Sovereign Accounting Stack Survey — Final Scoring, Ranking & Analysis

A hyper-adversarial evaluation of nine FOSS accounting systems through a Bitcoin/FOSS/privacy maximalist lens plus an additional sovereignty/telos alignment axis. Results are tiered: kernel tools first, shells later. Links are embedded inline throughout the document.

Audit date 2026-03-02 Scoring scale 0–100 per criterion Composite weighted (sum of weights = 100%)

1) Framework

Operating assumption: deployments are self-hosted and hardened on infrastructure controlled by the operator. The Telos Alignment axis also accounts for “ecosystem gravity” (e.g., cloud/SaaS wrappers, bank-connectors, default CDN dependencies, and LLM/AI integration pressure), even when those are optional.

Criteria & Weights

Criterion	Weight	Description
Sovereign Deployability & Self-Hosting	18%	Ease of running locally (Linux/Docker), no vendor dependency, no compulsory cloud services.
Privacy, Telemetry & Network Footprint	14%	Telemetry, default external calls (CDNs, bank APIs), cloud hooks, ability to run fully offline.
Data Model, Portability & Auditability	18%	Plain text vs database; human readability; exportability; git-friendliness; schema clarity.
Bitcoin / Multi-Currency / Commodity Fitness	10%	Multi-commodity ledger capability, BTC modeling, price handling, crypto tooling density.
Simplicity & Attack Surface	14%	Stack complexity, number of moving parts, network exposure, hardening difficulty.
Composability & Scriptability	10%	CLI/API strength, automation friendliness, interoperability with PTA/UNIX pipelines.
Governance, Community Health & Longevity	8%	Maintenance activity, release cadence, multi-year viability, packaging/ecosystem health.
Sovereign/Telos Alignment	8%	Structural sovereignty (offline-first, plain text, self-contained) plus ecosystem gravity (SaaS, open-banking, default CDNs, AI-cloud hooks).

What “Tiering” Means

Tier 1 (Kernel): plain-text accounting engines (PTA) — the base layer where the record-of-truth can remain readable and auditable long-term (see PTA overview at plaintextaccounting.org).
Tier 2 (Ledger Node/Daemon): programmable ledger servers — useful when ledger operations must be exposed via API/GRPC.
Tier 3 (Shells): web/desktop UX and ERP layers — viable when hardened, but structurally larger and more capture-prone.

2) Final Results

Tiered Ranking (Composite / 100)

Tier 1 — Sovereign Plain-Text Kernel (PTA)

#1 Beancount (v3) — 96.0 #2 hledger — 95.4 #3 Ledger (ledger-cli) — 94.6

All three are structurally top-class kernels (plain text, offline-first, scriptable). Ordering within Tier 1 is narrow; the decisive separation is Tier 1 vs Tier 2/3.

Tier 2 — Programmable Ledger Server

#4 GoDBLedger — 90.0

Strong architecture for a “ledger node” (GRPC + SQL) but governance/maintenance signals are weaker than Tier 1 (latest tagged release at GitHub releases).

Tier 3 — Application & ERP Shells

#5 Firefly III — 83.1 #6 GnuCash — 83.1 #7 Tryton — 82.7 #8 LedgerSMB — 82.7 #9 FrontAccounting — 80.6

These are shells: useful UX/ERP layers when hardened, but larger stacks (web/DB/UI), more surface area, and stronger ecosystem gravity toward bank-connectors, CDNs, and hosted deployments.

Fast Navigation

Beancount hledger Ledger-CLI GoDBLedger Firefly III GnuCash Tryton LedgerSMB FrontAccounting

3) Final Score Matrix

Weights: Deploy 18 · Privacy 14 · Data 18 · BTC 10 · Simplicity 14 · Composability 10 · Governance 8 · Telos 8

Tool	Deploy	Privacy	Data	BTC	Simplicity	Composable	Governance	Telos	Composite
Beancount (v3)	97	100	98	97	92	97	90	93	96.0
hledger	96	100	97	93	93	95	90	96	95.4
Ledger (ledger-cli)	95	100	96	90	92	94	92	95	94.6
GoDBLedger	92	100	90	88	85	97	65	96	90.0
Firefly III	86	85	86	78	70	90	96	74	83.1
GnuCash	90	92	80	80	78	65	95	82	83.1
Tryton	80	78	88	85	72	90	94	80	82.7
LedgerSMB	82	88	85	82	70	85	95	78	82.7
FrontAccounting	84	80	84	80	68	83	92	75	80.6

How to Read the Numbers

Tier 1 vs Tier 3 is the core separation: kernel tools keep truth in plain text; shells add complexity and attack surface.
Privacy scores for shells incorporate “default gravity” (open-banking, CDNs) even if those can be disabled.
Governance is the main limiter for GoDBLedger: architecture is strong; long-horizon maintenance signals are weaker.

4) Tool Deep Dives (with embedded primary links)

4.1 Beancount (v3) — 96.0 (BTC-dense kernel, with SaaS/LLM gravity)

Core links

GitHub repo · Official docs · beangulp import framework · PTA ecosystem overview

Ecosystem gravity links

Beancount.io (commercial hosting) · LLM automation guide · Crypto portfolio tracking guide

Why it leads

Plain-text kernel + strong Python ecosystem + unusually deep crypto/commodity workflow documentation and import tooling. Strong fit for high-granularity BTC accounting within PTA norms (see PTA investing/trading guidance at plaintextaccounting.org/Investing-and-trading).

Why Telos is not perfect 100

The FOSS kernel remains sovereign; the surrounding ecosystem is increasingly oriented toward hosted platforms and AI integration (see Beancount.io and the LLM workflow guide). This introduces capture vectors unless models and infrastructure remain self-controlled.

Kernel strength: plain text + strictness BTC/commodity modeling density Ecosystem: SaaS/LLM gravity

4.2 hledger — 95.4 (maximal structural sovereignty)

Core links

Official site · GitHub repo · Why hledger · Install guide

Crypto/commodity positioning

hledger explicitly positions itself for tracking “money, investments, cryptocurrencies… any countable commodity” using human-readable text controlled by the operator (see hledger.org and repo README).

Telos advantage vs peers

Strong emphasis on auditability, version control, and minimizing unsafe write operations (see hledger.org/why). Ecosystem is primarily PTA-driven rather than “platform-as-a-service” driven.

Where it concedes points

Crypto tooling density is strong but slightly less “platformed” than Beancount’s Python ecosystem; it remains a top-tier kernel within PTA.

Telos: text + auditability Low network footprint PTA interoperability

4.3 Ledger (ledger-cli) — 94.6 (original PTA warhorse; BSD)

Core links

Official site · Ledger 3 manual · GitHub repo · PTA hub

License + philosophy

Released under a BSD license (noted on ledger-cli.org); conceptually designed to parse user-maintained text journals and generate reports (PTA-style).

Why it ranks just below top two

Structurally sovereign (plain text, local CLI), but crypto/DeFi ecosystem density is less concentrated than Beancount’s. Still fully capable of BTC as commodity within PTA conventions (see PTA investing/trading).

Plain-text kernel CLI composability Less crypto-specific ecosystem density

4.4 GoDBLedger — 90.0 (programmable ledger node; governance limiter)

Core links

GitHub repo · Releases (latest v0.7.8) · Web UI repo

Architecture fit

Designed as a server exposing API endpoints (GRPC) with SQL backends and a clear schema, enabling programmable bookkeeping (see repo overview at github.com/darcys22/godbledger).

Why governance scored low

Latest tagged release is from late 2022 (releases). Package health analyses flag low recent release activity for the web component (Snyk advisor).

Interpretation

Conceptually ideal as a “ledger node” for automation-heavy stacks; long-horizon adoption assumes either renewed maintenance or readiness to self-maintain/fork.

Composability: GRPC + SQL Self-hosted ledger node Governance/maintenance signals

4.5 Firefly III — 83.1 (personal finance shell; open-banking gravity)

Core links

Official site · GitHub repo · Documentation · License (AGPLv3)

Importer gravity

The Data Importer highlights bank imports via third-party providers (see data-importer repo and third-party providers docs). The importer also supports local formats (CSV, CAMT.052, CAMT.053) to avoid third parties (see repo note).

Why it scores mid-tier

Excellent self-hosted UX and reports (see project overview), but a larger web stack and strong ecosystem pull toward open-banking connectors reduce privacy/telos scores under a maximalist threat model.

Self-hosted UX shell Open-banking gravity Large web stack surface

4.6 GnuCash — 83.1 (offline desktop shell; open formats, less composable)

Core links

Official site · Documentation index · File formats (XML/SQL)

Data model

Default storage format is XML; SQL backends exist (SQLite/MySQL/PostgreSQL), which are open but less git-friendly than PTA plain text (see file format docs).

Why it ties Firefly III

Strong offline-default posture and mature governance, but lower composability than PTA kernels. It functions well as a GUI shell where the record-of-truth is not required to be PTA text.

Offline-first desktop Mature governance Lower composability vs PTA

4.7 Tryton — 82.7 (modular ERP; default CDN dependency)

Core links

Documentation hub · Server configuration

The critical privacy/telos detail

Real-world configuration examples and support threads show TinyMCE loaded from Tiny Cloud CDN (Tryton forum thread referencing cdn.tiny.cloud). This is correctable via self-hosting, but it is a default-gravity negative in strict threat models.

Interpretation

Strong ERP platform when the stack is accepted and dependencies are brought fully in-house; higher surface area than PTA kernels.

ERP capability CDN/default external JS gravity Three-tier complexity

4.8 LedgerSMB — 82.7 (PostgreSQL-backed web ERP; strong governance)

Core links

Official site · GitHub repo · Supported versions / EOL · License (GPLv2)

Governance signal

Active support and planned EOL dates are explicitly published (see all versions page), reflecting a clear maintenance horizon.

Why it remains Tier 3

Web ERP stack implies a larger attack surface than PTA kernels, even when fully self-hosted. Strong choice for SME/ERP needs where Postgres-backed double-entry is required.

Governance: explicit support horizon Postgres-backed ERP Web ERP surface area

4.9 FrontAccounting — 80.6 (classic LAMP ERP; lowest telos alignment)

Core links

Official site · Installation guide · License (GPLv3+)

The privacy/telos friction detail

Community deployments sometimes show Google Analytics cookies (e.g., _ga) in troubleshooting threads (see forum example). This is not guaranteed to be core-default behavior, but it is real “deployment gravity” in the ecosystem.

Interpretation

Viable as a hardened ERP shell in constrained environments; relative ranking reflects older LAMP surface area and weaker telos fit compared with other shells.

LAMP web stack surface Telemetry risk in typical deployments SME ERP coverage

5) License Sanity Check (quick links)

Licenses influence capture-resistance and redistribution dynamics. Links point to primary sources (project sites/repos).

Tool	License (primary evidence link)
Beancount	GPL-2.0 (see GitHub repo license field)
hledger	GPL-3.0 (see LICENSE)
Ledger (ledger-cli)	BSD (noted on ledger-cli.org; see also Ledger (software) summary)
GoDBLedger	See repo metadata at GitHub repo (license not consistently surfaced in all summaries; treat as “verify in-repo” before operational dependence).
Firefly III	AGPL-3 (see official license page and COPYING)
Tryton	GPL-3 (platform/modules; see Tryton license summary and Tryton forum confirmation)
GnuCash	GPL (project; see gnucash.org)
LedgerSMB	GPL-2 (see LICENSE)
FrontAccounting	GPL-3 or later (see FA license page)