Skip to content

feat(exec): order-failure diagnostic logging — correlation, context & TD-18 redaction#8

Merged
davassi merged 14 commits into
masterfrom
feature/order-failure-logging
Jun 28, 2026
Merged

feat(exec): order-failure diagnostic logging — correlation, context & TD-18 redaction#8
davassi merged 14 commits into
masterfrom
feature/order-failure-logging

Conversation

@davassi

@davassi davassi commented Jun 28, 2026

Copy link
Copy Markdown
Owner

What & why

When an order fails, the logs now carry enough context to reconstruct the root cause. Observability only — no change to the HyperliquidError taxonomy, retry policy/backoff, HTTP status codes, DB schema, or pricing/submission logic (verified end-to-end in a whole-branch review).

Changes

  • Correlation across all layers. OrderRequest carries a new req_id (alongside cloid); every failure log line is tagged so it ties back to the originating webhook request and the exchange-side order id.
  • Submitted price logged before every order (market_order/limit_order): mid, slippage bps, aggressive price, tick-normalized price actually sent — the key diagnostic for a "bad price / could not match" reject.
  • Service-layer rejects log full order context + the full exchange payload via a defensive _safe_json (falls back to repr, never masks the original failure).
  • Retry loop / handlers: the terminal network/API line now includes the underlying error string (previously only the attempt count); the three handlers carry req_id/cloid/symbol/side (hoisted to one handler_ctx).
  • Shared helper format_log_context(**fields) builds the uniform key=value context (no copy-pasted prefix).
  • Secret-safety: a regression test asserts the secret never appears in failure-level (WARNING+) logs on the order path.

TD-18 (resolved on this branch)

The review surfaced a pre-existing leak: the invalid-JSON path (_log_invalid_json_body) logged the raw body at WARNING, exposing general.secret on a malformed payload. Fixed: the body is routed through _redact_secrets (masks any "secret": "…" field + the configured secret value), with the secret fetch guarded so the logging helper can never raise.

Testing

Full suite: 191 passed (python3.11 -m pytest). New tests cover correlation, submitted-pricing logs, enriched reject context, the terminal-line error, secret non-leakage (order path + invalid-JSON path), and _redact_secrets edge cases.

Design: docs/superpowers/specs/2026-06-28-order-failure-logging-design.md · Plan: docs/superpowers/plans/2026-06-28-order-failure-logging.md · Changelog: CHANGELOG.md.

🤖 Generated with Claude Code

davassi and others added 14 commits June 28, 2026 06:40
…+ context)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- DRY: hoist repeated format_log_context into handler_ctx (3 handlers)
- test: cover limit_order pre-submit pricing log
- test: assert no-response log carries side/size; narrow secret-test docstring

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…leak)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…(TD-18)

_log_invalid_json_body logged the raw request body at WARNING to aid debugging a
malformed payload; a body carrying general.secret therefore leaked the credential
at the production log level. Route the body through _redact_secrets, which masks
any "secret":"..." field and the configured secret value before logging.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
… (TD-18 review)

Review of the TD-18 fix: get_settings()/get_secret_value() sat outside the
try-except, so a settings failure could turn this logging helper into a 500.
Wrap the secret fetch (fall back to None — the regex still masks the field) and
make the secret-field regex case-insensitive for defense-in-depth.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@davassi davassi merged commit 2b0b62e into master Jun 28, 2026
2 checks passed
@davassi davassi deleted the feature/order-failure-logging branch June 28, 2026 05:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant