From 09d85bbdc546edef21f4de77ba8d68548f18e060 Mon Sep 17 00:00:00 2001 From: Matiss Janis Aboltins Date: Sat, 14 Feb 2026 01:14:15 +0000 Subject: [PATCH] docs: add Architecture Decision Records page with bank sync credential ADR (#6965) * docs: add Architecture Decision Records page for controversial decisions Co-authored-by: Cursor * Add release notes for PR #6965 --------- Co-authored-by: Cursor Co-authored-by: github-actions[bot] --- packages/docs/docs-sidebar.js | 1 + .../leadership/architecture-decision-records.md | 15 +++++++++++++++ upcoming-release-notes/6965.md | 6 ++++++ 3 files changed, 22 insertions(+) create mode 100644 packages/docs/docs/contributing/leadership/architecture-decision-records.md create mode 100644 upcoming-release-notes/6965.md diff --git a/packages/docs/docs-sidebar.js b/packages/docs/docs-sidebar.js index 9565443a1f..d521daf17f 100644 --- a/packages/docs/docs-sidebar.js +++ b/packages/docs/docs-sidebar.js @@ -326,6 +326,7 @@ const sidebars = { 'contributing/leadership/funding', 'contributing/leadership/triaging-issues', 'contributing/leadership/new-core-contributors-guide', + 'contributing/leadership/architecture-decision-records', 'contributing/leadership/cursor-ide', 'contributing/leadership/paying-contributors', ], diff --git a/packages/docs/docs/contributing/leadership/architecture-decision-records.md b/packages/docs/docs/contributing/leadership/architecture-decision-records.md new file mode 100644 index 0000000000..4bcc6c084c --- /dev/null +++ b/packages/docs/docs/contributing/leadership/architecture-decision-records.md @@ -0,0 +1,15 @@ +# Architecture Decision Records + +The core maintainers sometimes make decisions that are non-obvious or controversial. We record them here so that the rationale is clear for contributors and users, and so we can refer back to them when similar questions come up. + +We are open to revisiting these decisions if someone with more experience or knowledge proposes a better approach. + +--- + +## Bank sync: credential storage + +**Decision:** Bank sync credentials are stored on the sync server in plain text. They are not encrypted on the client and are not stored in the budget file. + +**Rationale:** Encrypting credentials on the client (or making encryption optional) does not materially improve security. If the server is compromised, secrets still need to be decrypted during normal operation and can be obtained at that point. Keeping credentials only on the server avoids exposing them to extensions and plugins, which would increase the attack surface. Actual Budget does not provide strong isolation between untrusted users on a shared instance; users who need isolation should run separate instances. + +**Consequences:** The design stays simpler, security guarantees are clearer, and maintenance cost is lower. Server administrators can access credentials, and a compromised server is not protected by encryption. diff --git a/upcoming-release-notes/6965.md b/upcoming-release-notes/6965.md new file mode 100644 index 0000000000..0a7ab55606 --- /dev/null +++ b/upcoming-release-notes/6965.md @@ -0,0 +1,6 @@ +--- +category: Maintenance +authors: [MatissJanis] +--- + +Add Architecture Decision Records documentation page with bank sync credential storage example.