* feat(exports): preserve transfer decisions
* fix(api): apply transfer date filters to both sides
* fix(api): refine transfer decision handling
* fix(api): align transfer decision schemas
* fix(api): use current context for transfer filters
* fix(api): include either side in transfer date filters
* fix(api): deduplicate transfer decision filters
* fix(api): guard transfer decision exports
* feat(api): allow creating categories via API
Adds POST /api/v1/categories so external integrations (e.g. bulk
classification scripts that import already-categorized data from
another system) can create categories without going through the web UI.
Mirrors the existing tags create endpoint: requires the read_write
scope, accepts name/color/icon/parent_id, auto-suggests an icon when
omitted, and rejects parent_ids from other families.
Also adds Minitest behavioural coverage, an rswag docs spec, a
CategoryCreateRequest schema, and regenerates docs/api/openapi.yaml.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* fix(api): address review feedback on POST /api/v1/categories
- Re-raise ActionController::ParameterMissing in #create so the
BaseController rescue_from handles it as a 400 instead of the
generic 500 from the broad rescue inside the action.
- Add a 403 'insufficient scope' response block to the rswag POST
example so the generated OpenAPI documents read-only key rejection.
- Switch the new create-action Minitest cases to API key auth via
X-Api-Key + api_headers (using the existing api_keys fixtures),
matching the project's API endpoint consistency rule.
- Add Minitest coverage for two more 4xx paths: rejecting third-level
nesting (parent_id pointing at a depth-2 subcategory) and rejecting
requests without the category payload (400).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* refactor(test): migrate categories API index/show tests to X-Api-Key
The pre-existing index and show tests in this file authenticated via
Doorkeeper bearer tokens. Per the project's API endpoint consistency
rule (CLAUDE.md, .cursor/rules/api-endpoint-consistency.mdc) Minitest
controller tests under test/controllers/api/v1/ must use ApiKey +
X-Api-Key auth. Drops the Doorkeeper application/access-token setup
and routes every request through the existing api_keys fixtures and
the api_headers helper, matching the create-action tests already in
this file (and the pattern used in sync/users/family_settings tests).
No behavioural change.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* fix(api): address second-round review on POST /api/v1/categories
- Add a 400 response block to the POST rswag example so the generated
OpenAPI documents the missing-category-payload contract that
BaseController#handle_bad_request already returns. Regenerate
docs/api/openapi.yaml.
- Replace fixture-backed read_write_api_key / read_only_api_key
helpers with explicit ApiKey.create! calls (matching the pattern in
sync_controller_test, users_controller_test, and
family_settings_controller_test). Setup now destroys active keys for
the test user so the one-active-key-per-source validation does not
collide with fixtures.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* test(api): tighten 422 create-category cases
- Pass color and icon explicitly in the duplicate-name and
third-level-nesting tests so each case is self-documenting about
which validation it isolates (the model's color presence check is
satisfied by the column default today, but reviewers — human and
bot — flagged the implicit reliance).
- Assert the JSON error envelope (error key + present message) on every
422 path so the response shape stays consistent and a regression in
the rendered error body is caught uniformly.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* fix(api): tighten POST /api/v1/categories per review
- Drop the no-op `rescue ActionController::ParameterMissing; raise` and
the broad `rescue => e` from the create action. The BaseController
already has rescue_from ActionController::ParameterMissing → 400, and
unexpected exceptions are best left to Rails' default 500 handling
(which logs identically). Keeps the action focused on its happy path
and the two real error branches.
- Stop accepting `lucide_icon` as a request key. The OpenAPI schema
documents only `icon`; the dual permit was undocumented and pointless.
`icon` is now the single canonical request key, mapped to
`lucide_icon` on the model in category_params.
- Migrate the Minitest helpers to the project's documented API key
pattern: ApiKey.generate_secure_key + api_key.plain_key in the
X-Api-Key header (matching the rswag spec in this PR and the rule in
.cursor/rules/api-endpoint-consistency.mdc), instead of hand-built
display_key strings.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* Botched conflict merge
---------
Signed-off-by: Juan José Mata <juanjo.mata@gmail.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>
Co-authored-by: Juan José Mata <jjmata@jjmata.com>
* feat(investments): add India investment subtypes and exchange support
* fix(yahoo-finance): scope Indian exchange de-duplication per company instead of globally
Resolves feedback from Codex and CodeRabbit on #1413.
prefer_indian_exchange previously collapsed all Indian securities into a
single entry, silently dropping unrelated tickers. Now groups Indian
listings by name and only de-duplicates within each group, so distinct
companies (e.g. Reliance and Infosys) are preserved while NSE/BSE
dual-listings still prefer NSE.
- Derive India subtype keys dynamically from Investment::SUBTYPES in tests
- Fix missing keyword arguments in Security.new test calls
* refactor(yahoo-finance): generalize exchange config and dual-listing de-duplication
Replaces hardcoded Indian exchange logic with a declarative EXCHANGE_CONFIG
hash that maps ISO MIC codes to Yahoo-specific settings (symbol suffix,
default currency, dual-listing group, and preference rank). This makes
adding new markets a one-line hash entry instead of scattered conditionals.
* fix(yahoo-finance): normalize security names for dual-listing de-duplication
* fix(yahoo-finance): skip dual-listing de-duplication when filtering by exchange
* fix: address PR review feedback for India market support
- fix cache key mismatch in fetch_security_price by normalizing symbol before building cache key
- remove dead YAHOO_EXCHANGE_CURRENCY constant
- tighten normalize_symbol guard to use end_with?(suffix) instead of include?('.')
- remove misleading '# India' comment from Property::SUBTYPES
- remove 'rented' property subtype in favor of 'investment_property'
- rename 'demat' to 'indian_stocks' for clarity
- add INR to CURRENCY_REGION_MAP so India appears first for INR users
- add dotted-symbol regression test for normalize_symbol
* fix(investments): rename 'demat' subtype to 'indian_stocks' and remove trailing comma
* feat(api): expose rule run history
* fix(api): address rule run review
* fix(api): complete rule run review
* test(api): cover unauthenticated rule run show
* test(api): align rule run api key helper
* Small Sonnet nit-pick
---------
Co-authored-by: Juan José Mata <jjmata@jjmata.com>
* feat(api): expose family settings
* test(api): assert family settings moniker
* test(api): align family settings api key helper
* fix(api): tighten family settings schema
* fix(chat): persist eager pending assistant message to fix subscribe race
When the LLM replies in ~1-2s the assistant message broadcast could
fire before the client's Turbo stream subscription was established,
leaving the UI stuck on the thinking indicator while the response was
already persisted.
Create the AssistantMessage as `pending` synchronously in
`Chat#ask_assistant_later`, so it is rendered server-side on the chat
show page with a "Thinking ..." inline placeholder. The worker then
finds and updates the existing row via `append_text!`, which flips the
status to `complete` and broadcasts updates against a DOM id that is
already in the page — no race possible. On error, the placeholder is
destroyed if no content streamed, otherwise demoted to `failed`.
Replaces the standalone thinking indicator partial and the
`Assistant::Broadcastable` thinking helpers, both now redundant.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* fix(chat): bind each assistant job to its specific pending placeholder
Addressing review feedback on #1658:
1. The pending placeholder lookup based on `last pending` was racy —
back-to-back user messages would let one job fill another job's
placeholder. Pass the placeholder through the job arguments
(`AssistantResponseJob.perform_later(user_message, pending)`) so
each turn is bound to its own row.
2. In `Assistant::External#respond_to`, the configured/authorized
guards raise before the local was bound, leaving rescue cleanup
with `nil` and the placeholder visible forever. Bind the parameter
first so cleanup can destroy it on the misconfigured path.
The kwarg defaults to nil so the API#retry path
(`AssistantResponseJob.perform_later(new_message)`) and the model-level
test calls continue to work — they fall back to an in-memory new
message, restoring the original test count assertions.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* fix(chat): i18n the pending assistant placeholder string
Move the hardcoded "Thinking ..." indicator into the locale file per
CLAUDE.md i18n guidelines. With i18n.fallbacks enabled, non-en locales
fall back to English until translated.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* Add thinking label translations
* Fix chat pending assistant expectations
* Fix external assistant pending test lookup
* Scope chat stream targets per chat
* Update message broadcast target tests
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* feat(api): expose rule export endpoints
* fix(api): tighten rule export contracts
* fix(api): document balance sheet auth errors
* test(api): align rule API key fixtures
* Update docs/api/openapi.yaml
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Signed-off-by: Juan José Mata <jjmata@jjmata.com>
* Quick win
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Signed-off-by: Juan José Mata <jjmata@jjmata.com>
---------
Signed-off-by: Juan José Mata <juanjo.mata@gmail.com>
Signed-off-by: Juan José Mata <jjmata@jjmata.com>
Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>
Co-authored-by: Juan José Mata <jjmata@jjmata.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* feat(api): expose valuation history index
* fix(api): hide valuation exception details
* fix(api): reuse eager-loaded valuation entries
* fix(api): tighten valuation index contracts
* fix(api): scope valuation filter errors
* docs(api): nest valuation account filter format
* Fix merge conflict mistakes
---------
Signed-off-by: Juan José Mata <juanjo.mata@gmail.com>
Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>
Co-authored-by: Juan José Mata <jjmata@jjmata.com>
* Added ability to bulk-edit transaction names for multiple selected transactions.
* Added ability to bulk-edit transaction names for multiple selected transactions.
* Added ability to bulk-edit transaction names for multiple selected transactions.
* Lint, minimize changes
---------
Co-authored-by: Juan José Mata <jjmata@jjmata.com>
* Improve chat LLM error messages
* Fix chat visibility regression in tests
* Harden chat error handling for review feedback
* Fix rubocop private method indentation
* Fix nil presentable_error_message, i18n strings, bare rescue
- Guard `presentable_error_message` with `return nil if error.blank?` so
chats with no error return nil instead of the fallback string; this
prevents the API serialisers from emitting a spurious error message and
stops the mobile polling guard from firing on every successful chat
- Move all hardcoded user-facing error strings into
config/locales/models/chat/en.yml and reference them via I18n.t()
- Replace bare `rescue` in `error_message_for` with `rescue StandardError`
to avoid swallowing system-level exceptions
- Update tests to reference I18n keys instead of raw strings, and add
tests for the nil-error case and the unrecognized-error fallback
https://claude.ai/code/session_01YFMjEds5WVyKPL42xBqMCX
---------
Co-authored-by: SureBot <sure-bot@we-promise.com>
Co-authored-by: Claude <noreply@anthropic.com>
* Extract version to .sure-version file and add Sentry release tracking
Move the hardcoded version string to a `.sure-version` file at the repo
root so it can be read by both the Rails version initializer and other
tooling. Configure `config.release` in the Sentry initializer to tag
errors with the app version.
https://claude.ai/code/session_01KfUgF42B3exoU2vpErqJyW
* Use .sure-version as single source of truth in Helm CI workflows
Update chart-ci, chart-release, and publish workflows to read the app
version from .sure-version instead of regex-parsing version.rb. The
pre-release bump job now writes directly to .sure-version and stages it
for commit.
https://claude.ai/code/session_01KfUgF42B3exoU2vpErqJyW
* Guard empty .sure-version fallback
* fix: sync Helm chart version with .sure-version
* Moving on to `v0.7.1-alpha.*` with this
* Defensive rescue
* Getting fancy with versions now
---------
Signed-off-by: Juan José Mata <juanjo.mata@gmail.com>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: SureBot <sure-bot@we-promise.com>
Co-authored-by: sure-admin <sure-admin@splashblot.com>
* fix(localization): update API usage instructions to include product name placeholder
* Fix: Update show and created views to use dynamic usage_instructions per CodeRabbit
* fix: update usage instructions translation key for API key usage
* Add Sophtron Provider
* fix syncer test issue
* fix schema wrong merge
* sync #588
* sync code for #588
* fixed a view issue
* modified by comment
* modified
* modifed
* modified
* modified
* fixed a schema issue
* use global subtypes
* add some locales
* fix a safe_return_to_path
* fix exposing raw exception messages issue
* fix a merged issue
* update schema.rb
* fix a schema issue
* fix some issue
* Update bank sync controller to reflect beta status
Signed-off-by: Juan José Mata <jjmata@jjmata.com>
* Rename settings section title to 'Sophtron (alpha)'
Signed-off-by: Juan José Mata <jjmata@jjmata.com>
* Consistency in alpha/beta for Sophtron
* Good PR suggestions from CodeRabbit
---------
Signed-off-by: soky srm <sokysrm@gmail.com>
Signed-off-by: Sophtron Rocky <rocky@sophtron.com>
Signed-off-by: Juan José Mata <juanjo.mata@gmail.com>
Signed-off-by: Juan José Mata <jjmata@jjmata.com>
Co-authored-by: soky srm <sokysrm@gmail.com>
Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>
Co-authored-by: Juan José Mata <jjmata@jjmata.com>
* i18n(fr): complete provider_sync_summary translations
Add 13 missing French translations under provider_sync_summary in
config/locales/views/components/fr.yml to bring it to parity with en.yml.
Covers: transactions.fetching/protected/view_protected, full skip_reasons
section, full trades section (investment activities), and
health.view_error_details.
* chore(i18n): fix i18n-tasks scanner config
Add app/components to i18n-tasks relative_roots so component .erb files
using t(".relative_key") are correctly resolved by the scanner. Without
this, the scanner crashed on any component using relative i18n keys.
* i18n(fr): complete high-impact view translations
Bring full FR parity to the 5 most-visited user-facing screens:
- accounts (+25 keys)
- transactions (+168)
- holdings (+53)
- settings (+81)
- reports (+20)
Vocabulary aligned with docs/i18n/fr-glossary.md (Holding → Avoir,
Trade → Transaction boursière, Brokerage → Courtier, Posted → Validée,
Merchant → Commerçant, Net worth → Patrimoine net, etc.).
* i18n(fr): complete remaining incomplete view translations
Bring full FR parity to 23 partially-translated view locale files:
Mid-size (8-68 keys each): investments, pages, merchants, imports,
coinstats_items, sessions, cryptos, rules, transfers, trades,
invitations, entries, onboardings, simplefin_items.
Small (1-4 keys each): plaid_items, recurring_transactions, users,
password_resets, other_assets, loans, shared, registrations,
oidc_accounts.
Total: ~430 new FR keys. Existing FR translations preserved where
already in place; only missing keys were added.
Note: shared/fr.yml retains a `breadcrumbs:` block not present in EN
(used by FR breadcrumb controllers — removing would regress).
* i18n(fr): complete nested admin & settings translations
Cover the nested view subdirectories missed by the top-level scan:
- defaults/fr.yml (+3 custom keys: global.expand,
helpers.select.default_label, helpers.select.search_placeholder)
- admin/sso_providers (+2 keys: role_guest, guest_groups)
- admin/users (+25 keys: section title, family/role/trial filters,
table columns, summary, role descriptions, invitations)
- settings/api_keys (+1 key + structural fix: no_api_key and
current_api_key were nested incorrectly, now match en.yml)
- settings/hostings (+93 keys: assistant_settings, provider_selection,
tiingo/eodhd/alpha_vantage/openai blocks, twelve_data plan upgrade)
* i18n(fr): add fr.yml for 11 previously untranslated views
Create French locale files for all view directories that had no fr.yml:
Core features (6 files, 112 keys):
- account_sharings, budgets, splits, pdf_import_mailer (view scope),
pending_duplicate_merges, securities
Provider integrations (5 files, 575 keys):
- binance_items (Binance crypto exchange)
- coinbase_items (Coinbase crypto exchange)
- indexa_capital_items (Indexa Capital robo-advisor)
- mercury_items (Mercury business banking)
- snaptrade_items (SnapTrade broker aggregator)
Provider names kept in English. Domain vocabulary follows
docs/i18n/fr-glossary.md (Reconnect → Reconnecter, Refresh →
Actualiser, Wallet → Portefeuille, Cost basis → Coût d'acquisition,
Canadian retirement accounts mapped to official FR-CA acronyms
RRSP→REER, TFSA→CELI, RRIF→FERR).
* i18n(fr): add models, mailer, breadcrumb & Doorkeeper translations
Create French locale files for the remaining non-view scopes:
- models/coinbase_account/fr.yml (1 key)
- models/transaction/fr.yml (3 keys)
- mailers/pdf_import_mailer/fr.yml (1 key)
- breadcrumbs/fr.yml (5 root-level breadcrumb labels)
- doorkeeper.fr.yml (89 keys: full OAuth2 UI translation
modeled on the doorkeeper-i18n FR conventions; PKCE/scope/
Client Credentials kept in English as proper grant names;
date_format adjusted to %d/%m/%Y %H:%M:%S)
* i18n(fr): use "Inscription des utilisateurs" for invite_codes onboarding
In the invite_codes settings section, EN "Onboarding" was translated as
"Intégration" — wrong context. The page controls how new people sign up
to the instance, so "Inscription des utilisateurs" is the natural
French term for this UX flow.
* i18n(fr): use "Marchand" consistently for Merchant
Aligns transactions/, settings/, and settings/hostings/ with the FR
fintech convention (Lydia, Revolut FR, Boursorama, N26 FR all use
"Marchand"). Earlier waves had introduced "Commerçant" via a glossary
choice that turned out to imply a small physical retailer rather than
a generic transaction payee.
Net effect: a single consistent term across all FR screens.
* i18n(fr): address CodeRabbit review feedback
Fixes 9 of 17 actionable items from the CodeRabbit review:
- Remove duplicate breadcrumbs block from shared/fr.yml (item 2)
- Standardize "Indexa Capital" naming throughout (item 6)
- Pluralize merchants.perform_merge.success in EN+FR (item 7)
- Add rel="noopener noreferrer" to Coinbase + Binance external links
in EN+FR settings (item 9, security)
- Replace "rappeler" with "invoquer" for MCP tool calling (item 10)
- Localize Doorkeeper "Single Page Apps" + grant names with FR-first
phrasing (item 12)
- Reorder twelve_data_settings to put title first (item 14)
- Enrich IRA/SEP/SIMPLE/ISA/LISA/SIPP long labels with FR expansion
+ acronym in parens (item 15)
- Use "Transfert" (not "Virement") for investment activity_labels.transfer
to disambiguate from banking transfers (item 16)
Items deferred (require non-FR code changes or are pre-existing EN bugs):
1, 3, 4, 5, 8, 11, 13.
* i18n(fr): address second-wave CodeRabbit review feedback
- transactions: fix gender agreement on one_time_title
("%{type} ponctuel" → "Transaction ponctuelle (%{type})") so that
"Dépense" no longer renders as "Dépense ponctuel"
- transactions: fix bare-noun-modifier in rule_description_prefix
("Les futures transactions %{type}…" → "…de type %{type}…")
- settings/hostings: clarify email_confirmation_description
("lors du changement" → "lorsqu'ils la modifient")
- settings/hostings: fix dangling "Utilisé de préférence" in EODHD
and Alpha Vantage rate_limit_warning ("À utiliser de préférence")
* SimpleFIN: setup UX + same-provider relink + card-replacement detection
Fixes three bugs and adds auto-detection for credit-card fraud replacement.
Bugs:
- Importer: per-institution auth errors no longer flip the whole item to
requires_update. Partial errors stay on sync_stats so other institutions
keep syncing.
- Setup page: new activity badges (recent / dormant / empty / likely-closed)
via SimplefinAccount::ActivitySummary. Likely-closed (dormant + near-zero
balance + prior history) defaults to "skip" in the type picker.
- Relink: link_existing_account allows SimpleFIN to SimpleFIN swaps by
atomically detaching the old AccountProvider inside a transaction. Adds
"Change SimpleFIN account" menu item on linked-account dropdowns.
Feature (credit-card scope only):
- SimplefinItem::ReplacementDetector runs post-sync. Pairs a linked dormant
zero-balance sfa with an unlinked active sfa at the same institution and
account type. Persists suggestions on Sync#sync_stats.
- Inline banner on the SimpleFIN item card prompts relink via CustomConfirm.
Per-pair dismiss button scoped to the current sync (resurfaces on next
sync if still applicable). Auto-suppresses once the relink has landed.
Dev tooling:
- bin/rails simplefin:seed_fraud_scenario[email] creates a realistic broken
pair for manual QA; cleanup_fraud_scenario reverses it.
* Address review feedback on #1493
- ReplacementDetector: symmetric one-to-one matching. Two dormant cards
pointing at the same active card are now both skipped — previously the
detector could emit two suggestions that would clobber each other if
the user accepted both.
- ReplacementDetector: require non-blank institution names on both sides
before matching. Blank-vs-blank was accidentally treated as equal,
risking cross-provider false matches when SimpleFIN omitted org_data.
- ActivitySummary: fall back to "posted" when "transacted_at" is 0
(SimpleFIN's "unknown" sentinel). Integer 0 is truthy in Ruby, so the
previous `|| fallback` short-circuited and ignored posted.
- Controller: dismiss key is now the (dormant, active) pair so dismissing
one candidate for a dormant card doesn't suppress others.
- Helper test: freeze time around "6.hours.ago" and "5.days.ago"
assertions so they don't flake when the suite runs before 06:00.
* Address second review pass on #1493
- ReplacementDetector: canonicalize account_type in one place so filtering
(supported_type?) and matching (type_matches?) agree on "credit card"
vs "credit_card" variants.
- ReplacementDetector: skip candidates with nil current_balance. nil is
"unknown," not "zero" — previously fell back to 0 and passed the near-
zero gate, allowing suggestions without balance evidence.
* Optimize UI in budget
* update locales
* Optimize UI
* optimize suggested_daily_spending
* try over_budget and on_track
* update locale
* optimize
* add budgets_helper.rb
* fix
* hide no buget and no expense sub-catogory
* Optimize
* Optimize button on phone
* Fix Pipelock CI noise
* using section to render both overbudget and onTrack
* hide last ruler
* fix
* update test
---------
Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>
* feat: add currency management for families with enabled currencies
* feat: update currency selection logic and improve accessibility
* feat: update currency preferences to use group moniker in titles
---------
Signed-off-by: Ang Wei Feng (Ted) <hello@tedawf.com>
Signed-off-by: Juan José Mata <juanjo.mata@gmail.com>
Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>
* Ipv6 support
* Proper fix for containers, dev and local
* Edits similar to non-AI compose file
---------
Co-authored-by: Juan José Mata <jjmata@jjmata.com>
* fix(enable-banking): refactor error handling and add missing GIN index
* fix(enable-banking): handle wrapped network errors and fix concurrent index migration
* fix(enable-banking): extract network errors to frozen constant
* fix(enable-banking): consolidate error handling and enforce strict localization
* fix(enable-banking): improve sync error handling and fix invalid test status
* test(enable_banking): use OpenStruct instead of mock for provider
* Binance as securities provider
* Disable twelve data crypto results
* Add logo support and new currency pairs
* FIX importer fallback
* Add price clamping and optiimize retrieval
* Review
* Update adding-a-securities-provider.md
* day gap miss fix
* New fixes
* Brandfetch doesn't support crypto. add new CDN
* Update _investment_performance.html.erb
