Skip to Main Content

OpenAlgo — Production Hardening of India's Open Source Algorithmic Trading Platform

OpenAlgo

Fixed a critical silent data-loss bug where OpenAlgo's Strategy Manager permanently loses pending orders on app restart by replacing ephemeral in-memory queues with a SQLite-backed persistent queue

Repository Demo
Team Members
Lucky Ansari
Lucky Ansari
lucky_ansari
 Muskan Singh
Muskan Singh
muskan_singh
 PANTH HAVELIWALA
PANTH HAVELIWALA
panth_haveliwala
 Panjari Shah
Panjari Shah
panjari_shah
Description

OpenAlgo — Production Hardening of India's Open Source Algorithmic Trading Platform

Repository: https://github.com/LuckyAnsari22/openalgo
Upstream: https://github.com/marketcalls/openalgo (3,600+ commits, 120k+ PyPI downloads)
License: AGPL v3.0
Contribution Period: February 1 – March 31, 2026

What is OpenAlgo?

OpenAlgo is a self-hosted, open-source algorithmic trading platform that provides a unified API layer across 30+ Indian stockbrokers. India's brokerage ecosystem is fragmented — every broker has a different API, different order formats, different authentication flows. OpenAlgo standardizes all of them into a single REST API, enabling traders to automate strategies from TradingView, Amibroker, Python, MetaTrader, and more, without being locked to a specific broker.

It's a real production system: 120,000+ PyPI downloads, active Discord community, and used by retail traders executing real trades daily.

Tech Stack: Python Flask 3.0 · React 19 · TypeScript · SQLAlchemy 2.0 · WebSocket + ZeroMQ · Docker

The Problem I Solved

Despite being a feature-rich platform, OpenAlgo had three systemic issues that were holding it back from enterprise and production readiness:

1. Silent Error Swallowing (47+ modules)
The codebase used bare except: clauses with traceback.print_exc() throughout. In a live trading system handling real money, this meant errors were printed to stdout and lost forever — never logged, never searchable, never debuggable. When a trade fails at 2 AM, you need logs, not stdout.

2. Zero Documentation (100+ modules)
Over 100 Python modules across 30+ broker integrations had zero docstrings. New contributors had to reverse-engineer every function, making the project inaccessible to the community it was trying to build.

3. No Tests for Critical Paths
The order execution pipeline — place order, cancel order, basket orders — the most critical code in a trading platform where real money moves — had zero unit tests. This meant any refactoring was a gamble.

What I Built (88 commits, 44,444+ lines, 580+ files)

Error Handling Modernization: Systematically replaced unsafe traceback.print_exc() with logger.exception() across 47+ modules spanning REST API, service layer, blueprints, and broker integrations. Added specific exception types, meaningful context, and structured logging throughout.

Documentation: Added comprehensive Google-style docstrings with Args/Returns/Raises to 100+ Python modules across 9 broker adapters (AliceBlue, Angel, Dhan, Fyers, Groww, Kotak, Shoonya, Upstox, Zerodha) plus core utils, database, and blueprint modules. Added Python type hints to configuration and security middleware.

Testing Infrastructure: Built 100+ unit tests from scratch for the order execution pipeline — place order (38 tests), smart order, cancel order, basket order services. Created reusable pytest fixtures in conftest.py.

Security Hardening: Fixed an IP spoofing vulnerability, added HTTP security headers (CSP, X-Frame-Options, HSTS), implemented CSRF time-limit validation, and added null input validation on API endpoints.

Accessibility (WCAG 2.1): Added ARIA labels for icon buttons, ARIA dialog descriptions, tooltips for action icons, empty state components for 6 pages, React Error Boundary, and form maxLength validation.

Infrastructure: Migrated Docker Compose from named volumes to bind mounts, replaced volatile in-memory order queue with SQLite-backed persistent queue, added graceful .env permission error handling.

How to Install & Test

bash

git clone https://github.com/LuckyAnsari22/openalgo.git

cd openalgo

# See all 47 contribution branches

git branch -a | grep -E "docs/|fix/|feat/|test/|a11y/|refactor/"

# See 88 commits

git log --oneline --author="LuckyAnsari22" --since="2026-02-01"

# Install and run tests

pip install uv

uv pip install -r requirements.txt

python -m pytest test/test_place_order_service.py -v

# Run the application

cp .sample.env .env

uv run app.py

# Available at http://127.0.0.1:5000

Upstream Recognition

My contributions were officially recognized in the v2.0.0.2 release (March 29, 2026) — a major release with 158 commits from 17 contributors. The upstream project follows a strict "one feature per PR" policy, which is why my 47 branches represent 47 individual PRs rather than a single monolithic merge.

Credits

OpenAlgo is created and maintained by marketcalls. All original credit goes to the upstream project creators and 40+ contributors. My work builds on their foundation to improve code quality, reliability, and accessibility.

Issues & PRs Board
Issue
Architecture: Python Strategy Manager
Issue
add missing docstrings to database module functions
Issue
add shared pytest conftest.py
Issue
Bare except: clause hides conversion errors in _safe_timestamp()
Pull Request
add Google-style docstrings to database module functions
Pull Request
add pytest conftest.py with reusable fixtures and security test data
Pull Request
use bind mounts instead of named volumes for host-accessible data
Pull Request
replace bare except with specific exception handling in magin and gex
Pull Request
fix(security): add missing HTTP security headers to Flask responses
Pull Request
fix(api): add null check for request.json in market_holidays, symbol and interval
Pull Request
test: add unit tests for basket_order_service and integrate with CI
Pull Request
docs: add Google-style docstrings to Dhan broker adapter
Pull Request
fix: update docker-compose volume mappings for persistent data
Pull Request
fix: handle .env permission errors gracefully in Docker
Pull Request
docs: add Google-style docstrings to AliceBlue broker adapter
Pull Request
docs: add docstrings to auth blueprint route handlers
Pull Request
test: add unit tests for place_smart_order_service
Pull Request
test: add unit tests for cancel order services
Pull Request
feat(ui): improve empty state on Search page
Pull Request
feat(ui): add tooltips to action buttons on TradeBook page
Pull Request
feat(a11y): add aria-labels to Navbar icons and links
Pull Request
feat(ui): add tooltip to Close Position button on Positions page
Pull Request
feat(ui): improve empty state on MarketTimings page
Pull Request
feat(ui): add tooltips to filter button and action icons on OrderBook
Pull Request
fix(a11y): add aria-labels to icon-only buttons on Holdings page
Pull Request
fix: replace bare except with specific exception in _safe_timestamp()
Pull Request
fix(services): replace traceback.print_exc() with logger.exception() for improved error logging
Pull Request
fix(api): replace traceback.print_exc() with logger.exception() in RESTx API
Pull Request
fix(services): replace traceback.print_exc() with logger.exception() in data services
Pull Request
fix(api): standardize error response format in option greeks
Pull Request
docs: add Google-style docstrings to Angel One broker adapter
Pull Request
docs: add Google-style docstrings to Zerodha broker adapter
Pull Request
docs: add Google-style docstrings to Kotak broker integration
Pull Request
Docs/add docstrings shoonya
Pull Request
fix: replace traceback with logger.exception() in blueprints
Pull Request
fix: replace traceback with logger.exception() in broker zerodha
Pull Request
fix: replace traceback with logger.exception() in broker groww
Pull Request
fix: replace traceback with logger.exception() in services
Pull Request
fix: replace traceback with logger.exception() in misc
Pull Request
docs(brokers): standardize Google-style docstrings for Angel, Kotak, and Shoonya modules
Pull Request
docs(groww): add Google-style docstrings and fix error logging
Pull Request
refactor: replace traceback with logger.exception across 47 modules for robust error handling and install lucide-react
Pull Request
Docs/add remaining docstrings
Pull Request
fix: resolve swallowed exceptions in gex service and improve React a11y with aria-labels
Pull Request
chore: final FOSS Hack 2026 polish on active endpoints
Pull Request
fix: replace volatile in-memory queue with SQLite-backed persistent order queue
Pull Request
docs(utils): add Google-style docstrings to utils module
Pull Request
test: Add comprehensive test suite for place_order_service
Pull Request
test: Add comprehensive test suite for place_order_service
Pull Request
Fix/broker issues and robustness improvements
Discussion
Version 2.0.0.2 Released