From there, Supabase MCP or psql gives Claude/Codex access to the transactions/balances for english queries. Really impressed with their ability to find subscription patterns, abnormal patterns, etc. Also to predict cashflow which no online tool so far is good at i.e. "tell me how much cash I can move to savings based on my monthly spend patterns and available cash".

For autocategorization, I learned Claude is really good at custom DSLs. Had it create a markdown table based ruleset to normalize payee/categories. I also run the autocat rules as part of the GitHub actions.

They have an api and I got llm to write a CLI for it.

That way agent can pretty much pull the data it needs or wants.

One thing I also had it do is build up a series of rules for tagging which then I run a cron for once a day.

Every once in a while I just ask it to look over the rules and make new ones for uncategorized transactions.

(As a side note I think having LLM “memoize” a task through a rule engine or code is really nice pattern)

But once you have the cli with query you can pretty much ask the agent to do anything.

- Backend & CLI are both strictly linted Rust. The webapp runs on Axum (Rust web framework), and connects to Postgres via sqlx.

- Financial read-only. There's no transfer, pay, or send tool in the product. Nothing in the AI surface can move money.

- We request transactions, investments, and liabilities from Plaid. We don't request auth, transfer, or payment_initiation, so we never receive full account numbers or routing numbers — just the last-4 mask Plaid returns by default.

- Bank usernames and passwords go to Plaid Link, not us. We only hold a per-institution access token.

- Plaid access tokens live in a separate database behind a single custody Cloud Run service, encrypted at rest by Cloud KMS. The broker calls KMS's encrypt/decrypt endpoints — the root key material never leaves Google's HSM boundary and the broker's service account is the only one with encrypt/decrypt permissions. The web app doesn't have permission to read that database.

- Every encryption and decryption call passes the Plaid item ID as AAD (additional authenticated data). A ciphertext from one item cannot be swapped in and decrypted as another item's token.

- Each Cloud Run service (including our web app) runs under its own cloud identity and with its own DB role.

- Internal calls between services are authenticated: the caller presents a short-lived identity token from the cloud provider, and the receiver verifies it.

- The prod databases have no public IP. Secrets live in managed secret storage, not in source or container images.

- The AI connector is OAuth 2.1 + PKCE, scoped per user, revocable from the UI. Every tool call records the tool name, sanitized args, calling client, and the reason the agent supplied, so you can see what your LLM asked on your behalf.

- There are no fetch-URL, shell, or general I/O tools in the AI surface. Tools return structured financial data and nothing else.

- Networking, IAM, and DB grants are all in Terraform. All infra changes go through that path.

- Infra access is gated by 2fa and security keys.

It's focussed on read tools at the moment, but we have write tools coming (money transfers, debt paydown, etc)

Check it out and let me know if you'd like to see any particular features landing - just email alex at the above domain name.

For background context I'm Alex the CEO, I'm ~new to HN but was the former head of web presence at stripe.com and was at Square / CashApp before that. Hi!

I don't quite understand the desire to have these verbose summaries that you have to read from LLMs. You'll notice anomalies if you just categorize each of your expenses every so often (easy with Tiller).

I don’t understand how anyone is OK with this. It goes against every security principle and it’s against the terms and conditions of every bank.

I realize that almost no bank provides a secure and proper API to get info and/or to transfer funds, but Plaid’s solution is a disaster waiting to happen.

When I'm dealing with my finances the 95% time Claude is correct and doesn't hallucinate is not enough as I have to be vigilant and review its work all the time. So it kinda makes it worthless in this case for me

Now for the criticism: back in the day mint.com was mind-blowing. It's what you always thought you'd wanted. The graphs were interactive and pretty and you really loved seeing them go up. Not so much down. I was so attached to the gamified aspects, much like step counters. They reinforce habits.

My mint journey ended with roughly 5 years or so of data, once they sold to Intuit, didn't like the ads and willingly syncing all my data to mega-corp. Much like Duolingo, it felt good at the time, but I don't know that it did anything for me at all.

Tracking is a double-edged sword: it really does build better habits. It's better to track weight every day for example so you better understand that fluctuations are mostly noise. The daily tracking stuff is entirely useful to get the need to track daily out of your system.

TLDR: checking my net-worth daily sounds like something I should coach myself out from. Ironically that probably takes tools, but the end goal is to not need them.