Skip to content

Release Notes

This public changelog keeps only user-facing upgrade, API, and behavior changes.

Earlier releases are available in the Release Notes Archive.

v1.4.122 · 2026-06-27 — 🟡 QOT 3401+ and language runtime closeout

Users who use newer read-only QOT queries such as earnings, macro, dividend, institutions, industries, or heat maps, or who want daemon-side language-pack auto update, should upgrade to this version.

  • Added the language-pack runtime cache. Without an endpoint, daemon startup stays non-blocking and uses the built-in minimal_fallback; the futucli lang-pack update command can fetch a manifest and write last_good_cache; daemon --language-pack-endpoint performs background auto update while keeping the last good cache on failure.
  • Quote-right, trade-right, all-session risk-disclosure, update-check, and selected proto-json UX hints continue to move onto stable diagnostic keys, making future Simplified Chinese, English, and Traditional Chinese text updates less fragile.
  • Fixed request failures in some 3401+ quote APIs. These endpoints now follow the official OpenD backend command configuration, avoiding live-backend invalid wire-format data or request-type errors.
  • macro-indicator-history now returns ret_type=0; dividend-calendar now also aligns the dividend service RequestType enum after the wire-format fix, avoiding request_type is invalid responses.
  • Verified with focused local tests, script guards, clippy, proto diff, package gate, external real-machine C++ / Rust dual-gateway checks, and an external package retest. This release has no API breaking changes.

v1.4.121 · 2026-06-25 — 🟡 QOT 3401+ APIs, screen parity, and package closeout

Users who need the newer read-only quote APIs, stock screen / ranking queries, local C++ / Rust parity diagnostics, or package-only smoke checks should upgrade to this version.

  • Added or completed the 3401+ read-only QOT API family, covering earnings / macro / FedWatch calendars, sector capital flow, hot lists, short selling, institutional holdings, ARK holdings, ratings, industries, heat maps, rise/fall distribution, and screen / ranking queries. Gateway, REST, MCP, and CLI exposure is registered consistently, with unavailable surfaces explicitly marked NotExposed.
  • StockScreen / OptionScreen / WarrantScreen projections continue to align with official OpenD: returned fields, allCount, retrieve columns, security / owner names, change-rate fields, dates, and filter ratio scaling are covered by focused checks to reduce cross-surface drift.
  • The local C++ / Rust parity lab now includes screen / 3401+ quick-regression profiles and case packs, producing Markdown / JSON reports for high-repeat paths such as order book, history orders, related warrants, and screen APIs.
  • Release and pretest packages now probe the three shipped binaries through --version, --help, and futucli commands during packaging, and include a bootstrap diagnostics script. The packaged macOS README explains the Gatekeeper workaround: xattr -cr futu-opend futu-mcp futucli.
  • futucli version --check / doctor now fail closed when the default manifest returns non-2xx HTTP or an incompatible schema, instead of reporting “up to date”. The docs workflow and manual deploy scripts verify that the public version.json is actually published.
  • New QOT protect / rate-limit behavior continues to align with official OpenD for read-only quote APIs, first-page paging semantics, default-account buckets, and combo-order frequency grouping.
  • MY ETF / warrant static-info visibility now has a regression guard so local stock-list filtering does not hide newly visible official static rows.
  • This release has no API breaking changes. Additions are read-only QOT queries, diagnostics, and package/release guardrails.

v1.4.120 · 2026-06-23 — 🟡 Order-book depth, history orders, and combo-order projection closeout

Users who rely on get_order_book, history orders, current / combo orders, or multi-surface trade-read APIs should upgrade to this version.

  • get_order_book now follows the accepted Lv2 subscription and requested depth policy for permission combinations such as US Lv2 / ARCA-only, instead of returning only one level after subscribe. HK order-book depth remains covered by 10-level non-regression checks.
  • Quote-right decisions now flow through a shared capability layer. Snapshot, order book, basic quote, related-warrant, and crypto PT order-book paths expose consistent reason, action, and source diagnostics instead of interpreting raw permission fields independently in each handler.
  • History-order reads now align paging, market fallback, time filtering, expiry filtering, and deduplication rules across REST, MCP, CLI, gRPC, and FTAPI, avoiding different counts for the same account and date window.
  • History-order projection continues to align with official OpenD behavior: millisecond timestamps are preserved, order type is converted from the account market, and combo / multi-leg orders return strategy names, strategyType, and comboLegs.
  • Current order_list_query now preserves backend combo-leg information in the current-order cache and projects combo order names from strategy type, returning strategyType and comboLegs just like history orders.
  • Added a read-only quote capability diagnostic surface for REST / CLI (MCP and Gateway/gRPC are explicitly NotExposed), and ship the local C++ / Rust parity lab scripts plus redacted fixture oracle in the package so quote-right, order-book depth, history-order, and related-security mismatches are reproducible before asking external testers to rerun a manual matrix.
  • Added surface catalog, projection-domain ledger, backend channel-runtime, and static-readiness guardrails to reduce missing REST / MCP / CLI / docs updates when adding endpoints, projection fields, or diagnostics.
  • Verification covers focused tests, neighboring history-order scenarios, order-list module tests, package gate, format checks, workspace clippy all-targets, workspace tests, release-ci build, and PII scanning. Current-order combo-order name alignment via order_list_query is confirmed by external real-machine retest.
  • This release has no API breaking changes. The quote capability diagnostic is a read-only helper surface.

v1.4.119 · 2026-06-21 — 🟡 Long-run auth refresh and broker self-heal closeout

Users who run long-lived daemons, depend on multi-broker trading channels, or need clearer static-data sync diagnostics should upgrade to this version.

  • When a long-lived daemon receives an explicit authorization-expired signal, it refreshes login credentials and continues reconnecting. A 24-hour real-machine run confirmed that platform authorization expiry can recover without restarting the daemon.
  • Broker-channel self-heal retry cadence now follows official OpenD behavior: when network jitter overlaps with broker authorization expiry, Rust no longer uses the old 5-minute client-side self-limit. Failed self-heal attempts retry with an approximately 10-15 second retry-after window, reducing recovery wait time.
  • After broker authorization refresh succeeds, the reconnect watcher reloads the fresh broker authorization, resets the failure counter, and returns to the initial reconnect cadence instead of repeatedly retrying with stale authorization.
  • Added a reusable long-run probe script that performs read-only REST / FTAPI probes, focuses daemon logs, and invokes the redacted evidence collector when it observes an authorization-expired signal.
  • futucli static-status now exposes stable reason and action fields. futucli doctor summarizes first static-data sync, zero-delta convergence, and checksum retry state into diagnostics suitable for bug reports.
  • The adaptive compile-cache wrapper now checks whether the sccache server is reachable and falls back to raw rustc when it is not.
  • This release has no API breaking changes, no proto changes, and no new public endpoints. Continue observing broker self-heal recovery time and auth-refresh behavior in real long-running environments.

v1.4.118 · 2026-06-19 — 🟡 Long-run reconnect and command discovery closeout

Users who run long-lived daemons, use multi-broker trading / trade unlock, or frequently work with futucli should upgrade to this version.

  • After a platform network blip self-recovers, trading broker channels now receive a disconnect signal and reconnect with cached authorization. In real-machine retests, broker channels recovered within roughly a few tens of seconds after platform reconnect, and unlock-trade no longer stayed on a backend error for an extended period.
  • Reconnect paths that receive an explicit authorization-expired signal now refresh login credentials and retry with fresh authorization. Ordinary backend-down windows still avoid empty login-refresh attempts, reducing ineffective retry traffic.
  • Added futucli commands to browse or search existing flat root commands by category, with JSON output for tooling. Existing command names remain canonical and backward compatible; no prefixed command hierarchy is introduced.
  • futucli surface --checklist <endpoint> now prints the REST / MCP / CLI / Gateway, schema, runtime, docs, and final-gate checklist needed when adding or changing an endpoint. --output markdown produces review- and handoff-friendly Markdown.
  • Release and diagnostic guards were tightened to reduce false positives and missed coverage around static-data loading, cross-entry smoke checks, diagnostic contracts, and preparatory code that is not wired into runtime behavior.
  • Broker reconnect was verified twice on a real machine. Authorization-expired reconnect handling is covered by code-level and integration checks, and natural token-expiry behavior should continue to be observed in long-running environments.

v1.4.117 · 2026-06-18 — 🔴 Terminal order pushes and JP Lv2 order-book closeout

Users who rely on order pushes for fill / cancel terminal states, or who use JP stock Lv2/Lv3 order books, should upgrade to this version.

  • Fill-detail arrival now triggers a bounded order refresh and filters the synthesized order-status push by the target order id, so filled orders can reach FILLED_ALL instead of only emitting fill details.
  • Single-cancel, cancel-all, and account-wide refreshes still synthesize pushes only for target orders already present in the local cache whose fields changed, preventing same-day historical orders from mixing into current-order events.
  • Order-update diffing now considers more than status: price, quantity, filled quantity, auxiliary price, trailing fields, and related order fields can also trigger a target order update; unchanged orders are not replayed.
  • JP stock Lv2/Lv3 order-book subscribe, push parsing, and read paths now interpret lv2_type in the JP market context, avoiding collisions with SG odd-lot routing or US exchange-merge caches. JP order-book price / volume has been verified on a real machine. This release does not claim a per-level order-count change.
  • Fill, single-cancel, and cancel-all pushes were verified through CLI, REST WebSocket, and MCP LoggingMessage. JP.7203 / JP.9984 order-book price and volume were verified on real-market data.

v1.4.116 · 2026-06-18 — 🟡 Order-status push fix

Users who rely on order push subscriptions to track place, cancel, or fill state transitions should review this version.

  • Account-wide order refreshes plus bounded post single-cancel and cancel-all order refreshes now synthesize an order-status push for target orders that are already present in the local cache and whose status changed, so a post-place order stream no longer remains stuck at "submitting" while cancel states are visible only through query APIs. Fill detail push is available; order-terminal push after fills continues to be hardened in a later version.
  • Unchanged same-day historical orders are still not replayed, preventing one current-order event from mixing in a large set of historical orders.
  • Covered by focused order refresh worker tests, post single-cancel / cancel-all refresh diff-push tests, the historical-order no-replay source guard, formatting checks, and focused clippy. Single-cancel and cancel-all order-status push are confirmed on a real machine; fill-terminal order-status push still needs a later hardening fix and real-machine retest.

v1.4.115 · 2026-06-17 — 🟡 Financial / IPO calendars, long-run diagnostics, and static-data closeout

Users who need financial calendars, IPO calendar views, long-running daemon diagnostics, static-data warmup, Japan trade preflight, or cross-surface checks should review this version. The financial / IPO calendar work is a Rust read-only enhancement, not a C++ FTAPI parity claim.

  • Added financial-calendar, target-financial-calendar, and IPO-calendar endpoints across REST, MCP, and CLI. Financial calendars support markets, dates, publication sessions, explicit watchlist / position stock IDs, ranking, and --custom-filter TYPE[:MIN[:MAX]].
  • doctor --bundle, daemon-status, static-status, static-warmup, trade-check, and surface --gaps cover redacted diagnostics, auth refresh switches, credential expiry, static data, Japan trade preflight, and cross-surface exposure checks. Long-run client_sig refresh is explicit opt-in and remains off by default.
  • Securities-table data is checked before publishing into query caches. Older local databases that need a full rebuild are replaced from the server snapshot first, preventing stale local rows from keeping static-info or related-security queries stuck in a loading state.
  • After a successful foreground --setup-only, a normal daemon startup from the same HOME now uses the cached login credentials even when no login password is supplied, instead of incorrectly entering offline mode.
  • During first stock-list sync, related-security / static-info / warrant / plate / stock-filter / IPO queries return "market static data is loading" instead of truncated results; realtime snapshot / order book are unaffected. Related-warrant lookup also falls back to the local securities table, so cross-market related warrants no longer go missing after convergence.
  • Japan stock metadata warms on demand, and JP quote / trade permission errors now point users to the official app plus quote-rights / trade-check.
  • Order ACKs can emit the current order submitting push; account-wide order refresh no longer mixes in same-day historical orders; lock-back order rechecks no longer pollute F2 health counters.
  • snapshot no longer shows UNKNOWN.<code> prefixes for JP / SG / AU / MY / CA / FX securities in CLI / MCP output. REST raw market is unaffected.
  • After subscribe, high-frequency get_stock_quote / snapshot on securities with a price-spread table (e.g. HK.00700) no longer refresh that spread table on every request; the read path serves the cached spread table when present (matching official OpenD startup / periodic refresh semantics, with an empty-cache fallback), so post-subscribe quote p50 / p99 latency drops sharply.
  • Verification covers focused financial / IPO calendar tests, static sync self-healing, order submitting pushes, lock-back health counters, a real JP trade lifecycle, and package gates. Financial-calendar backend reads still need real-environment acceptance checks; client_sig refresh stays opt-in.

v1.4.114 · 2026-06-16 — 🟡 Japan stock trading, order push, and release-guard closeout

Users who rely on Japan stock trading, trade-write permission checks, order pushes, unlock-trade automation, REST cancel scripts, CA market place-order diagnostics, or custom release flows should review this version. It continues the v1.4.113 stability work by tightening cross-surface behavior, trade boundaries, and operations guardrails.

  • futucli unlock-trade and MCP futu_unlock_trade now use the same trade password source priority: CLI-only --from-stdin first, then FUTU_TRADE_PWD, account-scoped OS keychain, legacy keychain, and finally CLI prompt / MCP configuration error. Environment-provided passwords are trimmed to reduce copy-paste mistakes.
  • REST /api/cancel-order now accepts numeric order_id values supplied as JSON strings, while still supporting external-order-ID-only cancels and loud 400 responses for invalid string IDs.
  • CA market PlaceOrder failures with backend_code=100012 now explain that the account / security may not support API trading for that CA instrument, instead of reusing the modify/cancel timeout hint.
  • Japan stock max-trade-quantity queries now perform on-demand security-info warmup when local backend market metadata is missing. If the metadata still cannot be recovered, the request fails locally instead of sending an untrusted market shape that later appears as a missing response header.
  • Japan stock place-order requests from accounts without JP trading permission now fail loudly before the backend write, with a hint to enable JP trading permission and risk disclosure in the official app. They should no longer return a success-shaped response that cannot be queried later.
  • Order pushes no longer replay today's historical orders after an account-wide order-list refresh. Order-update pushes are synthesized only when the event carries explicit order IDs or the request can be mapped back to a target order.
  • Release and long-run diagnostics were tightened: MSRV / release-gate / source-layout / surface guards now include self-failing fixtures or source-path follow checks, and a long-run smoke harness can collect /api/ping plus /metrics evidence.
  • A batch of internal module-boundary work also landed. Public API behavior is unchanged, but future endpoint / route / tool / docs additions are easier to catch through guards.
  • Local and CI baselines cover 5449 workspace tests, workspace clippy, format, PII scanning, and focused regression tests. The final real-account behavior for JP max-qty, market-auth PlaceOrder, and order-push replay still requires external real-machine confirmation.

v1.4.113 · 2026-06-12 — 🟡 Stability, extended K-line cycles, and operations closeout

Users who rely on K-line subscription / pull paths, REST / MCP / CLI multi-entry workflows, trade read APIs, multi-broker accounts, or long-running daemons are encouraged to upgrade. This release closes quote, trade-read, cancel-order, and operations diagnostics work on top of the v1.4.112 auth hotfix baseline.

  • 10-minute, 120-minute, 180-minute, and 240-minute K-line cycles now work across subscription, pull, push, REST, CLI, and MCP. Subscription, pull, cache-key, and push-dispatch paths share the same period mapping, reducing stale data and period drift.
  • futucli trade commands accept more official enum numbers and common aliases. place-order / MCP place_order now expose pre-/post-market fields such as session, time-in-force, fill-outside-rth, and expire-time, with dynamic overnight whitelist handling aligned to OpenD-compatible behavior. Validated against a real account.
  • When session=ALL / OVERNIGHT place-order requests are rejected by the backend, REST / CLI / MCP responses provide clearer official-App risk-disclosure guidance and expose any openable official-App action supplied by the backend.
  • The broker reconnect watcher keeps running; trade reads now fail loudly or refresh when broker state is unavailable instead of presenting stale cache as fresh data; order-list / history-order reads preserve the expected unlock boundary.
  • REST now exposes semantic /api/cancel-order for single-order cancels, accepting friendly fields, external order IDs, and omitted low-level packet_id; the historical /api/modify-order cancel-compatible shape remains available.
  • REST cancel paths perform a bounded order refresh before returning after the backend accepts the request, reducing stale immediate order-status reads. Cancel ACKs no longer implicitly refresh position / sellable-quantity caches.
  • futucli unsub-acc-push <acc-id,...> now mirrors sub-acc-push, unsubscribes account order/deal pushes by account-id list, and no longer times out as it did in the previous pretest package.
  • Operations surfaces were tightened: --telnet-port remains as a deprecated alias for --management-port, the management port binds to 127.0.0.1 by default, and futucli doctor, push health, and Prometheus metrics retain long-running daemon diagnostics.
  • Verification covered workspace format / clippy / tests / PII scans, real-machine extended K-line and US order-read checks, three consecutive real-account REST cancel retests, CLI unsub-acc-push smoke, and focused all-session trading-hint checks.

v1.4.112 · 2026-06-10 — 🔴 Login ret15, quote subscription, and funds hotfixes

All v1.4.111 and earlier users are encouraged to upgrade, especially if you use fresh login in complex network environments, keep long-running order-book or quote subscriptions, or query USD funds for universal accounts. This release fixes external feedback around fresh-login ret_type=15, quote keep-sub replay, cold symbol subscription, and account-info USD queries.

  • Fixed fresh password-login TGTGT ticket time fields so the server no longer reads the expiry as an old timestamp and routes the login into ret_type=15. Device verification, SMS-code, and --reset-device hints are clearer.
  • Primary auth request shape is closer to official OpenD behavior: normal HTTP is used by default, with site-config / server-provided retry-IP paths selected only when available. /authority/ body order, ClientVersion, headers, and diagnostic fingerprint logs were tightened for cross-network comparisons.
  • Remember-login device verification no longer falls back into password auth and requests a second DVS branch. Pending DVS state is persisted, and password-auth DVS upsert replaces stale rand-key / TGTGT material, avoiding later cbc_md5_var decrypt errors after SMS verification succeeds.
  • Device names shown in the mobile app login-device management screen now include the Rust OpenD crate version and build marker, making test packages and release packages easier to distinguish.
  • Order-book / quote keep-sub replay was tightened. External long-run testing confirmed order-book subscriptions remained active for 21 minutes, with US pre-market order-book updates and HK main-future quote updates continuing.
  • Cold-cache security-info decoding now matches newer server fields, fixing cases where valid stock, main-future, crypto, or plate symbols could fail during first subscription with an unresolved-symbol error.
  • US overnight, HK futures night state, and SG / MY order-book backend bits were further aligned to reduce night-session timestamp and market-state drift.
  • Accounts without crypto quote rights no longer read stale CC.BTC snapshot data.
  • Universal-account USD funds queries now keep the base funds result when the fund / bond sidecar returns a business error after the base query has already succeeded. Ordinary US securities accounts remain on basic-funds-query only.
  • Backend disconnect cleanup now resolves pending request waiters instead of leaving stale long-running daemon state behind.

v1.4.111 · 2026-06-08 — 🔴 Futu API v10.6 / v10.7 endpoints and regression fixes

This release fixes the v1.4.110 login regression where a fresh device verification flow could fall into gateway offline mode, opens the first batch of Futu API v10.6.6608 quote / reference endpoints on top of the v1.4.110 stability baseline, and continues the Futu API v10.7.6708 option-combo, option-strategy, and new-market surface work. All users on v1.4.110 or earlier are encouraged to upgrade.

  • Added or exposed quote / reference capabilities for company profile, executives, executive background, operational efficiency, earnings price move, earnings price history, financial statements, revenue breakdown, analyst consensus, rating summary, and valuation plate stock lists.
  • Added or exposed option quote, multi-leg option quote, option strategy list, option strategy analysis, option strategy spread, combo max trade quantity, and a protected combo place-order entry point. Read-only option endpoints with C++ / Rust side-by-side evidence are exposed through the verified paths; real combo-order writes still require explicit confirmation and live-trade authorization.
  • Singapore, Malaysia, and Japan market routing, order-book depth, market state, IPO, position views, and related CLI / MCP displays were aligned with the newer OpenD surfaces.
  • Newly exposed endpoints are wired through shared REST / MCP / CLI / gRPC generic proto parameter, scope, and exposure contracts to reduce surface drift.
  • Fixed moomoo fresh-login device verification / TGTGT construction. TGTGT construction now follows the selected platform, avoiding the v1.4.110 failure mode where a moomoo fresh login could pass device verification but then fall into gateway offline mode because encrypted auth material could not be decrypted. Verification-code callbacks can now be read more than once when the login flow asks for the code again.
  • Added account rand_key length guards for cached credentials. Corrupt account credential caches now fall back to password login, and rand_key_new values that decrypt to an invalid length are not persisted, avoiding later gateway offline mode caused by decrypting auth material with the wrong key.
  • Fixed CAD funds queries across CLI, REST, and MCP when selecting accounts by account ID or card number.
  • REST /api/broker now uses the same shared quote connection as /api/subscribe and /api/sub-info, so a REST subscribe followed by a REST broker query no longer reports the symbol as unsubscribed.
  • Snapshot price_spread can self-heal from security metadata when old cache or local stock data is missing the field.
  • Crypto quote routing and display were tightened for paths such as CC.BTC, reducing empty snapshot / quote results and UNK.* display drift.
  • PlaceComboOrder now sends C++-shaped backend wire fields for combo order price and display-name omissions; the path remains a protected real-write entry point.
  • PlaceComboOrder and GetComboMaxTrdQtys now fetch missing HK / US option static info before local combo-leg resolution. Valid option codes no longer require a prior static / option-strategy-analysis warmup, and unresolved legs fail with the exact comboLegs index.
  • futucli direct connection to official C++ OpenD 10.7 is compatible again, including handshake and proto-json style side-by-side checks.
  • futucli --help no longer advertises an unusable pseudo help subcommand. Login ret_type=15 hints now point users toward device verification, SMS codes, --reset-device, and --setup-only instead of repeated password retries.
  • Pre-release packages now include the gRPC futu_service.proto example, and futucli, futu-opend, and futu-mcp --version output matches the v1.4.111 manifest.
  • Real combo-order submit / cancel comparisons still require explicit user authorization. risk-free-rate returns HK / US / JP rates through the Rust real-backend path; official C++ OpenD does not expose an equivalent public FTAPI proto, so it is not treated as a C++ public side-by-side case.

v1.4.110 · 2026-05-26 — 🔴 Architecture convergence and trade / quote reliability

All v1.4.109 users are encouraged to upgrade, especially if you use live trade writes, quote subscriptions / order books / market state, multiple public surfaces, long-running daemons, or automation scripts.

  • Trade write and read paths now validate backend responses more strictly. Place, modify, cancel, reconfirm, order / fill refresh, and history order / fill queries return clear errors when the backend response is missing required fields, has a mismatched status, or no longer matches the request.
  • Order ID, order IDEx, modify / cancel fields, simulated and crypto account response headers, max-trade-quantity, order fee, and margin-ratio paths were further aligned to reduce cases where an order placed successfully cannot be queried, modified, or cancelled consistently.
  • Quote subscriptions, quote, snapshot, order book, K-line, market state, and crypto LV2 paths now separate cache and push routing by broker / session / security key more consistently, improving mixed subscriptions, multi-broker routing, stale-cache behavior, and order-book depth handling.
  • quote-rights / user-info output is closer to the official OpenD GUI: user info, quota, and quote rights are shown as separate sections, with more complete Hong Kong, US, A-share, Singapore, Japan, crypto, futures, and options rights.
  • futucli quote-rights and futucli user-info now fail fast with structured errors when the gateway is not running, the port is wrong, or the gateway is unreachable. json / jsonl output is usable by agents, CI, and quantitative scripts without an external timeout wrapper.
  • Several REST / MCP / CLI / Gateway / gRPC endpoints now share a surface-spec contract for parameters, scopes, defaults, and exposure state, making unknown fields, invalid input, and unavailable endpoints fail more consistently.
  • used-quota, reconfirm-order, option-chain Greek filters, and several account / quote helpers are more consistent across public surfaces.
  • Gateway internals were split into clearer core / qot / trd boundaries. Cache, push, broker runtime, reconnect, and startup state are more centralized, and release / pre-push guardrails now include line-count, PII, Cargo.lock drift, and releasegate checks.
  • Futu API v10.6.6608 endpoints are not included in this release; they will be delivered separately in a later version.

v1.4.109 · 2026-05-16 — 🔴 Broker auth and live trade-write fixes

All v1.4.108 users are encouraged to upgrade, especially if you use live trade writes, FTAPI binary clients, multi-broker account login, or broker auth from networks where direct domain access is unreliable.

  • Fixed a live place-order issue where a new order could receive the result of an earlier order. Backend trade request IDs are now regenerated for each request instead of reusing a packet-derived string.
  • Native-protocol trade writes such as place, modify, and cancel no longer fail locally before reaching the backend because of an overly strict connection-ID replay check.
  • Broker auth now prefers the WebTCP short-connection path, server-provided address pools, and the fallback chain instead of approximating the flow with ordinary system DNS / HTTPS.
  • Fixed the rustls provider panic that could stop broker auth during startup.
  • Order IDs are handled more consistently across trade writes, order queries, fill queries, and push delivery, reducing cases where modify, cancel, or query cannot find the order returned by place-order.
  • Ended-order cancel attempts, stale backend order echoes, and successful responses missing required order identifiers now fail more clearly instead of looking like empty success.
  • Real-environment verification covered place, modify, cancel, and the matching trade pushes.

v1.4.108 · 2026-05-06 — 🔴 Quote subscription and account discovery fixes

All v1.4.107 users are encouraged to upgrade, especially if you use real-time quote subscriptions, Hong Kong futures main-link symbols, account listing, App-visible card numbers, or max-trade-quantity queries.

  • Fixed quote push decoding for newer server frames. Hong Kong futures main-link symbols and some real-time quote subscriptions no longer subscribe successfully but receive no data.
  • Main-link, current-month, and next-month futures aliases now route incoming quote pushes back to the symbol requested by the client, improving order book, quote, and ticker delivery.
  • Account discovery now defaults to an App-visible account view. It keeps enabled crypto and equity-incentive business accounts, while hiding internal futures-only simulated rows that the App does not show as standalone accounts.
  • CLI / MCP / REST expose a single user-facing card_num, and JSON acc_id values are serialized as strings to avoid precision loss in JSON and table tooling.
  • futucli account groups rows by broker and by real / simulated / disabled status. Market columns now show names instead of raw numeric market IDs.
  • GetMaxTrdQtys response projection was further aligned, including Option IM side requests and several market-specific response fields.
  • Malformed trade, quote, and system request bodies now return clear errors instead of empty success or no-response behavior.

v1.4.107 · 2026-05-04 — 🔴 Asset reads and trade calculation fixes

All v1.4.106 users are encouraged to upgrade, especially if you use funds, positions, cash logs, simulated accounts, universal accounts, or trade calculation endpoints.

  • Simulated-account funds, positions, orders, and fills now use simulated account paths instead of real-account query paths.
  • Funds and position refreshes are separated by account, currency, and asset category. Backend refresh failures and cold-cache in-flight requests now return clear errors instead of empty success.
  • Cash log, cash detail, business group, margin info, account flag, and bond endpoints derive backend account and market data from authenticated account state. Requests fail clearly when that state cannot be derived.
  • History orders, history fills, order refresh, fill refresh, order fee, margin ratio, and max-trade-quantity endpoints now validate market, security, and backend-route requirements more strictly.
  • MCP / CLI cash-log, cash-detail, account-flag, and bond output includes more user-visible backend fields, reducing differences between surfaces.

    Migration note for callers upgrading from versions before v1.4.99: Universal and futures accounts must now pass currency explicitly when calling /api/funds (integer: 1=HKD / 2=USD / 3=CNH / 4=JPY / 5=SGD / 6=AUD / 7=CAD / 8=MYR); omitting it returns a MissingCurrency error. This behavior shipped in v1.4.106; the older (≤ v1.4.99) "returns a value but with a misaligned currency tag" pattern was a now-fixed bug. Pass the currency integer to migrate. See REST API doc.

  • Unlock-trade cooldown now counts only trade-password errors. gRPC trade requests can carry idempotency-key metadata.

v1.4.106 · 2026-05-02 — 🔴 Funds queries and account isolation fixes

All v1.4.105 users are encouraged to upgrade, especially if you use funds queries, simulated accounts, universal accounts, futures accounts, or restricted API keys.

  • Fixed /api/funds currency validation: single-market and simulated accounts return their native currency, while universal and futures accounts still validate the requested currency strictly.
  • Funds snapshots are cached by account, asset category, and currency, so different query shapes no longer overwrite one another.
  • REST / MCP / CLI / SDK now describe cash consistently as summary cash in the response currency, not a sum across currency rows.
  • Trade-write endpoints no longer reveal whether another account exists through card_num suffix resolution when account whitelists are enabled.
  • futucli funds --market is now optional; if the requested and returned currencies differ, the CLI prints a stderr warning.

v1.4.105 · 2026-04-30 — 🔴 Order reliability, funds currency, and push filtering

All v1.4.104 users are encouraged to upgrade.

  • Place-order now waits for trading confirmation before exposing the order, with short-window duplicate-submit protection.
  • /api/funds returns a structured InvalidCurrency error when the requested currency is not supported by the account.
  • Multi-market universal account detection is more robust when cached account metadata drifts.
  • /api/static-info rejects explicit empty lists instead of triggering broad server queries.
  • REST WebSocket, native TCP, gRPC, and MCP trade pushes now use the same account and market whitelist filtering.
  • Client-visible unlock-trade, gRPC permission, and funds-currency errors are redacted.