* Add new settings sections and update tests
Added 'Recurring', 'LLM Usage', and 'Providers' sections to the settings navigation in SettingsHelper. Updated system tests to include these new sections and added missing entries for 'Billing', 'Self-Hosting', 'Imports', and 'SimpleFin' to ensure test coverage matches the navigation.
* Fix tests
* fix test
* Restrict advanced settings to admin users
Added `admin_user?` and `self_hosted_and_admin?` helper methods. Advanced settings menu items now require admin privileges, and self-hosting settings require both self-hosted and admin status.
* Show admin-only settings links for admin users
Moved admin-specific settings links to be conditionally added only for admin users in the settings system test. This ensures that non-admin users do not see admin-only settings options during tests.
* Update settings_test.rb
* Update settings_test.rb
* Update en.yml
* Update settings_helper.rb
* Update settings_test.rb
* Update settings_test.rb
* Rename 'Recurring Transactions' to 'Recurring' in settings
Revert the label 'Recurring Transactions' to 'Recurring' in the settings navigation, locale file, and related system test to simplify terminology and improve consistency.
* Minor formatting update in settings test
No functional changes; adjusted whitespace in the admin settings links array for consistency.
---------
Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>
* Update styles for LLM usage filter form
Enhanced the appearance of the start and end date fields and the filter button by applying new background and text color classes for better UI consistency.
* Replace filter submit button with DS::Button component
Updated the filter form's submit button to use the DS::Button component with secondary variant and medium size for improved consistency with design system.
* Improve calendar picker icon visibility in dark mode
Added CSS to invert the calendar picker icon for date inputs when in dark mode, ensuring better visibility and consistent user experience.
* Add newline at end of application.css
Appends a newline to the end of application.css to follow POSIX standards and improve compatibility with some tools.
* Move date picker dark mode fix to separate CSS file
Extracted the dark mode calendar picker icon fix from application.css into a new date-picker-dark-mode.css file for better organization and maintainability. Updated application.css to import the new file.
* Implement recurring transactions support
* Amount fix
* Hide section when any filter is applied
* Add automatic identify feature
Automatic identification runs after:
- CSV Import completes (TransactionImport, TradeImport, AccountImport, MintImport)
- Plaid sync completes
- SimpleFIN sync completes
- LunchFlow sync completes
- Any new provider that we create.
* Fix linter and tests
* Fix address review
* FIX proper text sizing
* Fix further linter
Use circular distance to handle month-boundary wrapping
* normalize to a circular representation before computing the median
* Better tests validation
* Added some UI info
Fix pattern identification, last recurrent transaction needs to happened within the last 45 days.
* Fix styling
* Revert text subdued look
* Match structure of the other sections
* Styling
* Restore positive amounts styling
* Shorten label for UI styling
---------
Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>
* First pass lunch flow
* Fixes
- Fix apikey not being saved properly due to provider no reload support
- Fix proper messages if we try to link existing accounts.
* Fix better error handling
* Filter existing transactions and skip duplicates
* FIX messaging
* Branding :)
* Fix XSS and linter
* FIX provider concern
- also fix code duplication
* FIX md5 digest
* Updated determine_sync_start_date to be account-aware
* Review fixes
* Broaden error catch to not crash UI
* Fix buttons styling
* FIX process account error handling
* FIX account cap and url parsing
* Lunch Flow brand
* Found orphan i18n strings
* Remove per conversation with @sokie
---------
Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>
* Add support for dynamic config UI
* Add support for section description
* Better dynamic class settings
Added dynamic_fields hash field - Stores all undeclared settings
[] method - Checks declared fields first, then falls back to dynamic hash
[]= method - Updates declared fields normally, stores others in hash
No runtime field declaration - Fields are never dynamically created on the class
* FIX proper lookup for provider keys
- Also validate configurable values properly.
- Change Provider factory to use Rails autoloading (Zeitwerk)
* Fix factory
The derive_adapter_name method relies on string manipulation ("PlaidAccount".sub(/Account$/, "") + "Adapter" → "PlaidAdapter"), but we already have explicit registration in place.
* Make updates atomic, field-aware, and handle blanks explicitly
* Small UX detail
* Add support for PlaidEU in UI also
- This looks like partial support atm
* Implement Yahoo Finance
* Added tests
* Updated hosting controller to check for managed app_mode instead of env_override
* Suggestions from CodeRabbit and Fixes on tests
* Remove Css changes
* Fix yahoo finance impl and i18n
* Updated view to use healthy method
* remove usage
* Updated env example
* keep usage on class just to keep same format
* Ci test
* Remove some useless validations
* Remove logs
* Linter fixes
* Broke this in my conflict merge
* Wrong indentation level
---------
Signed-off-by: Juan José Mata <juanjo.mata@gmail.com>
Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>
* Password reset back button also after confirmation
Signed-off-by: Juan José Mata <juanjo.mata@gmail.com>
* Implement a filter for category (#215)
- Also implement an is empty/is null condition.
* Implement an LLM cost estimation page
Track costs across all the cost categories: auto categorization, auto merchant detection and chat.
Show warning with estimated cost when running a rule that contains AI.
* Update pricing
* Add google pricing
and fix inferred model everywhere.
* Update app/models/llm_usage.rb
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Signed-off-by: soky srm <sokysrm@gmail.com>
* FIX address review
* Linter
* Address review
- Lowered log level
- extracted the duplicated record_usage method into a shared concern
* Update app/controllers/settings/llm_usages_controller.rb
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Signed-off-by: soky srm <sokysrm@gmail.com>
* Moved attr_reader out of private
---------
Signed-off-by: Juan José Mata <juanjo.mata@gmail.com>
Signed-off-by: soky srm <sokysrm@gmail.com>
Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Remove orphan function
* Add centralized branding helpers and update locales
* Remove _plus and add (proper) brand
* No longer Sure, configurable
* Consistency with compose file naming
* Missed `product_name` mapping
* Fix brand/product name in mailers
* Product name in email reset flow
* Fix i18n errors/tests
* Fix password mailer brand/product name (again)
* Missed hardcoded `Sure` in onboarding goals
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Signed-off-by: Juan José Mata <jjmata@jjmata.com>
* PR nitpick on documentation
* Missing interpolation key for invited UI
* Orphan assets
* New logos
---------
Signed-off-by: Juan José Mata <jjmata@jjmata.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Implement support for generic OpenAI api
- Implements support to route requests to any openAI capable provider ( Deepsek, Qwen, VLLM, LM Studio, Ollama ).
- Keeps support for pure OpenAI and uses the new better responses api
- Uses the /chat/completions api for the generic providers
- If uri_base is not set, uses default implementation.
* Fix json handling and indentation
* Fix linter error indent
* Fix tests to set env vars
* Fix updating settings
* Change to prefix checking for OAI models
* FIX check model if custom uri is set
* Change chat to sync calls
Some local models don't support streaming. Revert to sync calls for generic OAI api
* Fix tests
* Fix tests
* Fix for gpt5 message extraction
- Finds the message output by filtering for "type" == "message" instead of assuming it's at index 0
- Safely extracts the text using safe navigation operators (&.)
- Raises a clear error if no message content is found
- Parses the JSON as before
* Add more langfuse logging
- Add Langfuse to auto categorizer and merchant detector
- Fix monitoring on streaming chat responses
- Add Langfuse traces also for model errors now
* Update app/models/provider/openai.rb
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Signed-off-by: soky srm <sokysrm@gmail.com>
* handle nil function results explicitly
* Exposing some config vars.
* Linter and nitpick comments
* Drop back to `gpt-4.1` as default for now
* Linter
* Fix for strict tool schema in Gemini
- This fixes tool calling in Gemini OpenAI api
- Fix for getTransactions function, page size is not used.
---------
Signed-off-by: soky srm <sokysrm@gmail.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>
* Replace Maybe for Sure in select code areas
* Make sure passwords are consistent
* Remove (admin|member) from demo data first name
* Database and schema names finally to `sure`
* Fix broken test
* Another (benchmarking) database name to `sure_*`
* More rebranding to Sure
* Missed this Maybe mention in the same page
* Random nitpicks and more Maybes
* Demo data accounts and more Maybes
* Test data account updates
* Impersonation test accounts
* Consistency with `compose.example.yml`
* Add ability to delete invite codes
Implemented destroy action in InviteCodesController and updated routes to support invite code deletion. Updated invite code partial to include a delete button and improved styling. Also refactored the generate tokens button in invite code settings to use DS::Button.
* Show advanced settings only to admin users
Updated the settings navigation to display the advanced section only for admin users. Also improved handling of hidden elements in the invite code CSS.
* add initial pages for Bank Sync and Lunch Flow
* update breadcrumbs on Lunch Flow page
* update content for Lunch Flow page
* add norefeerrer to Github link
* update lunch flow url
* nest lunch_flow resource under bank_sync
* add a provider link partial
* remove trailing whitespaces
* update providers style to match merchants page
* remove separate lunch flow page
* fix hover on dark mode
* point lunch flow to custom sure landing page
* [i18n] Bank Sync label
* [i18n] API Keys
* [i18n] Self-Hosting consistency
* Security breadcrum, not "securities" default
---------
Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>
* Add HTTParty gem for SimpleFin API integration
- Add HTTParty gem for making HTTP requests to SimpleFin API
- Required for SimpleFin protocol implementation
* Add SimpleFin database schema
- Create simplefin_items table for SimpleFin connections
- Create simplefin_accounts table for account metadata
- Add simplefin_account_id to accounts table for linking
- Add external_id to transactions for deduplication
- Enable encrypted storage of SimpleFin access URLs
* Implement SimpleFin API client and data models
- Add SimplefinItem model with sync capabilities and encryption
- Add SimplefinAccount model for account data mapping
- Implement Provider::Simplefin API client with token exchange
- Add SimpleFin protocol support with proper error handling
- Include sync jobs, importers, and processors for data flow
- Add family SimpleFin connectivity mixin
* Update core models for SimpleFin integration
- Add SimpleFin account creation methods to Account model
- Implement intelligent account type mapping from names
- Add SimpleFin linkable functionality to Account
- Include SimpleFin items in Family model associations
- Support account creation with user-selected types
* Add SimpleFin controllers and routing
- Create SimplefinItemsController with CRUD operations
- Add account setup flow with user type selection
- Include sync management and error handling
- Update AccountsController to display SimpleFin items
- Add routes for SimpleFin item management and setup
* Add SimpleFin user interface components
- Create SimpleFin connection management views
- Add account setup modal with type selection
- Include connection form with token input and instructions
- Update accounts index to display SimpleFin items
- Add SimpleFin option to account method selector
- Include SimpleFin in settings navigation
* Add user account type selection workflow
- Add pending_account_setup field to SimpleFin items
- Enable pausing sync for user account type selection
- Allow users to choose account types during import
- Prevent automatic account creation until user confirms
* Add tests for SimpleFin integration
- Add SimplefinItem model tests with fixtures
- Add SimplefinAccount model tests
- Add SimplefinItemsController tests
- Include test coverage for sync and account creation
* Fix account show page for SimpleFin accounts
- Update sync button routing to handle SimpleFin accounts
- Add SimpleFin item sync path alongside existing Plaid support
- Prevent NoMethodError when viewing SimpleFin-linked accounts
- Support proper sync routing for Plaid, SimpleFin, and manual accounts
* Complete subtype selection for SimpleFin accounts
- Add subtype database columns to all accountable models
- Create Stimulus controller for dynamic subtype dropdown interaction
- Add delegation from Account to accountable subtype for clean API access
- Update SimpleFin account setup form with working subtype selection
- Fix account display to show proper subtype labels instead of generic "Cash"
Users can now select both account type and subtype during SimpleFin import,
and the selected subtypes are properly saved and displayed in the UI.
* Fix dark mode compatibility for SimpleFin UI components
- Replace hardcoded colors with design system tokens throughout SimpleFin views
- Fix method selector hover states to use bg-surface instead of bg-gray-50
- Update SimpleFin form to use styled_form_with and standard form patterns
- Replace custom button styling with design system button components
- Fix info boxes and containers to use bg-surface and border-primary
- Replace hardcoded green/blue colors with text-primary, text-secondary, text-link
- Remove custom text area styling to allow form builder defaults (dark mode support)
All SimpleFin components now properly adapt to both light and dark themes
with correct contrast and visibility.
* Fix SimpleFin integration bugs and improve code quality
- Fix upsert method to handle string/symbol keys with indifferent access
- Add missing show route and view for SimpleFin items
- Fix test fixtures to use correct user references
- Update test data to match real-world JSON format (string keys, BigDecimal)
- Apply code formatting and linting fixes (rubocop, erb_lint)
- Ensure all SimpleFin tests pass (16/16 passing)
* Remove SimpleFin demo file with outdated setup token
* Update SimpleFin User-Agent to use Sure Finance branding
* Remove unused SimpleFin account type mapping logic
- Remove map_simplefin_type_to_accountable_type method (no longer needed)
- Remove create_from_simplefin_account method (manual setup only)
- Simplify account type selection UI to not pre-select defaults
- Update processor to log error if account missing (safety check)
- All account creation now goes through manual user selection flow
* Gate SimpleFin option behind US region check
SimpleFin is primarily for North American financial institutions,
so only show the option when US banking connections are available.
* Refactor SimpleFin controller to use model method
- Move SimpleFin item creation logic from controller to Family#create_simplefin_item!
- Remove duplication between controller and model
- Simplify controller to focus on web request/response handling
- Remove unused simplefin_provider method
- Follow Rails best practices for fat models, skinny controllers
* Fix critical data integrity issue in SimpleFin date parsing
- Remove fallback to Date.current when transaction dates fail to parse
- Raise ArgumentError instead to ensure data integrity
- Log detailed error messages for debugging
- Skip transactions with invalid dates rather than using incorrect dates
- Prevents hard-to-debug issues with balances and financial reports
* Address all Gemini code review feedback for SimpleFin integration
- Remove debug console.log statements from JavaScript controller
- Consolidate duplicate SimpleFin account creation methods into single method
- Refactor SimplefinItemsController to reduce complexity with helper methods
- Fix HTTParty thread-safety by moving SSL options to class level
- Remove redundant HTTParty options from individual requests
- Add proper error logging for invalid currency URIs
- Extract sync button path logic to AccountsHelper#sync_path_for method
- DRY up repeated subtype dropdown code with reusable partial and data structure
All SimpleFin tests passing (16/16). Code quality improvements maintain
backward compatibility while following Rails best practices.
* Fix tests for subtype delegation to accountable models
The subtype attribute was moved from Account to individual accountable models
to enable users to select specific subtypes during SimpleFin account import.
This change allows for better account categorization and more precise display
of account types (e.g., "HSA" instead of generic "Cash").
However, tests and the PlaidAccount processor weren't updated to work with
the new delegation pattern. This commit fixes:
- PlaidAccount::Processor now sets subtype on accountable and uses enrichable
pattern to respect user locks
- PropertiesController updated to handle subtype via accountable_attributes
- Test fixtures corrected to set subtype on accountable models not Account
- Tests updated to work with the delegated subtype pattern
All originally failing tests now pass:
- PropertiesControllerTest#test_updates_property_overview
- PlaidAccount::ProcessorTest (2 failing tests)
- AccountTest#test_gets_short/long_subtype_label
* Fix trailing whitespace (rubocop auto-fix)
* Add option to "skip" adding an account
* Revert "Gate SimpleFin option behind US region check"
This reverts commit 43b339940b.
* Fix SimpleFin transaction syncing and clean up debug logging
- Fix transaction creation to use Entry/entryable pattern instead of creating Transaction directly
- Handle both string and symbol keys in transaction data using with_indifferent_access
- Fix amount parsing to use BigDecimal instead of converting to cents
- Use plaid_id field for external ID storage to prevent duplicates
- Remove excessive debug logging while keeping essential error logging
SimpleFin transaction sync now works correctly, creating proper Entry records
with accurate dollar amounts and preventing duplicate transactions.
* Not sure how skipping worked for me the first time
* Fix SimpleFin new account setup flow and UI dark mode issues
- Fix accounts showing as 'unknown' by displaying proper account type from Account model
- Fix new accounts in existing connections not triggering setup flow with correct query
- Fix dark mode colors throughout SimpleFin views using design system tokens
- Improve UI logic to show existing accounts alongside new account setup prompt
- Remove balance attribute error when creating CreditCard accounts
- Simplify CreditCard subtype selection (auto-default to credit_card)
* Fix linter issues (trailing whitespace and ERB formatting)
* Remove SimpleFin button from create accounts view
SimpleFin doesn't work like Plaid - no need for separate connection creation for new accounts, just refresh existing connection.
* Add missing SimpleFin attributes and fix balance attribute error
- Add balance_date field to SimpleFin accounts to capture balance timestamp from protocol
- Enhanced build_simplefin_accountable_attributes to set available_credit for CreditCard accounts
- Fixed model mismatch where balance was being set on accountable models instead of Account model
- Updated tests to verify balance_date parsing functionality
This addresses the balance attribute error from commit 6681537b and ensures we're capturing
all available SimpleFin protocol data properly.
* Store all SimpleFin protocol fields in JSONB following existing patterns
* Fix SimpleFin API date parameter format and improve error handling
- Change date parameters from string format to Unix timestamps as required by SimpleFin API
- Add better error handling for 400 Bad Request responses
- Add more detailed error logging for debugging failed API calls
This fixes the issue where SimpleFin was only returning recent transactions
instead of historical data when start_date was provided.
* Implement comprehensive historical transaction sync for SimpleFin
- Add start_date parameter to SimpleFin API calls for historical data
- Use 100-year lookback for first sync to capture all available history
- Use 7-day buffer for incremental syncs to catch late-posting transactions
- Fix transaction storage to prevent data loss during account updates
- Remove verbose logging for cleaner output
This ensures users get all their historical transactions on first sync,
not just recent ones.
* Fix SimpleFin transaction sign convention to match Maybe's format
- Negate SimpleFin amounts to convert from banking convention to Maybe's format
- SimpleFin: expenses negative, income positive (banking convention)
- Maybe: expenses positive, income negative (internal convention)
- Improve date parsing to handle multiple date formats (Unix timestamps, strings, Date objects)
This fixes the issue where expenses showed as negative in the UI instead of positive.
* Add SimpleFin account association and fix balance handling for liabilities
- Add belongs_to :simplefin_account association to Account model
- Fix balance handling for credit cards and loans (use absolute value)
- SimpleFin returns negative balances for liabilities, but Maybe expects positive
This enables displaying organization names and ensures correct balance display.
* Display organization names throughout SimpleFin interface
- Show institution names under SimpleFin connection titles
- Display organization names next to account names (e.g., "360 Checking • Capital One")
- Add organization info to all SimpleFin account displays:
- Account setup page
- SimpleFin item details page
- Regular account lists for SimpleFin accounts
- Use org_data from SimpleFin accounts with fallback to institution_name
This improves account identification by showing which financial institution
each account belongs to throughout the SimpleFin workflow.
* Fix SimpleFin UI styling to match design system
- Replace custom styles with DS components (DS::FilledIcon, DS::Link, DS::Button)
- Use proper design system tokens instead of hardcoded colors
- Fix form select styling to match design system patterns
- Update empty states to use consistent styling
- Ensure all SimpleFin views follow the app's design system
This makes the SimpleFin interface consistent with the rest of the app.
---------
Signed-off-by: Juan José Mata <juanjo.mata@gmail.com>
Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Add customizable menu order for user accounts
Introduces a MenuOrder model and concern to allow users to select their preferred account ordering (by name or balance, ascending or descending). Adds a default_order field to users, updates user preferences UI, and applies the selected order to balance sheet account listings.
* Rename MenuOrder to AccountOrder and update user order field
Refactors the MenuOrder model to AccountOrder and updates all references accordingly. Replaces the user's default_order field with default_account_order, including migration changes, validations, and form fields. Updates localization and schema to reflect the new naming.
* Update balance_sheet.rb
* Fix for nil Current.user when rake runs in balance_sheet model
---------
Signed-off-by: Aluisio Pereira <oaluiser@gmail.com>
Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>
* feat: Add Brand Fetch logo link for logos
* docs: brand fetch integration docs
* Document CLIENT_ID location?
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Signed-off-by: Juan José Mata <jjmata@jjmata.com>
---------
Signed-off-by: Juan José Mata <jjmata@jjmata.com>
Co-authored-by: Vincent Teo <vinteo@gmail.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
* First cut of smallest rebrand, pending icons
* Leave SQL schema tokens/user names the same for now
* First batch of logos
* Release notes/what's new
* /releases missing
* redirect_uri for sureapp://
* Padded logo
* Test the correct /releases URL
* Missed a few mobile URIs
* Some icons/asssets from /website/ repo
* Seed/sample data user @sure.local now
* New screenshot
* Want to keep their legal "boilerplate" from the upstream repo
* Remove Synth Finance integration
* Linter noise
* Fix failing (old) test, use it for Twelve Data
---------
Signed-off-by: Juan José Mata <juanjo.mata@gmail.com>
* feat: Add Twelve Data provider for exchange rates and securities
* test: fix hosting controller test, linting
* fix: add countries gem to handle country codes in Twelve Data provider
* fix: allow security search combobox to have no logo
* refactor: update Twelve Data provider use time series endpoint
* fix: set twelve data as default provider
* fix: replace hardcoded bg-white with bg-container in notification notice
* fix: replace hardcoded text-white with fg-inverse in notification CTA
* fix: replace hardcoded text-white with fg-inverse in text tooltip
* fix: replace hardcoded bg-gray-900 text-white with bg-inverse fg-inverse in invitations form
* fix: replace hardcoded bg-gray-800 text-white with bg-inverse fg-inverse in AI consent form
* fix: replace hardcoded text-white with fg-inverse in changelog page
* fix: replace hardcoded text-white and border-gray-500 with fg-inverse and border-secondary in investment tooltip
* fix: replace hardcoded text-white with fg-inverse in holdings missing price tooltip
* fix: replace hardcoded text-white and bg-gray-400 with fg-inverse and bg-surface-inset in settings profiles
* fix: replace hardcoded bg-orange-500 text-white with bg-yellow-600 fg-inverse in settings hosting danger zone
---------
Co-authored-by: Eran Avidor <eavidor@Eran-Avidor-MBP.lan>
* Separate exclude and one-time transaction handling
- Split transaction "exclude" and "one-time" toggles into separate controls in transaction detail view
- Updated Transaction::Search to show excluded transactions with grayed-out styling instead of filtering them out
- Modified IncomeStatement calculations to exclude both excluded and one_time transactions from totals
- Added migration to convert existing excluded transactions to also be one_time for backward compatibility
- Updated transaction list view to show asterisk for one_time transactions and gray out excluded ones
- Added controller support for kind parameter in transaction updates
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Fix linting issues
- Remove trailing whitespace from migration
- Fix ERB formatting throughout templates
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: Claude <noreply@anthropic.com>
* OAuth
* Add API test routes and update Doorkeeper token handling for test environment
- Introduced API namespace with test routes for controller testing in the test environment.
- Updated Doorkeeper configuration to allow fallback to plain tokens in the test environment for easier testing.
- Modified schema to change resource_owner_id type from bigint to string.
* Implement API key authentication and enhance access control
- Replaced Doorkeeper OAuth authentication with a custom method supporting both OAuth and API keys in the BaseController.
- Added methods for API key authentication, including validation and logging.
- Introduced scope-based authorization for API keys in the TestController.
- Updated routes to include API key management endpoints.
- Enhanced logging for API access to include authentication method details.
- Added tests for API key functionality, including validation, scope checks, and access control enforcement.
* Add API key rate limiting and usage tracking
- Implemented rate limiting for API key authentication in BaseController.
- Added methods to check rate limits, render appropriate responses, and include rate limit headers in responses.
- Updated routes to include a new usage resource for tracking API usage.
- Enhanced tests to verify rate limit functionality, including exceeding limits and per-key tracking.
- Cleaned up Redis data in tests to ensure isolation between test cases.
* Add Jbuilder for JSON rendering and refactor AccountsController
- Added Jbuilder gem for improved JSON response handling.
- Refactored index action in AccountsController to utilize Jbuilder for rendering JSON.
- Removed manual serialization of accounts and streamlined response structure.
- Implemented a before_action in BaseController to enforce JSON format for all API requests.
* Add transactions resource to API routes
- Added routes for transactions, allowing index, show, create, update, and destroy actions.
- This enhancement supports comprehensive transaction management within the API.
* Enhance API authentication and onboarding handling
- Updated BaseController to skip onboarding requirements for API endpoints and added manual token verification for OAuth authentication.
- Improved error handling and logging for invalid access tokens.
- Introduced a method to set up the current context for API requests, ensuring compatibility with session-like behavior.
- Excluded API paths from onboarding redirects in the Onboardable concern.
- Updated database schema to change resource_owner_id type from bigint to string for OAuth access grants.
* Fix rubocop offenses
- Fix indentation and spacing issues
- Convert single quotes to double quotes
- Add spaces inside array brackets
- Fix comment alignment
- Add missing trailing newlines
- Correct else/end alignment
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Fix API test failures and improve test reliability
- Fix ApiRateLimiterTest by removing mock users method and using fixtures
- Fix UsageControllerTest by removing mock users method and using fixtures
- Fix BaseControllerTest by using different users for multiple API keys
- Use unique display_key values with SecureRandom to avoid conflicts
- Fix double render issue in UsageController by returning after authorize_scope\!
- Specify controller name in routes for usage resource
- Remove trailing whitespace and empty lines per Rubocop
All tests now pass and linting is clean.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Add API transactions controller warning to brakeman ignore
The account_id parameter in the API transactions controller is properly
validated on line 79: family.accounts.find(transaction_params[:account_id])
This ensures users can only create transactions in accounts belonging to
their family, making this a false positive.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Signed-off-by: Josh Pigford <josh@joshpigford.com>
Co-authored-by: Claude <noreply@anthropic.com>
* Create shared ruler view
* Use collection rendering/spacer templates for rules, and new shared_ruler
* Use shared ruler for all the places a ruler is used
* Use shared ruler for imports and balance sheet
* Fix brakeman by using a static partial with a defined collection
* Standardize & improve a bunch of corners, fix some backgrounds, fix merchants for dark mode
* Update balance sheet
* misc cleanup
* Fix import table
* Remove middot
* Create shared ruler view
* Use collection rendering/spacer templates for rules, and new shared_ruler
* Use shared ruler for all the places a ruler is used
* Use shared ruler for imports and balance sheet
* Fix brakeman by using a static partial with a defined collection
* Update balance sheet
* Save work
* Subscriptions and trials domain
* Store family ID on customer
* Remove indirection of stripe calls
* Test simplifications
* Update brakeman
* Fix stripe tests in CI
* Update billing page to show subscription details
* Remove legacy columns
* Complete billing settings page
* Fix hardcoded plan name
* Handle subscriptions for self hosting mode
* Lint fixes
* Add lookbook + viewcomponent, organize design system file
* Build menu component
* Button updates
* More button fixes
* Replace all menus with new ViewComponent
* Checkpoint: fix tests, all buttons and menus converted
* Split into Link and Button components for clarity
* Button cleanup
* Simplify custom confirmation configuration in views
* Finalize button, link component API
* Add toggle field to custom form builder + Component
* Basic tabs component
* Custom tabs, convert all menu / tab instances in app
* Gem updates
* Centralized icon helper
* Update all icon usage to central helper
* Lint fixes
* Centralize all disclosure instances
* Dialog replacements
* Consolidation of all dialog styles
* Test fixes
* Fix app layout issues, move to component with slots
* Layout simplification
* Flakey test fix
* Fix dashboard mobile issues
* Finalize homepage
* Lint fixes
* Fix shadows and borders in dark mode
* Fix tests
* Remove stale class
* Fix filled icon logic
* Move transparent? to public interface
* fix: improve dark mode readability across the app
* fix: improve dark mode support for asset percentage text
* fix: apply suggested patch for theme-related improvements
* chore: apply PR feedback – remove dark:, align with design tokens, update form builder
* chore: revert background token and restore original style for visual consistency
* chore: remove unnecessary class attributes from form fields using builder
* refactor: move number_field and date_field into metaprogramming block
* refactor: replace bg-divider-adaptive divs with <hr> and border-secondary
* fix: apply requested changes and linting fixes
* Domain model sketch
* Scaffold out rules domain
* Migrations
* Remove existing data enrichment for clean slate
* Sketch out business logic and basic tests
* Simplify rule scope building and action executions
* Get generator working again
* Basic implementation + tests
* Remove manual merchant management (rules will replace)
* Revert "Remove manual merchant management (rules will replace)"
This reverts commit 83dcbd9ff0aa7bbee211796b71aa48b71df5e57e.
* Family and Provider merchants model
* Fix brakeman warnings
* Fix notification loader
* Update notification position
* Add Rule action and condition registries
* Rule form with compound conditions and tests
* Split out notification types, add CTA type
* Rules form builder and Stimulus controller
* Clean up rule registry domain
* Clean up rules stimulus controller
* CTA message for rule when user changes transaction category
* Fix tests
* Lint updates
* Centralize notifications in Notifiable concern
* Implement category rule prompts with auto backoff and option to disable
* Fix layout bug caused by merge conflict
* Initialize rule with correct action for category CTA
* Add rule deletions, get rules working
* Complete dynamic rule form, split Stimulus controllers by resource
* Fix failing tests
* Change test password to avoid chromium conflicts
* Update integration tests
* Centralize all test password references
* Add re-apply rule action
* Rule confirm modal
* Run migrations
* Trigger rule notification after inline category updates
* Clean up rule styles
* Basic attribute locking for rules
* Apply attribute locks on user edits
* Log data enrichments, only apply rules to unlocked attributes
* Fix merge errors
* Additional merge conflict fixes
* Form UI improvements, ignore attribute locks on manual rule application
* Batch AI auto-categorization of transactions
* Auto merchant detection, ai enrichment in batches
* Fix Plaid merchant assignments
* Plaid category matching
* Cleanup 1
* Test cleanup
* Remove stale route
* Fix desktop chat UI issues
* Fix mobile nav styling issues
