QT/sure
1
0
Fork 0
mirror of https://github.com/we-promise/sure.git synced 2026-06-04 02:09:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,714 Commits 143 Branches 48 Tags
5e558fa3abe761c06e39a41f6f8562e227fd652e
Commit Graph

2714 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ang Wei Feng (Ted)
5e558fa3ab feat(transactions): add inline tag creation and search in txn form (#1719) 
* feat(transactions): add inline tag creation and search in transaction forms

* fix(transactions): add tag-only update endpoint for edit drawer

* feat(transactions): implement TagSelectComponent for improved tag selection and management

* feat(tag-select): refactor tag selection component for improved functionality and accessibility

* feat(tag-select): implement inline tag rendering and error handling in tag selection component

* refactor(tag-select): remove unused list target from tag select controller

* fix: return forbidden JSON for denied tag updates

* fix: lock transaction tags when clearing them

* refactor: move tag select into DS namespace

* refactor: add multiselect trigger form field style

* fix: auto-position tag select dropdowns

* feat: add keyboard navigation to tag select

* feat: add create tag and search placeholder to transaction forms in multiple languages

* style: tighten tag select option spacing

* fix: align tag select spacing and focus behavior

* refactor: render tag badges with DS pill

---------

Signed-off-by: Juan José Mata <juanjo.mata@gmail.com>
Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>
 2026-06-01 21:46:32 +02:00
Alessio Cappa
f4eb58d5d6 fix: do not show pagination if no merchants are available (#2115) 2026-06-01 21:39:11 +02:00
Sure Admin (bot)
e62e0d6b26 fix(tests): avoid coverage rollover fixture collision (#2102) 2026-06-01 14:58:18 +02:00
ghost
1af880aa2a ci(preview): stabilize image push and readiness diagnostics (#2084) 
* ci(preview): rewrite image config before registry push

Point the trusted preview deploy config at the loaded CI image before Wrangler validates the worker config for the Cloudflare registry push. This keeps the existing trusted deploy boundary intact while fixing the post-2062 image-push ordering regression.

* ci(preview): require trusted readiness diagnostics

* ci(preview): use nonce for diagnostics events

* ci(preview): retain diagnostics timing anchors
 2026-06-01 10:51:29 +02:00
web-dev0521
3311759ec2 fix(transactions): include enable_banking in pending/confirmed status filter (#1885) 
* fix(transactions): include enable_banking in pending/confirmed status filter (#1668)

The transaction status filter hardcoded only simplefin/plaid/lunchflow in
its pending/confirmed SQL, even though Transaction::PENDING_PROVIDERS also
includes enable_banking. As a result, Enable Banking pending transactions
returned 0 results under the "Pending" filter and leaked into "Confirmed".

Source the provider list from the existing constant-driven helpers instead:
- Transaction::Search delegates to the `pending` / `excluding_pending` model
  scopes.
- EntrySearch interpolates Transaction::PENDING_CHECK_SQL into its EXISTS
  subqueries.

This keeps every status-filter path in sync with PENDING_PROVIDERS so adding
a future provider can't reintroduce the bug.

Fixes #1668

* test(entry): cover EntrySearch status filter across all pending providers

Adds a regression test for the EntrySearch#apply_status_filter path,
asserting pending transactions for every PENDING_PROVIDERS entry are
matched by the "pending" filter and excluded from "confirmed". Mirrors
the existing Transaction::Search coverage so both filter paths are
exercised.
 2026-05-31 22:17:56 +02:00
joaocbatista
b101708409 Fix Start month on Last 6 Months report off by 1 (#2070) 
* Bump version to next iteration after v0.7.1-rc.1.1 release

* fix: correct last_6_months period to show exactly 6 months

Default start date was snapping to beginning_of_month 6 months ago,
producing a 7-month window (e.g. Nov 1 – May 31). Fix computes the
start as (end_of_month + 1 day - 6 months).beginning_of_month so the
default window is consistent with the navigation arrows and Today button.

* improved test

---------

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
 2026-05-31 16:35:38 +02:00
galuis116
61a235f765 fix(family): include HSA depository accounts in tax-advantaged exclusion (#2004) 
* fix(family): include HSA depository accounts in tax-advantaged exclusion

`Family#tax_advantaged_account_ids` is the ID set the budget engine uses
to exclude tax-advantaged account activity from income / expense /
cashflow totals. PR #724 originated this method and explicitly listed HSA
in scope ("401k, IRA, HSA, Roth IRA, etc."), but the implementation only
joined `investments` and `cryptos`. `Depository::SUBTYPES["hsa"]` already
exists and Plaid routes `depository.hsa` accounts to `Depository` (not
`Investment`) via `PlaidAccount::TypeMappable`, so HSA cash accounts were
silently absent from the filter and HSA contributions/withdrawals showed
up in household expense totals.

- Add `Depository::TAX_ADVANTAGED_SUBTYPES = %w[hsa]` + a `tax_treatment`
  instance method (mirrors `Investment#tax_treatment`).
  `TaxTreatable#tax_advantaged?` picks it up via the existing `respond_to?`
  check, so `Account#tax_advantaged?` now flips to true for HSA depositories
  without touching the concern.
- Extract `Family#tax_advantaged_depository_account_ids` (private) that
  joins `depositories` and filters by `Depository::TAX_ADVANTAGED_SUBTYPES`,
  mirroring the existing `investment_ids` / `crypto_ids` extraction style.
  Append it to the union in `tax_advantaged_account_ids`.

Behavior change is scoped: HSA depositories now exit the budget engine via
the same path as 401k / IRA / Roth IRA. Non-HSA depositories continue to
report `tax_treatment: :taxable` (was `nil`), so `Account#taxable?` returns
true for them via the existing `== :taxable` clause — no expense-total
change for Checking / Savings / CD / Money Market.

Tests:
- `test/models/account_test.rb` — rewrite "tax_treatment returns nil for
  non-investment accounts" (was implicitly testing the bug) into two tests:
  one asserting `:taxable` for non-HSA depositories and a new sibling
  asserting `nil` for accountables that genuinely lack `tax_treatment`
  (CreditCard). Add an HSA-depository test asserting `tax_advantaged?`.
- `test/models/income_statement_test.rb` — new test asserting an HSA
  depository is included in `tax_advantaged_account_ids` and a `savings`
  depository is not.

No schema migration, no controller change, no provider integration change.

* [200~fix(family): return nil for non-HSA depository tax_treatment
 2026-05-31 16:24:01 +02:00
Guillem Arias Fauste
8251b7e4d6 feat(ai): add Anthropic provider with chat parity (1/5) (#1983) 
* feat(ai): add Anthropic provider with chat parity (1/5)

Introduces Provider::Anthropic alongside Provider::Openai, implementing
the LlmConcept chat_response contract over the official anthropic Ruby
SDK. Batch ops, PDF, and RAG land in follow-up PRs.

- Provider::Anthropic uses Messages API for sync and streaming responses
- ChatConfig builds requests with ephemeral prompt-cache markers on the
  system prompt and the last tool definition
- MessageFormatter reconstructs multi-turn history (text + tool_use +
  tool_result blocks) from raw Message records, including the paired
  user-role tool_result turn Anthropic requires after every tool_use
- ChatParser maps Anthropic Message into the shared ChatResponse Data
- Registry, Setting, User, Chat default model wired for ANTHROPIC_*
  envs and Setting.anthropic_*; LLM_PROVIDER selects between providers
- Responder forwards raw conversation_history (Array<Message>) so
  providers without hosted conversation state can rebuild context
- OpenAI provider accepts and ignores the new kwarg (no behavior change)

Tests cover provider init, model gating, MessageFormatter for all turn
shapes, ChatConfig request building (max_tokens, system cache, tool
conversion), ChatParser for text / tool_use / mixed blocks, Registry
discovery, and mocked chat_response success / error / function_request
paths. Live VCR cassettes recorded in a follow-up with a real key.

Stacked PRs: 2/5 batch ops + cost ledger, 3/5 PDF, 4/5 pgvector RAG,
5/5 settings UI + disclosure.

* fix(ai): address PR review on Anthropic provider foundation

Surface fixes raised by Codex + CodeRabbit on PR 1/5:

- Provider::Anthropic#chat_response now accepts (and ignores) a
  `messages:` kwarg. Assistant::Responder passes both `messages:`
  (OpenAI-shape) and `conversation_history:` (raw Message records) for
  cross-provider parity, so the previous signature raised
  ArgumentError on the first chat turn through the Anthropic provider.
- Provider::Anthropic#supports_model? bypasses the `claude` prefix
  gate when a custom base_url is configured, mirroring the OpenAI
  provider. Bedrock-shaped IDs like
  `anthropic.claude-sonnet-4-5-20250929-v1:0` and
  `claude-opus-4@20250514` are otherwise rejected by
  Assistant::Provided#get_model_provider and the chat dies.
- Setting.anthropic_access_token is now in
  EncryptedSettingFields::ENCRYPTED_FIELDS so the Anthropic API key
  is encrypted at rest like every other provider secret. Previously
  plaintext while siblings (openai_access_token, twelve_data_api_key,
  external_assistant_token) were ciphertext.
- Chat.default_model falls back to whichever provider is actually
  configured. Previously, with LLM_PROVIDER=anthropic but no
  Anthropic credentials, the default model resolved to a Claude ID
  that no registered provider supported, so chats failed even when
  OpenAI was fully configured. Adds Provider::{Anthropic,Openai}#configured?
  class methods for the readable callsite.
- Provider::Anthropic.effective_model uses
  `ENV["ANTHROPIC_MODEL"].presence || Setting.anthropic_model` so the
  Setting lookup is only performed when the env var is absent — the
  previous `ENV.fetch(KEY, default)` evaluated the default arg
  eagerly on every call.
- Provider::Anthropic::ChatConfig#anthropic_input_schema strips both
  `:strict` and `"strict"` keys so JSON-decoded schemas with string
  keys cannot leak the OpenAI-only flag through to Anthropic.

Test coverage added: supports_model? bypass on custom endpoints,
chat_response messages: kwarg compatibility, default_model fallback
in the three credential combinations, configured? against ENV +
Setting, strict-flag stripping for both key types, and a
`Setting.expects(:anthropic_model).never` assertion proving the
ENV-precedence test now exercises the lazy path.

All 4365 tests pass (1 pre-existing libvips env error unrelated).

* test(chat): make default_model tests resilient to ENV model overrides

CodeRabbit flagged on PR review: the new default_model tests asserted
against Provider::*::DEFAULT_MODEL, but Chat.default_model actually
returns Provider::*.effective_model.presence (which reads
OPENAI_MODEL / ANTHROPIC_MODEL from the environment). With either env
var set, the tests would fail intermittently even though routing was
correct.

- New default_model tests now assert against the provider's
  effective_model directly, so they verify the routing decision
  (which provider's value wins) without coupling to the constant.
- Pre-existing "creates with default model" assertions had the same
  brittleness; switch them to compare against Chat.default_model so
  the chosen model is whatever the env / Setting cascade resolves to.

Verified by running `ANTHROPIC_MODEL=claude-haiku-4-5 OPENAI_MODEL=gpt-4o
bin/rails test test/models/chat_test.rb` — 16 runs, 0 failures
(previously 2 pre-existing failures + 0 from the new tests).

* fix(ai): address local review on Anthropic foundation

- Provider::Anthropic#supports_pdf_processing? bypasses prefix gate for
  custom endpoints, mirroring supports_model?
- Provider::Anthropic#initialize raises Error when custom_endpoint? AND
  model.blank?, parity with Provider::Openai
- stream_chat_response captures partial usage on mid-stream errors and
  records it via the new on_partial callback so chat_response can skip
  the duplicate error row in the outer rescue
- safe_accumulated_message swallows the secondary failure when the SDK
  cannot reconstruct a snapshot
- langfuse_client memoizes properly (||= instead of =) so repeated calls
  don't churn Langfuse instances
- MessageFormatter sorts tool_calls by created_at then id so the
  message array is deterministic across replays; skips tool_calls
  missing both provider_call_id and provider_id rather than sending
  `id: nil` and getting rejected by Anthropic
- Setting.anthropic_access_token default falls back through
  ENV["ANTHROPIC_API_KEY"].presence (was missing .presence, so an
  empty-string env value bled through)
- User#openai_configured? / #anthropic_configured? delegate to the
  Provider::* class methods — single source of truth
- Assistant::Responder renames the OpenAI-shape history builder
  conversation_history → openai_messages_payload so the kwarg name
  matches the local method name (messages: openai_messages_payload,
  conversation_history: chat_message_records)
- Assistant::Builtin stale-history comment updated to reference both
  builders

Adds a streaming chat_response test using ad-hoc subclasses of the
SDK event types so the case/when dispatch matches via is_a? without
stubbing class-level === behavior.

* test(ai): add Anthropic tool_use round-trip + multi-tool turn coverage

Addresses @jjmata's "worth confirming" note on PR #1983: tool-use turns
from prior assistant messages must round-trip correctly when retrieved
from the database.

- New `ChatParser → ToolCall::Function → MessageFormatter` test walks
  the full path: Anthropic response with a tool_use block →
  ChatFunctionRequest → ToolCall::Function.from_function_request →
  persisted on the AssistantMessage → MessageFormatter rebuild on the
  next turn. Asserts the original `tool_use.id` is preserved end-to-end
  as both `tool_use.id` and the paired `tool_result.tool_use_id`, and
  that the original `input` hash and serialized result content survive.
- New multi-tool assistant turn test confirms two tool_use blocks on a
  single assistant message render as two tool_use blocks followed by
  two paired tool_result blocks in a single user-role follow-up,
  matching Anthropic's required alternation.

Both tests exercise the existing PR1 code without behavior changes.

* test(ai): require "ostruct" explicitly in Anthropic provider tests

OpenStruct is moving out of Ruby's default load path (warning in 3.4+,
removed in 3.5+). Tests work today because ActiveSupport transitively
loads it, but that's incidental. Match the existing convention in
test/controllers/settings/hostings_controller_test.rb which explicitly
requires ostruct for the same reason.

* fix(ai): sanitize Langfuse warn logs, normalize tool_use.input, dedup history fetch

Addresses three open CodeRabbit findings on PR #1983.

- Provider::Anthropic Langfuse rescue branches no longer include
  `e.full_message` in `Rails.logger.warn`. `full_message` bundles the
  backtrace + cause chain and on some SDK error types includes the
  serialized request/response payload (prompt, model output). Logs
  now report `#{e.class}: #{e.message}` only. Three sites:
  create_langfuse_trace, log_langfuse_generation, upsert_langfuse_trace.
  Note: Provider::Openai has the same pattern (copy-pasted source) —
  harmonization deferred to a follow-up cleanup PR; this commit fixes
  only the Anthropic provider to keep PR scope tight.

- MessageFormatter#parse_arguments now coerces any non-Hash parsed
  result to `{}`. Anthropic's Messages API requires `tool_use.input`
  to be a JSON object (map); a stored ToolCall::Function record whose
  arguments parse to a scalar, bool, or array (corrupt row, legacy
  data, cross-provider bleed) would otherwise produce a payload the
  API rejects. Normal flow stores Hash arguments end-to-end so the
  fix is defensive — adds 2 tests covering scalar/array JSON strings
  and non-String non-Hash inputs.

- Assistant::Responder dedups the chat-history fetch. The previous
  layout fired two near-identical `chat.messages.where(...).includes(
  :tool_calls).ordered` queries per LLM turn (one for the OpenAI-shape
  payload, one for the raw-records kwarg). A new memoized
  `complete_chat_messages` fetches once; `chat_message_records` filters
  out the current message via `Array#reject`, `openai_messages_payload`
  iterates the cached array unchanged. One SQL query per turn instead
  of two. Memoization scope = single Responder instance (per LLM call),
  so cache invalidation is not a concern.

All 4370 tests pass (1 pre-existing libvips env error unrelated).
Rubocop + brakeman clean.

* fix(ci): replace sk-ant- prefixed test placeholders

Pipelock secret scanner pattern-matches `sk-ant-*` as a real Anthropic
API key and fails the PR security-scan check. Test stubs and
ClimateControl env values used `sk-ant-test`, `sk-ant-from-setting`,
`sk-ant-x`, `sk-ant-y` as obvious placeholders, but the scanner does
not care about value entropy.

Switched to `fake-anthropic-key-*` / `fake-token-*` strings so the
scanner stops flagging them. No production code touched, no behavior
change — Provider::Anthropic still accepts any non-blank token.
 2026-05-31 16:11:28 +02:00
Abhinav Dhiman
cc070853b7 fix: Replace platform-wide broadcast_refresh with sync toast (#1964) 
* fix: Replace platform-wide broadcast_refresh with sync toast

Instead of calling family.broadcast_refresh on every sync completion
(which reloads the page for all connected family members), broadcast
a lightweight static toast to the existing notification-tray.

A new sync-toast Stimulus controller handles two cases:
- User is idle (no focused form): auto-reloads after 500ms
- User is mid-form: toast stays visible with a manual Refresh button

This prevents in-progress form state from being wiped when a background
sync fires (e.g. adding a transaction, filling an import form).

The toast partial contains no user-scoped data, so the Current.user nil
constraint in background jobs is no longer a concern.

* fix(a11y): add explicit button types and aria-label to sync toast controls

* fix(sync-toast): improve interaction detection and replace broadcast strategy

- Increase auto-refresh delay from 500ms to 2000ms
- Expand interaction detection to include contentEditable, dialogs, and role="dialog" elements
- Switch from broadcast_append_to to broadcast_replace_to with dedicated #sync-toast target
- Add explicit id="sync-toast" to partial for targeted replacement
- Move sync_toast i18n keys from defaults/en.yml to views/shared/en.yml

* fix(sync-toast): replace hardcoded white icon color with inverse token
 2026-05-31 16:05:54 +02:00
Juan José Mata
9ccc2719c1 Forcing myself to bump by hand 2026-05-31 15:48:51 +02:00
Juan José Mata
bfe91cd881 New alpha train! v0.7.2-alpha.1 2026-05-31 14:13:41 +02:00
ghost
5f8452d63b ci(preview): stabilize Cloudflare preview deployments (#2062) 
* ci(preview): stabilize Cloudflare preview deployments

* ci(preview): bound diagnostics and cover artifact fallback

* ci(preview): isolate artifact deploy permissions

* ci(preview): tidy deployment comment rendering

* ci(preview): harden preview manifest generation

* ci(preview): fail on preview diagnostics failure
 2026-05-31 13:30:03 +02:00
Guillem Arias Fauste
ca8cbaa201 fix(dashboard): make Outflows widget responsive to its container, not the viewport (#2059) 
* fix(dashboard): make Outflows widget responsive to its container, not the viewport

The Outflows widget switched to its two-column (donut + category list)
layout on the `lg:` viewport breakpoint, but the card's real width is set
by the account sidebar and AI panel — and the two-column dashboard setting.
With those open the viewport stays >= lg while the card is only ~500px, so
the desktop layout was forced into a narrow card: the donut clipped and the
category list overflowed with names truncated to icons.

Switch the widget to container queries (`@container` + `@2xl:`) so it
responds to its own width: side-by-side when the card is wide, stacked (the
existing mobile layout) when narrow — regardless of sidebars, viewport, or
the dashboard column setting. Mobile/PWA is unchanged (already stacked) and
it degrades to always-stacked on browsers without container-query support.

Closes #2058

* fix(dashboard): keep w-16 base on Outflows categories header label

Restore the w-16 base width on the categories-header label column so all
eight responsive classes are uniform lg:->@2xl: swaps. The label now matches
its value/weight siblings and the narrow-width layout is identical to main's
current mobile rendering (zero regression). Addresses review feedback on the
asymmetric width drop.
 2026-05-31 09:14:46 +02:00
ghost
7580325418 fix(reset): scope family financial data resets (#1835) 
Centralize family financial reset cleanup behind an explicitly scoped service, update reset status docs, and add two-family regression coverage for destructive reset behavior.
 2026-05-31 00:21:34 +02:00
William Wei Ming
bc7e16ff16 Perf/dashboard endpoint optimization (#1897) 
* optimize net_category_totals() by using memoized cache

* fix issue - net_category_totals cache is never populated - suggested by coderabbitAI

* fix 422 error for service-worker

* remove warning of [assigned but unused variables] - income_statement.rb

* remove warnings of [assigned but unused] from Prism - income_statement_test.rb

* add some measurements to improve docstring coverage, follow CodeRabbit recommendation

* attach Skylight monitoring for dev env as well - use my own Skylight auth token

* integrate Skylight with my own account auth token for local benchmark

* fix PR review suggestion - Move fallback release-note copy to i18n keys

* follow PR review - Fix changelog GitHub fetch timeout bounding

* FIX - Variable shadowing; Prefer stubbing the specific instance over any_instance.expects

* fix CodeRabbit feedback - Reusing the same stub for both classifications hides a contract mismatch

* fix CodeRabbit FEEDBACK - Reconsider enabling Skylight by default in development

* fix CodeRabbitAI FEEDBACK - reconsider unconditionally enabling Skylight in development

* fix Security scan FEEDBACK before PR merge

* fix jjmata feedback
 2026-05-31 00:09:38 +02:00
William Wei Ming
f653fec96f Add HTTP timeout config to Provider::Github Octokit client (#2061) 2026-05-30 23:58:32 +02:00
Jeff
956c27df6b chore(ci): pin GitHub Actions to commit SHAs (#1811) (#1870) 
* chore(ci): pin GitHub Actions to commit SHAs (#1811)

Follow-up to #1810. The Node-24 upgrade left every workflow on mutable
tag refs (`actions/checkout@v5`, `actions/download-artifact@v7`, etc.)
which superagent-security[bot] flagged on the ci.yml + publish.yml
reviews.

Pin all 18 external actions to the commit SHA they currently resolve to
and add a trailing `# vMAJOR.MINOR.PATCH` comment so reviewers can see
the version. Local reusable-workflow refs (`uses: ./.github/...`) are
left alone — pinning those would defeat the point.

Closes #1811

* chore(ci): address review — persist-credentials + setup-node consistency (#1811)

Two pieces of follow-up feedback on the SHA-pinning PR:

- @coderabbitai (P1 nitpicks) + @JSONbored: add 'persist-credentials:
  false' to checkout steps in jobs that don't perform authenticated git
  operations. Adds the line to 17 read-only checkouts across 9
  workflows (chart-ci, ci, flutter-build, helm-publish, ios-testflight,
  llm-evals, preview-cleanup, preview-deploy, publish:build).
  Checkouts inside jobs that 'git push' (chart-release, mobile-build,
  mobile-release, helm-publish:second-checkout, publish:bump-pre_release)
  are intentionally left alone so they keep their token.

- @jjmata: preview-deploy.yml was the only workflow on
  actions/setup-node v6.4.0; everywhere else pinned v5.0.0. Standardise
  on v5.0.0 to match.

Dependabot config already has a github-actions ecosystem entry with a
weekly schedule, so no addition needed for that point.

* chore(ci): document intentional setup-node v6→5 normalization (#1811)

@superagent-security flagged the v6.4.0 -> v5.0.0 change in
preview-deploy.yml as a possible unintended downgrade. The downgrade
was deliberate, per @jjmata's review request to normalize setup-node
across all workflows. Add an inline YAML comment next to the line so
future scans don't re-flag it.

---------

Signed-off-by: Juan José Mata <juanjo.mata@gmail.com>
Co-authored-by: jeffrey701 <jeffrey701@users.noreply.github.com>
Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>
 2026-05-30 23:35:19 +02:00
dripsmvcp
f7df709e6d fix(snaptrade): import non-primary-currency cash as cash holdings (#1979) 
* fix(snaptrade): import non-primary-currency cash as cash holdings

Fixes #1809.

SnaptradeAccount#upsert_balances! picked a single cash entry (account
currency -> USD -> first) and stored only that in cash_balance; every
other currency's cash was discarded. A moomoo Canada account with CAD
$500 + USD $1000 imported only the CAD.

Persist the full balances snapshot (new raw_balances_payload column) and
surface each non-primary-currency cash entry as a synthetic per-currency
cash holding (Security.cash_for(account, currency:)), mirroring the
existing cash-security pattern. The primary currency stays in
cash_balance. HoldingsProcessor now also runs for cash-only balances, and
the Processor invokes it when there are holdings OR non-primary cash.
Cash holdings use a stable external_id so repeated syncs update rather
than duplicate.

* fix(snaptrade): encrypt raw_balances_payload and drop cash amount from log

Addresses PR #1979 review: Codex P1 (encrypt the newly persisted balances snapshot at rest, matching the other raw provider payloads) and CodeRabbit nitpick (do not log monetary amounts at info level).

* refactor(snaptrade): extract primary_cash_entry and harden balances test

PR #1979 review: extract the shared account-currency->USD->first cash selection into a private helper (CodeRabbit DRY nitpick); reorder the upsert_balances! test so the primary currency is not first, proving dig(:currency,:code) resolves it on string-keyed payloads rather than the entries.first fallback (jjmata).
 2026-05-30 23:29:37 +02:00
dripsmvcp
ea316b4277 fix(merchants): preserve manual merchant edits across provider sync (#1981) 
* fix(merchants): preserve manual merchant edits across provider sync

Fixes #1977.

Merging merchants, converting a synced (provider) merchant to a family
merchant, and unlinking a merchant all reassign transactions.merchant_id
via update_all without flagging the entries as user_modified. The next
provider sync sees the entries as unmodified and reverts the change.

Add Entry.mark_user_modified_for_transactions! and call it (before the
merchant_id update, so the scope still matches) in Merchant::Merger#merge!,
ProviderMerchant#convert_to_family_merchant_for, and #unlink_from_family.
The sync skip-guard already honours user_modified, so flagged entries are
left untouched on subsequent syncs.

* fix(merchants): pass transaction relation to bulk user_modified helper

Addresses PR #1981 review (CodeRabbit): mark_user_modified_for_transactions! now accepts an ActiveRecord::Relation and selects ids via subquery, so large merges/unlinks don't materialize ids or hit SQL parameter limits. Array of ids still supported. Callers pass the scope relation directly.
 2026-05-30 23:27:18 +02:00
Rene Arredondo
a002920bfb fix(charts): auto-fit donut center text to inner ring (#2002) (#2017) 
* fix(charts): auto-fit donut center text to inner ring (#2002)

* fix(charts): use Number.parseFloat for biome lint

* fix(charts): use rendered donut diameter and destructive token
 2026-05-30 16:20:21 +02:00
ghost
e28b883107 ci(preview): split PR image builds from trusted deploys (#2057) 
* ci(preview): split PR image builds from trusted deploys

* ci(preview): harden preview artifact handoff

Move the preview image artifact into the trusted preview workflow as a no-secret build job, gate deployment on base-trusted workflow definitions, and keep Cloudflare credentials isolated to the deploy-only job.

Also fail closed when the pushed image reference is not written into wrangler.toml and expand the preview deploy guard to enforce the same-run artifact and permission boundaries.

* ci(preview): move preview builds out of privileged trigger

* ci(preview): avoid secret-shaped wrangler env assignments

* ci(preview): keep wrangler credential env explicit
 2026-05-30 15:45:43 +02:00
Tân Một Nắng
7ad287c4db feat(i18n): add Vietnamese (vi) locale (#2043) 
* feat(i18n): add Vietnamese (vi) locale

- Add "vi" to SUPPORTED_LOCALES in LanguagesHelper
- Create 110 vi.yml translation files across all locale directories:
  breadcrumbs, models (27 files), views (75+ files), mailers, doorkeeper
- All files validated as valid YAML with no interpolation mismatches
- Fallback to English for any untranslated keys via existing fallbacks config

* fix(i18n): apply CodeRabbit review fixes to Vietnamese locale

- breadcrumbs: securities → Chứng khoán (was duplicate of security/Bảo mật)
- period label_short: distinguish years from days (5Năm/10Năm/NĐN vs N for days)
- imports: localize "Hover" → "Di chuột" in error hint
- recurring_transactions: transfer_feature_disabled uses "Chuyển khoản" not "Giao dịch"
- reports: YTD period labels "NNN %{year}" → "Từ đầu năm %{year}"
- sso_identities: explicit unlink success message instead of generic "Thành công"
- simplefin_items: standardize branding SimpleFin → SimpleFIN (4 occurrences)
- transactions: rename duplicate YAML key merge_duplicate → merge_duplicate_button
 2026-05-30 01:32:30 +02:00
Jeff
84ad60d541 fix(ai-chat): disable submit on empty input instead of surfacing 'Content missing' (#1697) (#1872) 
* fix(ai-chat): disable submit on empty input instead of surfacing 'Content missing' (#1697)

Empty-input clicks on the chat send button posted the form, which then
failed Message's `validates :content, presence: true` and surfaced
`Content missing` to the user. The right shape per ChatGPT / Claude
UX is to prevent the submission entirely until the input contains
non-whitespace content.

Add a `submit` target on the icon button and have the existing chat
Stimulus controller:

- Initialise the button to `disabled` when no `message_hint` is set.
- Toggle disabled on every input event (re-using the existing
  `autoResize` handler) based on `input.value.trim().length > 0`.
- Pre-clear disabled when a sample question is injected.
- Short-circuit the Enter-key submit path on empty content so keyboard
  users hit the same gate.

Closes #1697

* fix(ai-chat): drop server-rendered disabled attr, keep JS-driven gate (#1697)

Codex review (P1) + @JSONbored + @jjmata called out that rendering the
submit button with `disabled: message_hint.blank?` would lock the
form out for users without working JS (asset failure, exception during
Stimulus init, etc.). Server-side validation already catches empty
submits with a real error message — server-disabling the button on top
of that turns a soft fail into a hard one.

Remove the server-render `disabled:` attribute. The chat Stimulus
controller still runs `#updateSubmitState()` on connect, on every
input event, and after sample-question injection, and `handleInputKeyDown`
still short-circuits empty Enter submits. With JS the UX is identical;
without JS the form keeps its fallback path.

---------

Co-authored-by: jeffrey701 <jeffrey701@users.noreply.github.com>
 2026-05-30 01:30:11 +02:00
Meng
f397b1a722 chore(i18n): complete Chinese locale coverage (#2010) 
* i18n: expand Chinese locale batch 1

* i18n: expand Chinese locale batch 2

* i18n: expand Chinese locale batch 3

* i18n: expand Chinese locale batch 4

* i18n: expand Chinese locale batch 5

* i18n: expand Chinese locale batch 6

* i18n: expand Chinese locale batch 7

* i18n: expand Chinese locale batch 8

* i18n: expand Chinese locale batch 9

* i18n: expand Chinese locale batch 10

* i18n: expand Chinese locale batch 11

* i18n: expand Chinese locale batch 12

* i18n: expand Chinese locale batch 13

* i18n: expand Chinese locale batch 14

* i18n: expand Chinese locale batch 15

* i18n: finish Chinese locale coverage

* fix(i18n): quote zh-CN interpolation scalars

* fix(i18n): refine zh-CN locale wording

* fix(i18n): normalize Indexa Capital zh-CN copy

* fix(i18n): address zh-CN review feedback

* fix(i18n): resolve remaining zh-CN review items

* fix(i18n): refine remaining zh-CN copy

---------

Co-authored-by: Meng <19986978+ashanzzz@users.noreply.github.com>
Co-authored-by: Hermes Agent <hermes@local>
 2026-05-30 01:06:43 +02:00
ghost
adabc55937 ci(preview): isolate preview deployment tooling (#2025) 
* ci(preview): isolate deployment tooling

Keep PR preview source separate from the deployment toolchain by building a temporary deploy workspace from base-revision preview metadata and PR-owned source.

Add a focused CI guard so future preview workflow edits preserve the trusted tooling split.

* ci(preview): harden workflow guard checks

Address CodeRabbit feedback by making the preview deploy guard assertions collision-proof and more resilient to equivalent GitHub Actions expression and workspace path forms.

* ci(preview): normalize workflow guard paths

* ci(preview): defer workflow guard validation

* revert(preview): restore workflow guard validation

* ci(preview): gate preview deployments
 2026-05-30 00:54:20 +02:00
Wes
7685650e63 feat(assistant): add get_budget function for budget tracking (#1966) 
* feat(assistant): add get_budget function for budget tracking

Exposes the existing Budget / BudgetCategory pacing data to the AI
assistant as a `get_budget` function. Supports a target month and an
optional `prior_months` window for trend comparison, with the response
shape matching the budget UI (totals, income, per-category status,
suggested daily spend on the current month).

Honors custom month_start_day by matching `Budget.param_to_date`
semantics for explicit slug input, so `month` round-trips with the
response's `month` field.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* test(assistant): use fixture reference for Food & Drink lookup

Replace fragile string match on `bc.category.name == "Food & Drink"`
with the `categories(:food_and_drink)` fixture so the test setup
isn't sensitive to category-name translations.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* fix(assistant): enforce strict month format in get_budget

`Date.strptime` is lenient about trailing characters, so inputs like
`"2026-05-01"` or `"may-2026foo"` were parsing successfully and being
silently truncated to May 2026. Pre-validate the raw string with anchored
regex patterns for the documented YYYY-MM and MMM-YYYY shapes so
malformed tool arguments raise Assistant::Error instead.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* fix(budgets): suggested_daily_spending handles custom-month periods

The helper compared `budget.start_date.month/year` against
`Date.current.month/year` and returned nil whenever the current period
straddled two calendar months — common for families with
`month_start_day != 1` (e.g., May 15–Jun 14 viewed on Jun 1). Replace
the calendar-month check with `budget.current?` and compute remaining
days from `budget.end_date` so the helper works for both standard and
custom periods. This also restores the daily pacing row in the budget
UI for custom-month families.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* fix(assistant): make get_budget read-only for prior months

`prior_months: N` was calling `Budget.find_or_bootstrap` for every
month, which created empty `Budget` rows (and synced `BudgetCategory`
children) as a side effect of an AI query. Only the explicit target
month now bootstraps; prior months use `Budget.find_by` and are
dropped from the response if they don't exist. The response now
includes `months_unavailable: N` so the LLM can phrase a sensible
answer when fewer months come back than requested.

Extract `Budget.period_for(date, family:)` to share the date-bracket
math between `find_or_bootstrap`, `budget_date_valid?`, and the new
read-only path in `get_budget`.

Adds two tests covering the no-bootstrap behavior for prior months
and the `prior_months` clamp at `MAX_PRIOR_MONTHS`. Updates the
existing N+1 sorted-months test to seed prior budgets explicitly.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: wolstad <wesleyolstad@protonmail.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-30 00:51:16 +02:00
glorydavid03023
208b3dec9d fix(transactions): migrate transaction filter searches to DS::SearchInput (#1998) 
* fix(transactions): migrate filter sidebar searches to DS::SearchInput

Replace hand-rolled search fields that used invalid focus:ring-gray-500 with DS::SearchInput (:embedded). Align date filter focus styles with the DS focus ring pattern.

Refs #1715

* fix(transactions): localize filter search copy and align date focus ring

Address validator feedback by replacing hardcoded filter input labels with i18n keys and updating date filter focus classes to the current design-system ring pattern.

Co-authored-by: Cursor <cursoragent@cursor.com>

---------

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-05-30 00:48:17 +02:00
ghost
3bcc86f4a8 refactor(imports): back PDF imports with statements (#1786) 2026-05-30 00:22:25 +02:00
ghost
92549bb82a feat(settings): add reviewed category merge flow (#1754) 2026-05-30 00:12:54 +02:00
Rene Arredondo
d7f51c3c3c fix(currencies): add DOGE entry to config/currencies.yml (#2008) (#2030) 2026-05-29 23:47:40 +02:00
CrossDrain
2620653b2a fix(balance): derive waypoint start from day's flows to prevent double-counting and phantom bumps (#2031) 
* fix(balance): fix double-counting on reconciliation waypoints with same-day transactions

Waypoint branch was setting start = end = waypoint and passing real flows
to build_balance. Since end_balance is a PG generated column that recomputes
from flows, transactions were double-counted on waypoint days and the prior
gap day inherited a phantom jump.

Fix: pin only the end to the API value, derive start from the day's own
flows (same as current_anchor). Transaction attributed once, gap day
correct, investment cash/holdings split correct.

Adds regression test + GUI breakdown test verified against real PG columns
through UI::Account::BalanceReconciliation.

Fixes #2007.

* test(balance): add investment waypoint regression test

Covers reconciliation waypoint + same-day trade on investment accounts:
end_balance must match API-reported total (not double-count trade flows),
cash/non-cash flows must be preserved, and gap day total must be correct.
 2026-05-28 19:37:57 +02:00
Rene Arredondo
be2d3aa3bb fix(plaid): surface configuration/product-access errors from the Link flow (#1792) (#1991) 
* fix(plaid): surface configuration/product-access errors from Link flow (#1792)

* fix(plaid): harden Plaid Link onExit guard + nil-body JSON parse (#1792 review)

* fix lint check issue

* fix test unit check
 2026-05-28 14:55:21 +02:00
glorydavid03023
e13683c389 fix(enable_banking): migrate select_bank UI to DS primitives (#1997) 
Replace hand-rolled Beta pill and secondary cancel link with DS::Pill and DS::Link on the bank picker dialog.

Refs #1971
 2026-05-28 14:50:49 +02:00
CrossDrain
52083d5774 feat(reports): add Period Return card to Investment Performance (#1962) 
* feat(reports): add Period Return card to Investment Performance tab

Surfaces market-only return (absolute + %) for the selected period using
net_market_flows from the balances table, excluding contributions and
withdrawals. Appears in both the interactive report and the print view.

* docs: remove TODOS.md; fold FX fallback caveat into PR description

The single V2 item (Period Return's 1:1 FX fallback on missing rates) is
now documented under Known Limitations in the PR description, so a tracked
file in the repo root is redundant.

* fix(investment_statement): align start_value denominator scope and FX handling

Add status filter to match absolute_return, and move FX conversion into
SQL so pre-period balances are found even when an account's currency was
changed after balances were recorded.
 2026-05-28 14:49:04 +02:00
glorydavid03023
79ad3e764f fix(views): DS drift — sankey tooltip tokens (#1996) 
* fix(views): DS drift sankey tooltip and imports icon token

Replace raw palette classes on the cashflow Sankey tooltip with functional tokens (aligned with time_series_chart). Use bg-surface for the YNAB import option icon background.

Refs #1971, #1951

* fix(views): add privacy-sensitive sankey tooltip class

Align the sankey tooltip with privacy mode masking by appending privacy-sensitive while keeping the DS tokenized tooltip styling.

---------

Signed-off-by: glorydavid03023 <glorydavid03023@gmail.com>
 2026-05-28 00:17:47 +02:00
galuis116
2e55bbe294 fix(jobs): delegate recurring-transaction sync gate to Sync.for_family (#1975) 
* fix(jobs): delegate recurring-transaction sync gate to Sync.for_family

`IdentifyRecurringTransactionsJob#family_has_incomplete_syncs?` hand-rolled
the list of provider `*_items` associations it polled — plaid, simplefin,
lunchflow, enable_banking, sophtron — missing nine other `Syncable`
provider concerns on `Family`: coinbase, binance, kraken, coinstats,
snaptrade, mercury, brex, indexa_capital, ibkr. When a sync on any of those
nine was in flight, the debounce gate fell through and
`RecurringTransaction::Identifier` ran against a partial dataset; the
follow-up re-enqueue then hit the `find_or_initialize_by` upsert path and
inherited the stale `occurrence_count`. Same drift pattern that bolted
sophtron on as the 5th entry (#591) was already an iteration of.

The maintainers' own `Sync.for_family` (sync.rb:61) already enumerates every
`*_items` association via `Family.reflect_on_all_associations(:has_many)`
filtered by inclusion of `Syncable` — exactly the helper the gate should
delegate to so the list cannot drift again.

- Add `Sync.any_incomplete_for?(family)` class method that wraps
  `for_family(family).incomplete.exists?`.
- Rewrite `family_has_incomplete_syncs?` to delegate. 14 lines → 1.
- New test file `test/jobs/identify_recurring_transactions_job_test.rb`
  covers in-flight Coinbase + Mercury (gate fires), idle (identifier runs),
  missing family, and superseded-by-newer-schedule.
- `test/models/sync_test.rb` gets 2 new tests pinning
  `any_incomplete_for?` against a provider `_items` sync and a
  family-itself sync.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* test(jobs): stub Rails.cache.read for supersession test (NullStore in test env)

`Rails.cache` is `ActiveSupport::Cache::NullStore` in the Rails test env, so
the previous test's `Rails.cache.write(cache_key, @scheduled_at + 10, ...)`
was a no-op and `Rails.cache.read(cache_key)` returned `nil`. The
supersession short-circuit `return if latest_scheduled && latest_scheduled
> scheduled_at` then fell through, the job proceeded to invoke
`RecurringTransaction::Identifier`, and the Mocha
`.expects(:identify_recurring_patterns).never` failed in CI.

Switch to `Rails.cache.stubs(:read).with(cache_key).returns(...)` — the
same idiom `test/models/provider/twelve_data_test.rb:186-197` already uses
for the cache layer. Add an `assert_nil` on the bare `perform` return so
Minitest's assertion counter sees an explicit assertion (silences the
"missing assertions" warning).

No production-code change. Behavior under test is unchanged; only the test
mechanism for simulating "newer scheduled run already in cache" is fixed.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-28 00:01:34 +02:00
Brian Richard
174f7e6be6 feat(binance): add full account sync and transaction processing (#1822) 
* feat(binance): add full account sync and transaction processing

- Fixed a bug that hindered Account setup
- Wire up Binance accounts, sync statistics, and unlinked account tracking in the accounts dashboard.
- Support setting a sync_start_date during Binance account setup.
- Set Binance accounts' opening balance to zero to ensure the ledger builds cleanly from the actual trade history.
- Expand the Binance importer and processor to handle Spot, Margin, Earn, P2P, and Futures trades and assets.
- Implement TransactionBuilder to parse raw Binance trades, accurately calculating fees, base/quote asset amounts, and market values for proper ledger integration.
- Update Binance API timeout (`recvWindow`) to 60,000ms to prevent connection drops.

These changes provide comprehensive support for tracking Binance portfolios, ensuring accurate historical ledgers and proper visibility of sync statuses in the frontend dashboard.

* refactor(binance): enforce strong params, double-entry safety, and native fiat currency support

- Implement strong parameters in BinanceItemsController#complete_account_setup to satisfy Rails security guidelines.
- Add robust date parsing with a grace fallback to prevent controller crashes on malformed sync start dates.
- Wrap P2P transaction creations inside a database transaction block to guarantee ledger integrity and prevent orphan records.
- Optimize P2P deduplication queries by batching checks for both transaction and funding external IDs.
- Shift P2P entry persistence from forced USD tracking to native fiat values extracted directly from the Binance API payload.
- Update BinanceAccount::ProcessorTest assertions and fixtures to validate native fiat and fee calculation logic.

* fix(binance): process sync trades before caching transaction payload

- Reorder Binance processor execution to insert trade records into the database prior to updating the `raw_transactions_payload` cache. This guarantees that if a database insertion fails, the cache won't prematurely mark the sync as successful, ensuring the data is retried on the next run.
- Move `set_opening_anchor_balance(balance: 0)` out of the generic crypto exchange account builder and apply it specifically during Binance account creation.
- Refactor date parsing in BinanceItemsController to explicitly catch `ArgumentError` via a block instead of using a blanket inline `rescue`.
- Clean up the `setup_accounts` view template by removing hardcoded default translation strings.

* fix(binance): enhance trade sync logic and error propagation

- Pass `startTime` (from `sync_start_date`) to spot and futures trade endpoints on initial sync to optimize data fetching.
- Include previously synced futures pairs alongside spot pairs when resolving relevant symbols to properly recover sold-out assets.
- Re-raise exceptions in processor rescue blocks to prevent silent failures and ensure errors are correctly propagated to background jobs.
- Decrease Binance API `recvWindow` from 60000ms to 5000ms to align with recommended default timeout values.
 2026-05-27 23:58:00 +02:00
CrossDrain
a3609b81d3 fix(enable_banking): clear stuck pending flag when ASPSP reuses same transaction_id (#1982) 
* fix(enable_banking): clear stuck pending flag when ASPSP reuses same transaction_id for booked version

* fix: scope pending→booked bypass to user_modified entries only

* refactor: extract clear_pending_flags_from_extra helper to deduplicate pending-flag removal logic

* refactor: use clear_pending_flags_from_extra in user_modified bypass path

* fix(provider_import_adapter): add type check in clear_pending_flags_from_extra

Add a check to ensure that the value associated with a provider key in
the `extra` hash is a Hash before attempting to call `delete` on it.
This prevents a `NoMethodError` when encountering malformed data where
the provider key exists but does not map to a Hash.

* fix(provider_import_adapter): fix indentation and ensure proper return in clear_pending_flags_from_extra

* fix(provider_import_adapter): make clear_pending_flags_from_extra private

* fix: guard clear_pending_flags_from_extra against non-Hash extra values
 2026-05-27 23:36:33 +02:00
Alessio Cappa
b3fce37424 fix: Keep with auto for category badge (#1963) 2026-05-27 23:34:42 +02:00
CrossDrain
b8ebb24e8b fix(holdings): carry provider cost_basis forward to calculated rows past snapshot date (#1818) 
* fix(holdings): carry provider cost_basis forward to calculated rows

Providers like IBKR Flex emit holdings on report_date and only
include trades within the query window. The reverse calculator + gapfill therefore produces rows past report_date with nil cost_basis, even though the provider supplied a basis on the snapshot. That nil basis silently blanks `Trend`, the Reports "Total Return" card, the Top Holdings return column, and Gains by Tax Treatment, because every one of them gates on `holding.avg_cost`.

When a calculated row would otherwise have no usable cost_basis, backfill it with the most recent provider-supplied cost_basis for the same (security, currency) on or before the holding date. Existing calculated/manual values are preserved (they outrank a provider carry-forward), and existing provider carry-forwards are refreshed when a newer snapshot supersedes them.

* - Fix currency mismatch: provider snapshots were keyed by (security_id,
  currency) but calculated rows use account currency while IBKR provider
  rows use the security's native currency (e.g., USD vs EUR). Now keyed
  by security_id only; carry_forward_provider_cost_basis converts via
  Money#exchange_to at the snapshot date (same convention as
  ReverseCalculator for trade prices), with a ConversionError fallback.
- Trim long inline comment to three lines
- Fix safe-nav inconsistency: existing.cost_basis.positive? ->
  existing&.cost_basis&.positive?
- Add test: refreshes stale carry-forward when a newer provider snapshot
  arrives
- Add test: carry-forward is a no-op for forward-strategy accounts with
  no provider holdings

* fix(holdings): prevent overwriting zero-valued manual cost basis

Ensure that manual cost basis entries with a value of zero (e.g., for free
shares) are not overwritten by provider carry-forward values during
materialization.

Additionally, updated the logic to allow zero-valued manual or
calculated cost bases to be preserved, and added tests to verify
currency conversion and error handling during cost basis carry-forward.

* refactor(holdings): allow zero-valued cost basis in provider snapshots

Remove the filter that restricted provider cost basis snapshots to values
greater than zero. This ensures that manual cost basis entries with a
value of zero (e.g., for free shares) are correctly captured and
available for carry-forward logic.

* perf(holdings): optimize provider cost basis snapshot lookup

Filter provider cost basis snapshots by the security IDs present in the
current holdings set to reduce the amount of data loaded into memory.

* refactor(holdings): move PortfolioCache FX fix to dedicated branch

Remove date-accurate exchange rate fix from this branch — it has been
split into fix/portfolio-cache-historical-fx-rate to keep concerns
separate.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* revert(portfolio_cache): restore date-accurate FX in get_price

36676784 removed date: date from exchange_to intending to move it to
fix/portfolio-cache-historical-fx-rate, but that branch was a duplicate
of db1051d2 which was already in main. The revert therefore regressed
portfolio_cache.rb below main's state. Restore the historical exchange
rate lookup so this branch no longer removes a fix already present in main.

* fix(portfolio_cache): restore date-accurate FX and its test

36676784 removed date: date from exchange_to and deleted the historical
FX test, intending to carry them in fix/portfolio-cache-historical-fx-rate.
That branch was a duplicate of db1051d2 already in main, so the removal
regressed portfolio_cache.rb below main's state. Restore both.

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-27 23:33:08 +02:00
dripsmvcp
ab52b2b144 fix(family-sharing): prevent silent data loss when rehoming or removing users (#1896) 
* fix(family-sharing): prevent silent data loss when rehoming or removing users

Fixes #1689.

Two destructive paths could strand a pre-existing user's family and accounts:

1. Invitation#accept_for unconditionally overwrote user.family_id, orphaning
   the prior family + its accounts with no user able to reach them.
2. Settings::ProfilesController#destroy then called @user.destroy when an admin
   removed the rehomed member, destroying the only login path back to the
   now-orphaned data.

Add hard-block guards on both paths. accept_for refuses when the invitee
already belongs to a family with accounts; ProfilesController#destroy refuses
when the member owns accounts in another family (legacy state from the old
flow). InvitationsController#create surfaces a specific, actionable flash so
the admin understands why the auto-accept was refused.

No automatic recovery of already-orphaned data — that needs a separate
one-shot script per dosubot's analysis on the issue.

* fix(family-sharing): scope invite orphan-guard to invitee-owned accounts (#1896 review)

Codex flagged (P1) and the maintainer review independently raised that
would_orphan_existing_family? keyed off user.family.accounts.exists? —
any account in the invitee's current family — which wrongly blocked a
non-owner member from leaving a multi-user household.

Rename to would_orphan_owned_accounts? and key off
user.owned_accounts.where.not(family_id: family_id), making the invite
guard symmetric with the destroy-path guard in
Settings::ProfilesController. A member who owns no accounts now orphans
nothing by moving and is free to accept the invitation; an owner is
still blocked.

Add a regression test for the non-owner case and update the existing
tests to give the invitee explicit account ownership.

* Remove extra comments per project conventions

---------

Co-authored-by: Juan José Mata <jjmata@jjmata.com>
 2026-05-27 23:25:46 +02:00
sentry[bot]
12aff3cef7 fix(settings): add nil-safe operator to Current.family.can_manage_subscription? (#2006) 
Co-authored-by: sentry[bot] <39604003+sentry[bot]@users.noreply.github.com>
 2026-05-27 23:22:20 +02:00
Blaž Dular
326595ad71 fix(accounts): show activity label instead of category for accounts supporting trades (#1993) 2026-05-27 23:04:42 +02:00
Juan José Mata
1bbc2ea25d Remove Gittensor labeling 2026-05-27 21:28:49 +02:00
Juan José Mata
0342958a32 Create SECURITY.md template for security policy and reporting 
Added a security policy document outlining supported versions and vulnerability reporting.

Signed-off-by: Juan José Mata <juanjo.mata@gmail.com>
 2026-05-27 09:35:10 +02:00
CrossDrain
3e2990a52c feat(ibkr): compute net_market_flows from IBKR equity equity delta and trade flows (#1970) 
* feat(ibkr): compute net_market_flows from IBKR equity delta and trade flows

Replace the hardcoded net_market_flows: 0 in HistoricalBalancesSync with an
exact derivation from IBKR's own equity summary data, eliminating any
dependency on third-party security price providers for Period Return.

Formula: nmf = Δnon_cash - net_buy_sell
  - non_cash = IBKR equity total - materializer cash (exact per IBKR)
  - net_buy_sell = sum of trade amounts converted to base currency using
    the stored fx_rate_to_base (IBKR's own FX rate, already on Trade#exchange_rate)

Sets non_cash_adjustments = net_buy_sell so the virtual column identity
(end_non_cash_balance = start + nmf + adjustments) resolves to IBKR's
exact equity figure.

* test(ibkr): add sell-trade and no-trade nmf tests; fix memoization guard

- Add test: sell trades (negative amount) correctly isolate market loss in nmf
- Add test: no-trade scenario produces nmf = full Δnon_cash
- Fix: `return {} unless account` inside ||= exited the method without memoizing;
  restructure to `if account ... else {} end` so the result is always cached

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix(ibkr): exclude dividend/interest trades from net_buy_sell; use historical FX date

Addresses two issues flagged in code review:

- P1: trades with qty=0 (Dividend, Interest) were included in net_buy_sell,
  inflating/deflating nmf on dates with income events. Filter to qty != 0 at
  the SQL level so only buy/sell trades affect the market-flow calculation.

- P2: Money#exchange_to defaulted to Date.current when no custom_rate was
  stored, causing historical nmf to drift as FX rates change over time.
  Pass date: entry.date so the fallback lookup uses the trade's own date.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* test(ibkr): cover Money::ConversionError fallback in trade_flows_by_date

Adds a test that stubs Money#exchange_to to raise ConversionError for a
cross-currency trade with no stored exchange_rate, verifying that the
rescue clause falls back to entry.amount and that nmf and
end_non_cash_balance still resolve correctly.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix(ibkr): log warning when FX conversion falls back to unconverted amount

When Money::ConversionError is raised for a cross-currency trade with no
stored exchange_rate, warn with entry currency, account currency, date,
amount, and entry/account IDs so the silent fallback is visible in logs.
Same-currency ConversionErrors (unexpected but possible) stay silent.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix(ibkr): skip unconvertible FX trades, redact log, tighten join

- On Money::ConversionError, skip the entry from net_buy_sell rather
  than falling back to the raw amount (which treated e.g. EUR as CHF);
  nmf now absorbs the full Δnon_cash for that date instead of silently
  misstating period return
- Remove entry amount, entry ID, and account ID from the FX warning log
  to avoid exposing financial data in log output
- Consolidate entryable_type guard into the JOIN condition rather than a
  separate WHERE clause
- Add inline comment on the first-day zero case to distinguish intent
  from a bug
- Update ConversionError test to assert skip behavior (nmf=200, not 50)

* fix(ibkr): exclude dates with unconvertible FX trades from balance upsert

* fix(ibkr): skip upsert_all when all balance rows are filtered by failed FX dates

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-26 22:48:23 +02:00
Alessio Cappa
bc3e5a824f feat: Add pagination in merchants page (#1965) 
* feat: Add pagination in merchants page

* fix: Add separate paginations for family/provider merchants

* refactor: simplify conditions in view
 2026-05-26 22:17:00 +02:00
Rene Arredondo
946c4d0391 fix(i18n): use %{product_name} in api_keys usage_instructions (#1505) (#2000) 2026-05-26 20:48:34 +02:00
Alessio Cappa
e0537a45e1 fix: Avoid overlay in provider section on mobile (#1990) 
* fix: Avoid overlay in provider section on mobile

* feat: Reduce gap between divs

* fix: keep all the elements inside a dedicated container to avoid accessibility issues with the summary node
 2026-05-26 09:56:42 +02:00
Sure Admin (bot)
d8a12ad6be fix(preview): only redeploy on preview-cf label changes (#1980) 2026-05-25 15:31:00 +02:00