[AI] Remove usage of 'web' file types

[MatissJanis]

Getting rid of the ".web.ts" file types. The defaults should be the "web" variants. And then ".api.ts" and "*.electron.ts" should be the platform-specific overrides (which I would eventually also like to kill, but that's another story).

It might seem like this is a lot of changes, but it is mostly just mv packages/loot-core/src/shared/platform.web.ts packages/loot-core/src/shared/platform.ts type of change with a few types patched.

Split off from: #6809

---

Bundle Stats

Bundle	Files count	Total bundle size	% Changed
desktop-client	27	14.83 MB	0%
loot-core	1	5.82 MB → 5.82 MB (+85 B)	+0.00%
api	1	4.36 MB → 4.43 MB (+73.36 kB)	+1.64%

View detailed bundle stats

desktop-client

Total

Files count	Total bundle size	% Changed
27	14.83 MB	0%

Changeset

File	Δ	Size
home/runner/work/actual/actual/packages/loot-core/src/shared/platform.ts	🆕 +398 B	0 B → 398 B
home/runner/work/actual/actual/packages/loot-core/src/shared/platform.web.ts	🔥 -398 B (-100%)	398 B → 0 B

View detailed bundle breakdown

Added
No assets were added

Removed
No assets were removed

Bigger
No assets were bigger

Smaller
No assets were smaller

Unchanged

Asset	File Size	% Changed
static/js/index.js	9.52 MB	0%
static/js/indexeddb-main-thread-worker-e59fee74.js	12.94 kB	0%
static/js/workbox-window.prod.es5.js	5.64 kB	0%
static/js/ca.js	182.95 kB	0%
static/js/da.js	106.46 kB	0%
static/js/de.js	180.27 kB	0%
static/js/en-GB.js	7.18 kB	0%
static/js/en.js	168.59 kB	0%
static/js/es.js	173.67 kB	0%
static/js/fr.js	179.8 kB	0%
static/js/it.js	171.27 kB	0%
static/js/nb-NO.js	157.07 kB	0%
static/js/nl.js	106.47 kB	0%
static/js/pl.js	88.48 kB	0%
static/js/pt-BR.js	154.41 kB	0%
static/js/th.js	182.04 kB	0%
static/js/uk.js	214.89 kB	0%
static/js/resize-observer.js	18.37 kB	0%
static/js/BackgroundImage.js	120.54 kB	0%
static/js/ReportRouter.js	1.16 MB	0%
static/js/narrow.js	637.68 kB	0%
static/js/TransactionList.js	106.22 kB	0%
static/js/wide.js	164.15 kB	0%
static/js/AppliedFilters.js	9.71 kB	0%
static/js/usePayeeRuleCounts.js	10.04 kB	0%
static/js/useTransactionBatchActions.js	13.23 kB	0%
static/js/FormulaEditor.js	1.04 MB	0%

---

loot-core

Total

Files count	Total bundle size	% Changed
1	5.82 MB → 5.82 MB (+85 B)	+0.00%

Changeset

File	Δ	Size
home/runner/work/actual/actual/packages/loot-core/src/platform/server/fs/index.ts	🆕 +8.71 kB	0 B → 8.71 kB
home/runner/work/actual/actual/packages/loot-core/src/platform/server/sqlite/index.ts	🆕 +4.05 kB	0 B → 4.05 kB
home/runner/work/actual/actual/packages/loot-core/src/platform/server/fs/path-join.ts	🆕 +2.73 kB	0 B → 2.73 kB
home/runner/work/actual/actual/packages/loot-core/src/server/encryption/encryption-internals.ts	🆕 +2.64 kB	0 B → 2.64 kB
home/runner/work/actual/actual/packages/loot-core/src/shared/platform.ts	🆕 +335 B	0 B → 335 B
home/runner/work/actual/actual/packages/loot-core/src/platform/server/fs/index.web.ts	🔥 -8.62 kB (-100%)	8.62 kB → 0 B
home/runner/work/actual/actual/packages/loot-core/src/platform/server/sqlite/index.web.ts	🔥 -4.05 kB (-100%)	4.05 kB → 0 B
home/runner/work/actual/actual/packages/loot-core/src/platform/server/fs/path-join.web.ts	🔥 -2.73 kB (-100%)	2.73 kB → 0 B
home/runner/work/actual/actual/packages/loot-core/src/server/encryption/encryption-internals.web.ts	🔥 -2.64 kB (-100%)	2.64 kB → 0 B
home/runner/work/actual/actual/packages/loot-core/src/shared/platform.web.ts	🔥 -335 B (-100%)	335 B → 0 B

View detailed bundle breakdown

Added

Asset	File Size	% Changed
kcab.worker.Dbl7pyXw.js	0 B → 5.82 MB (+5.82 MB)	-

Removed

Asset	File Size	% Changed
kcab.worker.C2MZfWzQ.js	5.82 MB → 0 B (-5.82 MB)	-100%

Bigger
No assets were bigger

Smaller
No assets were smaller

Unchanged
No assets were unchanged

---

api

Total

Files count	Total bundle size	% Changed
1	4.36 MB → 4.43 MB (+73.36 kB)	+1.64%

Changeset

File	Δ	Size
node_modules/ua-parser-js/src/main/ua-parser.mjs	🆕 +73.46 kB	0 B → 73.46 kB
src/server/encryption/encryption-internals.electron.ts	🆕 +1.7 kB	0 B → 1.7 kB
src/shared/platform.ts	🆕 +311 B	0 B → 311 B
src/mocks/random.ts	📈 +219 B (+811.11%)	27 B → 246 B
src/platform/server/fs/index.electron.ts	📈 +18 B (+0.41%)	4.29 kB → 4.31 kB
src/platform/server/fs/index.api.ts	+0 B (0%)	0 B → 0 B
src/server/budgetfiles/app.ts	📉 -32 B (-0.28%)	11.22 kB → 11.18 kB
src/server/sheet.ts	📉 -499 B (-9.54%)	5.11 kB → 4.62 kB
src/server/encryption/encryption-internals.ts	🔥 -1.69 kB (-100%)	1.69 kB → 0 B
src/shared/platform.electron.ts	🔥 -134 B (-100%)	134 B → 0 B

View detailed bundle breakdown

Added
No assets were added

Removed
No assets were removed

Bigger

Asset	File Size	% Changed
bundle.api.js	4.36 MB → 4.43 MB (+73.36 kB)	+1.64%

Smaller
No assets were smaller

Unchanged
No assets were unchanged

[netlify]

✅ Deploy Preview for actualbudget ready!

Name	Link
🔨 Latest commit	ffbd902
🔍 Latest deploy log	https://app.netlify.com/projects/actualbudget/deploys/69978ce7377ed00008e2d67b
😎 Deploy Preview	https://deploy-preview-7033.demo.actualbudget.org
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[netlify]

✅ Deploy Preview for actualbudget-storybook ready!

Name	Link
🔨 Latest commit	715b82c
🔍 Latest deploy log	https://app.netlify.com/projects/actualbudget-storybook/deploys/69977fbf377ed00008deaf13
😎 Deploy Preview	https://deploy-preview-7033--actualbudget-storybook.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[netlify]

✅ Deploy Preview for actualbudget-storybook ready!

Name	Link
🔨 Latest commit	63a1db1
🔍 Latest deploy log	https://app.netlify.com/projects/actualbudget-storybook/deploys/69977fd64e8db1000805b49a
😎 Deploy Preview	https://deploy-preview-7033--actualbudget-storybook.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[MatissJanis]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request consolidates platform-specific module implementations by removing .web.* file variants and promoting core implementations as the primary exports. New API barrel files (.api.ts) are introduced to provide consistent entry points for Electron-specific functionality, while type signatures are made explicit across affected modules.

Changes

Cohort / File(s)	Summary
Build & Test Configuration packages/component-library/vitest.web.config.ts, packages/desktop-client/vite.config.mts, packages/loot-core/vite.*.config.ts, packages/loot-core/vitest.*.config.ts, tsconfig.json	Removed platform-specific extension variants (.web.js, .web.ts, .web.tsx, .electron.*) from module resolution and test file patterns. Updated test include/exclude to reference specific test files rather than glob patterns.
Filesystem Platform Module packages/loot-core/src/platform/server/fs/index.ts, index.electron.ts, index.api.ts, path-join.ts, path-join.api.ts, shared.ts	Substantially rewrote filesystem abstraction to leverage Absurd-SQL with IndexedDB and BlockedFS integration. Removed web-specific implementation. Added new API barrel file and updated path-join utility with full POSIX implementation. Added public exports for bundledDatabasePath, migrationsPath, demoBudgetPath, getDataDir, and pathToId.
SQLite Platform Module packages/loot-core/src/platform/server/sqlite/index.ts, index.api.ts, index.test.ts	Replaced lightweight type stubs with full SQL.js runtime wrapper including initialization, custom SQLite functions, transaction management, and database I/O handling. Removed web-specific implementation. Added new API barrel file for Electron-specific exports.
Encryption Module packages/loot-core/src/server/encryption/encryption-internals.ts, encryption-internals.electron.ts, encryption-internals.api.ts	Created new Electron-specific implementation using Node crypto (AES-256-GCM, PBKDF2). Updated base implementation to use Web Crypto APIs. Removed web-specific module. Added API barrel file for Electron-specific exports.
Platform Detection packages/loot-core/src/shared/platform.ts, platform.electron.ts	Consolidated platform detection into primary module with runtime checks via UAParser. Removed web-specific file. Updated Electron variant to reference centralized type definitions.
AsyncStorage Platform Module packages/loot-core/src/platform/server/asyncStorage/index.api.ts	Added new API barrel file re-exporting Electron-specific implementation.
Package Exports & Documentation packages/loot-core/package.json, upcoming-release-notes/7033.md	Updated public exports for server platform modules (fetch, fs, log, sqlite) from .web.ts to .ts entry points. Added maintenance release note documenting removal of web file types.
Type Signature Updates packages/loot-core/src/platform/server/fs/index.electron.ts, packages/loot-core/src/server/db/index.ts, packages/loot-core/src/shared/platform.electron.ts	Made exported function signatures explicitly typed using typeof T.<name> pattern for type consistency. Updated query cache to support Statement objects. Added Statement type import.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~75 minutes

Suggested labels

suspect ai generated

Suggested reviewers

• joel-jeremy
• matt-fidd

Poem

🐰 The web files hop away,
API barrels light the way,
Electron takes the center stage,
Types grow clearer, page by page!
From scattered .web to unified design—
A codebase consolidated, oh so fine!

🚥 Pre-merge checks | ✅ 2

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the main objective: removing 'web' file type usage by consolidating them into default implementations.
Description check	✅ Passed	The pull request description clearly explains the purpose of removing '.web.ts' file types and making web variants the defaults, with platform-specific overrides remaining as '.api.ts' and '*.electron.ts'. The description accurately reflects the substantial file moves and type patching changes evident in the raw summary.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch matiss/desktop-and-tooling-updates-2

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 6

🧹 Nitpick comments (8)

packages/loot-core/src/shared/platform.ts (1)

3-7: navigator.platform is deprecated.

navigator.platform is deprecated and may be removed from browsers in the future. Since ua-parser-js is already imported, you could use agent.os.name for OS detection to future-proof this. Not urgent — just flagging for awareness.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/loot-core/src/shared/platform.ts` around lines 3 - 7, Replace
deprecated navigator.platform checks in the isWindows and isMac constants by
using the ua-parser-js parsed agent OS name: use agent.os.name (the parsed OS
string from ua-parser-js) to determine Windows (e.g., name === 'Windows' or
contains 'Windows') and macOS (e.g., name === 'Mac OS' or contains 'Mac')
instead of navigator.platform; update the definitions of isWindows and isMac to
reference agent.os.name so future browser deprecations are avoided.

packages/loot-core/src/platform/server/fs/shared.ts (1)

5-5: Removal of type annotation on _setDocumentDir parameter is acceptable given the circular import concern.

The previous T._SetDocumentDir type was imported from '.' (index.ts), which now re-exports from ./shared — creating a circular reference. Dropping the type here avoids that cycle. The @ts-strict-ignore directive already covers the implicit any on dir.

Consider adding an inline type annotation (e.g., dir: string) directly to avoid relying solely on @ts-strict-ignore for this export, without reintroducing the circular import.

♻️ Suggested inline type annotation

-export const _setDocumentDir = dir => (documentDir = dir);
+export const _setDocumentDir = (dir: string) => (documentDir = dir);

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/loot-core/src/platform/server/fs/shared.ts` at line 5, The export
_setDocumentDir currently drops its parameter type to avoid a circular import;
instead add an inline type annotation on the parameter (e.g., change the
signature of _setDocumentDir to accept dir: string) so you don't reintroduce the
import of T._SetDocumentDir while removing reliance on `@ts-strict-ignore`—update
the declaration of _setDocumentDir and ensure the referenced variable
documentDir remains compatible with the string type.

packages/loot-core/src/server/encryption/encryption-internals.electron.ts (1)

51-66: Address type mismatch between platform-specific key representations in createKey and importKey.

The Electron implementation returns Buffer for the raw property, while the shared module returns CryptoKey (WebCrypto). The @ts-expect-error suppressions are necessary due to this incompatibility. Consider refactoring to use a platform-agnostic key type (e.g., CryptoKey | Buffer) in the shared module to eliminate these suppressions, though this may require adjustments to the encryption/decryption functions to handle both types.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/loot-core/src/server/encryption/encryption-internals.electron.ts`
around lines 51 - 66, The Electron impl of createKey and importKey returns
Buffer for the raw key while the shared types expect CryptoKey; remove the
ts-expect-error by making the shared key type platform-agnostic (e.g., KeyType =
CryptoKey | Buffer) and update all usages: update the shared module's type
definitions to export KeyType, change signatures that reference
T.createKey/T.importKey to use KeyType, and modify encryption/decryption
functions (the functions that accept the key) to handle both Buffer and
CryptoKey branches (convert Buffer to the needed format or use WebCrypto when
CryptoKey). After those updates, replace the two functions createKey and
importKey to return the agreed KeyType and remove the `@ts-expect-error`
annotations.

packages/loot-core/src/server/db/index.ts (1)

142-155: Add a dispose callback to the LRU cache to free evicted Statement objects.

The lru-cache package (v11.2.5) supports a dispose callback that fires when entries are evicted. Since Statement objects from the wasm SQLite module hold native memory, adding a dispose handler will ensure prepared statements are properly freed when removed from the cache:

♻️ Dispose callback implementation

-let _queryCache = new LRUCache<string, Statement>({ max: 100 });
+let _queryCache = new LRUCache<string, Statement>({
+  max: 100,
+  dispose: (stmt) => {
+    try { stmt.free?.(); } catch { /* already freed */ }
+  },
+});

This is a pre-existing concern (the cache already stored prepared statements before this PR), so not blocking.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/loot-core/src/server/db/index.ts` around lines 142 - 155, The LRU
cache currently holds wasm SQLite Statement objects but never frees them; update
the LRUCache construction for _queryCache (and in resetQueryCache) to supply a
dispose callback that calls the Statement cleanup (e.g., prepared.free() or
stmt.free()) when an entry is evicted, and ensure any existing cache replacement
in resetQueryCache triggers disposal of entries (by using the cache's dispose
behavior or explicitly freeing remaining statements before replacing
_queryCache). Target symbols: _queryCache, cache(sql), resetQueryCache, and the
stored Statement instances.

packages/loot-core/src/platform/server/fs/index.ts (2)

371-380: Redundant branching — both arms of the if do the same thing.

Lines 375-379: the if (encoding === 'utf8') and else branches both call _readFile(filepath, { encoding }) with the same argument. One branch is sufficient.

Proposed fix

 export async function readFile(
   filepath: string,
   encoding: 'binary' | 'utf8' = 'utf8',
 ) {
-  if (encoding === 'utf8') {
-    return _readFile(filepath, { encoding });
-  }
-
   return _readFile(filepath, { encoding });
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/loot-core/src/platform/server/fs/index.ts` around lines 371 - 380,
The readFile function contains redundant branching: both the if (encoding ===
'utf8') and the fallback return the same call to _readFile(filepath, { encoding
}). Simplify readFile by removing the conditional and directly returning
_readFile(filepath, { encoding }) so the function just forwards the filepath and
encoding to _readFile; update the readFile signature/usage as needed while
keeping the encoding default ('utf8') intact.

---

200-209: Double-close of file handles on error path.

In the catch block (lines 201-202), both tofile.close() and fromfile.close() are called. The finally block (lines 207-208) calls them again unconditionally. If close() is not idempotent, this will throw on the second call and mask the original error.

Proposed fix — remove the close calls from the catch block since finally handles it

   } catch (error) {
-    tofile.close();
-    fromfile.close();
     await _removeFile(toDbPath);
     logger.error('Failed to copy database file', error);
     return false;
   } finally {
     tofile.close();
     fromfile.close();
   }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/loot-core/src/platform/server/fs/index.ts` around lines 200 - 209,
The catch block currently calls tofile.close() and fromfile.close() and then the
finally block calls them again, risking a second close throwing and masking the
original error; remove the explicit tofile.close() and fromfile.close() calls
from the catch block (keep the await _removeFile(toDbPath) and
logger.error('Failed to copy database file', error) there) and let the finally
block perform the unconditional closes, so only one close path (in finally) runs
for the functions handling the copy.

packages/loot-core/src/platform/server/sqlite/index.ts (2)

190-215: Null-dereference if init hasn't been called.

SQL is used directly (e.g., new SQL.Database(...), SQL.FS.readlink(...)) without the null guard that _getModule() provides. If openDatabase is called before init, this will produce an unhelpful TypeError: Cannot read properties of null. Consider using _getModule() at the top of the function.

Proposed fix

 export async function openDatabase(pathOrBuffer?: string | Uint8Array) {
+  const SQL = _getModule();
   let db = null;

(This shadows the module-level SQL with the non-null return of _getModule().)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/loot-core/src/platform/server/sqlite/index.ts` around lines 190 -
215, openDatabase uses the module-level SQL variable (e.g., new SQL.Database,
SQL.FS.readlink) which can be null if init wasn't called; replace direct SQL
accesses by calling _getModule() at the top of openDatabase to obtain a non-null
module instance (shadowing SQL locally) and use that instance for all Database
and FS operations (e.g., new module.Database, module.FS.readlink) so
openDatabase no longer null-dereferences when init hasn't run.

---

186-188: ReDoS risk in regexp from user-supplied SQL patterns.

Static analysis correctly flags that new RegExp(regex) with variable input can be exploited for catastrophic backtracking. This mirrors the same implementation in index.electron.ts, so it's a pre-existing concern — but worth noting since SQL REGEXP can be fed arbitrary patterns from user-constructed queries.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/loot-core/src/platform/server/sqlite/index.ts` around lines 186 -
188, The regexp function currently constructs RegExp from untrusted SQL patterns
(function regexp) which is vulnerable to ReDoS; replace this direct RegExp usage
with a safe approach: either validate and reject/escape user-supplied patterns
(limit length and forbids known-backtracking constructs) or switch to a safe
regex engine like re2 (import RE2 and instantiate RE2(regex) inside regexp), and
wrap compilation/testing in try/catch so invalid/unsafe patterns return 0
instead of crashing; apply the same fix to the mirrored implementation in
index.electron.ts.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@packages/loot-core/src/platform/server/fs/index.ts`:
- Line 264: Rename the misspelled exported function populateFileHeirarchy to
populateFileHierarchy: update the export declaration (export const
populateFileHeirarchy → export const populateFileHierarchy) and update the
invocation(s) that call populateFileHeirarchy (e.g., the call site where
populateFileHeirarchy() is invoked) to use populateFileHierarchy(), and
search/replace any other references/exports in the file to keep the symbol name
consistent.
- Around line 316-319: The exported function basename currently implements
dirname semantics; rename that implementation to dirname and export it, then add
a proper basename that returns the last path segment (i.e., everything after the
final '/' or the entire string if no '/'). Update internal callers that expect a
parent directory (e.g., _mkdirRecursively(basename(path))) to call dirname(path)
instead, and ensure both functions are exported from this module so Electron and
web behave consistently with Node's path.basename and path.dirname.

In `@packages/loot-core/src/platform/server/sqlite/index.ts`:
- Around line 115-117: The catch block currently calls logger.log(sql) which
omits the log level; update the call in the catch handler (catch (e)) to use the
error level by calling logger.log('error', sql) and also include the caught
error object (e) for full context (e.g., logger.log('error', sql, e)); this
ensures the log is recorded at error severity and includes the exception details
while keeping the existing thrown error behavior.
- Around line 119-122: The non-fetchAll branch leaks prepared statements when
sql is a string because db.prepare(sql) creates stmt which is never freed after
stmt.run(params); update the code handling the non-fetchAll path (the branch
that calls stmt.run(params) and returns { changes: db.getRowsModified() }) to
call stmt.free() after running the statement when the statement was created from
a string (same cleanup used in the fetchAll branch) so the prepared Statement is
finalized and doesn't accumulate.

In `@packages/loot-core/src/shared/platform.ts`:
- Around line 11-15: The OS constant's ternary uses isWindows and isMac but
falls back to 'linux' unconditionally, mismatching the type that includes
'unknown' and misclassifying platforms like iPhone/Android; add an explicit
isLinux boolean (or reuse existing platform detection logic if present) and
change the fallback to return 'unknown' when neither isWindows, isMac nor
isLinux is true so OS can be one of 'windows'|'mac'|'linux'|'unknown' (update
the expression referencing OS, isWindows, isMac, and the new isLinux
accordingly).

In `@packages/loot-core/vitest.config.ts`:
- Around line 22-26: The Vitest config's exclude array is replacing Vitest
defaults and uses an incorrect node_modules pattern; modify the exported
config's exclude property to spread configDefaults.exclude first (e.g.
[...configDefaults.exclude, 'src/platform/server/sqlite/index.test.ts',
'src/platform/server/fs/index.test.ts']) and replace 'node_modules' with the
proper glob '**/node_modules/**'; ensure you import configDefaults from
'vitest/config' if not already present and update the exclude array in the
vitest.config.ts export accordingly.

---

Nitpick comments:
In `@packages/loot-core/src/platform/server/fs/index.ts`:
- Around line 371-380: The readFile function contains redundant branching: both
the if (encoding === 'utf8') and the fallback return the same call to
_readFile(filepath, { encoding }). Simplify readFile by removing the conditional
and directly returning _readFile(filepath, { encoding }) so the function just
forwards the filepath and encoding to _readFile; update the readFile
signature/usage as needed while keeping the encoding default ('utf8') intact.
- Around line 200-209: The catch block currently calls tofile.close() and
fromfile.close() and then the finally block calls them again, risking a second
close throwing and masking the original error; remove the explicit
tofile.close() and fromfile.close() calls from the catch block (keep the await
_removeFile(toDbPath) and logger.error('Failed to copy database file', error)
there) and let the finally block perform the unconditional closes, so only one
close path (in finally) runs for the functions handling the copy.

In `@packages/loot-core/src/platform/server/fs/shared.ts`:
- Line 5: The export _setDocumentDir currently drops its parameter type to avoid
a circular import; instead add an inline type annotation on the parameter (e.g.,
change the signature of _setDocumentDir to accept dir: string) so you don't
reintroduce the import of T._SetDocumentDir while removing reliance on
`@ts-strict-ignore`—update the declaration of _setDocumentDir and ensure the
referenced variable documentDir remains compatible with the string type.

In `@packages/loot-core/src/platform/server/sqlite/index.ts`:
- Around line 190-215: openDatabase uses the module-level SQL variable (e.g.,
new SQL.Database, SQL.FS.readlink) which can be null if init wasn't called;
replace direct SQL accesses by calling _getModule() at the top of openDatabase
to obtain a non-null module instance (shadowing SQL locally) and use that
instance for all Database and FS operations (e.g., new module.Database,
module.FS.readlink) so openDatabase no longer null-dereferences when init hasn't
run.
- Around line 186-188: The regexp function currently constructs RegExp from
untrusted SQL patterns (function regexp) which is vulnerable to ReDoS; replace
this direct RegExp usage with a safe approach: either validate and reject/escape
user-supplied patterns (limit length and forbids known-backtracking constructs)
or switch to a safe regex engine like re2 (import RE2 and instantiate RE2(regex)
inside regexp), and wrap compilation/testing in try/catch so invalid/unsafe
patterns return 0 instead of crashing; apply the same fix to the mirrored
implementation in index.electron.ts.

In `@packages/loot-core/src/server/db/index.ts`:
- Around line 142-155: The LRU cache currently holds wasm SQLite Statement
objects but never frees them; update the LRUCache construction for _queryCache
(and in resetQueryCache) to supply a dispose callback that calls the Statement
cleanup (e.g., prepared.free() or stmt.free()) when an entry is evicted, and
ensure any existing cache replacement in resetQueryCache triggers disposal of
entries (by using the cache's dispose behavior or explicitly freeing remaining
statements before replacing _queryCache). Target symbols: _queryCache,
cache(sql), resetQueryCache, and the stored Statement instances.

In `@packages/loot-core/src/server/encryption/encryption-internals.electron.ts`:
- Around line 51-66: The Electron impl of createKey and importKey returns Buffer
for the raw key while the shared types expect CryptoKey; remove the
ts-expect-error by making the shared key type platform-agnostic (e.g., KeyType =
CryptoKey | Buffer) and update all usages: update the shared module's type
definitions to export KeyType, change signatures that reference
T.createKey/T.importKey to use KeyType, and modify encryption/decryption
functions (the functions that accept the key) to handle both Buffer and
CryptoKey branches (convert Buffer to the needed format or use WebCrypto when
CryptoKey). After those updates, replace the two functions createKey and
importKey to return the agreed KeyType and remove the `@ts-expect-error`
annotations.

In `@packages/loot-core/src/shared/platform.ts`:
- Around line 3-7: Replace deprecated navigator.platform checks in the isWindows
and isMac constants by using the ua-parser-js parsed agent OS name: use
agent.os.name (the parsed OS string from ua-parser-js) to determine Windows
(e.g., name === 'Windows' or contains 'Windows') and macOS (e.g., name === 'Mac
OS' or contains 'Mac') instead of navigator.platform; update the definitions of
isWindows and isMac to reference agent.os.name so future browser deprecations
are avoided.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

packages/loot-core/src/platform/server/fs/index.ts (2)

371-380: Redundant branching — both paths are identical.

Lines 375–377 and 379 both call _readFile(filepath, { encoding }) with the exact same arguments, making the if block a no-op.

Suggested simplification

 export async function readFile(
   filepath: string,
   encoding: 'binary' | 'utf8' = 'utf8',
 ) {
-  if (encoding === 'utf8') {
-    return _readFile(filepath, { encoding });
-  }
-
   return _readFile(filepath, { encoding });
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/loot-core/src/platform/server/fs/index.ts` around lines 371 - 380,
The readFile function contains redundant branching because both branches call
_readFile(filepath, { encoding }) with the same args; simplify by removing the
if/else and return a single call to _readFile with the encoding parameter.
Update the readFile function (referenced by name) to directly return
_readFile(filepath, { encoding }) and preserve the signature and default
encoding value to maintain behavior.

---

104-108: String.fromCharCode.apply can throw RangeError on large files.

Function.prototype.apply spreads the typed array elements as individual arguments. Most engines cap arguments around 65 536, so any file larger than ~128 KB will crash with "Maximum call stack size exceeded" or a RangeError.

Pre-existing, but TextDecoder is the safe replacement:

Proposed fix

-    if (opts?.encoding === 'utf8' && ArrayBuffer.isView(item.contents)) {
-      return String.fromCharCode.apply(
-        null,
-        new Uint16Array(item.contents.buffer),
-      );
-    }
+    if (opts?.encoding === 'utf8' && ArrayBuffer.isView(item.contents)) {
+      return new TextDecoder().decode(item.contents);
+    }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/loot-core/src/platform/server/fs/index.ts` around lines 104 - 108,
The current branch that checks opts?.encoding === 'utf8' and
ArrayBuffer.isView(item.contents) uses String.fromCharCode.apply which will
throw a RangeError on large buffers; replace that logic with a TextDecoder-based
decode of the underlying bytes (use the view's buffer/byteOffset/byteLength to
construct a Uint8Array) so large files are decoded safely, keeping the same
conditional (opts?.encoding === 'utf8' && ArrayBuffer.isView(item.contents)) and
removing the String.fromCharCode.apply call.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@packages/loot-core/src/platform/server/fs/index.ts`:
- Around line 186-209: The catch block in _copySqlFile currently calls
tofile.close() and fromfile.close() redundantly because the finally block also
closes them; remove the close() calls from the catch so cleanup is handled only
in finally (leave the existing tofile.close()/fromfile.close() in the finally
block). Also adjust the cleanup call in the catch: pass the absolute output path
(topath) or otherwise the same path format _removeFile expects instead of
toDbPath (the value returned from pathToId()), so _removeFile receives a correct
absolute path.

---

Duplicate comments:
In `@packages/loot-core/src/platform/server/fs/index.ts`:
- Around line 316-319: The exported function basename currently returns the
directory (dirname) instead of the final path segment; update the basename
implementation (function basename, parameter filepath) to return the last path
component: handle trailing slashes by trimming them, split on '/' and return the
final non-empty segment (or '' for root/empty input); ensure behavior matches
typical basename semantics (e.g., "a/b/c" -> "c", "/a/b/" -> "b").

---

Nitpick comments:
In `@packages/loot-core/src/platform/server/fs/index.ts`:
- Around line 371-380: The readFile function contains redundant branching
because both branches call _readFile(filepath, { encoding }) with the same args;
simplify by removing the if/else and return a single call to _readFile with the
encoding parameter. Update the readFile function (referenced by name) to
directly return _readFile(filepath, { encoding }) and preserve the signature and
default encoding value to maintain behavior.
- Around line 104-108: The current branch that checks opts?.encoding === 'utf8'
and ArrayBuffer.isView(item.contents) uses String.fromCharCode.apply which will
throw a RangeError on large buffers; replace that logic with a TextDecoder-based
decode of the underlying bytes (use the view's buffer/byteOffset/byteLength to
construct a Uint8Array) so large files are decoded safely, keeping the same
conditional (opts?.encoding === 'utf8' && ArrayBuffer.isView(item.contents)) and
removing the String.fromCharCode.apply call.

[matt-fidd]

All looks right to me