QUORUM — Multi-Agent AI Trading Council

5 AI agents vote on every trade. No single agent acts alone. Auth0 Token Vault issues orders:write for ~3 seconds post-quorum & step-up MFA. Then revoked. Built for NSE/BSE & crypto markets.

Comment

Inspiration

The scariest thing about AI trading agents isn't that they're dumb — it's that they act alone. Give a model your Zerodha API key and you're making a blind bet it won't hallucinate a "buy 1000 shares" when you asked for 10. That bet is terrifying.

I wanted to build something that inverted that entirely. Not "trust our AI" — but "we've designed this so you don't have to." That instinct led directly to QUORUM.

The inspiration came from two real-world systems: multi-signature crypto wallets (where no single key can move funds) and corporate treasury controls (where large transactions require multiple approvals). Why doesn't AI get the same treatment?

What it does

QUORUM is a Bloomberg-terminal-style AI trading council for Indian markets (NSE/BSE) and crypto. When you type a trade instruction, five specialist agents deliberate in parallel — each holding its own isolated OAuth token from Auth0 Token Vault:

  • Risk Agent — checks portfolio exposure against concentration limits
  • Market Agent — evaluates live price, RSI, MACD, and sentiment
  • Tax Agent — flags STCG/LTCG implications, wash-sale violations under SEBI Section 94(8)
  • Compliance Agent — verifies SEBI F&O rules, margin requirements, PDT count
  • History Agent — analyses past trade patterns and win rates for this symbol

4 of 5 agents must approve before execution is even considered. If any agent holds a revoked token, it hard-rejects — quorum fails, execution is blocked. Only after quorum is met does Auth0 Token Vault issue the orders:write executor token, and only after the user completes step-up MFA authentication. That token exists for approximately 3 seconds. Then it's revoked and returned to the vault.

How we built it

Frontend: React 18 + Vite + Tailwind CSS with a custom Bloomberg-terminal design language. IBM Plex Mono throughout. Every number goes through a formatting layer. Live market ticks every 1.8 seconds across 10 NSE/BSE/crypto instruments.

State: Zustand store with a deterministic agent deliberation engine. Each agent runs real financial logic — not pattern matching. The Risk Agent computes actual portfolio weight percentages. The Tax Agent checks real holding periods against SEBI Section 94(8) wash-sale windows. The Compliance Agent tracks PDT counts and margin utilisation.

Auth0 Token Vault: Each of the 6 agents (5 specialist + 1 executor) has an isolated OAuth 2.0 token with minimum required scopes. The vault panel shows live token expiry countdowns, per-agent scope assignments, and a revocation UI. Step-up authentication uses loginWithPopup with acr_values for genuine MFA enforcement before the executor token is issued.

Architecture decision: The executor token (orders:write) is intentionally never pre-issued. It does not exist in the vault until quorum + step-up auth are both satisfied. This was the core architectural insight — Token Vault as a trust boundary, not a credential store.

Challenges we ran into

Quorum logic with partial verdicts: The hardest problem was defining what "quorum" means when agents return mixed signals. A hard reject from any single agent now blocks execution entirely — but 4 approvals + 1 warn produces a "soft quorum" that still requires step-up auth. Getting this state machine right without race conditions took significant iteration.

Per-agent token scoping: Designing minimum-privilege scopes for each agent required thinking carefully about what each agent actually needs. The Tax Agent only needs trades:history:read and lots:read — it has no business touching live prices. Enforcing this boundary in the vault architecture surfaced several design questions we hadn't anticipated.

Real step-up auth flow: Integrating loginWithPopup with acr_values for MFA enforcement mid-session — not at login — required understanding Auth0's grant flow at a level beyond the standard SDK documentation. The executor token must be requested with the orders:write audience scope immediately after MFA confirmation, then used once and discarded.

Bloomberg terminal UI at 60fps: Rendering 10 live-ticking instruments, sparklines, a price chart, 5 agent cards, and a terminal log — all updating on 1.8-second intervals — required careful use of React.memo, useMemo, and useCallback to prevent cascade re-renders.

Accomplishments that we're proud of

The revocation demo. You can go to the Vault panel mid-session, revoke the Risk Agent's token, then submit a trade. The Risk Agent returns a hard REJECT with the reason: "Token revoked. Cannot access portfolio:read scope." Quorum fails. No execution token is issued. The vault enforced the boundary automatically — without any application-level logic. That's Token Vault working exactly as designed.

Real financial logic in every agent. The Tax Agent actually checks wash-sale windows. The Risk Agent computes real portfolio weight percentages. The Compliance Agent tracks PDT count against the 3-trade rolling window. These aren't mocked — they run deterministic financial calculations on live portfolio state.

A UI that feels like a real terminal. The Bloomberg-style design with IBM Plex Mono, live NIFTY/SENSEX/BTC tickers, OHLCV candlestick charts, intraday P&L bars, and a command-line interface with arrow-key history navigation makes QUORUM feel like professional trading software — not a hackathon demo.

What we learned

Token Vault changes the security model, not just the implementation. The insight wasn't "how do I store tokens safely" — it was "what becomes possible when each agent is a separate identity with its own credential lifecycle." Revocation, scope isolation, step-up auth, and time-limited execution tokens are all downstream of that one architectural decision.

Multi-agent systems need hard gates, not soft ones. Early versions used weighted voting. We scrapped it. A 0.8-weighted Risk Agent approval with a 0.6-weighted Tax Agent rejection still produced ambiguous outcomes. Hard quorum — 4/5 approve, 0 reject — eliminated ambiguity entirely and made the system's behaviour predictable and auditable.

The audit trail is the product. Every token issuance, every agent verdict, every step-up auth, every revocation is logged to the terminal in real time. Users don't just see the outcome — they see the chain of custody. That transparency is what makes it trustworthy.

What's next for QUORUM — Multi-Agent AI Trading Council

Live Zerodha Kite execution. The architecture is already built for it — swap the mock execution with a real Kite Connect POST /orders/regular call using the vault-issued executor token.

LLM-powered agent reasoning. Replace the deterministic agent logic with Claude or GPT-4 function calls, each authenticated with their own vault token. The Tax Agent becomes a genuine tax advisor. The Risk Agent runs real portfolio optimisation.

Async agent sessions. Long-running agents that monitor positions continuously — not just on trade submission. The Compliance Agent watches for PDT threshold approaches in real time. The Risk Agent triggers alerts when concentration limits are approached.

Mobile step-up auth. Auth0's Guardian push notification for step-up authentication on mobile — so you can approve a trade execution from your phone while the council deliberates on desktop.

Institutional deployment. The quorum architecture maps directly onto institutional trading controls — four-eyes principle, risk desk approval, compliance sign-off. QUORUM is a proof of concept that AI agents can be governed the same way human traders already are.

Built With

  • auth0-sdk
  • auth0-token-vault
  • coingecko-api
  • framer-motion
  • ibm-plex-mono
  • mfa-step-up-authentication
  • node.js
  • nse/bse-market-data
  • oauth-2.0
  • polygon.io
  • react-18
  • recharts
  • tailwind-css
  • vite
  • yahoo-finance
  • zerodha-kite-connect
  • zustand
Share this project:

Updates