We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
docs(api-contract): add autoItemizeEnabled to GET /api/config response shape Add autoItemizeEnabled boolean field to the GET /api/config response table and JSON example. Document all six LLM env vars (LLM_BASE_URL, LLM_API_KEY, LLM_MODEL, LLM_REQUEST_TIMEOUT_MS, LLM_MAX_TOKENS, LLM_PROVIDER) in the environment variable table. Add clarifying notes that the API key is never returned to the client and that the feature is default-off. Addresses API Contract drift introduced by PR #1628 (EPIC-16 Story #1546). See ADR-031 for full LLM integration design.
docs(api): add origin to BreakdownBudgetLine (#1551)
docs(api): document optional invoicePatch field on auto-itemize commit Issue #1564: dedicated auto-itemize page lets the user edit invoice metadata alongside line items. To avoid a partial-success window between two sequential calls (PATCH invoice + POST auto-itemize commit), extend the existing commit payload with an optional invoicePatch field applied in the same DB transaction as line creation. Vendor and status are deliberately excluded from invoicePatch — vendor changes carry side effects that need a deliberate decision (out of scope for this story). Co-Authored-By: Claude product-architect (Opus 4.6) <noreply@anthropic.com>
docs(api-contract): add system-linked document filter endpoint
docs(api): remove 409 BUDGET_LINE_ALREADY_LINKED from invoice budget-lines PATCH endpoint
docs(security): add PR #1554 review findings (move fields minLength, minProperties)
docs: update API Contract for invoice budget line PATCH endpoint - Change HTTP method from PUT to PATCH - Document full EditAndMoveBudgetLineRequest schema with all fields - Add error codes for NOT_FOUND and BUDGET_LINE_ALREADY_LINKED - Add notes about transaction atomicity and response shape - Update work item and household item budget PATCH endpoints to clarify cross-table moves require invoice endpoint
docs(api): POST /api/invoices/:invoiceId/auto-itemize (#1547)
docs(security): PR #1550 auto-itemize route audit — 2 informational findings (OCR cap confirmed unaddressed, lines maxItems missing)
docs(security): PR #1549 — BudgetExtractionService LLM integration audit (4 informational findings) Co-Authored-By: Claude security-engineer (Sonnet 4.6) <noreply@anthropic.com>
docs(adr): ADR-031 Outbound LLM Provider Integration via OpenAI-Compatible Gateway (#1546)
docs(#1545): add ADR-030 for orphan budget lines + fix duplicate API contract shape - New ADR-030: Orphan Budget Lines via Nullable Parent FK + 'origin' Discriminator - ADR-Index updated - POST /api/budget-lines/:id/assign — remove duplicate stale InvoiceBudgetLineDetailResponse shape, reference canonical shape
docs: document nullable work_item_id, origin column, and POST /api/budget-lines/:id/assign (#1545)
docs(security): add PR #1548 findings — unassigned budget lines & one-shot parent assignment Three informational findings: 1. assignToWorkItem operates outside a transaction (code consistency, not exploitable) 2. computeUsedAmount does not exclude orphan rows (latent gap before Story #1547) 3. targetId and id route param lack minLength: 1 (consistent with codebase pattern) Co-Authored-By: Claude security-engineer (Sonnet 4.6) <noreply@anthropic.com>
docs(style): update Photo Annotator pattern — a11y audit (Story #1478) - min-height instead of height on ToolPalette to prevent overflow clipping - active button must use --color-primary-active border (3:1 contrast requirement) - color swatch padding technique for 44px touch target - complete live-region announcement table for all shape operations - keyboard navigation spec (roving tabindex, Escape ownership, arrow key scope) - screen reader requirements: selection state, undo/redo, delete announcements - dark mode: inline input must use var(--color-text-inverse) not literal white - SVG shape visual table updated with freehand/measurement/callout handle counts
docs(security): add photo annotator endpoint audit findings (Story #1478) Four new findings from the PUT /api/photos/:id/annotation security audit: - [LOW] Missing MIME-type validation on annotation upload - [INFORMATIONAL] File-size limit returns 400 instead of 413 - [INFORMATIONAL] Hard multipart 50MB cap maps to 500 instead of 413 - [INFORMATIONAL] :id param lacks UUID format constraint (not exploitable) Co-Authored-By: Claude security-engineer (Sonnet 4.6) <noreply@anthropic.com>
docs(api,schema): document photo annotation endpoints and annotated_at column - API-Contract.md: new "Photo Endpoints" section with Photo response shape (incl. annotatedAt) and PUT/DELETE /api/photos/:id/annotation plus the variant query param on GET /api/photos/:id/file. - Schema.md: new "Photo Annotations" section covering photos.annotated_at and migration 0034_photo_annotations.sql. Co-Authored-By: Claude product-architect (Opus 4.6) <noreply@anthropic.com>
docs(style): add Photo Annotator component pattern section
docs(style): add --color-text-quoted token for quotation-status amounts (issue #1449) Co-Authored-By: Claude ux-designer (Sonnet 4.6) <noreply@anthropic.com>
docs(adr): ADR-029 quotation invoices included in actualCost (#1440, #1441) - ADR-029 documents the canonical semantic for actualCost: includes all linked invoice itemized amounts regardless of status, including quotation. actualCostPaid continues to exclude quotations, preserving the subsidy-payback invariant. - API-Contract.md: BudgetLineInvoiceLink gains vendorId/vendorName (denormalized) so the work-item view renders the vendor without a follow-up fetch (#1441). Documents quotation handling for actualCost. - Schema.md: notes that actualCost aggregation includes quotations and links to ADR-029. Co-Authored-By: Claude product-architect (Opus 4.6) <noreply@anthropic.com>
docs(api): correct promote error codes per #1428 review ALREADY_SAVED (400) is its own error, not IMMUTABLE_ENTRY. IMMUTABLE_ENTRY (403) applies only to automatic entries. Co-Authored-By: Claude product-architect (Sonnet 4.5) <noreply@anthropic.com>
docs: add ADR-022 for diary drafts; update API/Schema/Architecture for #1426 Adds ADR-022-Diary-Drafts.md documenting the draft auto-save decision. Updates API Contract with draft endpoints and draft-related query params. Updates Schema with diary_drafts table and retention fields. Updates Architecture with draft lifecycle notes. Updates ADR Index with ADR-022 entry. Co-Authored-By: Claude product-architect (Sonnet 4.5) <noreply@anthropic.com>
docs(api): document overdue summary fields on GET /api/invoices Added `summary.overdue.count` and `summary.overdue.totalAmount` fields to the GET /api/invoices response shape in the API Contract.
docs(api): document deposit-aware proportional-split semantics for actualCostPaid, claimedAmount, paidAmount Add a Deposit-aware aggregation explainer section and update the inline comments on actualCostPaid (WorkItemBudgetLine), claimedAmount, and paidAmount (BudgetSourceResponse) to reflect the proportional- split logic introduced with invoice deposits. Refs #1404 Refs #1405 Co-Authored-By: Claude dev-team-lead (Sonnet 4.6) <noreply@anthropic.com> Co-Authored-By: Claude backend-developer (Haiku 4.5) <noreply@anthropic.com>
docs(security): add PR #1406 review findings (invoice deposits CRUD)
docs(api,schema): document invoice deposits endpoints and schema Adds CRUD API documentation for invoice deposits under both /api/invoices/:invoiceId/deposits and the vendor-scoped variant. Documents the deposit state machine (pending → paid → claimed), the sum-invariant constraint, and the new finalPaymentAmount field on GET /api/invoices/:id. Updates Schema.md to document the invoice_deposits table. Co-Authored-By: Claude backend-developer (Haiku 4.5) <noreply@anthropic.com>
docs(api): add budgetSourceId per line and budgetSources aggregate to cost breakdown endpoint Co-Authored-By: Claude backend-developer (Haiku 4.5) <noreply@anthropic.com> Co-Authored-By: Claude dev-team-lead (Sonnet 4.6) <noreply@anthropic.com>
docs(api): add area breadcrumb fields to diary, invoice budget line, and household item dep endpoints
docs(api): document __none__ sentinel on list endpoints
docs(api): area-grouped breakdown + drop overview area summaries