Commit graph

776 commits

Author SHA1 Message Date
ozymandiashh
d869ad86e2
fix(pi): classify native skill loads as Skill, not Read (#588) (#590)
Pi and OMP have no dedicated skill tool: a native skill load is emitted as
an ordinary `read` tool call whose path points at the skill's SKILL.md (or a
`skill://<name>` URI in newer OMP builds). The parser mapped every read to the
Read tool and never populated `skills`, so Pi/OMP sessions over-counted Reads
AND always showed an empty "Skills & Agents" breakdown.

Detect these reads (basename === 'SKILL.md', or a skill:// URI), extract the
skill name (parent directory, or the URI segment), and surface the call as the
`Skill` tool with the name recorded in `skills` -- exactly how the Claude
parser represents a skill invocation. That both removes the Read over-count and
lets the shared classifier tag the turn `general` so the Skills & Agents
breakdown picks it up (populating a field the dashboard never received before).
The path is read from arguments.path with a defensive arguments.file_path
fallback.

Tests cover SKILL.md / skill:// / file_path detection, a non-skill read staying
a Read, and an end-to-end check that a parsed skill load reaches the classifier
subCategory that feeds skillBreakdown.
2026-07-01 15:57:31 +02:00
ozymandiashh
61eb5fbca5
fix: scope cache read/write to the selected period (web + devices CLI) (#583) (#586)
The dashboard Cache read/write cards and the `codeburn devices` summarizer
summed the full 365-day history.daily backfill instead of the selected period,
so shorter windows over-counted (today ~197x on real data). Every other metric
already reads the period-scoped `current` block.

buildMenubarPayload now emits period-scoped cacheReadTokens/cacheWriteTokens on
`current` (from PeriodData, alongside inputTokens/outputTokens); the web cards
(single + combined views) and summarizeOneDevice read those instead of reducing
history.daily. The trend chart still uses history.daily. Older peers that omit
the fields fall back to 0 (web) or the windowed daily sum (CLI).

Adds regression tests for both surfaces.
2026-07-01 15:53:44 +02:00
Resham Joshi
05d4cc06e5
fix(web): complete mobile responsiveness (header overflow + a11y) (#589)
Some checks are pending
CI / semgrep (push) Waiting to run
Adopt the more complete responsive implementation from #587 over the
initial one in #582: header controls become a hidden-scrollbar strip
instead of overflowing the page on phones, the sidebar drawer uses
visibility:hidden when closed so its links leave the tab order, aria
attributes on the toggle, 100dvh for mobile browser chrome, and 36px
touch targets.
2026-07-01 15:07:28 +02:00
ele-yufo
4f86e6ccfb
feat(web): mobile responsive web dashboard (#582)
Add mobile responsive support for the web dashboard:

- Hamburger button in header (hidden on md+) to toggle sidebar
- Sidebar becomes off-canvas drawer on mobile with slide-in transition
- Backdrop overlay with blur when sidebar is open
- Header stays sticky on mobile scroll
- Content area stacks vertically on mobile
- Main content takes full width on mobile
- Sidebar auto-closes when a device is selected

All changes use Tailwind responsive classes (md: breakpoint).
Desktop layout is completely unchanged.

Co-authored-by: yufo <yufo@MacBook-Pro.local>
2026-07-01 13:18:06 +02:00
Resham Joshi
2b0f781977
feat: add codeburn audit token-source view (#578)
Adds a per-(provider, model) audit table showing the raw token fields each
provider records (input, output, reasoning, cache write/read) alongside the
totals codeburn displays and prices. It makes the normalizations explicit:
reasoning folds into output, the Anthropic cacheReadInput / OpenAI cached
vocabularies collapse to a per-call max, and cache write/read use the 1.25x /
0.1x input multipliers when a model omits explicit cache rates.

--format json adds per-component cost, the applied rates, both raw cache-read
fields, and recomputed vs attributed cost, so any token-to-cost drift is
visible in one command. Same options as `codeburn models`.
2026-07-01 13:02:29 +02:00
Resham Joshi
89e6842976
Merge pull request #580 from getagentseal/iamtoruk-patch-1
Some checks are pending
CI / semgrep (push) Waiting to run
Clarify CodeBurn's open-source project status
2026-07-01 04:18:04 +02:00
Resham Joshi
071fb4aaf7
Clarify CodeBurn's open-source project status
Added clarification about CodeBurn's affiliation.
2026-07-01 03:35:03 +02:00
Resham Joshi
22d5fc1743
perf(web): instant dashboard load, default to today, fast-fail offline peers (#573)
Some checks failed
CI / semgrep (push) Has been cancelled
The web server is long-lived, so cache what the per-invocation CLI cannot:

- Cache the parsed local payload in-memory (single-flight, 180s TTL matched to
  the parser session cache, expired entries pruned on write). /api/usage and the
  local half of /api/devices now return from a Map hit after the first parse.
- Prewarm today at startup and inline that payload into index.html as a
  bootstrap, so the SPA paints today's numbers with no round-trip. Only the
  local device is embedded; '<' is escaped so a name cannot break the script
  tag; served no-store; the seeded view refetches at once so live peers appear.
- Default the web command and dashboard to today.
- Cap the peer connect phase at 3s. req.setTimeout does not abort a stalled TCP
  connect, so an offline paired device hung ~75s on the OS timeout; it now
  degrades to an unreachable row in ~3s. The cap clears on TCP connect, so the
  TLS handshake and the 65s pairing-approval wait are unaffected.

Measured: /api/usage 0.0007s warm (was ~0.22s), /api/devices ~3s with an offline
peer (was ~75s), first paint instant.
2026-06-29 04:21:36 +02:00
ozymandiashh
805d2ffa49
feat(menubar): add Local/Combined usage toggle (#566) (#568)
Some checks are pending
CI / semgrep (push) Waiting to run
Mirror the combined multi-device dashboard in the macOS menubar via a
Local/Combined scope toggle (Settings -> Display). Builds on the menubar-json
`--scope combined` contract.

- MenubarScope enum (.local default) persisted in UserDefaults; PayloadCacheKey
  gains a scope dimension so local and combined payloads cache separately.
- DataClient.fetch(scope:): a pure statusSubcommand builder appends
  `--scope combined` only for combined, forces `--provider all` (the CLI rejects
  combined with a provider/project/exclude filter), and coerces multi-day
  selections to local (the CLI rejects combined + --days).
- MenubarPayload decodes the optional `combined` block (per-device + totals);
  nil when absent (back-compat).
- The badge always stays on the local payload; the combined network pull lives
  on a separate cache key and falls back to local with a "Combined unavailable"
  indicator, so a slow/offline peer never blocks the badge.
- Hero shows combined totals + a per-device breakdown in Combined scope; the
  token metric stays input+output (cache excluded) to match local; the
  per-device daily-budget warning is suppressed for a multi-device total;
  selecting Combined resets the provider tab to All.

Tests run via `swift test` (CommandLineTools Testing.framework on the rpath, no
Xcode): scope persistence, argv (local/combined/provider-forcing/multi-day),
cache-key partition, badge-survives-combined-failure, combined decode, token
consistency, provider reset, budget suppression.
2026-06-28 22:01:01 +02:00
ozymandiashh
88c1cee467
feat(menubar): expose combined multi-device usage in menubar-json (#566) (#567)
* feat(menubar): expose combined multi-device usage in menubar-json (#566)

The macOS menubar reads `codeburn status --format menubar-json`, which only
ever reflected the local machine. Multi-device "Combined" usage existed only in
the terminal `devices` command. This exposes combined + per-device usage through
the menubar-json contract so the menubar can mirror the combined dashboard.

- Extract the per-device summary + combined reduce that was inline in
  renderDevices into a reusable pure `summarizeDeviceUsage(results, window?)`.
  Error/unreachable devices are excluded from the combined sums (kept in
  perDevice); deviceCount counts all, reachableCount counts the reachable ones.
  renderDevices now formats from it with byte-identical output.
- Add an optional `combined?: CombinedUsage` block to MenubarPayload (perDevice
  list + combined totals incl. calls/sessions). Absent by default.
- Add `--scope local|combined` to `status` (default local). `combined` builds the
  local payload, pulls paired devices (pullDevices isolates per-peer failures),
  and attaches the summary.
- Correctness guards: reject `--scope combined` with `--days` (non-contiguous,
  not representable over the sharing query) and with `--provider`/`--project`/
  `--exclude` (the sharing query carries no filters, so peers would report
  unfiltered usage). Window-scope the cache-token sum to the selected period
  (cache lives in 365-day daily history; current carries no cache counts).

TS/CLI only. The menubar Local/Combined toggle + render is a follow-up.

* fix(menubar): never let combined enrichment break the base local payload

The status --format menubar-json --scope combined path pulls paired devices.
Wrap that best-effort enrichment in a guard so an unexpected failure (corrupt
remotes store, peer I/O) can never take down the base local menubar payload —
on error the local payload is still emitted with combined omitted. Add a test
that a corrupt remote-devices.json still yields a valid combined (local-only) payload.

---------

Co-authored-by: AgentSeal <hello@agentseal.org>
2026-06-28 20:59:23 +02:00
ozymandiashh
b24dd31ede
fix(copilot): read VS Code chatSessions for token cost (#555) (#563)
VS Code GitHub Copilot Chat users with no OTel agent-traces.db and no
~/.copilot/session-state/ saw $0.00 cost: codeburn never read VS Code's
core chat persistence, the only on-disk source carrying their token counts.

Add a fourth Copilot source that reads the VS Code chat delta-journals at
workspaceStorage/<hash>/chatSessions/*.jsonl and
globalStorage/emptyWindowChatSessions/*.jsonl. The files are a kind:0
snapshot / kind:1 path-set / kind:2 array-append journal; we replay it
(prototype-pollution-safe: __proto__/prototype/constructor segments are
rejected and containers use Object.create(null)) and read each request's
result.metadata.promptTokens / outputTokens (falling back to
completionTokens) and resolvedModel for pricing.

Dedup so users with multiple sources are not double-counted: prefer OTel
(skip chatSessions discovery when an OTel source is present), and skip a
workspace's legacy GitHub.copilot-chat/transcripts when that workspace has
chatSessions. New env overrides CODEBURN_COPILOT_GLOBAL_STORAGE_DIR and the
existing CODEBURN_COPILOT_WS_STORAGE_DIR keep discovery testable.

Tests cover the reporter's real request shape (promptTokens 32543 /
outputTokens 60 -> non-zero cost), empty sessions, emptyWindow discovery,
append-then-edit replay, requestId dedup, prototype-pollution paths, the
transcript skip, and the OTel-prefer skip.
2026-06-28 20:15:02 +02:00
Mr Kevin D Addison
d5002f1deb
Populate OpenCode skills and subagents breakdowns (#557)
The Skills & Agents panel was always empty for OpenCode sessions even
when skills and subagents were used. buildAssistantCall (shared by the
OpenCode SQLite and file-based parsers, and Kilo Code) counted the
skill/task tool invocations but never read the skill name or subagent
type from the tool-call input, so the dedicated breakdowns had no names
to aggregate.

In OpenCode's part files the identifier lives in state.input: the skill
tool carries input.name and the task tool carries input.subagent_type.
Extract both in buildAssistantCall and surface them on
ParsedProviderCall.skills / .subagentTypes, then stop hard-coding
skills: [] in providerCallToTurn and providerCallToCachedCall so the
classifier's subCategory and the subagent breakdown receive the data.

Verified against real OpenCode data: the previously empty skills[] and
subagents[] now populate (pipeline-investigation, plan-spec, splunk, ...
and explore/general subagents).

Fixes #556

Co-authored-by: Kevin Addison <kevin.addison3@tesco.com>
2026-06-28 19:46:09 +02:00
ozymandiashh
7cd1f90631
fix(web): reject invalid dashboard periods without exiting (#554)
* fix(web): reject invalid dashboard periods without exiting

* test(web): assert invalid periods return 400 without exiting; drop redundant /api/devices re-parse

- Add tests/web-dashboard.test.ts: boots the dashboard on an ephemeral port and asserts
  /api/usage and /api/devices answer 400 (not process.exit) for a bad period, and that
  the server keeps serving afterward. runWebDashboard now returns the http.Server so it
  can be exercised in-process; callers that ignore the return value are unaffected.
- /api/devices: resolve periodInfo once instead of validating then re-parsing it inside
  localGetUsage (pullDevices invokes localGetUsage with the same already-validated query).

---------

Co-authored-by: AgentSeal <hello@agentseal.org>
2026-06-28 19:35:46 +02:00
ozymandiashh
fd44d995c7
feat(providers): add open-design provider for per-model usage tracking (#559) 2026-06-28 19:17:23 +02:00
ozymandiashh
2a0edd0d68
feat(pricing): add user price overrides for models (#390) (#560) 2026-06-28 19:07:29 +02:00
Tiago Santos
b424bf1d3f
fix(devin): add missing support for ATIF v1.7 (#570)
* fix: add mssing support for ATIF v1.7

Co-Authored-By: bmcdonough <18721778+bmcdonough@users.noreply.github.com>

* fix(devin): drop unused MCP-coupled types, dead guard, harden metrics fallback

- Remove the @modelcontextprotocol/sdk JsonSchemaType import and the unused
  ToolDefinition/FunctionDefinition types it served; type Agent.tool_definitions
  as unknown since the parser never reads it (no dependency warranted).
- Remove isImageContentPart: unused, and its `"image" in part` check could never
  be true (image parts carry `source`/`type`, not `image`).
- Use the `type` discriminant in isTextContentPart instead of property presence.
- getMetricsFromStep: fall back to legacy metadata.metrics when step.metrics is
  present but empty, so a partial metrics object cannot silently zero usage.
- Tests: cover the empty step.metrics fallback and image-only message normalization.

---------

Co-authored-by: bmcdonough <18721778+bmcdonough@users.noreply.github.com>
Co-authored-by: AgentSeal <hello@agentseal.org>
2026-06-28 19:00:51 +02:00
Resham Joshi
5efb7e9b76
docs(readme): add a one-line definition as the opening line (#571)
Some checks are pending
CI / semgrep (push) Waiting to run
Leads the README with the canonical one-sentence definition (matching codeburn.app, llms.txt, and the JSON-LD) so search and AI answer engines lift a consistent description. The existing hook paragraph stays below.
2026-06-27 16:58:30 +02:00
Resham Joshi
1aa05bdbbe
Raise streaming session cap to 4GB so large Codex sessions are counted (#569)
Some checks are pending
CI / semgrep (push) Waiting to run
The 2GB stream cap silently dropped whole Codex session files over the limit, so a live 2.4GB session (about 308M tokens of real gpt-5.5 spend) was excluded and reported as zero. Raise MAX_STREAM_SESSION_FILE_BYTES to 4GB (the line-by-line reader is bounded-memory and handles multi-GB files), and surface any remaining oversize skip via an always-on notice instead of a verbose-gated warning so a dropped session is never silent. Adds a maxBytes option for testability and tests covering the cap boundary.
2026-06-26 01:16:56 +02:00
Resham Joshi
dcdfbc1b10
docs(changelog): credit @vaibhavarora14 for #486 (#552)
Some checks failed
CI / semgrep (push) Has been cancelled
2026-06-22 03:57:50 +02:00
Resham Joshi
69eee2c1f4
chore(release): 0.9.14 (#551)
Browser dashboard (codeburn web), device sharing (share/devices), new providers (Grok Build, ZCode, Hermes Agent, Kiro CLI, zerostack), Codex credit usage, plus CLI and menubar fixes. See CHANGELOG for the full list and contributor credits.

Document codeburn web and device sharing in the README and bump the package version.
2026-06-22 03:50:00 +02:00
Resham Joshi
71b1a9ebce
fix: clean model names in reports and re-hydrate daily cache for new providers (#550)
Two post-0.9.12 cleanups.

Report model names: getShortModelName resolves a model's pricing alias before looking up its display name, so models priced via a sibling alias (ZCode/Hermes GLM-5.2 via glm-5p1, Grok Build via grok-build-0.1) leaked the internal pricing key as the model name in report --format json and the menubar model breakdown. Grok Composer was unmapped and showed raw. Add SHORT_NAMES entries so each resolves to its real name (GLM-5.2, Grok Build, Grok Composer 2.5 Fast). The models command was already correct because it uses each provider's own modelDisplayName.

Daily cache: providers added since the v8 rollup (Grok, Hermes, ZCode) parse usage that older binaries skipped, so days cached at v8 omit them and report 0 across history. Bump DAILY_CACHE_VERSION and MIN_SUPPORTED_VERSION to 9 to force a one-time full re-hydration so new providers backfill without a manual cache clear.
2026-06-22 03:38:50 +02:00
Resham Joshi
f26f4ad1ba
fix(menubar): show every active agent as a tab, ordered by usage for the selected range (#549)
The agent tab strip never showed Grok, Hermes, or ZCode: ProviderFilter had no cases for them, so they could not become tabs. It also derived the visible tabs from today's providers rather than the range the user actually has selected, so an agent used in the selected window but not today never appeared.

Add the three missing cases (filter keys, CLI arg, accent color) and rebuild visibleFilters to source from the selected period via cost(for:). Every agent with usage in the range now appears, ordered by spend descending, and agents with no usage in the range are omitted.
2026-06-22 03:20:02 +02:00
Resham Joshi
163013fc18
fix(pi): label gpt-5.5 as GPT-5.5 (#548)
The pi provider's modelDisplayName matches with a startsWith prefix. With no
gpt-5.5 entry, the model fell into the greedy 'gpt-5' -> 'GPT-5' prefix and
rendered as "GPT-5", while codex/hermes (via the global short-name table) show
"GPT-5.5". Add an explicit gpt-5.5 entry so the longer, exact key wins.
2026-06-22 02:20:30 +02:00
Resham Joshi
454d836f6e
fix(menubar): surface CLI stdout/stderr on decode failure (#515) (#547)
* fix(menubar): surface CLI stdout/stderr on decode failure (#515)

A failed decode of the CLI menubar-json output threw an opaque
DataClientError.decode(error) that surfaced only "not valid JSON", hiding
whether stdout was empty or carried a non-JSON prefix (e.g. a stray Node
banner on stdout, the root cause in #515). Wrap it in a CLIDecodeFailure that
carries a bounded stdout snippet, the stdout byte count, and stderr, so
String(describing:) is self-diagnosing in logs and the UI.

* test(menubar): add missing codexCredits arg so the Swift test target compiles

Two tests built CurrentBlock without the codexCredits parameter added in #510,
so the Swift test target failed to compile (CI does not run the Swift tests, so
it went unnoticed). Add codexCredits: nil to both.
2026-06-22 01:33:41 +02:00
Jon Jozwiak
99a90cb480
fix(copilot): Correct shell commands and skills/agents display (#527) 2026-06-22 01:14:49 +02:00
ozymandiashh
d54f21d08c
fix(antigravity): read current agy antigravity-cli on-disk layout (#541)
* fix(antigravity): read current agy antigravity-cli on-disk layout

* fix(antigravity): propagate SQLITE_BUSY from the .db read so the run retries

---------

Co-authored-by: AgentSeal <hello@agentseal.org>
2026-06-22 01:08:44 +02:00
ozymandiashh
4dcb7e6c3d
fix(models): price Hermes lowercase glm-5.2 the same as GLM-5.2 (#545) 2026-06-22 01:02:59 +02:00
ozymandiashh
10d911d962
fix(cursor-agent): ingest workspace-less CLI transcript layout (#542)
* fix(cursor-agent): ingest workspace-less CLI transcript layout

* fix(cursor-agent): bump parse version so cached sessions pick up the new ingestion

---------

Co-authored-by: AgentSeal <hello@agentseal.org>
2026-06-22 00:55:01 +02:00
ozymandiashh
7c2d36f1f0
Distinguish gpt-5.3-codex-spark from base GPT-5.3 Codex label (#539)
gpt-5.3-codex-spark is a distinct model variant, but the longest-first
startsWith(key+'-') matcher (intended for reasoning suffixes -high/-low)
swept it into the base 'GPT-5.3 Codex' label, making a distinct model look
like the retired base in today/models/status output. Add an explicit
display entry in SHORT_NAMES and the codex provider so the longer key wins;
-high/-low still fall through to the base. Pricing is unaffected (LiteLLM
has no spark entry; cost falls back to the base rate as before).

Fixes #461
2026-06-22 00:44:56 +02:00
AgentSeal
102ce738e8 docs(readme): add Hermes Agent to the supported-tools grid (31 tools) 2026-06-22 00:10:17 +02:00
Resham Joshi
d68e8ec90f
Merge pull request #544 from getagentseal/feat/hermes-provider-rebased
feat(providers): add Hermes Agent provider
2026-06-22 00:06:30 +02:00
AgentSeal
e80da3139a fix(hermes): use sessions.cwd, flag estimated cost, propagate SQLITE_BUSY
- Read the populated sessions.cwd column for project grouping; fall back to
  scraping the transcript, then the profile name. The current Hermes build no
  longer writes "Current working directory:" lines into messages.
- Set costIsEstimated when the figure is the LiteLLM fallback (no recorded cost).
- Re-throw SQLITE_BUSY from the discovery and read paths so a transient lock on
  the live state.db is retried instead of being cached as an empty result.
- Tests: add the cwd column to fixtures; cover cwd grouping, the estimated flag,
  and tool-result tool_name extraction.
2026-06-21 23:50:10 +02:00
Anthony Armijo
645b3c2bdd feat: add Hermes Agent provider
Reads session-level usage from Hermes SQLite state databases
(~/.hermes/state.db and per-profile state.dbs). Tracks input,
output, cache read/write, reasoning tokens, stored costs, tools,
shell commands, and inferred projects.

- Provider reads both root and profile state databases
- Cost fallback: actual_cost_usd > estimated_cost_usd > LiteLLM pricing
- inferProject filters to user/system messages only
- Discovery query capped at LIMIT 10000
- sanitizeProject handles repeated leading separators
- All five review items from PR #386 addressed
- Tested against real Hermes data (557MB state.db with 198 sessions)

Closes #368. Supersedes #386.
2026-06-21 23:29:22 +02:00
ozymandiashh
a12db6e549
Show real Claude project leaf names; stop stray-.git over-grouping (#540)
The 'By Project' panel collapsed sibling Claude Code projects to a parent
folder in two cases:

1) resolveCanonicalProjectPath walked up to ANY ancestor .git and used it as
   the canonical project. A stray .git in a parent of several projects (a
   dotfiles bare repo, an accidental git init) made every sibling resolve to
   that parent ('Projects'/'home'). Now only a real linked worktree (.git is a
   FILE pointing at <main>/.git/worktrees/<name>) canonicalizes to its main
   repo; an ordinary repo or a stray ancestor .git keeps the session's own cwd
   as the project. Genuine worktree grouping is preserved.

2) When a Claude session has no cwd metadata, the dir slug was unsanitized by
   replacing every '-' with '/', inventing path segments that overview then
   split on, so 'Projects-Content-OS' rendered as 'os'. The lossy slug is now
   kept intact, and overview only basenames ABSOLUTE paths.

Fixes #493
2026-06-21 22:42:19 +02:00
AgentSeal
da20ec6b92 docs(readme): drop redundant X label from follow badge 2026-06-21 21:40:16 +02:00
AgentSeal
9344fdcaf7 docs(readme): add X follow badge (@_codeburn) 2026-06-21 21:19:38 +02:00
Resham Joshi
5fd11604c4
docs: add ZCode to the supported-tools logo grid (#538)
Some checks are pending
CI / semgrep (push) Waiting to run
2026-06-20 21:44:08 +02:00
Resham Joshi
9ce649809a
feat(providers): add ZCode (z.ai GLM-5.2) usage provider (#537)
Reads ZCode CLI usage from ~/.zcode/cli/db/db.sqlite. The model_usage
table has exact per-request tokens; cost is computed from the pricing
table since ZCode stores none (GLM-5.2 runs on the z.ai start-plan
subscription).

- Split cached tokens out of input_tokens (OpenAI-style) so fresh input
  and cache reads price correctly
- Attach each turn's tool calls to one request to avoid double-counting
- Map GLM-5.2 to glm-5p1 (GLM-5.1 rate) until LiteLLM lists it
- Register as a lazy SQLite provider; add test and provider doc
2026-06-20 21:37:32 +02:00
Resham Joshi
16d2f7eb42
feat(devices): joined Totals by machine report (#536)
Some checks are pending
CI / semgrep (push) Waiting to run
Rework codeburn devices into a spacious joined report matching the
screenshot: Host / Cost / Total tokens / Input / Output / Cache create /
Cache read, with full comma-grouped numbers and a bold Combined row. Add
a reusable box-drawing table renderer (text-table.ts).
2026-06-20 19:23:03 +02:00
Resham Joshi
98befc1c8b
feat(overview): cache in/out tokens table, roomier tables (#535)
* feat(overview): cache in/out tokens table, roomier tables

Add a Tokens breakdown table (Input / Output / Cache in / Cache out /
Total with share %) so cache write/read are shown clearly instead of
crammed into the Totals line, and widen table cell padding to 2 spaces so
columns aren't congested.

* feat(overview): full comma-grouped numbers for a precise, spacious look

Render token counts as full thousands-grouped integers (e.g.
3,926,923,819) instead of abbreviated M/B, so the roomy tables read like
a precise statement. Update the overview test to match.
2026-06-20 19:22:59 +02:00
Resham Joshi
1dba4e0aa4
feat(web): in-dashboard device discovery, share-from-browser, redesign + hardening (#534)
* feat(web): device discovery + pairing endpoints for the dashboard

Add /api/identity, /api/devices/scan (mDNS browse with confirm code and
paired status), and /api/devices/pair (approve-style pairing via
linkRemote). Backs the Search local devices button so pairing can happen
from the browser instead of the CLI.

* feat(web): two-panel dashboard with eywa-inspired warm theme

Redesign the dashboard into a left sidebar (device switcher + Search
local devices) and a right content panel, restyled to a warm-paper,
forest-green archival theme (serif display numbers, ink text, hairline
borders) in place of the dark midnight theme. The Search local devices
modal discovers nearby devices over mDNS and pairs in one click (approve
on the other device), backed by /api/devices/scan and /api/devices/pair.

* feat(web): use the CodeBurn flame logo in the dashboard header

Replace the placeholder triangle with the flame mark (the repo's
codeburn-symbolic vector), tinted the theme's forest green, and set the
same flame as the favicon.

* feat(web): color the All-devices chart by device, add task-level combined views

In the All devices view the daily chart now stacks by device (one color
per device) instead of by model, and the combined panels add a By task
breakdown plus in/out token detail. Devices that cannot be reached are
hidden entirely rather than shown as error rows.

* feat(web): use the flame image as the dashboard logo and favicon

Replace the inline vector flame with the brand flame PNG
(public/codeburn-flame.png) in the header and as the favicon.

* fix(web): trim flame logo padding and tighten brand spacing

Crop the transparent border off the flame PNG (it was 184px of padding
each side) and reduce the header gap so the mark sits close to the
wordmark.

* feat(web): cost/tokens toggle, cache read/write, full feature panels

Add a Cost/Tokens unit toggle that switches the hero number and the chart
between dollars and tokens. Surface cache write/read token totals as
metric cards. Add per-device panels for subagents, skills, MCP servers,
and a savings / retry-tax / routing-waste summary. The combined view
gains cache totals and the unit toggle too.

* feat(web): use CodeBurn website logos and add community links

Use the website's navbar flame (logo.png) with the Code+Burn wordmark in
the header, and the three-flame app icon (icon.png) as the favicon.
Add Website, Discord, and X links to the sidebar footer.

* fix(web): use the single-flame logo for the favicon too

The three-flame icon was wrong for the tab; use the same single flame as
the navbar everywhere and drop the unused three-flame asset.

* chore(web): set dashboard title to CodeBurn - Local Dashboard

* harden sharing + dashboard for public launch

Security:
- pairing: cap PIN attempts (close window after 5 wrong guesses) so a
  6-digit PIN cannot be brute-forced within the TTL on a 0.0.0.0 listener.
- web dashboard: reject non-loopback Host (defeats DNS rebinding that
  could read unsanitized local usage) and cross-origin requests (CSRF);
  require application/json on the pair endpoint.
- store tokens with 0600 perms (was world-readable), 0700 dir.

Robustness:
- client: per-request timeout so a hung/asleep peer cannot hang a pull;
  pullDevices fetches remotes concurrently and isolates failures.
- dashboard: normalize peer payloads at the boundary and add an error
  boundary so a peer on a different version cannot white-screen the SPA;
  finite-guard fmtNum/compactUsd.

Tests: PIN attempt-cap test added (1269 pass).

* feat(web): share this device from the dashboard, with browser approval

Add a Share this device toggle to the dashboard sidebar. It runs the
secure share server in-process (mTLS + mDNS advertise) so no terminal is
needed, with a Keep sharing always option (persisted; otherwise it stops
after idle). Incoming approve-style pairings are queued and surfaced in
the browser as an Approve/Deny prompt with the matching code, instead of
a terminal prompt. The shared payload is sanitized; start degrades
gracefully if the port is already held by a CLI share.

* fix(sharing): keep a paired device from dropping on a transient pull

- client: 8s -> 15s timeout and a fresh socket per request (agent:false) so
  the pinned-fingerprint check always reads this connection's cert.
- share server: wrap request handling so a getUsage error returns a fast
  500 instead of hanging the caller (which times out and drops the device).
- dashboard: re-pull paired devices every 20s so a brief drop self-heals
  instead of staying gone until you change tabs.

* fix(sharing): re-sanitize remote payloads on receipt

A peer might run an older build that does not strip its own project
names/sessions. Sanitize every remote payload when we receive it too, so
project names never cross into our dashboard regardless of the sender's
version. Aggregate numbers (cost, tokens, models, tools, daily) are kept.

* harden dashboard sharing: version-skew, lifecycle, server errors

- normalize remote daily-history entries so a peer on an older build (daily
  rows missing topModels) can no longer crash the chart / brick the page.
- ShareController: commit always/sharing state only after listen() binds, so
  a port-in-use start no longer reports sharing when it is not.
- attach durable error/tlsClientError handlers to both HTTPS servers so a
  malformed peer connection cannot crash the process.
- reset view/provider selection when the viewed device disappears or lacks
  the selected provider (no more empty/no-selection state on sleep-wake).
- by-device chart: stable per-device color/key so bars do not reshuffle when
  a device drops or returns between polls.

* polish: device identity, approval guard, queue cap, formatting

- give each device a stable unique id (cert fingerprint for remotes,
  'local' for this device); key the sidebar, selection, and by-device
  chart by id so two devices sharing a hostname no longer collide.
- approval prompt: drop a request from the UI the moment it is answered
  so it cannot be double-clicked.
- share controller: cap concurrent pending approvals and allow only one
  per device, so a LAN peer cannot flood the prompt.
- usd(): render negatives as -$5.00, consistent with compactUsd.
2026-06-20 19:02:03 +02:00
Resham Joshi
3ac7f68284
feat(web): show usage by device in the dashboard (#533)
Add /api/devices to the web server: it returns this machine plus every
paired device (via pullDevices), each kept separate. The dashboard gains
a device switcher with an All devices combined view (totals, a per-device
breakdown table, and a merged chart) plus a per-device tab. Remote
payloads arrive sanitized, so their project and session detail is shown
as private rather than listed. With no devices paired, it renders exactly
as before.
2026-06-20 16:33:48 +02:00
Resham Joshi
887374de2c
feat(sharing): securely combine usage across your own devices (#532)
* feat(sharing): pairing, token, and device-identity core

First piece of local device sharing: self-cert fingerprint identity
(trust-on-first-use), a one-time expiring pairing PIN, fingerprint-bound
tokens, and a peer store that authorizes a pull only when both the token
and the TLS peer fingerprint match the same paired device. Pure logic,
fully unit-tested; the TLS share server and host pull build on this.

* feat(sharing): secure mutual-TLS transport + pairing handshake

Add device identity (self-signed cert, persisted; fingerprint = sha256 of
the cert DER), an HTTPS share server (mutual TLS: presents its cert, reads
the client's, and serves /api/usage only when the bearer token AND the
client fingerprint match the same paired peer), a one-time-PIN pairing
endpoint, and a fingerprint-pinning client. Verified end to end on
loopback: PIN pairing, pinned authed pull, and rejection of a wrong PIN,
a token replayed from another device, and a mismatched server
fingerprint. Adds the selfsigned dep (Node cannot generate certs natively).

* feat(sharing): share + devices CLI (pair, pull, combine)

Phase 3 terminal flow: codeburn share runs the secure server on-demand
(stops after 10 min idle; --always to persist, --pair to add a device),
and codeburn devices add <host> --pin <pin> pairs and pins a remote.
codeburn devices pulls this machine plus every paired device, keeps each
separate, and prints a per-device table with a simple summed Combined
row (no server-side merge). Persists identity and peers under the config
dir. Host pair-and-pull flow covered by a loopback integration test.

* feat(sharing): mDNS discovery + approve-style (no-PIN) pairing

Add bonjour-service discovery (advertise/browse over the LAN), a short
confirmation code derived from both cert fingerprints (Bluetooth-style
'do these match?' check), and an approve-style pairing endpoint that
prompts the owner instead of requiring a typed PIN. Loopback-tested:
approved device gets a working token with a matching code on both sides,
declined device is rejected.

* feat(sharing): AirDrop-style discover + approve UX

codeburn share now advertises on the LAN and approves incoming devices
interactively (confirm the matching code, no typed PIN). codeburn devices
add (no args) discovers nearby devices, lets you pick one, shows the
confirmation code, and waits for the owner to approve. Manual
add <host> --pin stays as a fallback for networks that block mDNS.

* feat(sharing): share only aggregates, never project names or paths

Sanitize each device's payload before it leaves the machine: drop
topProjects and topSessions (project names + session detail) and send
only aggregate numbers (cost, tokens, models, tools, activities, daily).
What you are working on stays local; only the totals travel.
2026-06-20 16:24:53 +02:00
Resham Joshi
2d44aeaedb
feat(web): local React dashboard served by codeburn web (#531)
Add a Vite + React 19 + Tailwind v4 + Recharts SPA (dash/) and a 'web'
command that serves the built UI plus a local /api/usage endpoint backed
by the existing menubar aggregation. Midnight theme with CodeBurn's
orange chart ramp: hero cost, a stacked-by-model daily bar chart with a
custom tooltip and hover-dim, metric cards, by-tool and by-activity bar
lists, and top-projects and tools tables. Period and provider filters,
react-query with skeleton loading. Stays 100% local.

build:dash builds the SPA into dist/dash (shipped via package files,
served at runtime); a missing build falls back to a helpful message.
2026-06-20 16:21:25 +02:00
Tiago Santos
75c32e6d65
fix: fix and improve test isolation and collision with environment (#530)
* fix: fix and improve test isolation and collision with environment

* docs: remove unnecessary comment

* test(env-isolation): clear CODEBURN_FORCE_MACOS_MAJOR and pin TZ

Two env vars read in src/ were not isolated: CODEBURN_FORCE_MACOS_MAJOR
(now cleared so it cannot leak between tests) and TZ (now pinned to UTC,
since clearing it falls back to the OS zone and would shift date buckets
versus a clean CI runner).

---------

Co-authored-by: AgentSeal <hello@agentseal.org>
2026-06-20 13:42:10 +02:00
Resham Joshi
60410a2632
chore(dev): silence the tsx module.register deprecation warning (#529)
Some checks are pending
CI / semgrep (push) Waiting to run
Node 26 flags tsx's loader use of module.register() as deprecated, which
prints DEP0205 on every npm run dev. Run dev with
NODE_OPTIONS=--no-deprecation so the output stays clean. Dev-only; the
built dist is unaffected.
2026-06-20 11:46:59 +02:00
Resham Joshi
c55dba2dd2
feat(overview): plain-text monthly usage overview command (#528)
* feat(overview): plain-text monthly usage overview command

Add 'codeburn overview', a copy-pasteable text report. Defaults to the
current month, with --from/--to to filter and --no-color for plain
output. Renders Totals, By tool, Top models, Highest-value days, Top
projects, a daily table, By activity, and Tools, with colored section
headings (stripped under --no-color or when piped).

Reuses the existing session aggregation. Cost gains thousands
separators and tokens roll up to a B unit for readability via
display-only wrappers, without changing the shared formatters. Project
names use the path basename instead of the sanitized full path.

* fix(cli): exit cleanly on EPIPE when the stdout pipe closes early

Piping output to a reader that closes early (| head, quitting less, a
missing command) made stdout writes throw EPIPE and crash with an
unhandled error event. Handle EPIPE on process.stdout and exit 0 so
piping the overview and other commands behaves normally.

* docs(readme): document and highlight the overview command

Add a 'Your month at a glance' section featuring codeburn overview with
examples and sample output, a Commands-table entry, and the provider
flag note.
2026-06-20 11:46:45 +02:00
Resham Joshi
fac7d141ce
fix(dashboard): scope the plan banner to its own provider tab (#524)
Some checks are pending
CI / semgrep (push) Waiting to run
A provider-scoped plan (e.g. SuperGrok, provider grok) was rendered on
every tab including All, where its budget was compared against spend
from providers it does not cover. Show each plan only on the tab whose
active provider matches, so the plan's spend lines up with the costs on
screen.
2026-06-19 19:04:54 +02:00
Resham Joshi
6a26ee8284
feat(opencode): read file-based JSON sessions (OpenCode 1.1+) (#523)
OpenCode 1.1+ stores sessions as file-based JSON under
storage/{session,message,part}/ instead of a SQLite DB, so the
SQLite-only provider discovered zero sessions on current installs and
reported no usage at all.

Add a file-based discovery and parser path, preferred when present and
falling back to the SQLite DB for pre-migration installs. Extract the
shared message-to-call logic (token extraction, tool and bash parsing,
cost) into session-message.ts so the file path, the SQLite path, and
Kilo Code stay identical.
2026-06-19 19:04:51 +02:00
Resham Joshi
8792670897
docs: add Grok Build to the supported-tools wall (#522)
Adds the Grok logo to the README logo wall and bumps the tool count to 30, following the Grok Build provider (#521).
2026-06-19 17:25:10 +02:00