* Pushing before weekend to Monday
* release notes
* lint
* Guard against null
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* fixing AI commit and addressing second comment
* addressing nitpicks
* first attempt at a test
* [autofix.ci] apply automated fixes
* refactor to use condition and fix tests
---------
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
* 🔖 (26.3.0)
* Remove used release notes
* Add release notes for PR #7097
* Remove used release notes
* Remove used release notes
* Add release notes for version 26.3.0
* Add new terms to spelling expectation list
* Fix spelling and capitalization in release notes
Corrected spelling of 'reorganisation' to 'reorganization' and updated 'coderabbit' to 'CodeRabbit' for consistency.
* Update patterns.txt to allowlist 'CodeRabbit'
Add 'CodeRabbit' to allowlist of proper nouns.
* Clarify chart theming support in release notes
Updated the release notes to specify bar/pie chart theming support and added details about theme variables for customization.
* Remove 'CodeRabbit' from spelling expectations
* Refactor release notes and improve formatting
Reorganize release notes for clarity and update content.
* Create 2026-03-02-release-26-3-0.md
* Change release date to 2026-03-02
Updated the release date for version 26.3.0.
* Update release notes for version 26.3.0
---------
Co-authored-by: jfdoming <9922514+jfdoming@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Julian Dominguez-Schatz <julian.dominguezschatz@gmail.com>
* [AI] Make merge-freeze-unfreeze workflow work on fork PRs via pull_request_target
Made-with: Cursor
* Add release notes for the "unfreeze" workflow functionality in fork PRs
* Add empty permissions block to unfreeze job in merge-freeze-unfreeze workflow
* [AI] Add GitHub Action to add PR to Merge Freeze unblocked list when unfreeze label is added
Made-with: Cursor
* Rename 7093.md to 7094.md
* Add concurrency control to unfreeze job in merge-freeze-unfreeze workflow
- Introduced concurrency settings to prevent overlapping executions of the unfreeze job based on labels.
- Updated error handling to abort the process if fetching the current merge freeze status fails, ensuring unblocked PRs are not overwritten.
* Refactor Merge Freeze workflow to simplify PR unblocking process
- Updated the workflow to directly post the PR to the unblocked list without fetching the current freeze status.
- Improved error handling by ensuring the access token is set before proceeding with the API call.
* [AI] Fix mobile rules list items to be full width and left-aligned
- Override Button's default justifyContent/alignItems centering in
ActionableGridListItem to use flex-start alignment
- Add width: 100% to RulesListItem's SpaceBetween to fill the item width
Co-authored-by: Matiss Janis Aboltins <MatissJanis@users.noreply.github.com>
* Add release notes for PR #7081
* Change category from Enhancements to Bugfix
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: Matiss Janis Aboltins <MatissJanis@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* [AI] Fix API build output path (dist/index.js instead of dist/api/index.js)
- Set rootDir in packages/api/tsconfig.json so output is under dist/ not dist/api/
- Remove loot-core pegjs.ts from include; add local typings/pegjs.d.ts
- Use mkdir -p in build:migrations for idempotent build
- Exclude **/@types/** so declaration output does not conflict with input
Made-with: Cursor
* Update TypeScript configuration in api package to refine exclude patterns
* Change menuAutoCompleteTextHover color to green400
* Change menuAutoCompleteTextHover color to green400 in Midnight theme.
Change menuAutoCompleteTextHover color to green400 in Midnight theme.
* [autofix.ci] apply automated fixes
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
* Rename theme 'Okabe Ito' to 'Color-blind (dark)'
* Rename 'Okabe Ito' theme to 'Color-blind (dark)'
* Fix capitalization in theme name for consistency
* Add release notes for version 26.2.1, including critical security fixes for SimpleFin, Pluggy, and multi-user setups. Remove outdated upcoming release notes for related bugfixes.
* Add release notes for PR #7043
* Delete upcoming-release-notes/7043.md
---------
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* [AI] Add per-package tsconfigs and typescript-strict-plugin for typecheck
Co-authored-by: Cursor <cursoragent@cursor.com>
* Update TypeScript configuration across multiple packages to correct plugin path key from "path" to "paths" and add reference to process-worker typings in index.electron.ts.
* Remove reference to process-worker typings in index.electron.ts and add new process-worker typings file for global Process augmentation.
* Refactor TypeScript build configurations across multiple packages by removing tsconfig.dist.json files and updating build scripts to use default TypeScript compilation. Adjusted compiler options to target ES2021 and enable declaration generation.
* Update TypeScript configuration in api package to refine include and exclude patterns for better file management.
* Update build script in api package to ensure migration SQL files are copied to the correct directory by creating the destination folder if it doesn't exist.
* Update TypeScript configurations in crdt and desktop-electron packages to refine include and exclude patterns for improved file management.
* Update TypeScript dependencies across multiple packages to include typescript-strict-plugin for enhanced type checking and maintain consistency in package.json files.
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
* [AI] Enforce file access authorization on sync API endpoints
Co-authored-by: Cursor <cursoragent@cursor.com>
* Refactor file deletion authorization to return error message as text
* Refactor file upload validation to improve error handling
* Add tests to allow admin users to retrieve encryption keys and sync files for other users
- Implemented a test for admin access to retrieve encryption keys for another user's file in the /user-get-key endpoint.
- Added a test for admin users to sync another user's file in the /sync endpoint, ensuring proper response and headers.
These changes enhance the authorization checks for admin actions on user files.
* Refactor file cleanup in tests to use onTestFinished for better error handling
* Enhance admin capabilities in file management tests
* Add migration to backfill file owners with admin ID
* Enhance file access authorization in sync API
* Update migration to backfill file owners with admin ID to ensure consistent ordering in the query
* Refactor access control tests for file downloads in sync API
* Add test for non-owner file download access via user_access in sync API
This test verifies that users with appropriate access can download files owned by others, utilizing the requireFileAccess logic and UserService.countUserAccess. It ensures correct response headers and content delivery for shared files.
* Refactor file cleanup in upload and download tests to utilize onTestFinished for improved error handling
This update consolidates file cleanup logic in the test suite, ensuring that temporary files are removed after each test execution. The changes enhance the reliability of tests by consistently managing file state across various scenarios.
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
* [AI] Desktop client, E2E, loot-core, sync-server and tooling updates
Co-authored-by: Cursor <cursoragent@cursor.com>
* Refactor database handling in various modules to use async/await for improved readability and error handling. This includes updates to database opening and closing methods across multiple files, ensuring consistent asynchronous behavior. Additionally, minor adjustments were made to encryption functions to support async operations.
* Refactor sync migration tests to utilize async/await for improved readability. Updated transaction handling to streamline event expectations and cleanup process.
* Refactor various functions to utilize async/await for improved readability and error handling. Updated service stopping, encryption, and file upload/download methods to ensure consistent asynchronous behavior across the application.
* Refactor BudgetFileSelection component to use async/await for onSelect method, enhancing error handling and readability. Update merge tests to utilize async/await for improved clarity in transaction merging expectations.
* Refactor filesystem module to use async/await for init function and related database operations, enhancing error handling and consistency across file interactions. Updated tests to reflect asynchronous behavior in database operations and file writing.
* Fix typo in init function declaration to ensure it returns a Promise<void> instead of Proise<void>.
* Update VRT screenshots
Auto-generated by VRT workflow
PR: #6987
* Update tests to use async/await for init function in web filesystem, ensuring consistent asynchronous behavior in database operations.
* Update VRT screenshot for payees filter test to reflect recent changes
* Update filesystem module to remove web-specific implementations and streamline path handling. Refactor file operations to enhance type safety and consistency across different environments. Add tests for SQLite interactions and ensure proper handling of database transactions.
* Add release notes for maintenance: Remove usage of 'web' file types
* Refactor filesystem module to use type annotations for exports and improve consistency across methods. Remove deprecated web file handling and enhance encryption functions for better browser compatibility.
* Trigger CI
* Add asyncStorage API file to export Electron index module
* Trigger CI
* Feedback: typo
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* Add tooltip to imported payee column in rule result window
The imported payee column in SimpleTransactionsTable was missing a
title attribute, so truncated text had no tooltip on hover. Other
columns (category, account, notes) already pass title for this purpose.
Fixes#7003
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Add release notes for #7031
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Your Name <your-email@example.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* Add ACTUAL_USER_CREATION_MODE documentation to oauth-auth.md
* [autofix.ci] apply automated fixes
* add note that first external auth user is admin and owner
Added details about admin permissions and server ownership for users authenticating with OpenID/OAuth2.
* improve ACTUAL_USER_CREATION_MODE environment documentation
clarify warning about server owner
* [autofix.ci] apply automated fixes
* move first user admin warning to "after setup" section of OIDC documentation
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
* Add authentication middleware to SimpleFIN and Pluggy.ai endpoints
Protect /simplefin/* and /pluggyai/* routes with validateSessionMiddleware
so only authenticated users can access bank account and transaction data.
Co-authored-by: Cursor <cursoragent@cursor.com>
* Release notes
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
* Set inital focus on category when covering overspending
* Fixup: Make sure that the amount is set
* Unused import
* Fix bug where typing an amount and pressing enter uses previous value
---------
Co-authored-by: Dagur Ammendrup <dagurp@vivaldi.com>
* [AI] Desktop client, E2E, loot-core, sync-server and tooling updates
Co-authored-by: Cursor <cursoragent@cursor.com>
* Refactor database handling in various modules to use async/await for improved readability and error handling. This includes updates to database opening and closing methods across multiple files, ensuring consistent asynchronous behavior. Additionally, minor adjustments were made to encryption functions to support async operations.
* Refactor sync migration tests to utilize async/await for improved readability. Updated transaction handling to streamline event expectations and cleanup process.
* Refactor various functions to utilize async/await for improved readability and error handling. Updated service stopping, encryption, and file upload/download methods to ensure consistent asynchronous behavior across the application.
* Refactor BudgetFileSelection component to use async/await for onSelect method, enhancing error handling and readability. Update merge tests to utilize async/await for improved clarity in transaction merging expectations.
* Refactor filesystem module to use async/await for init function and related database operations, enhancing error handling and consistency across file interactions. Updated tests to reflect asynchronous behavior in database operations and file writing.
* Fix typo in init function declaration to ensure it returns a Promise<void> instead of Proise<void>.
* Update VRT screenshots
Auto-generated by VRT workflow
PR: #6987
* Update tests to use async/await for init function in web filesystem, ensuring consistent asynchronous behavior in database operations.
* Update VRT screenshot for payees filter test to reflect recent changes
* [AI] Fix no-floating-promises lint error in desktop-electron
Wrapped queuedClientWinLogs.map() with Promise.all and void operator to properly handle the array of promises for executing queued logs.
Co-authored-by: Matiss Janis Aboltins <MatissJanis@users.noreply.github.com>
* Refactor promise handling in global and sync event handlers
* Update VRT screenshots
Auto-generated by VRT workflow
PR: #6987
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Matiss Janis Aboltins <MatissJanis@users.noreply.github.com>
* start of reports dashboard updates
* spelling
* Add release notes for PR #6976
* don't need one of these
* consistent naming
* bunny fixes
* images
* image again
* extenion
* fix
* consistent naming
* naming
* fix
* last one
* Ill be done with this someday
---------
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* Document graph color variables for custom themes
Added documentation for graph color variables in custom themes.
* [autofix.ci] apply automated fixes
* Update custom themes documentation for clarity
Clarify the impact of color palettes on custom report widget graphs and format the list of color variables.
* Update packages/docs/docs/experimental/custom-themes.md
Co-authored-by: Matt Fiddaman <github@m.fiddaman.uk>
* Fix color variable syntax in custom themes documentation
Updated color variable syntax for chart colors in documentation.
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Matt Fiddaman <github@m.fiddaman.uk>
* Move redux state to react-query - account states
* Fix onbudget and offbudget displaying closed accounts
* Move redux state to react-query - payees states
* Add release notes for PR #6880
* Replace usage of logger in desktop-client with console
* Address feedback on adding default data to usePayees (#6931)
* Initial plan
* Add default data to usePayees usages using inline destructuring
Co-authored-by: joel-jeremy <20313680+joel-jeremy@users.noreply.github.com>
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: joel-jeremy <20313680+joel-jeremy@users.noreply.github.com>
* Fix imports
* Update empty payees list test
* Cleanup and simplify AccountEntity definition to fix `satisfies` syntax
---------
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Co-authored-by: joel-jeremy <20313680+joel-jeremy@users.noreply.github.com>
* Fix redirect to accounts page when no accounts exists
* Add release notes for PR #7007
* Use isFetching
* Update useAccounts to return react query states (e.g. isPending, isFetching, etc.)
* Add release notes for PR #7009
* Delete upcoming-release-notes/7007.md
* Change category from Enhancements to Maintenance
Refactor `useAccounts` to improve data handling.
---------
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* Fix redirect to accounts page when no accounts exists
* Add release notes for PR #7007
* Use isFetching
---------
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* Improve category server app and react query mutation error handling
* Add release notes for PR #6958
* Fix test
* Fix throwing async test
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Do not swallow exceptions when batching messages - propagate instead
* Update error type to make 'cause' optional
Make 'cause' property optional in error type.
---------
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
