QuantumRisk Oracle is a U.S.-oriented enterprise SaaS platform for portfolio risk intelligence combining hybrid quantum-inspired Monte Carlo simulation, classical ML forecasting, real-time analytics, and compliance-ready reporting.
- Multi-tenant portfolio ingestion (CSV now, API/ERP extensible)
- VaR (95%, 99%), CVaR, Expected Shortfall
- Liquidity risk and credit risk scoring
- LSTM volatility forecasting pipeline
- Bayesian macro stress scenarios for U.S. shocks
- Hybrid classical/quantum tail probability benchmark with fallback
- Compliance report exports (JSON/CSV/PDF placeholder)
- Async risk jobs via Celery + Redis
- Usage-based quantum billing records
- Enterprise API-key authentication (
X-API-Key) - Signed outbound webhook subscriptions (
risk.completed) - Real PDF compliance rendering
- SHAP explainability endpoints for credit risk model
- Prometheus metrics, structured JSON logs, audit trail records
- Frontend: React + TypeScript + Recharts
- Backend: Flask + JWT + RBAC + rate limiting
- Risk/ML: NumPy/SciPy + PyTorch + XGBoost + Qiskit
- Data: PostgreSQL (tenant-aware schema)
- Queue: Redis + Celery
- Infra: Docker, Docker Compose, Kubernetes, GitHub Actions CI/CD
quantumrisk-oracle/
├── backend/
├── worker/
├── frontend/
├── database/
├── k8s/
├── tests/
├── sample_data/
├── docs/
├── docker-compose.yml
├── .env
└── README.md
- Build and run:
docker compose up --build -d- Health check:
curl http://localhost:8000/health- Open API doc seed:
curl http://localhost:8000/openapi.json- Frontend:
http://localhost:3000
- Install frontend dependencies:
cd frontend
npm install- Install the minimal backend runtime into the local virtualenv:
./.venv/bin/pip install Flask Flask-JWT-Extended Flask-SQLAlchemy Flask-Limiter prometheus-flask-exporter python-dotenv SQLAlchemy Werkzeug python-json-logger requests- Seed demo users against a local SQLite database:
DATABASE_URL=sqlite:////tmp/quantumrisk-local.db ./.venv/bin/python -m backend.seed_demo- Run the backend:
DATABASE_URL=sqlite:////tmp/quantumrisk-local.db CELERY_BROKER_URL=redis://localhost:6379/0 CELERY_RESULT_BACKEND=redis://localhost:6379/1 ./.venv/bin/python -m backend.app- Run the frontend in a second terminal:
cd frontend
VITE_API_BASE_URL=http://localhost:8000 npm run devDemo logins:
admin@helios-oracle.com/QuantumRisk!2026analyst@helios-oracle.com/QuantumRisk!2026auditor@northbridge-capital.com/QuantumRisk!2026
- Register tenant/user:
curl -X POST http://localhost:8000/api/v1/auth/register \
-H 'Content-Type: application/json' \
-d '{"tenant_name":"Acme Treasury","email":"admin@acme.com","password":"S3cret!123","role":"admin"}'- Login:
curl -X POST http://localhost:8000/api/v1/auth/login \
-H 'Content-Type: application/json' \
-d '{"email":"admin@acme.com","password":"S3cret!123"}'- Upload portfolio CSV:
curl -X POST http://localhost:8000/api/v1/portfolios/upload \
-H "Authorization: Bearer $TOKEN" \
-F "name=Core Portfolio" \
-F "file=@sample_data/portfolio_sample.csv"- Run risk:
curl -X POST http://localhost:8000/api/v1/risk/run \
-H "Authorization: Bearer $TOKEN" \
-H 'Content-Type: application/json' \
-d '{"portfolio_id":"<PORTFOLIO_UUID>","mode":"hybrid","paths":20000}'- SEC: risk summary disclosure payload
- GAAP: structured report outputs and audit trace
- Basel III: VaR/CVaR/ES and stress support
- SOX: immutable event-style audit logging pattern
- JWT authentication + role-based authorization
- Tenant scoping in queries
- API rate limiting and throttling hooks
- Input validation for upload format and payload types
- AES-256/TLS1.3 controls represented in configuration and report controls
- SOC 2-ready logical architecture (audit, isolation, traceability)
- Classical risk path count 10k-100k with vectorized NumPy ops
- Hybrid mode includes quantum estimator benchmark + fallback
- Horizontal scalability via k8s HPA on backend/worker
- For 50k concurrent users: deploy managed Postgres/Redis, ingress autoscaling, CDN/WAF, and sharded task workers
Training scripts:
backend/ml/training/train_volatility.pybackend/ml/training/train_credit.pybackend/ml/training/train_macro.py
Registry artifacts:
volatility_vX.ptcredit_vX.pklmacro_vX.pkl- metadata JSON files
pytest -q- Quantum block uses Qiskit runtime-compatible design with safe classical fallback.
- PDF export endpoint generates binary PDF documents using ReportLab.
- ERP/API integrations should be implemented via dedicated ingestion connectors under
backend/routes+backend/services.
- API Key management:
/api/v1/api-keys(create/list/revoke; admin role) - Any protected endpoint supports JWT or API key auth
- Signed webhooks: configure
/api/v1/webhooks/subscriptions; outgoing signaturet=<ts>,v1=<hmac> - Explainability:
POST /api/v1/explain/creditPOST /api/v1/explain/credit/batch