Rendered at 04:04:59 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
cowlby 1 days ago [-]
I recently did this for myself using https://tiller.com/ to sync checking/credit-card transactions to a Google Sheets spreadsheet. Then a GitHub action mirrors the spreadsheet to a free Supabase database.
From there, Supabase MCP or psql gives Claude/Codex access to the transactions/balances for english queries. Really impressed with their ability to find subscription patterns, abnormal patterns, etc. Also to predict cashflow which no online tool so far is good at i.e. "tell me how much cash I can move to savings based on my monthly spend patterns and available cash".
For autocategorization, I learned Claude is really good at custom DSLs. Had it create a markdown table based ruleset to normalize payee/categories. I also run the autocat rules as part of the GitHub actions.
rkagerer 1 days ago [-]
How does Tiller get your transaction data from your bank?
Do they pull it through Plaid and the like? It's been a while since I checked them out.
Does it still entail entrusting Plaid with your web banking user credentials? How's 2FA handled?
Does Plaid still rely on screen scraping for certain financial institutions who lack formal API's? What happens if there's a bug and they inadvertently click something they shouldn't, eg. "I Agree" to a popup or something you don't consent to, or even send funds to the wrong place? I know they claim they are "read only" but afaik no bank offers the ability to set up secondary user accounts (on personal banking plans) that truly are just read only?
Do they maintain underwriten insurance or a bond or something to improve your confidence you'll be reimbursed if they, say, cause you a million+ dollars worth of financial damage?
How about the implications of letting both those parties see all your private banking data? I heard there was a class action lawsuit with allegations data was sold or shared inappropriately, any indications on what actually happened?
Or how about the clauses in your banking Terms of Service where you agree not to share your password with third parties?
I just feel queesy using a web / cloud service to manage my finances. Would prefer some client software that runs locally and talks to some kind of bank API's. Does such a thing exist in Canada? (Open Banking is supposed to be coming but I'm not clear if individuals will be able to access it for software they write themselves?) I would switch banks if it did.
These are genuine questions, I sure could use something like an API to my bank, if it were impeccably trustworthy and enforced policies of limited internal data retention once I've "downloaded" it.
mbm 13 hours ago [-]
Local AI models are getting a lot better. If you have the capability to run them, you could automate this yourself using your own browser automation, actually. It is rather fiddly, as mentioned in the post, but is absolutely doable, and probably the only option, at least for now, where you wouldn't need to provide your credentials to a third party.
Plaid does do screen scraping for smaller banks, but they have agreements for OAuth-based access with most of the largest institutions.
cowlby 13 hours ago [-]
I believe they use Yodlee and yes there is a lot of trust in Yodlee/Tiller to keep data safe. The integrations go through an OAuth type flow where you hit say Chase first and approve/revoke individual accounts so it seems like it's API based now, not screen scraping.
For all those concerns, I bet you could automate just parsing all the data from the statements or a CSV export.
dyogenez 1 days ago [-]
Another +1 for Tiller!
I'm doing something similar with Tiller (which I've been using since Mint was acquired by Intuit).
It's neat to see how OP did this using a Claude Routine though. My version locally uses a local qwen model + an API key (annoyingly created using OAuth) with sheets access. A Claude Routine would've been significantly easier
mbm 1 days ago [-]
Routines are so fun to work with. It's almost too easy to spin a new one up. A little worried about when I get past the 15 routines limit, though. Then it goes into "extra usage" land.
mbm 1 days ago [-]
That's so cool! Are you planning to open source any of this? Would love to see how you set everything up, or - maybe most interested in - some of your prompts.
cowlby 1 days ago [-]
It was all GitHub Spec Kit + Claude Opus tbh. I narrated a couple paragraphs of how I wanted to sync to flow and it knocked it out in one pass practically.
This is really neat, and actually pretty sophisticated. It's like a tiny fintech.
How well has the cash flow prediction worked?
cowlby 1 days ago [-]
It's great because Claude Code generated complex analysis/models 10X better than I was familiar with.
The key was normalizing the payee/categories so we can analyze month to month, and separating fixed vs variable spend. It then did a fancy Monte Carlo simulation with the computed mean/stddev per payee. And out came T+30/T+60 estimates at P50/P80/P90.
ariwilson 1 days ago [-]
why not just use Plaid under the hood
cowlby 1 days ago [-]
I've been using Tiller since the pre-AI era. Plaid seems to be more B2B oriented so I haven't looked into it. But eventually yes that would be ideal to own the full pipeline.
mbm 1 days ago [-]
Have you tried browser automation?
63 1 days ago [-]
Maybe my net worth is too low but I just don't see a value proposition. I don't want daily emails from LLMs and if I need updates on my investments any more often than quarterly (at most), I should probably seek safer investments. I am a bit interested in budgeting tools, but I want them to be completely deterministic. For me at least, financial planning is pretty uneventful and time spent optimizing expenses more than I already have would be better spent seeking a higher paying job.
pwinnski 14 hours ago [-]
I use actualbudget.org to track all spending, but only update investment accounts ("off-budget" in Actual Budget terms) once a month. Completely deterministic, as all things related to numbers should be.
I have pointed my LLM at the SQLite DB and asked it to tell me what it could see from my last five years of transactions, and I was impressed with the things it picked up, and what it reminded me of, but I'm not sure I saw any value in the sense of anything I would change.
I'm going to have it review things monthly to see if that helps me, but I'm not sure it will. I'm generally already aware of how my finances are going because of my budget updates.
mapBasketWand 16 hours ago [-]
Have you tried Actual budget + SimpleFIN as a bridge to get your transactions out of banks?
I use that to track credit card spending and my checking account.
Then you can connect an mcp to do analysis of the data from one place if that’s what you want
mbm 1 days ago [-]
Thanks. If I could ask, what would interest you?
DANmode 21 hours ago [-]
They said deterministic budgeting tools.
mbm 13 hours ago [-]
Thanks :-)
aleksiy123 1 days ago [-]
I’m Canadian and have been using https://lunchmoney.app/ for tracking with Plaid integrations.
They have an api and I got llm to write a CLI for it.
That way agent can pretty much pull the data it needs or wants.
One thing I also had it do is build up a series of rules for tagging which then I run a cron for once a day.
Every once in a while I just ask it to look over the rules and make new ones for uncategorized transactions.
(As a side note I think having LLM “memoize” a task through a rule engine or code is really nice pattern)
But once you have the cli with query you can pretty much ask the agent to do anything.
jnfr 1 days ago [-]
Awesome to hear! (founder of Lunch Money here :)- thanks for the shoutout!)
aleksiy123 1 days ago [-]
Of course it’s a great product and has been serving me well ever since intuit killed mint.
I think my only request is to expose the rules engine as a declarative api in v2.
I ended up locally caching the transactions data, using cel/aip-160 as a rules engine then having the script apply the results on the data.
mbm 1 days ago [-]
Nice! What are your main use-cases?
aleksiy123 1 days ago [-]
I’m planning to buy an apartment soon so I wanted to be able to chat and say what kind of mortgage can I afford and where should I cut spending.
The other use case funnily enough was to ask how much I’m spending on hobby dev.
Make sure I’m not getting carried away across llm subscriptions, as well as cloud costs.
I think the nice part is once you have the cli you just use the agent in your ide as your chat interface.
mbm 1 days ago [-]
Same here -- I mainly use Driggsby from Codex or Claude Code, not ChatGPT or Claude actually.
Thanks for sharing about the apartment -- that's super cool and a really great use-case.
mbm 1 days ago [-]
In case anyone is interested, just wanted to share a few high level details about our infra/security setup.
- Backend & CLI are both strictly linted Rust. The webapp runs on Axum (Rust web framework), and connects to Postgres via sqlx.
- Financial read-only. There's no transfer, pay, or send tool in the product. Nothing in the AI surface can move money.
- We request transactions, investments, and liabilities from Plaid. We don't request auth, transfer, or payment_initiation, so we never receive full account numbers or routing numbers — just the last-4 mask Plaid returns by default.
- Bank usernames and passwords go to Plaid Link, not us. We only hold a per-institution access token.
- Plaid access tokens live in a separate database behind a single custody Cloud Run service, encrypted at rest by Cloud KMS. The broker calls KMS's encrypt/decrypt endpoints — the root key material never leaves Google's HSM boundary and the broker's service account is the only one with encrypt/decrypt permissions. The web app doesn't have permission to read that database.
- Every encryption and decryption call passes the Plaid item ID as AAD (additional authenticated data). A ciphertext from one item cannot be swapped in and decrypted as another item's token.
- Each Cloud Run service (including our web app) runs under its own cloud identity and with its own DB role.
- Internal calls between services are authenticated: the caller presents a short-lived identity token from the cloud provider, and the receiver verifies it.
- The prod databases have no public IP. Secrets live in managed secret storage, not in source or container images.
- The AI connector is OAuth 2.1 + PKCE, scoped per user, revocable from the UI. Every tool call records the tool name, sanitized args, calling client, and the reason the agent supplied, so you can see what your LLM asked on your behalf.
- There are no fetch-URL, shell, or general I/O tools in the AI surface. Tools return structured financial data and nothing else.
- Networking, IAM, and DB grants are all in Terraform. All infra changes go through that path.
- Infra access is gated by 2fa and security keys.
atonse 14 hours ago [-]
Thank you so much for actually sharing these technical details. Shows you know THIS website’s audience.
And the thought put into security at every level gives me more confidence in the overall tool.
I’ve tried to build this myself (mvp for myself was just downloading statement PDFs manually and having Claude setting up ledger for plain text accounting, thinking I’ll eventually hookup plaid)
I’m mostly curious about how people work with plaid. Do you need a certain threshold of users to get started? Because I’d love to get a plaid account just for my finances. I’m not interested in building a product like this, just want to connect my personal and business accounts to a clean API.
mbm 13 hours ago [-]
Hey! Thanks for stopping by. Actually planning to do a full blog post on this topic soon (how to get started with Plaid).
It was a bit of a process involving sales calls, contracts, security attestations, etc., but they're planning to make it easier to try out the platform. There is a pay-as-you-go, developer-friendly option, but the support it includes is pretty flaky. The support issue is less "my code broke" and more things like "this institution isn't returning what it should," or, "I haven't been approved yet by this institution that does manual review."
Overall, it's been a pretty good experience! I'd suggest spinning up an app if you're considering them. Here are their LLM-friendly docs: https://plaid.com/docs/llms-full.txt
DANmode 1 days ago [-]
If you’re going to downvote someone sharing technical details of their product,
or worse, a Show HN?,
at least indicate why.
It feels like all I’ve done today is Vouch comments that have no indicated reason for being Dead.
moltar 1 days ago [-]
Have to be careful with routines. There’s a very small disclaimer that’s barely noticeable that in routine mode all MCP tools, even write are always allowed. So agent can technically go rogue and start mutating your resources via MCP.
mbm 1 days ago [-]
Indeed. Always have to be thinking about prompt injection when it comes to these tools.
avocabros 1 days ago [-]
This seems like a solution looking for a problem. https://tiller.com/ works great and lets you do whatever calculations you want in a spreadsheet - and, bonus, it's never going to hallucinate.
I don't quite understand the desire to have these verbose summaries that you have to read from LLMs. You'll notice anomalies if you just categorize each of your expenses every so often (easy with Tiller).
mbm 1 days ago [-]
Hi! Thanks for sharing.
I actually built it for myself initially, and my wife. So I just built what we needed/wanted.
There will be a huge variety of products in this space and ours is just one take on the problem. I love seeing anything that's taking a shot at it.
amelius 1 days ago [-]
It's not the summaries.
It's the ease by which LLMs can ingest and combine various data sources.
mbm 1 days ago [-]
This. It's really cool to weave other data sources into your data.
I recently needed to set up some calendar events on certain dividend days, but of course, didn't know what those dividend dates actually were. So we used the MCP connector to retrieve our current Vanguard holdings, had GPT-Pro do web research to pull all the dates, and then created calendar events from that. Worked well.
alex-norcliffe 1 days ago [-]
We (Era Finance) have a solution for exactly this - Era Context, an MCP for connecting any compatible agent to your personal finances - https://era.app
It's focussed on read tools at the moment, but we have write tools coming (money transfers, debt paydown, etc)
Check it out and let me know if you'd like to see any particular features landing - just email alex at the above domain name.
For background context I'm Alex the CEO, I'm ~new to HN but was the former head of web presence at stripe.com and was at Square / CashApp before that. Hi!
managedcode 17 hours ago [-]
Interesting, thanks for sharing. I’m trying it ring now
mbm 1 days ago [-]
Thanks for stopping by, Alex! Looks awesome -- good luck to you guys!
alex-norcliffe 1 days ago [-]
Thanks so much!
soraminazuki 20 hours ago [-]
Maybe the battle has long been lost, but why on earth would you want to entrust your entire financial transactions to an LLM? I bet LLM providers have even less safeguards regarding the use of these data than the financial industry, which to be clear is an abusive industry collecting, mining, and selling our data.
mbm 13 hours ago [-]
The main reason I do it, at least, is because the insights it provides (as someone who's interested in spending patterns/investing/etc.) are actually quite useful. With even a very basic prompt, I've found things that were otherwise completely missed.
Making it secure is actually quite hard, but that's why we're spending an enormous amount of time thinking about that.
atonse 14 hours ago [-]
In this case, the creator has explained that this is all read only.
So what’s the problem?
soraminazuki 1 hours ago [-]
I don't see your point. If it's not a problem, can I have read-only access to your financials?
Also, the article states that the initial implementation was using Chrome DevTools MCP. That doesn't sound like read-only to me.
RivieraKid 20 hours ago [-]
Why not? How could it negatively affect my life?
Daviey 17 hours ago [-]
My primary bank, Monzo (UK) provides a full API and trigger webhook for events.
This has enabled me to make a WhatsApp bot that asks me to explain abnormal transactions (using an LLM for reasoning), and also have a pre-midnight sweep balance to savings account to maximise interest daily interest.
I also maintain a small daily balance, and if I spend money during the day it tops it up from the savings to maintain that low balance. If I need to spend more, I can move money manually.
mbm 13 hours ago [-]
That's so awesome! You should open source this. Wish we had this in the US, would make things so much easier.
id00 1 days ago [-]
When I was trying to use Claude to analyze my past transactions, I found out that it was constantly hallucinating charges, sometimes adds new, double counts and etc.
When I'm dealing with my finances the 95% time Claude is correct and doesn't hallucinate is not enough as I have to be vigilant and review its work all the time. So it kinda makes it worthless in this case for me
mbm 1 days ago [-]
Give GPT in Codex a try! I agree, Claude still seems quite prone to hallucinations, especially with incomplete or limited datasets.
cantrevealname 1 days ago [-]
To everyone who doesn’t know how Plaid works: You give your banking username and password directly to Plaid, and it keeps it (so it can continue to login).
I don’t understand how anyone is OK with this. It goes against every security principle and it’s against the terms and conditions of every bank.
I realize that almost no bank provides a secure and proper API to get info and/or to transfer funds, but Plaid’s solution is a disaster waiting to happen.
mbm 1 days ago [-]
Hear you 100%. It felt very uncomfortable for me the first time I used it, as well.
The problem is that there sort of isn't a better way right now in the US, and for now, Plaid or a Plaid-like competitor is the safest way. Eventually, it would be awesome if there were clean, open APIs, and standards around this, but for now, it's the best we have.
The alternative of course for the DIY-er is some sort of browser automation, which honestly, is what I tried first. I really wanted it to work, but it didn't - which led us to Plaid.
angoragoats 1 days ago [-]
> The problem is that there sort of isn't a better way right now in the US, and for now, Plaid or a Plaid-like competitor is the safest way
So then the correct thing to do is to not automate this, until there is a better way. Why would you willingly give your bank credentials to a third party just so you can get some summary emails?? It doesn’t make any sense.
ryandrake 1 days ago [-]
It's total insanity. Can't banks detect and ban Plaid? They should suspend/cancel customers' online access as "compromised" if they detect someone other than the user using the user's credentials to log in. All the security theatrics banks put users through and they don't check for obvious credential leaks?
mbm 1 days ago [-]
Just to share -- Most of the largest banks/FIs actually work directly with Plaid.
Here's a quick list of some of the major ones:
JPMorgan Chase, Bank of America, Wells Fargo, Citibank, U.S. Bank, PNC, Capital One, Truist, TD Bank, Charles Schwab, Vanguard, Marcus by Goldman Sachs, Goldman Sachs Private Wealth, Morgan Stanley, E*TRADE, USAA, M&T, RBC, American Express, Fifth Third, Citizens, KeyBank, Huntington, Ally, Discover, BMO
wrs 1 days ago [-]
Yes, Plaid clearly has different levels of integration with different banks.
When I connect something to Chase with Plaid it is clearly a cooperative system with an OAuth-like permission dialog, and the Chase side even mentions they're tokenizing the account numbers so Plaid can't see them.
When I connect to the little bank down the street I just get a username/password dialog. Their web banking system is so primitive I'm pretty sure Plaid is just scraping it. When they introduced 2FA, Plaid became quite flaky.
cantrevealname 1 days ago [-]
> TD Bank
Quite the opposite in the case of TD Bank. They sued Plaid in 2020. “The bank said in the court filings that the Plaid interface dupes consumers into believing they are entering personal information into TD Bank’s trusted platform.” (They settled in 2021 without explaining the terms of settlement.)
Hear you 100%. It's certainly not for everyone, and I respect your position.
angoragoats 18 hours ago [-]
I appreciate it, but by giving horrible companies like Plaid your business you are encouraging and normalizing poor security practices. My parents are almost 80 and use a local bank that I’m pretty sure would just be scraped by Plaid. Do you think they’re going to understand the difference between OAuth and storing their credentials? Plaid and any company like it should be shut down.
kylecazar 1 days ago [-]
I don't think this is still the case?
When we built our Plaid integration it used OAuth and a redirect. Plaid just got an access token, you enter your user/pass at bank side.
Edit: Seems like smaller/local banks are probably the ones that won't support OAuth. We didn't support those.
I'll speak to Australia... here we have the legislated Consumer Data Right [1]. This currently puts obligations on banks and energy retailers to make consumer data accessible via an API, via Authorised Data Holders (ADH - the banks and retailers) and Authorised Data Recipients (ADR). However! The major criticism I have of this scheme is that as an individual power user I do not have direct access to these APIs myself. I believe there was originally an intent to support this under the scheme, however due to somewhat legitimate security and access concerns, but also I expect pushback from anyone falling into the ADH category, this is not possible. Setting up an ADR has a not insignificant compliance burden.
However I have recently come across Redbark [2] which is a simple service that has taken on the mantle, and provides a simple sync mechanism for any Consumers that believe they have a Right to their Data. Not affiliated, just a happy customer and I hope that they can make the economics work over the long term.
Yup, it would be really awesome if this concept was deployed in the US. Unfortunately, open standards don't seem to gain as much traction here outside of the tech industry.
ariwilson 1 days ago [-]
I don't really get this; could just use Plaid and have your own transaction/net worth site/app in a few hours with Claude Code and it'd be much more consistent.
mbm 1 days ago [-]
That's actually one of the best things about the current moment -- it's getting easier and easier to do things yourself, and there's less and less reason to use someone else's tool. It's sort of raising the bar for all the apps out there.
cjgx 1 days ago [-]
What does the Plaid integration look like? What is your approach for accounts or assets that can’t be connected with Plaid?
mbm 1 days ago [-]
It's pretty straightforward! There's a widget in the app that you auth through, and then you give consent for the data pull through Plaid. This authorizes the connection, and then webhooks come in going forward as data changes.
For the non-Plaid assets eg., home, car, etc., we just added custom asset MCP tools so you can manually add those and they're included in your computed net worth.
apsurd 1 days ago [-]
Super cool writeup from a technology perspective. And a motivator to build more tools, play with MCP and try out Claude routines. The product pitch is also really clear. Good job all around.
Now for the criticism:
back in the day mint.com was mind-blowing. It's what you always thought you'd wanted. The graphs were interactive and pretty and you really loved seeing them go up. Not so much down. I was so attached to the gamified aspects, much like step counters. They reinforce habits.
My mint journey ended with roughly 5 years or so of data, once they sold to Intuit, didn't like the ads and willingly syncing all my data to mega-corp. Much like Duolingo, it felt good at the time, but I don't know that it did anything for me at all.
Tracking is a double-edged sword: it really does build better habits. It's better to track weight every day for example so you better understand that fluctuations are mostly noise. The daily tracking stuff is entirely useful to get the need to track daily out of your system.
TLDR: checking my net-worth daily sounds like something I should coach myself out from. Ironically that probably takes tools, but the end goal is to not need them.
mbm 1 days ago [-]
Awesome feedback. Agree 100% with this. I guess a couple comments:
- We have a built-in CSV export tool in beta right now for cash transactions, and plan to add this for other datasets as well. You should be able to download your data when you want it. It's yours.
- Yes, tracking is great, but it also has a dark side. My sort of vision, at least for what I want, is less of a gamified finance tracker and more of an ambient, always-on agent that's watching for me. It knows my preferences, it knows what I care about, and it tells me when it finds something.
- Before we get there though, for now, it's really interesting to sort of tinker and build your own custom finance automations. As a programmer, it just feels liberating to get the data out of some closed banking app and into a space I'm comfortable in.
- Especially from an investing standpoint, it's been neat to pair our MCP with a much smarter model like 5.4 Pro and have it do long-horizon research tasks that require a lot of web research and correlation.
apsurd 1 days ago [-]
> As a programmer, it just feels liberating to get the data out of some closed banking app and into a space I'm comfortable in.
Quote of the week for me. well said.
~15 years ago I fumbled around with web programming basically because I never learned how to use excel in school. Nerded out with css, html, forms, then php and mysql to script together an unbelievably worse version of what a spreadsheet could do, but it was incredible that I could build something entirely made for my idea. And with the power to improve it.
Thank you for writing and sharing your story, it's motivating and comforting even. Good luck!
mbm 1 days ago [-]
Thanks for sharing your story!
jonyeazel 1 days ago [-]
Used driggsby the other day. Friend of mine sent it to me. Suprising how easily it found all of my subscriptions. That was the main reason i tried it. I'm sure i'll dive deeper into it this week though.
chickensong 1 days ago [-]
Open a credit card that's just for subscriptions IMHO. It makes things really easy to manage and reason about.
mbm 1 days ago [-]
Did it find any stragglers?
hn_acc1 1 days ago [-]
Any thoughts on how brightplan compares to some of the other apps mentioned here? It's free via work.
mbm 1 days ago [-]
Looks pretty good! Give it a try and let us know how it works?
joshka 1 days ago [-]
I'm curious how reasonable it would be for a person, rather than a company, to have a plaid sub.
Tiller https://tiller.com/ is a good Plaid "proxy". It'll write data to a Google Sheets and can maneuver from there.
mbm 1 days ago [-]
I think it's rather hard because of their security & contractual requirements -- we had to sign a contract with them, go through security review, and so on.
phoenixy1 1 days ago [-]
We just this week launched a new sign-up flow to make it waaaay easier for non-businesses to use Plaid, I posted some details below.
Actually, as part of publicizing our new hobbyist-friendly onboarding, we're looking to work with hobbyists who have created Plaid-powered apps and would be interested in making a short video about their app and their Plaid experience to potentially be featured on the Plaid blog -- if you're interested, shoot me an email at ahoffer@plaid.com and I can send you the details.
atonse 14 hours ago [-]
I would love this. I’ve built software to manage my business and personal finances and am using hacks right now (activity csvs for personal, quickbooks transaction api for business).
In an ideal world I’d move it all to plaid to help analyze finances, cc spend, etc.
I’m happy to hear you’re working on a hobbyist product.
mbm 1 days ago [-]
Sounds awesome! Would love to. Just launched our app to Plaid production this week.
llbbdd 1 days ago [-]
I reached out to them a couple years ago with this exact question and was told flat-out no. You might be able to sneak around it with an LLC but I think they also require you to have a public website for a plausibly banking-related business, which altogether seemed like too much effort to fake for what I wanted out of it.
phoenixy1 1 days ago [-]
So you don't have to be a business to use Plaid, but you do have to be a business to buy Plaid via the Sales channel rather than via the self-serve channel. Admittedly, when folks reach out to Sales and ask to buy Plaid and are told they're not eligible because they're not a business, this nuance is sometimes not communicated very well (or at all). We're working on it. :-)
In fact, we actually just this week launched a new sign-up flow to make it waaaay easier for non-businesses to use Plaid, so try checking it out -- after you go to dashboard.plaid.com and create an account, you should see a "Free trial" button show up on the homepage with a link to use the hobbyist onboarding flow.
mbm 1 days ago [-]
Correct, sales encourages you to sign their minimum contract, which basically gets you better support and an account manager. Pay as you go is an option, but Plaid indicated you basically wouldn't have any guaranteed support SLA post-launch if you were on PAYG.
llbbdd 1 days ago [-]
Thank you for the info! Is this a somewhat recent change or has it always been this way? "A couple years ago" in my comment was doing some heavy lifting, I probably reached out around 2017ish.
mbm 1 days ago [-]
It must be very very new, since we weren't offered it a couple months ago!
Hi all, Matt here - founder. Happy to answer any questions. Thanks for stopping by!
djmips 1 days ago [-]
What are you going to have Claude run your Fantasy football team too?!?
mbm 13 hours ago [-]
Now that would be innovative.
mahemm 1 days ago [-]
I'm surprised y'all stopped at the personal finance layer. I've been thinking for awhile that LLMs would be really effective as personal financial advisers, and this kind of hookup (plus I guess another one for investment accounts?) seems like all that's needed to bootstrap reasoning.
mbm 1 days ago [-]
Yup! Actually starting to experiment with that now.
Just this morning, we stood up a demo email agent (basically, email back and forth with Claude with our MCP server connected, providing the data) and it's strangely comforting to chat with it. There's something about the medium of email and how it just works because that's where you're already used to talking with your financial advisor.
There's a lot of nuance in how it's built though, and everyone has different preferences, so to start with the focus is really on building an agent-friendly MCP.
satvikpendem 1 days ago [-]
A company Maybe.co recently shut down trying to do this exact same thing and couldn't make the economics work.
mbm 1 days ago [-]
Thanks for sharing! Would be curious to learn more.
justinclift 19 hours ago [-]
> I've been thinking for awhile that LLMs would be really effective as personal financial advisers
Why would you be thinking that?
atonse 14 hours ago [-]
I’ve thought the same. Because the main thing a financial advisor does is have the knowledge of different financial instruments and pair it with your situation right?
An LLM would do that extremely well but can also do it more often. not once a year appointments. You could have active portfolio management for a negligible fee.
justinclift 3 hours ago [-]
Who accepts the liability when the LLM does its typical occasional massive judgement fuck up?
Asking that because even the very best, commercially available, state of the art LLMs (presently Claude Opus 4.7 (1M) with Max effort enabled) still occasionally fucks up its decisions and judgement in significant ways.
So, it's kind of horrifying to me that people would consider this for actually potentially life-impacting ways. Especially as it sounds like the consideration is to advise people in area's they don't themselves have the skill and knowledge to catch bad advice on. :(
1 days ago [-]
karp773 1 days ago [-]
"You are absolutely right! This is a very deep, professional level insight. Yes, I have blown up your account but we can try more of my investment ideas. What would you like to do next?" /s
mbm 13 hours ago [-]
Yeah, I actually agree with you -- this is something that needs a ton of guardrails. It'll take a lot of thought to build correctly.
yumraj 22 hours ago [-]
I absolutely love the idea.
Problem, I don’t trust 3rd party services with access to financial data. No offense to the OP.
I wish this was open source and self-hostable. Not suggesting that OP does that since I’m sure he has to pay bills :)
I may look into doing something like this for personal use. I’ve gotten interested in creating desktop apps which store data locally. Have created a few using Claude code. It seems Plaid has some APIs for personal use.
mbm 13 hours ago [-]
Yes, give it a try! I did this on my own first before deciding to make it "a thing." It's actually a really fun project and gives you a ton of insight into your finances. I'd recommend it.
mannanj 1 days ago [-]
It's amazing to me how little people care about their data. Giving it to an AI company for non-training purposes is OK now? Was it okay before?
2ndorderthought 1 days ago [-]
I was just thinking the same thing.
Dear company who has extensive military contracts and is founded in stealing data from people here is every single financial transaction I have ever made! Please don't use it for surveillance pricing tee hee.
At least apple credit cards give you money for that rather then the other way around.
mbm 1 days ago [-]
Side note: the Apple Card is awesome. We have it & love it. Would really like to integrate with FinanceKit (Apple's Plaid, basically) to pull in that data too.
irishcoffee 1 days ago [-]
My spouse was almost scammed out of 25k the other day, by a person. There is no way in fucking hell I'll let an "agent" touch my finances. That is madness.
mbm 1 days ago [-]
It's read only, we can't move money.
And I totally hear you -- we had this happen in our family as well, and it was really sad. Security is a massive priority for us, but it's always going to be a cost-benefit analysis for each person.
Happy to share more about our infra in a follow-up post.
1 days ago [-]
ForHackernews 1 days ago [-]
What makes it read-only? You told the AI "don't"?
mbm 1 days ago [-]
Actually, it's deterministic -- our product doesn't move money, so when the user gives us access through Plaid, we're only getting read-level permissions. We actually don't even get full account numbers.
A company working with Plaid has to request separate product "scopes" through Plaid in order to be able to move money.
ForHackernews 1 days ago [-]
I'm not that familiar with Plaid, but if it works like Yodlee, users have to hand over their credentials so there's no real security, it's just that their scraper is designed to be look not touch.
mbm 1 days ago [-]
Plaid has OAuth-based access for most of the big institutions now, but yes, for smaller institutions, they do scraping. Thankfully, Plaid's been around for a while now and has a good track record. It would be a non-starter to give your credentials to a small startup directly.
fsckboy 1 days ago [-]
the question isn't whether the user is trusting Plaid with too much access, the question is whether Plaid is trusting these apps with too much.
2ndorderthought 1 days ago [-]
It's read only until they get hacked like dozens of other ai start ups are...
I seriously hope this doesn't happen by the way but yea. This is not for me.
mbm 1 days ago [-]
The awesome thing is, if it's something you're interested in, you can basically set this up yourself -- a local AI model, some browser automation, and it does mostly work! It's just a pain to keep running. But it's definitely doable.
2ndorderthought 1 days ago [-]
I am the kind of geek who doesn't even want a second record of their finances around. My physical bank statements even have a procedure for how long they live until being shredded.
If I were interested in this though, yea, a local LLM would be the only way.
mbm 1 days ago [-]
I respect that 100%. Thanks for sharing your thoughts!
2ndorderthought 1 days ago [-]
<3
DANmode 1 days ago [-]
Remove spouse’s API key.
That’s where the fear is coming from - not robots.
From there, Supabase MCP or psql gives Claude/Codex access to the transactions/balances for english queries. Really impressed with their ability to find subscription patterns, abnormal patterns, etc. Also to predict cashflow which no online tool so far is good at i.e. "tell me how much cash I can move to savings based on my monthly spend patterns and available cash".
For autocategorization, I learned Claude is really good at custom DSLs. Had it create a markdown table based ruleset to normalize payee/categories. I also run the autocat rules as part of the GitHub actions.
Do they pull it through Plaid and the like? It's been a while since I checked them out.
Does it still entail entrusting Plaid with your web banking user credentials? How's 2FA handled?
Does Plaid still rely on screen scraping for certain financial institutions who lack formal API's? What happens if there's a bug and they inadvertently click something they shouldn't, eg. "I Agree" to a popup or something you don't consent to, or even send funds to the wrong place? I know they claim they are "read only" but afaik no bank offers the ability to set up secondary user accounts (on personal banking plans) that truly are just read only?
Do they maintain underwriten insurance or a bond or something to improve your confidence you'll be reimbursed if they, say, cause you a million+ dollars worth of financial damage?
How about the implications of letting both those parties see all your private banking data? I heard there was a class action lawsuit with allegations data was sold or shared inappropriately, any indications on what actually happened?
Or how about the clauses in your banking Terms of Service where you agree not to share your password with third parties?
I just feel queesy using a web / cloud service to manage my finances. Would prefer some client software that runs locally and talks to some kind of bank API's. Does such a thing exist in Canada? (Open Banking is supposed to be coming but I'm not clear if individuals will be able to access it for software they write themselves?) I would switch banks if it did.
These are genuine questions, I sure could use something like an API to my bank, if it were impeccably trustworthy and enforced policies of limited internal data retention once I've "downloaded" it.
Plaid does do screen scraping for smaller banks, but they have agreements for OAuth-based access with most of the largest institutions.
For all those concerns, I bet you could automate just parsing all the data from the statements or a CSV export.
I'm doing something similar with Tiller (which I've been using since Mint was acquired by Intuit).
It's neat to see how OP did this using a Claude Routine though. My version locally uses a local qwen model + an API key (annoyingly created using OAuth) with sheets access. A Claude Routine would've been significantly easier
Here's the initial spec it created. I started off writing to a local sqlite db instead of Supabase: https://gist.github.com/cowlby/0dbeb52403c3f3c0f1d8122505203...
Edit: Here's also the DSL categorization spec. First one was string based, found it cumbersome, so second one was the Markdown table refactor: https://gist.github.com/cowlby/30d6b5cf132fc1424ab146f0eaf4a...
https://gist.github.com/cowlby/d569c8e05b5b6eecfd4d237372c06...
(edit: put in Gist instead of inline here)
How well has the cash flow prediction worked?
The key was normalizing the payee/categories so we can analyze month to month, and separating fixed vs variable spend. It then did a fancy Monte Carlo simulation with the computed mean/stddev per payee. And out came T+30/T+60 estimates at P50/P80/P90.
I have pointed my LLM at the SQLite DB and asked it to tell me what it could see from my last five years of transactions, and I was impressed with the things it picked up, and what it reminded me of, but I'm not sure I saw any value in the sense of anything I would change.
I'm going to have it review things monthly to see if that helps me, but I'm not sure it will. I'm generally already aware of how my finances are going because of my budget updates.
I use that to track credit card spending and my checking account.
Then you can connect an mcp to do analysis of the data from one place if that’s what you want
They have an api and I got llm to write a CLI for it.
That way agent can pretty much pull the data it needs or wants.
One thing I also had it do is build up a series of rules for tagging which then I run a cron for once a day.
Every once in a while I just ask it to look over the rules and make new ones for uncategorized transactions.
(As a side note I think having LLM “memoize” a task through a rule engine or code is really nice pattern)
But once you have the cli with query you can pretty much ask the agent to do anything.
I think my only request is to expose the rules engine as a declarative api in v2.
I ended up locally caching the transactions data, using cel/aip-160 as a rules engine then having the script apply the results on the data.
The other use case funnily enough was to ask how much I’m spending on hobby dev.
Make sure I’m not getting carried away across llm subscriptions, as well as cloud costs.
I think the nice part is once you have the cli you just use the agent in your ide as your chat interface.
Thanks for sharing about the apartment -- that's super cool and a really great use-case.
- Backend & CLI are both strictly linted Rust. The webapp runs on Axum (Rust web framework), and connects to Postgres via sqlx.
- Financial read-only. There's no transfer, pay, or send tool in the product. Nothing in the AI surface can move money.
- We request transactions, investments, and liabilities from Plaid. We don't request auth, transfer, or payment_initiation, so we never receive full account numbers or routing numbers — just the last-4 mask Plaid returns by default.
- Bank usernames and passwords go to Plaid Link, not us. We only hold a per-institution access token.
- Plaid access tokens live in a separate database behind a single custody Cloud Run service, encrypted at rest by Cloud KMS. The broker calls KMS's encrypt/decrypt endpoints — the root key material never leaves Google's HSM boundary and the broker's service account is the only one with encrypt/decrypt permissions. The web app doesn't have permission to read that database.
- Every encryption and decryption call passes the Plaid item ID as AAD (additional authenticated data). A ciphertext from one item cannot be swapped in and decrypted as another item's token.
- Each Cloud Run service (including our web app) runs under its own cloud identity and with its own DB role.
- Internal calls between services are authenticated: the caller presents a short-lived identity token from the cloud provider, and the receiver verifies it.
- The prod databases have no public IP. Secrets live in managed secret storage, not in source or container images.
- The AI connector is OAuth 2.1 + PKCE, scoped per user, revocable from the UI. Every tool call records the tool name, sanitized args, calling client, and the reason the agent supplied, so you can see what your LLM asked on your behalf.
- There are no fetch-URL, shell, or general I/O tools in the AI surface. Tools return structured financial data and nothing else.
- Networking, IAM, and DB grants are all in Terraform. All infra changes go through that path.
- Infra access is gated by 2fa and security keys.
And the thought put into security at every level gives me more confidence in the overall tool.
I’ve tried to build this myself (mvp for myself was just downloading statement PDFs manually and having Claude setting up ledger for plain text accounting, thinking I’ll eventually hookup plaid)
I’m mostly curious about how people work with plaid. Do you need a certain threshold of users to get started? Because I’d love to get a plaid account just for my finances. I’m not interested in building a product like this, just want to connect my personal and business accounts to a clean API.
It was a bit of a process involving sales calls, contracts, security attestations, etc., but they're planning to make it easier to try out the platform. There is a pay-as-you-go, developer-friendly option, but the support it includes is pretty flaky. The support issue is less "my code broke" and more things like "this institution isn't returning what it should," or, "I haven't been approved yet by this institution that does manual review."
Overall, it's been a pretty good experience! I'd suggest spinning up an app if you're considering them. Here are their LLM-friendly docs: https://plaid.com/docs/llms-full.txt
or worse, a Show HN?,
at least indicate why.
It feels like all I’ve done today is Vouch comments that have no indicated reason for being Dead.
I don't quite understand the desire to have these verbose summaries that you have to read from LLMs. You'll notice anomalies if you just categorize each of your expenses every so often (easy with Tiller).
I actually built it for myself initially, and my wife. So I just built what we needed/wanted.
There will be a huge variety of products in this space and ours is just one take on the problem. I love seeing anything that's taking a shot at it.
It's the ease by which LLMs can ingest and combine various data sources.
I recently needed to set up some calendar events on certain dividend days, but of course, didn't know what those dividend dates actually were. So we used the MCP connector to retrieve our current Vanguard holdings, had GPT-Pro do web research to pull all the dates, and then created calendar events from that. Worked well.
It's focussed on read tools at the moment, but we have write tools coming (money transfers, debt paydown, etc)
Check it out and let me know if you'd like to see any particular features landing - just email alex at the above domain name.
For background context I'm Alex the CEO, I'm ~new to HN but was the former head of web presence at stripe.com and was at Square / CashApp before that. Hi!
Making it secure is actually quite hard, but that's why we're spending an enormous amount of time thinking about that.
So what’s the problem?
Also, the article states that the initial implementation was using Chrome DevTools MCP. That doesn't sound like read-only to me.
This has enabled me to make a WhatsApp bot that asks me to explain abnormal transactions (using an LLM for reasoning), and also have a pre-midnight sweep balance to savings account to maximise interest daily interest.
I also maintain a small daily balance, and if I spend money during the day it tops it up from the savings to maintain that low balance. If I need to spend more, I can move money manually.
When I'm dealing with my finances the 95% time Claude is correct and doesn't hallucinate is not enough as I have to be vigilant and review its work all the time. So it kinda makes it worthless in this case for me
I don’t understand how anyone is OK with this. It goes against every security principle and it’s against the terms and conditions of every bank.
I realize that almost no bank provides a secure and proper API to get info and/or to transfer funds, but Plaid’s solution is a disaster waiting to happen.
The problem is that there sort of isn't a better way right now in the US, and for now, Plaid or a Plaid-like competitor is the safest way. Eventually, it would be awesome if there were clean, open APIs, and standards around this, but for now, it's the best we have.
The alternative of course for the DIY-er is some sort of browser automation, which honestly, is what I tried first. I really wanted it to work, but it didn't - which led us to Plaid.
So then the correct thing to do is to not automate this, until there is a better way. Why would you willingly give your bank credentials to a third party just so you can get some summary emails?? It doesn’t make any sense.
Here's a quick list of some of the major ones:
JPMorgan Chase, Bank of America, Wells Fargo, Citibank, U.S. Bank, PNC, Capital One, Truist, TD Bank, Charles Schwab, Vanguard, Marcus by Goldman Sachs, Goldman Sachs Private Wealth, Morgan Stanley, E*TRADE, USAA, M&T, RBC, American Express, Fifth Third, Citizens, KeyBank, Huntington, Ally, Discover, BMO
When I connect something to Chase with Plaid it is clearly a cooperative system with an OAuth-like permission dialog, and the Chase side even mentions they're tokenizing the account numbers so Plaid can't see them.
When I connect to the little bank down the street I just get a username/password dialog. Their web banking system is so primitive I'm pretty sure Plaid is just scraping it. When they introduced 2FA, Plaid became quite flaky.
Quite the opposite in the case of TD Bank. They sued Plaid in 2020. “The bank said in the court filings that the Plaid interface dupes consumers into believing they are entering personal information into TD Bank’s trusted platform.” (They settled in 2021 without explaining the terms of settlement.)
https://financialpost.com/news/fp-street/td-bank-files-lawsu...
https://www.prnewswire.com/news-releases/td-bank-group-and-p...
When we built our Plaid integration it used OAuth and a redirect. Plaid just got an access token, you enter your user/pass at bank side.
Edit: Seems like smaller/local banks are probably the ones that won't support OAuth. We didn't support those.
I'll speak to Australia... here we have the legislated Consumer Data Right [1]. This currently puts obligations on banks and energy retailers to make consumer data accessible via an API, via Authorised Data Holders (ADH - the banks and retailers) and Authorised Data Recipients (ADR). However! The major criticism I have of this scheme is that as an individual power user I do not have direct access to these APIs myself. I believe there was originally an intent to support this under the scheme, however due to somewhat legitimate security and access concerns, but also I expect pushback from anyone falling into the ADH category, this is not possible. Setting up an ADR has a not insignificant compliance burden.
However I have recently come across Redbark [2] which is a simple service that has taken on the mantle, and provides a simple sync mechanism for any Consumers that believe they have a Right to their Data. Not affiliated, just a happy customer and I hope that they can make the economics work over the long term.
[1] https://www.cdr.gov.au/
[2] https://redbark.co/
For the non-Plaid assets eg., home, car, etc., we just added custom asset MCP tools so you can manually add those and they're included in your computed net worth.
Now for the criticism: back in the day mint.com was mind-blowing. It's what you always thought you'd wanted. The graphs were interactive and pretty and you really loved seeing them go up. Not so much down. I was so attached to the gamified aspects, much like step counters. They reinforce habits.
My mint journey ended with roughly 5 years or so of data, once they sold to Intuit, didn't like the ads and willingly syncing all my data to mega-corp. Much like Duolingo, it felt good at the time, but I don't know that it did anything for me at all.
Tracking is a double-edged sword: it really does build better habits. It's better to track weight every day for example so you better understand that fluctuations are mostly noise. The daily tracking stuff is entirely useful to get the need to track daily out of your system.
TLDR: checking my net-worth daily sounds like something I should coach myself out from. Ironically that probably takes tools, but the end goal is to not need them.
- We have a built-in CSV export tool in beta right now for cash transactions, and plan to add this for other datasets as well. You should be able to download your data when you want it. It's yours.
- Yes, tracking is great, but it also has a dark side. My sort of vision, at least for what I want, is less of a gamified finance tracker and more of an ambient, always-on agent that's watching for me. It knows my preferences, it knows what I care about, and it tells me when it finds something.
- Before we get there though, for now, it's really interesting to sort of tinker and build your own custom finance automations. As a programmer, it just feels liberating to get the data out of some closed banking app and into a space I'm comfortable in.
- Especially from an investing standpoint, it's been neat to pair our MCP with a much smarter model like 5.4 Pro and have it do long-horizon research tasks that require a lot of web research and correlation.
Quote of the week for me. well said.
~15 years ago I fumbled around with web programming basically because I never learned how to use excel in school. Nerded out with css, html, forms, then php and mysql to script together an unbelievably worse version of what a spreadsheet could do, but it was incredible that I could build something entirely made for my idea. And with the power to improve it.
Thank you for writing and sharing your story, it's motivating and comforting even. Good luck!
https://actualbudget.org/docs/advanced/bank-sync/simplefin
Actually, as part of publicizing our new hobbyist-friendly onboarding, we're looking to work with hobbyists who have created Plaid-powered apps and would be interested in making a short video about their app and their Plaid experience to potentially be featured on the Plaid blog -- if you're interested, shoot me an email at ahoffer@plaid.com and I can send you the details.
In an ideal world I’d move it all to plaid to help analyze finances, cc spend, etc.
I’m happy to hear you’re working on a hobbyist product.
In fact, we actually just this week launched a new sign-up flow to make it waaaay easier for non-businesses to use Plaid, so try checking it out -- after you go to dashboard.plaid.com and create an account, you should see a "Free trial" button show up on the homepage with a link to use the hobbyist onboarding flow.
Just this morning, we stood up a demo email agent (basically, email back and forth with Claude with our MCP server connected, providing the data) and it's strangely comforting to chat with it. There's something about the medium of email and how it just works because that's where you're already used to talking with your financial advisor.
There's a lot of nuance in how it's built though, and everyone has different preferences, so to start with the focus is really on building an agent-friendly MCP.
Why would you be thinking that?
An LLM would do that extremely well but can also do it more often. not once a year appointments. You could have active portfolio management for a negligible fee.
Asking that because even the very best, commercially available, state of the art LLMs (presently Claude Opus 4.7 (1M) with Max effort enabled) still occasionally fucks up its decisions and judgement in significant ways.
So, it's kind of horrifying to me that people would consider this for actually potentially life-impacting ways. Especially as it sounds like the consideration is to advise people in area's they don't themselves have the skill and knowledge to catch bad advice on. :(
Problem, I don’t trust 3rd party services with access to financial data. No offense to the OP.
I wish this was open source and self-hostable. Not suggesting that OP does that since I’m sure he has to pay bills :)
I may look into doing something like this for personal use. I’ve gotten interested in creating desktop apps which store data locally. Have created a few using Claude code. It seems Plaid has some APIs for personal use.
Dear company who has extensive military contracts and is founded in stealing data from people here is every single financial transaction I have ever made! Please don't use it for surveillance pricing tee hee.
At least apple credit cards give you money for that rather then the other way around.
And I totally hear you -- we had this happen in our family as well, and it was really sad. Security is a massive priority for us, but it's always going to be a cost-benefit analysis for each person.
Happy to share more about our infra in a follow-up post.
A company working with Plaid has to request separate product "scopes" through Plaid in order to be able to move money.
I seriously hope this doesn't happen by the way but yea. This is not for me.
If I were interested in this though, yea, a local LLM would be the only way.
That’s where the fear is coming from - not robots.