Replace the current portfolio stored in portfolio.csv with code that uses the Alpaca as the system of record for the user's portfolio. This provides us a mechanism for multi-tenat portfolios and paves the way for automated trading.
Make sure to work out a good way to store the user's api token and secrets. A good model is to use the google secrets manager so each set of credentials can be restricted to a given user, and can be managed (rotated,etc.) by that user. Using google secrets manager can also be used to restricts the AI from seeing credentials, and reduces the chance of accidentally checking them into github.
When we move to funded accounts, we should host the mcp serve that access Alpaca outside the perview of the AI - hosting it on gcp and forcing the AI to use the tool via https request. That will force the AI to authenticate with the MCP server, and put a layer of isolation around the code with the Alpaca creds.
Replace the current portfolio stored in portfolio.csv with code that uses the Alpaca as the system of record for the user's portfolio. This provides us a mechanism for multi-tenat portfolios and paves the way for automated trading.
Make sure to work out a good way to store the user's api token and secrets. A good model is to use the google secrets manager so each set of credentials can be restricted to a given user, and can be managed (rotated,etc.) by that user. Using google secrets manager can also be used to restricts the AI from seeing credentials, and reduces the chance of accidentally checking them into github.
When we move to funded accounts, we should host the mcp serve that access Alpaca outside the perview of the AI - hosting it on gcp and forcing the AI to use the tool via https request. That will force the AI to authenticate with the MCP server, and put a layer of isolation around the code with the Alpaca creds.