Skip to content
CiAConsultancy in ActionAI Operations for Real Businesses

Case study · 2026

PaperTrade

A secure, full-stack trading simulator — mobile, web and desktop — with a bot API for AI agents, built AI-accelerated and verified end to end for $0 to run.

A secure paper-trading simulator & AI-bot strategy lab

Industry
Capability build · Financial services
Engagement
Honest reframe → schema → hardened engine → multi-platform app
Result
A secure, full-stack trading simulator — mobile, web and desktop — with a bot API for AI agents, built AI-accelerated and verified end to end for $0 to run.

The challenge

The brief described a real stock-trading app — real money, exchange routing, KYC/AML, broker-dealer licensing and paid market-data feeds. That is a regulated business, not a weekend build: six figures, months of compliance, and impossible to stand up on free tooling. The easy move is to quietly scope it down without saying so — or take the money and hit the wall later.

We did the honest thing first: separate what's buildable from what's regulated. A paper-trading simulator — virtual cash, simulated fills against real (delayed) quotes, live P&L — needs none of the regulated machinery and teaches the same product. That moved the real engineering to where it belongs: a money engine that stays correct under concurrency, can't be tampered with from the client, and survives an AI agent hammering it in a loop.

And it had to cost nothing to run. Free-tier quotas are small and unforgiving — a careless architecture burns through them in hours once bots are trading. The honest test was whether we could ship a real, secure, multi-platform product on $0 infrastructure without trading away correctness or governance to get there.

What we built

One Expo + React Native codebase targets iOS, Android and web, and we wrapped the same build as a native desktop app with Electron. The backend is Supabase — Postgres, Auth, Edge Functions and cron — with the trading engine living inside the database as SECURITY DEFINER functions, so every fill is atomic and server-authoritative.

Security is structural, not bolted on. The engine tables are read-only to users (row-level security plus explicit grant revokes); every mutation flows through an Edge Function running as the trusted service role, which calls the engine function. The ledger is append-only; orders are idempotent so a retried or duplicated request can never double-fill; daily limits are enforced atomically under a row lock; and a kill switch halts a runaway account at fill time, not just at submit. A bot API with per-account tokens and risk limits turns the whole thing into a safe sandbox for AI trading agents.

The architecture is what keeps it free: reads hit a price cache directly with zero function invocations, writes go through Edge Functions, and a single scheduled job owns every market-data call. We built it AI-accelerated with multi-agent workflows, then ran an adversarial review pass that caught real bugs — a missing service-role grant and two token-scope holes — which we fixed and re-verified before sign-off.

The outcome

What exists is a complete, working product across four surfaces from one codebase: sign-up and auth, live-ish market data, candlestick charts, a full order ticket (market and limit), a portfolio with live unrealised P&L, order history, watchlists, multiple accounts, per-account risk limits and a kill switch — plus the desktop app. It's verified end to end: the app type-checks clean, all ten Edge Functions pass Deno checks, the 32-assertion pgTAP suite passes on a live Supabase stack, and an HTTP integration test proves the full path from auth through the Edge Function and database function to the ledger.

Commissioned cold, a secure full-stack trading product like this — a hardened money engine, a bot API and a desktop build — is a £90k–£140k agency engagement over three to five months. We designed and built ours AI-accelerated in a fraction of that, and it runs at $0 on free infrastructure.

That's the proof point. PaperTrade shows CIA ships governed, financial-grade product fast: correct under concurrency, tamper-resistant by design, safe for autonomous agents and cost-disciplined to zero. When we build for your business, this is the standard — and the speed — you can expect.

The honest move was to separate what's buildable from what's regulated — then over-engineer the part that matters. The money engine is server-authoritative, append-only and idempotent: a bot can hammer it in a loop and it stays correct.

See it in action

The working build, captured screen by screen.

Home — portfolio value, cash and today's P&L at a glance

Home — portfolio value, cash and today's P&L at a glance

Symbol detail — live quote, candlestick chart and one-tap trade

Symbol detail — live quote, candlestick chart and one-tap trade

Portfolio — holdings with live unrealised P&L and allocation

Portfolio — holdings with live unrealised P&L and allocation

Markets — search, watchlist and movers

Markets — search, watchlist and movers

Order ticket — market & limit orders with a live estimated cost

Order ticket — market & limit orders with a live estimated cost

Orders — open orders and the full fill history

Orders — open orders and the full fill history

Profile — multiple accounts, risk limits, API tokens and kill switch

Profile — multiple accounts, risk limits, API tokens and kill switch

Sign-in — CIA-branded, commissioned by Trading Futures in Action

Sign-in — CIA-branded, commissioned by Trading Futures in Action

Five safeguards, in plain English

What it actually does to keep your code and data safe — without the jargon.

1

Your balance can't be edited from the app

The trading tables are read-only to the app. Every buy, sell and balance change runs server-side through one checked path — so a tampered client, or a curious user, can't set their own cash or quietly rewrite a position.

2

No accidental double-trades

Every order carries a one-time key. If the connection drops and the app retries, the engine recognises it and returns the original result instead of buying twice — the exact bug that silently corrupts a ledger.

3

A kill switch that actually stops trading

Flip it and pending orders are cancelled and new ones blocked immediately — at the moment trades would fill, not just when they're submitted. Essential the instant an automated strategy starts misbehaving.

4

Bots can't outrun the guardrails

Per-account limits — max order size, max position, daily order count and daily loss — are enforced inside the database under a lock, so an AI agent in a tight loop is held to the rules even under load.

5

Built to cost nothing to run

Prices are read straight from a cache and only one scheduled job ever calls the market-data providers, so the app stays inside free-tier limits even with several agents trading at once — $0 a month.

How this compares

Indicative — the same scope, delivered three different ways.

UK agency

3–5 months

£90k–£140k

Solo freelancer

2–3 months

£45k–£65k

Consultancy in Action — AI-accelerated

AI-accelerated — days

A fraction · $0 to run

By the numbers

What was delivered — verified facts from the build, not projected returns.

32 / 32
Engine tests passing
pgTAP suite, run on a live Supabase stack
4
Platforms from one codebase
iOS · Android · web · desktop (Electron)
$0
Running cost
free-tier Supabase + key-free / free market-data APIs
10
Edge Functions
the only write path — Deno, service-role
~5k lines
Code shipped
~4.1k TS/TSX app + ~0.9k SQL across 5 migrations
Atomic · idempotent
Order engine
append-only ledger — no double-fills

Built with

  • Expo
  • React Native
  • TypeScript
  • Supabase
  • Postgres (RLS + RPC)
  • Edge Functions (Deno)
  • pg_cron
  • Electron
  • Zod
  • pgTAP
  • Finnhub / Massive
  • Playwright

Want something built like this?

We design and ship real, data-driven products — not demos. Tell us what you're trying to make and we'll talk through fit.