schwab 0.2.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 66555bd3340fd44588d10ba42d2ae9814ee1407726cdff5af8264f10675adb78
+  data.tar.gz: ed38e6126aba0a04c8e91eef320c74efff55b3a55113d1755b0b80d7b623fb82
+SHA512:
+  metadata.gz: 3f4ac7b6a471921e15e0dd928ce64593a12186a4af9a7492536385640ca9064b3f1bfc88cc2ca4189fdf3de3c9c041479bbe662cdfa06f2a268adf3d842791d1
+  data.tar.gz: 56350f5b1cee338a971015eae51fe4710739033849a2c90a557d1a5f26db929e4ff70365e8c8dabc338496537e716e79c2b650de5fd664d137ddac93413ba6eb

data/.brakeman.yml

@@ -0,0 +1,75 @@
+# Brakeman configuration for Schwab SDK
+# This is a Ruby gem/library, not a Rails application
+
+# Skip Rails-specific checks since this is a gem
+skip_checks:
+  - CheckBasicAuth
+  - CheckCrossSiteScripting
+  - CheckDefaultRoutes
+  - CheckDetailedExceptions
+  - CheckDigestDoS
+  - CheckExecute
+  - CheckFileAccess
+  - CheckFilterSkipping
+  - CheckForgerySetting
+  - CheckJSONEncoding
+  - CheckJSONParsing
+  - CheckMailTo
+  - CheckMassAssignment
+  - CheckModelAttrAccessible
+  - CheckModelAttributes
+  - CheckModelSerialize
+  - CheckNestedAttributes
+  - CheckQuoteTableName
+  - CheckRedirect
+  - CheckRender
+  - CheckRenderDoS
+  - CheckResponseSplitting
+  - CheckRouteDoS
+  - CheckSafeBufferManipulation
+  - CheckSelectTag
+  - CheckSelectVulnerability
+  - CheckSend
+  - CheckSendFile
+  - CheckSessionSettings
+  - CheckSingleQuotes
+  - CheckSkipBeforeFilter
+  - CheckSQL
+  - CheckSSLVerify
+  - CheckStripTags
+  - CheckSymbolDoSCVE
+  - CheckTranslateBug
+  - CheckUnsafeReflection
+  - CheckValidationRegex
+  - CheckWithoutProtection
+  - CheckXMLDoS
+
+# Scan these directories
+app_path: lib
+
+# Ignore these files/directories
+skip_files:
+  - spec/
+  - test/
+  - doc/
+  - coverage/
+  - bin/oauth_test.rb  # Interactive script with user input
+
+# Don't assume this is a Rails app
+rails3: false
+rails4: false
+rails5: false
+rails6: false
+rails7: false
+assume_all_routes: false
+
+# Output settings
+report_direct: false
+summary_only: false
+
+# Security settings
+run_all_checks: false
+interprocedural: false
+
+# Confidence level (1 = High, 2 = Medium, 3 = Weak)
+confidence_level: 2

data/.claude/commands/release-pr.md

@@ -0,0 +1,120 @@
+# release-pr
+
+Create a release PR following Ruby gem best practices.
+
+## Steps to Execute
+
+1. **Determine Version Bump**
+   - Review the CHANGELOG.md "Unreleased" section
+   - Determine the appropriate version bump based on Semantic Versioning:
+     - MAJOR (x.0.0): Breaking changes
+     - MINOR (0.x.0): New features, backward compatible
+     - PATCH (0.0.x): Bug fixes only
+   - Ask the user to confirm the version if unclear
+
+2. **Create Release Branch**
+   ```bash
+   git checkout -b release/v<VERSION>
+   ```
+
+3. **Update Version**
+   - Edit `lib/tastytrade/version.rb` to bump the version number
+
+4. **Update ROADMAP.md**
+   - Review the CHANGELOG.md "Unreleased" section for completed items
+   - Find corresponding items in ROADMAP.md and mark them as completed:
+     - Change `- [ ]` to `- [x]` for completed items
+   - Look for items in all phases, not just Phase 1
+   - If an item mentions a GitHub issue number, include "(closes #X)" after marking complete
+
+5. **Update CHANGELOG.md**
+   - Move all entries from "Unreleased" to a new version section with today's date
+   - Format: `## [X.Y.Z] - YYYY-MM-DD`
+   - Create a new empty "Unreleased" section at the top with all subsections:
+     ```markdown
+     ## [Unreleased]
+     
+     ### Added
+     - Nothing yet
+     
+     ### Changed
+     - Nothing yet
+     
+     ### Deprecated
+     - Nothing yet
+     
+     ### Removed
+     - Nothing yet
+     
+     ### Fixed
+     - Nothing yet
+     
+     ### Security
+     - Nothing yet
+     ```
+
+6. **Commit Changes**
+   ```bash
+   git add lib/tastytrade/version.rb CHANGELOG.md ROADMAP.md
+   git commit -m "Release v<VERSION>"
+   ```
+
+7. **Push Branch**
+   ```bash
+   git push -u origin release/v<VERSION>
+   ```
+
+8. **Create Pull Request**
+   ```bash
+   gh pr create --title "Release v<VERSION>" --body "## Release v<VERSION>
+
+   This PR prepares the release of version <VERSION>.
+
+   ### Changes
+   - Bumped version to <VERSION>
+   - Updated CHANGELOG.md with release date
+   - Updated ROADMAP.md to mark completed items
+   
+   ### Release Checklist
+   - [ ] Version number is correct
+   - [ ] CHANGELOG.md is updated with all changes
+   - [ ] ROADMAP.md has completed items marked
+   - [ ] All tests pass
+   - [ ] RuboCop reports no offenses
+   
+   ### Post-Merge Steps
+   After merging this PR:
+   1. \`git checkout main && git pull\`
+   2. \`bundle exec rake release\`
+   3. Create a GitHub Release:
+      \`\`\`bash
+      gh release create v<VERSION> \\
+        --title "v<VERSION>" \\
+        --generate-notes \\
+        --draft
+      \`\`\`
+   4. Edit the draft release to add a summary section at the top with key highlights
+   5. Publish the release:
+      \`\`\`bash
+      gh release edit v<VERSION> --draft=false
+      \`\`\`
+   
+   Note: The rake release command will automatically create and push the git tag v<VERSION>"
+   ```
+
+## Important Notes
+
+- Do NOT run `rake release` as part of the PR - this happens after merge
+- Ensure all tests pass before creating the PR
+- Run RuboCop to ensure code quality
+- The version in the PR title and body should NOT include the 'v' prefix (e.g., "0.2.0" not "v0.2.0")
+- The rake release command will automatically create the git tag with 'v' prefix (e.g., "v0.2.0")
+- You need a RubyGems.org account to run rake release
+
+## Example
+
+For a minor version bump from 0.1.0 to 0.2.0:
+- Branch name: `release/v0.2.0`
+- Commit message: `Release v0.2.0`
+- PR title: `Release v0.2.0`
+- Git tag (after merge): `v0.2.0`

data/.env.example

@@ -0,0 +1,15 @@
+# Schwab API Credentials
+# Copy this file to .env and fill in your actual values
+
+# Your Schwab application's client ID
+SCHWAB_CLIENT_ID=your_client_id_here
+
+# Your Schwab application's client secret
+SCHWAB_CLIENT_SECRET=your_client_secret_here
+
+# The redirect URI configured in your Schwab application
+# Example: http://localhost:3000/callback
+SCHWAB_REDIRECT_URI=your_redirect_uri_here
+
+# Optional: Schwab API base URL (defaults to production)
+# SCHWAB_API_BASE_URL=https://api.schwabapi.com

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.rubocop.yml

@@ -0,0 +1,25 @@
+inherit_gem:
+  rubocop-shopify: rubocop.yml
+
+AllCops:
+  TargetRubyVersion: 3.1
+
+# Enable Security cops
+Security:
+  Enabled: true
+
+# Security cop configurations
+Security/Eval:
+  Enabled: true
+
+Security/JSONLoad:
+  Enabled: true
+
+Security/MarshalLoad:
+  Enabled: true
+
+Security/Open:
+  Enabled: true
+
+Security/YAMLLoad:
+  Enabled: true

data/CHANGELOG.md

@@ -0,0 +1,115 @@
+## [Unreleased]
+
+### Added
+- Nothing yet
+
+### Changed
+- Nothing yet
+
+### Deprecated
+- Nothing yet
+
+### Removed
+- Nothing yet
+
+### Fixed
+- Nothing yet
+
+### Security
+- Nothing yet
+
+## [0.2.0] - 2025-08-14
+
+### Added
+- **Comprehensive Account Management System**
+  - `Accounts.get_accounts` - Fetch all accounts with optional field filtering
+  - `Accounts.get_account` - Get detailed single account information
+  - `Accounts.get_positions` - Retrieve account positions with P&L data
+  - `Accounts.get_transactions` - Get transaction history with filtering
+  - `Accounts.get_orders` - Fetch orders with status and date filtering  
+  - `Accounts.get_all_orders` - Get orders across all accounts
+  - `Accounts.preview_order` - Preview order costs and requirements before placement
+  - `Accounts.get_account_numbers` - Retrieve account number mappings
+  - `Accounts.get_user_preferences` - Get user trading preferences
+
+- **Encrypted Account Number System**
+  - `AccountNumberResolver` - Thread-safe resolver for plain to encrypted account numbers
+  - Automatic caching with lazy loading and mutex synchronization
+  - Transparent usage - developers use plain account numbers, SDK handles encryption
+  - Uses `/accounts/accountNumbers` endpoint to fetch account mappings
+  - Hash detection logic to distinguish encrypted vs plain account numbers
+
+- **Resource Object Wrappers**
+  - Configurable response format (`:hash` or `:resource`)
+  - Sawyer-style resource objects with method access (e.g., `account.account_number`)
+  - Automatic type coercion for dates, times, numbers, and booleans
+  - Nested object wrapping with identity preservation
+  - Hash-style access still available alongside method access
+
+- **Enhanced Configuration**
+  - `response_format` option to choose between hash and resource object responses
+  - Comprehensive validation for all configuration parameters
+  - Backward compatibility maintained with hash format as default
+
+- Market Data API endpoints
+  - `MarketData.get_quotes` - Fetch quotes for multiple symbols
+  - `MarketData.get_quote` - Get detailed quote for single symbol
+  - `MarketData.get_quote_history` - Retrieve price history/candles
+  - `MarketData.get_movers` - Track market movers by index
+  - `MarketData.get_market_hours` - Get market session information
+- Automatic token refresh via `TokenManager`
+  - Auto-refreshes tokens when they expire in < 5 minutes
+  - Shared across all test scripts for consistent token handling
+- Test scripts for development
+  - `bin/test_market_data.rb` - Test all market data endpoints
+  - `bin/test_account_numbers.rb` - Comprehensive account endpoint testing
+  - `bin/debug_market_data.rb` - Debug response structures
+  - `bin/test_oauth_with_credentials.rb` - Test OAuth token refresh
+  - `bin/oauth_test.rb` - Interactive OAuth flow testing
+
+### Changed
+- **Account API Integration**
+  - All account endpoints now use encrypted account numbers transparently
+  - Fixed nested response structure handling (positions under `securitiesAccount`)
+  - Enhanced date formatting to preserve full ISO-8601 timestamps
+  - Added proper error handling with response body preservation for debugging
+
+- **HTTP Client Enhancements**
+  - Resource class support in all HTTP methods (GET, POST, PUT, DELETE, PATCH)
+  - Response wrapping based on configuration format
+  - Automatic resource class determination from response data
+  - Enhanced error handling with preserved response bodies
+
+- API endpoint routing to support different versioning schemes
+  - OAuth endpoints use `/v1/oauth/...`
+  - Market data endpoints use `/marketdata/v1/...`
+  - Account endpoints use `/trader/v1/accounts/...`
+- Connection builder now uses base URL without version prefix
+- OAuth endpoints hardcoded to `/v1` regardless of configuration
+
+### Fixed
+- **Account API Issues**
+  - Positions endpoint now correctly extracts from `securitiesAccount.positions`
+  - Transactions endpoint includes required `types` parameter
+  - Date format handling preserves full ISO-8601 timestamps
+  - Order preview integration with existing accounts module
+
+- **Code Quality**
+  - All RuboCop style issues resolved
+  - Duplicate method definitions removed
+  - Proper DateTime handling without deprecated methods
+  - String formatting using `format()` instead of `%` operator
+
+- Test suite compatibility with new URL structure
+- RuboCop compliance for all code
+- VCR cassette recording for OAuth refresh tokens
+
+## [0.1.0] - 2025-08-12
+
+- Initial release
+- Core OAuth 2.0 authentication with Authorization Code flow
+- HTTP client with Faraday middleware stack
+- Exception-only error handling
+- Thread-safe token refresh
+- Configuration management
+- Full test coverage with RSpec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2025 Ryan Hamamura
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,133 @@
+# Schwab
+
+Ruby SDK for the Charles Schwab API, providing easy access to trading, market data, and portfolio management endpoints.
+
+## Features
+
+- OAuth 2.0 authentication
+- Trading operations (orders, positions)
+- Real-time and historical market data
+- Account and portfolio management
+- Watchlist management
+- Options chains and trading
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'schwab'
+```
+
+And then execute:
+
+```bash
+bundle install
+```
+
+Or install it yourself as:
+
+```bash
+gem install schwab
+```
+
+## Usage
+
+### Authentication
+
+```ruby
+require 'schwab'
+
+client = Schwab::Client.new(
+  client_id: 'YOUR_CLIENT_ID',
+  client_secret: 'YOUR_CLIENT_SECRET',
+  redirect_uri: 'YOUR_REDIRECT_URI'
+)
+
+# Get authorization URL
+auth_url = client.authorization_url
+
+# After user authorizes, exchange code for token
+client.authorize(code: 'AUTHORIZATION_CODE')
+```
+
+### Market Data
+
+```ruby
+# Get quote for a symbol
+quote = client.get_quote('AAPL')
+
+# Get multiple quotes
+quotes = client.get_quotes(['AAPL', 'GOOGL', 'MSFT'])
+
+# Get price history
+history = client.get_price_history('AAPL', 
+  period_type: 'day',
+  period: 10,
+  frequency_type: 'minute',
+  frequency: 5
+)
+```
+
+### Trading
+
+```ruby
+# Get positions
+positions = client.get_positions(account_id)
+
+# Place an order
+order = client.place_order(account_id, {
+  orderType: 'LIMIT',
+  symbol: 'AAPL',
+  quantity: 100,
+  price: 150.00,
+  instruction: 'BUY'
+})
+
+# Get orders
+orders = client.get_orders(account_id)
+```
+
+### Account Management
+
+```ruby
+# Get accounts
+accounts = client.get_accounts
+
+# Get specific account
+account = client.get_account(account_id)
+
+# Get transactions
+transactions = client.get_transactions(account_id)
+```
+
+## Configuration
+
+You can configure the client globally:
+
+```ruby
+Schwab.configure do |config|
+  config.client_id = 'YOUR_CLIENT_ID'
+  config.client_secret = 'YOUR_CLIENT_SECRET'
+  config.redirect_uri = 'YOUR_REDIRECT_URI'
+  config.sandbox = true # Use sandbox environment
+end
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/ryanhamamura/schwab.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+## Disclaimer
+
+This gem is not affiliated with, endorsed by, or sponsored by Charles Schwab & Co., Inc. Use at your own risk. Trading securities involves risk, and past performance is not indicative of future results.

data/Rakefile

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+require "rubocop/rake_task"
+
+RuboCop::RakeTask.new
+
+task default: [:spec, :rubocop]