Add expense tracker app for CodeRabbit review demo

[reeder32]

Summary

• Full-stack TypeScript expense tracker (Express + React + SQLite) with intentional bugs for automated review testing
• Removes Claude and OpenAI GitHub Actions workflows — CodeRabbit is the sole reviewer
• Bugs span security (SQL injection, auth bypass), logic errors, performance issues, and accessibility violations

What to look for

CodeRabbit should demonstrate:

• Executive summary with risk assessment
• Sequence diagrams for complex flows
• Inline comments on security and performance issues
• Suggested reviewers and labels
• Pre-merge quality gate checks

Summary by CodeRabbit

• New Features

  • Introduced a new expense tracking application with user registration and login
  • Added ability to create, view, and delete expenses with category organization
  • Implemented expense status tracking (pending, approved, rejected)
  • Added personal spending summary dashboard by category
  • Added team spending reports for administrators

• Chores

  • Removed automated code review workflows

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

Warning

.coderabbit.yaml has a parsing error

The CodeRabbit configuration file in this repository has a parsing error and default settings were used instead. Please fix the error(s) in the configuration file. You can initialize chat with CodeRabbit to get help with the configuration file.

💥 Parsing errors (1)

Validation error: String must contain at most 250 character(s) at "tone_instructions"; Expected array, received object at "reviews.path_filters"

⚙️ Configuration instructions

• Please see the configuration documentation for more information.
• You can also validate your configuration using the online YAML validator.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

📝 Walkthrough

Walkthrough

This pull request introduces a complete TypeScript expense tracker application with a backend Express server connected to a SQLite database and a React frontend with routing and API integration. It removes existing AI code review CI/CD workflows and replaces them with production application code spanning authentication, expense management, reporting, and user interface components.

Changes

Cohort / File(s)	Summary
Removed CI/CD Workflows .github/workflows/claude-code-review.yml, .github/workflows/openai-code-review.yml	Deleted AI-powered code review workflows previously integrated with Claude and OpenAI APIs.
Backend Database & Initialization backend/src/db.ts, backend/src/index.ts	Initialize SQLite database with users and expenses tables; create Express app with PORT configuration and route mounting for auth, expenses, and reports.
Backend Authentication backend/src/middleware/auth.ts, backend/src/routes/auth.ts	Implement JWT-based auth middleware with hardcoded JWT_SECRET; define register and login endpoints with password hashing and token generation.
Backend Expense Management backend/src/routes/expenses.ts	Add CRUD endpoints for expenses with budget limit enforcement, category filtering, and status updates. Contains noted risks: SQL injection vulnerability, race conditions in budget checking, missing authorization checks on status and delete operations.
Backend Reporting & Utilities backend/src/routes/reports.ts, backend/src/utils/validate.ts	Provide summary and export endpoints with role-based access; add validation utilities for email, numbers, and expense categories.
Frontend App Setup frontend/src/App.tsx, frontend/src/api/client.ts	Define application routing with PrivateRoute protection; configure Axios client with localStorage token injection and baseURL for backend API.
Frontend Visual Components frontend/src/components/ExpenseCard.tsx, frontend/src/components/StatusBadge.tsx	Create reusable expense display and status indicator components with noted accessibility and XSS concerns (dangerouslySetInnerHTML usage).
Frontend Pages frontend/src/pages/Dashboard.tsx, frontend/src/pages/ExpenseForm.tsx, frontend/src/pages/ExpenseList.tsx, frontend/src/pages/Login.tsx, frontend/src/pages/Reports.tsx	Implement login, dashboard, expense creation, expense list with pagination/filtering, and reporting pages. Multiple accessibility issues noted in code comments (missing labels, landmarks, ARIA attributes, semantic HTML).

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Poem

🐰 A tracker of expenses hops into view,
With database, routes, and interfaces too!
The frontend now dances with React so fine,
While SQLite stores every spent dime.
Auth guards the gates with tokens so bright,
This app brings expense management to light! ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely summarizes the primary change: adding a full-stack expense tracker app specifically created as a CodeRabbit review demo, which aligns with all substantial changes in the pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch demo/coderabbit-review

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}