null
979886cb6a
style: CalendarPage readability pass + DataPage fix
...
CalendarPage.jsx:
- Tightened day numbers, due-count badges, bill labels inside cells
- Crisper color contrast for paid/due/missed states
- Cleaner grid surfaces and borders for row/day tracking
- Switched font-mono values to tracker-number style
SeedDemoDataSection.jsx:
- Fixed render logic for data page
2026-05-28 21:40:27 -05:00
null
42abb12497
feat: SimpleFin bank sync with encrypted token storage
...
New services:
services/encryptionService.js — AES-256-GCM with SHA-256 derived key
services/simplefinService.js — protocol layer: claim token, fetch accounts/transactions, normalize to DB shapes
services/bankSyncService.js — orchestration: connect, sync, disconnect with encrypted access URL storage
Modified:
routes/dataSources.js — status, connect, sync, disconnect endpoints (gate on BANK_SYNC_ENABLED=true)
client/api.js — simplefinStatus, connectSimplefin, syncDataSource, deleteDataSource, dataSources
client/pages/SettingsPage.jsx — BankSyncSection with connected account info, sync/disconnect actions, setup token input
.env.example — BANK_SYNC_ENABLED, TOKEN_ENCRYPTION_KEY, SIMPLEFIN_APP_NAME
2026-05-28 21:30:20 -05:00
null
994b5c1e17
feat: spending forecast with linear regression chart
...
Analytics page additions:
- linearForecast(rows, horizonMonths) — OLS regression producing projected,
low, and high (±1σ residual) for each future month
- ForecastChart — SVG line chart: solid historical line + area fill, dashed
projected line, translucent confidence band, divider line at forecast start,
legend for Historical and Projected ± 1σ
- Forecast added to CHART_OPTIONS (on by default)
- Forecast dropdown: 3/6/12 month horizon (default 6)
- Controls grid expanded to 7 columns
- Forecast card spans full width below heatmap
- Projection table: Month / Projected / Low / High columns
- Reset filters resets forecast to 6 months
2026-05-28 21:11:29 -05:00
null
71dfbe36cc
refactor: component splits, PWA support, CommandPalette
...
Component Splits:
- AdminPage.jsx: 1,906 -> 82 lines (logic moved to client/components/admin/ — 9 files)
- DataPage.jsx: 3,132 -> 60 lines (logic moved to client/components/data/ — 8 files)
- TrackerPage.jsx: 2,566 -> 2,132 lines (MonthlyStateDialog, StartingAmountsEditDialog, PaymentModal)
PWA:
- vite-plugin-pwa installed with NetworkFirst caching for API routes
- Square PWA icons (192x192, 512x512, apple-touch-icon)
- theme-color, apple meta tags, touch icon in index.html
- Build generates dist/sw.js + Workbox runtime
CommandPalette:
- Navigation commands, Add bill action, month jumps
- Grouped results with empty/filtered states
2026-05-28 20:53:22 -05:00
null
92cc667947
chore: bump version to v0.28.4.4
2026-05-28 20:14:00 -05:00
null
33e5c187a3
dark theme
2026-05-28 19:58:01 -05:00
null
d99ea8057e
dark theme
2026-05-28 19:40:55 -05:00
null
1f3a254c7c
brighten dark mode
2026-05-28 19:30:46 -05:00
null
0fd82568cc
georgia font
2026-05-28 04:20:15 -05:00
null
8f7d0aeaff
styling
2026-05-28 04:06:37 -05:00
null
8efb7c934d
fix suggested
2026-05-28 02:53:59 -05:00
null
8122d07069
inline editing
2026-05-28 02:53:35 -05:00
null
1426ee3bb5
error handling
2026-05-28 02:34:24 -05:00
null
e8218a3dd8
bill tracker futurue
2026-05-28 02:09:49 -05:00
null
fa60ea8fbd
fix paid coloum
2026-05-28 01:38:18 -05:00
null
a811589db4
theme correctness
2026-05-28 01:30:40 -05:00
null
82de135186
push
2026-05-18 09:44:16 -05:00
null
060c8dc2f4
chore: version bump to 0.28.01 and update HISTORY format
2026-05-16 21:36:04 -05:00
null
9d933f70cc
v0.28.01
2026-05-16 20:26:09 -05:00
null
b124e48ebc
v0.28.0
2026-05-16 15:38:28 -05:00
null
8913436575
v0.28.0
2026-05-16 11:56:38 -05:00
null
53670b3745
v0.28.0
2026-05-16 11:42:32 -05:00
null
88c1374d97
v028.0
2026-05-16 10:56:56 -05:00
null
59d9d21d4c
v0.28.0
2026-05-16 10:34:32 -05:00
null
9174ec3290
v0.28.
2026-05-16 10:17:24 -05:00
null
0ba315bd32
v0.28.0
2026-05-15 22:45:38 -05:00
null
74603ff2d5
v0.27.04
2026-05-15 04:22:33 -05:00
null
153ed7ab79
v0.27.04
2026-05-15 02:26:10 -05:00
null
48dcb480ba
v0.27.04
2026-05-15 01:49:55 -05:00
null
263f1c5e6e
v0.27.04
2026-05-15 01:36:56 -05:00
null
576163e85b
apr/snowball 0.27.04
2026-05-15 00:03:32 -05:00
null
d720931894
v0.27.02 push
2026-05-14 21:00:07 -05:00
null
eea5641126
snowball visuals
2026-05-14 19:33:23 -05:00
null
7aff0d0283
snowball ui fiix
2026-05-14 03:23:52 -05:00
null
ce22139bb3
chore: bump version to 0.27.01
2026-05-14 03:01:47 -05:00
null
440f872d97
snowball bug fixes
2026-05-14 03:00:01 -05:00
null
7d2d0bf45e
0.28.0 snowball release
2026-05-14 02:11:54 -05:00
null
48fe87ea25
corrections
2026-05-14 01:17:05 -05:00
null
34b0f75918
v0.26.1: fix dual-column XLSX parser bugs
...
- Rewrite detectAllHeaderSets() with repeat-field detection instead of gap-based splitting
- Require ≥2 header fields per group (filters out false matches like 'Left Over | Paid')
- Fix column leakage: right-side bills no longer pick up left-side amounts
- Add header_set_index to analyzeRow return object for frontend use
- Add isLikelySummaryRow() filter (Paycheck, Left Over, Enter how much, etc.)
- Expand isLikelyTotalRow() to catch 'Auto Total ------>' patterns
- Filter leftover calc rows (null name + negative amount, dash separators)
- Remove 'paid' from HEADER_PATTERNS.amount (was false-matching 'Paid' cells)
- Skip empty string cells in detectAllHeaderSets
2026-05-11 23:17:19 -05:00
null
831f617893
v0.26.0: dual-column XLSX import parser
...
- detectAllHeaderSets() finds multiple header groups per row (left 1st / right 15th)
- isBlankRowForHeaderSet() checks blanks per column range for dual layouts
- parseSheetRows() scans rows 0-4 for header row, processes each set independently
- analyzeRow() computes due_day from date/label/pattern with fallback to defaultDueDay
- Cell type validation allows 's' (shared formula) type
- Non-numeric amounts (auto, double pay, past due) become detected labels
- Day patterns (1st, 15th, 24th) parsed as due_day values
- Security: bounds validation in isBlankRowForHeaderSet, anchored regex, label sanitization
2026-05-11 22:13:37 -05:00
null
2ce5328fd2
v0.25.0: roadmap redesign, import CSRF fix, AdminDashboard removed
...
- RoadmapPage: kanban-style priority lanes, shadcn Collapsible/Tabs,
lazy-loaded activity log, admin-only /api/about/roadmap + /dev-log endpoints
- Import CSRF fix: added x-csrf-token header to importAdminBackup,
previewSpreadsheetImport, previewUserDbImport raw fetch() calls
- Removed AdminDashboard.jsx, replaced by RoadmapPage
- Added @radix-ui/react-collapsible + collapsible shadcn component
- Security audit by Private_Hudson: PASS (CSRF fix verified,
admin endpoints gated, path traversal mitigated, XSS safe)
2026-05-11 21:42:36 -05:00
null
98ede20cd3
fix: prevent duplicate payment prompts
2026-05-11 16:04:21 -05:00
null
22f9a570aa
v0.24.5: starting amounts fix, pay badge alignment, demo data persistence
2026-05-11 15:25:04 -05:00
null
b29d3a0b02
fix: starting amounts paid_from_other calculation + pay badge alignment on tracker
2026-05-11 15:00:35 -05:00
null
890427c75a
v0.24.3: Session fixes, activity log corrections, UI polish
2026-05-11 13:39:48 -05:00
null
c1ac14efe3
v0.24.4: analytics mobile layout + previous month payment toggle
2026-05-11 11:56:49 -05:00
null
86148a101f
feat: remove confirmation popup from status badge toggle (v0.24.3)
...
Clicking status badges (Late, Due Soon, Upcoming, Missed) now instantly
toggles paid/unpaid. Removed AlertDialog from TrackerPage.jsx — no more
confirmation dialog blocking the action.
2026-05-10 17:56:23 -05:00
null
6d42453e07
fix: status badge toggle-paid using wrong property name (v0.24.2)
...
handleTogglePaid() was using row.bill_id instead of row.id, causing
the API call to fail with an undefined bill ID. Clicking status badges
(Late, Due Soon, Upcoming, Missed) now correctly toggles paid/unpaid.
2026-05-10 17:28:26 -05:00
null
ba888c1c6f
feat: export privacy warning + updated included fields list (v0.24.1)
...
- Added amber warning banner on Download My Data section about sensitive metadata
- Updated 'What's included' list to show monthly starting amounts and history ranges
- Marked LOW export sensitive fields item as FIXED in FUTURE.md
2026-05-10 15:29:35 -05:00
null
80b3bcc17b
fix: HIGH+MEDIUM batch — 10 fixes (v0.24.0)
...
HIGH:
- Admin toggle-paid: removed cross-user admin branch, now requires ownership
- Analytics crash: imported missing standardizeError
- Export data loss: added cycle_type, cycle_day, bill_history_ranges to exports
- Single-user lockout: removed unnecessary sessions join from getSingleModeUser
MEDIUM:
- Password rate limiter: scoped to change-password only, not all profile routes
- Profile session invalidation: fixed req.sessionId → req.cookies[COOKIE_NAME]
- CSRF default: httpOnly now defaults to false (matches SPA double-submit pattern)
- CSRF password routes: removed csrfSkip for password change endpoints
- Notification due-day: calendar day comparison instead of timestamp floor
- Upcoming bills: clamped days to 1-365, default 30 for invalid input
FUTURE.md: marked all 10 items as FIXED, bumped version refs
HISTORY.md: added v0.24.0 entry
2026-05-10 15:25:47 -05:00