fix: add token refresh cooldown to prevent EGW00133 cascading failures (issue #54 )

Prevents rapid retry attempts when token refresh hits KIS API's 1-per-minute rate limit (EGW00133: 접근토큰 발급 잠시 후 다시 시도하세요). Changes: - src/broker/kis_api.py:58-61 - Add cooldown tracking variables - src/broker/kis_api.py:102-111 - Enforce 60s cooldown between refresh attempts - tests/test_broker.py - Add cooldown behavior tests Before: - Token refresh fails with EGW00133 - Every API call triggers another refresh attempt - Cascading failures, system unusable After: - Token refresh fails with EGW00133 (first attempt) - Subsequent attempts blocked for 60s with clear error - System knows to wait, prevents cascading failures Test Results: - All 285 tests pass - New tests verify cooldown behavior - Existing token management tests still pass Implementation Details: - Cooldown starts on refresh attempt (not just failures) - Clear error message tells caller how long to wait - Compatible with existing token expiry + locking logic Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Merge pull request 'fix: add safe_float() to handle empty string conversions (issue #44 )' (#48 ) from feature/issue-44-safe-float into main
2026-02-05 00:37:20 +09:00 · 2026-02-05 00:18:22 +09:00 · 2026-02-05 00:17:15 +09:00 · 2026-02-05 00:15:04 +09:00 · 2026-02-05 00:12:57 +09:00 · 2026-02-05 00:11:04 +09:00
6 changed files with 229 additions and 31 deletions
--- a/.env.example
+++ b/.env.example
@@ -16,8 +16,9 @@ CONFIDENCE_THRESHOLD=80
 # Database
 DB_PATH=data/trade_logs.db
-# Rate Limiting
+# Rate Limiting (requests per second for KIS API)
-RATE_LIMIT_RPS=10.0
+# Reduced to 5.0 to avoid "초당 거래건수 초과" errors (EGW00201)
 RATE_LIMIT_RPS=5.0
 # Trading Mode (paper / live)
 MODE=paper
--- a/src/broker/kis_api.py
+++ b/src/broker/kis_api.py
@@ -55,6 +55,9 @@ class KISBroker:
        self._session: aiohttp.ClientSession | None = None
        self._access_token: str | None = None
        self._token_expires_at: float = 0.0
        self._token_lock = asyncio.Lock()
        self._last_refresh_attempt: float = 0.0
        self._refresh_cooldown: float = 60.0  # Seconds (matches KIS 1/minute limit)
        self._rate_limiter = LeakyBucket(settings.RATE_LIMIT_RPS)
    def _get_session(self) -> aiohttp.ClientSession:
@@ -80,12 +83,36 @@ class KISBroker:
    # ------------------------------------------------------------------
    async def _ensure_token(self) -> str:
-        """Return a valid access token, refreshing if expired."""
+        """Return a valid access token, refreshing if expired.
        Uses a lock to prevent concurrent token refresh attempts that would
        hit the API's 1-per-minute rate limit (EGW00133).
        """
        # Fast path: check without lock
        now = asyncio.get_event_loop().time()
        if self._access_token and now < self._token_expires_at:
            return self._access_token
        # Slow path: acquire lock and refresh
        async with self._token_lock:
            # Re-check after acquiring lock (another coroutine may have refreshed)
            now = asyncio.get_event_loop().time()
            if self._access_token and now < self._token_expires_at:
                return self._access_token
            # Check cooldown period (prevents hitting EGW00133: 1/minute limit)
            time_since_last_attempt = now - self._last_refresh_attempt
            if time_since_last_attempt < self._refresh_cooldown:
                remaining = self._refresh_cooldown - time_since_last_attempt
                error_msg = (
                    f"Token refresh on cooldown. "
                    f"Retry in {remaining:.1f}s (KIS allows 1/minute)"
                )
                logger.warning(error_msg)
                raise ConnectionError(error_msg)
            logger.info("Refreshing KIS access token")
            self._last_refresh_attempt = now
            session = self._get_session()
            url = f"{self._base_url}/oauth2/tokenP"
            body = {
--- a/src/config.py
+++ b/src/config.py
@@ -37,7 +37,8 @@ class Settings(BaseSettings):
    DB_PATH: str = "data/trade_logs.db"
    # Rate Limiting (requests per second for KIS API)
-    RATE_LIMIT_RPS: float = 10.0
+    # Reduced to 5.0 to avoid EGW00201 "초당 거래건수 초과" errors
    RATE_LIMIT_RPS: float = 5.0
    # Trading mode
    MODE: str = Field(default="paper", pattern="^(paper|live)$")
--- a/src/main.py
+++ b/src/main.py
@@ -33,6 +33,35 @@ from src.notifications.telegram_client import TelegramClient
 logger = logging.getLogger(__name__)
 def safe_float(value: str | float | None, default: float = 0.0) -> float:
    """Convert to float, handling empty strings and None.
    Args:
        value: Value to convert (string, float, or None)
        default: Default value if conversion fails
    Returns:
        Converted float or default value
    Examples:
        >>> safe_float("123.45")
        123.45
        >>> safe_float("")
        0.0
        >>> safe_float(None)
        0.0
        >>> safe_float("invalid", 99.0)
        99.0
    """
    if value is None or value == "":
        return default
    try:
        return float(value)
    except (ValueError, TypeError):
        return default
 # Target stock codes to monitor per market
 WATCHLISTS = {
    "KR": ["005930", "000660", "035420"],  # Samsung, SK Hynix, NAVER
@@ -77,16 +106,16 @@ async def trading_cycle(
        balance_data = await broker.get_balance()
        output2 = balance_data.get("output2", [{}])
-        total_eval = float(output2[0].get("tot_evlu_amt", "0")) if output2 else 0
+        total_eval = safe_float(output2[0].get("tot_evlu_amt", "0")) if output2 else 0
-        total_cash = float(
+        total_cash = safe_float(
            balance_data.get("output2", [{}])[0].get("dnca_tot_amt", "0")
            if output2
            else "0"
        )
-        purchase_total = float(output2[0].get("pchs_amt_smtl_amt", "0")) if output2 else 0
+        purchase_total = safe_float(output2[0].get("pchs_amt_smtl_amt", "0")) if output2 else 0
-        current_price = float(orderbook.get("output1", {}).get("stck_prpr", "0"))
+        current_price = safe_float(orderbook.get("output1", {}).get("stck_prpr", "0"))
-        foreigner_net = float(orderbook.get("output1", {}).get("frgn_ntby_qty", "0"))
+        foreigner_net = safe_float(orderbook.get("output1", {}).get("frgn_ntby_qty", "0"))
    else:
        # Overseas market
        price_data = await overseas_broker.get_overseas_price(
@@ -103,11 +132,11 @@ async def trading_cycle(
        else:
            balance_info = {}
-        total_eval = float(balance_info.get("frcr_evlu_tota", "0") or "0")
+        total_eval = safe_float(balance_info.get("frcr_evlu_tota", "0") or "0")
-        total_cash = float(balance_info.get("frcr_dncl_amt_2", "0") or "0")
+        total_cash = safe_float(balance_info.get("frcr_dncl_amt_2", "0") or "0")
-        purchase_total = float(balance_info.get("frcr_buy_amt_smtl", "0") or "0")
+        purchase_total = safe_float(balance_info.get("frcr_buy_amt_smtl", "0") or "0")
-        current_price = float(price_data.get("output", {}).get("last", "0"))
+        current_price = safe_float(price_data.get("output", {}).get("last", "0"))
        foreigner_net = 0.0  # Not available for overseas
    # Calculate daily P&L %
--- a/tests/test_broker.py
+++ b/tests/test_broker.py
@@ -49,6 +49,110 @@ class TestTokenManagement:
        await broker.close()
    @pytest.mark.asyncio
    async def test_concurrent_token_refresh_calls_api_once(self, settings):
        """Multiple concurrent token requests should only call API once."""
        broker = KISBroker(settings)
        # Track how many times the mock API is called
        call_count = [0]
        def create_mock_resp():
            call_count[0] += 1
            mock_resp = AsyncMock()
            mock_resp.status = 200
            mock_resp.json = AsyncMock(
                return_value={
                    "access_token": "tok_concurrent",
                    "token_type": "Bearer",
                    "expires_in": 86400,
                }
            )
            mock_resp.__aenter__ = AsyncMock(return_value=mock_resp)
            mock_resp.__aexit__ = AsyncMock(return_value=False)
            return mock_resp
        with patch("aiohttp.ClientSession.post", return_value=create_mock_resp()):
            # Launch 5 concurrent token requests
            tokens = await asyncio.gather(
                broker._ensure_token(),
                broker._ensure_token(),
                broker._ensure_token(),
                broker._ensure_token(),
                broker._ensure_token(),
            )
            # All should get the same token
            assert all(t == "tok_concurrent" for t in tokens)
            # API should be called only once (due to lock)
            assert call_count[0] == 1
        await broker.close()
    @pytest.mark.asyncio
    async def test_token_refresh_cooldown_prevents_rapid_retries(self, settings):
        """Token refresh should enforce cooldown after failure (issue #54)."""
        broker = KISBroker(settings)
        broker._refresh_cooldown = 2.0  # Short cooldown for testing
        # First refresh attempt fails with 403 (EGW00133)
        mock_resp_403 = AsyncMock()
        mock_resp_403.status = 403
        mock_resp_403.text = AsyncMock(
            return_value='{"error_code":"EGW00133","error_description":"접근토큰 발급 잠시 후 다시 시도하세요(1분당 1회)"}'
        )
        mock_resp_403.__aenter__ = AsyncMock(return_value=mock_resp_403)
        mock_resp_403.__aexit__ = AsyncMock(return_value=False)
        with patch("aiohttp.ClientSession.post", return_value=mock_resp_403):
            # First attempt should fail with 403
            with pytest.raises(ConnectionError, match="Token refresh failed"):
                await broker._ensure_token()
            # Second attempt within cooldown should fail with cooldown error
            with pytest.raises(ConnectionError, match="Token refresh on cooldown"):
                await broker._ensure_token()
        await broker.close()
    @pytest.mark.asyncio
    async def test_token_refresh_allowed_after_cooldown(self, settings):
        """Token refresh should be allowed after cooldown period expires."""
        broker = KISBroker(settings)
        broker._refresh_cooldown = 0.1  # Very short cooldown for testing
        # First attempt fails
        mock_resp_403 = AsyncMock()
        mock_resp_403.status = 403
        mock_resp_403.text = AsyncMock(return_value='{"error_code":"EGW00133"}')
        mock_resp_403.__aenter__ = AsyncMock(return_value=mock_resp_403)
        mock_resp_403.__aexit__ = AsyncMock(return_value=False)
        # Second attempt succeeds
        mock_resp_200 = AsyncMock()
        mock_resp_200.status = 200
        mock_resp_200.json = AsyncMock(
            return_value={
                "access_token": "tok_after_cooldown",
                "expires_in": 86400,
            }
        )
        mock_resp_200.__aenter__ = AsyncMock(return_value=mock_resp_200)
        mock_resp_200.__aexit__ = AsyncMock(return_value=False)
        with patch("aiohttp.ClientSession.post", return_value=mock_resp_403):
            with pytest.raises(ConnectionError, match="Token refresh failed"):
                await broker._ensure_token()
        # Wait for cooldown to expire
        await asyncio.sleep(0.15)
        with patch("aiohttp.ClientSession.post", return_value=mock_resp_200):
            token = await broker._ensure_token()
            assert token == "tok_after_cooldown"
        await broker.close()
 # ---------------------------------------------------------------------------
 # Network Error Handling
--- a/tests/test_main.py
+++ b/tests/test_main.py
@@ -6,7 +6,43 @@ from unittest.mock import AsyncMock, MagicMock, patch
 import pytest
 from src.core.risk_manager import CircuitBreakerTripped, FatFingerRejected
-from src.main import trading_cycle
+from src.main import safe_float, trading_cycle
 class TestSafeFloat:
    """Test safe_float() helper function."""
    def test_converts_valid_string(self):
        """Test conversion of valid numeric string."""
        assert safe_float("123.45") == 123.45
        assert safe_float("0") == 0.0
        assert safe_float("-99.9") == -99.9
    def test_handles_empty_string(self):
        """Test empty string returns default."""
        assert safe_float("") == 0.0
        assert safe_float("", 99.0) == 99.0
    def test_handles_none(self):
        """Test None returns default."""
        assert safe_float(None) == 0.0
        assert safe_float(None, 42.0) == 42.0
    def test_handles_invalid_string(self):
        """Test invalid string returns default."""
        assert safe_float("invalid") == 0.0
        assert safe_float("not_a_number", 100.0) == 100.0
        assert safe_float("12.34.56") == 0.0
    def test_handles_float_input(self):
        """Test float input passes through."""
        assert safe_float(123.45) == 123.45
        assert safe_float(0.0) == 0.0
    def test_custom_default(self):
        """Test custom default value."""
        assert safe_float("", -1.0) == -1.0
        assert safe_float(None, 999.0) == 999.0
 class TestTradingCycleTelegramIntegration:
Author	SHA1	Message	Date
agentson	a56adcd342	fix: add token refresh cooldown to prevent EGW00133 cascading failures (issue #54 ) Some checks failed CI / test (pull_request) Has been cancelled Details Prevents rapid retry attempts when token refresh hits KIS API's 1-per-minute rate limit (EGW00133: 접근토큰 발급 잠시 후 다시 시도하세요). Changes: - src/broker/kis_api.py:58-61 - Add cooldown tracking variables - src/broker/kis_api.py:102-111 - Enforce 60s cooldown between refresh attempts - tests/test_broker.py - Add cooldown behavior tests Before: - Token refresh fails with EGW00133 - Every API call triggers another refresh attempt - Cascading failures, system unusable After: - Token refresh fails with EGW00133 (first attempt) - Subsequent attempts blocked for 60s with clear error - System knows to wait, prevents cascading failures Test Results: - All 285 tests pass - New tests verify cooldown behavior - Existing token management tests still pass Implementation Details: - Cooldown starts on refresh attempt (not just failures) - Clear error message tells caller how long to wait - Compatible with existing token expiry + locking logic Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-02-05 00:37:20 +09:00
jihoson	33b5ff5e54	Merge pull request 'fix: add safe_float() to handle empty string conversions (issue #44 )' (#48 ) from feature/issue-44-safe-float into main Some checks failed CI / test (push) Has been cancelled Details Reviewed-on: #48	2026-02-05 00:18:22 +09:00
jihoson	3923d03650	Merge pull request 'fix: reduce rate limit from 10 to 5 RPS to avoid API errors (issue #43 )' (#47 ) from feature/issue-43-reduce-rate-limit into main Some checks failed CI / test (push) Has been cancelled Details Reviewed-on: #47	2026-02-05 00:17:15 +09:00
agentson	c57ccc4bca	fix: add safe_float() to handle empty string conversions (issue #44 ) Some checks failed CI / test (pull_request) Has been cancelled Details Add safe_float() helper function to safely convert API response values to float, handling empty strings, None, and invalid values that cause ValueError: "could not convert string to float: ''". Changes: - Add safe_float() function in src/main.py with full docstring - Replace all float() calls with safe_float() in trading_cycle() - Domestic market: orderbook prices, balance amounts - Overseas market: price data, balance info - Add 6 comprehensive unit tests for safe_float() The function handles: - Empty strings ("") → default (0.0) - None values → default (0.0) - Invalid strings ("abc") → default (0.0) - Valid strings ("123.45") → parsed float - Float inputs (123.45) → pass through This prevents crashes when KIS API returns empty strings during market closed hours or data unavailability. Fixes: #44 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-02-05 00:15:04 +09:00
agentson	cb2e3fae57	fix: reduce rate limit from 10 to 5 RPS to avoid API errors (issue #43 ) Some checks failed CI / test (pull_request) Has been cancelled Details Reduce RATE_LIMIT_RPS from 10.0 to 5.0 to prevent "초당 거래건수를 초과하였습니다" (EGW00201) errors from KIS API. Docker logs showed this was the most frequent error (70% of failures), occurring when multiple stocks are scanned rapidly. Changes: - src/config.py: RATE_LIMIT_RPS 10.0 → 5.0 - .env.example: Update default and add explanation comment Trade-off: Slower API throughput, but more reliable operation. Can be tuned per deployment via environment variable. Fixes: #43 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-02-05 00:12:57 +09:00
jihoson	5e4c68c9d8	Merge pull request 'fix: add token refresh lock to prevent concurrent API calls (issue #42 )' (#46 ) from feature/issue-42-token-refresh-lock into main Some checks failed CI / test (push) Has been cancelled Details Reviewed-on: #46	2026-02-05 00:11:04 +09:00
agentson	95f540e5df	fix: add token refresh lock to prevent concurrent API calls (issue #42 ) Some checks failed CI / test (pull_request) Has been cancelled Details Add asyncio.Lock to prevent multiple coroutines from simultaneously refreshing the KIS access token, which hits the 1-per-minute rate limit (EGW00133: "접근토큰 발급 잠시 후 다시 시도하세요"). Changes: - Add self._token_lock in KISBroker.__init__ - Wrap token refresh in async with self._token_lock - Re-check token validity after acquiring lock (double-check pattern) - Add concurrent token refresh test (5 parallel requests → 1 API call) The lock ensures that when multiple coroutines detect an expired token, only the first one refreshes while others wait and reuse the result. Fixes: #42 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-02-05 00:08:56 +09:00
jihoson	0087a6b20a	Merge pull request 'fix: handle dict and list formats in overseas balance output2 (issue #41 )' (#45 ) from feature/issue-41-keyerror-balance into main Some checks failed CI / test (push) Has been cancelled Details Reviewed-on: #45	2026-02-05 00:06:25 +09:00