Full deployment history for this project.
Consolidate open PRs, compatible upgrades, and platform auth Validated locally and through a READY Vercel preview. Merge commit preserves every original PR head in ancestry.
chore: validate consolidated upgrades and platform auth
palette: improve markets page accessibility and consistency - Added sr-only labels to search and category inputs in /markets - Applied focus-visible styles to inputs and table links for better keyboard navigation - Added contextual aria-labels to market and category links in MarketTable - Updated MarketTable empty state to match the system's dashed-card pattern with an Activity icon - Verified accessibility improvements with Playwright screenshots and passed all lint/test checks Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
⚡ Bolt: Parallelize CLOB midpoint fetches Parallelize independent midpoint price fetches for market outcomes in `lib/clob-api.ts`. 💡 What: Replaced a sequential `for...of` loop with `Promise.all` in `fetchClobPrices`. 🎯 Why: Reduces latency from O(N * RTT) to O(RTT). Standard binary markets see a 2x speedup in cold-cache midpoint fetching. 📊 Impact: Expected ~50% reduction in wall-clock time for enriched market data retrieval. 🔬 Measurement: Verified with `pnpm test:run` (all 482 tests passed). Also added type-safe handling and narrowing for `Promise.all` results. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
⚡ Bolt: Parallelize CLOB price fetching Optimized the `fetchClobPrices` function in `lib/clob-api.ts` to fetch midpoints for all outcomes in parallel using `Promise.all`. This reduces the total latency for a market with N outcomes from O(N * RTT) to O(RTT), significantly improving the response time for enriched feeds and market detail pages. Includes refined TypeScript type guards to ensure consistent data and type safety. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
⚡ Bolt: Parallelize CLOB midpoint fetches Parallelize independent network requests in `fetchClobPrices` using `Promise.all` to reduce latency from O(N * RTT) to O(RTT). - Replaces sequential `for...of` loop with `Promise.all` - Flattens results with `flatMap` - Preserves error handling and null behavior - Passes existing unit tests in `tests/unit/clob-api.test.ts` Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
⚡ Bolt: parallelize CLOB price and book fetching This optimization parallelizes independent network requests in the CLOB API client. - In `fetchClobPrices`, midpoint price fetches for multiple token IDs are now performed in parallel using `Promise.all`, reducing latency from O(N * RTT) to O(1 * RTT). - In `fetchMarketOrderbook`, the fetching of outcome books and midpoint prices is now parallelized, further reducing the total round-trip time for full orderbook resolution. Expected Impact: - Reduces latency for multi-outcome markets (e.g. YES/NO) by ~50% in the CLOB data path. - Measurable speedup for any endpoint resolving full market orderbooks. Verified with `pnpm test` and integration suite. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
🛡️ Sentinel: Harden input validation with centralized clamping This commit hardens the application's defense against Denial of Service (DoS) attacks by centralizing and standardizing input validation for numeric and string query parameters. - Updated `clampInt` and `clampFloat` in `lib/platform.ts` to truncate input strings to 10 characters before parsing, mitigating CPU exhaustion risks from extremely long numeric strings. - Added `clampString` utility to `lib/platform.ts` to enforce a default maximum length of 240 characters on untrusted string inputs. - Refactored several API routes (`/api/errors`, `/api/feed`, `/api/feed/atom`, `/api/feed/json`) to use these centralized utilities. - Updated integration tests to reflect the shift from explicit 400 errors to silent clamping for out-of-range parameters, improving system robustness. - Updated Sentinel's journal with learnings from this enhancement. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
🛡️ Sentinel: Fix DoS risk in query parameter parsing Implement input trimming and truncation to 10 characters before numeric parsing in clampInt and clampFloat utilities. Add clampString utility for safe string extraction. Apply these protections across public API routes to mitigate CPU exhaustion and memory risks from unbounded user inputs. - Enhanced lib/platform.ts with secure clamping utilities - Secured /api/analytics, /api/errors, /api/markets, and /api/feed routes - Added comprehensive unit tests in tests/unit/platform.test.ts - Verified via integration tests (rest-api.test.ts, feed-routes.test.ts) - Updated .jules/sentinel.md with critical learnings Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
🎨 Palette: Enhance Market Detail navigation and accessibility - Replace plain text "Markets" back link with a ghost button containing a ChevronLeft icon and -ml-2 alignment for better visual affordance. - Add "Back to Markets" aria-label to the back button. - Update "Open on Polymarket" external link to include "(opens in a new tab)" in its aria-label for screen reader accessibility. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
🛡️ Sentinel: Harden numeric input parsing to prevent DoS This commit standardizes numeric input validation across the application to mitigate Denial of Service (DoS) risks and improve system robustness. Changes: - Hardened `clampInt` and `clampFloat` in `lib/platform.ts` with 10-char input truncation before parsing. - Refactored `api/feed`, `api/feed/json`, `api/feed/atom`, and `api/analytics` to use these secure utilities. - Updated integration tests to expect silent clamping instead of 400 errors for out-of-range parameters. - Added comprehensive unit tests for the hardened parsing logic. - Documented the vulnerability and prevention strategy in `.jules/sentinel.md`. This follows the "Defense in Depth" philosophy by ensuring all untrusted numeric string inputs are length-limited and range-clamped before processing. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
🛡️ Sentinel: Fix potential DoS via unbounded numeric string parsing This change enhances the application's resilience against Denial of Service (DoS) attacks by ensuring all user-provided numeric query parameters are truncated to a maximum of 10 characters before being passed to parsing functions like `Number.parseInt` or `Number.parseFloat`. - Updated `clampInt` and `clampFloat` utilities in `lib/platform.ts` to include automatic 10-character truncation as a defense-in-depth measure. - Refactored `markets`, `feed`, `feed/json`, and `feed/atom` API routes to utilize these secure utilities for consistent input validation and range clamping. - Updated integration tests to align with the more robust clamping behavior. - Unified the input validation pattern across the core API surface. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Merge pull request #158 from mbarbine/copilot/merge-all-pull-requests Consolidate open PRs #147–#157 into a single merge-ready integration branch
chore: drop stray PR metadata file Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Merge pull request #157 from mbarbine/perf-optimize-dates-13244543748576938472 ⚡ Optimize Date object allocations in market endpoints
update
update
update
update