cookie was scoped to api.quantfortune.com only.
Setting COOKIE_DOMAIN=.quantfortune.com in .env makes the
cookie shared across all subdomains so app.quantfortune.com
can authenticate against api.quantfortune.com.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- New auto_login_service.py: stores encrypted credentials (login ID,
password, TOTP secret), performs headless Zerodha login via pyotp,
and refreshes the session daily at 6:05 AM IST via background thread
- New auto_login router: setup, status, remove, and manual trigger endpoints
- Scheduler started at app boot alongside existing daemons
- Added pyotp==2.9.0 dependency
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Set connected=FALSE (was TRUE) when expiring broker session so the
dashboard correctly reflects disconnected state
- Notify user by email when their Zerodha session expires so they know
to reconnect before the next SIP execution
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
