* [AI] Fix type errors for API consumers by shipping .d.ts declarations from loot-core
Downstream consumers of @actual-app/api with strict: true get type errors
because @actual-app/core exports raw .ts source files. Consumers' tsc
follows the import chain into core's source (compiled with strict: false),
and skipLibCheck doesn't help since it only skips .d.ts files.
Add "types" conditions to all imports/exports entries in loot-core's
package.json, pointing to the pre-built declarations in lib-dist/decl/.
Add .npmignore to include lib-dist/decl/ in the published package.
Fixes#7410
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* [AI] Use prepack/postpack scripts instead of inflating package.json
Replace the inline "types" conditions in imports/exports with a prepack
script that adds them at pack/publish time. This keeps the checked-in
package.json clean while still shipping .d.ts declarations to npm
consumers.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* [AI] Convert prepack/postpack scripts to TypeScript
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* [AI] Add release notes for #7468
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* [AI] Fix recursive ExportValue type and remove redundant comment
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* [AI] Rename scripts to .mts and inline types conditions
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* [AI] Make backup/restore scripts safer
- Check if backup exists before creating it in prepack
- Make restore idempotent by checking if backup exists in postpack
- Prevents overwriting existing backups from interrupted runs
- Addresses CodeRabbit review feedback
Co-authored-by: Matiss Janis Aboltins <MatissJanis@users.noreply.github.com>
* [AI] Type api-handlers.ts fields to drop implicit any
The `fields` / export-args slots in the ApiHandlers contract were
untyped, surfacing as TS7008 errors in strict consumers. Replace them
with the `Partial<APIXxxEntity>` shapes the `@actual-app/api` wrappers
already pass, and annotate the matching call sites in `api.ts` with
`@ts-expect-error` where the legacy helpers still declare full-entity
parameters despite accepting partial updates at runtime.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* [AI] Replace vite-plugin-dts with tsgo for api types
Drops vite-plugin-dts in favor of running tsgo --emitDeclarationOnly
after the vite bundle, eliminating a heavy dev dependency tree
(api-extractor, volar, vue language-core) from the api package build.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* [AI] Add build script to loot-core to emit declarations via lage
`yarn build:cli` failed in CI with TS6305 because api's
`tsgo --emitDeclarationOnly` depends on loot-core's pre-built
`lib-dist/decl/*.d.ts`, but loot-core had no `build` script, so lage's
`^build` cascade silently skipped it. Add `"build": "tsgo -b"` so loot-core
slots into the dependency chain; its tsconfig already has
`emitDeclarationOnly: true`, so the output is declarations only.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Simplify API build
* [AI] Document TypeScript moduleResolution requirement for @actual-app/api
The published declarations rely on package.json exports conditions, which
classic node / node10 resolvers don't honor. Document the supported modes
(bundler / nodenext / node16) in the package README and in the Getting
Started section of the API docs.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* [AI] Type-guard default value in add-types-conditions prepack
`value.default` is typed `ExportValue | undefined`, which allows nested
conditional objects. The previous truthy check fell through to
`shouldSkip(defaultValue)` and would crash on `.endsWith()` if that shape
ever appeared. Replace with a `typeof === 'string'` narrowing and drop a
now-redundant "Insert types as the first key" comment.
No runtime change on current package.json — no nested `default` values
exist today — but the script is not covered by loot-core's tsconfig
include, so the latent type issue was silent.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* [AI] Allow "nodenext" in docs spellcheck expect list
Referenced in the new TypeScript moduleResolution note in the API docs.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* [AI] Move loot-core declarations to @types and whitelist publish with files
Relocate loot-core's composite TypeScript output from lib-dist/decl to the
top-level @types directory, matching the api package's convention. Replace
the old .npmignore blacklist with an explicit package.json files whitelist.
- tsconfig.json: outDir @types, exclude test/mock dirs from decl emission
- scripts/add-types-conditions.mts: rewrite paths to ./@types/src/...
- package.json: files whitelist shipping only src, @types, migrations,
typings, default-db.sqlite; drop legacy typesVersions (docs now require
moduleResolution bundler/nodenext/node16, so the classic-resolution
fallback is unused)
- .gitignore: ignore the new @types build artifact
- lage.config.js: factor outputGlob into a shared BUILD_OUTPUT_GLOBS
constant and add @types/** so lage caches loot-core's decl output
- root tsconfig.json: tighten exclude from packages/api/@types to
packages/*/@types to cover both api and loot-core
- delete .npmignore entirely
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* [AI] Build loot-core declarations inside prepack
yarn workspace @actual-app/core pack is the first non-setup step in the
publish workflow, running before any build. Without a build chained into
prepack the @types/ tree is empty at pack time, so the tarball shipped a
transformed package.json pointing at ./@types/src/... paths that didn't
exist. npm publish doesn't re-run hooks on a pre-packed tarball, so the
frozen snapshot must be self-contained; prepack now runs yarn build first
to populate @types/ before add-types-conditions rewrites the exports.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: Matiss Janis Aboltins <MatissJanis@users.noreply.github.com>
* [AI] Harden GitHub Actions workflows against low-severity security issues
- generate-release-pr.yml: replace `eval` with an associative array for
per-package version tracking. The version input was already moved to an
env var in #7433, so this removes the remaining defense-in-depth concern
of `eval`ing subshell output.
- create-release-notes-file.js: validate the OpenAI-returned category
against the known allow-list (Features, Bugfixes, Enhancements,
Maintenance), validate the author against the GitHub username regex,
and collapse the summary to a single line before embedding it in the
markdown body. Prevents indirect prompt-injection via CodeRabbit
comments from producing malformed YAML frontmatter.
- generate-summary.js: stop logging the full CodeRabbit comment body to
CI logs.
- netlify-release.yml, i18n-string-extract-master.yml: pass secrets via
`env:` blocks rather than as CLI arguments, so they do not appear in
argv / process listings.
https://claude.ai/code/session_012pZSkUBbabmmuaxbwysW33
* Add release notes for PR #7448
* [AI] Address review feedback on security hardening
- create-release-notes-file.js: stop logging the full fileContent body.
Only log the target filename plus the (already-validated) category and
author metadata, so the model-generated release-note text doesn't end
up in CI logs.
- create-release-notes-file.js: validate summaryData.prNumber as a
positive integer before using it in the file path or commit message,
and switch both usages to the validated numeric value.
- i18n-string-extract-master.yml: write the Weblate API key into
~/.config/weblate under a [keys] section in a new "Configure Weblate
API credentials" step, then drop the per-step env blocks and the
--key CLI flag from every wlc invocation so the secret is no longer
visible in process listings at all.
https://claude.ai/code/session_012pZSkUBbabmmuaxbwysW33
* [AI] Remove debug console.log statements for category in release notes script
Remove the four "Debug - ..." console.log calls that printed the raw
category env var (value/type/JSON-stringified form) plus the cleanCategory
value. They were clutter in CI logs; the existing info-level
"Creating release notes file: ... (category: ..., author: ...)" log
already surfaces the sanitized category.
https://claude.ai/code/session_012pZSkUBbabmmuaxbwysW33
---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* [AI] Add @actual-app/cli package
New CLI tool wrapping the full @actual-app/api surface for interacting with
Actual Budget from the command line. Connects to a sync server and supports
all CRUD operations across accounts, budgets, categories, transactions,
payees, tags, rules, schedules, and AQL queries.
* Refactor CLI options: replace `--quiet` with `--verbose` for improved message control. Update related configurations and tests to reflect this change. Adjust build command in workflow for consistency.
* Refactor tests: streamline imports in connection and accounts test files for improved clarity and consistency. Remove dynamic imports in favor of static imports.
* Enhance package.json: Add exports configuration for module resolution and publish settings. This includes specifying types and default files for better compatibility and clarity in package usage.
* Update package.json exports configuration to support environment-specific module resolution. Added 'development' and 'default' entries for improved clarity in file usage.
* Enhance CLI functionality: Update configuration loading to support additional search places for config files. Refactor error handling in command options to improve validation and user feedback. Introduce new utility functions for parsing boolean flags and update related commands to utilize these functions. Add comprehensive tests for new utility functions to ensure reliability.
* Update CLI TypeScript configuration to include Vitest globals and streamline test imports across multiple test files for improved clarity and consistency.
* Update CLI dependencies and build workflow
- Upgrade Vite to version 8.0.0 and Vitest to version 4.1.0 in package.json.
- Add rollup-plugin-visualizer for bundle analysis.
- Modify build workflow to prepare and upload CLI bundle stats.
- Update size comparison workflow to include CLI stats.
- Remove obsolete vitest.config.ts file as its configuration is now integrated into vite.config.ts.
* Enhance size comparison workflow to include CLI build checks and artifact downloads
- Added steps to wait for CLI build success in both base and PR workflows.
- Included downloading of CLI build artifacts for comparison between base and PR branches.
- Updated failure reporting to account for CLI build status.
* Update documentation to replace "CLI tool" with "Server CLI" for consistency across multiple files. This change clarifies the distinction between the command-line interface for the Actual Budget application and the sync-server CLI tool.
* Refactor configuration to replace "budgetId" with "syncId" across CLI and documentation
* Enhance configuration validation by adding support for 'ACTUAL_ENCRYPTION_PASSWORD' and implementing a new validation function for config file content. Update documentation to clarify error output format for the CLI tool.
* Enhance configuration tests to include 'encryptionPassword' checks for CLI options and environment variables, ensuring proper priority handling in the configuration resolution process.
* Update nightly versioning script to use yarn
* Align versions
---------
Co-authored-by: Claude <noreply@anthropic.com>
* 🔖 (26.3.0)
* Remove used release notes
* Add release notes for PR #7097
* Remove used release notes
* Remove used release notes
* Add release notes for version 26.3.0
* Add new terms to spelling expectation list
* Fix spelling and capitalization in release notes
Corrected spelling of 'reorganisation' to 'reorganization' and updated 'coderabbit' to 'CodeRabbit' for consistency.
* Update patterns.txt to allowlist 'CodeRabbit'
Add 'CodeRabbit' to allowlist of proper nouns.
* Clarify chart theming support in release notes
Updated the release notes to specify bar/pie chart theming support and added details about theme variables for customization.
* Remove 'CodeRabbit' from spelling expectations
* Refactor release notes and improve formatting
Reorganize release notes for clarity and update content.
* Create 2026-03-02-release-26-3-0.md
* Change release date to 2026-03-02
Updated the release date for version 26.3.0.
* Update release notes for version 26.3.0
---------
Co-authored-by: jfdoming <9922514+jfdoming@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Julian Dominguez-Schatz <julian.dominguezschatz@gmail.com>
* [AI] Desktop client, E2E, loot-core, sync-server and tooling updates
Co-authored-by: Cursor <cursoragent@cursor.com>
* Refactor database handling in various modules to use async/await for improved readability and error handling. This includes updates to database opening and closing methods across multiple files, ensuring consistent asynchronous behavior. Additionally, minor adjustments were made to encryption functions to support async operations.
* Refactor sync migration tests to utilize async/await for improved readability. Updated transaction handling to streamline event expectations and cleanup process.
* Refactor various functions to utilize async/await for improved readability and error handling. Updated service stopping, encryption, and file upload/download methods to ensure consistent asynchronous behavior across the application.
* Refactor BudgetFileSelection component to use async/await for onSelect method, enhancing error handling and readability. Update merge tests to utilize async/await for improved clarity in transaction merging expectations.
* Refactor filesystem module to use async/await for init function and related database operations, enhancing error handling and consistency across file interactions. Updated tests to reflect asynchronous behavior in database operations and file writing.
* Fix typo in init function declaration to ensure it returns a Promise<void> instead of Proise<void>.
* Update VRT screenshots
Auto-generated by VRT workflow
PR: #6987
* Update tests to use async/await for init function in web filesystem, ensuring consistent asynchronous behavior in database operations.
* Update VRT screenshot for payees filter test to reflect recent changes
* [AI] Fix no-floating-promises lint error in desktop-electron
Wrapped queuedClientWinLogs.map() with Promise.all and void operator to properly handle the array of promises for executing queued logs.
Co-authored-by: Matiss Janis Aboltins <MatissJanis@users.noreply.github.com>
* Refactor promise handling in global and sync event handlers
* Update VRT screenshots
Auto-generated by VRT workflow
PR: #6987
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Matiss Janis Aboltins <MatissJanis@users.noreply.github.com>
* docs: add ANZ Plus Bank to community repos
Added ANZ Plus Bank to the Community Repos page.
Link(s): https://github.com/spydisec/PDFtoOFX/
Short summary: Convert ANZ Plus bank statement PDFs to OFX format for seamless import into Actual Budget and other personal finance applications.
Placement: https://actualbudget.org/docs/community-repos/
* Update packages/docs/docs/community-repos.md
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Fix typo in ANZ Plus bank converter description
* chore: update docs spelling allowlist
---------
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Add Wallos schedule importer to community repos
Added a new entry for Wallos schedule importer with a brief description.
* Add Wallos to expected words
* lint: clean up unnecessary config and disables
* fix: update package import path in browser preload script
* lint: create custom ESLint rules for rules not in oxlint
- Add object-shorthand-properties rule (replaces object-shorthand)
- Add prefer-const rule (replaces prefer-const)
- Add no-anchor-tag rule (replaces no-restricted-syntax for <a> tags)
- Add no-react-default-import rule (replaces no-restricted-syntax for React.*)
These custom rules are needed because oxlint doesn't support these rules yet.
All rules are properly tested and integrated into the ESLint config.
* refactor: enhance prefer-const rule to track variable reassignments by scope
- Introduced a mapping of scopes to reassigned variable names, improving the accuracy of the prefer-const rule.
- Added helper functions to determine variable scopes and reassignment status.
- Updated logic to check variable reassignments during declaration analysis.
- Adjusted test cases to reflect changes in variable handling.
* fix-nginx-header-collision
Added a note on Cross-Origin Isolation and header collisions for Nginx configuration, including a sample Nginx configuration to prevent header duplication.
* Fix formatting of headers in NGINX documentation
* Add new terms to spelling expectations
* Fix placement of 'COOP' in expect.txt
* Update reverse-proxies.md doc display
* 🔖 (26.1.0)
* Trigger CI
* Remove used release notes
* Add release notes for version 26.1.0
This commit introduces the release notes for version 26.1.0, highlighting notable improvements such as currency display in the budget, mobile schedules functionality, link detection in transaction notes, and an extension of historical data. The release also includes various enhancements, bug fixes, and maintenance updates, acknowledging contributions from multiple developers.
* Update spelling expectations and release notes for version 26.1.0
This commit adds new terms to the spelling expectations file and updates the release notes to reflect changes in the documentation, including formatting improvements for clarity. Notable contributions from various developers are acknowledged.
* Add new terms to spelling expectations file
This commit updates the spelling expectations by adding new terms, enhancing the accuracy of the documentation spell-checking process. The changes include the addition of 'jws' and 'oxc' to the list of expected terms.
* Update release notes for version 26.1.0 to include Flathub availability for Linux users
* Update release notes to reflect Docker tag for version 26.1.0 in documentation
---------
Co-authored-by: MatissJanis <886567+MatissJanis@users.noreply.github.com>
Co-authored-by: Matiss Janis Aboltins <matiss@mja.lv>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* Update linting configuration and fix related issues
* Fix type coercion for comment ID in check-first-comment.js to ensure proper comparison with summary comment IDs
* fix: use start:browser for playwright webServer to load correct browser-preload
The playwright webServer was running 'yarn start' which doesn't set
IS_GENERIC_BROWSER, causing Vite to not resolve .browser.js files.
This resulted in browser-preload.js (empty electron stub) being loaded
instead of browser-preload.browser.js, making window.Actual undefined.
Changed to 'yarn start:browser' which properly sets IS_GENERIC_BROWSER=1
via the watch-browser script.
* chore: update Playwright configuration and add blob-report to .gitignore
- Modified Playwright config to use 'yarn start' with the correct working directory for local builds.
- Added 'blob-report' to .gitignore to exclude it from version control.
- Created release notes for running e2e tests against a local build instead of Netlify.
* chore: update transaction test snapshots for split and transfer transactions
- Updated binary snapshots for split and transfer test transactions in the e2e tests.
- Ensured that the latest visual changes are reflected in the test suite for accurate regression testing.
* chore: update transaction test snapshots for split and transfer transactions
- Updated binary snapshots for split and transfer test transactions in the e2e tests to reflect recent changes.
- Ensured visual consistency for accurate regression testing.
* refactor: change test lifecycle hooks from beforeAll/afterAll to beforeEach/afterEach
- Updated test files to use beforeEach and afterEach hooks for better isolation of tests.
- This change ensures that each test starts with a fresh state, improving reliability and reducing side effects across tests.
* chore: update e2e test workflow to disable translation downloads
- Modified the e2e test workflow to include a new input parameter `download-translations` set to 'false' for the setup action.
- This change aims to streamline the testing process by preventing unnecessary translation downloads during the test runs.
* chore: update e2e test snapshots for settings page visuals
- Updated binary snapshots for the settings page in e2e tests to reflect recent visual changes.
- Ensured that the latest visual updates are accurately represented for regression testing.
* fix: safely close page in e2e tests
- Updated all e2e test files to use optional chaining when closing the page, ensuring that the close method is only called if the page is defined.
- This change improves the robustness of the tests by preventing potential errors when the page object is not available.
* Fix lint violations
* Refactor code for clarity and consistency
- Updated various components to improve readability and maintainability, including:
- Changed `while (1)` to `while (true)` for better clarity.
- Simplified conditional checks by removing unnecessary boolean casts.
- Added missing `key` props in mapped elements to ensure proper rendering in lists.
- Adjusted the handling of hidden states in budget components for clearer logic.
- Cleaned up linting rules in `.oxlintrc.json` to streamline configuration.
* Enhance accessibility and linting compliance
- Updated `.oxlintrc.json` to add a warning for `jsx-a11y/no-autofocus` and removed several disabled rules.
- Added `aria-level` attributes to improve semantic structure in `Page.tsx`, `Modal.tsx`, and `ReportCardName.tsx`.
- Replaced `<label>` elements with `<Text>` components in various modals to ensure proper accessibility.
- Added `htmlFor` attributes to labels in `ImportTransactionsModal.tsx` for better form accessibility.
- Disabled specific linting rules inline to address accessibility concerns in `Image.jsx` and `Toggle.tsx`.
* Add new keywords to spelling allowlist
- Updated `.github/actions/docs-spelling/allow/keywords.txt` to include `oxfmt` and `oxlint` for improved spell-checking in documentation and code comments.
* Disable no-autofocus rule in .oxlintrc.json
* Update Trans component usage in MergeUnusedPayeesModal
* [autofix.ci] apply automated fixes
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
* 🔖 (25.12.0)
* force ci
* Remove used release notes
* add blog post
* fix spelling
* make netlify happy?
* last one
* fix some formatting
* remove icns from allowed spelling to avoid accidental missspellings
* Update VRT screenshots
Auto-generated by VRT workflow
PR: #6285
* force ci
* force ci
* Update VRT screenshots
Auto-generated by VRT workflow
PR: #6285
* revert flaky vrt. please don't update again...
* make the release dates match
---------
Co-authored-by: youngcw <28542559+youngcw@users.noreply.github.com>
Co-authored-by: youngcw <calebyoung94@gmail.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* update downloads page table to have less duplication
* color from variable
* add component to exclude for spell check
* adding workflow to docs files for release notes exclusion
* release notes
* cli tool added to the server download list
* Fix version bump logic to work if the month has rolled over
* Refactor script to be more testable
* Add tests for regression
* Move tests to dedicated package
* Add release notes
* Coderabbit
* merge bump-package-versions script with get-next-package-version
* note
* appease the rabbit
* add update flag to node script
* use update flag in workflow
* not much has changed but they live underwater
