creditkarma-mcp 2.0.6 → 2.0.8

package/README.md

@@ -188,6 +188,10 @@ npm run test:coverage  # coverage report (CI enforces 100% on src/**)
 
 Versions are bumped automatically by the **Tag & Bump** GitHub Action (`.github/workflows/tag-and-bump.yml`). Do not bump manually.
 
+### Pull requests
+
+Changes land via PR, including for solo work — release notes are generated from merged PRs only (config in `.github/release.yml`). Apply one of these labels to every PR: `enhancement`, `bug`, `security`, `refactor`, `documentation`, `test`, `dependencies`, `ci`, or `ignore-for-release` (excludes from notes). The PR title becomes the changelog bullet, so write it like a user-facing entry.
+
 ### Project structure
 
 ```

package/SKILL.md

@@ -149,3 +149,4 @@ sync_state   (key, value)
 - Amounts: negative = expense/debit, positive = credit/income
 - `ck_query_sql` only allows SELECT — no writes to Credit Karma data
 - Sync saves a resume cursor — interrupted syncs can be resumed automatically
+- `accounts.id` is a synthesized stable key in the form `<provider>|<last4>` (e.g. `Citi|2630`, `Ally|7133`) because CK's API returns empty `account.id` strings. The same card under two provider-name spellings shows as two rows.

package/dist/accountId.js

@@ -0,0 +1,11 @@
+export function deriveAccountId(account) {
+    if (account.id && account.id.trim() !== '')
+        return account.id;
+    const provider = (account.providerName ?? '').trim();
+    const last4 = extractLast4(account.accountTypeAndNumberDisplay ?? '');
+    return `${provider}|${last4}`;
+}
+function extractLast4(display) {
+    const m = display.match(/\(\.\.([^)]+)\)/);
+    return m?.[1] ?? display;
+}

package/dist/bundle.js

@@ -31118,6 +31118,20 @@ function sleep(ms) {
 import { DatabaseSync } from "node:sqlite";
 import { mkdirSync } from "fs";
 import { dirname as dirname2 } from "path";
+
+// src/accountId.ts
+function deriveAccountId(account) {
+  if (account.id && account.id.trim() !== "") return account.id;
+  const provider = (account.providerName ?? "").trim();
+  const last4 = extractLast4(account.accountTypeAndNumberDisplay ?? "");
+  return `${provider}|${last4}`;
+}
+function extractLast4(display) {
+  const m = display.match(/\(\.\.([^)]+)\)/);
+  return m?.[1] ?? display;
+}
+
+// src/db.ts
 var CURRENT_VERSION = 1;
 var MIGRATIONS = {
   1: `
@@ -31236,6 +31250,44 @@ function getSyncState(db, key) {
 function setSyncState(db, key, value) {
   db.prepare("INSERT INTO sync_state (key, value) VALUES (?, ?) ON CONFLICT(key) DO UPDATE SET value = excluded.value").run(key, value);
 }
+function backfillAccountIds(db) {
+  const rows = db.prepare("SELECT id, raw_json FROM transactions WHERE account_id IS NULL OR account_id = ''").all();
+  if (rows.length === 0) return { txsUpdated: 0, accountsCreated: 0 };
+  const accounts = /* @__PURE__ */ new Map();
+  const updates = [];
+  for (const row of rows) {
+    if (!row.raw_json) continue;
+    let parsed;
+    try {
+      parsed = JSON.parse(row.raw_json);
+    } catch {
+      continue;
+    }
+    if (!parsed.account) continue;
+    const accountId = deriveAccountId(parsed.account);
+    accounts.set(accountId, {
+      id: accountId,
+      name: parsed.account.name ?? "",
+      type: parsed.account.type ?? null,
+      providerName: parsed.account.providerName ?? null,
+      display: parsed.account.accountTypeAndNumberDisplay ?? null
+    });
+    updates.push({ txId: row.id, accountId });
+  }
+  if (updates.length === 0) return { txsUpdated: 0, accountsCreated: 0 };
+  db.exec("BEGIN");
+  try {
+    for (const acct of accounts.values()) upsertAccount(db, acct);
+    const stmt = db.prepare("UPDATE transactions SET account_id = ? WHERE id = ?");
+    for (const u of updates) stmt.run(u.accountId, u.txId);
+    db.prepare("DELETE FROM accounts WHERE id = ''").run();
+    db.exec("COMMIT");
+  } catch (err) {
+    db.exec("ROLLBACK");
+    throw err;
+  }
+  return { txsUpdated: updates.length, accountsCreated: accounts.size };
+}
 
 // src/tools/auth.ts
 import { readFileSync as readFileSync2, writeFileSync, existsSync } from "fs";
@@ -31327,8 +31379,9 @@ async function handleSyncTransactions(args, ctx) {
     try {
       for (const tx of page.transactions) {
         const exists = ctx.db.prepare("SELECT id FROM transactions WHERE id = ?").get(tx.id);
+        const accountId = deriveAccountId(tx.account);
         upsertAccount(ctx.db, {
-          id: tx.account.id,
+          id: accountId,
           name: tx.account.name,
           type: tx.account.type,
           providerName: tx.account.providerName,
@@ -31342,7 +31395,7 @@ async function handleSyncTransactions(args, ctx) {
           description: tx.description,
           status: tx.status,
           amount: tx.amount.value,
-          accountId: tx.account.id,
+          accountId,
           categoryId: tx.category?.id ?? null,
           merchantId: tx.merchant?.id ?? null,
           rawJson: JSON.stringify(tx)
@@ -31712,13 +31765,18 @@ async function main() {
   if (refreshToken && isJwtExpired(refreshToken)) {
     console.error("[creditkarma-mcp] Warning: refresh token in CK_COOKIES has expired. Run `npm run auth` (or call ck_set_session) to capture fresh credentials.");
   }
+  const db = initDb(dbPath);
+  const repaired = backfillAccountIds(db);
+  if (repaired.txsUpdated > 0) {
+    console.error(`[creditkarma-mcp] Repaired ${repaired.txsUpdated} transactions across ${repaired.accountsCreated} accounts (CK returned empty account.id for legacy rows).`);
+  }
   const ctx = {
     client: new CreditKarmaClient(token, refreshToken, cookies),
-    db: initDb(dbPath),
+    db,
     mcpJsonPath
   };
   const server = new McpServer(
-    { name: "creditkarma-mcp", version: "2.0.6" }
+    { name: "creditkarma-mcp", version: "2.0.8" }
   );
   registerAuthTools(server, ctx);
   registerSyncTools(server, ctx);

package/dist/db.js

@@ -1,6 +1,7 @@
 import { DatabaseSync } from 'node:sqlite';
 import { mkdirSync } from 'fs';
 import { dirname } from 'path';
+import { deriveAccountId } from './accountId.js';
 const CURRENT_VERSION = 1;
 const MIGRATIONS = {
     1: `
@@ -114,3 +115,59 @@ export function setSyncState(db, key, value) {
     db.prepare('INSERT INTO sync_state (key, value) VALUES (?, ?) ON CONFLICT(key) DO UPDATE SET value = excluded.value')
         .run(key, value);
 }
+/**
+ * Repair transactions whose `account_id` is `''` (or NULL) by re-deriving the
+ * id from each transaction's `raw_json.account` and rebuilding the accounts
+ * table. Idempotent — returns zero counts if there's nothing to fix.
+ *
+ * Needed because CK's `transactionsHub` historically returned empty
+ * `account.id` strings, collapsing every account into a single row.
+ */
+export function backfillAccountIds(db) {
+    const rows = db
+        .prepare("SELECT id, raw_json FROM transactions WHERE account_id IS NULL OR account_id = ''")
+        .all();
+    if (rows.length === 0)
+        return { txsUpdated: 0, accountsCreated: 0 };
+    const accounts = new Map();
+    const updates = [];
+    for (const row of rows) {
+        if (!row.raw_json)
+            continue;
+        let parsed;
+        try {
+            parsed = JSON.parse(row.raw_json);
+        }
+        catch {
+            continue;
+        }
+        if (!parsed.account)
+            continue;
+        const accountId = deriveAccountId(parsed.account);
+        accounts.set(accountId, {
+            id: accountId,
+            name: parsed.account.name ?? '',
+            type: parsed.account.type ?? null,
+            providerName: parsed.account.providerName ?? null,
+            display: parsed.account.accountTypeAndNumberDisplay ?? null,
+        });
+        updates.push({ txId: row.id, accountId });
+    }
+    if (updates.length === 0)
+        return { txsUpdated: 0, accountsCreated: 0 };
+    db.exec('BEGIN');
+    try {
+        for (const acct of accounts.values())
+            upsertAccount(db, acct);
+        const stmt = db.prepare('UPDATE transactions SET account_id = ? WHERE id = ?');
+        for (const u of updates)
+            stmt.run(u.accountId, u.txId);
+        db.prepare("DELETE FROM accounts WHERE id = ''").run();
+        db.exec('COMMIT');
+    }
+    catch (err) {
+        db.exec('ROLLBACK');
+        throw err;
+    }
+    return { txsUpdated: updates.length, accountsCreated: accounts.size };
+}

package/dist/index.js

@@ -4,7 +4,7 @@ import { homedir } from 'os';
 import { join, dirname } from 'path';
 import { fileURLToPath } from 'url';
 import { CreditKarmaClient, isJwtExpired, extractCookieValue } from './client.js';
-import { initDb } from './db.js';
+import { initDb, backfillAccountIds } from './db.js';
 import { registerAuthTools } from './tools/auth.js';
 import { registerSyncTools } from './tools/sync.js';
 import { registerQueryTools } from './tools/query.js';
@@ -53,12 +53,17 @@ async function main() {
     if (refreshToken && isJwtExpired(refreshToken)) {
         console.error('[creditkarma-mcp] Warning: refresh token in CK_COOKIES has expired. Run `npm run auth` (or call ck_set_session) to capture fresh credentials.');
     }
+    const db = initDb(dbPath);
+    const repaired = backfillAccountIds(db);
+    if (repaired.txsUpdated > 0) {
+        console.error(`[creditkarma-mcp] Repaired ${repaired.txsUpdated} transactions across ${repaired.accountsCreated} accounts (CK returned empty account.id for legacy rows).`);
+    }
     const ctx = {
         client: new CreditKarmaClient(token, refreshToken, cookies),
-        db: initDb(dbPath),
+        db,
         mcpJsonPath
     };
-    const server = new McpServer({ name: 'creditkarma-mcp', version: '2.0.6' });
+    const server = new McpServer({ name: 'creditkarma-mcp', version: '2.0.8' });
     registerAuthTools(server, ctx);
     registerSyncTools(server, ctx);
     registerQueryTools(server, ctx);

package/dist/tools/sync.js

@@ -1,5 +1,6 @@
 import { z } from 'zod';
 import { upsertAccount, upsertCategory, upsertMerchant, upsertTransaction, getSyncState, setSyncState } from '../db.js';
+import { deriveAccountId } from '../accountId.js';
 export async function handleSyncTransactions(args, ctx) {
     // Auto-refresh if token expired and we have a refresh token
     if (ctx.client.isTokenExpired() || !ctx.client.getToken()) {
@@ -50,8 +51,9 @@ export async function handleSyncTransactions(args, ctx) {
                 const exists = ctx.db
                     .prepare('SELECT id FROM transactions WHERE id = ?')
                     .get(tx.id);
+                const accountId = deriveAccountId(tx.account);
                 upsertAccount(ctx.db, {
-                    id: tx.account.id, name: tx.account.name, type: tx.account.type,
+                    id: accountId, name: tx.account.name, type: tx.account.type,
                     providerName: tx.account.providerName, display: tx.account.accountTypeAndNumberDisplay
                 });
                 if (tx.category)
@@ -60,7 +62,7 @@ export async function handleSyncTransactions(args, ctx) {
                     upsertMerchant(ctx.db, { id: tx.merchant.id, name: tx.merchant.name });
                 upsertTransaction(ctx.db, {
                     id: tx.id, date: tx.date, description: tx.description, status: tx.status,
-                    amount: tx.amount.value, accountId: tx.account.id,
+                    amount: tx.amount.value, accountId,
                     categoryId: tx.category?.id ?? null,
                     merchantId: tx.merchant?.id ?? null,
                     rawJson: JSON.stringify(tx)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "creditkarma-mcp",
-  "version": "2.0.6",
+  "version": "2.0.8",
   "mcpName": "io.github.chrischall/creditkarma-mcp",
   "description": "MCP server for Credit Karma — natural-language access to your transactions, spending, and accounts",
   "author": "Claude Code (AI) <https://www.anthropic.com/claude>",
@@ -38,6 +38,8 @@
     "start": "node dist/index.js",
     "dev": "node --env-file=.env dist/index.js",
     "auth": "node scripts/setup-auth.mjs",
+    "inspect:accounts": "node scripts/inspect-accounts.mjs",
+    "probe:accounts": "node scripts/probe-account-ids.mjs",
     "test": "vitest run",
     "test:watch": "vitest",
     "test:coverage": "vitest run --coverage"
@@ -51,7 +53,7 @@
     "@types/node": "^25.5.2",
     "@vitest/coverage-v8": "^4.1.2",
     "esbuild": "^0.28.0",
-    "puppeteer-core": "^24.0.0",
+    "puppeteer-core": "^25.0.4",
     "puppeteer-extra": "^3.3.6",
     "puppeteer-extra-plugin-stealth": "^2.11.2",
     "typescript": "^6.0.2",

package/server.json

@@ -6,12 +6,12 @@
     "url": "https://github.com/chrischall/creditkarma-mcp",
     "source": "github"
   },
-  "version": "2.0.6",
+  "version": "2.0.8",
   "packages": [
     {
       "registryType": "npm",
       "identifier": "creditkarma-mcp",
-      "version": "2.0.6",
+      "version": "2.0.8",
       "transport": {
         "type": "stdio"
       },