docs: update user-guide index with recent features (bank status, notifications, cash flow, batch import, merchant rules)

This commit is contained in:
null 2026-06-04 03:14:54 -05:00
parent 809bd4498b
commit ecec6763b0
8 changed files with 194 additions and 229 deletions

423
README.md
View File

@ -4,20 +4,14 @@
<img src="docs/images/logo_cut.png" alt="BillTracker logo"> <img src="docs/images/logo_cut.png" alt="BillTracker logo">
</p> </p>
BillTracker is a private, self-hosted bill planning app for households and small personal setups. It tracks recurring bills, payments, monthly cash buckets, due dates, categories, debt payoff, imports, exports, backups, transactions, bank sync, and subscriptions from one local installation. BillTracker is a private, self-hosted bill planning app for households and
personal finance setups. It tracks recurring bills, monthly cash buckets,
payments, due dates, categories, subscriptions, bank-synced transactions,
imports, exports, backups, and debt payoff plans from one local installation.
It runs as a Node/Express app with a React/Vite frontend and stores data in SQLite. It is designed for people who want their bill data under their own control instead of inside a third-party budgeting service. It runs as a Node/Express app with a React/Vite frontend and stores data in
SQLite. It is designed for people who want their bill data under their own
Key features include: control instead of inside a third-party budgeting service.
- SimpleFIN bank sync integration (auto-sync, manual "Sync Now", 90-day backfill)
- Subscription catalog with recommendations from unmatched charges
- Advisory non-bill filter system (5k+ patterns, auto-matching)
- Transaction import, matching, and management
- Snowball and avalanche debt payoff planning
- Analytics, calendar, summary pages, and printable reports
- Dark mode and PWA support (offline-ready)
- Keyboard command palette (Ctrl+K)
<p align="center"> <p align="center">
Demo Server: https://t1.scheller.ltd/<br> Demo Server: https://t1.scheller.ltd/<br>
@ -26,56 +20,43 @@ Username: guest &middot; Password: guest123
## Highlights ## Highlights
- Private-by-design self-hosted bill tracking with local SQLite storage - Monthly tracker with `1st-14th` and `15th-31st` bill buckets
- Tracker view with monthly buckets (`1st-14th` and `15th-31st`) and period-aware balance - Quick pay, skipped bills, monthly notes, amount overrides, and inactive bill history ranges
- Bills, categories, payments, notes, skipped months, history ranges, and inactive bill handling - Period-aware balance cards, overdue command center, pin-due sorting, and compact desktop mode
- Subscription catalog (v2 with 100+ services across categories, recommendations from unmatched charges) - Bills, categories, subscriptions, payment history, and custom billing schedules
- Advisory non-bill filter system (5k+ patterns, UI for confidence levels, lazy cache, auto-matching) - SimpleFIN read-only bank sync with manual sync, auto-sync, transaction matching, and merchant rules
- Debt snowball page with payoff projections, avalanche comparison, APR math, and amortization schedules - Historical payment import for merchant-rule matches, including month-crossing attribution fixes
- Analytics, calendar, summary pages, and printable reports - Advisory non-bill filtering with a large pattern catalog for noisy bank transactions
- XLSX and CSV import, user export/import, Excel export, import history, and admin backups - Debt snowball and avalanche planning with APR math, projections, and amortization schedules
- Transaction import, matching, and management (Data page) - Calendar, summary, analytics, payoff simulator, and printable views
- Local username/password login with optional Authentik/OIDC SSO - XLSX/CSV import, transaction CSV import, user SQLite export/import, Excel export, and admin backups
- Admin panel for users, backups, cleanup, auth settings, status, and migrations - Local username/password auth with optional Authentik/OIDC SSO
- Status page with health checks, bank sync card, daily worker card, and recent errors - Admin tools for users, backups, auth settings, bank sync, cleanup, status, and migrations
- Compact tracker mode with side-by-side buckets, subscription/AP/2FA badges - Email and push bill reminders through SMTP, ntfy, Gotify, Discord, or Telegram
- Background worker system (dailyWorker for autopay marking, notifications, session pruning, cleanup) - Dark mode, PWA support, offline-ready shell, and keyboard command palette (`Ctrl+K`)
- Dark mode and theme support
- PWA support (service worker, offline-ready)
- Keyboard command palette (Ctrl+K)
- Monthly bill state (skip, notes per month), bill history and status tracking
- SimpleFIN bank sync integration (auto-sync, manual "Sync Now", 90-day backfill, config via admin)
- Two-factor authentication badges, autopay badges, subscription badges on bills
- Customizable display preferences per bill (toggle columns, badges)
- Public About, Privacy, and Release Notes pages
## Screenshots ## Screenshots
![Login screenshot](docs/images/login.png) Screenshots below were refreshed from the linked demo server.
![Tracker screenshot](docs/images/tracker.png) ![Login screen](docs/images/login.png)
![Snowball page with debt projections](docs/images/Snowball.png) ![Monthly tracker](docs/images/tracker.png)
![Data page with transaction management](docs/images/Data.png) ![Calendar money map](docs/images/Calendar.png)
## Additional Screenshots ![Analytics dashboard](docs/images/Analytics.png)
The app includes many more screenshots in the docs: ![Debt snowball planner](docs/images/Snowball.png)
- Analytics page: spending trends, category breakdowns, heatmaps ![Data import and transaction matching](docs/images/Data.png)
- Calendar page: due dates, payments, month progress
- Summary page: income, starting amounts, monthly planning
- Admin panel: user management, backups, status, migrations
- Worker status: dailyWorker activity, notifications, cleanup
- Status page: health checks, bank sync status, recent errors
- Compact tracker mode: side-by-side buckets, subscription/AP/2FA badges
See the docs directory for more details. ![Subscription manager](docs/images/Subscriptions.png)
## Who This Is For ## Who This Is For
BillTracker is built for self-hosters who want a practical bill dashboard without sending personal finance data to an outside service. BillTracker is built for self-hosters who want a practical bill dashboard
without sending personal finance data to a hosted budgeting product.
Good fit: Good fit:
@ -84,20 +65,23 @@ Good fit:
- People who split monthly cash around the 1st and 15th - People who split monthly cash around the 1st and 15th
- Users who want import/export and database backup control - Users who want import/export and database backup control
- Authentik/OIDC users who want optional SSO - Authentik/OIDC users who want optional SSO
- Users who want SimpleFIN bank sync integration - SimpleFIN users who want read-only bank transaction syncing
- People managing subscriptions, debt, and transactions in one place - People managing recurring services, debt, transactions, and monthly bills together
Not a full replacement for: Not a replacement for:
- Double-entry accounting - Double-entry accounting
- Investment tracking - Investment tracking
- Tax software - Tax software
- Direct bank connectivity without SimpleFIN
Note: Bank sync requires a SimpleFIN account. Direct bank connections are not supported. Bank sync requires a SimpleFIN Bridge account. BillTracker consumes SimpleFIN
data; it does not host SimpleFIN server endpoints or connect directly to banks.
## Quick Start With Docker ## Quick Start With Docker
The included Compose file runs the published image on host port `3030` and stores all persistent app data under `/data` inside the container. The included Compose file runs the published image on host port `3030` and
stores persistent app data under `/data` inside the container.
```bash ```bash
docker compose up -d docker compose up -d
@ -125,7 +109,8 @@ environment:
INIT_REGULAR_PASS: changeme123 INIT_REGULAR_PASS: changeme123
``` ```
Passwords must be at least 8 characters. Remove or rotate first-run seed values after initial setup. Passwords must be at least 8 characters. Remove or rotate first-run seed values
after initial setup.
### Persistent Data ### Persistent Data
@ -136,18 +121,36 @@ DB_PATH=/data/db/bills.db
BACKUP_PATH=/data/backups BACKUP_PATH=/data/backups
``` ```
Back up the mounted `/data` directory like you would any other sensitive financial data. Back up the mounted `/data` directory like you would any other sensitive
financial data.
### Background Workers ### HTTPS And Cookies
The app runs a daily worker (`dailyWorker`) for: Run BillTracker behind HTTPS for normal use. If TLS terminates at a reverse
proxy, forward:
- Autopay marking ```text
- Bill due notifications (3 days, 1 day, due today, overdue) X-Forwarded-Proto: https
- Session cleanup ```
- Import history pruning
Worker status and recent activity are visible in the Status page admin panel. Recommended production posture:
```bash
HTTPS=true
COOKIE_SECURE=true
CSRF_SECURE=true
CSRF_SAME_SITE=strict
```
For plain HTTP development only:
```bash
COOKIE_SECURE=false
CSRF_SECURE=false
```
Leave `CORS_ORIGIN` unset for normal same-origin deployments. Set it only if the
frontend and backend are intentionally served from different origins.
## Node Install ## Node Install
@ -157,7 +160,7 @@ Install dependencies:
npm install npm install
``` ```
Run API and Vite UI for development: Run the API and Vite UI for development:
```bash ```bash
npm run dev npm run dev
@ -170,7 +173,8 @@ npm run build
npm start npm start
``` ```
The production server serves `dist/` and listens on `PORT`, defaulting to `3000`. The production server serves `dist/` and listens on `PORT`, defaulting to
`3000`.
Useful scripts: Useful scripts:
@ -179,128 +183,116 @@ npm run dev:api
npm run dev:ui npm run dev:ui
npm run build npm run build
npm run check npm run check
npm test
npm start npm start
``` ```
`npm run check` runs backend CommonJS syntax checks and a Vite production build. `npm run check` runs backend CommonJS syntax checks and a Vite production build.
`npm test` runs the Node test suite in `tests/`.
## Product Map ## Product Map
### Tracker ### Tracker
The Tracker is the main monthly view. It shows active bills for the selected month, grouped into: The Tracker is the main monthly view. It shows active bills for the selected
month, grouped into `1st-14th` and `15th-31st` buckets.
- `1st-14th` You can record payments, quick-pay bills, skip a bill for the month, add monthly
- `15th-31st` notes, override monthly amounts, reorder bills, and move between months. Summary
cards show starting cash or bank-tracked balance, total paid, active-period
balance, overdue amount, previous-month paid, and trend.
You can record payments, quick-pay bills, skip a bill for the month, add monthly notes, override monthly amounts, and navigate between months. The summary cards show starting cash, total paid, active period balance, overdue amount, previous month paid, and trend. Compact tracker mode, available on wide screens, adds side-by-side buckets and
quick subscription/autopay/2FA badges.
**Compact tracker mode** (available at 2xl+ screen width) adds: ### Bills And Categories
- Side-by-side buckets for efficient viewing
- Subscription/AP/2FA badges for quick identification
- "S"/"AP"/"2FA" pill badges on bills
- Customizable column visibility per bill
### Bills
Bills store the recurring source data: Bills store the recurring source data:
- name, expected amount, due day, category - Name, expected amount, due day, category, and active state
- active/inactive state and history visibility (default, all, ranges, none) - Monthly, weekly, biweekly, quarterly, annual, and custom billing schedules
- billing cycle (monthly, weekly, biweekly, quarterly, annual) - Autopay status, subscription metadata, two-factor badges, and display preferences
- autopay status tracking (pending, assumed_paid, confirmed) - Monthly state such as skip flags, notes, and actual amount overrides
- subscription detection - Optional debt fields such as balance, APR, minimum payment, and snowball flags
- cycle type and cycle day configuration - History ranges for inactive or past-only bills
Inactive bills support history ranges for past billing periods. Categories support custom colors, icons, descriptions, ordering, restore, and
bill usage previews.
### Optional Debt Fields ### Bank Sync And Data Tools
- balance, APR, and minimum payment SimpleFIN integration provides read-only bank syncing:
- snowball ordering and exclusion flags
- debt payoff tracking
### Monthly Override State - User-pasted SimpleFIN Bridge setup from the Data page
- Manual "Sync Now" and background auto-sync
- actual_amount per month
- is_skipped flag
- notes per month
### SimpleFIN Bank Sync
SimpleFIN integration provides automated bank syncing:
- Auto-sync with configurable schedule
- Manual "Sync Now" button for immediate synchronization
- 90-day backfill support - 90-day backfill support
- Configuration via Admin panel - Bank account selection for tracker balance projections
- Recommendations subsystem for unmatched bank charges - Merchant rules for matching transactions to bills
- Historical import prompts when a new merchant rule finds prior payments
- Late-attribution prompts or auto-fixes for payments that post just after month end
### Subscription Catalog The Data page also handles:
Track and manage recurring subscriptions: - XLSX and CSV spreadsheet import with preview
- Transaction CSV import and column mapping
- Transaction review, matching, ignoring, and status filters
- User SQLite export/import
- Excel workbook export
- Import history with detailed stats
- Demo data seeding for local trials
- v2 catalog with 100+ services across categories ### Subscriptions
- Recommendations from unmatched bank charges
- Category-based organization
- Automatic subscription detection
### Advisory Filter System Subscriptions are tracked as bill-backed recurring services. The page shows
monthly and yearly impact, paused subscriptions, per-cycle amounts, subscription
categories, and recommendations from recurring bank charges.
Non-bill filtering with machine learning patterns: ### Snowball And Payoff
- 5000+ patterns for classification
- UI for high/medium confidence filtering
- Lazy caching for performance
- Auto-matching from bank sync
### Snowball
The Snowball page focuses on debt payoff planning: The Snowball page focuses on debt payoff planning:
- snowball and avalanche ordering - Dave Ramsey-style snowball mode and avalanche comparison
- minimum-only baseline vs. full extra payment - Extra monthly payment settings
- live payoff projections with APR snapshots - Minimum-only baseline vs. accelerated payoff projections
- amortization schedules - APR snapshots, amortization schedules, and payoff dates
- drag ordering and debt exclusion - Drag ordering, exclusion flags, readiness checks, and saved plans
The Payoff simulator can model a tracked debt or a custom outside debt without
creating a new bill.
### Calendar, Summary, And Analytics ### Calendar, Summary, And Analytics
- Calendar shows due dates, payments, and month progress Calendar shows bill due dates, paid dates, skipped bills, month progress, money
- Summary handles income, starting amounts, and monthly planning markers, cash flow projections, and links back into Tracker or Snowball.
- Analytics provides spending trends, category views, bill history, filters, heatmaps, and print output
### Data Tools Summary handles income, starting amounts, planned expenses, paid status, monthly
planning, reordering, and print-friendly output.
BillTracker includes: Analytics provides spending trends, expected vs. actual views, category
breakdowns, pay-on-time heatmaps, forecasts, filters, and print output.
- XLSX and CSV spreadsheet import with preview ### Admin And Status
- Import by bill (manual entry)
- User SQLite import/export
- Excel workbook export
- Transaction import, matching, and management
- Import history with detailed stats
- Admin database backup, restore, download, cleanup, and retention tools
### Data Page Admin tools include user management, local/OIDC auth settings, SimpleFIN server
enablement, backups, restore, cleanup, notification settings, status checks, and
database migration operations.
The Data page manages transactions: The Status page surfaces application, database, runtime, daily worker,
SimpleFIN, notifications, backups, maintenance, tracker, statistics, server
clock, and recent-error health.
- Import from CSV/XLSX with field mapping ### Background Workers
- Match transactions to bills
- Ignore unmatched transactions
- Transaction status tracking (matched, unmatched, ignored)
### Status Page The daily worker handles:
System status at a glance: - Autopay marking
- Bill due notifications
- Session cleanup
- Import history pruning
- Backup scheduling
- Bank sync scheduling
- Health checks (database, SMTP, workers) Worker status and recent activity are visible from Admin/Status.
- SimpleFIN bank sync status
- Daily worker activity
- Degraded state indicators
- Recent errors list
## Privacy Model ## Privacy Model
@ -308,17 +300,22 @@ BillTracker is intended to run privately in your own environment.
- Bill data stays in your SQLite database. - Bill data stays in your SQLite database.
- The app does not use third-party analytics, advertising, or telemetry. - The app does not use third-party analytics, advertising, or telemetry.
- The public Privacy page explains the apps local-first behavior. - Bank sync is optional and goes through the user's SimpleFIN Bridge account.
- Login device details shown in Profile are visible to that user in the app UI, not exposed through the Admin UI. - Login device details shown in Profile are visible to that user in the app UI.
- Optional update checks are for software update availability, not bill-data collection. - Optional update checks are for software update availability, not bill-data collection.
Admins can manage users, reset passwords, configure authentication, and manage backups, but normal bill data is scoped to the signed-in user. Admins can manage users, reset passwords, configure authentication, and manage
backups, but normal bill data is scoped to the signed-in user.
## Authentication ## Authentication
BillTracker supports local username/password login by default. Admins can create users, reset passwords, promote/demote users, and activate/deactivate accounts. BillTracker supports local username/password login by default. Admins can create
users, reset passwords, promote or demote users, and activate or deactivate
accounts.
Optional Authentik/OIDC login can be enabled from Admin. OIDC uses authorization code flow with PKCE, state and nonce validation, and `openid-client` token validation. Optional Authentik/OIDC login can be enabled from Admin. OIDC uses authorization
code flow with PKCE, state and nonce validation, and `openid-client` token
validation.
Important behavior: Important behavior:
@ -334,9 +331,10 @@ See [Authentik-Integration.md](docs/Authentik-Integration.md) for setup details.
Most settings are configured in the web UI: Most settings are configured in the web UI:
- User settings: Settings/Profile - User settings: Settings and Profile
- Server settings: Admin - Server settings: Admin
- Authentication settings: Admin - Authentication settings: Admin
- Notification settings: Admin and Profile
- Backup and cleanup settings: Admin - Backup and cleanup settings: Admin
Common environment variables: Common environment variables:
@ -350,11 +348,10 @@ INIT_ADMIN_USER=admin
INIT_ADMIN_PASS=change-this-password INIT_ADMIN_PASS=change-this-password
INIT_REGULAR_USER=regularuser INIT_REGULAR_USER=regularuser
INIT_REGULAR_PASS=changeme123 INIT_REGULAR_PASS=changeme123
SESSION_CLEANUP_INTERVAL_MS=86400000
HTTPS=true HTTPS=true
COOKIE_SECURE=true COOKIE_SECURE=true
CORS_ORIGIN=https://bills.example.com CORS_ORIGIN=https://bills.example.com
CSRF_HTTP_ONLY=false CSRF_HTTP_ONLY=true
CSRF_SAME_SITE=strict CSRF_SAME_SITE=strict
CSRF_SECURE=true CSRF_SECURE=true
CSRF_COOKIE_NAME=bt_csrf_token CSRF_COOKIE_NAME=bt_csrf_token
@ -371,7 +368,8 @@ WORKER_SESSION_CLEANUP_ENABLED=true
WORKER_IMPORT_CLEANUP_ENABLED=true WORKER_IMPORT_CLEANUP_ENABLED=true
``` ```
OIDC fallback environment variables are used when matching Admin database settings are blank: OIDC fallback environment variables are used when matching Admin database
settings are blank:
```bash ```bash
OIDC_PROVIDER_NAME=authentik OIDC_PROVIDER_NAME=authentik
@ -387,46 +385,27 @@ OIDC_AUTO_PROVISION=true
Database-backed Admin settings take precedence over environment fallback values. Database-backed Admin settings take precedence over environment fallback values.
## Reverse Proxy And HTTPS Secrets such as OIDC client secrets, SMTP passwords, push tokens, and SimpleFIN
tokens are encrypted at rest. The app generates and stores its encryption key in
Run BillTracker behind HTTPS for normal use. If TLS terminates at a reverse proxy, forward: the database on first use; no separate encryption-key environment variable is
required.
```text
X-Forwarded-Proto: https
```
Recommended production posture:
```bash
HTTPS=true
COOKIE_SECURE=true
CSRF_SECURE=true
CSRF_SAME_SITE=strict
```
For plain HTTP development only, you may need:
```bash
CSRF_SECURE=false
COOKIE_SECURE=false
```
Leave `CORS_ORIGIN` unset for normal same-origin deployments. Set it only if the frontend and backend are intentionally served from different origins.
## Security Notes ## Security Notes
- Auth is required for user data routes. - Auth is required for user data routes.
- Admin routes require an admin session. - Admin routes require an admin session.
- User-owned bill, category, payment, import, export, and settings routes derive ownership from the authenticated session. - User-owned bill, category, payment, import, export, transaction, and settings routes derive ownership from the authenticated session.
- CSRF uses a double-submit cookie pattern. The SPA reads `bt_csrf_token` with `document.cookie` and sends it as `x-csrf-token` on mutating requests. - CSRF uses a double-submit cookie pattern. The SPA fetches `/api/auth/csrf-token`, stores the token in memory, and sends it as `x-csrf-token` on mutating requests.
- Do not set `CSRF_HTTP_ONLY=true` for this SPA unless token delivery changes. - The CSRF cookie defaults to `HttpOnly`; JavaScript does not need to read it through `document.cookie`.
- Session cookies are HTTP-only and SameSite-protected. - Session cookies are HTTP-only and SameSite-protected.
- Password changes rotate the current session and invalidate other sessions. - Password changes rotate the current session and invalidate other sessions.
- Rate limits protect local login, password changes, imports, exports, admin actions, and OIDC routes. - Rate limits protect local login, password changes, imports, exports, admin actions, backup actions, and OIDC routes.
- Security headers include CSP nonces and standard hardening headers. - Security headers include CSP nonces and standard hardening headers.
- Audit logging records security-sensitive events such as login, logout, password changes, role changes, CSRF failures, and migration operations. - Audit logging records security-sensitive events such as login, logout, password changes, role changes, CSRF failures, and migration operations.
Backups and exports can contain sensitive financial data. The app writes SQLite backup files with restrictive permissions, but backup/export encryption is not implemented. Protect downloaded files and mounted volumes yourself. Backups and exports can contain sensitive financial data. The app writes SQLite
backup files with restrictive permissions, but backup/export encryption is not
implemented. Protect downloaded files and mounted volumes yourself.
## Upgrading ## Upgrading
@ -450,7 +429,8 @@ docker compose up -d
If you build locally, rebuild the image and recreate the container. If you build locally, rebuild the image and recreate the container.
The app initializes the schema and runs additive migrations on startup. The Docker entrypoint also runs `scripts/migrate-db.js` before starting unless: The app initializes the schema and runs additive migrations on startup. The
Docker entrypoint also runs `scripts/migrate-db.js` before starting unless:
```bash ```bash
RUN_DB_MIGRATIONS=false RUN_DB_MIGRATIONS=false
@ -460,54 +440,38 @@ RUN_DB_MIGRATIONS=false
```text ```text
bill-tracker/ bill-tracker/
├── client/ # React app, pages, layout, UI components |-- client/ # React app, routes, pages, components, hooks, and API client
│ ├── components/ # Reusable React components | |-- components/ # Shared UI, layout, admin, data, tracker, and snowball components
│ │ ├── layout/ # Layout components (Sidebar, etc.) | |-- contexts/ # React contexts
│ │ └── ui/ # UI components (buttons, inputs, etc.) | |-- hooks/ # Custom React hooks
│ ├── pages/ # Page components (one per route) | |-- lib/ # Client utilities
│ │ ├── TrackerPage.jsx | `-- pages/ # Route pages
│ │ ├── BillsPage.jsx |-- db/ # SQLite schema, migrations, and database helpers
│ │ ├── CategoriesPage.jsx |-- docs/ # Technical references and README screenshots
│ │ ├── CalendarPage.jsx |-- legacy/ # Legacy static UI retained for reference
│ │ ├── SummaryPage.jsx |-- middleware/ # Auth, CSRF, rate limit, security, and error middleware
│ │ ├── AnalyticsPage.jsx |-- routes/ # Express API route handlers
│ │ ├── ProfilePage.jsx |-- scripts/ # Utility, migration, deployment, and smoke-test scripts
│ │ ├── SettingsPage.jsx |-- services/ # Business logic for bills, sync, auth, imports, status, workers, etc.
│ │ ├── DataPage.jsx |-- workers/ # Background workers
│ │ ├── AdminPage.jsx |-- dist/ # Generated production build
│ │ ├── LoginPage.jsx |-- Dockerfile
│ │ └── AboutPage.jsx |-- docker-compose.yml
│ ├── hooks/ # Custom React hooks (useAuth, etc.) |-- docker-entrypoint.sh
│ ├── api.js # API client functions |-- server.js
│ ├── App.jsx # React Router configuration `-- vite.config.mjs
│ ├── main.jsx # React entry point
│ └── index.html # HTML template
├── server.js # Express backend entry
├── routes/ # API route handlers
- services/ # Business logic layer: auth, OIDC, backups, imports, cleanup, status, audit, workers, transactions, matches, data sources, snowball, analytics, notification, export, and transaction import logic
├── middleware/ # Express middleware
├── db/ # Database schemas/migrations
├── workers/ # Background job workers
├── scripts/ # Utility scripts
├── docs/ # Technical references and integration guides
├── dist/ # Build output (generated)
├── public/ # Static assets
├── Dockerfile # Container config
└── docker-compose.yml
``` ```
## Documentation ## Documentation
- [HISTORY.md](HISTORY.md): release history - [HISTORY.md](HISTORY.md): release history
- [CSRF-SPA-Setup.md](docs/CSRF-SPA-Setup.md): CSRF behavior for the SPA - [Authentik-Integration.md](docs/Authentik-Integration.md): Authentik/OIDC setup
- [Authentik-Integration.md](docs/Authentik-Integration.md): authentik/OIDC setup - [SIMPLEFIN_CONSUMER_GUARDRAILS.md](docs/SIMPLEFIN_CONSUMER_GUARDRAILS.md): SimpleFIN consumer boundaries
- [SimpleFIN-Integration.md](docs/SimpleFIN-Integration.md): SimpleFIN bank sync setup
- [Engineering_Reference_Manual.md](docs/Engineering_Reference_Manual.md): deeper implementation reference
## Known Limitations ## Known Limitations
- Admin backups and user exports are not encrypted by the app. Protect downloaded files and mounted volumes yourself. - Admin backups and user exports are not encrypted by the app.
- Bank sync via SimpleFIN is implemented, but direct bank connections are not supported (requires SimpleFIN account). - Bank sync requires SimpleFIN; direct bank connections are not supported.
- OIDC single logout is not implemented; users must log out from each device separately. - OIDC single logout is not implemented; users must log out from each device separately.
- Rate limiting is in-memory, so counters reset on restart and are not shared across multiple app instances. - Rate limiting is in-memory, so counters reset on restart and are not shared across multiple app instances.
- Multiple OIDC providers are not currently supported. - Multiple OIDC providers are not currently supported.
@ -515,4 +479,5 @@ bill-tracker/
## License ## License
License: Not specified. `package.json` declares the project license as ISC. No separate `LICENSE` file is
included in this repository.

Binary file not shown.

Before

Width:  |  Height:  |  Size: 256 KiB

After

Width:  |  Height:  |  Size: 190 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 202 KiB

After

Width:  |  Height:  |  Size: 232 KiB

BIN
docs/images/Data.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 180 KiB

BIN
docs/images/Snowball.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 308 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 237 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 64 KiB

After

Width:  |  Height:  |  Size: 42 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 167 KiB

After

Width:  |  Height:  |  Size: 238 KiB