Work Log - 2026-07-01
π― Focus for Today¶
- Build the Tier 0 opsfin agent (manifest + orchestration skill)
- Vendor the Beancount upstream source/docs for the agent to consult
- Build the Akahu Open Banking API client and run the OFX-cutover fetch
- Refine the agent manifest: drop transitory references, document the data-flow trajectory, document the secret pattern
β What Got Done¶
- Tier 0 opsfin agent manifest at
.opencode/agent/opsfin.md. Sub-agent of opsdev: same human, same SSH signing key (opsdev's), no separate Linux user / 1Password service account yet. Domain, paths, account reference, constraints, dry-run rule, skills, promotion-to-Tier-1 path. Manifest went through three rounds of refinement β transitory refs out, trajectory in, secrets in, time-tracking out. reconcile-anzskill at.opencode/skills/reconcile-anz.mdβ 10-step orchestration mirroring the existingbeancount/RUNBOOK-anz-reconcile.md, with threeHALT with status 'needs_human_review'gates at: the OFX export, the new-payee review, and the commit/push step. Adopts the HALT mechanism from the BMad Method project.- Vendored
upstream/beancountandupstream/beancount-docsas git submodules. Forks undergithub.com/john-opsdevnz. Manifest extended with "Vendored upstream resources" (when to consult, what to look for) and "Contributing back upstream" (candidate-contribution pattern). - Akahu client and CLI at
akahu/(3 files, 324 lines).akahu/client.pyreads tokens viaop read, hits/v1/me,/v1/accounts,/v1/accounts/{id}/transactions(cursor-paginated), saves JSON tobeancount/statements/akahu/....akahu/__main__.pyexposesme/accounts/transactionssubcommands. Smoke tests passed:mereturned the user object;accountsreturned both ANZ accounts. - Akahu cutover fetch runbook at
docs/runbooks/akahu-fetch.md. Exacttransactionscommands for the OFX-cutover window (2026-06-16 onwards) plus the lookup snippet for the Internet NZ payment. - 1Password
opsfinvault created with the two Akahu tokens; theop://opsfin/Akahu App ID Token/credentialandop://opsfin/Akahu User Access Token/credentialreferences are the new stable identifiers. Documented in the manifest's## Secretssection. ← likely to be moved elsewhere when we get further along, belongs in a runbook not the agent manifest
π§ Notes & Reflections¶
"Mad operators not operating" broke the logjam. Lots of analysis (requirements doc, identity doc, Akahu discovery, BMad observation), but the actual operation β python -m akahu me returning the user object β was the first real ops. The first operational loop is the cutover fetch; that's where the dog food happens.
Data-flow trajectory belongs in the manifest. OFX (legacy) β Akahu (target) β Postgres (eventual). Anyone reading the manifest should see it. The manifest is the agent's soul; the trajectory is general, not transitory.
HALT pattern is general. HALT with status 'needs_human_review' at human gates, HALT with status 'blocked' for failures, HALT with status 'done' for completion. Machine-parseable; the prose version was hard to reason about. Borrowed from BMad; worth keeping.
Akahu balance.current lags the transactions list by up to 24 hours. The user paid Internet NZ from the Call Account yesterday; the balance still shows the 2026-06-15 snapshot. The transactions list is the source of truth; the balance is a cache. The future import_akahu.py should log balance drift to the worklog rather than fail silently.
Tier 0 vs Tier 1 is identity, not data source. opsfin at Tier 0 uses opsdev's key + 1Password login; at Tier 1 it has its own Linux user, SSH key, and 1Password service account. The OFX β Akahu switch is independent. The opsfin vault is already shaped for Tier 1; only the access mechanism changes.
The agent manifest is a soul, not a snapshot. Specific GitLab issues, host paths, and fork URLs are transitory. op://opsfin/... references, op read retrieval, "never on disk" constraint, the trajectory β those are general and durable. Three rounds of refinement made the manifest stronger.
π Related¶
- Work item:
smunz/internal/ledger.startmeup.nz#1 β Requirements Analysis on opsfin agent - Milestone:
Sprint 9 H1 β opsfin agent - MR:
smunz/internal/ledger.startmeup.nz#10 β Akahu client + runbook + manifest (merged to main) - Parked:
smunz/opsdev.nz#7 (closed) β BMad Method evaluation as RAMP dependency - Parked:
smunz/startmeup.nz#11 β GitHub presence / org structure for vendored forks - Parked:
smunz/opsdev.nz#4 β Update opsdev.nz README and AGENTS.md (open from earlier sprint)
β³ MaΓ±ana¶
- Run the two
transactionscommands from the Akahu cutover runbook - Verify the Internet NZ payment lands in the Call Account JSON (~$115, around 2026-06-30)
beancount/scripts/import_akahu.pyβ the importer that turns the Akahu JSON into Beancount entries (dedup by_id, transfer detection viameta.other_account, balance drift logging)- Update
.opencode/agent/opsfin.md## Account referencetable with the actual Akahu_ids if the smoke-test IDs have changed - Sync the v3 branch tracking on the
upstream/beancountsubmodule (we're onmasterfor now; v3 is the Beancount stable)
π₯ Token Burn¶
MiniMax M3
~405k tokens
~$4.66 spent