Skip to main content

Moxie โ€” the open-source money agent that acts on your money, only with your approval. Local-first, consent-first.

Project description

Moxie the honey badger

๐Ÿฆก Moxie

The open-source money agent that acts โ€” and never without your say-so.

Moxie doesn't care about a company's excuses. It just gets your money back โ€” and asks you first, every time.

CI License: MIT Status: early scaffold Local-first

Named for the honey badger โ€” small, fearless, famously relentless. It badgers companies until your money comes back.

Moxie demo โ€” scan, review with approval, verify the audit log

The whole loop in 30 seconds: scan finds ~$591/yr of waste in the sample data, review shows you each fix and asks first (that n is the point โ€” you're in control), verify proves the audit log hasn't been touched. Runs on bundled sample data โ€” no bank, no API key.


Why Moxie exists

AI agents today split into two camps: ones that reach everywhere (OpenClaw) and ones that get smarter over time (Hermes). Neither answers the question that actually matters with your money: what will you let it do when the downside is real?

Look at who already touches your money:

  • Receipt & finance organizers (Expensify, Firefly III, Receiptor AI) โ€” they file and track. They don't act.
  • Money-action services (DoNotPay, Rocket Money, Pine AI) โ€” they act, but as closed black boxes that have burned users' trust (DoNotPay was FTC-fined for overstating its AI; Rocket Money has acted as users without asking).
  • ChatGPT + Plaid โ€” read-only by design: it can spot a subscription to cancel, but it won't cancel it.

Moxie bridges the gap, trust-first. It files your receipts (email + photo), reads your accounts, finds waste and wrong charges, and acts on them โ€” cancelling, disputing, chasing refunds โ€” but every action is previewed, approved by you, logged in a tamper-evident audit trail, and backed by the receipt as evidence. It's open-source and local, so you can read every line and your data never has to leave your machine.

Moxie never moves money. It cancels, disputes, and negotiates on your behalf. Paying, transferring, and trading are deliberately out of scope (that's a licensing and liability minefield). See the build spec.


What it does

  • ๐Ÿงพ Receipt vault โ€” moxie receipt photo.jpg (local Tesseract OCR โ€” images never leave your machine) or moxie receipt --email (read-only IMAP scan). Parsed, filed, matched to transactions, and attached to disputes as evidence automatically.
  • ๐Ÿ”Ž Finds problems โ€” zombie subscriptions, duplicate/wrong charges, missing refunds, gouge renewals.
  • โœ… Acts โ€” with your consent โ€” drafts the cancellation/dispute, shows it to you (editable), and sends it only when you approve and MOXIE_LIVE=true. Default is drafts-only. Receipt attached as proof.
  • ๐Ÿ“ฎ Three action tiers โ€” email from your own mailbox (SMTP), guided deep-links (Moxie shows the exact cancel page + clicks; you click), and per-merchant browser automation (optional, double-gated, sandboxed).
  • ๐Ÿ›ก๏ธ Trust Vault โ€” deny-by-default policy engine, preview/simulate, approval gates, and a hash-chained, tamper-evident audit log.
  • ๐Ÿงฉ Community skill library โ€” reusable "how to cancel with X / dispute with Y" skills, each carrying its own success rate.
  • ๐Ÿ”’ Local-first & BYO key โ€” runs on your machine with your own LLM API key, or fully offline with a local model.

Quickstart

# install (from source today; `pip install moxie-agent` once on PyPI)
git clone https://github.com/JacobBrooke1/moxie.git
cd moxie
pip install -e .          # or: ./install.sh

# try it with built-in sample data โ€” no bank, no API key needed
# (Windows: if `moxie` isn't recognized, pip's Scripts dir isn't on PATH โ€”
#  use `python -m moxie <command>` instead; works everywhere)
moxie init
moxie scan            # finds issues in sample transactions
moxie review          # shows each fix, asks you to approve, then drafts it
moxie log             # the tamper-evident audit trail
moxie verify          # confirms the log hasn't been altered
moxie doctor          # checks your setup: python, key, audit, skills

The demo runs entirely on bundled sample data so you can see the consent-first loop end to end before connecting anything real.

Ready for your real data? Both paths are local and read-only โ€” nothing leaves your machine:

moxie scan --csv statement.csv    # any bank CSV export โ€” headers auto-detected
moxie scan --pdf statement.pdf    # bank statement PDFs (NatWest-style; pip install pypdf)

Or link your bank for automatic read-only imports โ€” your choice of provider, bring your own (free) credentials:

moxie connect truelayer     # UK default (NatWest etc.; free sandbox at console.truelayer.com)
moxie connect gocardless    # most generous free tier (bankaccountdata.gocardless.com)
moxie connect plaid         # strong US coverage (dashboard.plaid.com)
moxie sync                  # pull fresh transactions + balances any time

Honesty note: every aggregator is a cloud third party. You hold the provider account (Moxie the project runs no servers), access is read-only AIS โ€” Moxie cannot move money by construction โ€” and CSV/PDF remains the fully no-cloud path. UK consents lapse ~90 days; moxie doctor and the dashboard tell you when to re-consent.

Going live (optional โ€” everything works drafts-only without this): approving an action really sends it only when you flip the flag and configure your own mailbox:

# .env โ€” your own email account (use an app password, never your real one)
MOXIE_SMTP_HOST=smtp.gmail.com
MOXIE_SMTP_USER=you@gmail.com
MOXIE_SMTP_PASSWORD=your-app-password
MOXIE_LIVE=true                   # default: false = drafts only

moxie review                      # ๐Ÿ”ด live: an approved cancel actually emails
moxie kill                        # panic button: force drafts-only until --release

Cancellations that work better on the merchant's website use guided deep-links: Moxie shows the exact URL and clicks (from the merchant's skill) and you do the final click โ€” no passwords, no CAPTCHA fights.

โš ๏ธ Status: feature-complete, pre-review. The Trust Vault, live action layer, bank providers, receipts, and the security hardening checklist (encryption at rest, OS keychain, dashboard token/CSRF, rate limiting) are all implemented and tested. What's missing is an independent security review โ€” until then, use your own judgment with real financial data, keep MOXIE_LIVE off unless you've read the code, and see SECURITY.md for exactly where the edges are.


How it works

CAPTURE receipts (email + photo/OCR)  +  CONNECT accounts (Plaid / CSV, read-only)
   โ†’ ORGANIZE   file receipts, match to transactions
   โ†’ DETECT     zombie subs, duplicate charges, missing refunds
   โ†’ PROPOSE    an action card: "Dispute this $40 double charge? I have the receipt."
   โ†’ APPROVE    you confirm  (because it can't be undone)
   โ†’ EXECUTE    cancellation / dispute / refund email
   โ†’ LOG        append-only, hash-chained audit trail with the receipt attached

Nothing in the right-hand column happens without passing the Trust Vault. For the full security model โ€” the deny-by-default policy engine, the fail-safe consent design, the hash-chain math, and the threat model โ€” see docs/HOW_IT_WORKS.md.

Why preview-and-approve, not "undo"

Most money actions are one-way โ€” you can't cleanly un-cancel a subscription or un-send a dispute. So Moxie's safety is before the action (simulate โ†’ approve), not a promise to reverse it after. That's the whole reason consent is mandatory.


Run it 24/7

moxie serve            # dashboard + Telegram bot + daily loop, one process

The daily loop re-scans every morning and pings you only when there's something new to decide. A Mac mini at home is the ideal host โ€” always-on, and your bank data never leaves a machine you own. systemd/launchd units and a Dockerfile ship in deploy/; the full guide is docs/HOSTING.md.

Moxie Dash โ€” the control plane

moxie dashboard        # โ†’ http://127.0.0.1:8484

A local status page in the OpenClaw / Hermes tradition, but money-shaped: heartbeat, brain, Telegram, data, and audit-chain status at a glance, findings with approve/skip (same Trust Vault pipeline), and โ€” most importantly โ€” the setup home: paste your API key and BotFather token here, click detect my chat id, and it walks you through Telegram pairing. Keys are written to ~/.moxie/.env on the machine Moxie runs on; the audit log records that setup changed, never the secrets themselves.

It binds to 127.0.0.1 only. Running Moxie on a Mac mini or a VPS? Reach the dash through an SSH tunnel (ssh -L 8484:127.0.0.1:8484 you@host) โ€” never expose it to the open internet.

The brain & the Telegram channel

Moxie has three layers, and you can stop at any of them:

  1. Rules (no key needed) โ€” deterministic, explainable detectors. Everything above runs on these. Eight of them: duplicate charges, zombie subscriptions, trials-that-stuck, price-hike renewals, duplicate services, bank fees, FX fees, and short refunds.
  2. The brain (bring your own Anthropic key) โ€” set MOXIE_API_KEY in a .env file and ask it things: moxie ask "can I afford ยฃ120 trainers this month?". Answers are grounded in the money picture โ€” real income, committed subscriptions, and what's genuinely left this month (moxie budget shows the same figures; balance appears once a bank is linked). It states figures and trade-offs and lets you decide โ€” it's not a financial adviser and won't pretend to be. Its standing orders live in ~/.moxie/instructions.md โ€” a plain-English list of what it should do each day. Edit it; that file is the agent.
  3. The offline brain (no key, no cloud) โ€” run a local model instead: install Ollama, ollama pull llama3.1, and set MOXIE_MODEL=ollama:llama3.1. Same instructions, same guardrails, zero cloud calls.
  4. The Telegram channel (optional) โ€” moxie telegram runs a bot you can text like a PA, plus a daily loop that re-scans and messages you only when there's something new to decide. Decisions are remembered โ€” skip something once and Moxie won't nag you about it for 60 days.
# .env: TELEGRAM_BOT_TOKEN from @BotFather, then pair:
moxie telegram        # message your bot; it replies with your chat id
# put MOXIE_TELEGRAM_CHAT_ID=<that id> in .env, restart, done

Channel security (borrowed from OpenClaw's design): the bot is paired to exactly one chat and ignores everyone else; approvals are two-step (/approve 2, then YES); the brain never executes anything โ€” every action still passes the Trust Vault; and sensitive setup (keys, bank links) only ever happens on your computer, never over chat.


Privacy & security

  • Local-first. Your receipts, transactions, and audit log live on your machine โ€” encrypted at rest once you run moxie encrypt on.
  • Bring your own key. Moxie uses your LLM API key, or a local/offline model (Ollama) + local OCR (Tesseract) so receipt images never touch a cloud service. moxie secret set keeps keys in the OS keychain instead of a file.
  • Least privilege. Bank access is read-only AIS via a provider you choose and own; Moxie never moves money โ€” it's hard-denied in policy.
  • Tamper-evident. The audit log is hash-chained โ€” any edit to past entries fails moxie verify.

Security is the precondition for everything else here โ€” see SECURITY.md.


Built on the OpenClaw / Hermes ecosystem

Moxie deliberately fits the world it came from, so the plumbing is familiar and only the moat is new:

  • Language & install โ€” Python (Hermes is ~82% Python), installed via a one-line curl โ€ฆ | bash that prefers uv, exactly like Hermes.
  • Skills โ€” the same SKILL.md convention used by OpenClaw and the agentskills.io standard (they live in moxie/seed_skills/ and ship in the package), so skills stay portable and shareable (think ClawHub, but for money-actions).
  • Familiar CLI โ€” moxie doctor and friends echo hermes doctor / openclaw so anyone from that world feels at home.
  • Sandboxing โ€” action execution is designed to run sandboxed (Docker by default, as OpenClaw does for untrusted sessions).

What's not borrowed is the whole point: the Trust Vault (consent-first, tamper-evident) and the money-action layer are ours.

Contributing

The most valuable contribution is skills โ€” encoded know-how for cancelling/disputing with a specific merchant, bank, or service; they genuinely drive how Moxie acts. See moxie/seed_skills/README.md for the format, CONTRIBUTING.md for good first issues, and integrations/moxie-bridge/ if you want your OpenClaw/Hermes agent to talk to Moxie (look, never touch).


Design

The security model and architecture rationale live in docs/HOW_IT_WORKS.md โ€” including why Moxie is standalone rather than a skill inside a general-purpose agent, and exactly what the Trust Vault does and doesn't defend against.

License

MIT โ€” free and open. Use it, fork it, learn from it.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

moxie_agent-0.1.0.tar.gz (103.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

moxie_agent-0.1.0-py3-none-any.whl (87.0 kB view details)

Uploaded Python 3

File details

Details for the file moxie_agent-0.1.0.tar.gz.

File metadata

  • Download URL: moxie_agent-0.1.0.tar.gz
  • Upload date:
  • Size: 103.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for moxie_agent-0.1.0.tar.gz
Algorithm Hash digest
SHA256 bc7b6eea38e903972d741f87d79a3500d09b783410e1b64ad18f67deba02bb09
MD5 82e56a0fdd3c29b17586b8393854a980
BLAKE2b-256 61ed0d34288931ca8ca6b8850c932dd77c948d615c90e67e9f14698617b6ff56

See more details on using hashes here.

Provenance

The following attestation bundles were made for moxie_agent-0.1.0.tar.gz:

Publisher: release.yml on JacobBrooke1/moxie

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file moxie_agent-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: moxie_agent-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 87.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for moxie_agent-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 597bed160a837cc3150cc59665886a2759ad0370b7f3e04969cdb40571cf3f98
MD5 eeda3b739fa53690f9872de4b4cd32d1
BLAKE2b-256 b4f9c629fa6902c8c8cfa5eda0b8e32e8c9b32cd0916420407386eef6ad7ddb7

See more details on using hashes here.

Provenance

The following attestation bundles were made for moxie_agent-0.1.0-py3-none-any.whl:

Publisher: release.yml on JacobBrooke1/moxie

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page