Overview
Robinhood AI Portfolio Copilot is a full-stack financial intelligence platform that connects to Robinhood via direct API or CSV import, aggregates your holdings and transaction history, and surfaces actionable insights through a conversational AI assistant backed by Google Gemini 2.5 Flash.
Core Features
- Robinhood direct MFA connection (SMS, email, TOTP, push) and CSV import with auto-aggregation engine
- Portfolio Health Score (0-100) across diversification, concentration, ETF overlap, volatility (beta), and expense efficiency
- AI Portfolio Assistant with persistent multi-turn context, cross-session memory (25 facts), streaming SSE responses, and MCQ-based clarification
- Macro Pulse page covering 9 indicators (VIX, 10Y Treasury, CPI, S&P 500, DXY, PMI, HY Spreads, Oil, Baltic Dry)
- Markets page with AI-enriched news summaries, per-holding sentiment tags, and 11 RSS feed aggregation
- Stock detail view with interactive price chart (1D to MAX), earnings history, key stats, and AI chart interpretation
- Floating chat widget accessible from any page with page-aware suggested prompts
- Full auth: JWT sessions, bcrypt hashing, email OTP verification, account lockout, and password reset
AI and Agent Architecture
- Agent Framework: PydanticAI with typed, schema-first agents and built-in tool calling and streaming
- LLM: Google Gemini 2.5 Flash via Google AI Studio free tier (provider-agnostic through PydanticAI)
- Tool Protocol: FastMCP (Model Context Protocol) over Streamable HTTP for process-level isolation
- 10 portfolio tools exposed to the LLM - holdings, transactions, cash, performance, positions, profiles, quotes, stats, earnings, and candles
- Research sub-agent for S&P 500 screening, multi-stock fundamentals comparison, sector ranking, and DuckDuckGo web search
- Read-only by design: no write tools exposed, agent cannot place trades or mutate account state
- Observability: full-stack tracing via Pydantic Logfire (LLM calls, MCP tool calls, SQL queries, HTTP requests)
Tech Stack
- Backend: Python, FastAPI, SQLAlchemy (async), Pydantic, JWT, bcrypt, Fernet encryption, slowapi
- Frontend: Next.js 16, React 19, TypeScript, Tailwind CSS, shadcn/ui, Zustand, TanStack Query, Recharts
- Database: PostgreSQL 16 with UUID primary keys, JSONB, and indexed foreign keys
- DevOps: Docker Compose with non-root containers and bind mounts for live reloading
- Data: Finnhub API, yfinance, robin_stocks, async RSS aggregation from CNBC, Reuters, Yahoo Finance, and more
Security
- Rate limiting with slowapi (5/min register, 10/min login, 20/min AI queries)
- HTTP security headers: CSP, HSTS, X-Frame-Options, Referrer-Policy, Permissions-Policy
- Fernet encryption for broker tokens at rest with timing-safe token comparisons
- CORS tightened to explicit origins and methods; generic error responses with no stack traces
- Production startup guard refuses to start if secrets are defaults or debug mode is on