A tiny CLI that gives your agents read access to your personal finances. Local-first, encrypted, broker-stateless — your Plaid tokens never leave your disk.
$npx penny-pincer auth
$npx penny-pincer accounts
$npx penny-pincer balances
$npx penny-pincer transactions --days 30
Run npx penny-pincer auth.
The CLI opens Plaid Link in your browser and stashes an encrypted token envelope at
~/.penny-pincer/config.json.
Run commands like balances
or transactions.
The CLI signs each request and prints JSON straight to stdout for agents and scripts.
The hosted broker stores no per-user tokens. It decrypts your envelope just long enough to call Plaid, then forgets it.
--start / --end.auth product is enabled.
▪ All data commands print JSON · pipe straight into jq or hand to an agent.
Deploy the repository to Vercel and set six environment variables. Then point the CLI at it.
PLAID_CLIENT_ID=your-client-id
PLAID_SECRET=your-secret
PLAID_ENV=sandbox
PLAID_REDIRECT_URI=http://localhost:7777/oauth-return
PENNY_PINCER_ENCRYPTION_KEY=at-least-32-random-bytes
PENNY_PINCER_TOKEN_KEY_VERSION=v1
▪ Generate a strong key with
openssl rand -base64 32
Or skip the broker entirely and use local Plaid credentials with
--direct-plaid.
# point the CLI at your deployment
$export PENNY_PINCER_API_URL=https://your-app.vercel.app
$npx penny-pincer auth
# or skip the broker entirely
$export PLAID_CLIENT_ID=your-client-id
$export PLAID_SECRET=your-secret
$npx penny-pincer auth --direct-plaid