FinanceLive
LedgerLamp
A private ledger for people who manage their own credit and bills. Built on deterministic rules, not black-box recommendations.
The problem
Most people don't know their own credit profile.
Not because the information doesn't exist — it does, scattered across a dozen billing emails, bank portals, and card dashboards. But no single place shows you utilization across all cards simultaneously, which statement closes when, whether autopay is actually configured correctly, or what the delta is between your current balance and what you'd need to pay to hit a target utilization before the statement cuts.
The tools that exist either require connecting directly to your bank accounts — a trust decision most people reasonably decline — or they're budgeting apps that don't think in terms of credit health. There's nothing in between that's private, precise, and actually yours.
The solution
A ledger, not a dashboard.
LedgerLamp is a household-scoped tracking tool for credit accounts and recurring bills. You enter what you know. When a billing email arrives, you paste it in — or snap a photo of a paper bill — and the system pulls the structured data for your review before anything is saved. Nothing is assumed. Nothing is inferred without being flagged as inferred.
Deterministic rules surface what needs attention: a statement closing in three days with high utilization, an autopay status marked unknown, a promo APR expiring next month. Over time, the pattern of your own data builds a picture that most people have never seen clearly — and that picture is the foundation for building better credit habits deliberately rather than accidentally.
No bank connections. Your data lives on your server.
Anatomy
See how it actually works.
Four system diagrams trace how a billing email becomes a reviewed, ranked to-do — where deterministic code does the work, and where AI is planned. The intake hourglass, the privacy lifecycle, the insight engine, and the upgrade seams — drawn in one visual language.
Under the hood
What's actually running.
Data model
Household-scoped workspace model — one user can belong to multiple households, each with its own set of accounts and bills. Credit accounts track balance, utilization, APR, promo APR with expiry, autopay status and type, statement close date, and payment due date. Bills track recurrence, category, and autopay. Account snapshots preserve a rolling history for trend data.
Email intake pipeline
Three intake paths are live: paste an email; snap a photo of a bill — on-device OCR (Tesseract.js, vendored locally) reads the image in your browser so the photo never leaves the device; or bulk-paste a pile of statements (or the accounts list you copy out of a banking app) and import every card and bill in one pass, each record verified independently so a slip in one can't taint the rest. EML upload, IMAP polling, and webhook intake are on the roadmap. Raw content lands in an intake queue and is presented for structured review: a deterministic pattern-matcher proposes candidate values — balance, due date, minimum payment, statement balance — each carried with a confidence marker. You approve or correct before anything is written to the account record, and raw bodies are discarded after approval by default. The AI upgrade is now live and keeps the same discipline: an LLM proposes each field with the exact source snippet it came from, a deterministic auditor verifies every value against that source — present verbatim is confirmed, reformatted is flagged for review, ungrounded is dropped rather than guessed — and only grounded fields surface for your approval. The model proposes; deterministic code disposes.
Deterministic insight engine
Rules fire against live account data and produce insight events with severity (info / warning / urgent) and confidence (deterministic / extracted / inferred / needs review). Examples: statement closing within 7 days with utilization above 29%, autopay status unknown on a card with a balance, promo APR expiring within 30 days. No black-box scoring — every insight has a traceable rule behind it.
Privacy model
Pseudonymous accounts — no real name required. Raw email bodies are nulled after user approval. Data retention is configurable per household: raw documents from none to 12 months, structured data from 3 to 12 months. Every create, update, and delete writes to an append-only audit log. The system is designed to hold the minimum data needed to be useful.
Security
CSRF protection on all state-changing requests. Login rate limiting with configurable attempt windows. Session management with configurable lifetime. All inputs validated at the boundary. Designed for single-household self-hosting — this is not a multi-tenant SaaS, and the architecture reflects that.
AI, kept on a leash
AI shows up in exactly two places, and never decides anything about your money. Intake: Claude proposes each field with the verbatim source snippet it came from; a deterministic auditor checks that value against the source and labels it extracted, inferred, or — if it can't be found — needs-review, which is dropped rather than guessed. Trends: a plain-English monthly summary where the model only narrates figures the deterministic engine already computed, and a number-grounding check rejects any dollar or percent it didn't supply. Built like production AI: Haiku, temperature 0, prompt caching, a prompt version stamped on every call, with token count and latency logged per call — and an eval harness that scores extraction precision/recall against a labelled set (currently 1.0, hallucination traps included).
Tested & measured
62 automated tests on PHP 8.4 (PHPUnit, no Composer): the utilization math and every deterministic insight rule, the extraction auditor and the narrative grounding check (stubbed model, no network), plus DB-backed integration tests for the save path, login, and rate-limit lockout against a dedicated test database. The AI is held to an eval, not to vibes.
Stack
PHP 8.4 · MySQL · PDO
Deterministic rule + insight engine
Claude (Haiku) · temp 0 · prompt caching
Propose/verify auditor + number-grounding
Tesseract.js · on-device OCR
Append-only audit log · per-call observability
CSRF · rate-limit · bcrypt
PHPUnit · 62 tests · extraction eval
No framework · No Composer
Status
Live in early access.
The edges are still being shaped. Live and in daily use: authentication, the household model, account and bill CRUD, both intake paths (paste, and phone-snap with on-device OCR), the deterministic insight engine, trend views over the snapshot history with a plain-English AI summary, and AI extraction with a deterministic auditor verifying every field against the source before you approve it — all backed by 62 tests and an extraction eval. On the roadmap: EML, IMAP and webhook intake, sharper rules, and more billing-email shapes recognised out of the box.