tastytrade 0.3.0 → 0.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: aa2b6fbe38925319fd0577393a7c12f9b852500c85185c51ad73da56b8724422
-  data.tar.gz: 5c650bdbceeb19a32ddcc6e4c610f63d5a0cb8212df4c3875c1544ef91714204
+  metadata.gz: dc1c01296e2566f4fc37858644a653d88592959a377bf2170872e469a7364875
+  data.tar.gz: 1358a0e80d2cb413336edd44b0a38fdeecb21a57c6dafd23358b183f570a426f
 SHA512:
-  metadata.gz: 9c3a31572d50be8e5bf74aed909e08c0befa1882de0d671c40ad8b9de956ad9c62c1fbededb5bbc5ea883a96aeaee9e1a27c63616c3ef21eaef7e9888a1ea746
-  data.tar.gz: dcf15ae057baeb7aa067c21444efbe481ea6bdc23515ab9f286935d8a406b5fa5d91c0b2e439fa3103bba0c97b76996074d569253a5b7f6671172a0c8a9d4376
+  metadata.gz: a2f378a230782d89ebaa843c155f6086c2d31bd1c21976179b8da38d7712533e3632a33d2ac5cdb41d88e5d24fa3fba1228e0c748f4efa2f6d41a9ce04af9854
+  data.tar.gz: ddbdcd65ef55e82501617202fdf9f3b6dbeb32f87b439fcbe04a357988c13097041662550450f57e31e608434e63ec4d9148ea09c50b09401298daa218ced886

data/CHANGELOG.md

@@ -25,6 +25,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Security
 - Nothing yet
 
+## [0.3.1] - 2025-08-08
+
+### Removed
+- VCR documentation files (vcr_implementation_plan.md, vcr_implementation_research.md) that were inadvertently included in v0.3.0
+- VCR gem dependency from development dependencies
+- VCR configuration and setup code from spec_helper.rb
+- VCR-related test tags from spec files
+
+### Fixed
+- Cleaned up test suite to remove unused VCR references
+
 ## [0.3.0] - 2025-08-08
 
 ### Added
@@ -76,7 +87,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - `order replace` command with interactive price/quantity modification
   - Partial fill tracking with filled/remaining quantity calculations
   - Order status color coding in CLI output
-  - VCR test configuration with sensitive data filtering
   - Comprehensive test coverage for all order management features
   - Integration tests for complete order lifecycle (place, list, modify, cancel)
   - Renamed existing `order` command to `place` for clarity

data/lib/tastytrade/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Tastytrade
-  VERSION = "0.3.0"
+  VERSION = "0.3.1"
 end

data/spec/spec_helper.rb

@@ -11,78 +11,6 @@ end
 require "bundler/setup"
 require "tastytrade"
 require "webmock/rspec"
-require "vcr"
-
-VCR.configure do |config|
-  config.cassette_library_dir = "spec/fixtures/vcr_cassettes"
-  config.hook_into :webmock
-  config.configure_rspec_metadata!
-
-  # Filter out sensitive data
-  config.filter_sensitive_data("<AUTH_TOKEN>") do |interaction|
-    if interaction.request.headers["Authorization"]
-      interaction.request.headers["Authorization"].first
-    end
-  end
-
-  config.filter_sensitive_data("<SESSION_TOKEN>") do |interaction|
-    if interaction.response.headers["Content-Type"] &&
-       interaction.response.headers["Content-Type"].first.include?("application/json")
-      begin
-        body = JSON.parse(interaction.response.body)
-        body.dig("data", "session-token") || body.dig("data", "session_token")
-      rescue JSON::ParserError
-        nil
-      end
-    end
-  end
-
-  config.filter_sensitive_data("<ACCOUNT_NUMBER>") do |interaction|
-    # Filter account numbers from URLs
-    interaction.request.uri.match(%r{/accounts/([^/]+)})&.captures&.first
-  end
-
-  config.filter_sensitive_data("<USERNAME>") do |interaction|
-    if interaction.request.body && interaction.request.body.include?("username")
-      begin
-        body = JSON.parse(interaction.request.body)
-        body["username"]
-      rescue JSON::ParserError
-        nil
-      end
-    end
-  end
-
-  config.filter_sensitive_data("<PASSWORD>") do |interaction|
-    if interaction.request.body && interaction.request.body.include?("password")
-      begin
-        body = JSON.parse(interaction.request.body)
-        body["password"]
-      rescue JSON::ParserError
-        nil
-      end
-    end
-  end
-
-  # Filter personal information from response bodies
-  config.filter_sensitive_data("<EMAIL>") do |interaction|
-    if interaction.response.body
-      begin
-        body = JSON.parse(interaction.response.body)
-        body.dig("data", "email")
-      rescue JSON::ParserError
-        nil
-      end
-    end
-  end
-
-  # Default cassette options
-  config.default_cassette_options = {
-    record: :new_episodes,
-    match_requests_on: [:method, :uri, :body],
-    allow_playback_repeats: true
-  }
-end
 
 RSpec.configure do |config|
   # Enable flags like --only-failures and --next-failure

data/spec/tastytrade/models/account_order_management_spec.rb

@@ -54,7 +54,7 @@ RSpec.describe Tastytrade::Models::Account, "#get_live_orders" do
   end
 
   describe "without filters" do
-    it "retrieves all live orders", :vcr do
+    it "retrieves all live orders" do
       allow(session).to receive(:get)
         .with("/accounts/5WV12345/orders/live/", {})
         .and_return(live_orders_response)
@@ -122,7 +122,7 @@ RSpec.describe Tastytrade::Models::Account, "#cancel_order" do
   let(:order_id) { "12345" }
 
   describe "successful cancellation" do
-    it "sends DELETE request and returns nil", :vcr do
+    it "sends DELETE request and returns nil" do
       expect(session).to receive(:delete)
         .with("/accounts/5WV12345/orders/12345/")
         .and_return(nil)
@@ -210,7 +210,7 @@ RSpec.describe Tastytrade::Models::Account, "#replace_order" do
   end
 
   describe "successful replacement" do
-    it "sends PUT request and returns OrderResponse", :vcr do
+    it "sends PUT request and returns OrderResponse" do
       expect(new_order).to receive(:to_api_params).and_return(order_params)
       expect(session).to receive(:put)
         .with("/accounts/5WV12345/orders/12345/", order_params)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: tastytrade
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.3.1
 platform: ruby
 authors:
 - Ryan Hamamura
@@ -163,20 +163,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.22'
-- !ruby/object:Gem::Dependency
-  name: vcr
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '6.3'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '6.3'
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
@@ -302,8 +288,6 @@ files:
 - spec/tastytrade/session_manager_spec.rb
 - spec/tastytrade/session_spec.rb
 - spec/tastytrade_spec.rb
-- vcr_implementation_plan.md
-- vcr_implementation_research.md
 homepage: https://github.com/ryanhamamura/tastytrade
 licenses:
 - MIT

data/vcr_implementation_plan.md

@@ -1,403 +0,0 @@
-# VCR Implementation Plan for Tastytrade Gem
-
-## Executive Summary
-Implement VCR cassettes to replace existing mocks, accounting for Tastytrade sandbox's market-hours-only order routing behavior.
-
-## Phase 1: Foundation Setup (Week 1)
-
-### 1.1 Credential Management
-```bash
-# Create .env.test (add to .gitignore)
-TASTYTRADE_SANDBOX_USERNAME=your_username
-TASTYTRADE_SANDBOX_PASSWORD=your_password
-TASTYTRADE_SANDBOX_ACCOUNT=your_account
-TASTYTRADE_ENVIRONMENT=sandbox
-```
-
-### 1.2 Enhanced VCR Configuration
-```ruby
-# spec/spec_helper.rb
-require 'dotenv'
-Dotenv.load('.env.test') if File.exist?('.env.test')
-
-VCR.configure do |config|
-  config.cassette_library_dir = "spec/fixtures/vcr_cassettes"
-  config.hook_into :webmock
-  config.configure_rspec_metadata!
-  
-  # Recording mode management
-  vcr_mode = ENV['VCR_MODE'] =~ /rec/i ? :all : :once
-  vcr_mode = :none if ENV['CI'] # Prevent recording in CI
-  
-  config.default_cassette_options = {
-    record: vcr_mode,
-    match_requests_on: [:method, :uri, :body],
-    allow_playback_repeats: true,
-    record_on_error: false
-  }
-  
-  # Enhanced sensitive data filtering
-  config.filter_sensitive_data('<SANDBOX_USERNAME>') { ENV['TASTYTRADE_SANDBOX_USERNAME'] }
-  config.filter_sensitive_data('<SANDBOX_PASSWORD>') { ENV['TASTYTRADE_SANDBOX_PASSWORD'] }
-  config.filter_sensitive_data('<SANDBOX_ACCOUNT>') { ENV['TASTYTRADE_SANDBOX_ACCOUNT'] }
-  
-  # Filter dynamic/sensitive data from responses
-  config.before_record do |interaction|
-    if interaction.response.body
-      body = interaction.response.body
-      
-      # Filter account numbers (format: 5WX12345)
-      body.gsub!(/5W[A-Z0-9]{6,8}/, '<ACCOUNT_NUMBER>')
-      
-      # Filter session tokens
-      body.gsub!(/"session-token":"[^"]+/, '"session-token":"<SESSION_TOKEN>')
-      body.gsub!(/"remember-token":"[^"]+/, '"remember-token":"<REMEMBER_TOKEN>')
-      
-      # Filter personal information
-      body.gsub!(/"email":"[^"]+/, '"email":"<EMAIL>')
-      body.gsub!(/"external-id":"[^"]+/, '"external-id":"<EXTERNAL_ID>')
-      
-      # Add recording metadata
-      interaction.response.headers['X-VCR-Recorded-At'] = Time.current.iso8601
-      interaction.response.headers['X-VCR-Market-Status'] = market_open? ? 'open' : 'closed'
-    end
-  end
-  
-  # Ignore certain dynamic parameters
-  config.before_playback do |interaction|
-    # Normalize timestamps in URLs if needed
-    interaction.request.uri.gsub!(/timestamp=\d+/, 'timestamp=NORMALIZED')
-  end
-end
-```
-
-### 1.3 Market Hours Helper
-```ruby
-# spec/support/market_hours_helper.rb
-module MarketHoursHelper
-  def market_open?(time = Time.current)
-    # Convert to ET (Eastern Time)
-    et_time = time.in_time_zone('America/New_York')
-    
-    # Check if weekend
-    return false if et_time.saturday? || et_time.sunday?
-    
-    # Check if US market holiday (simplified - expand as needed)
-    holidays = [
-      Date.new(et_time.year, 1, 1),   # New Year's Day
-      Date.new(et_time.year, 7, 4),   # Independence Day
-      Date.new(et_time.year, 12, 25), # Christmas
-      # Add more holidays as needed
-    ]
-    return false if holidays.include?(et_time.to_date)
-    
-    # Check market hours (9:30 AM - 4:00 PM ET)
-    market_open = et_time.change(hour: 9, min: 30)
-    market_close = et_time.change(hour: 16, min: 0)
-    
-    et_time >= market_open && et_time <= market_close
-  end
-  
-  def skip_outside_market_hours
-    unless market_open? || VCR.current_cassette
-      skip "Test requires market hours or existing cassette"
-    end
-  end
-  
-  def next_market_open_time
-    time = Time.current.in_time_zone('America/New_York')
-    
-    # If it's before 9:30 AM on a weekday, return today's open
-    if !time.saturday? && !time.sunday? && time.hour < 9 || (time.hour == 9 && time.min < 30)
-      return time.change(hour: 9, min: 30)
-    end
-    
-    # Otherwise, find next weekday
-    loop do
-      time = time.tomorrow
-      break if !time.saturday? && !time.sunday?
-    end
-    
-    time.change(hour: 9, min: 30)
-  end
-end
-
-RSpec.configure do |config|
-  config.include MarketHoursHelper
-end
-```
-
-## Phase 2: Proof of Concept - Session Class (Week 1)
-
-### 2.1 Convert Session Tests
-```ruby
-# spec/tastytrade/session_vcr_spec.rb
-require 'spec_helper'
-
-RSpec.describe Tastytrade::Session, :vcr do
-  let(:sandbox_credentials) do
-    {
-      username: ENV['TASTYTRADE_SANDBOX_USERNAME'],
-      password: ENV['TASTYTRADE_SANDBOX_PASSWORD'],
-      is_test: true
-    }
-  end
-  
-  describe "#login" do
-    context "with valid credentials" do
-      it "authenticates successfully" do
-        session = described_class.new(**sandbox_credentials).login
-        
-        expect(session.session_token).not_to be_nil
-        expect(session.user).to be_a(Tastytrade::Models::User)
-        expect(session.user.email).not_to be_nil
-      end
-    end
-    
-    context "with invalid credentials" do
-      it "raises InvalidCredentialsError" do
-        invalid_creds = sandbox_credentials.merge(password: 'wrong_password')
-        
-        expect {
-          described_class.new(**invalid_creds).login
-        }.to raise_error(Tastytrade::InvalidCredentialsError)
-      end
-    end
-  end
-  
-  describe "#validate" do
-    let(:session) { described_class.new(**sandbox_credentials).login }
-    
-    it "validates active session" do
-      expect(session.validate).to be true
-    end
-  end
-  
-  describe "#destroy" do
-    let(:session) { described_class.new(**sandbox_credentials).login }
-    
-    it "destroys the session" do
-      session.destroy
-      expect(session.session_token).to be_nil
-    end
-  end
-end
-```
-
-### 2.2 Recording Schedule
-```markdown
-# Recording Schedule
-
-## Initial Recording Session
-- **Date**: [Schedule a weekday]
-- **Time**: 10:00 AM - 3:00 PM ET (avoiding market open/close volatility)
-- **Checklist**:
-  - [ ] Verify sandbox credentials work
-  - [ ] Market is open
-  - [ ] No US market holidays
-  - [ ] VCR_MODE=rec environment variable set
-
-## Recording Commands
-```bash
-# Record all cassettes
-VCR_MODE=rec bundle exec rspec spec/tastytrade/session_vcr_spec.rb
-
-# Verify cassettes work
-bundle exec rspec spec/tastytrade/session_vcr_spec.rb
-```
-
-## Phase 3: Order-Related Tests (Week 2)
-
-### 3.1 Order Placement Tests with Market Hours
-```ruby
-# spec/tastytrade/models/account_place_order_vcr_spec.rb
-RSpec.describe "Order Placement", :vcr do
-  include MarketHoursHelper
-  
-  let(:session) { sandbox_session } # From helper
-  let(:account) { session.accounts.first }
-  
-  describe "placing orders" do
-    context "during market hours" do
-      before { skip_outside_market_hours }
-      
-      it "places a limit order" do
-        order = Tastytrade::Order.new(
-          type: Tastytrade::OrderType::LIMIT,
-          time_in_force: Tastytrade::OrderTimeInForce::DAY,
-          legs: build_spy_leg(100, "Buy to Open"),
-          price: 430.00
-        )
-        
-        response = account.place_order(session, order)
-        
-        expect(response).to be_a(Tastytrade::Models::OrderResponse)
-        expect(response.order_id).not_to be_nil
-      end
-    end
-    
-    context "order validation (market independent)" do
-      it "validates order without placing" do
-        order = Tastytrade::Order.new(
-          type: Tastytrade::OrderType::LIMIT,
-          time_in_force: Tastytrade::OrderTimeInForce::DAY,
-          legs: build_spy_leg(100, "Buy to Open"),
-          price: 430.00
-        )
-        
-        # Dry run doesn't require market hours
-        response = account.place_order(session, order, dry_run: true)
-        
-        expect(response.buying_power_effect).not_to be_nil
-      end
-    end
-  end
-  
-  private
-  
-  def build_spy_leg(quantity, action)
-    Tastytrade::OrderLeg.new(
-      action: action,
-      symbol: "SPY",
-      quantity: quantity
-    )
-  end
-end
-```
-
-## Phase 4: Gradual Migration (Weeks 3-4)
-
-### 4.1 Parallel Testing Strategy
-```ruby
-# spec/spec_helper.rb
-RSpec.configure do |config|
-  # Run VCR tests only when marked
-  config.around(:each) do |example|
-    if example.metadata[:vcr]
-      example.run
-    elsif example.metadata[:use_mocks]
-      # Keep existing mock behavior
-      VCR.turned_off { example.run }
-    else
-      # Default to mocks for now
-      VCR.turned_off { example.run }
-    end
-  end
-end
-```
-
-### 4.2 Migration Checklist
-- [ ] Session tests converted
-- [ ] Client HTTP tests converted
-- [ ] Account model tests converted
-- [ ] Balance retrieval tests converted
-- [ ] Order placement tests converted
-- [ ] Order history tests converted
-- [ ] Position tests converted
-- [ ] CLI tests converted (mock the API client layer)
-
-## Phase 5: CI/CD Integration (Week 4)
-
-### 5.1 GitHub Actions Configuration
-```yaml
-# .github/workflows/test.yml
-name: Tests
-on: [push, pull_request]
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    env:
-      VCR_MODE: none # Never record in CI
-      TASTYTRADE_SANDBOX_USERNAME: ${{ secrets.TASTYTRADE_SANDBOX_USERNAME }}
-      TASTYTRADE_SANDBOX_PASSWORD: ${{ secrets.TASTYTRADE_SANDBOX_PASSWORD }}
-      TASTYTRADE_SANDBOX_ACCOUNT: ${{ secrets.TASTYTRADE_SANDBOX_ACCOUNT }}
-    
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 1 # Shallow clone for speed
-      
-      - name: Set up Ruby
-        uses: ruby/setup-ruby@v1
-        with:
-          ruby-version: '3.2'
-          bundler-cache: true
-      
-      - name: Run tests
-        run: bundle exec rspec
-```
-
-### 5.2 Cassette Maintenance
-```ruby
-# lib/tasks/vcr.rake
-namespace :vcr do
-  desc "Delete cassettes older than 30 days"
-  task :clean_old do
-    Dir.glob("spec/fixtures/vcr_cassettes/**/*.yml").each do |cassette|
-      if File.mtime(cassette) < 30.days.ago
-        puts "Deleting old cassette: #{cassette}"
-        File.delete(cassette)
-      end
-    end
-  end
-  
-  desc "Re-record all cassettes (run during market hours)"
-  task :refresh_all do
-    unless market_open?
-      puts "ERROR: Market is closed. Run during market hours (9:30 AM - 4:00 PM ET)"
-      puts "Next market open: #{next_market_open_time}"
-      exit 1
-    end
-    
-    ENV['VCR_MODE'] = 'rec'
-    system('bundle exec rspec --tag vcr')
-  end
-  
-  desc "Show cassette statistics"
-  task :stats do
-    cassettes = Dir.glob("spec/fixtures/vcr_cassettes/**/*.yml")
-    total_size = cassettes.sum { |f| File.size(f) }
-    
-    puts "Total cassettes: #{cassettes.count}"
-    puts "Total size: #{(total_size / 1024.0 / 1024.0).round(2)} MB"
-    puts "Oldest cassette: #{cassettes.min_by { |f| File.mtime(f) }}"
-    puts "Newest cassette: #{cassettes.max_by { |f| File.mtime(f) }}"
-  end
-end
-```
-
-## Phase 6: Documentation (Week 5)
-
-### 6.1 Developer Guide
-Create `docs/vcr_testing.md`:
-- How to record new cassettes
-- Market hours requirements
-- Credential setup
-- Troubleshooting guide
-- Best practices
-
-### 6.2 Git Configuration
-```gitignore
-# .gitignore
-.env.test
-.env.local
-
-# .gitattributes  
-spec/fixtures/vcr_cassettes/**/*.yml -diff
-```
-
-## Success Metrics
-- [ ] All tests pass with VCR cassettes
-- [ ] CI build time reduced by >50%
-- [ ] Tests work offline
-- [ ] No sensitive data in cassettes
-- [ ] Documentation complete
-- [ ] Team trained on VCR workflow
-
-## Risk Mitigation
-1. **Market Hours Dependency**: Use strict `:once` recording mode
-2. **Sensitive Data Leaks**: Multiple layers of filtering
-3. **Cassette Bloat**: Regular cleanup tasks
-4. **API Changes**: Monthly cassette refresh schedule
-5. **Team Adoption**: Comprehensive documentation and helpers

data/vcr_implementation_research.md

@@ -1,330 +0,0 @@
-# VCR Implementation Research - Best Practices
-
-## Research Progress
-
-### Question 1: Test Environment & Credentials
-**Question**: Do you have access to a Tastytrade sandbox/test account?
-**Status**: ✅ ANSWERED
-**Best Practice**: Use sandbox/test accounts for recording. APIs should provide sandbox environments for testing that don't affect production data.
-**Recommendation**: We should use Tastytrade's sandbox environment for all VCR recordings.
-**Outstanding**: Need to confirm if you have sandbox credentials.
-
-### Question 2: How should we handle test credentials?
-**Question**: Store in .env.test file? GitHub secrets for CI? Other approach?
-**Status**: ✅ ANSWERED
-**Best Practice**: 
-- Use environment variables for credentials (12-Factor App practice)
-- Local: Use .env.test file (gitignored) with dotenv gem
-- CI: Use GitHub Actions secrets
-- Filter sensitive data in VCR configuration
-**Recommendation**: 
-1. Create `.env.test.example` with placeholders
-2. Use `.env.test` locally (gitignored)
-3. Store credentials in GitHub secrets for CI
-4. Configure VCR to filter all sensitive data
-
-### Question 3: What recording mode should we use?
-**Question**: :once, :new_episodes, :none, or custom strategy?
-**Status**: ✅ ANSWERED
-**Best Practice**:
-- Use `:once` as default (recommended by VCR documentation)
-- Use environment variable for re-recording: `VCR_MODE=rec` → `:all`
-- Use `:none` in CI for safety (prevents accidental API calls)
-- Avoid `:new_episodes` unless specifically needed (can silently record unmatched requests)
-**Recommendation**:
-```ruby
-vcr_mode = ENV['VCR_MODE'] =~ /rec/i ? :all : :once
-vcr_mode = :none if ENV['CI']
-```
-
-### Question 4: Should we record against production or sandbox API?
-**Question**: Sandbox vs production for recordings?
-**Status**: ✅ ANSWERED
-**Best Practice**:
-- Always use sandbox/test environments for recording cassettes
-- Maintain complete isolation from production
-- Don't change API URLs in test environment - point to real service
-- Ensure proper compliance and data segregation
-**Recommendation**: Use Tastytrade sandbox API exclusively for all recordings
-
-### Question 5: Which test areas are most critical to convert first?
-**Question**: Authentication, Orders, Account/Balance, or CLI?
-**Status**: ✅ ANSWERED
-**Best Practice**:
-- Start with Authentication/Session tests (foundation for all other tests)
-- Then Session management (stateful interactions)
-- Then critical business logic (orders, accounts)
-- Finally secondary features (CLI, etc.)
-**Recommendation**: Priority order:
-1. Authentication/Session tests (fundamental)
-2. Account/Balance retrieval (frequently used)
-3. Order placement (high risk, needs accurate testing)
-4. CLI commands (user-facing, depends on above)
-
-### Question 6: Should we keep existing mock tests during transition?
-**Question**: Run both in parallel or replace completely?
-**Status**: ✅ ANSWERED
-**Best Practice**:
-- Can use both VCR and WebMock together
-- Use `:use_vcr` metadata to enable VCR for specific tests
-- Gradually transition from mocks to VCR
-- Keep mocks for simple unit tests, use VCR for integration tests
-**Recommendation**: 
-1. Keep existing mock tests initially
-2. Add `:use_vcr` metadata to tests being converted
-3. Run both in parallel during transition
-4. Remove mocks after VCR tests are stable
-
-### Question 7: How should we handle dynamic data in recordings?
-**Question**: Timestamps, Order IDs, Market prices - custom matchers or freeze time?
-**Status**: ✅ ANSWERED
-**Best Practice**:
-- Use `uri_without_params` for ignoring dynamic URL parameters
-- Create custom matchers for complex scenarios
-- Use ERB in cassettes for dynamic content
-- Filter/replace dynamic data with placeholders
-**Recommendation**:
-1. Use `uri_without_params(:timestamp, :order_id)` for URLs
-2. Filter sensitive/dynamic data in VCR config
-3. Consider Timecop gem for freezing time in tests
-4. Use custom matchers for market price matching
-
-### Question 8: Cassette organization preference?
-**Question**: One per test, one per file, or grouped by endpoint?
-**Status**: ✅ ANSWERED
-**Best Practice**:
-- Use automatic naming with `configure_rspec_metadata!`
-- Organize by API endpoint/functionality in subdirectories
-- One cassette per test example (automatic with metadata)
-- Group related cassettes in subdirectories
-**Recommendation**:
-```
-spec/fixtures/vcr_cassettes/
-  authentication/
-  accounts/
-  orders/
-  positions/
-```
-With automatic naming: `ClassName/test_description.yml`
-
-### Question 9: How should cassettes be managed in CI?
-**Question**: Commit to repo, Git LFS, or generate fresh?
-**Status**: ✅ ANSWERED
-**Best Practice**:
-- Commit cassettes to repo for CI reuse (faster builds)
-- Use Git LFS only if cassettes are very large
-- Use shallow clones in CI (`fetch-depth: 1`)
-- Set recording mode to `:none` in CI
-**Recommendation**:
-1. Commit cassettes directly to repo (unless >100MB)
-2. Use `.gitattributes` to reduce diff noise
-3. Configure CI with `VCR_MODE=none` 
-4. Use `fetch-depth: 1` in GitHub Actions
-
-### Question 10: Should we implement automatic cassette refresh?
-**Question**: Monthly refresh, manual, or automated detection?
-**Status**: ✅ ANSWERED
-**Best Practice**:
-- No built-in auto-expiration in VCR (feature request)
-- Delete cassettes liberally when in doubt
-- Use environment variable for re-recording
-- Implement custom age-checking if needed
-**Recommendation**:
-1. Manual refresh with `VCR_MODE=rec bundle exec rspec`
-2. Create rake task for bulk cassette deletion by age
-3. Document refresh schedule (e.g., monthly)
-4. Consider custom age-checker in VCR config
-
-### Question 11: How to handle rate-limited endpoints?
-**Question**: Add delays or use specific cassettes?
-**Status**: ✅ ANSWERED
-**Best Practice**:
-- Build throttling into the API client itself
-- VCR eliminates rate limit issues during playback
-- Record cassettes respecting rate limits initially
-- Use `:once` mode to avoid re-recording
-**Recommendation**:
-1. Add rate limiting to API client (not just tests)
-2. Record cassettes once with proper delays
-3. Playback doesn't need delays (cassettes replay instantly)
-4. Consider separate cassettes for rate-limited endpoints
-
-### Question 12: WebSocket/streaming endpoints?
-**Question**: Does the API have real-time endpoints needing special handling?
-**Status**: ✅ ANSWERED  
-**Best Practice**:
-- Use specialized libraries like `simple-websocket-vcr` for WebSockets
-- Standard VCR doesn't handle WebSocket protocol
-- Record multiple messages/frames in WebSocket sessions
-- Consider excluding real-time endpoints from VCR
-**Recommendation**:
-1. Check if Tastytrade API has WebSocket endpoints
-2. If yes, use `simple-websocket-vcr` gem
-3. If no, standard VCR is sufficient
-4. Mock WebSocket connections for unit tests
-
-### Question 13: Should we create a proof-of-concept first?
-**Question**: Convert one simple test file first?
-**Status**: ✅ ANSWERED
-**Best Practice**:
-- Start with single external service/API wrapper
-- Create dedicated API wrapper classes
-- Test wrapper with VCR, mock wrapper elsewhere
-- Run tests twice (record then replay)
-**Recommendation**:
-1. YES - Start with proof-of-concept
-2. Choose Session or Client class first
-3. Establish patterns and conventions
-4. Document learnings before full rollout
-
-### Question 14: Compliance or security requirements?
-**Question**: Extra sanitization for financial data? Regulatory requirements?
-**Status**: ✅ ANSWERED
-**Best Practice**:
-- Filter all PII from cassettes (names, addresses, SSNs, account numbers)
-- Use minimum necessary data for tests
-- Implement access controls for test data
-- Regular audits of cassette content
-**Recommendation**:
-1. Enhance VCR filter_sensitive_data for all PII
-2. Use synthetic test data where possible
-3. Document data handling procedures
-4. Store cassettes securely (encrypted if needed)
-5. Regular review of cassettes for leaked data
-
-## Summary
-
-### Questions Answered by Best Practices (10/14)
-1. ✅ Test environment - Use sandbox
-2. ✅ Credentials handling - .env.test + GitHub secrets
-3. ✅ Recording mode - :once default, :none in CI
-4. ✅ Production vs sandbox - Always use sandbox
-5. ✅ Test priorities - Auth → Account → Orders → CLI
-6. ✅ Migration strategy - Keep mocks initially, parallel transition
-7. ✅ Dynamic data - Custom matchers and filters
-8. ✅ Cassette organization - Auto-naming by endpoint
-9. ✅ CI management - Commit cassettes, use :none mode
-10. ✅ Refresh strategy - Manual with rake task
-11. ✅ Rate limiting - Build into client, record once
-12. ✅ WebSocket - Use specialized gem if needed
-13. ✅ Proof-of-concept - Yes, start small
-14. ✅ Compliance - Filter all PII, secure storage
-
-### Outstanding Questions for User (1/14)
-1. ~~**Do you have Tastytrade sandbox credentials?**~~ - ✅ CONFIRMED: User has sandbox credentials
-
-### Critical Sandbox Behavior Note
-**IMPORTANT**: Tastytrade sandbox endpoints behave like production - they only route orders during normal market hours. This impacts:
-- Order placement tests (will fail outside market hours)
-- Order validation tests (may behave differently based on market status)
-- Any tests that depend on real-time market data
-
-### Handling Market Hours Limitation
-
-#### Strategy 1: Time-Independent Cassettes (RECOMMENDED)
-1. **Record cassettes during market hours**
-   - Schedule recording sessions during market hours (9:30 AM - 4:00 PM ET)
-   - Use a specific day/time for consistency
-   - Document the recording time in cassette metadata
-
-2. **Use `:once` mode strictly**
-   - Never re-record automatically
-   - Cassettes remain valid regardless of current time
-   - Tests pass 24/7 once recorded
-
-3. **Separate market-dependent tests**
-   ```ruby
-   context "market hour dependent", :market_hours_only do
-     # Tests that need live market
-   end
-   
-   context "market hour independent", :vcr do
-     # Most tests with cassettes
-   end
-   ```
-
-#### Strategy 2: Mock Market Hours in Tests
-1. **Use Timecop to freeze time during playback**
-   ```ruby
-   around(:each, :vcr) do |example|
-     # Freeze to a known market hour when cassette was recorded
-     Timecop.freeze(cassette_recorded_at) do
-       example.run
-     end
-   end
-   ```
-
-2. **Add metadata to cassettes**
-   ```ruby
-   VCR.configure do |c|
-     c.before_record do |interaction|
-       interaction.response.headers['X-Cassette-Recorded-At'] = Time.current.iso8601
-       interaction.response.headers['X-Market-Status'] = market_open? ? 'open' : 'closed'
-     end
-   end
-   ```
-
-### Handling Sandbox Credentials
-
-#### Secure Credential Management
-1. **Local Development (.env.test)**
-   ```bash
-   # .env.test (gitignored)
-   TASTYTRADE_SANDBOX_USERNAME=your_sandbox_username
-   TASTYTRADE_SANDBOX_PASSWORD=your_sandbox_password
-   TASTYTRADE_SANDBOX_ACCOUNT=your_sandbox_account_number
-   ```
-
-2. **CI/CD (GitHub Secrets)**
-   - Store same credentials as GitHub secrets
-   - Reference in workflow: `${{ secrets.TASTYTRADE_SANDBOX_USERNAME }}`
-
-3. **VCR Configuration Enhancement**
-   ```ruby
-   VCR.configure do |config|
-     # Enhanced filtering for Tastytrade-specific data
-     config.filter_sensitive_data('<SANDBOX_USERNAME>') { ENV['TASTYTRADE_SANDBOX_USERNAME'] }
-     config.filter_sensitive_data('<SANDBOX_ACCOUNT>') { ENV['TASTYTRADE_SANDBOX_ACCOUNT'] }
-     
-     # Filter account numbers from responses
-     config.before_record do |interaction|
-       if interaction.response.body
-         body = interaction.response.body
-         # Replace any account numbers in response
-         body.gsub!(/5W[A-Z0-9]{6}/, '<ACCOUNT_NUMBER>')
-       end
-     end
-   end
-   ```
-
-4. **Test Helper for Sandbox Sessions**
-   ```ruby
-   # spec/support/sandbox_helpers.rb
-   module SandboxHelpers
-     def sandbox_session
-       @sandbox_session ||= VCR.use_cassette('authentication/sandbox_login') do
-         Tastytrade::Session.new(
-           username: ENV['TASTYTRADE_SANDBOX_USERNAME'],
-           password: ENV['TASTYTRADE_SANDBOX_PASSWORD'],
-           is_test: true
-         ).login
-       end
-     end
-     
-     def with_market_hours_check
-       if !VCR.current_cassette && !market_open?
-         skip "Skipping test - market closed and no cassette available"
-       end
-       yield
-     end
-   end
-   ```
-
-### Recommended Implementation Order (UPDATED)
-1. ~~Obtain/confirm sandbox credentials~~ ✅ Complete
-2. **Set up credential management** (.env.test + GitHub secrets)
-3. **Record initial cassettes during market hours**
-4. Create proof-of-concept with Session class
-5. Establish VCR helper patterns with market hour handling
-6. Convert tests incrementally following priority order
-7. Document recording schedule and market hour dependencies