Treasury Gate

An autonomous FinSec ops Agentic tool that stages B2B payments based on Plaid liquidity signals, issues Stripe invoices and payouts, strictly gated by Auth0 Asynchronous Authorization via Slack.

Comment

Inspiration

Having spent years leading product teams for fintech platforms, I’ve seen firsthand that the biggest bottleneck to adopting automation in the back office isn’t intelligence, it’s trust. AI is fantastic at reading invoices, but giving an automated system direct, autonomous access to a company's treasury is a massive corporate liability. What if a logic loop drains the runway? What if it pays a spoofed vendor invoice? We realized that existing financial tools require too much manual clicking, but fully automated tools lack the heavy-duty guardrails needed to prevent a catastrophe. We built Treasury Gate because business owners want software to do the heavy lifting of staging and queueing payments, but they absolutely demand Authorize the launch keys before a single cent leaves the bank account.

What it does

TreasuryGate is a financial operations platform that acts as a highly restricted, automated back office for accounts. Liquidity & Queueing: You stage one-time or recurring payments. Before a payment is even queued, TreasuryGate natively checks your Plaid balance to verify you have the operating runway.

The Auth0 Wall (via Slack): When the scheduled execution time hits, the system hits a brick wall. Auth0 Asynchronous Authorization (CIBA) halts the execution. Instead of a messy pop-up, it triggers an out-of-band webhook to a dedicated Slack channel. The system waits.

Native Stripe Execution: When the human clicks Approve in Slack, Auth0 mints the token, and the system natively interfaces with Stripe to settle against the exact invoice_ID and pull the receipts.

The Auditor's Dream: We banned the "AI Chatbot" paradigm. Instead, we use Gemini entirely in the background as a deterministic reasoning engine. It parses messy execution logs and API responses into clean, human-readable audit summaries.

How we built it

We orchestrated the architecture using Next.js (App Router) and TypeScript. The API Layer: We built dedicated endpoints (/api/payments/attempt) to handle the Plaid balance read, Stripe invoice matching, and Auth0 async gating. The Guardrail: The core of the platform utilizes Auth0's withAsyncAuthorization() wrapper to handle the CIBA flow securely out-of-band. The State Model: To maximize hackathon momentum and focus entirely on the Auth0/Stripe security loop, we utilized client-side localStorage for the task queue (treasurygate.autopay.queue.v1). This decoupled the Next.js API from needing a day-one database migration, allowing us to rapidly prototype the complex authorization states. The AI Parser: We routed our /api/tasks/review endpoint through Gemini to strictly summarize transaction states, ensuring operators get AI clarity without conversational hallucinations.

Challenges we ran into

Handling the asynchronous wait states (awaiting_approval) was by far the toughest challenge. When the system hits the Auth0 CIBA interrupt, the Next.js server has to initiate the out-of-band request to the Slack webhook and bind that specific context to a threadId. Ensuring the system perfectly resumed its execution with the newly elevated Auth0 credentials, without losing the context of the Stripe Invoice it was trying to pay, required rigorous error handling and retry polling.

Accomplishments that we're proud of

We are incredibly proud of the out-of-band Slack authorization loop. It is one thing to read about CIBA in the Auth0 docs; it is incredibly satisfying to see it natively halt a live Stripe transaction, ping a Slack channel, and resume execution perfectly upon a button click. We successfully bridged the gap between automated FinSec ops and deterministic human control.

What we learned

We learned that the future of financial software isn't just about giving AI more tools; it is about building impenetrable restriction layers. Identity management is the missing link for enterprise automation.

What's next for Treasury Gate

The immediate next step is migrating our local task queue to a durable backend datastore like Postgres. From there, we plan to implement a multi-approver Auth0 policy engine e.g., requiring both the Head of Engineering and the CFO to click Approve in Slack before any Stripe invoice over $10,000 is settled.

Bonus Blog Post Link

https://medium.com/@edogunosamudiamen/the-million-dollar-agentic-mistake-why-i-built-treasury-gate-to-stop-bots-from-bankrupting-your-667b5524fd0f

Built With

Share this project:

Updates