2025-07-03T07:45:04Z - 2026-07-03T07:45:04Z

Overview

0 Active Pull Requests
66 Active Issues
Excluding merges, 1 author has pushed 347 commits to dev and 347 commits to all branches. On dev, 442 files have changed and there have been 381797 additions and 46628 deletions.

2 Releases published by 2 users

Published v0.24.6 2026-05-11 16:04:21 -05:00

Published v0.18 v0.18 2026-05-03 21:17:31 -05:00

62 Issues closed from 1 user

Closed #67 Column labels need larger font (not bold — bills are already bold) 2026-06-04 00:59:10 -05:00

Closed #5 Projected Cash Flow 2026-06-03 22:57:29 -05:00

Closed #60 Client computeLiveProjection ignores snowball_exempt bills 2026-06-03 22:56:31 -05:00

Closed #33 Consistent form state management pattern 2026-06-03 22:55:53 -05:00

Closed #14 Keyboard navigation and shortcuts 2026-06-03 22:48:04 -05:00

Closed #42 Project-wide Data Input & Sync — Manual + CSV Import + Provider Abstraction 2026-06-03 22:46:36 -05:00

Closed #59 Dual-block migration structure in database.js duplicates every migration entry 2026-06-03 22:44:28 -05:00

Closed #81 LOW: LIVE constant interpolated into SQL queries in payments.js 2026-06-03 22:28:28 -05:00

Closed #78 MEDIUM: No pagination on core list endpoints - returns all records 2026-06-03 22:25:02 -05:00

Closed #54 Imported payments have no payment_source 2026-06-03 22:21:46 -05:00

Closed #47 Phase 5: SimpleFIN Provider Sync 2026-06-03 22:21:05 -05:00

Closed #53 PATCH /api/snowball/order doesn't exclude soft-deleted bills 2026-06-03 22:20:21 -05:00

Closed #50 Mortgage category not auto-detected as debt (snowball DEBT_LIKE_CLAUSES gap) 2026-06-03 22:19:49 -05:00

Closed #49 Imported payments don't update debt balance (balance_delta always NULL) 2026-06-03 22:16:44 -05:00

Closed #38 Recurring bill generation from cycle rules 2026-06-03 21:55:25 -05:00

Closed #55 Client snowball projection duplicates server simulation (drift risk) 2026-06-03 21:50:37 -05:00

Closed #52 PATCH /api/snowball/order silently swallows invalid rows 2026-06-03 20:48:31 -05:00

Closed #58 isRamseyMode() called twice per snowball projection request 2026-06-03 20:46:49 -05:00

Closed #51 rotateSessionId uses raw BEGIN/COMMIT/ROLLBACK instead of db.transaction() 2026-06-03 20:35:16 -05:00

Closed #1 Overdue Command Center 2026-06-03 20:28:28 -05:00

Closed #10 Filtered Exports 2026-06-03 20:28:19 -05:00

Closed #13 Payment method tracking and summary 2026-06-03 20:28:08 -05:00

Closed #66 Month navigation arrows should bracket the month name (< MAY >) 2026-06-03 20:27:33 -05:00

Closed #79 MEDIUM: Admin routes use req.params.id without integer validation 2026-06-03 20:00:05 -05:00

Closed #84 LOW: OIDC client secret stored in plaintext in user_settings table 2026-06-03 19:57:48 -05:00

Closed #48 Phase 6: Background Sync & Polish 2026-06-03 19:57:25 -05:00

Closed #62 Analytics — Expense vs Spend color key partially covered by bar graph on desktop 2026-06-03 19:50:09 -05:00

Closed #64 Calendar shows Due dot on days with no bills due (e.g. Saturday 16th) 2026-06-03 19:49:17 -05:00

Closed #80 MEDIUM: CSRF cookie defaults to httpOnly=false - XSS bypasses CSRF protection 2026-05-31 15:55:29 -05:00

Closed #85 LOW: Auto-generated encryption key stored in same SQLite database as encrypted data 2026-05-31 15:36:21 -05:00

Closed #77 MEDIUM: TrackerPage.jsx is 2386 lines with 44 hooks - maintainability and re-render risks 2026-05-31 15:05:59 -05:00

Closed #76 MEDIUM: 10x .catch(() => {}) silently swallowing errors in client code 2026-05-31 14:24:28 -05:00

Closed #75 MEDIUM: Floating-point REAL type for monetary amounts in SQLite 2026-05-31 14:00:35 -05:00

Closed #74 HIGH: No explicit JSON body size limit on express.json() - default 100KB 2026-05-31 13:23:15 -05:00

Closed #65 Add Bill link should always be visible at top, not only under Tracker tab 2026-05-31 13:19:41 -05:00

Closed #73 HIGH: No process-level unhandledRejection/uncaughtException handler 2026-05-31 13:14:17 -05:00

Closed #63 Overview page — Upcoming bills field hard to read 2026-05-31 13:12:42 -05:00

Closed #72 HIGH: Payment UPDATE/DELETE lack user_id in WHERE clause (defense-in-depth) 2026-05-31 13:12:16 -05:00

Closed #71 HIGH: SQL injection surface in analyticsService.js - string interpolation in WHERE clause 2026-05-31 13:09:22 -05:00

Closed #70 CRITICAL: Incomplete user deletion - orphaned data risk 2026-05-31 13:07:18 -05:00

Closed #69 CRITICAL: SMTP password stored in plaintext in SQLite 2026-05-31 12:56:35 -05:00

Closed #68 CRITICAL: Async route handlers lack try/catch - unhandled rejections crash process 2026-05-31 12:46:13 -05:00

Closed #40 cycle_type and billing_cycle not acted on in statusService 2026-05-31 12:31:12 -05:00

Closed #41 SimpleFIN Bank Sync — Backend + UI 2026-05-31 12:31:12 -05:00

Closed #57 updateCheckService.js Forgejo URL is hard-coded with no env override 2026-05-31 12:31:12 -05:00

Closed #15 Unit and integration tests 2026-05-31 12:31:11 -05:00

Closed #16 Bill grouping and reorganization API 2026-05-31 12:31:11 -05:00

Closed #39 UI for defining recurring bill generation rules 2026-05-31 12:31:11 -05:00

Closed #46 Phase 4: Transaction Matching 2026-05-16 21:47:05 -05:00

Closed #45 Phase 3: CSV Import 2026-05-16 20:24:32 -05:00

Closed #44 Phase 2: Data Sources & Shared Transactions 2026-05-16 19:58:39 -05:00

Closed #43 Phase 1: Standardize Payments as the Manual Bill Payment Model + Surface on Bills Detail 2026-05-16 19:42:07 -05:00

Closed #12 Business logic extraction to service layers 2026-05-16 15:38:32 -05:00

Closed #8 Recurring Payment Rules 2026-05-16 15:22:45 -05:00

Closed #11 Debt Snowball Readiness Checklist 2026-05-16 14:56:26 -05:00

Closed #7 Duplicate Bill / Templates 2026-05-16 14:50:08 -05:00

Closed #4 Partial Payments — track paid $80 of $150 2026-05-16 13:32:41 -05:00

Closed #6 Bill Health / Setup Audit 2026-05-16 12:31:00 -05:00

Closed #3 Search + Filters everywhere 2026-05-16 12:26:26 -05:00

Closed #2 No confirmation before destructive actions 2026-05-16 12:17:53 -05:00

Closed #36 Authentik logo not displaying correctly on login/admin page — corrected file location 2026-05-16 10:46:21 -05:00

Closed #37 Category seed added: Food, Beauty, Entertainment, Pets 2026-05-16 10:46:21 -05:00

4 Issues created by 1 user

Opened #9 Calendar Agenda Mode 2026-05-16 10:13:22 -05:00

Opened #56 parseUserAgent in ProfilePage.jsx has weak OS detection 2026-05-16 21:43:25 -05:00

Opened #82 LOW: CORS_ORIGIN accepts comma-separated origins without URL validation 2026-05-31 12:04:04 -05:00

Opened #83 LOW: Login rate limiter bypassed when no users exist (first-run timing window) 2026-05-31 12:04:08 -05:00