append_row.py:
- Switch valueInputOption from USER_ENTERED to RAW.
- coerce() the row per-column: amount / amount_hkd / fx_rate become floats,
everything else stays a string. Combined with RAW, dates ("2026-04-20") no
longer get auto-parsed into Sheets date serials (e.g. 46153), while amounts
still land as proper numeric cells so SUM/AVERAGE keep working.
fx_convert.py:
- Cache frankfurter.app responses in ~/.cache/autoacct/fx_cache.json (atomic
write via .tmp + replace). Keyed by "<currency>_<date>". ECB historical
rates are immutable, so an indefinite TTL is safe. Measured locally:
cache hit 52ms vs cache miss 470ms (~9x).
setup.md: troubleshooting entries for pre-existing serial-date rows and for
the FX cache location.
Auth path also verified end-to-end via pure bash + openssl + curl (JWT
sign → token exchange → Sheets API 404 on bogus ID), proving the wire
format is correct independent of the Python client.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
For users who don't want to share an SA credential with the rest of the team
(privacy concerns, third-party adopters, sensitive expenses), BYO-KEY.md
walks through creating their own service account: GCP project + Sheets API +
SA creation + JSON download + pointing config.json at the new key. Same code
path as the default install — the change is purely in service_account_path.
Honest about the trade-off: ~15 extra minutes vs ~5, plus rotation
responsibility moves to the user. Links to both READMEs as an opt-in
alternative.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- secrets/bookkeeping-sa.json.enc: team service-account key, encrypted with
AES-256-CBC + PBKDF2(100k iter) using a 48-char random passphrase. Safe to
commit to a public repo; the passphrase lives in the team password manager.
- scripts/decrypt-key.sh: one-liner that decrypts to ~/.config/gcp/ (mode 600)
and prints the service-account email so users know which address to share
their Sheet with.
- secrets/README.md: explains the crypto, decrypt flow, and rotation
procedures (passphrase rotation vs underlying GCP key rotation).
- README + DEPLOY.md + setup.md: install flow updated. Users no longer wait
for the admin to send a JSON; they git clone, run decrypt-key.sh with the
passphrase from the team password manager, and continue. Cuts one
out-of-band file transfer from the user experience.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
GitHub is now the public-facing primary repo (MIT licensed). Point new
users at github.com/CharlesZhang2023/AutoACCT for cloning.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Install flow now assumes one admin-distributed service account JSON shared
across the team. Each user creates their own Google Sheet and shares it
with the SA email; per-user GCP project setup is gone.
- DEPLOY.md: a step-by-step walkthrough for non-technical users following
along with an AI agent (Terminal basics, screenshots-worth of expected
output, common-error table).
- scripts/append_row.py: sheet_id field accepts either a bare ID or a full
Google Sheets URL; normalize_sheet_id() extracts the ID via regex.
- scripts/setup.md: rewritten as an admin guide (one-time GCP setup, key
rotation) plus a troubleshooting reference.
- LICENSE: MIT (previously "private — internal use"). README license
sections updated to match.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replace the terse install summary with a click-by-click guide that
covers the full setup in both README.md and README.zh-CN.md:
clone+pip, GCP service account, moving the key out of the repo,
creating the sheet with header row, writing config.json, and a
sanity check. Flag the zh-CN tab-name gotcha (工作表1 vs Sheet1)
that causes HTTP 400 Unable to parse range.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- frankfurter.app now redirects to frankfurter.dev/v1/ and blocks the
default Python urllib UA with 403. Hit the new endpoint directly and
send a named User-Agent.
- Extend .gitignore to block common service-account and credential file
patterns (asset/, *-sa.json, *-service-account*.json, *credentials*.json,
*-key.json) so keys can't be committed by accident.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Receipt-image to Google Sheets expense logger with HKD conversion.
Includes SKILL.md, categories/schema reference, config template,
and Python scripts for FX conversion (frankfurter.app) and Sheets append.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
