Appearance
Monzo Poller Z2-Native Migration Status
Status: COMPLETE. Completed: 2026-06-11. Owner: Jimmy Neutron.
Current state (2026-06-11)
The Monzo poller runs on CT109 bulma-finance (192.168.1.214) as systemd timer bulma-poll-monzo, firing every 15 minutes (OnCalendar=*:0/15). CT109 is the sole Monzo polling surface; the Mac is reauth-only.
Data plane
Z2 host /mnt/data/hinata/data/bulma is bind-mounted into CT109 at /root/data/bulma. Tokens live in the bind mount; Z2 is the sole token writer. CT109's refresh rotates the token chain.
Collector endpoint
CT109 pushes to the collector at LAN address http://192.168.1.153:8090/bulma. The host Tailscale IP (100.120.141.100) is unreachable from the LXC container; poll-monzo.py uses LAN only.
Mac role
The Mac's only banking role is re-authorisation (browser OAuth + Monzo app approval are Apple-bound). Flow: reauth-monzo.py --force writes tokens to ~/Sandpit/hinata-sandpit/data/bulma/, then push-monzo-tokens.sh copies to Z2 and starts the CT109 timer. The Mac-side tokens_monzo.json is deleted after CT109's first successful poll; monzo_credentials.json (client id/secret) stays for the next reauth.
Monzo SCA gate
After browser OAuth, Monzo API calls return HTTP 403 until the approval is tapped in the Monzo app. This is not a token failure. The timer stays active and the poll succeeds on the next fire (within 15 min) once approved.
CT109 systemd timers (six total)
| Timer | Schedule |
|---|---|
bulma-poll-monzo | Every 15 min (*:0/15) |
bulma-poll-truelayer | Every 15 min (*:0/15) |
bulma-analytics | 06:30 daily |
bulma-daily-alert | 09:00 daily |
bulma-weekly-alert | Sunday 19:00 |
bulma-weekly-summary | Sunday 20:00 |
Verification (2026-06-11)
First CT109 poll: 2 accounts, 40 transactions. Migration complete.
Remaining hardening (task 800146)
- Token file permissions tightening
- 401-exit normalisation
- Duplicate log lines
- Staleness guard on push script
Related
- Z2 Service Catalog
- Bulma Banking Stack
- Jimmy Neutron Context