Skip to main content
Protocol Wealth

Open Source

Verify, don't trust.

Protocol Wealth is an investment adviser registered with the SEC (the Securities and Exchange Commission, the U.S. federal regulator that licenses and oversees investment advisers). We publish the source code for the tools we build so clients, auditors, and regulators can read it and check that it does what we say. The code is open source under permissive licenses (Apache 2.0; MIT for the pw-learnai notes) — free for anyone to use.

For what this means in plain English — why a fiduciary RIA treats its software as a substrate the profession can inherit — see/how-we-work. For the RIA agent substrate, see/agents. For the canonical strategy document — hubs, licenses, AI-governance posture, and what stays private — see/opensource-strategy.

General is the plain-English version. Detailed has file paths, regulatory context, and the verification checklist.

Why this page exists

Why a CFP wants you to be able to read this

There is a question we get from sophisticated clients more often than you might expect. They have heard us talk about open source. They have seen the GitHub link in our footer. They want to know what it actually means — and what it would tell them if they ever clicked it.

Open source — code published with a license that lets anyone read it and use it for their own purposes — is not an act of generosity. It is how new professional standards have always emerged. Doctors, accountants, and lawyers built their professions on shared, inspectable bodies of knowledge. The advisor profession is in the early phase of doing the same for AI-augmented practice, and we believe the foundation should be in the open.

The reasons

Why we publish the code

We publish because financial services that affect people's money should be inspectable. We publish because regulators should be able to see how AI handles client data. We publish because clients should be able to verify what we built. Code that anyone can read is code anyone can check — which is the whole point of "verify, don't trust."

What we publish is the foundation. What we don't publish is the judgment we apply to it. Our specific advice to specific clients is not in the public repos. Our firm-internal client data is not in the public repos. Our deployment configs, signing keys, and vendor credentials are not in the public repos. We compete on judgment, accountability, and relationships — not on whether our PII scanner is more secret than the firm down the street.

The map

What's open and what's not

The public surface has two tiers. The -corefamily is infrastructure for regulated AI practice; the supporting repositories are reference utilities, learning material, or archived ancestors of the current core packages. We link each repository directly because the GitHub organization view may not show every public repo to logged-out visitors.

The -core family

pwos-core

The governance and safety substrate (TypeScript). Keeps AI use safe and auditable for an advisory firm — scrubs personal information, records every AI action to an audit trail, gates which tools an AI is allowed to call.

Open repository

nexus-core

The capability and tool layer (Python). Classifies the market environment, scores assets against the framework, and defines the tools an AI assistant uses to look at market data.

Open repository

pwplan-core

Open-source, regime-adaptive financial planning UI — PII-free by construction. The third member of the -core family.

Open repository

Supporting public repos

pw-learnai

MITLearning library

An open library of applied AI strategy and AI-assisted coding modules. No certificate, no paywall, no funnel.

Open repository

pw-redact

Public utility

Earlier public redaction work. The current PII-boundary patterns are represented in pwos-core.

Open repository

pw-router

Archived

Archived routing work. Kept public for provenance; current routing and tool registry patterns live in pwos-core.

Open archive

What pwplan-core proves in plain English

De-identified means the planning interface receives planning variables without identity fields: no name, date of birth, Social Security number, email, phone, or address. The contract is built so those fields do not exist, and the contract test fails in CI if an identity-shaped field is added. That is why the open planning UI can demonstrate planning workflows without touching real client identity or records.

The open build targets the public nexus-coredemo only. Real client data, audit logging, authenticated subject mapping, and pw-api integration live in a private fork and are out of scope for the public repository.

Reality Check: Demo / case-study tooling. Software, not investment advice; outputs are planning illustrations for review.

What pw-learnai contains

The library groups self-contained modules into Strategy & judgment (5), Organization & delivery (3), and Practice (4), with a separate beginner module and public-data module around the core set. Its differentiator is the bundling layer: modules can be used directly in NotebookLM, Claude Projects, or similar AI notebook workflows.

Contribution criteria are deliberately practical: falsifiable claims, artifacts over essays, and honesty about limits.

What the permissive licenses mean.The -core repositories use the Apache License 2.0; pw-learnai uses the MIT license; supporting repositories carry their own license files. Apache 2.0 and MIT are permissive open-source licenses: anyone may use, modify, and distribute the code — including for commercial purposes — at no cost, as long as they keep the original copyright and license notices (and, for Apache 2.0, the NOTICE file) and note any significant changes. Apache 2.0 also grants a patent license from the contributors, and the code is provided "as is," with no warranty. Protocol Wealth is an investment adviser, not a software vendor — we publish this code as part of how we work and do not sell or charge for it.

Three categories stay private. Client data, period. Specific advice to specific clients. Firm-internal infrastructure — deployment configurations, signing keys, vendor credentials, anything that would compromise the firm or its clients if it were public.

If you want to verify a claim we make on this website, the public repos are where you check it. If you want the specific recipe we applied to your situation, that is not on GitHub — it is in the advisory agreement, the IPS, and the work we do with you directly.

How to look

How to read it without running it

You do not need to install anything. GitHub renders all of it in your browser. Three places to start.

Start with the README

Every repo has one. The README describes what the project does and how the parts fit together. Read it like you would the introduction of a book — it is the welcome mat, written for someone seeing the project for the first time.

Compare against the description

Our framework writeup at /frameworkand the systematic-investing pages at /investingdescribe what we say the systems do. The open repos are where you check whether the code matches the description.

Use your own eyes

Every claim on this site that touches code is verifiable. If you find something that does not match the description, tell us. We will either fix the code, fix the description, or explain why the apparent mismatch is intentional.

Reality Check

What this is, and what it is not

The hubs are early. Bothpwos-core andnexus-core are still being built out — what is in the public repos today is a deliberate selection, not a one-to-one mirror of what runs internally.

The public mirror is not the runtime.Some security-sensitive code stays private. Auth flows, signing services, and tenant-provisioning logic are kept in private repos even when their generic patterns appear publicly. Assume the public version is the sanitized one.

No support contract is implied.Apache 2.0 and MIT both ship the code "as is." Using any of these projects in your own practice is your decision, made with your own qualified legal and compliance counsel. This is not a turnkey product. It is not investment advice. It is not a recommendation that any other firm adopt these patterns.

It is the foundation we built for our own practice, published in the open so others can learn from it, contribute to it, or build differently.Whether any of it fits your practice is your decision.

Next

Where to go from here