AI-native quantitative trading platform — research, backtest, execute, manage risk, and collaborate with controlled agents, all from one operator console.
QuantPilot is a platform skeleton and operating surface for controlled quantitative trading workflows, not a production unattended trading bot.
| Domain | What It Does |
|---|---|
| Research & Strategy | Strategy catalog, event-driven backtest engine (Sharpe, max drawdown, win-rate), evaluation, comparison, and governance |
| Execution | Plan → approve → submit → reconcile → recover lifecycle, broker-event ingestion, queue-based operations console |
| Risk | Live VaR/CVaR/Beta/HHI analytics, approval boundaries, policy actions, risk-parameter tuning panel |
| Agent Collaboration | Session → intent → plan → analysis → action handoff pipeline, daily-run loops (pre-market / intraday / post-market), ask-first queue |
| Real-Time Push | SSE state stream with exponential-backoff reconnect; polling drops to 15 s fallback |
| Auth & Security | JWT (HS256, 8h), AES-256-GCM broker key encryption at rest, workspace-aware RBAC |
| Operations | Monitoring, incidents, audit trail, backup/restore, integrity checks, SQLite WAL persistence |
| Charts | lightweight-charts v5 — equity curve, candlestick, signal bar |
| UX | Cmd+K command palette, approval drawer, toast notifications |
- Node.js >=20.5.0
- npm >= 10
npm install
# Start all three processes (separate terminals)
npm run dev # Web console → http://localhost:8080
npm run gateway # API gateway → http://localhost:8787
npm run worker # Background workerCopy .env.example to .env and configure providers. Validate with:
npm run check:runtime-env -- --env-file .env| Variable | Purpose |
|---|---|
JWT_SECRET |
HS256 signing key (min 32 chars) |
BROKER_KEY_ENCRYPTION_KEY |
64-char hex for AES-256-GCM |
DEMO_USERNAME / DEMO_PASSWORD |
Login credentials (admin / changeme) |
# Development
npm run dev # Vite dev server (HMR)
npm run gateway # API gateway
npm run worker # Background worker
# Testing
npm run test:web # Vitest (frontend)
npm run test:api # node --test (API)
npm run test:engine # Workflow engine
npm run test:runtime # Runtime
npm run test:control-plane # Store layer
npm run test:worker # Worker
# Validation
npm run typecheck # tsc --noEmit
npm run build # Production build
npm run verify # Full pipeline (lint + tests + typecheck + build)A pre-push git hook runs verify automatically.
| Layer | Choice |
|---|---|
| Language | TypeScript 5 (TS-only first-party source) |
| Frontend | React 18 + react-router-dom 6 |
| Build | Vite 5 + vanilla-extract |
| Backend | Node.js ESM + tsx |
| Test | Vitest + node --test |
| Package Mgr | npm workspaces |
quantpilot/
├── apps/
│ ├── web/ React 18 SPA (Vite, VE styles)
│ ├── api/ Node.js API gateway (ESM + tsx)
│ └── worker/ Background task runner
├── packages/
│ ├── trading-engine Strategy, backtest, risk
│ ├── task-workflow-engine Workflow orchestration
│ ├── control-plane-runtime Runtime context & fanout
│ ├── control-plane-store Persistence (file / SQLite)
│ ├── llm-provider Provider-agnostic LLM
│ ├── shared-types Cross-package contracts
│ ├── ui Shared UI components
│ └── db SQLite adapter + Drizzle
├── docs/ Architecture, ops, deployment
├── scripts/ Tooling & CI helpers
└── CONTRIBUTING.md
| Document | Purpose |
|---|---|
| Contributing Guide | Dev workflow, PR rules |
| Operations Handbook | Backup, restore, incidents |
| Deployment Guide | Build, env, deploy checklist |
| Project Structure | Detailed module map |
Stage 1-7 completed. Platform skeleton is fully functional with research, backtest, execution, risk, and agent collaboration modules.
- Broker integration: Alpaca, Interactive Brokers API connectors
- Agent governance: Fine-grained permission control, risk policy configuration
- Monitoring & alerts: Real-time risk metrics, anomaly detection, notifications
- Documentation: API docs, user manual, contribution guide
- Multi-strategy multi-account: Strategy portfolio management, account isolation
- Institutional-grade risk: Stress testing, scenario analysis, compliance reports
- Open-source ecosystem: Plugin architecture, third-party strategy marketplace
- Cloud-native deployment: Docker, Kubernetes, multi-tenancy
- Browser never holds real broker credentials
- Remote order placement goes through the server gateway only
- Agents cannot place real trades directly
- Risk and approval controls cannot be bypassed
- This is not a production unattended live-trading deployment