null
262d7789db
feat: account monitoring, expanded sync UI, match filtering, error toasts
...
Backend:
- v0.64 migration: monitored column on financial_accounts
- GET/PUT data-sources accounts endpoints for monitored toggle + tx listing
- matchSuggestionService: excludes unmonitored accounts from match scoring
Frontend:
- BankSyncSection rebuild: accounts panel with monitored switch, expand for
last 50 transactions, match status badges, optimistic toggle
- TransactionMatchingSection: toast on bills load failure
- DataPage: toast on import history load failure
- ProfilePage: toast on both login history fetch failures
2026-05-29 01:06:20 -05:00
null
7a58d69c70
feat: hybrid subscription tracker
...
Added subscription metadata to bills: is_subscription, type, reminder_days, source, detected_at
Backend subscription API (routes/subscriptions.js)
SimpleFIN recommendation logic (services/subscriptionService.js)
New /subscriptions page (client/pages/SubscriptionsPage.jsx)
Track-as-subscription controls in BillModal.jsx
Navigation under Tracker menu
Accepting a recommendation creates a subscription-backed bill + links detected transactions
2026-05-28 22:54:07 -05:00
null
88a4b64924
feat: DB-first bank sync config, admin toggle, extracted BankSyncSection
...
New:
services/bankSyncConfigService.js — bank_sync_enabled from settings table, env fallback
client/components/admin/BankSyncAdminCard.jsx — single toggle + encryption key status
client/components/data/BankSyncSection.jsx — full connection management extracted from SettingsPage
Modified:
routes/dataSources.js — per-request getBankSyncConfig() instead of module-level env check
routes/admin.js — GET/PUT /api/admin/bank-sync-config
AdminPage.jsx — renders BankSyncAdminCard after EmailNotifCard
SettingsPage.jsx — BankSyncSection removed, 580->352 lines
DataPage.jsx — BankSyncSection first, passes simplefinConn to TransactionMatchingSection
TransactionMatchingSection.jsx — compact sync bar with green dot + Sync Now
Layout.jsx — SimplefinBadge shows muted dot when enabled
client/api.js — bankSyncConfig API calls
2026-05-28 22:06:15 -05:00
null
42abb12497
feat: SimpleFin bank sync with encrypted token storage
...
New services:
services/encryptionService.js — AES-256-GCM with SHA-256 derived key
services/simplefinService.js — protocol layer: claim token, fetch accounts/transactions, normalize to DB shapes
services/bankSyncService.js — orchestration: connect, sync, disconnect with encrypted access URL storage
Modified:
routes/dataSources.js — status, connect, sync, disconnect endpoints (gate on BANK_SYNC_ENABLED=true)
client/api.js — simplefinStatus, connectSimplefin, syncDataSource, deleteDataSource, dataSources
client/pages/SettingsPage.jsx — BankSyncSection with connected account info, sync/disconnect actions, setup token input
.env.example — BANK_SYNC_ENABLED, TOKEN_ENCRYPTION_KEY, SIMPLEFIN_APP_NAME
2026-05-28 21:30:20 -05:00
null
060c8dc2f4
chore: version bump to 0.28.01 and update HISTORY format
2026-05-16 21:36:04 -05:00
null
9d933f70cc
v0.28.01
2026-05-16 20:26:09 -05:00
null
b124e48ebc
v0.28.0
2026-05-16 15:38:28 -05:00
null
88c1374d97
v028.0
2026-05-16 10:56:56 -05:00
null
59d9d21d4c
v0.28.0
2026-05-16 10:34:32 -05:00
null
0ba315bd32
v0.28.0
2026-05-15 22:45:38 -05:00
null
263f1c5e6e
v0.27.04
2026-05-15 01:36:56 -05:00
null
576163e85b
apr/snowball 0.27.04
2026-05-15 00:03:32 -05:00
null
d720931894
v0.27.02 push
2026-05-14 21:00:07 -05:00
null
eea5641126
snowball visuals
2026-05-14 19:33:23 -05:00
null
440f872d97
snowball bug fixes
2026-05-14 03:00:01 -05:00
null
7d2d0bf45e
0.28.0 snowball release
2026-05-14 02:11:54 -05:00
null
2ce5328fd2
v0.25.0: roadmap redesign, import CSRF fix, AdminDashboard removed
...
- RoadmapPage: kanban-style priority lanes, shadcn Collapsible/Tabs,
lazy-loaded activity log, admin-only /api/about/roadmap + /dev-log endpoints
- Import CSRF fix: added x-csrf-token header to importAdminBackup,
previewSpreadsheetImport, previewUserDbImport raw fetch() calls
- Removed AdminDashboard.jsx, replaced by RoadmapPage
- Added @radix-ui/react-collapsible + collapsible shadcn component
- Security audit by Private_Hudson: PASS (CSRF fix verified,
admin endpoints gated, path traversal mitigated, XSS safe)
2026-05-11 21:42:36 -05:00
null
b29d3a0b02
fix: starting amounts paid_from_other calculation + pay badge alignment on tracker
2026-05-11 15:00:35 -05:00
null
6c7d481494
feat: add admin about page with security hardening
...
- Add /api/about-admin endpoint (admin-only, path traversal protection, content redaction, error sanitization)
- Add /admin/about route with RequireAuth admin guard
- Add adminActionLimiter rate limiting on about-admin endpoint
- Add rehype-sanitize XSS prevention in AboutPage.jsx
- Add aboutAdmin API client endpoint
- Create HISTORY.md with version bump convention (patch/minor/major)
- Update Engineering Reference Manual with about-admin docs and security measures
- Add INIT_REGULAR_USER/INIT_REGULAR_PASS env vars to docs
- Update FUTURE.md with critical regular user env var item
2026-05-09 16:25:12 -05:00
kaspa
4d1709aea3
push
2026-05-09 13:03:36 -05:00
_null
3228332e8c
push
2026-05-04 23:34:24 -05:00
_null
d1efeece04
push
2026-05-04 20:12:57 -05:00
_null
b019487423
init
2026-05-04 16:38:03 -05:00
_null
969139251d
calendar
2026-05-04 13:14:32 -05:00
_null
b9d1366d46
initial commit
2026-05-03 19:51:57 -05:00