Local-First AI Tax Prep With Encrypted PII on MCP

A developer has built a local-first AI tax preparer as an extension for Crow, an open-source platform that exposes tools via the Model Context Protocol (MCP). The system encrypts all personally identifiable information (PII) including Social Security numbers and names with AES-256-GCM at extraction time.

How it works

The extension works with any MCP-compatible client: Claude, ChatGPT, Gemini, local models through Ollama, or anything else that speaks MCP. The AI assistant interacts with tax data through MCP tools but never receives plaintext SSNs. When the AI needs to fill an SSN field, it sends a "fill SSN" command, and the encrypted vault resolves it.

Privacy and local-first architecture

The entire system is designed to keep sensitive data on your machine. You can run the whole thing against a local model, and your sensitive data never leaves your machine at any layer. The architecture includes:

SQLite database for local storage
Local PDF parsing and generation
No external API calls for tax data

Tax calculation capabilities

The calculation engine covers:

Form 1040
Schedule 1
HSA (Form 8889)
Education credits (Form 8863)
Self-employment (Schedule C/SE)
Capital gains (Schedule D)

Additional components

The developer also built:

A browser automation extension using stealth Chromium in Docker with VNC viewer and 18 MCP tools
A custom skill that automates filing through IRS Free File Fillable Forms (not in the public repo due to IRS TOS concerns, but documented in the blog post)

Model requirements

The tax engine doesn't require a powerful model since the MCP tools handle all the math. The model just needs to understand "upload these documents and prepare my return" and call the right tools in sequence. A smaller local model that supports tool calling should work fine for the orchestration layer.