MT5 Web Terminal Command Coverage ================================= This page tracks command IDs seen in the MT5 Web Terminal frontend chunk ``analysis/D8ROuLSQ.js`` (captured on 2026-03-12) and compares them with the public ``pymt5`` API as of 2026-03-16. The live site was re-checked on 2026-03-16. The current official terminal entry page reports build ``5687``, built on 2026-03-15, and still loads the same API chunk name (``D8ROuLSQ.js``) with the same direct ``sendCommand(...)`` call set. Observed Frontend Request Commands ---------------------------------- The current frontend snapshot contains direct ``sendCommand(...)`` call sites for: - ``0`` bootstrap - ``2`` logout - ``3`` get account - ``4`` get positions and orders - ``5`` get trade history - ``6`` get symbols - ``7`` subscribe ticks - ``9`` get symbol groups - ``11`` get rates - ``12`` trade request - ``18`` get full symbol info - ``20`` get spreads - ``22`` subscribe book - ``24`` change password - ``27`` verify codes / verification flow - ``28`` login - ``29`` init - ``30`` open demo account - ``34`` get symbols (gzip) - ``39`` open real account - ``40`` send verification codes - ``41`` trader params - ``42`` notify - ``43`` OTP setup / connect OTP - ``44`` get corporate links - ``51`` ping Observed frontend event handlers include ``8``, ``10``, ``13``, ``14``, ``15``, ``17``, ``19``, and ``23`` for tick, trade, symbol, account, login, symbol-detail, trade-result, and book pushes. Implemented In pymt5 -------------------- ``pymt5`` now covers the visible frontend command surface: - Session/auth: ``0``, ``2``, ``24``, ``27``, ``28``, ``29``, ``30``, ``39``, ``40``, ``41``, ``42``, ``43``, ``51`` - Account/trading data: ``3``, ``4``, ``5``, ``12`` - Market data: ``6``, ``7``, ``9``, ``11``, ``18``, ``20``, ``22``, ``34``, ``44`` - Push handlers: ``8``, ``10``, ``13``, ``14``, ``15``, ``17``, ``19``, ``23`` Command Meanings ---------------- - ``cmd=27`` account-opening verification request: the current frontend sends ``int16 build + cid + base opening payload``. ``pymt5`` exposes this as ``request_opening_verification()`` and parses the two-byte response into ``VerificationStatus(email, phone)``. - ``cmd=30`` demo account opening: the current frontend sends the full registration payload, not the older init-like payload. ``pymt5`` now mirrors that via ``open_demo_account()``. The legacy ``open_demo()`` wrapper remains for compatibility. - ``cmd=39`` real account opening: this extends the demo payload with identity/KYC fields, a ``propType=9`` birth date, and zero or more uploaded documents. ``pymt5`` implements this as ``open_real_account()``. - ``cmd=40`` verification code submission: this re-sends the base opening payload with populated email/phone code fields. ``pymt5`` exposes it as ``submit_opening_verification()`` and parses the same two-flag response shape as cmd=27. - ``cmd=43`` OTP setup: the frontend uses one payload shape for both enabling and disabling TOTP. ``pymt5`` maps this to ``enable_otp()`` and ``disable_otp()``. Response Shapes Confirmed From Frontend Usage --------------------------------------------- - ``cmd=27`` and ``cmd=40`` return two ``u8`` flags. Inference: the flags represent email and phone verification state, because the frontend uses them to decide which confirmation fields to show and whether the submitted codes were accepted. - ``cmd=30`` and ``cmd=39`` return ``[code, login, password, investor_password]``. This is confirmed by the frontend controller, which treats the first field as an error code and stores the remaining three values as new-account credentials. Unknown Or Reserved IDs ----------------------- The frontend transport allowlist also accepts these IDs: ``21``, ``25``, ``33``, ``37``, ``50``, ``52``, ``100``, ``101``, ``102``, ``103``, ``104``, ``105``, ``106``, ``107``, ``108``, ``109``, ``110``, ``111``, ``112``. No direct ``sendCommand(...)`` call sites were found for them in the current frontend snapshot or in the live 2026-03-16 bundle. Live Probe Results ------------------ Minimal live probing against ``web.metatrader.app`` on 2026-03-16 produced these repeatable results: - ``21``, ``25``, ``33``, ``37``, ``50``, ``100``-``112``: accepted by the transport, but an empty payload produced no response before the client timeout, both before and after login. Inference: these commands likely require specialized payloads or are disabled on the MetaQuotes-Demo server. - ``52``: returns ``code=0`` with an empty body only on a fresh bootstrap-only socket. After ``cmd=29`` or ``cmd=28``, the same command causes the server to drop the connection without a close frame. ``pymt5`` exposes this exact behavior as the experimental helper ``send_bootstrap_command_52()``. These IDs should still be treated as reserved or unidentified until a newer bundle, an older historical bundle, or a broker-specific capture reveals their payload schemas and business meaning. - [ ] Re-scan future Web Terminal bundles and map the unresolved IDs before adding named business APIs for them.