Merge branch 'Expensify:main' into 71598/check-isUploaded

Author: samranahm

.claude/agents/code-inline-reviewer.md

@@ -228,21 +228,23 @@ const {amountColumnSize, dateColumnSize, taxAmountColumnSize} = useMemo(() => {
    - `body`: Concise and actionable description of the violation and fix, following the below Comment Format
 4. **Each comment must reference exactly one Rule ID.**
 5. **Output must consist exclusively of calls to mcp__github_inline_comment__create_inline_comment in the required format.** No other text, Markdown, or prose is allowed.
-6. **If no violations are found, output exactly** (with no quotes, markdown, or additional text):
+6. **If no violations are found, create a comment** (with no quotes, markdown, or additional text):
    LGTM :feelsgood:. Thank you for your hard work!
 7. **Output LGTM if and only if**:
    - You examined EVERY line of EVERY changed file
    - You checked EVERY changed file against ALL rules
    - You found ZERO violations matching the exact rule criteria
    - You verified no false negatives by checking each rule systematically
-    If you found even ONE violation or have ANY uncertainty do NOT output LGTM - create inline comments instead.
+    If you found even ONE violation or have ANY uncertainty do NOT create LGTM comment - create inline comments instead.
 8. **DO NOT invent new rules, stylistic preferences, or commentary outside the listed rules.**
-9. **DO NOT describe what you are doing, output any summaries, explanations, extra content, comments on rules that are NOT violated or ANYTHING ELSE except from rules violations or LGTM message.**
+9. **DO NOT describe what you are doing, create comments with a summary, explanations, extra content, comments on rules that are NOT violated or ANYTHING ELSE.**
+    Only inline comments regarding rules violations or general comment with LGTM message are allowed.
     EXCEPTION: If you believe something MIGHT be a Rule violation but are uncertain, err on the side of creating an inline comment with your concern rather than skipping it.
 
 ## Tool Usage Example
 
-For each violation, call the tool like this:
+For each violation, call the mcp__github_inline_comment__create_inline_comment tool like this.
+CRITICAL: **DO NOT** use the Bash tool for inline comments:
 
 ```
 mcp__github_inline_comment__create_inline_comment:
@@ -251,6 +253,12 @@ mcp__github_inline_comment__create_inline_comment:
   body: "<Body of the comment according to the Comment Format>"
 ```
 
+If ZERO violations are found, use the Bash tool to create a top-level PR comment.:
+
+```bash
+gh pr comment --body "LGTM :feelsgood:. Thank you for your hard work!"
+```
+
 ## Comment Format
 
 ```

Mobile-Expensify

@@ -100,4 +100,8 @@ to help run our Unit tests.
 ## Performance tests
 We use Reassure for monitoring performance regression. More detailed information can be found [here](tests/perf-test/README.md):
 
+## CodeCov
+
+[CodeCov] is the service we use to measure and track code coverage. You can find out more about it [here](contributingGuides/CodeCov.md)
+
 ----

README.md

@@ -114,8 +114,8 @@ android {
         minSdkVersion rootProject.ext.minSdkVersion
         targetSdkVersion rootProject.ext.targetSdkVersion
         multiDexEnabled rootProject.ext.multiDexEnabled
-        versionCode 1009022900
-        versionName "9.2.29-0"
+        versionCode 1009022901
+        versionName "9.2.29-1"
         // Supported language variants must be declared here to avoid from being removed during the compilation.
         // This also helps us to not include unnecessary language variants in the APK.
         resConfigs "en", "es"

android/app/build.gradle

@@ -0,0 +1,22 @@
+## CodeCov
+
+[CodeCov](https://about.codecov.io/) is the service we use to measure and track [code coverage](https://about.codecov.io/resource/what-is-code-coverage/). It comments on PRs with metrics that authors and reviewers can use to judge the relative safety of the code. It's one metric and shouldn't be used in isolation, but it can provide valuable insight into how risky a PR might be. 
+
+The comment will provide you with a table of information similar to the one below:
+| [Files with missing lines](https://app.codecov.io/gh/blimpich/App/pull/3?dropdown=coverage&src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Ben+Limpich) | Coverage Δ | |
+|---|---|---|
+| [src/libs/file_a.ts](https://app.codecov.io/gh/Expensify/App) | `50.58% <0.00%> (-1.20%)` | :arrow_down: | 
+| [src/libs/file_b.ts](https://app.codecov.io/gh/Expensify/App) | `67.79% <ø> (ø)` | |
+| [src/libs/file_c.ts](https://app.codecov.io/gh/Expensify/App) | `73.64% <ø> (+2.32%)` | :arrow_up: |
+| [src/libs/file_d.ts](https://app.codecov.io/gh/Expensify/App) | `98.11% <100.00%> (+0.15%)` | :arrow_up: |
+
+The first number in the `Coverage Δ` column is the coverage that the file currently has on `main`. The second number is the "patch-level coverage," so it represents the code coverage for PR changes itself. The third and final number is the overall change in code coverage % for that file. Lets run through these examples to get a better idea how this plays out:
+
+- `file_a` seems to have no tests for it's changes, so patch coverage is 0% and we decrease overall coverage of the file by 1.2%
+- `file_b` appears to have been altered, but not in a way that changed coverage, so the PR probably updated a comment or something that isn't part of our coverage calculation (ex: translation file changes)
+- `file_c` has no change in patch coverage but an increase in overall coverage. This happens if we just add tests but don't add new code that needs to be tested
+- `file_d` has 100% patch coverage so we added tests for all our changes there, but the file still has some untested lines, so we only increased the overall coverage by 0.15%
+
+If a file has existing coverage, we should _always_ be trying to increase or maintain the existing level of coverage. That way, over time, our code coverage will increase, we will catch more bugs in the PR-stage, and fewer PRs will have to be reverted. Decreasing coverage for a file should be avoided! So the above example would need more tests to cover `file_a`'s changes in order to be merged. To get more granular information on what exact lines are and aren't covered in your PR and in the file as a whole you can click on the hyperlinked files or go to `https://app.codecov.io/gh/Expensify/App/pull/<your_PR_number>` to look at the full coverage report.
+
+If you find an issue with the generated coverage report please reach out to an Expensify engineer in our [open-source Slack channel](https://expensify.enterprise.slack.com/archives/C01GTK53T8Q).

contributingGuides/CodeCov.md

@@ -29,7 +29,20 @@ If you're using another operating system, you will need to ensure `mkcert` is in
 - Changes applied to Javascript will be applied automatically via WebPack as configured in `webpack.dev.ts`
 
 ### Production Build
-- To run the production web build: `npm run web:prod`
+To build and run the production web build locally:
+
+```bash
+# 1. Set USE_WEB_PROXY environment variable in .env.production
+USE_WEB_PROXY=true
+
+# 2. Build the production bundle
+npm run build
+
+# 3. Run the distribution server
+npm run web:dist
+```
+
+The `web:dist` command starts both the proxy server (port 9000) and web server (port 8080) concurrently. Access the application at **http://localhost:8080**
 
 ## Environment Variables
 

contributingGuides/SETUP_WEB.md

@@ -0,0 +1,91 @@
+# Beta Usage Philosophy
+This philosophy guides our approach to beta releases by emphasizing small incremental releases over betas.
+
+#### Related Philosophies
+- [Small Incremental Releases Philosophy](/contributingGuides/philosophies/INCREMENTAL-RELEASES.md)
+- [Over-engineering Philosophy](/contributingGuides/philosophies/OVERENGINEERING.md)
+
+#### Terminology
+- **Beta** - A mechanism that controls access to new functionality for limited users
+- **Beta Feature** - Functionality deployed to production but hidden behind a beta control
+- **Beta Control** - A mechanism to enable/disable features for specific users or groups without deploying new code
+- **Beta Rollout** - The process of gradually enabling a beta feature for larger audiences
+
+## Rules
+
+### - Betas SHOULD be avoided in favor of small incremental releases
+Our primary strategy is shipping small, complete features directly to production rather than releasing large, incomplete features in beta. This approach provides faster feedback, reduces complexity, and delivers value immediately.
+
+Use betas only when:
+- The feature cannot be meaningfully decomposed into smaller units
+- There are significant business or technical risks that require validation before full release
+- Gradual rollout is needed to monitor performance or system impact
+
+### - Beta roll-out MUST have clear removal criteria
+Every beta MUST have:
+- Specific criteria for removing the beta and fully releasing the feature
+- A GH that clearly defines when and how a beta will be removed
+
+### - Betas MUST NOT be used for an excuse to roll out low-quality code
+Bad Example: A feature is built with a lot of bugs, but it's OK because it's behind a beta and therefore won't impact users or QA.
+
+## When Beta Controls Are Appropriate
+
+### - Beta MUST be used if a feature requires gradual rollout
+When you need to monitor system performance, user adoption, or business metrics as you enable features for larger audiences.
+When changes could significantly affect core user workflows and you need to validate the impact with real users before full release.
+
+## Examples
+
+### ❌ Inappropriate Beta Usage
+**Scenario**: New expense submission form
+**Beta approach**: Put form behind beta control for 6 weeks to "get feedback"
+**Problems**:
+- Form could be released incrementally (one field improvement at a time)
+- Low technical risk doesn't justify beta control
+- Extended timeline delays value delivery
+- Creates complexity for minimal benefit
+
+### ✅ Appropriate Beta Usage
+**Scenario**: New AI-powered expense categorization system
+**Beta approach**: Beta control with gradual rollout over 3 weeks
+**Justification**:
+- Cannot be meaningfully decomposed (AI model needs holistic evaluation)
+- High technical risk (AI predictions could impact user trust)
+- Need to monitor system performance with AI processing load
+- Requires real usage data to validate accuracy
+
+**Rollout plan**:
+- 5% of users, monitor accuracy and performance
+- 25% of users if metrics meet thresholds
+- 100% rollout if success criteria met
+
+**Success criteria**:
+- 85% categorization accuracy
+- No performance degradation (response times under 200ms)
+- Error rate under 1%
+- Positive user feedback on suggestions
+
+## Beta Removal Strategy
+
+### - Define removal criteria upfront
+Before adding a new beta beta, establish quantifiable criteria for full rollout or feature termination.
+
+Create GHs to track what needs to happen for a given beta.
+
+### - Plan for three outcomes
+1. **Removal**: Remove beta control and enable for all users
+2. **Iteration**: Modify feature based on beta data, continue gradual rollout
+3. **Rollback**: Disable beta control and return to drawing board
+
+### - Monitor graduation metrics continuously
+Track key performance indicators throughout the beta period:
+- System performance impact
+- Error rates and user feedback
+- Business metrics (conversions, retention, etc.)
+
+### - Clean up removed betas
+Once features graduate to full release:
+- Remove beta control code and configuration
+- Update documentation to reflect new baseline functionality
+- Document lessons learned for future beta processes

contributingGuides/philosophies/BETAS.md

@@ -0,0 +1,72 @@
+# Small Incremental Releases Philosophy
+This philosophy guides our approach to breaking down large projects into smaller, independently releases that deliver value early and often.
+
+#### Related Philosophies
+- [Over-engineering Philosophy](/contributingGuides/philosophies/OVERENGINEERING.md)
+- [Optimization Philosophy](/contributingGuides/philosophies/OPTIMIZATION.md)
+
+#### Terminology
+- **Incremental Release** - A small, independently unit of work that delivers tangible value
+- **Release Stage** - A logical grouping of work that can stand alone if needed
+- **Dependencies** - Work that must be completed before other work can begin
+- **ROI** - Return on Investment, the value delivered versus the cost to implement
+
+## Rules
+
+### - Large projects MUST be broken into small incremental releases
+Big projects are rarely "one and done". They involve a series of releases, each building a foundation for the next. Break projects into the smallest pieces that can be incrementally deployed for customers to get value and provide early feedback. It MUST be possible to pause indefinitely after each release without serious trouble.
+
+### - Releases MUST have a descriptive name
+Each release MUST have a descriptive name of the feature that will be released, instead of a generic v2 appended to the name.
+
+#### Examples
+✅ GOOD: Release 1: Add ungrouped Accounting > Unapproved cash
+❌ BAD: Suggested Search: Accounting Workflows v1
+
+
+### - Releases MUST include adding help documentation and training the team
+Each release MUST come with a set of help documentation and training the team on the new feature.
+### - Releases SHOULD be minimally scoped
+Each release SHOULD achieve the least it possibly can while still accomplishing something meaningful. Resist merging releases together - it's faster to do two small, obvious releases than one large, less-obvious release. They are easier to write, easier to test, easier to review, and easier to revert.
+
+## Examples
+
+### ❌ Monolithic Release Approach
+**Project**: New expense reporting system
+**Monolithic approach**: Build complete system with:
+- User authentication
+- Expense submission
+- Approval workflows  
+- Reporting dashboard
+- Mobile app
+- Integrations with 5 external systems
+
+**Problems**: 
+- 6-month development cycle with no user feedback
+- High risk if any component fails
+- No value delivered until everything is complete
+
+### ✅ Incremental Release Approach
+**Project**: New expense reporting system
+
+**Release 1**: Basic expense submission (web only)
+- Users can submit expenses manually
+- Admin can approve/reject in simple interface
+- **Value**: Immediate replacement of paper/email process
+
+**Release 2**: Receipt capture
+- Users can photograph receipts
+- Basic OCR for expense details
+- **Value**: Reduces manual data entry
+
+**Release 3**: Approval workflows
+- Multi-level approval routing
+- Email notifications
+- **Value**: Automates approval process for larger organizations
+
+**Release 4**: Reporting dashboard
+- Basic expense reports and analytics
+- Export capabilities
+- **Value**: Provides visibility into spending patterns
+
+Each release delivers immediate value while building toward the complete vision.

contributingGuides/philosophies/INCREMENTAL-RELEASES.md

@@ -5,15 +5,19 @@ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "S
 "OPTIONAL" are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
 
 ## Contents
+* [Beta Usage Philosophy](/contributingGuides/philosophies/BETAS.md)
 * [Cross-Platform Philosophy](/contributingGuides/philosophies/CROSS-PLATFORM.md)
 * [Data Flow Philosophy](/contributingGuides/philosophies/DATA-FLOW.md)
 * [Async vs. Sync Code](/contributingGuides/philosophies/ASYNC.md)
 * [Data Binding Philosophy](/contributingGuides/philosophies/DATA-BINDING.md)
 * [Deploying Philosophy](/contributingGuides/philosophies/DEPLOYING.md)
 * [Directory Structure and File Naming Philosophy](/contributingGuides/philosophies/DIRECTORIES.md)
-* [Internationalization Philosophy](/contributingGuides/philosophies/INTERNATIONALIZATION.md)
 * [HybridApp Philosophy](/contributingGuides/philosophies/HYBRID-APP.md)
+* [Small Incremental Releases Philosophy](/contributingGuides/philosophies/INCREMENTAL-RELEASES.md)
+* [Internationalization Philosophy](/contributingGuides/philosophies/INTERNATIONALIZATION.md)
 * [Offline Philosophy](/contributingGuides/philosophies/OFFLINE.md)
 * [Onyx Data Management Philosophy](/contributingGuides/philosophies/ONYX-DATA-MANAGEMENT.md)
+* [Over-engineering Philosophy](/contributingGuides/philosophies/OVERENGINEERING.md)
+* [Optimization Philosophy](/contributingGuides/philosophies/OPTMIZATION.md)
 * [Routing Philosophy](/contributingGuides/philosophies/ROUTING.md)
 * [Security Philosophy](/contributingGuides/philosophies/SECURITY.md)

contributingGuides/philosophies/INDEX.md

@@ -0,0 +1,45 @@
+# Optimization Philosophy
+This philosophy guides our approach to optimization by focusing on proven problems rather than hypothetical issues across all aspects of development and processes.
+
+#### Related Philosophies
+- [Over-engineering Philosophy](/contributingGuides/philosophies/OVERENGINEERING.md)
+
+#### Terminology
+- **Optimization** - making something faster, more flexible, or more capable than it needs to be to solve the exact problems agreed upon
+- **Pre-optimizing** - Optimizing a solution before identifying actual problems
+- **Bottleneck** - A confirmed point in the process that limits overall results
+- **Measuring** - Collecting actual data about process performance or outcomes
+
+## Rules
+
+### - Optimizations MUST be based on measured problems
+Do not optimize processes or solutions unless you have:
+- Identified a specific problem through user reports, metrics, or observation
+- Measured the issue with appropriate tools or data collection
+- Confirmed the optimization target is actually a bottleneck
+
+Optimizations can be added later if and when they become necessary.
+
+### - Optimizations MUST be measured before and after implementation
+When implementing process improvements:
+- Establish baseline measurements before optimization
+- Implement the optimization
+- Measure the actual improvement gained
+- Document the results achieved
+
+
+## When to Optimize
+### - Known issues
+When we have concrete data about existing usage patterns that indicate the current approach will fail. This is distinct from pre-optimizing because it's based on actual, measurable constraints rather than hypothetical "what if" scenarios.
+- Existing customer data volumes that would break the system
+- Known need to expand the feature in the foreseeable future
+
+### - User-reported issues
+When users report that processes are slow, confusing, or inefficient in specific scenarios.
+
+### - Metrics indicate problems
+When monitoring shows:
+- Increased completion times
+- Higher error rates
+- Resource bottlenecks
+- User satisfaction declining