Hi C,
Thanks for actually reading the code and the spec — that's more than most people do, and the criticism is fair where it lands. Let me separate the points where you're right from the one where the code disagrees with you.
**Where you're right**
The biggest one: the zero-knowledge / client-side decryption property is implemented server-side, and the server isn't open source. So today you cannot independently verify it, and "trust the maintainer" is not the same as "verifiable." An independent audit is a reasonable thing to ask for; I'm not going to pretend a closed source claim is as good as an open one. It isn't, and I won't ask anyone to treat it as such. That's on the roadmap, and until it exists your skepticism is the correct default. I appreciate you stating it plainly rather than just walking away.
The website nits are real too — the stray Kubernetes content under the TypeScript docs and the footer scroll behaviour. Thanks; I'll get those cleaned up. No excuse there.
**Where the code disagrees with you**
The client models aren't a custom per-ASPSP schema — they're the Berlin Group NextGenPSD2 transaction resource, just flattened into idiomatic Go. If you look at the Transaction struct (
https://github.com/open-banking-io/clients/blob/main/go/models.go), the fields are the §14.25 elements: bookingDate, valueDate, transactionAmount, creditDebitIndicator, status, creditorName / creditorAccount.iban / .bban / creditorAgent.bic, the matching debtor set, remittanceInformation, bankTransactionCode, merchantCategoryCode, balanceAfterTransaction. The only deviations from the JSON shape are (a) PascalCase Go field names, (b) nested objects flattened (creditorAccount.iban → CreditorIban), and (c) amounts kept as strings so decimal precision survives the round-trip. That's a representation choice, not a per-bank contract. If you spot a field that isn't in the standard, point it at me and I'll fix or explain it.
**On the AI-co-authored commits**
Guilty as charged, and I don't think it's something to hide — which is why the Co-Authored-By trailers are on the commits rather than stripped. Roughly the AI-assisted commits are the security-hardening work (SLSA build provenance, the envelope-parser fuzz harness, scoped release permissions, the vulnerability-response policy), the beancount importer, and the n8n community node. The code is all there to read; "co-authored with a tool" means I reviewed and stand behind it, not that it's opaque. If anything in those commits looks wrong, that's exactly the kind of thing public review should catch, and I'd rather have it caught.
**On the recommendation**
I'm not going to argue with "look elsewhere for now" — given the verifiability gap, it's a defensible position for someone who needs to be able to audit their bank-data pipeline today. What I'd push back on is the implication that the claims are knowingly false; they're not, but they are currently unverifiable by you, and I understand why that distinction doesn't matter much when the data in question is people's bank transactions. I'd rather earn the trust by opening the server and getting the audit than by talking you out of your conclusion.
If you're willing, the most useful thing you could do is keep reading the client and file anything that looks off — that's genuinely valuable and I'll act on it.
— John