Enterprise-Grade Cloud Trading Platform with Institutional Risk Controls
- About the Project
- Key Features
- Architecture
- Technology Stack
- Getting Started
- Project Structure
- Trading Engine Pipeline
- Security & Compliance
- API Documentation
- Contributing
- License
AEGIS (Advanced Electronic Global Investment System) is a modern, cloud-native trading platform designed with institutional-grade risk controls and regulatory compliance at its core. Built on event-driven microservices architecture, AEGIS provides real-time order processing, immutable audit trails, and comprehensive risk management.
The platform was developed to address critical gaps in retail and institutional trading systems:
-
Regulatory Compliance First: Built-in compliance checks ensure all trades adhere to regulatory requirements before execution (KYC, sanctions screening, trading windows, position limits).
-
Multi-Layer Risk Management: Sophisticated risk engine prevents catastrophic losses through real-time balance verification, exposure limits, concentration risks, and rate limiting.
-
Immutable Audit Trail: Every transaction is recorded in an immutable hashchain ledger, providing cryptographic proof of trade integrity for audits and regulatory reporting.
-
Real-Time Processing: Event-driven architecture powered by Kafka enables microsecond-latency trade processing and real-time risk assessments.
-
Institutional Controls: Implements controls typically found in institutional trading systems: pre-trade risk checks, compliance reviews, order size limits, and execution price validation.
- Proprietary Trading Firms: Real-time risk controls and P&L tracking
- Wealth Management Platforms: Client order management with compliance oversight
- Broker-Dealers: Multi-client trading with regulatory reporting
- FinTech Startups: Production-ready trading infrastructure
- Educational Institutions: Teaching platform for trading systems architecture
Every order passes through three independent validation engines in sequence:
-
Compliance Engine π‘οΈ
- Symbol whitelist enforcement (10 approved instruments)
- User sanctions screening (OFAC, EU sanctions lists)
- Trading window restrictions (maintenance windows, market hours)
- Crypto position limits (BTC: 10 max, ETH: 100 max)
- Large order flagging for manual review
-
Risk Engine βοΈ
- Real-time balance verification
- Position size limits (BTC: 5 max per order)
- Notional value limits ($250k per order)
- Daily trading limits ($1M per day)
- Exposure limits ($500k total open positions)
- Rate limiting (10 orders per minute)
- Slippage tolerance checks (0.5% max)
-
Execution Engine π―
- Market impact modeling (spread + slippage)
- Realistic price execution simulation
- Trade confirmation and settlement
- Balance debit/credit accounting
- Immutable ledger recording
- Multi-Asset Support: Equities (AAPL, MSFT, GOOGL, etc.) and Cryptocurrencies (BTC, ETH)
- Real-Time Market Data: Live price feeds for all instruments
- Order Management: Full order lifecycle (PENDING β ACCEPTED β EXECUTED/REJECTED)
- Balance Management: Real-time balance tracking with available/reserved funds
- Transaction History: Complete audit trail with CSV/PDF export
- Immutable Ledger: Cryptographic hashchain for trade verification
- JWT Authentication: Secure token-based authentication
- Role-Based Access Control: User permissions and access levels
- Audit Logging: Structured logging for all system events
- Data Encryption: Secure communication between services
- Immutable Records: Hashchain-based ledger prevents tampering
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Frontend (Next.js) β
β http://localhost:3000 β
ββββββββββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββ
β REST API
β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β API Gateway (FastAPI) β
β http://localhost:8000 β
ββββββββββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββ
β Kafka Events
β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Order Processor (Worker) β
β β
β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ β
β β Compliance β -> β Risk β -> β Execution β β
β β Engine β β Engine β β Engine β β
β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ β
β β β β
β β β β
β βββββββββββββββ βββββββββββββββ β
β β Balance β β Ledger β β
β β Update β β (Hashchain)β β
β βββββββββββββββ βββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
β
ββββββββββββββββ¬βββββββββββββββ¬βββββββββββββββ¬βββββββββββββββ
β PostgreSQL β Redis β Redpanda β Adminer β
β (Data) β (Cache) β (Kafka) β (UI) β
β :5432 β :6379 β :9092 β :8081 β
ββββββββββββββββ΄βββββββββββββββ΄βββββββββββββββ΄βββββββββββββββ
1. User places order β 2. API validates & publishes to Kafka
β
3. Worker consumes event β 4. Compliance Engine validates
β
5. Risk Engine checks limits β 6. Execution Engine processes
β
7. Update balances β 8. Write to ledger β 9. Notify user
- Next.js 14 - React framework with server-side rendering
- TypeScript - Type-safe development
- Tailwind CSS - Modern, responsive design
- jsPDF - PDF export functionality
- FastAPI - High-performance Python web framework
- Python 3.12 - Latest Python features and performance
- Pydantic - Data validation using Python type annotations
- psycopg3 - PostgreSQL database adapter
- PostgreSQL 17 - Primary database for orders, users, balances
- Redis 7 - Caching and rate limiting
- Redpanda - Kafka-compatible event streaming (simpler than Kafka)
- Docker Compose - Container orchestration
- Adminer - Database management UI
- Structured Logging - JSON-based logging for observability
- Hot Reload - Fast development iteration
- Docker Desktop (or Docker Engine + Docker Compose)
- Git
- Ports Available: 3000, 8000, 8081, 5432, 6379, 9092
-
Clone the repository
git clone https://github.com/yourusername/aegis-cloud-trading-platform.git cd aegis-cloud-trading-platform -
Start all services
docker-compose up -d
-
Wait for services to be healthy (~30 seconds)
docker-compose ps
-
Access the platform
- Trading UI: http://localhost:3000
- API Docs: http://localhost:8000/docs
- Database UI: http://localhost:8081 (PostgreSQL: app/app)
-
Create an account
- Navigate to http://localhost:3000/register
- Register a new user
- Initial balance: $100,000 USD
# View logs from all services
docker-compose logs -f
# View logs from specific service
docker-compose logs -f back-worker
# Rebuild after code changes
docker-compose build
docker-compose up -d
# Stop all services
docker-compose down
# Stop and remove all data
docker-compose down -v
# Execute commands in containers
docker exec -it aegis-cloud-trading-platform-postgres-1 psql -U app -d tradingaegis-cloud-trading-platform/
βββ back/ # Backend services
β βββ app/
β β βββ api/ # REST API endpoints
β β β βββ routes/
β β β βββ auth.py # Authentication (register, login)
β β β βββ orders.py # Order management
β β β βββ symbols.py # Market data
β β β βββ balance.py # Account balances
β β β βββ ledger.py # Transaction history
β β βββ engines/ # Trading engines
β β β βββ compliance.py # Regulatory validation
β β β βββ risk.py # Risk management
β β β βββ execution.py # Trade execution
β β βββ workers/ # Kafka consumers
β β β βββ processor.py # Main order processor
β β βββ core/ # Core utilities
β β β βββ config.py # Configuration
β β β βββ security.py # JWT authentication
β β β βββ logging.py # Structured logging
β β βββ domain/ # Domain models
β β β βββ models.py # Pydantic models
β β βββ infra/ # Infrastructure
β β β βββ db/ # Database
β β β β βββ init.sql # Schema & seed data
β β β β βββ session.py # Connection pool
β β β βββ broker/ # Kafka
β β β β βββ producer.py # Event publishing
β β β β βββ consumer.py # Event consumption
β β β βββ redis/ # Cache
β β β βββ client.py # Redis operations
β β βββ utils/ # Utilities
β β β βββ hashchain.py # Ledger hashing
β β βββ main.py # FastAPI application
β βββ Dockerfile # Backend container
β βββ requirements.txt # Python dependencies
βββ front/ # Frontend application
β βββ src/
β β βββ app/ # Next.js pages
β β β βββ login/ # Login page
β β β βββ register/ # Registration page
β β β βββ dashboard/ # Portfolio overview
β β β βββ market/ # Market data & trading
β β β βββ orders/ # Order management
β β β βββ ledger/ # Transaction history
β β β βββ layout.tsx # Root layout
β β β βββ page.tsx # Landing page
β β β βββ globals.css # Global styles
β β βββ lib/
β β βββ api.ts # API client
β βββ public/
β β βββ brand/ # Logo and branding
β βββ Dockerfile # Frontend container
β βββ package.json # Node dependencies
β βββ next.config.js # Next.js config
β βββ tsconfig.json # TypeScript config
βββ docker-compose.yml # Service orchestration
βββ start.sh # Start script
βββ stop.sh # Stop script
βββ rebuild.sh # Rebuild script
βββ README.md # This file
# 1. API receives order
POST /orders {
"symbol": "BTC",
"side": "BUY",
"quantity": 2.5
}
# 2. Publish to Kafka
kafka.publish('orders', order_event)
# 3. Worker consumes event
worker.process_order(order_event)
# 4. Compliance Engine
β Symbol in whitelist (BTC β)
β User not sanctioned
β Within trading window
β Quantity β€ 10 BTC (2.5 β)
β STATUS: ACCEPTED
# 5. Risk Engine
β Balance sufficient ($250k available, needs $212k)
β Order size β€ 5 BTC (2.5 β)
β Notional β€ $250k ($212k β)
β Daily limit β€ $1M ($212k β)
β Exposure β€ $500k ($212k + $0 existing β)
β Rate limit β€ 10/min (1 β)
β Slippage β€ 0.5% (0.025% β)
β STATUS: ACCEPTED
# 6. Execution Engine
Market Price: $85,000.00
Spread (0.02%): +$17.00
Slippage (0.0251%): +$21.34
Execution Price: $85,038.34
Total Cost: $212,595.85
β STATUS: EXECUTED
# 7. Balance Update
Before: $250,000.00
After: $37,404.15
Reserved: $0.00
# 8. Ledger Entry
{
"trade_id": "uuid",
"order_id": "uuid",
"symbol": "BTC",
"quantity": 2.5,
"exec_price": 85038.34,
"spread_pct": 0.02,
"slippage_pct": 0.0251,
"prev_hash": "abc123...",
"current_hash": "def456..."
}# Insufficient Balance
Risk Engine β REJECTED
Reason: "Insufficient balance: available $10,000, required $212,596"
# Quantity Limit Exceeded
Risk Engine β REJECTED
Reason: "Quantity 6.0 exceeds limit 5.0 for BTC"
# Sanctioned User
Compliance Engine β REJECTED
Reason: "User on sanctions list"
# Symbol Not Allowed
Compliance Engine β REJECTED
Reason: "Trading symbol 'DOGE' is not allowed"
# Trading Window Closed
Compliance Engine β REJECTED
Reason: "Trading is disabled during maintenance (00:00-02:00 UTC)"
# Large Order Review
Compliance Engine β PENDING_REVIEW (Risk passed)
Reason: "Large BTC order (7.5 units) requires compliance review (threshold: 3.0)"| Check | Description | Example Limit |
|---|---|---|
| Symbol Whitelist | Only approved instruments can be traded | 10 symbols (BTC, ETH, AAPL, etc.) |
| Sanctions Screening | Block sanctioned entities | OFAC, EU lists |
| Trading Windows | Restrict trading during maintenance | 00:00-02:00 UTC blocked |
| Position Limits | Maximum position size per asset | BTC: 10, ETH: 100 |
| Review Thresholds | Flag large orders for manual review | BTC > 3, ETH > 20 |
| Control | Purpose | Limit |
|---|---|---|
| Balance Check | Prevent overdrafts | Available balance |
| Order Size | Limit single order risk | BTC: 5 per order |
| Notional Limit | Cap order value | $250k per order |
| Daily Limit | Prevent excessive trading | $1M per day |
| Exposure Limit | Total open position risk | $500k total |
| Rate Limiting | Prevent order spam | 10 orders/minute |
| Slippage Tolerance | Execution price protection | 0.5% max |
- JWT Tokens: Secure, stateless authentication
- Password Hashing: bcrypt with salt
- Token Expiration: Configurable expiry
- Protected Routes: All trading endpoints require authentication
# Register
POST /auth/register
{
"name": "John Doe",
"username": "johndoe",
"password": "securepassword123"
}
# Login
POST /auth/login
{
"username": "johndoe",
"password": "securepassword123"
}
β Returns: { "access_token": "eyJ...", "token_type": "bearer" }# Place Order
POST /orders
Authorization: Bearer <token>
{
"symbol": "BTC",
"side": "BUY",
"quantity": 1.5
}
# Get Orders
GET /orders
Authorization: Bearer <token>
# Get Order Details
GET /orders/{order_id}
Authorization: Bearer <token># Get All Symbols
GET /symbols
# Get Symbol Price
GET /symbols/{symbol}# Get Balance
GET /balance
Authorization: Bearer <token>
# Get Transaction History
GET /balance/transactions
Authorization: Bearer <token>Interactive API docs available at: http://localhost:8000/docs
# Test order placement
curl -X POST http://localhost:8000/orders \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json" \
-d '{"symbol": "BTC", "side": "BUY", "quantity": 1.0}'
# Check order status
curl http://localhost:8000/orders/<order_id> \
-H "Authorization: Bearer <token>"
# View balance
curl http://localhost:8000/balance \
-H "Authorization: Bearer <token>"- Normal Order: 1 BTC at market price
- Large Order: 8 BTC (triggers compliance review)
- Excessive Order: 15 BTC (rejected - exceeds max limit)
- Insufficient Funds: Order exceeding available balance
- Invalid Symbol: Try to trade "DOGE" (not whitelisted)
- Rate Limiting: Place 15 orders in 1 minute
Contributions are welcome! Please feel free to submit a Pull Request.
- Fork the project
- Create your feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some AmazingFeature') - Push to the branch (
git push origin feature/AmazingFeature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
- Inspired by institutional trading systems
- Built with modern cloud-native practices
- Designed for educational and commercial use
Project Maintainer: Olivier Dubo
For questions, suggestions, or support, please open an issue on GitHub.
AEGIS - Enterprise Trading Infrastructure
Built with β€οΈ using FastAPI, Next.js, and Docker