The review and confirm steps were rendering as wide editable tables
inside a `sm:max-w-3xl` dialog (~768px). The inputs alone consumed
~750px before padding, so on smaller desktop windows the content was
clipped left/right, and on mobile it was effectively unusable.
Two-pronged fix:
- Widen the dialog itself to `md:max-w-5xl xl:max-w-6xl` so the table
has room on typical desktops. Mobile stays full-width minus margin.
- Split each step into responsive layouts gated by Tailwind's `md:`
breakpoint. Desktop keeps the editable table (now with fixed-width
columns, an inline status badge instead of a separate Status column,
and `overflow-auto` as a graceful fallback at intermediate widths).
Below `md:`, rows render as stacked cards — checkbox + date + status
on top, description full-width, amount + type wrapped, transfer
destination dropping below when applicable. Same data, no horizontal
scrolling on phones.
The Confirm step's expand-to-preview table gets the same treatment:
table on desktop, summary cards on mobile.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The new statements module was hitting type-safety errors from
typescript-eslint's recommendedTypeChecked config:
- parse-statement.dto.ts: tighten the Transform decorator's signature so
the JSON.parse path returns a typed object or undefined, not `any`.
- duplicate-detector.service.ts: drop the unused
WEAK_DESCRIPTION_SIMILARITY constant left over from earlier logic.
- csv.parser.ts and ofx.parser.ts: the parse() methods were `async`
without any `await` (require-await). Convert them to non-async
functions that return a Promise — wrap parseSync() in a try/catch so
thrown errors still surface as rejected promises for spec callers
that use `.rejects.toThrow()`.
- ofx.parser.ts: replace `require('node-ofx-parser')` with a typed
`import * as ofxLib`, backed by a hand-written declaration file at
src/types/node-ofx-parser.d.ts that captures the bank + credit-card
transaction shapes we consume.
- pdf.parser.ts: import the typed `PDFParse` class from pdf-parse
directly instead of lazy-requiring it as `any`. Keep the test seam
but back it with a typed PdfTextExtractor function instead of the
ad-hoc `any` shape.
Also pulls in the prettier reformat that `eslint --fix` produced across
the touched files and their specs.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Lets a user upload a CSV, OFX/QFX, or PDF bank statement, parses the
transactions, flags duplicates and possible transfers against existing
records, and bulk-creates the accepted rows after a final read-only
confirmation step.
Backend
- New `statements` module with CSV (papaparse), OFX/QFX (node-ofx-parser),
and PDF (pdf-parse) parsers behind a `StatementParser` strategy
interface; format detected by content sniffing + extension.
- `DuplicateDetectorService` checks FITID/externalId exact matches first,
then a date+amount+description Jaro-Winkler heuristic, then cross-account
transfer pairing.
- New `POST /statements/parse` (multipart, in-memory, 10MB cap) returns the
parsed preview without writing, including per-row `status` (`new`,
`duplicate`, `needs_review`, `possible_transfer`) and any `needsMapping`
payload when CSV headers are unrecognized.
- `POST /transactions/bulk` accepts up to 500 rows, chunks them 50 at a
time inside `prisma.$transaction`, applies balance deltas, and writes a
single `ActivityLog` row per chunk instead of one per transaction.
- Schema: nullable `external_id` column on `Transaction` plus composite
indexes on `(account_id, external_id)` and `(account_id, date)` for fast
dedupe-window queries. Not encrypted — it's an opaque bank ID used as a
lookup key.
Frontend
- `ImportStatementDialog` runs a 4-step wizard: Upload → Column Mapping (if
needed) → Review (editable table with duplicate/transfer badges) →
Confirm (read-only summary with projected per-account balance impact and
count-bearing primary button). The Confirm step gates the actual write,
and Back to Review preserves all edit/checkbox state.
- New `bulkCreateTransactions` action on the transactions store.
- "Import Statement" button added next to Export on the Transactions page,
with a success toast and a refresh of the transactions + accounts stores.
Tests
- 306 backend tests (29 suites), 195 frontend tests (31 suites), all green.
- Fixtures under `test/fixtures/statements/` cover three CSV sign
conventions (signed-amount, debit/credit, credit-card), OFX 1.x SGML,
OFX 2.x XML, and a credit-card QFX with the CCSTMTRS branch.
Versions bumped to 0.4.0 on both packages per the lockstep rule.
NOTE: the Prisma migration in
`prisma/migrations/20260527203542_add_transaction_external_id/` still
needs to be applied to the live database with `prisma migrate deploy` —
the DB at 10.0.3.82 wasn't reachable from the dev environment.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
react-pdf@10.4.1 has an exact pdfjs-dist@5.4.296 dependency, but our
top-level pdfjs-dist resolved to 5.7.284, so the worker we shipped
mismatched the API code react-pdf called into and PDFs failed with:
"The API version 5.4.296 does not match the Worker version 5.7.284".
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Production deploy returned the worker module with
Content-Type: application/octet-stream — nginx's bundled mime.types
doesn't map .mjs and X-Content-Type-Options: nosniff stopped Firefox
from executing it, so PDFs failed with "Setting up fake worker failed".
Switch the worker import from ?url to ?worker and assign workerPort, so
Vite emits the worker as a regular hashed .js chunk that nginx already
serves correctly. Also add a nginx fallback that maps .mjs to
text/javascript for any future module assets, and include text/javascript
in gzip_types.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Browsers' native PDF viewer refused to load blob-URL PDFs inside the
ReceiptViewer iframe (the "Click here to load" placeholder did nothing,
even though Open-in-new-tab worked). Replace the iframe with react-pdf
rendering on a canvas so we no longer depend on the in-iframe viewer:
fit-to-width Page, paginated nav for multi-page docs, selectable text
layer, and a Print button. The viewer is React.lazy-loaded so image-only
users don't download the pdfjs worker chunk.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Notes were write-only outside the edit form — visible nowhere in the
Transactions or Account Detail tables. Each row now has a chevron
toggle (alongside Edit/Delete) that reveals the notes in a second row,
mirroring the History page's expand pattern. Bumps both packages to
0.2.0 to keep frontend and backend in lockstep for the Harbor push.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The deployed backend was crashing at startup with `Node.js 20 detected
without native WebSocket support` from @supabase/realtime-js. Native
WebSocket landed in Node 22.4 — bumping the base image is cleaner than
shimming `ws` as a transport (no extra dep, no constructor wrapper).
Bumped in three places to keep everything aligned:
- tehriehlbudget-backend/Dockerfile (runtime + build stages)
- tehriehlbudget-frontend/Dockerfile (build stage; nginx runtime
unaffected)
- .gitea/workflows/ci.yml (test + lint jobs use the same Node)
@types/node is already on ^22.10.7, so no type-side changes needed.
Bump backend and frontend to 0.1.6 (frontend forced by per-service
push gate; no functional change).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The deployed backend was crashing with `Cannot read properties of
undefined (reading 'CREDIT')` on `client_1.AccountType.CREDIT`. The
.prisma/client/index.js inside the image was the unpopulated stub
that ships with @prisma/client; the schema-specific client (enums,
models, etc.) wasn't there.
Cause: pnpm deploy --prod pulls a fresh @prisma/client from the pnpm
store rather than copying the live, post-generate state of
/repo/node_modules/@prisma/client. The store copy ships with the stub.
Our previous `cp -r /repo/node_modules/.prisma` overlay attempted to
fix it but didn't land where node's resolver looks from /deploy.
Fix: re-run prisma generate against /deploy after pnpm deploy,
invoking the CLI from /repo (devDeps still present there) but with
cwd=/deploy so the generator writes into the deployed @prisma/client.
This produces a runnable image with the right enums/models in place.
Bump backend and frontend to 0.1.5 (frontend forced by per-service
push gate; no functional change).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
app.module.ts imports @nestjs/config at runtime, but it was listed
under devDependencies. pnpm deploy --prod correctly stripped it,
producing a runnable-shaped image that crashes on boot with
`Cannot find module '@nestjs/config'`. Move it to dependencies and
let the lockfile reclassify accordingly.
Bump backend and frontend to 0.1.4. Frontend has no functional change
— forced bump to satisfy the per-service push gate in CI.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Two production-only failures the CI scan didn't catch:
Backend: the running container was crashing with `Cannot find module
'/app/dist/main'`. nest build was emitting `dist/src/main.js` instead
of `dist/main.js` because tsconfig.json had no rootDir, so tsc inferred
it as `.` and preserved the src/ subdirectory in the output. Set
`rootDir: "./src"` to flatten the output. Also exclude prisma/ from
tsconfig.build.json so prisma/seed.ts (a ts-node script that lives
outside src/) doesn't trip the rootDir check during builds.
Frontend: containers came up but were marked unhealthy because the
deployment's healthcheck targeted port 80 — which nginx-unprivileged
can't bind. Add a HEALTHCHECK directive to the image pointing at 8080
so any orchestrator inherits a working default. Compose-level
overrides still need to be updated independently.
Also clean up build-artifact gitignore patterns: *.tsbuildinfo and
compiled prisma/seed.* (a stale tsc invocation against the old
build config emitted them locally; they shouldn't ever be committed).
Bump backend and frontend to 0.1.3 — the broken 0.1.2 images are now
occupying those tags in Harbor.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The push job's existence check runs per-service; leaving frontend at
0.1.1 (already in Harbor) would fail the gate even though only the
backend image needed fixing. No frontend code changed — this is a
forced bump to satisfy the per-service tag-overwrite guard. Harbor's
layer dedup keeps the storage cost negligible.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Both packages were last published at 0.1.0 unsigned. The next push
attaches a cosign signature, which is a property of the published
artifact, so the version tag has to move forward — and the workflow's
own pre-push existence check would otherwise refuse to overwrite the
existing 0.1.0 digests in Harbor.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Trivy flagged 33 HIGH/CRITICAL CVEs on the frontend image, all in OS
packages on the alpine 3.21.3 base that nginxinc/nginx-unprivileged:1.27
ships (libcrypto3, libssl3, libpng, libxml2, libexpat, musl, nghttp2,
zlib). The fixes are all backported into Alpine 3.21's package repo;
the base image just hadn't been rebuilt since they landed.
Run `apk upgrade --no-cache` in the runtime stage to pull the patched
-r versions before installing gettext. Keeps the nginx version pinned
at 1.27 (stable) while picking up Alpine's security-only patches.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Wires up the CD half of the pipeline. New jobs build multi-stage Docker
images for the frontend and backend, run a Trivy image scan that fails
on HIGH/CRITICAL findings, and push to harbor.tehriehldeal.com on main
only. Each push tags <version> (from package.json), <sha>, and latest;
a pre-push existence check refuses to overwrite a version tag that
already points at a different digest, forcing a real bump.
The Vite frontend now reads runtime config from window.__RUNTIME_CONFIG__,
populated by /config.js which nginx renders from container env vars at
startup via envsubst. A getConfig() helper falls back to import.meta.env
for `pnpm dev` and Vitest, so existing test scaffolding keeps working.
PWA workbox excludes /config.js from precache and serves it NetworkOnly
to keep stale config from surviving a container restart.
Bumps frontend 0.0.0→0.1.0 and backend 0.0.1→0.1.0 (production
deployment is a meaningful new capability for both packages).
Also fixes four pre-existing tsc -b errors that the new vite build step
in the frontend Dockerfile would otherwise hit: global.fetch →
globalThis.fetch in three test files, null-guard in Activity.tsx
account filter, type cast on Recharts Pie onClick in Dashboard.tsx,
typed callback signature on the auth.test.ts onAuthStateChange mock.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Three categories of change, all required for `pnpm lint` and
`pnpm format:check` to exit clean:
Type-safety fixes in backend production code:
- Add Express type augmentation for `Request.user` so AuthGuard,
CurrentUser decorator, and EncryptionInterceptor can drop their
`any`-typed `getRequest()` calls
- Replace `data: any` patterns in AccountsService, TransactionsService,
and ActivityLogService with proper `Prisma.*UncheckedCreateInput` /
`Prisma.*UncheckedUpdateInput` / `Prisma.DateTimeFilter` types
- Type AdvisorService's `stripPII` recursion as `unknown`-narrowing
and the Ollama fetch response as a structured shape
- Type SupabaseService's client via `ReturnType<typeof createClient>`
to side-step the SupabaseClient generic-arity mismatch
- Type the snapshot/summary helpers' Decimal fields as
`Prisma.Decimal | number | string` instead of `any`
- Mark `bootstrap()` in main.ts as `void`-prefixed
Type-safety fixes in frontend production code:
- Type `(v: any)` SelectValue render callbacks as `string | undefined`
across TransactionForm, Transactions, Activity, Accounts
- Type form submit handlers in Transactions and AccountDetail with
the existing `TransactionFormData` interface
- Type the Recharts onClick entry in Dashboard
ESLint config tuning:
- Backend: relax the `no-unsafe-*`, `require-await`, `unbound-method`,
and `no-unused-vars` rules for `*.spec.ts` files only — Jest mocks
cannot satisfy strict typing without disproportionate ceremony
- Frontend: ignore `coverage/`, relax `no-explicit-any` in test
files, demote `react-refresh/only-export-components` to warning
inside `components/ui/` (shadcn intentionally co-locates `cva`
variants with components), demote `react-hooks/set-state-in-effect`
to warning across the project (5 legitimate-but-suboptimal patterns
that need component-level refactoring)
Tooling:
- Add prettier as a root workspace devDependency so `pnpm format:check`
resolves the binary
- Run `pnpm format` once to baseline the codebase against the
configured prettier ruleset (singleQuote, trailingComma, printWidth
100, tabWidth 2)
Backend tests: 213/213 still pass. Frontend tests: 170/170 still pass.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Brings the frontend up from 27% to 76% statements (and 28% to 78%
lines) by adding focused render-and-interact tests for every page
(Login, Signup, Categories, Accounts, AccountDetail, Activity,
Transactions, Dashboard) and the previously-untested components
(ChartTooltip, PWAUpdatePrompt, ReceiptViewer, TransactionForm), plus
the stay-logged-in helpers in lib/supabase.ts. The page tests stub
recharts ResponsiveContainer (which doesn't lay out in jsdom) and mock
the Zustand stores at the module level so the harness exercises real
component logic — data fetching on mount, deeplink seeding for
?accountId / ?categoryId / ?new, range / date / filter wiring,
confirmation dialogs, advisor wiring with the dashboard period, and
balance-history refetches on AccountDetail.
The remaining ~22% gap is concentrated in the deeper page interactions
(pagination handlers, edit/delete dialog flows, valuation logging on
market-value accounts) and would take a larger pass to close.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Excludes pure-wiring files from coverage measurement (backend NestJS
modules and main.ts; frontend ShadCN UI primitives, the test harness,
*.d.ts files, and config files) so the numbers reflect actual business
logic rather than DI boilerplate. Adds the missing
activity-log.controller spec, fills the encryption service round-trip
branch, and lifts the frontend stores from ~70% to ~99% by covering
auth.initialize and onAuthStateChange, optimistic reorderAccounts,
transactions.updateTransaction and fetchAllTransactions,
advisor.startConversation/sendMessage error and period-forwarding paths,
aggregations.fetchCashFlow, and the previously-untested activity store.
Also new lib tests for the auth-aware fetch wrapper, date helpers, and
account-type predicate.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Previously the advisor always analyzed the current calendar month and
compared it against the previous calendar month, regardless of which
range the user had selected on the dashboard. That meant clicking
"Last 90 days" updated the cards but the advice was still scoped to
this month — the two surfaces disagreed on what "now" meant.
The chat payload now carries an optional period { startDate, endDate,
label } that the dashboard derives from its existing range state. When
present, the service uses that window as the current period and the
equal-length window immediately before it as the comparison period
(so "Last 30 days" pairs naturally with the prior 30 days). Period
labels flow into the prompt sections so the model talks about the
window the user is actually looking at. The legacy /advisor/insights
GET endpoint and any caller that omits the period keep the original
this-month / last-month behavior.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The follow-up input's value lived on Dashboard, so every keystroke
re-rendered the entire page. Recharts replays its label animation on
each render, which is why the indicator lines and category labels
disappeared until typing settled. Extracts the form into a child
component that owns its own input state so keystrokes no longer escape
to the parent.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces the JSON.stringify dump in the History page expansion with a
per-entity-type labeled grid: transactions show Date / Type / Amount /
Description / Account / Destination / Category, accounts show Name /
Type / Balance / Institution, valuations show Date / Value / Account.
Account and category IDs resolve to names with a "(Deleted account)"
fallback for references whose row is gone.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Adds an Export CSV button on the transactions list and on each account
view, opening a modal that combines quick-range presets (last 30/60/90
days, this year, all time) with custom start/end date pickers. The
export pulls every matching transaction (not just the current page) and
deliberately omits any receipt path.
Adds a History page in the side menu that lists every recorded
create/update/delete with a color-coded badge, expandable JSON
snapshot, and filters by entity, action, account, and date. Each
account view gets a History button that deeplinks the page filtered to
that account, so a balance discrepancy can be traced back to a deleted
transaction without scrolling the global log.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Account and transaction deletes were one misclick away from wiping
history with no prompt. New ConfirmDialog gates every Trash2 button
(account delete, transaction delete on Transactions and AccountDetail,
valuation delete). Transaction lists now render "(Deleted account)"
as a defensive fallback if an account reference ever fails to
resolve.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Clicking a slice on the Spending by Category chart navigates to
/transactions?categoryId=<id>. The Transactions page reads that param as
its initial filter on mount (and strips it from the URL afterwards so
refreshes behave predictably, matching the existing `new=1` handling).
Also adds an explicit Category filter Select next to the existing
Account / Type filters so the user can change or clear the filter
in-page, and gives the pie slices a pointer cursor to signal they're
interactive.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The previous fix gave each point a unique x-axis timestamp so the tooltip
could disambiguate same-day entries, but that caused real-time-scale
spacing: transactions clustered minutes apart became impossible to click
on individually. The desired behavior is equidistant slots for display,
with the x value only needing to be unique for tooltip hit-testing.
Switches the balance chart to a categorical x-axis keyed on the point's
array index (computed on the frontend after fetching). The tick formatter
looks up the date from the history array at that index so labels still
show the calendar date. Each point occupies its own evenly-spaced slot
and hover correctly identifies the specific point. The backend's now-
unused `timestamp` field is removed.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Recharts picks one payload entry per x-axis value for its tooltip, so
when multiple transactions shared the same YYYY-MM-DD date, hovering any
of them surfaced only the first one's description — making the new
transaction-context tooltip misleading for same-day entries.
Each point now carries a millisecond `timestamp` (from the transaction's
createdAt for transaction-driven charts, or the valuation's date for
market-value charts, plus the request time for the "today" bookend).
The balance chart x-axis switches to a numeric time scale keyed on
timestamp, so same-day points sit at distinct x positions and hover
correctly identifies the specific point. The tooltip reads the date
from the point's payload instead of the x-axis label.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces the default white Recharts tooltip (which was jarring in dark
mode) with a themed ChartTooltip component that uses the popover /
foreground / muted-foreground tokens so it adapts to light and dark
themes. Applied to the Spending, Income vs Expense, Cash Flow, and
Balance over time charts for visual consistency.
The Balance over time tooltip now also includes, when the point
corresponds to a transaction, the transaction's description and the
signed balance change (green for inflow, red for outflow). The backend
endpoint was extended to return `description` and `change` alongside
each transaction point.
Also kills the mobile tap-highlight box and focus outline that Recharts
SVG elements render on tap — it was drawing a visible rectangle around
the hit region on touch devices. A short rule in index.css scoped to
.recharts-wrapper / .recharts-surface zeroes both.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Two related bugs:
1. Same-day transactions were walked in arbitrary order. The balance-history
endpoint ordered by `date desc` only; since all same-day transactions
share a noon-UTC timestamp, Prisma returned them in an undefined order
and the reverse walk could place income after expenses, making the chart
dip below the pre-income balance. Adds `createdAt desc` as a secondary
sort so the walk processes newest-inserted transactions first, which
produces an oldest-first chart sequence that matches the order the user
entered them.
2. Chart tick labels and tooltip headers were off by one day. The XAxis
tickFormatter and Tooltip labelFormatter called `new Date("YYYY-MM-DD")`,
which parses as midnight UTC — in timezones west of UTC this renders as
the previous day. Swaps to local-component parsing (tick) and the
existing `formatDate` helper (tooltip) so labels always match the stored
calendar date.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Fixes the "undefined category" bug in generated insights: the PII-strip
filter listed 'name' as sensitive, which wiped category labels like
"Groceries" out of the prompt before it reached the model. Category
names are user-defined labels, not PII, so they're removed from the
filter; a defensive `?? 'Uncategorized'` fallback guards against future
regressions.
The system prompt is rewritten as a friendly first-person persona that
grounds its replies in exact dollar amounts and a month-over-month
comparison (income, expenses, savings rate, top-3 categories for both
months) instead of the previous generic "3-5 numbered tips" format.
Adds a stateless POST /advisor/chat endpoint that accepts the full
client-held message history and replies with the next assistant turn,
rebuilding the financial context on every call. The dashboard card
becomes a mini-chat: user/assistant bubbles, follow-up input, and a
restart button, with auto-scroll to the latest message.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Adds a new /aggregations/cash-flow endpoint that reports money entering
and leaving liquid accounts (CHECKING/SAVINGS/CASH) over a period.
Defining outflows as "reduces a liquid account" naturally counts
credit-card and loan payments as outflows while excluding the original
credit-card swipes (which don't touch cash until paid), avoiding
double-counting. Dashboard gains a shared range selector (This month,
Last 30d, Last 90d, YTD) controlling the summary cards, spending, and
the new cash-flow card.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Extends AccountType enum and counts all three new types as assets in net
worth. For STOCK/INVESTMENT/RETIREMENT accounts, adds an AccountValuation
model and /accounts/:id/valuations endpoints so users can log periodic
balance snapshots; the balance-history chart uses those snapshots for
market-value accounts instead of reconstructing from transactions.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
TehRiehlDeal