mirror of
https://github.com/actualbudget/actual.git
synced 2026-07-15 14:43:36 -05:00
* First PR for secrets per file * md * Code Review * Code rabbit code review * Removed migration (new column) in favor of string concatenation * automation UI: reference schedule by ID not name (#8308) * schedule by id * migrate schedule indicators * add tests * update release note * fix loading states * [AI] feat(budget analysis report): Add Balance & Category selector (#8162) * [AI] feat(budget-report): add balance-only view mode Add a 'Balance only' toggle to the Budget Analysis report that hides the Budgeted, Spent, and Overspending Adjustment series and renders the balance as a plain line chart, similar to the Net Worth graph. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * [AI] fix(budget-report): always display ending balance for consistent header spacing Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * [AI] feat(budget-report): replace balance toggle buttons with series dropdown Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * [AI] fix(budget-report): capitalize Categories in balance mode dropdown Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * [AI] fix(budget-report): fix test imports and lint errors in BudgetAnalysisGraph test Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: added in release note --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * [AI] Fix Age of Money report widget title not saving correctly (#8320) * [AI] Fix Age of Money report widget title not saving correctly Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * [AI] Use mutateAsync to properly await mutations in AgeOfMoney widget Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * fix flaky vrt by increasing timeout (#8323) * fix test * note * Update docs with Actuali iOS app (#8324) * Update docs with Actuali iOS app * Update packages/docs/docs/community-repos.md Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --------- Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * Initial payee location documentation (#8241) * Initial payee location documentation * Move to dedicated experimental section Based on PR feedback * [AI] feat(budget analysis report): show hidden categories (#8164) * [AI] feat(budget-report): add toggle to include hidden categories Add a 'Show hidden categories' button that includes hidden expense categories in the Budget Analysis report. This prevents historic data from being misrepresented when a category (e.g. a car fund) is hidden. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * [AI] feat(budget-report): replace hidden categories button with icon toggle Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * [AI] fix(budget-analysis): use correct package alias in test import Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: added in release note * [AI] refactor(budget-analysis): extract isBaseCategory helper and reuse in tests Assisted-by: ClaudeCode:claude-sonnet-4-6 * [AI] feat(budget-report): clarify hidden categories toggle state Replace the ambiguous icon-only toggle with a highlighted active state and explicit click-to-show/hide tooltip text so the current selection is clear. Add aria-pressed for accessibility. Assisted-by: ClaudeCode:claude-opus-4.8 * [AI] feat(budget-report): consolidate chart options into Options dropdown menu Replace the separate chart-type icon toggle, balance/category Select dropdown, and hidden-categories eye icon with a single Options popover (Popover + Menu) matching the pattern used by other reports (Sankey). The menu contains: - Switch to line/bar chart - Show balance (toggle) - Show categories (toggle, replaces balanceOnly) - Show hidden categories (toggle) Also rebases onto upstream/master to incorporate the balanceOnly/Select changes from #8162 before consolidating them. Assisted-by: ClaudeCode:claude-sonnet-4-6 * [AI] fix(budget-report): use static 'Bar chart' toggle in Options menu for i18n Replace the dynamic 'Switch to line/bar chart' string with a static 'Bar chart' label and a boolean toggle (on = bar, off = line), matching the toggle pattern used by other menu items and making the string straightforward to translate. Assisted-by: ClaudeCode:claude-sonnet-4-6 * Enhance budget analysis report with dropdown options Introduced a dropdown to group options and added the ability to show hidden categories in the budget analysis report. --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * update release process (#8334) * [AI] Add cross-platform hook adding 🤖 emoji to comments (#8331) * [AI] Add cross-platform hook keeping GitHub comments/issues in Chinese or pirate voice Adds a shared agent hook that requires anything an agent posts to GitHub (PR/issue comments, PR reviews, created issues) to be written in 简体中文 (preferred) or, failing that, a fun pirate voice — never plain English. - scripts/agent-hooks/github-comment-style.sh: shared guard. Reads tool_input.body/.title, allows CJK or pirate-flavoured text, blocks plain English via exit 2. Fails open on malformed payloads. - Wired for Claude (.claude/settings.json PreToolUse), Codex (.codex/config.toml PreToolUse) and Cursor (beforeMCPExecution adapter). - Documents the rule in AGENTS.md, the canonical pr-and-commit-rules.md and the Cursor rule so platforms without hook support apply it manually. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01Lqu3eZi5djm2cPAEm3yVht * [AI] Use a slug for the release-note filename; document slug naming in AGENTS.md Release-note filenames don't need to be the PR number — a short descriptive slug works too (the PR link is resolved at release time). Rename the new note accordingly and note this in AGENTS.md's directory reference. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01Lqu3eZi5djm2cPAEm3yVht * [autofix.ci] apply automated fixes * [AI] Auto-label PRs with Chinese descriptions as "ai spam" via CodeRabbit Add a CodeRabbit labeling instruction (auto_apply_labels is already on) that applies the "ai spam" label when a PR description contains Chinese/CJK characters — a strong signal of AI-generated spam for this English-language project. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01Lqu3eZi5djm2cPAEm3yVht * [AI] Exempt CodeRabbit-addressed comments from the Chinese/pirate voice hook CodeRabbit parses its commands (@coderabbitai review/resolve/etc.) as plain English, so the github-comment-style guard now skips any comment mentioning @coderabbitai / @coderabbit instead of forcing it into Chinese or pirate. Documented the exception in the canonical and Cursor rule files. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01Lqu3eZi5djm2cPAEm3yVht * [AI] Key CodeRabbit voice exemption on authorship, not mentions The hook only ever runs on the agent's own outgoing comments, so CodeRabbit's own comments are already out of scope (it posts under its own identity). Drop the @coderabbitai mention bypass — a comment merely name-dropping the bot is still the agent's prose and must follow the Chinese/pirate rule, closing an easy plain-English bypass. Docs updated to match. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01Lqu3eZi5djm2cPAEm3yVht * [AI] Pin CodeRabbit reviews to English CodeRabbit was reading AGENTS.md / pr-and-commit-rules.md (which ask contributors to comment in Chinese/pirate) and applying that to its own reviews, posting them in Chinese. Set `language: en-US` and `tone_instructions` so the bot's own reviews, summaries and replies stay in English; the Chinese/pirate rule is for contributor/agent comments, not CodeRabbit. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01Lqu3eZi5djm2cPAEm3yVht * [AI] Replace Chinese/pirate comment voice with a robot-emoji prefix Scrap the 简体中文/pirate voice scheme (and its CodeRabbit language override and Chinese-based "ai spam" label) in favour of one simple rule: every GitHub comment, review or issue an agent posts must be prefixed with 🤖. The shared guard now blocks any body — or, for issues, title — that doesn't start with the robot emoji; docs and per-platform wiring updated to match. .coderabbit.yaml is restored to its original state. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01Lqu3eZi5djm2cPAEm3yVht * [AI] Silence SC1007 false positive on CDPATH= cd in Cursor MCP adapter shellcheck flags the intentional `CDPATH= cd` empty-env prefix as SC1007 (mistaking it for an assignment). Add a scoped inline disable directive on that line; behaviour is unchanged. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01Lqu3eZi5djm2cPAEm3yVht * [AI] Fail closed on guard execution errors in Cursor MCP adapter The adapter previously allowed the call on any non-0/2 exit from github-comment-style.sh, so a broken or missing guard would silently disable enforcement. Deny on unexpected exits instead (matching guard-shell.sh), with a message that marks it as an execution problem rather than a real policy denial. The shared guard still fails open on malformed payloads (its own exit-0 choice). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01Lqu3eZi5djm2cPAEm3yVht * [AI] Add hook requiring a blank PR template when agents create PRs New shared guard pr-template-blank.sh blocks mcp__github__create_pull_request unless the body is the repo's PR template, unmodified (cosmetic whitespace aside) — agents must leave it blank for the human, per AGENTS.md. Wired for Claude (PreToolUse), Codex (PreToolUse) and Cursor (the beforeMCPExecution adapter now dispatches per-tool to the right guard). Docs and a release note updated. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01Lqu3eZi5djm2cPAEm3yVht * [AI] Simplify agent-hook guard scripts - github-comment-style.sh: fold the empty/whitespace-only case into the prefix check, dropping a redundant tr subshell per field. - pr-template-blank.sh: drop the dead CR strip in canon() (the trailing whitespace sub already removes a trailing carriage return). - before-mcp-github.sh: emit the constant allow payload with printf instead of spawning jq on the common (allow) path. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * [AI] Drop duplicated PR-template/robot-emoji rules now that hooks enforce them The PR-template-blank and GitHub-comment robot-emoji-prefix rules are enforced by cross-platform hooks, so the copies scattered across AGENTS.md and the Cursor rules file are redundant. Remove them and point at the canonical pr-and-commit-rules.md, which keeps the full rule (including the PR-template Chinese exception that no hook can enforce). Also delete the internal PR-template-guard release note. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * [AI] Drop "enforced by hooks" wording from the PR/comment rule docs State the rules plainly without the meta-commentary about hook enforcement. Keeps the actual rules (don't fill the PR template, prefix GitHub comments/reviews/issues with 🤖, the Chinese exception, and the your-own-comments-only note) intact. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * [AI] Trim enforcement meta-commentary; shorten robot-emoji release note Drop the "isn't enforced automatically" / "handled by tooling" framing from AGENTS.md and pr-and-commit-rules.md (keeping the rule and the "apply it yourself" responsibility), and shorten the robot-emoji-prefix release note. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * [AI] Fail closed on unreadable payloads in the GitHub agent guards Align the new guards with the git-guard.sh / guard-shell.sh convention: fail closed when the hook payload can't be read, fail open only on a genuinely absent optional field. - github-comment-style.sh: block on invalid JSON / missing / non-object .tool_input; allow only an absent body/title within a valid object. - before-mcp-github.sh: deny on a jq parse failure / missing .tool_name instead of falling through to allow. - pr-template-blank.sh: an absent/null body now fails open (previously it normalized to "" and wrongly blocked PR creation); an empty-string body is still treated as a real non-template submission. - .codex/config.toml: describe the full guard scope (comment body + issue title) in the hook comment and statusMessage. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * speed up electron builds (#8337) * size up runners, skip translations where possible * note * mdx -> md (#8338) * mdx -> md * [AI] Outlaw .mdx in the docs package Docusaurus 3 compiles .md through MDX, so JSX and imports work in plain .md files and there is no need for the .mdx extension. Narrow the enforce-doc-links remark plugin to only accept .md: reject any .mdx source file at build time, flag links that target a .mdx file, and drop the .mdx branches from the directory scanner and link resolution. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * [AI] Add performance indexes for transactions table (#8335) * [AI] Add performance indexes for transactions table * release notes * [AI] Remove unselective tombstone-only index from performance migration * [AI] api: make the browser build work in consumer production bundles (#8289) * api: make the browser build work in consumer production bundles The browser build shipped `new Worker(new URL("./worker.js", import.meta.url))` in dist/browser.js. A consumer bundler (Vite/Rollup) recognizes that as a worker entry and re-bundles the already-prebuilt worker.js from scratch, which desyncs the absurd-sql/connection RPC so `init` throws a structured-clone error. It only worked in dev and in the package's own e2e because both serve dist verbatim. Make the browser build fully self-contained instead: - Inline the worker into browser.js and spawn it from a Blob URL, so consumer bundlers never see a worker entry to re-bundle. The worker is built as an IIFE (classic worker), mirroring the web app's kcab.worker. - Embed the sql.js wasm and the default filesystem data (migrations + default DB) into the worker so it performs no PUBLIC_URL asset fetches: - loot-core sqlite gains an opt-in `setWasmBinary` (dormant for web/node); - the worker installs a scoped fetch shim serving the embedded data/* files from a sentinel base URL. - Share the asset-collection logic between the Node disk copy and the embedded build via scripts/embedded-assets.mjs so the two never drift. Result: `import '@actual-app/api'` + `init()` works in any bundler with zero config; only COOP/COEP headers remain required (SharedArrayBuffer). Adds an e2e (e2e/consumer + e2e/global-setup.mjs) that builds a real consumer app for production and boots it under COOP/COEP — coverage the verbatim-dist harness can't provide. Docs note the build is self-contained and that cross-origin isolation is still required. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * [AI] api: address review feedback (guard DOM lookup, revoke blob URL on worker failure) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * [AI] api: address review nitpicks (drop BodyInit cast, reword release note) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * [AI] api: build the browser worker via Vite ?worker&inline Replace the hand-rolled worker inlining (a custom Vite plugin that read the prebuilt worker.js off disk and inlined it as a string, plus a second build config and a build-ordering dependency) with Vite's native `?worker&inline` import. This collapses the two browser build configs into one, removes the `virtual:actual-worker-code` module and the manual Blob URL spawn, and drops the worker-before-facade build step. Vite's `?worker&inline` sub-build doesn't receive vite-plugin-node-polyfills' global-shim injection (the plugin writes it to `build.rollupOptions`, but the worker sub-build reads `worker.rollupOptions`), so the worker crashed on `process is not defined`. Patch the plugin to also emit the injection on `worker.rollupOptions` — additive and backwards compatible (the web app build, including loot-core's nodePolyfills worker, is unaffected). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * [AI] api: embed browser assets via Vite, drop the embedded-assets script Replace scripts/embedded-assets.mjs with Vite-native asset imports in the worker entry: `?inline` for the sql.js wasm and default DB, `import.meta.glob` (`?raw`) for the migrations. The worker builds the default-filesystem wire format from those at module load, so the embedded set comes straight from loot-core and can't drift. The Node build only needs migrations + the default DB on disk (it reads them at runtime); the old script also wrote sql-wasm.wasm and the data/ fetch tree, which are dead now that the browser worker is self-contained. Replace writeEmbeddedAssetsToDist with a small closeBundle copy of just those two. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * [AI] api: simplify embedded data map; drop loot-core comment churn Merge the worker's binData/textData into a single dataFiles map (Response accepts both bytes and strings), collapsing the fetch shim's two lookups into one. Revert the unrelated comment edits to loot-core's backend-worker.ts and fs/index.ts. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * [AI] api: rename e2e consumer-dist to consumer/dist; drop a prose comment Use the standard `dist` directory name for the consumer fixture's build output (now e2e/consumer/dist), and remove the verbose comment from index.browser.ts. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * [AI] loot-core: own the default-filesystem assets; consumers stop reaching in Add packages/loot-core/default-filesystem.mjs as the single source of truth for loot-core's runtime assets (sql.js wasm, default DB, migrations) and the data-file-index wire format, exported as @actual-app/core/default-filesystem. - @actual-app/api: the browser worker embeds them via the actual-embedded-assets Vite plugin (which calls collectEmbeddedAssets), replacing the relative ?inline/?raw/import.meta.glob reaches into ../loot-core; the Node build copies migrations + default DB using the helper's paths. Drops the direct @jlongster/sql.js devDependency (loot-core resolves the wasm). - @actual-app/web: stagePublicData copies from the helper's paths instead of hardcoding loot-core's tree and the sql.js wasm location. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * [AI] loot-core: scan migrations once when collecting embedded assets collectEmbeddedAssets() read the migrations directory twice — once in its own loop and once via buildDataFileIndex(). List the names once and pass them through, keeping the index wire-format defined in a single place. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com> * Restore budget table scroll position when navigating back from spent transactions (#8144) * feat: Restore budget table scroll position when navigating back from spent transactions page * fix: Update transaction tests to include new categories and adjust assertions * Add release notes for budget scroll position restoration * refactor: Improve error handling when clicking on visible spent-amount cells, per suggestion from coderabbit bot * refactor: revert changes to test budget, add separate scroll-test test budget * revert previous snapshot changes * Add gitignore pattern for personal devcontainer config * fix: broken tests * refactor: address coderabbitai feedback https://github.com/actualbudget/actual/pull/8144#discussion_r3446850158 * fix: update VRT snapshots for onboarding screen * [autofix.ci] apply automated fixes * refactor: modify scrolling test to add categories to existing test budget instead of creating separate budget --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * [AI] Add design competition blog post for sidenav redesign (#8297) * [AI] Add design competition blog post for sidenav redesign Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01HbXFM9ooWVw9SRA9No7vhF * [AI] Set design competition blog post publish date to 27th July 2026 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01HbXFM9ooWVw9SRA9No7vhF * [AI] Remove stray closing tags from design competition blog post Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01HbXFM9ooWVw9SRA9No7vhF * Update 2026-07-27-design-competition-sidenav.md --------- Co-authored-by: Claude <noreply@anthropic.com> * Always show stacked bar graph tooltip label on hover (#8356) * Always show stacked bar graph tooltip label on hover * Handle edge case with maxToolTipItems+1 labels showing * Replace last item label instead of adding new one * Filter visible items on non zero values for consistency * make SimpleFIN token 'forbidden' check more flexible (#8339) * make SimpleFIN token 'forbidden' check more flexible * clear accessKey when token is updated * https -> fetch * [AI] Add tests for SimpleFIN token claim fix Cover the flexible 'Forbidden' matching, full claim-response handling, and access-key invalidation when the setup token changes. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * note * Update upcoming-release-notes/fix-simplefin-token-claim.md Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * coderabbit feedback * [AI] Test SimpleFIN blank access key handling Cover rejecting a blank claim response (not persisted) and re-claiming when an empty access key is cached. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --------- Co-authored-by: Matt Fiddaman <github@m.fiddaman.uk> Co-authored-by: tabedzki <35670232+tabedzki@users.noreply.github.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: youngcw <calebyoung94@gmail.com> Co-authored-by: Matt Farrell <10377148+MattFaz@users.noreply.github.com> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Co-authored-by: Dustin Brewer <mannkind@thenullpointer.net> Co-authored-by: Matiss Janis Aboltins <matiss@mja.lv> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Alec Bakholdin <43560338+alecbakholdin@users.noreply.github.com> Co-authored-by: clintharris <336401+clintharris@users.noreply.github.com> Co-authored-by: Darwin Do <8429648+dsmaugy@users.noreply.github.com>
131 B
131 B
category, authors
| category | authors | |
|---|---|---|
| Enhancements |
|
Allow bank sync credentials to be stored globally or for a specific budget file.