Project Introduction: Building ZephyrApex - AI Trading Bot in Public

Why Build ZephyrApex?

After 20+ years in tech, I've seen firsthand how complex systems fail in production. Trading bots are particularly unforgiving - a single bug can wipe out an account faster than you can say "stop loss." Yet the space is ripe for innovation. Most retail traders lose money, institutional algorithms dominate, and AI has barely scratched the surface of market analysis.

ZephyrApex is my attempt to bridge this gap: a production-ready algorithmic trading system that combines traditional technical analysis (EMA + RSI strategies) with AI-powered market insights. The goal isn't just to build another trading bot - it's to demonstrate how modern software engineering practices can create reliable, scalable financial systems.

Requirements Development with Claude Haiku

I started with rough requirements: "Build an AI-augmented trading bot using EMA+RSI strategies." (Much more than this of course) But requirements are never that simple. I collaborated with Claude Haiku to refine these into concrete specifications. Together, we explored:

• Risk management (3-5% per trade initially, scaling to 1-2% as account grows, 10% max drawdown)
• Technology stack choices (Python/FastAPI backend, Next.js frontend)
• Production deployment considerations ( Hetzner VPS, Cloudflare)
• Community engagement strategy (regular blogging, X posts)
• Security and compliance requirements

This iterative process transformed paper napkin ideas into a comprehensive technical specification. Claude helped me think through edge cases I hadn't considered.

Implementation with Grok Code Fast 1

With requirements locked, I turned to Grok Code Fast 1 for implementation. This isn't just about writing code - it's about building a system that can handle real money with minimal human intervention. Grok helped me:

• Set up the monorepo structure with Turborepo and pnpm
• Configure Docker Compose for local development (MySQL, Redis, FastAPI)
• Build the initial FastAPI backend with health endpoints
• Create the marketing website with Tailwind CSS
• Establish CI/CD pipelines and deployment configurations

The "build in public" approach means every decision, every line of code, and every challenge is documented. This transparency serves dual purposes: it holds me accountable for quality, and it provides a real-world case study for other engineers building complex systems.

Core Technology Decisions

Backend Stack

• Framework: FastAPI 0.127+ (async-first, auto-docs, production-proven)
• Python: Python 3.12 (async performance, type hints, match statements)
• ORM: SQLAlchemy 2.0 Async (mature, async-friendly, strong typing)
• Database: MySQL 8.4 (familiar, sufficient for swing trading)
• Cache/Pub-Sub: Redis 7 Alpine (SSE for real-time updates)
• AI Integration: DeepSeek API ($0.028-0.42/1M tokens, cache-aware pricing)
• IBKR Connection: ib_insync (async wrapper, well-maintained)

Frontend Architecture

• Admin Console: Next.js 15 (App Router, SSR, real-time SSE)
• Marketing Site: Flat HTML + Tailwind CSS (fast, no build complexity)
• Styling: Tailwind CSS 4 + shadcn/ui (lightweight, composable)
• Charts: ApexCharts (real-time support, heatmaps)
• State: Zustand + TanStack Query (SSE data sync)
• Auth: NextAuth.js 5 (free, self-hosted, sessions)

DevOps & Infrastructure

• Local Dev: Docker Compose (production parity, single command)
• Hosting: Hetzner VPS 4vCPU/8GB (~€15/mo)
• Website: Cloudflare Pages (free CDN, auto-HTTPS)
• Secrets: Doppler (free tier, zero-downtime rotation)
• CI/CD: GitHub Actions (native, generous free tier)
• Monitoring: SigNoz (self-hosted, traces + metrics + logs)
• Errors: Sentry (free 5K events/month)

Architecture Principles

Safety First

• Risk Limits: 3-5% per trade initially (scaling to 1-2% as account grows), 10% max drawdown (DB-enforced)
• State Machine: MySQL user-level locks prevent race conditions
• Order Recovery: Write-ahead log + idempotency keys
• Database Integrity: Single source-of-truth account table
• Audit Trail: Immutable log table (entity, action, old/new values)

Production Readiness

• Real-Time Dashboard: Server-Sent Events (5-sec equity updates)
• Backtesting: VectorBT Pro (realistic slippage modeling)
• Load Testing: k6 (50 concurrent users, p95 <500ms)
• Chaos Testing: 6 failure scenarios (IBKR loss, DB timeout, etc.)
• Canary Deployment: 5%→10%→25%→50%→100% over 5 weeks

Security & Compliance

• Credential Encryption: Fernet envelope encryption
• API Signing: HMAC-SHA256 (5-min replay window)
• Rate Limiting: 100 trades/min per IP
• Log Sanitization: Masks sensitive fields in JSON output
• Secrets Rotation: 90-day cycle via Doppler

Community & Transparency

This project embraces "build in public" as a core principle. Every decision is documented, every challenge shared, every line of code version-controlled. The community engagement strategy includes:

• Regular Blog Posts: Code snippets, architecture decisions, progress updates
• X Posts: 250-character highlights linking to full articles
• Decision Log: Single source-of-truth for all technical choices
• Implementation Guides: Detailed checklists and phase breakdowns
• Code Transparency: Meaningful code snippets and architecture insights shared publicly

This approach serves multiple purposes: it builds credibility through accountability, creates educational content for other developers, and establishes a track record of execution that attracts potential users or collaborators.

Trading Strategy & Risk Management

The core strategy combines traditional technical analysis with AI insights:

• Entry Signals: EMA crossover + RSI confirmation
• AI Enhancement: DeepSeek analysis of market sentiment
• Risk Controls: Position sizing, stop losses, max drawdown limits
• Backtesting: 2-year train, 1-year test (out-of-sample validation)
• Edge Validation: Monte Carlo analysis, Sharpe ratio ≥1.0

Starting with $120 account balance (swing trading, avoids PDT rules), the system will validate the edge through rigorous testing before any live deployment. Risk sizing starts at 3-5% per trade to generate meaningful position sizes while maintaining safety, then scales down to 1-2% as the account grows and confidence increases.

Development Roadmap

Phase 0: Foundation (Current)

• ✅ Monorepo setup with Turborepo + pnpm
• ✅ Docker Compose environment ( MySQL, Redis, FastAPI)
• ✅ Marketing website with blog infrastructure
• 🔄 Database schema design with constraints
• 🔄 State machine implementation

Phase 1: Core Trading Engine

• IBKR integration and order management
• AI-powered signal generation
• Real-time dashboard with SSE
• Comprehensive backtesting suite
• Paper trading validation (90+ days)

Phase 2: Production Deployment

• Canary deployment to live trading
• Monitoring and alerting setup
• Performance optimization
• Security hardening

Why This Matters

Building reliable trading systems requires the same engineering rigor as any mission-critical application. The financial markets don't forgive bugs, latency, or security vulnerabilities. By documenting every decision and sharing the implementation process, ZephyrApex demonstrates how modern software practices can be applied to algorithmic trading.

Whether you're a developer interested in fintech, a trader curious about AI integration, or an engineer building complex systems, this project provides a real-world case study of:

• Requirements refinement with AI assistance
• Technology stack selection for financial systems
• Risk management and safety controls
• Production deployment and monitoring
• Community building through transparency

---

Follow the development journey on @therealkamba on X. View all posts →