v0.6.0

What's Changed

Full CLOB order-type support: time-in-force, self-trade prevention, and MARKET orders across the single, batch, and cancel/replace paths — with the order-type model verified against the on-chain TradePairs contract.

CLOB order types

• add_order gains optional time_in_force (GTC default, FOK, IOC, PO; aliases like POST_ONLY accepted) and stp (CANCEL_TAKER default, CANCEL_MAKER, CANCEL_BOTH, CANCEL_NONE), replacing the previously hardcoded type2=0 / stp=0 in the on-chain order struct.
• add_limit_order_list and cancel_add_list honour per-order order_type / time_in_force / stp; added add_order_list as a clearer alias for the now-not-limit-only batch path.
• New dexalot_sdk.core.order_types module centralises the order enums (Side, OrderType, TimeInForce, SelfTradePrevention, OrderStatus), alias-aware parsers, and combination validation; read and write paths share one integer↔label mapping so it cannot drift.
• type1 / type2 / stp enum values confirmed against the contract ITradePairs.sol enums.

Validators / Input handling

• validate_order_combo enforces only the contract-faithful invariant — a LIMIT order requires a price — and defers per-pair allowed types, Post-Only, self-trade, and FOK rules to on-chain reverts (T-IVOT-01, T-POOA-01, T-T2PO-01, T-FOKF-01, T-STPR-01).
• Self-trade-prevention input accepts both readable (CANCEL_TAKER) and contract (CANCELTAKER) spellings.

Docs

• New "Order Types & Time-in-Force" section in the README and matching CLAUDE.md notes.
• Fixed broken documentation-site links flagged by the docs build.

Behavioural changes

• time_in_force and stp are optional and default to prior behaviour (GTC / CANCEL_TAKER / LIMIT); no existing call site changes.
• MARKET orders are no longer pre-rejected for time-in-force or a supplied price — the contract ignores both for MARKET. A MARKET BUY now skips the pre-flight balance check (notional is unknown without a price) and relies on the contract; MARKET SELL and all LIMIT paths keep the check.
• Order reads label type1 2/3 as STOP / STOPLIMIT (matching the contract Type1 enum), but the write API accepts only MARKET / LIMIT, so the SDK never originates a stop order. Unrecognised enum integers render as UNKNOWN(<n>).
• replace_order inherits the original order's order_type / time_in_force / stp (the contract's cancelReplaceOrder carries only price and quantity); use cancel_add_list to change them.

PRs: #10

Full Changelog: v0.5.16...v0.6.0

v0.5.16

What's Changed

SDK gap-fill release — the Python mirror of TypeScript v0.5.19. Closes the read-side parity gaps: five new history/valuation methods (order history, combined transfers, token USD prices, daily + hourly price history), filterable deployment lookup, structured backend reason-code preservation in errors, a cross-SDK shape reconciliation, and a CVE dependency bump.

New methods

• get_order_history(account=None, *, pair=None, status=None, limit=100, offset=0) (CLOB) — paginated per-account order history. Returns the same canonical order shape and aliases as get_open_orders. Balance-tier cached (10s).
• get_combined_transfers(*, symbol=None, from_ts=None, to_ts=None, limit=100, offset=0) (Transfer) — unified deposit / withdraw / transfer history as list[Transfer] (a frozen dataclass with snake_case fields normalized from the backend's DBTransfer shape). symbol is canonicalized via _normalize_user_token; limit/offset translate to the backend's itemsperpage/pageno paging and from_ts/to_ts to its periodfrom/periodto window. Balance-tier cached.
• get_token_usd_prices(env=None) (Transfer) — token→USD price map for portfolio valuation. Semi-static cached (15m).
• get_token_price_history(token, *, from_ts=None, to_ts=None) / get_token_hourly_price_history(token, *, from_ts=None, to_ts=None) (Transfer) — daily and hourly price series; timestamps normalized to unix seconds (ms auto-detected by magnitude), prices coerced to numbers. Static cached (1h).

Deployment lookup

• get_deployment() extended with env / contract_type / return_abi filters; each filter combination caches under its own static-tier key.

Error handling

• _api_call preserves the backend's structured reason_code + reason from REST error bodies. Failures surface "FQ-015: insufficient liquidity" instead of the generic "Request failed with status code 400". Pattern-match on the code prefix (FQ-, P-AFNE-, T-TMDQ-, RF-IMV-, …) to branch programmatically.

Cross-SDK parity

• Reconciled the gap-fill public shapes with the canonical cross-SDK spec shared with dexalot-sdk-typescript before merge (B1–B4), avoiding post-merge breaking changes: get_combined_transfers's kind kwarg renamed to symbol; Transfer.target_env / target_chain_id / target_tx / target_ts are now nullable (_normalize_transfer emits None for non-crossing rows rather than "" / 0); source_ts stays non-null.
• get_combined_transfers converts from_ts/to_ts (unix seconds) to ISO-8601 before sending them to the backend, and parses inbound source_ts/target_ts from ISO-8601 back to unix seconds — the endpoint rejects raw unix integers. Public API is unchanged.

Security / Dependencies

• Bumped aiohttp to >=3.14.1 (clears 8 CVEs, CVE-2026-54273..54280) and widened cryptography to >=48.0.1,<49 (clears GHSA-537c-gmf6-5ccf; the prior <48 ceiling excluded the fix). Relocked uv.lock; the pip-audit and bandit CI gates are green.

Behavioural changes

• Result.fail() messages now carry the backend's reason_code: reason instead of the generic status message. Code that string-matched on "Request failed with status code …" should switch to matching the reason-code prefix.
• All other changes are additive — five new read methods plus a filterable get_deployment. No public symbol that existed in v0.5.15 changed shape or was removed; the kind→symbol rename and nullable target_* fields are on surfaces introduced in this same release.

PRs: #9

Full Changelog: v0.5.15...v0.5.16

v0.5.15

What's Changed

Precision and security release covering CLOB, TRANSFER, and dependencies.

CLOB

• All four write paths (add_order, add_limit_order_list, replace_order, cancel_add_list) now route amount/price encoding through Decimal-backed Utils.unit_conversion. Fixes T-TMDQ-01 rejections from inputs like 2933.0 whose int(value * 10**18) silently truncated to 2932999999999999737856.
• replace_order now applies the display-decimal precision gate it previously skipped, matching the other three write paths.
• Display-decimal precision is now enforced via REJECT-with-tolerance: inputs whose precision exceeds the pair's basedisplaydecimals / quotedisplaydecimals return Result.fail instead of being silently rounded (silent rounding caused silent slippage — a stop at 99.99 quietly becoming 99.9). A 1e-10 tolerance absorbs binary-float-representation noise (0.1 + 0.2, etc.).
• mintrade_amnt / maxtrade_amnt enforced client-side as quote-token notional bounds before any on-chain submission.
• Pairs whose metadata omits display decimals are now dropped at ingest with a WARNING instead of silently defaulting to 18 (which would mask contract rejections downstream).

TRANSFER

• transfer_portfolio, deposit, withdraw, get_deposit_bridge_fee, transfer_token now use Decimal arithmetic for amount-to-wei conversion (same precision bug as CLOB).
• get_portfolio_balance and get_all_portfolio_balances now use Decimal arithmetic for the wei-to-human display conversion, preserving precision for balances above ~2^53 wei.
• add_gas / remove_gas standardized on Utils.unit_conversion for idiom consistency.

Validators

• validate_positive_float renamed to validate_positive_number; now accepts Decimal and numeric str in addition to int / float (alias kept for one release). Callers wanting precision-exact arithmetic can pass Decimal('2933') or '2933.5'. bool is explicitly rejected.

Security

• Pinned idna >= 3.15 (closes CVE-2026-45409) and urllib3 >= 2.7.0 (closes PYSEC-2026-141, PYSEC-2026-142). pip-audit is clean.

Docs

• New README "Amount Precision and Display Decimals" section.
• Six new CLAUDE.md entries under "Non-Obvious Decisions" covering the precision contract.
• New .cursor/rules/precision-decimal-arithmetic.mdc pinning the helper-usage rule for all SDK source files.
• Remediation plan entries O-1 through O-8 marked Resolved.

Behavioural changes

• Inputs whose precision exceeds the pair's display decimals now return Result.fail(...) instead of being silently rounded. Callers must round explicitly or pass Decimal for full precision.
• Orders outside [min_trade_amount, max_trade_amount] now fail in the SDK before any on-chain submission.
• Pairs whose API record omits display decimals are no longer present in client.pairs.

PR: #8
Full Changelog: v0.5.14...v0.5.15

v0.5.14

What's Changed

• Promote SDK to beta status (0.5.14): swap RFQ defects fixed, error info surfaced by @ngurmen in #7

Full Changelog: v0.5.13...v0.5.14

v0.5.13

What's Changed

• chore: Prepare repo for PyPi distribution by @ngurmen in #1
• docs: Add release workflow and tagging instructions by @ngurmen in #2
• feat: SDK helpers for CLOB market data and chain token balances by @ngurmen in #3
• feat: CI workflow, security gates, and Python 3.13/3.14 support by @ngurmen in #4
• chore: release 0.5.13 + tighten CI security gates by @ngurmen in #5
• build(release): upgrade pip in pypi.yml build tooling step by @ngurmen in #6

New Contributors

• @ngurmen made their first contribution in #1

Full Changelog: v0.5.12...v0.5.13