The boring discipline behind an automated trading product
Long-form on the technical choices that make Quantor verifiable rather than trustworthy. Build signing, regime detection, self-custody, audit chains. Engineering, not marketing.
Self-custody by construction — why your trading bot shouldn't hold your funds
The October 2022 3Commas leak moved real user money because the bot architecture could. Quantor is built so the same class of breach can't. The exchange API key has trade-only scope, the DB stores only an AES-GCM blob, the master key lives in a separately-administered Secret Manager, and the exchange itself refuses withdrawal regardless of what our code thinks.
Read article →The regime detector — what we kill live trades on, and why
A 50-line classifier, two retail-readable indicators (realized daily volatility and drawdown from peak), three buckets. When the market regime flips DANGEROUS we refuse to start LIVE bots — the user sees the exact numeric reason. Walks through the algorithm, the thresholds, the historical windows where it would have fired, and the upside we accept giving up in exchange.
Read article →How we sign every prod deploy with Ed25519 — and why your bot doesn't
Most crypto-bot SaaS ask you to trust them. We sign every prod
deploy with an offline Ed25519 key and publish the public key, so
you don't have to. Here's exactly how it works, what it catches,
what it doesn't, and how anyone with openssl can verify
our running build in 30 seconds.
Verify what we just claimed
Every fact in the blog is backed by a public endpoint. The build signature, the audit chain head, the regime state — all of it is live and verifiable right now.