Skip to content

Work Log - 2026-07-01

🎯 Focus for Today

  • Build the Tier 0 opsfin agent (manifest + orchestration skill)
  • Vendor the Beancount upstream source/docs for the agent to consult
  • Build the Akahu Open Banking API client and run the OFX-cutover fetch
  • Refine the agent manifest: drop transitory references, document the data-flow trajectory, document the secret pattern

βœ… What Got Done

  • Tier 0 opsfin agent manifest at .opencode/agent/opsfin.md. Sub-agent of opsdev: same human, same SSH signing key (opsdev's), no separate Linux user / 1Password service account yet. Domain, paths, account reference, constraints, dry-run rule, skills, promotion-to-Tier-1 path. Manifest went through three rounds of refinement β€” transitory refs out, trajectory in, secrets in, time-tracking out.
  • reconcile-anz skill at .opencode/skills/reconcile-anz.md β€” 10-step orchestration mirroring the existing beancount/RUNBOOK-anz-reconcile.md, with three HALT with status 'needs_human_review' gates at: the OFX export, the new-payee review, and the commit/push step. Adopts the HALT mechanism from the BMad Method project.
  • Vendored upstream/beancount and upstream/beancount-docs as git submodules. Forks under github.com/john-opsdevnz. Manifest extended with "Vendored upstream resources" (when to consult, what to look for) and "Contributing back upstream" (candidate-contribution pattern).
  • Akahu client and CLI at akahu/ (3 files, 324 lines). akahu/client.py reads tokens via op read, hits /v1/me, /v1/accounts, /v1/accounts/{id}/transactions (cursor-paginated), saves JSON to beancount/statements/akahu/.... akahu/__main__.py exposes me / accounts / transactions subcommands. Smoke tests passed: me returned the user object; accounts returned both ANZ accounts.
  • Akahu cutover fetch runbook at docs/runbooks/akahu-fetch.md. Exact transactions commands for the OFX-cutover window (2026-06-16 onwards) plus the lookup snippet for the Internet NZ payment.
  • 1Password opsfin vault created with the two Akahu tokens; the op://opsfin/Akahu App ID Token/credential and op://opsfin/Akahu User Access Token/credential references are the new stable identifiers. Documented in the manifest's ## Secrets section. ← likely to be moved elsewhere when we get further along, belongs in a runbook not the agent manifest

🧠 Notes & Reflections

"Mad operators not operating" broke the logjam. Lots of analysis (requirements doc, identity doc, Akahu discovery, BMad observation), but the actual operation β€” python -m akahu me returning the user object β€” was the first real ops. The first operational loop is the cutover fetch; that's where the dog food happens.

Data-flow trajectory belongs in the manifest. OFX (legacy) β†’ Akahu (target) β†’ Postgres (eventual). Anyone reading the manifest should see it. The manifest is the agent's soul; the trajectory is general, not transitory.

HALT pattern is general. HALT with status 'needs_human_review' at human gates, HALT with status 'blocked' for failures, HALT with status 'done' for completion. Machine-parseable; the prose version was hard to reason about. Borrowed from BMad; worth keeping.

Akahu balance.current lags the transactions list by up to 24 hours. The user paid Internet NZ from the Call Account yesterday; the balance still shows the 2026-06-15 snapshot. The transactions list is the source of truth; the balance is a cache. The future import_akahu.py should log balance drift to the worklog rather than fail silently.

Tier 0 vs Tier 1 is identity, not data source. opsfin at Tier 0 uses opsdev's key + 1Password login; at Tier 1 it has its own Linux user, SSH key, and 1Password service account. The OFX β†’ Akahu switch is independent. The opsfin vault is already shaped for Tier 1; only the access mechanism changes.

The agent manifest is a soul, not a snapshot. Specific GitLab issues, host paths, and fork URLs are transitory. op://opsfin/... references, op read retrieval, "never on disk" constraint, the trajectory β€” those are general and durable. Three rounds of refinement made the manifest stronger.

  • Work item: smunz/internal/ledger.startmeup.nz #1 β€” Requirements Analysis on opsfin agent
  • Milestone: Sprint 9 H1 β€” opsfin agent
  • MR: smunz/internal/ledger.startmeup.nz #10 β€” Akahu client + runbook + manifest (merged to main)
  • Parked: smunz/opsdev.nz #7 (closed) β€” BMad Method evaluation as RAMP dependency
  • Parked: smunz/startmeup.nz #11 β€” GitHub presence / org structure for vendored forks
  • Parked: smunz/opsdev.nz #4 β€” Update opsdev.nz README and AGENTS.md (open from earlier sprint)

⏳ Mañana

  • Run the two transactions commands from the Akahu cutover runbook
  • Verify the Internet NZ payment lands in the Call Account JSON (~$115, around 2026-06-30)
  • beancount/scripts/import_akahu.py β€” the importer that turns the Akahu JSON into Beancount entries (dedup by _id, transfer detection via meta.other_account, balance drift logging)
  • Update .opencode/agent/opsfin.md ## Account reference table with the actual Akahu _ids if the smoke-test IDs have changed
  • Sync the v3 branch tracking on the upstream/beancount submodule (we're on master for now; v3 is the Beancount stable)

πŸ”₯ Token Burn

MiniMax M3
~405k tokens
~$4.66 spent