moxie-agent 0.1.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (62) hide show
  1. moxie_agent-0.1.0/LICENSE +21 -0
  2. moxie_agent-0.1.0/PKG-INFO +235 -0
  3. moxie_agent-0.1.0/README.md +203 -0
  4. moxie_agent-0.1.0/moxie/__init__.py +8 -0
  5. moxie_agent-0.1.0/moxie/__main__.py +5 -0
  6. moxie_agent-0.1.0/moxie/actions.py +363 -0
  7. moxie_agent-0.1.0/moxie/agent.py +226 -0
  8. moxie_agent-0.1.0/moxie/brain.py +206 -0
  9. moxie_agent-0.1.0/moxie/cli.py +553 -0
  10. moxie_agent-0.1.0/moxie/config.py +151 -0
  11. moxie_agent-0.1.0/moxie/connectors.py +187 -0
  12. moxie_agent-0.1.0/moxie/dashboard.py +490 -0
  13. moxie_agent-0.1.0/moxie/detect.py +452 -0
  14. moxie_agent-0.1.0/moxie/models.py +51 -0
  15. moxie_agent-0.1.0/moxie/providers.py +545 -0
  16. moxie_agent-0.1.0/moxie/receipts.py +263 -0
  17. moxie_agent-0.1.0/moxie/sampledata.py +35 -0
  18. moxie_agent-0.1.0/moxie/secure.py +118 -0
  19. moxie_agent-0.1.0/moxie/seed_skills/README.md +70 -0
  20. moxie_agent-0.1.0/moxie/seed_skills/cancel-amazon-prime/SKILL.md +26 -0
  21. moxie_agent-0.1.0/moxie/seed_skills/cancel-disney-plus/SKILL.md +24 -0
  22. moxie_agent-0.1.0/moxie/seed_skills/cancel-examplegym/SKILL.md +26 -0
  23. moxie_agent-0.1.0/moxie/seed_skills/cancel-netflix/SKILL.md +26 -0
  24. moxie_agent-0.1.0/moxie/seed_skills/cancel-puregym/SKILL.md +27 -0
  25. moxie_agent-0.1.0/moxie/seed_skills/cancel-spotify/SKILL.md +24 -0
  26. moxie_agent-0.1.0/moxie/seed_skills/dispute-natwest/SKILL.md +30 -0
  27. moxie_agent-0.1.0/moxie/serve.py +67 -0
  28. moxie_agent-0.1.0/moxie/skills.py +166 -0
  29. moxie_agent-0.1.0/moxie/snapshot.py +149 -0
  30. moxie_agent-0.1.0/moxie/statements.py +128 -0
  31. moxie_agent-0.1.0/moxie/storage.py +156 -0
  32. moxie_agent-0.1.0/moxie/telegram.py +278 -0
  33. moxie_agent-0.1.0/moxie/vault/__init__.py +20 -0
  34. moxie_agent-0.1.0/moxie/vault/approval.py +70 -0
  35. moxie_agent-0.1.0/moxie/vault/audit.py +71 -0
  36. moxie_agent-0.1.0/moxie/vault/policy.py +42 -0
  37. moxie_agent-0.1.0/moxie_agent.egg-info/PKG-INFO +235 -0
  38. moxie_agent-0.1.0/moxie_agent.egg-info/SOURCES.txt +60 -0
  39. moxie_agent-0.1.0/moxie_agent.egg-info/dependency_links.txt +1 -0
  40. moxie_agent-0.1.0/moxie_agent.egg-info/entry_points.txt +2 -0
  41. moxie_agent-0.1.0/moxie_agent.egg-info/requires.txt +18 -0
  42. moxie_agent-0.1.0/moxie_agent.egg-info/top_level.txt +1 -0
  43. moxie_agent-0.1.0/pyproject.toml +54 -0
  44. moxie_agent-0.1.0/setup.cfg +4 -0
  45. moxie_agent-0.1.0/tests/test_actions.py +334 -0
  46. moxie_agent-0.1.0/tests/test_brain.py +95 -0
  47. moxie_agent-0.1.0/tests/test_cli_smoke.py +52 -0
  48. moxie_agent-0.1.0/tests/test_dashboard.py +135 -0
  49. moxie_agent-0.1.0/tests/test_detect.py +70 -0
  50. moxie_agent-0.1.0/tests/test_detect_more.py +186 -0
  51. moxie_agent-0.1.0/tests/test_import.py +94 -0
  52. moxie_agent-0.1.0/tests/test_memory.py +52 -0
  53. moxie_agent-0.1.0/tests/test_providers.py +225 -0
  54. moxie_agent-0.1.0/tests/test_rate_limit.py +48 -0
  55. moxie_agent-0.1.0/tests/test_receipts.py +175 -0
  56. moxie_agent-0.1.0/tests/test_secure.py +120 -0
  57. moxie_agent-0.1.0/tests/test_serve.py +71 -0
  58. moxie_agent-0.1.0/tests/test_skills_wiring.py +180 -0
  59. moxie_agent-0.1.0/tests/test_snapshot.py +96 -0
  60. moxie_agent-0.1.0/tests/test_statements.py +69 -0
  61. moxie_agent-0.1.0/tests/test_telegram.py +63 -0
  62. moxie_agent-0.1.0/tests/test_vault.py +48 -0
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2026 Moxie contributors
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
@@ -0,0 +1,235 @@
1
+ Metadata-Version: 2.4
2
+ Name: moxie-agent
3
+ Version: 0.1.0
4
+ Summary: Moxie — the open-source money agent that acts on your money, only with your approval. Local-first, consent-first.
5
+ Author: Moxie contributors
6
+ License: MIT
7
+ Project-URL: Homepage, https://github.com/JacobBrooke1/moxie
8
+ Project-URL: Issues, https://github.com/JacobBrooke1/moxie/issues
9
+ Project-URL: Security, https://github.com/JacobBrooke1/moxie/blob/main/SECURITY.md
10
+ Keywords: ai-agent,personal-finance,open-source,local-first,privacy,subscriptions
11
+ Classifier: Development Status :: 2 - Pre-Alpha
12
+ Classifier: License :: OSI Approved :: MIT License
13
+ Classifier: Programming Language :: Python :: 3
14
+ Classifier: Environment :: Console
15
+ Requires-Python: >=3.9
16
+ Description-Content-Type: text/markdown
17
+ License-File: LICENSE
18
+ Provides-Extra: pdf
19
+ Requires-Dist: pypdf>=4.0; extra == "pdf"
20
+ Provides-Extra: ocr
21
+ Requires-Dist: pytesseract>=0.3.10; extra == "ocr"
22
+ Requires-Dist: Pillow>=10.0; extra == "ocr"
23
+ Provides-Extra: browser
24
+ Requires-Dist: playwright>=1.40; extra == "browser"
25
+ Provides-Extra: secure
26
+ Requires-Dist: cryptography>=42.0; extra == "secure"
27
+ Requires-Dist: keyring>=24.0; extra == "secure"
28
+ Provides-Extra: dev
29
+ Requires-Dist: pytest>=7.0; extra == "dev"
30
+ Requires-Dist: cryptography>=42.0; extra == "dev"
31
+ Dynamic: license-file
32
+
33
+ <div align="center">
34
+
35
+ <img src="docs/logo.svg" alt="Moxie the honey badger" width="360">
36
+
37
+ # 🦡 Moxie
38
+
39
+ **The open-source money agent that *acts* — and never without your say-so.**
40
+
41
+ *Moxie doesn't care about a company's excuses. It just gets your money back — and asks you first, every time.*
42
+
43
+ [![CI](https://github.com/JacobBrooke1/moxie/actions/workflows/ci.yml/badge.svg)](https://github.com/JacobBrooke1/moxie/actions/workflows/ci.yml)
44
+ [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
45
+ [![Status: early scaffold](https://img.shields.io/badge/status-early%20scaffold-orange.svg)](#status)
46
+ [![Local-first](https://img.shields.io/badge/local--first-yes-brightgreen.svg)](#privacy--security)
47
+
48
+ *Named for the honey badger — small, fearless, famously relentless. It badgers companies until your money comes back.*
49
+
50
+ ![Moxie demo — scan, review with approval, verify the audit log](docs/demo.gif)
51
+
52
+ *The whole loop in 30 seconds: **scan** finds ~$591/yr of waste in the sample data, **review** shows you each fix and asks first (that `n` is the point — you're in control), **verify** proves the audit log hasn't been touched. Runs on bundled sample data — no bank, no API key.*
53
+
54
+ </div>
55
+
56
+ ---
57
+
58
+ ## Why Moxie exists
59
+
60
+ AI agents today split into two camps: ones that **reach everywhere** (OpenClaw) and ones that **get smarter over time** (Hermes). Neither answers the question that actually matters with your money: *what will you let it do when the downside is real?*
61
+
62
+ Look at who already touches your money:
63
+
64
+ - **Receipt & finance organizers** (Expensify, Firefly III, Receiptor AI) — they *file and track*. They don't act.
65
+ - **Money-action services** (DoNotPay, Rocket Money, Pine AI) — they *act*, but as **closed black boxes** that have burned users' trust (DoNotPay was FTC-fined for overstating its AI; Rocket Money has acted *as* users without asking).
66
+ - **ChatGPT + Plaid** — **read-only by design**: it can spot a subscription to cancel, but it won't cancel it.
67
+
68
+ **Moxie bridges the gap, trust-first.** It files your receipts (email + photo), reads your accounts, finds waste and wrong charges, and *acts* on them — cancelling, disputing, chasing refunds — but **every action is previewed, approved by you, logged in a tamper-evident audit trail, and backed by the receipt as evidence.** It's open-source and local, so you can read every line and your data never has to leave your machine.
69
+
70
+ > **Moxie never moves money.** It cancels, disputes, and negotiates on your behalf. Paying, transferring, and trading are deliberately out of scope (that's a licensing and liability minefield). See [the build spec](#design).
71
+
72
+ ---
73
+
74
+ ## What it does
75
+
76
+ - 🧾 **Receipt vault** — `moxie receipt photo.jpg` (local Tesseract OCR — images never leave your machine) or `moxie receipt --email` (read-only IMAP scan). Parsed, filed, matched to transactions, and **attached to disputes as evidence automatically**.
77
+ - 🔎 **Finds problems** — zombie subscriptions, duplicate/wrong charges, missing refunds, gouge renewals.
78
+ - ✅ **Acts — with your consent** — drafts the cancellation/dispute, shows it to you (editable), and sends it **only** when you approve *and* `MOXIE_LIVE=true`. Default is drafts-only. Receipt attached as proof.
79
+ - 📮 **Three action tiers** — email from *your own* mailbox (SMTP), guided deep-links (Moxie shows the exact cancel page + clicks; you click), and per-merchant browser automation (optional, double-gated, sandboxed).
80
+ - 🛡️ **Trust Vault** — deny-by-default policy engine, preview/simulate, approval gates, and a **hash-chained, tamper-evident audit log**.
81
+ - 🧩 **Community skill library** — reusable "how to cancel with X / dispute with Y" skills, each carrying its own success rate.
82
+ - 🔒 **Local-first & BYO key** — runs on your machine with your own LLM API key, or fully offline with a local model.
83
+
84
+ ---
85
+
86
+ ## Quickstart
87
+
88
+ ```bash
89
+ # install (from source today; `pip install moxie-agent` once on PyPI)
90
+ git clone https://github.com/JacobBrooke1/moxie.git
91
+ cd moxie
92
+ pip install -e . # or: ./install.sh
93
+
94
+ # try it with built-in sample data — no bank, no API key needed
95
+ # (Windows: if `moxie` isn't recognized, pip's Scripts dir isn't on PATH —
96
+ # use `python -m moxie <command>` instead; works everywhere)
97
+ moxie init
98
+ moxie scan # finds issues in sample transactions
99
+ moxie review # shows each fix, asks you to approve, then drafts it
100
+ moxie log # the tamper-evident audit trail
101
+ moxie verify # confirms the log hasn't been altered
102
+ moxie doctor # checks your setup: python, key, audit, skills
103
+ ```
104
+
105
+ The demo runs entirely on bundled sample data so you can see the consent-first loop end to end before connecting anything real.
106
+
107
+ Ready for your real data? Both paths are local and read-only — nothing leaves your machine:
108
+
109
+ ```bash
110
+ moxie scan --csv statement.csv # any bank CSV export — headers auto-detected
111
+ moxie scan --pdf statement.pdf # bank statement PDFs (NatWest-style; pip install pypdf)
112
+ ```
113
+
114
+ Or link your bank for automatic read-only imports — **your choice of provider**, bring your own (free) credentials:
115
+
116
+ ```bash
117
+ moxie connect truelayer # UK default (NatWest etc.; free sandbox at console.truelayer.com)
118
+ moxie connect gocardless # most generous free tier (bankaccountdata.gocardless.com)
119
+ moxie connect plaid # strong US coverage (dashboard.plaid.com)
120
+ moxie sync # pull fresh transactions + balances any time
121
+ ```
122
+
123
+ Honesty note: every aggregator is a cloud third party. *You* hold the provider account (Moxie the project runs no servers), access is read-only AIS — Moxie cannot move money by construction — and CSV/PDF remains the fully no-cloud path. UK consents lapse ~90 days; `moxie doctor` and the dashboard tell you when to re-consent.
124
+
125
+ **Going live** (optional — everything works drafts-only without this): approving an action really sends it only when you flip the flag *and* configure your own mailbox:
126
+
127
+ ```bash
128
+ # .env — your own email account (use an app password, never your real one)
129
+ MOXIE_SMTP_HOST=smtp.gmail.com
130
+ MOXIE_SMTP_USER=you@gmail.com
131
+ MOXIE_SMTP_PASSWORD=your-app-password
132
+ MOXIE_LIVE=true # default: false = drafts only
133
+
134
+ moxie review # 🔴 live: an approved cancel actually emails
135
+ moxie kill # panic button: force drafts-only until --release
136
+ ```
137
+
138
+ Cancellations that work better on the merchant's website use **guided deep-links**: Moxie shows the exact URL and clicks (from the merchant's skill) and *you* do the final click — no passwords, no CAPTCHA fights.
139
+
140
+ > ⚠️ **Status:** feature-complete, pre-review. The Trust Vault, live action layer, bank providers, receipts, and the security hardening checklist (encryption at rest, OS keychain, dashboard token/CSRF, rate limiting) are all implemented and tested. What's missing is an **independent security review** — until then, use your own judgment with real financial data, keep `MOXIE_LIVE` off unless you've read the code, and see [SECURITY.md](SECURITY.md) for exactly where the edges are.
141
+
142
+ ---
143
+
144
+ ## How it works
145
+
146
+ ```
147
+ CAPTURE receipts (email + photo/OCR) + CONNECT accounts (Plaid / CSV, read-only)
148
+ → ORGANIZE file receipts, match to transactions
149
+ → DETECT zombie subs, duplicate charges, missing refunds
150
+ → PROPOSE an action card: "Dispute this $40 double charge? I have the receipt."
151
+ → APPROVE you confirm (because it can't be undone)
152
+ → EXECUTE cancellation / dispute / refund email
153
+ → LOG append-only, hash-chained audit trail with the receipt attached
154
+ ```
155
+
156
+ Nothing in the right-hand column happens without passing the **Trust Vault**. For the full security model — the deny-by-default policy engine, the fail-safe consent design, the hash-chain math, and the threat model — see **[docs/HOW_IT_WORKS.md](docs/HOW_IT_WORKS.md)**.
157
+
158
+ ### Why preview-and-approve, not "undo"
159
+
160
+ Most money actions are **one-way** — you can't cleanly un-cancel a subscription or un-send a dispute. So Moxie's safety is *before* the action (simulate → approve), not a promise to reverse it after. That's the whole reason consent is mandatory.
161
+
162
+ ---
163
+
164
+ ## Run it 24/7
165
+
166
+ ```bash
167
+ moxie serve # dashboard + Telegram bot + daily loop, one process
168
+ ```
169
+
170
+ The daily loop re-scans every morning and pings you only when there's something new to decide. **A Mac mini at home is the ideal host** — always-on, and your bank data never leaves a machine you own. systemd/launchd units and a Dockerfile ship in [`deploy/`](deploy/); the full guide is [docs/HOSTING.md](docs/HOSTING.md).
171
+
172
+ ## Moxie Dash — the control plane
173
+
174
+ ```bash
175
+ moxie dashboard # → http://127.0.0.1:8484
176
+ ```
177
+
178
+ A local status page in the OpenClaw / Hermes tradition, but money-shaped: **heartbeat**, **brain**, **Telegram**, **data**, and **audit-chain** status at a glance, findings with approve/skip (same Trust Vault pipeline), and — most importantly — **the setup home**: paste your API key and BotFather token here, click *detect my chat id*, and it walks you through Telegram pairing. Keys are written to `~/.moxie/.env` on the machine Moxie runs on; the audit log records *that* setup changed, never the secrets themselves.
179
+
180
+ It binds to `127.0.0.1` only. Running Moxie on a Mac mini or a VPS? Reach the dash through an SSH tunnel (`ssh -L 8484:127.0.0.1:8484 you@host`) — never expose it to the open internet.
181
+
182
+ ## The brain & the Telegram channel
183
+
184
+ Moxie has three layers, and you can stop at any of them:
185
+
186
+ 1. **Rules** (no key needed) — deterministic, explainable detectors. Everything above runs on these. Eight of them: duplicate charges, zombie subscriptions, trials-that-stuck, price-hike renewals, duplicate services, bank fees, FX fees, and short refunds.
187
+ 2. **The brain** (bring your own Anthropic key) — set `MOXIE_API_KEY` in a `.env` file and ask it things: `moxie ask "can I afford £120 trainers this month?"`. Answers are grounded in **the money picture** — real income, committed subscriptions, and what's genuinely left this month (`moxie budget` shows the same figures; balance appears once a bank is linked). It states figures and trade-offs and lets you decide — it's not a financial adviser and won't pretend to be. Its standing orders live in `~/.moxie/instructions.md` — a plain-English list of what it should do each day. **Edit it**; that file *is* the agent.
188
+ 3. **The offline brain** (no key, no cloud) — run a local model instead: install [Ollama](https://ollama.com), `ollama pull llama3.1`, and set `MOXIE_MODEL=ollama:llama3.1`. Same instructions, same guardrails, zero cloud calls.
189
+ 4. **The Telegram channel** (optional) — `moxie telegram` runs a bot you can text like a PA, plus a daily loop that re-scans and messages you *only* when there's something new to decide. Decisions are remembered — skip something once and Moxie won't nag you about it for 60 days.
190
+
191
+ ```bash
192
+ # .env: TELEGRAM_BOT_TOKEN from @BotFather, then pair:
193
+ moxie telegram # message your bot; it replies with your chat id
194
+ # put MOXIE_TELEGRAM_CHAT_ID=<that id> in .env, restart, done
195
+ ```
196
+
197
+ Channel security (borrowed from OpenClaw's design): the bot is **paired to exactly one chat** and ignores everyone else; approvals are two-step (`/approve 2`, then `YES`); the brain never executes anything — every action still passes the Trust Vault; and sensitive setup (keys, bank links) only ever happens on your computer, never over chat.
198
+
199
+ ---
200
+
201
+ ## Privacy & security
202
+
203
+ - **Local-first.** Your receipts, transactions, and audit log live on your machine — encrypted at rest once you run `moxie encrypt on`.
204
+ - **Bring your own key.** Moxie uses *your* LLM API key, or a **local/offline model** (Ollama) + **local OCR** (Tesseract) so receipt images never touch a cloud service. `moxie secret set` keeps keys in the OS keychain instead of a file.
205
+ - **Least privilege.** Bank access is read-only AIS via a provider *you* choose and own; Moxie never moves money — it's hard-denied in policy.
206
+ - **Tamper-evident.** The audit log is hash-chained — any edit to past entries fails `moxie verify`.
207
+
208
+ Security is the precondition for everything else here — see [SECURITY.md](SECURITY.md).
209
+
210
+ ---
211
+
212
+ ## Built on the OpenClaw / Hermes ecosystem
213
+
214
+ Moxie deliberately fits the world it came from, so the plumbing is familiar and only the moat is new:
215
+
216
+ - **Language & install** — Python (Hermes is ~82% Python), installed via a one-line `curl … | bash` that prefers [`uv`](https://github.com/astral-sh/uv), exactly like Hermes.
217
+ - **Skills** — the same `SKILL.md` convention used by OpenClaw and the [agentskills.io](https://agentskills.io) standard (they live in `moxie/seed_skills/` and ship in the package), so skills stay portable and shareable (think ClawHub, but for money-actions).
218
+ - **Familiar CLI** — `moxie doctor` and friends echo `hermes doctor` / `openclaw` so anyone from that world feels at home.
219
+ - **Sandboxing** — action execution is designed to run sandboxed (Docker by default, as OpenClaw does for untrusted sessions).
220
+
221
+ What's *not* borrowed is the whole point: the **Trust Vault** (consent-first, tamper-evident) and the money-action layer are ours.
222
+
223
+ ## Contributing
224
+
225
+ The most valuable contribution is **skills** — encoded know-how for cancelling/disputing with a specific merchant, bank, or service; they genuinely drive how Moxie acts. See [moxie/seed_skills/README.md](moxie/seed_skills/README.md) for the format, [CONTRIBUTING.md](CONTRIBUTING.md) for good first issues, and [`integrations/moxie-bridge/`](integrations/moxie-bridge/SKILL.md) if you want your OpenClaw/Hermes agent to talk to Moxie (look, never touch).
226
+
227
+ ---
228
+
229
+ ## Design
230
+
231
+ The security model and architecture rationale live in [docs/HOW_IT_WORKS.md](docs/HOW_IT_WORKS.md) — including why Moxie is standalone rather than a skill inside a general-purpose agent, and exactly what the Trust Vault does and doesn't defend against.
232
+
233
+ ## License
234
+
235
+ [MIT](LICENSE) — free and open. Use it, fork it, learn from it.
@@ -0,0 +1,203 @@
1
+ <div align="center">
2
+
3
+ <img src="docs/logo.svg" alt="Moxie the honey badger" width="360">
4
+
5
+ # 🦡 Moxie
6
+
7
+ **The open-source money agent that *acts* — and never without your say-so.**
8
+
9
+ *Moxie doesn't care about a company's excuses. It just gets your money back — and asks you first, every time.*
10
+
11
+ [![CI](https://github.com/JacobBrooke1/moxie/actions/workflows/ci.yml/badge.svg)](https://github.com/JacobBrooke1/moxie/actions/workflows/ci.yml)
12
+ [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
13
+ [![Status: early scaffold](https://img.shields.io/badge/status-early%20scaffold-orange.svg)](#status)
14
+ [![Local-first](https://img.shields.io/badge/local--first-yes-brightgreen.svg)](#privacy--security)
15
+
16
+ *Named for the honey badger — small, fearless, famously relentless. It badgers companies until your money comes back.*
17
+
18
+ ![Moxie demo — scan, review with approval, verify the audit log](docs/demo.gif)
19
+
20
+ *The whole loop in 30 seconds: **scan** finds ~$591/yr of waste in the sample data, **review** shows you each fix and asks first (that `n` is the point — you're in control), **verify** proves the audit log hasn't been touched. Runs on bundled sample data — no bank, no API key.*
21
+
22
+ </div>
23
+
24
+ ---
25
+
26
+ ## Why Moxie exists
27
+
28
+ AI agents today split into two camps: ones that **reach everywhere** (OpenClaw) and ones that **get smarter over time** (Hermes). Neither answers the question that actually matters with your money: *what will you let it do when the downside is real?*
29
+
30
+ Look at who already touches your money:
31
+
32
+ - **Receipt & finance organizers** (Expensify, Firefly III, Receiptor AI) — they *file and track*. They don't act.
33
+ - **Money-action services** (DoNotPay, Rocket Money, Pine AI) — they *act*, but as **closed black boxes** that have burned users' trust (DoNotPay was FTC-fined for overstating its AI; Rocket Money has acted *as* users without asking).
34
+ - **ChatGPT + Plaid** — **read-only by design**: it can spot a subscription to cancel, but it won't cancel it.
35
+
36
+ **Moxie bridges the gap, trust-first.** It files your receipts (email + photo), reads your accounts, finds waste and wrong charges, and *acts* on them — cancelling, disputing, chasing refunds — but **every action is previewed, approved by you, logged in a tamper-evident audit trail, and backed by the receipt as evidence.** It's open-source and local, so you can read every line and your data never has to leave your machine.
37
+
38
+ > **Moxie never moves money.** It cancels, disputes, and negotiates on your behalf. Paying, transferring, and trading are deliberately out of scope (that's a licensing and liability minefield). See [the build spec](#design).
39
+
40
+ ---
41
+
42
+ ## What it does
43
+
44
+ - 🧾 **Receipt vault** — `moxie receipt photo.jpg` (local Tesseract OCR — images never leave your machine) or `moxie receipt --email` (read-only IMAP scan). Parsed, filed, matched to transactions, and **attached to disputes as evidence automatically**.
45
+ - 🔎 **Finds problems** — zombie subscriptions, duplicate/wrong charges, missing refunds, gouge renewals.
46
+ - ✅ **Acts — with your consent** — drafts the cancellation/dispute, shows it to you (editable), and sends it **only** when you approve *and* `MOXIE_LIVE=true`. Default is drafts-only. Receipt attached as proof.
47
+ - 📮 **Three action tiers** — email from *your own* mailbox (SMTP), guided deep-links (Moxie shows the exact cancel page + clicks; you click), and per-merchant browser automation (optional, double-gated, sandboxed).
48
+ - 🛡️ **Trust Vault** — deny-by-default policy engine, preview/simulate, approval gates, and a **hash-chained, tamper-evident audit log**.
49
+ - 🧩 **Community skill library** — reusable "how to cancel with X / dispute with Y" skills, each carrying its own success rate.
50
+ - 🔒 **Local-first & BYO key** — runs on your machine with your own LLM API key, or fully offline with a local model.
51
+
52
+ ---
53
+
54
+ ## Quickstart
55
+
56
+ ```bash
57
+ # install (from source today; `pip install moxie-agent` once on PyPI)
58
+ git clone https://github.com/JacobBrooke1/moxie.git
59
+ cd moxie
60
+ pip install -e . # or: ./install.sh
61
+
62
+ # try it with built-in sample data — no bank, no API key needed
63
+ # (Windows: if `moxie` isn't recognized, pip's Scripts dir isn't on PATH —
64
+ # use `python -m moxie <command>` instead; works everywhere)
65
+ moxie init
66
+ moxie scan # finds issues in sample transactions
67
+ moxie review # shows each fix, asks you to approve, then drafts it
68
+ moxie log # the tamper-evident audit trail
69
+ moxie verify # confirms the log hasn't been altered
70
+ moxie doctor # checks your setup: python, key, audit, skills
71
+ ```
72
+
73
+ The demo runs entirely on bundled sample data so you can see the consent-first loop end to end before connecting anything real.
74
+
75
+ Ready for your real data? Both paths are local and read-only — nothing leaves your machine:
76
+
77
+ ```bash
78
+ moxie scan --csv statement.csv # any bank CSV export — headers auto-detected
79
+ moxie scan --pdf statement.pdf # bank statement PDFs (NatWest-style; pip install pypdf)
80
+ ```
81
+
82
+ Or link your bank for automatic read-only imports — **your choice of provider**, bring your own (free) credentials:
83
+
84
+ ```bash
85
+ moxie connect truelayer # UK default (NatWest etc.; free sandbox at console.truelayer.com)
86
+ moxie connect gocardless # most generous free tier (bankaccountdata.gocardless.com)
87
+ moxie connect plaid # strong US coverage (dashboard.plaid.com)
88
+ moxie sync # pull fresh transactions + balances any time
89
+ ```
90
+
91
+ Honesty note: every aggregator is a cloud third party. *You* hold the provider account (Moxie the project runs no servers), access is read-only AIS — Moxie cannot move money by construction — and CSV/PDF remains the fully no-cloud path. UK consents lapse ~90 days; `moxie doctor` and the dashboard tell you when to re-consent.
92
+
93
+ **Going live** (optional — everything works drafts-only without this): approving an action really sends it only when you flip the flag *and* configure your own mailbox:
94
+
95
+ ```bash
96
+ # .env — your own email account (use an app password, never your real one)
97
+ MOXIE_SMTP_HOST=smtp.gmail.com
98
+ MOXIE_SMTP_USER=you@gmail.com
99
+ MOXIE_SMTP_PASSWORD=your-app-password
100
+ MOXIE_LIVE=true # default: false = drafts only
101
+
102
+ moxie review # 🔴 live: an approved cancel actually emails
103
+ moxie kill # panic button: force drafts-only until --release
104
+ ```
105
+
106
+ Cancellations that work better on the merchant's website use **guided deep-links**: Moxie shows the exact URL and clicks (from the merchant's skill) and *you* do the final click — no passwords, no CAPTCHA fights.
107
+
108
+ > ⚠️ **Status:** feature-complete, pre-review. The Trust Vault, live action layer, bank providers, receipts, and the security hardening checklist (encryption at rest, OS keychain, dashboard token/CSRF, rate limiting) are all implemented and tested. What's missing is an **independent security review** — until then, use your own judgment with real financial data, keep `MOXIE_LIVE` off unless you've read the code, and see [SECURITY.md](SECURITY.md) for exactly where the edges are.
109
+
110
+ ---
111
+
112
+ ## How it works
113
+
114
+ ```
115
+ CAPTURE receipts (email + photo/OCR) + CONNECT accounts (Plaid / CSV, read-only)
116
+ → ORGANIZE file receipts, match to transactions
117
+ → DETECT zombie subs, duplicate charges, missing refunds
118
+ → PROPOSE an action card: "Dispute this $40 double charge? I have the receipt."
119
+ → APPROVE you confirm (because it can't be undone)
120
+ → EXECUTE cancellation / dispute / refund email
121
+ → LOG append-only, hash-chained audit trail with the receipt attached
122
+ ```
123
+
124
+ Nothing in the right-hand column happens without passing the **Trust Vault**. For the full security model — the deny-by-default policy engine, the fail-safe consent design, the hash-chain math, and the threat model — see **[docs/HOW_IT_WORKS.md](docs/HOW_IT_WORKS.md)**.
125
+
126
+ ### Why preview-and-approve, not "undo"
127
+
128
+ Most money actions are **one-way** — you can't cleanly un-cancel a subscription or un-send a dispute. So Moxie's safety is *before* the action (simulate → approve), not a promise to reverse it after. That's the whole reason consent is mandatory.
129
+
130
+ ---
131
+
132
+ ## Run it 24/7
133
+
134
+ ```bash
135
+ moxie serve # dashboard + Telegram bot + daily loop, one process
136
+ ```
137
+
138
+ The daily loop re-scans every morning and pings you only when there's something new to decide. **A Mac mini at home is the ideal host** — always-on, and your bank data never leaves a machine you own. systemd/launchd units and a Dockerfile ship in [`deploy/`](deploy/); the full guide is [docs/HOSTING.md](docs/HOSTING.md).
139
+
140
+ ## Moxie Dash — the control plane
141
+
142
+ ```bash
143
+ moxie dashboard # → http://127.0.0.1:8484
144
+ ```
145
+
146
+ A local status page in the OpenClaw / Hermes tradition, but money-shaped: **heartbeat**, **brain**, **Telegram**, **data**, and **audit-chain** status at a glance, findings with approve/skip (same Trust Vault pipeline), and — most importantly — **the setup home**: paste your API key and BotFather token here, click *detect my chat id*, and it walks you through Telegram pairing. Keys are written to `~/.moxie/.env` on the machine Moxie runs on; the audit log records *that* setup changed, never the secrets themselves.
147
+
148
+ It binds to `127.0.0.1` only. Running Moxie on a Mac mini or a VPS? Reach the dash through an SSH tunnel (`ssh -L 8484:127.0.0.1:8484 you@host`) — never expose it to the open internet.
149
+
150
+ ## The brain & the Telegram channel
151
+
152
+ Moxie has three layers, and you can stop at any of them:
153
+
154
+ 1. **Rules** (no key needed) — deterministic, explainable detectors. Everything above runs on these. Eight of them: duplicate charges, zombie subscriptions, trials-that-stuck, price-hike renewals, duplicate services, bank fees, FX fees, and short refunds.
155
+ 2. **The brain** (bring your own Anthropic key) — set `MOXIE_API_KEY` in a `.env` file and ask it things: `moxie ask "can I afford £120 trainers this month?"`. Answers are grounded in **the money picture** — real income, committed subscriptions, and what's genuinely left this month (`moxie budget` shows the same figures; balance appears once a bank is linked). It states figures and trade-offs and lets you decide — it's not a financial adviser and won't pretend to be. Its standing orders live in `~/.moxie/instructions.md` — a plain-English list of what it should do each day. **Edit it**; that file *is* the agent.
156
+ 3. **The offline brain** (no key, no cloud) — run a local model instead: install [Ollama](https://ollama.com), `ollama pull llama3.1`, and set `MOXIE_MODEL=ollama:llama3.1`. Same instructions, same guardrails, zero cloud calls.
157
+ 4. **The Telegram channel** (optional) — `moxie telegram` runs a bot you can text like a PA, plus a daily loop that re-scans and messages you *only* when there's something new to decide. Decisions are remembered — skip something once and Moxie won't nag you about it for 60 days.
158
+
159
+ ```bash
160
+ # .env: TELEGRAM_BOT_TOKEN from @BotFather, then pair:
161
+ moxie telegram # message your bot; it replies with your chat id
162
+ # put MOXIE_TELEGRAM_CHAT_ID=<that id> in .env, restart, done
163
+ ```
164
+
165
+ Channel security (borrowed from OpenClaw's design): the bot is **paired to exactly one chat** and ignores everyone else; approvals are two-step (`/approve 2`, then `YES`); the brain never executes anything — every action still passes the Trust Vault; and sensitive setup (keys, bank links) only ever happens on your computer, never over chat.
166
+
167
+ ---
168
+
169
+ ## Privacy & security
170
+
171
+ - **Local-first.** Your receipts, transactions, and audit log live on your machine — encrypted at rest once you run `moxie encrypt on`.
172
+ - **Bring your own key.** Moxie uses *your* LLM API key, or a **local/offline model** (Ollama) + **local OCR** (Tesseract) so receipt images never touch a cloud service. `moxie secret set` keeps keys in the OS keychain instead of a file.
173
+ - **Least privilege.** Bank access is read-only AIS via a provider *you* choose and own; Moxie never moves money — it's hard-denied in policy.
174
+ - **Tamper-evident.** The audit log is hash-chained — any edit to past entries fails `moxie verify`.
175
+
176
+ Security is the precondition for everything else here — see [SECURITY.md](SECURITY.md).
177
+
178
+ ---
179
+
180
+ ## Built on the OpenClaw / Hermes ecosystem
181
+
182
+ Moxie deliberately fits the world it came from, so the plumbing is familiar and only the moat is new:
183
+
184
+ - **Language & install** — Python (Hermes is ~82% Python), installed via a one-line `curl … | bash` that prefers [`uv`](https://github.com/astral-sh/uv), exactly like Hermes.
185
+ - **Skills** — the same `SKILL.md` convention used by OpenClaw and the [agentskills.io](https://agentskills.io) standard (they live in `moxie/seed_skills/` and ship in the package), so skills stay portable and shareable (think ClawHub, but for money-actions).
186
+ - **Familiar CLI** — `moxie doctor` and friends echo `hermes doctor` / `openclaw` so anyone from that world feels at home.
187
+ - **Sandboxing** — action execution is designed to run sandboxed (Docker by default, as OpenClaw does for untrusted sessions).
188
+
189
+ What's *not* borrowed is the whole point: the **Trust Vault** (consent-first, tamper-evident) and the money-action layer are ours.
190
+
191
+ ## Contributing
192
+
193
+ The most valuable contribution is **skills** — encoded know-how for cancelling/disputing with a specific merchant, bank, or service; they genuinely drive how Moxie acts. See [moxie/seed_skills/README.md](moxie/seed_skills/README.md) for the format, [CONTRIBUTING.md](CONTRIBUTING.md) for good first issues, and [`integrations/moxie-bridge/`](integrations/moxie-bridge/SKILL.md) if you want your OpenClaw/Hermes agent to talk to Moxie (look, never touch).
194
+
195
+ ---
196
+
197
+ ## Design
198
+
199
+ The security model and architecture rationale live in [docs/HOW_IT_WORKS.md](docs/HOW_IT_WORKS.md) — including why Moxie is standalone rather than a skill inside a general-purpose agent, and exactly what the Trust Vault does and doesn't defend against.
200
+
201
+ ## License
202
+
203
+ [MIT](LICENSE) — free and open. Use it, fork it, learn from it.
@@ -0,0 +1,8 @@
1
+ """Moxie — the open-source money agent that acts only with your approval.
2
+
3
+ Local-first, consent-first. The fearless little agent (a honey badger 🦡) that
4
+ badgers companies until your money comes back. The core runs on the standard
5
+ library alone.
6
+ """
7
+
8
+ __version__ = "0.1.0"
@@ -0,0 +1,5 @@
1
+ """Allow `python -m moxie`."""
2
+ from .cli import main
3
+
4
+ if __name__ == "__main__":
5
+ main()