chore: auto-update QPK_PIN and constraints.txt#172
Conversation
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: acf08028d1
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| # Auto-updated by update-qpk-pin.yml on every push to QPK main. | ||
|
|
||
| quant-platform-kit @ git+https://github.com/QuantStrategyLab/QuantPlatformKit.git@b9a7df85cfc848cebcc3aa6e1d77ec34ca7611ab | ||
| quant-platform-kit @ git+https://github.com/QuantStrategyLab/QuantPlatformKit.git@0063af3b4a974650ea58a7d3f26dd1b94f65d3e8 |
There was a problem hiding this comment.
Do not pin a build that drops blocked Telegram alerts
This pin brings in 0063af3, where the Telegram publisher pre-filters signals to only notification_target, notify_manual_review, or notification_only/shadow_only controls. For strategy-mounted data-quality/freshness failures with canonical_route="blocked" and suggested_action="blocked", should_alert_strategy_plugin_signal() and the runtime contract still treat them as plugin-alert-stream events, but publish_strategy_plugin_telegram_alerts() now drops them before building messages, so those blocked signals no longer reach Telegram after this dependency update.
Useful? React with 👍 / 👎.
| # Auto-updated by update-qpk-pin.yml on every push to QPK main. | ||
|
|
||
| quant-platform-kit @ git+https://github.com/QuantStrategyLab/QuantPlatformKit.git@b9a7df85cfc848cebcc3aa6e1d77ec34ca7611ab | ||
| quant-platform-kit @ git+https://github.com/QuantStrategyLab/QuantPlatformKit.git@0063af3b4a974650ea58a7d3f26dd1b94f65d3e8 |
There was a problem hiding this comment.
Do not bypass execution-control overrides
This pin also imports _is_auto_consumable_signal(), which treats a signal as auto-consumable when either execution_controls.position_control_allowed or payload.consumption_policy.position_control_allowed is true. For strategy adapters that explicitly disable an automation-approved defend/delever action in execution_controls while the raw plugin policy still says it is allowed, the shared policy helper gives the execution control precedence and still builds a plugin alert; the new Telegram filter ORs the two sources and drops that alert before delivery.
Useful? React with 👍 / 👎.
| # Auto-updated by update-qpk-pin.yml on every push to QPK main. | ||
|
|
||
| quant-platform-kit @ git+https://github.com/QuantStrategyLab/QuantPlatformKit.git@b9a7df85cfc848cebcc3aa6e1d77ec34ca7611ab | ||
| quant-platform-kit @ git+https://github.com/QuantStrategyLab/QuantPlatformKit.git@0063af3b4a974650ea58a7d3f26dd1b94f65d3e8 |
There was a problem hiding this comment.
Do not drop actions not carried by strategy runtime
The pinned build also skips every automation-approved defend/delever Telegram signal with position_control_allowed=true, but it does not require execution_controls.strategy_runtime_metadata_allowed=true. The shared alert policy only suppresses these strategy-mounted signals when the strategy runtime is allowed to carry/report them; when that flag is false, should_alert_strategy_plugin_signal() still builds an alert, but Telegram now filters it out and the position-impacting event can be hidden from the plugin-alert channel.
Useful? React with 👍 / 👎.
Summary\n- update QPK_PIN to the merged plugin Telegram fix commit\n- refresh constraints.txt dependency pins generated by the QPK pin workflow\n\n## Verification\n- update-qpk-pin workflow 28639014394 completed successfully and verified downstream-critical imports/package refs