fix: correct usage analytics and plan detection

[arafa-dev]

Summary

• Deduplicate Claude Code usage rows by message.id, merge duplicate event rows with max output_tokens, and add schema v3 reset/re-scan support that preserves shared-history session ownership.
• Detect Pro plan tier from local Claude config and prefer detected tiers in quota rendering.
• Split cache tokens out of the ccx usage --quota headline token count.

Verification

• make ci
• make build
• ./dist/ccx usage --since 30d
• ./dist/ccx usage --quota
• Dashboard smoke: GET /api/usage and GET /api/health

Notes

• Max plan organization strings remain unverified; detection only maps verified claude_pro -> pro and otherwise falls back to manual config.
• No changes to frozen contracts, v1 schema, OpenAPI, or web source.

Summary by CodeRabbit

• New Features

  • Added separate "CACHE 24H" column to usage quota display for improved token tracking visibility
  • Implemented automatic plan tier detection from local configuration

• Bug Fixes

  • Improved duplicate API call handling to accurately merge records while preserving maximum output token counts

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR refactors the usage tracking and quota system. It introduces plan tier detection from local config, splits token display into billable and cache categories, switches event identity to message-based deduplication with upserts, and upgrades the database schema to consolidate events into sessions.

Changes

Usage Quota and Event Tracking v3

Layer / File(s)	Summary
Token display split: billable and cache internal/cli/usage.go, internal/cli/usage_internal_test.go	CLI usage quota table adds a "CACHE 24H" column alongside "TOKENS 24H". Helper functions billableTokens (input+output) and cacheTokens (read+create) split the 24h token display accordingly.
Plan tier detection from Claude Code config internal/plandetect/detect.go, internal/plandetect/detect_test.go, internal/plandetect/doc.go	New plandetect package reads .claude.json from profile config directory, unmarshals oauthAccount.organizationType, and maps claude_pro to "pro" tier; returns ok=false for missing files or unrecognized types.
Quota adapter integration with detected plan tier internal/quotawire/adapter.go, internal/quotawire/adapter_test.go	Adapter calls plandetect.Detect per profile before quota computation and overwrites Limits.PlanTier with detected tier when available, falling back to the existing tier on detection failure.
Event UUID based on message identity internal/scanner/parse.go, internal/scanner/parse_test.go	Scanner schema now includes message.id field. parseLine replaces event UUID with message.id when non-empty, enabling deduplication of multi-block usage records under shared message identity.
Event deduplication via upsert with max output tokens internal/storage/events.go, internal/storage/events_test.go	Store.InsertEvents changes from ON CONFLICT ... DO NOTHING to ON CONFLICT ... DO UPDATE, upserting duplicate (profile_name, event_uuid) rows while preserving the maximum output_tokens across conflicts.
Database schema v3: consolidate events to sessions internal/storage/migrate.go, internal/storage/migrate_test.go, internal/storage/testhelpers_test.go	Schema version incremented to 3. Migration v3 upserts sessions from aggregated events (using MAX(ts) per session), then clears events and scan_cursors tables. Migrate function runs v3 migration for databases below version 3 and includes a new CountScanCursors test helper.
Lint suppression reorganization internal/run/process_launcher.go	Nolint directives on OSChildLauncher.Start repositioned: gocritic suppression moved to dedicated comment above method, gosec suppression moved to trailing comment on exec.Command call.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• arafa-dev/ccx#18: Both PRs touch quota UX plumbing—internal/cli/usage.go's renderUsageQuota and internal/quotawire/adapter.go's plan-tier handling—directly extending the quota plan-aware surface.
• arafa-dev/ccx#5: Both PRs modify JSONL parsing in internal/scanner/parse.go; the main PR adjusts UUID identity derivation using message.id while the retrieved PR introduces the initial parseLine parser.
• arafa-dev/ccx#13: The retrieved PR introduces the internal/cli/usage.go usage command and quota table, and the main PR updates that same table logic to add separated "TOKENS 24H" vs "CACHE 24H" columns.

Poem

🐰 A schema takes flight with version three,
Where events merge and sessions breathe free—
Detected tiers split tokens with care,
Dedup by message, no duplicates spare!

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Description check	❓ Inconclusive	The PR description follows the template structure with Summary, Verification, and Notes sections. However, the What and Why sections are missing from the template, and the Contract impact checklist is incomplete.	Add explicit What and Why sections following the template format, and complete the Contract impact checkbox items to clarify what contract changes are included.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main changes: fixing usage analytics (deduplication, merging, schema updates) and adding plan detection. It is concise and specific.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/usage-analytics-correctness

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (4)

internal/cli/usage_internal_test.go (1)

54-67: ⚡ Quick win

Consider table-driven test structure for pure functions.

The test correctly validates billableTokens and cacheTokens, but a table-driven approach would be more idiomatic and make it easier to add additional test cases (e.g., zero tokens, boundary values). As per coding guidelines, pure functions should use table-driven tests.

♻️ Suggested table-driven refactor

 func TestBillableAndCacheSplit(t *testing.T) {
-	u := contracts.Usage{
-		InputTokens:       1_000_000,
-		OutputTokens:      4_000_000,
-		CacheReadTokens:   600_000_000,
-		CacheCreateTokens: 50_000_000,
-	}
-	if got := billableTokens(u); got != 5_000_000 {
-		t.Fatalf("billableTokens = %d, want 5_000_000", got)
-	}
-	if got := cacheTokens(u); got != 650_000_000 {
-		t.Fatalf("cacheTokens = %d, want 650_000_000", got)
-	}
+	tests := []struct {
+		name         string
+		usage        contracts.Usage
+		wantBillable int
+		wantCache    int
+	}{
+		{
+			name: "standard_split",
+			usage: contracts.Usage{
+				InputTokens:       1_000_000,
+				OutputTokens:      4_000_000,
+				CacheReadTokens:   600_000_000,
+				CacheCreateTokens: 50_000_000,
+			},
+			wantBillable: 5_000_000,
+			wantCache:    650_000_000,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := billableTokens(tt.usage); got != tt.wantBillable {
+				t.Errorf("billableTokens() = %d, want %d", got, tt.wantBillable)
+			}
+			if got := cacheTokens(tt.usage); got != tt.wantCache {
+				t.Errorf("cacheTokens() = %d, want %d", got, tt.wantCache)
+			}
+		})
+	}
 }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@internal/cli/usage_internal_test.go` around lines 54 - 67, Refactor
TestBillableAndCacheSplit into a table-driven test: create a slice of test cases
each with a name, input contracts.Usage, expected billable and expected cache
ints, then loop over cases and run t.Run(case.name, func(t *testing.T){ if
got:=billableTokens(case.u); got!=case.wantBillable { t.Fatalf(...)} if
got:=cacheTokens(case.u); got!=case.wantCache { t.Fatalf(...)} }), include at
least the existing case plus extras (zero tokens and a boundary case) to
exercise billableTokens and cacheTokens more idiomatically.

internal/quotawire/adapter.go (1)

43-51: Detected-tier override logic is correct; note the per-request disk read.

Detect is invoked for every profile on every Quota call, so each GET /api/usage / --quota invocation re-reads .claude.json from disk per profile. With few profiles this is negligible, but if the dashboard polls frequently you may want to cache detection results (e.g., per profile with a short TTL or invalidation on config mtime) to keep the quota path cheap.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@internal/quotawire/adapter.go` around lines 43 - 51, The current loop calls
plandetect.Detect(profiles[i].ConfigDir) for every profile on every Quota call
(i.e., each GET /api/usage or --quota), causing a disk read per profile; cache
detection results keyed by profile (e.g., profile ID or ConfigDir) with a short
TTL or invalidate on config file mtime to avoid re-reading .claude.json on every
invocation, and update the loop that sets profiles[i].Limits.PlanTier to use the
cached value (fall back to plandetect.Detect only when cache miss or stale).

internal/plandetect/detect_test.go (1)

1-1: ⚡ Quick win

Use the _test package suffix.

This new test only exercises the exported Detect, so it can live in an external test package to enforce testing through the public API.

♻️ Switch to external test package

-package plandetect
+package plandetect_test
+
+import "github.com/arafa-dev/ccx/internal/plandetect"

Call sites become plandetect.Detect(dir).

As per coding guidelines: "use _test package suffix".

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@internal/plandetect/detect_test.go` at line 1, Change the test package from
plandetect to an external test package by renaming the package declaration to
plandetect_test and update all call sites to reference the exported API (e.g.,
call plandetect.Detect(dir) instead of Detect(dir)) so the test exercises the
public Detect function through the package boundary.

internal/storage/events.go (1)

38-46: ⚡ Quick win

No merge change needed: duplicates only vary output_tokens, not input_tokens/cache_*

• internal/scanner/parse_test.go shows duplicate JSONL lines sharing the same message.id have identical input_tokens, cache_read_input_tokens, and cache_creation_input_tokens, while output_tokens grows; therefore the current ON CONFLICT behavior (keeping MAX(output_tokens) but overwriting the other fields) is order-independent.
• internal/scanner/parse.go comment “same … usage” is slightly misleading given the test case; clarify it to say only output_tokens varies across duplicate lines.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@internal/storage/events.go` around lines 38 - 46, The ON CONFLICT clause in
internal/storage/events.go is already correct (it preserves MAX(output_tokens)
while overwriting other fields), but the comment in internal/scanner/parse.go is
misleading; update the parse.go comment to state that duplicate JSONL lines with
the same message.id have identical input_tokens, cache_read_input_tokens, and
cache_creation_input_tokens while only output_tokens grows across duplicates,
and optionally add a short inline comment next to the ON CONFLICT SQL (in
events.go) noting we only need to take MAX for output_tokens while other token
counts are identical so order-independence is preserved.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@internal/plandetect/detect.go`:
- Around line 21-35: Change Detect to accept ctx context.Context as its first
parameter and add "context" to imports; inside Detect, check ctx.Err() and
return early if canceled before performing os.ReadFile, then proceed to read and
unmarshal as before and return mapOrgType result. Update the caller in
internal/quotawire/adapter.go to pass the request context into Detect and adjust
tests in detect_test.go to provide a context.Context argument to Detect. Ensure
the function name Detect and the mapping call to mapOrgType remain unchanged.

---

Nitpick comments:
In `@internal/cli/usage_internal_test.go`:
- Around line 54-67: Refactor TestBillableAndCacheSplit into a table-driven
test: create a slice of test cases each with a name, input contracts.Usage,
expected billable and expected cache ints, then loop over cases and run
t.Run(case.name, func(t *testing.T){ if got:=billableTokens(case.u);
got!=case.wantBillable { t.Fatalf(...)} if got:=cacheTokens(case.u);
got!=case.wantCache { t.Fatalf(...)} }), include at least the existing case plus
extras (zero tokens and a boundary case) to exercise billableTokens and
cacheTokens more idiomatically.

In `@internal/plandetect/detect_test.go`:
- Line 1: Change the test package from plandetect to an external test package by
renaming the package declaration to plandetect_test and update all call sites to
reference the exported API (e.g., call plandetect.Detect(dir) instead of
Detect(dir)) so the test exercises the public Detect function through the
package boundary.

In `@internal/quotawire/adapter.go`:
- Around line 43-51: The current loop calls
plandetect.Detect(profiles[i].ConfigDir) for every profile on every Quota call
(i.e., each GET /api/usage or --quota), causing a disk read per profile; cache
detection results keyed by profile (e.g., profile ID or ConfigDir) with a short
TTL or invalidate on config file mtime to avoid re-reading .claude.json on every
invocation, and update the loop that sets profiles[i].Limits.PlanTier to use the
cached value (fall back to plandetect.Detect only when cache miss or stale).

In `@internal/storage/events.go`:
- Around line 38-46: The ON CONFLICT clause in internal/storage/events.go is
already correct (it preserves MAX(output_tokens) while overwriting other
fields), but the comment in internal/scanner/parse.go is misleading; update the
parse.go comment to state that duplicate JSONL lines with the same message.id
have identical input_tokens, cache_read_input_tokens, and
cache_creation_input_tokens while only output_tokens grows across duplicates,
and optionally add a short inline comment next to the ON CONFLICT SQL (in
events.go) noting we only need to take MAX for output_tokens while other token
counts are identical so order-independence is preserved.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 43fcf20d-4e07-4525-8344-ad1884f14e28

📥 Commits

Reviewing files that changed from the base of the PR and between eb1e9a2 and 5a769d6.

📒 Files selected for processing (15)

• internal/cli/usage.go
• internal/cli/usage_internal_test.go
• internal/plandetect/detect.go
• internal/plandetect/detect_test.go
• internal/plandetect/doc.go
• internal/quotawire/adapter.go
• internal/quotawire/adapter_test.go
• internal/run/process_launcher.go
• internal/scanner/parse.go
• internal/scanner/parse_test.go
• internal/storage/events.go
• internal/storage/events_test.go
• internal/storage/migrate.go
• internal/storage/migrate_test.go
• internal/storage/testhelpers_test.go

[coderabbitai]

🛠️ Refactor suggestion | 🟠 Major | ⚡ Quick win

Detect performs file I/O but does not accept a context.Context.

Detect reads .claude.json via os.ReadFile, so per the project convention it should take ctx context.Context as its first parameter (and can short-circuit on ctx.Err() before the read). This also lets the quotawire caller propagate its request context.

♻️ Add ctx to the signature and propagate from the caller

-func Detect(configDir string) (tier string, ok bool) {
+func Detect(ctx context.Context, configDir string) (tier string, ok bool) {
 	if configDir == "" {
 		return "", false
 	}
+	if err := ctx.Err(); err != nil {
+		return "", false
+	}
 	// `#nosec` G304 -- configDir is a local Claude profile path selected by the user.
 	b, err := os.ReadFile(filepath.Join(configDir, ".claude.json"))

Add "context" to imports. Downstream caller in internal/quotawire/adapter.go (Line 48) becomes:

-		if tier, ok := plandetect.Detect(profiles[i].ConfigDir); ok {
+		if tier, ok := plandetect.Detect(ctx, profiles[i].ConfigDir); ok {

and the tests in detect_test.go need the ctx argument as well.

As per coding guidelines: "Every I/O or blocking public function must take ctx context.Context as its first parameter".

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	func Detect(configDir string) (tier string, ok bool) {
	if configDir == "" {
	return "", false
	}
	// #nosec G304 -- configDir is a local Claude profile path selected by the user.
	b, err := os.ReadFile(filepath.Join(configDir, ".claude.json"))
	if err != nil {
	return "", false
	}
	var cfg claudeConfig
	if err := json.Unmarshal(b, &cfg); err != nil {
	return "", false
	}
	return mapOrgType(cfg.OAuthAccount.OrganizationType, cfg.OAuthAccount.OrganizationRateLimit)
	}
	func Detect(ctx context.Context, configDir string) (tier string, ok bool) {
	if configDir == "" {
	return "", false
	}
	if err := ctx.Err(); err != nil {
	return "", false
	}
	// `#nosec` G304 -- configDir is a local Claude profile path selected by the user.
	b, err := os.ReadFile(filepath.Join(configDir, ".claude.json"))
	if err != nil {
	return "", false
	}
	var cfg claudeConfig
	if err := json.Unmarshal(b, &cfg); err != nil {
	return "", false
	}
	return mapOrgType(cfg.OAuthAccount.OrganizationType, cfg.OAuthAccount.OrganizationRateLimit)
	}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@internal/plandetect/detect.go` around lines 21 - 35, Change Detect to accept
ctx context.Context as its first parameter and add "context" to imports; inside
Detect, check ctx.Err() and return early if canceled before performing
os.ReadFile, then proceed to read and unmarshal as before and return mapOrgType
result. Update the caller in internal/quotawire/adapter.go to pass the request
context into Detect and adjust tests in detect_test.go to provide a
context.Context argument to Detect. Ensure the function name Detect and the
mapping call to mapOrgType remain unchanged.