@jeganwrites/claudash 1.0.0

package/tools/oauth_sync.py

@@ -0,0 +1,308 @@
+#!/usr/bin/env python3
+"""Claudash OAuth sync — push claude.ai usage to a Claudash server using
+Claude Code's existing OAuth access token.
+
+This is the recommended collector for anyone who uses Claude Code: it
+reuses the token that `claude` already put in ~/.claude/.credentials.json
+so you don't need to scrape cookies or decrypt a keychain entry.
+
+For claude.ai browser-only users (no Claude Code install), use the
+companion tools/mac-sync.py script instead.
+
+Works on Linux, macOS, and Windows. Pure Python stdlib. Zero pip deps.
+
+Usage:
+  1. On your Claudash server:
+       python3 cli.py keys
+     Copy the sync_token value.
+  2. Edit this file, set SYNC_TOKEN to that value, and VPS_IP to your
+     server (or "localhost" if you SSH-tunnel).
+  3. Run:
+       python3 oauth_sync.py
+  4. Add to cron for automatic syncing:
+       */15 * * * * /usr/bin/python3 /path/to/oauth_sync.py >/dev/null 2>&1
+"""
+
+import json
+import os
+import ssl
+import subprocess
+import sys
+import time
+from urllib.request import Request, urlopen
+from urllib.error import HTTPError, URLError
+
+
+# ─── Configuration ───────────────────────────────────────────────
+# Edit these three values.
+VPS_IP = "localhost"
+VPS_PORT = 8080
+SYNC_TOKEN = ""
+
+# Where Claude Code stores credentials. First hit wins per file; the
+# script iterates all of them to support multi-account setups (one
+# account_id per Claude install).
+CREDENTIALS_PATHS = [
+    "~/.claude/.credentials.json",
+    "~/.claude-personal/.credentials.json",
+    "~/.claude-work/.credentials.json",
+]
+
+# macOS keychain fallback
+KEYCHAIN_SERVICE = "Claude Code-credentials"
+KEYCHAIN_ACCOUNT = "Claude Code"
+
+
+# ─── Credential sources ──────────────────────────────────────────
+
+def _read_credentials_file(path):
+    """Return the parsed .credentials.json or None."""
+    expanded = os.path.expanduser(path)
+    if not os.path.exists(expanded):
+        return None
+    try:
+        with open(expanded, "r", encoding="utf-8") as f:
+            data = json.load(f)
+    except (OSError, json.JSONDecodeError) as e:
+        print(f"  {path}: could not parse — {e}", file=sys.stderr)
+        return None
+    oauth = data.get("claudeAiOauth") or {}
+    if not oauth.get("accessToken"):
+        return None
+    return {"source": expanded, "oauth": oauth}
+
+
+def _read_macos_keychain():
+    """Return the parsed credentials stored in the macOS keychain, or None.
+    Keychain holds the same shape as .credentials.json. Only tries on
+    macOS — returns None on Linux/Windows."""
+    if sys.platform != "darwin":
+        return None
+    try:
+        raw = subprocess.check_output(
+            ["security", "find-generic-password", "-w",
+             "-s", KEYCHAIN_SERVICE, "-a", KEYCHAIN_ACCOUNT],
+            stderr=subprocess.DEVNULL,
+        ).decode("utf-8", errors="replace").strip()
+    except (subprocess.CalledProcessError, FileNotFoundError):
+        return None
+    if not raw:
+        return None
+    try:
+        data = json.loads(raw)
+    except json.JSONDecodeError:
+        return None
+    oauth = data.get("claudeAiOauth") or {}
+    if not oauth.get("accessToken"):
+        return None
+    return {"source": "macOS keychain", "oauth": oauth}
+
+
+def collect_credentials():
+    """Yield every credential source we can find (files + keychain)."""
+    seen_tokens = set()
+    for path in CREDENTIALS_PATHS:
+        info = _read_credentials_file(path)
+        if info and info["oauth"].get("accessToken") not in seen_tokens:
+            seen_tokens.add(info["oauth"]["accessToken"])
+            yield info
+    # Keychain as a secondary source — de-duped by accessToken above.
+    info = _read_macos_keychain()
+    if info and info["oauth"].get("accessToken") not in seen_tokens:
+        seen_tokens.add(info["oauth"]["accessToken"])
+        yield info
+
+
+# ─── claude.ai API calls (OAuth Bearer) ──────────────────────────
+
+def _bearer_request(url, access_token, timeout=15):
+    """Authenticated GET to claude.ai using the OAuth access token.
+    Returns (data_dict, None) on success, (None, error_str) on failure."""
+    req = Request(url)
+    req.add_header("Authorization", f"Bearer {access_token}")
+    req.add_header("Accept", "application/json")
+    req.add_header("User-Agent", "Claudash-oauth-sync/1.0")
+    ctx = ssl.create_default_context()
+    try:
+        with urlopen(req, timeout=timeout, context=ctx) as resp:
+            body = resp.read().decode("utf-8", errors="replace")
+            return json.loads(body), None
+    except HTTPError as e:
+        if e.code in (401, 403):
+            return None, "expired"
+        return None, f"http_{e.code}"
+    except (URLError, OSError, json.JSONDecodeError, ValueError) as e:
+        return None, f"network_error:{type(e).__name__}"
+
+
+def fetch_account(access_token):
+    """GET /api/account → (email, org_id, plan) or (None, None, None)."""
+    data, err = _bearer_request("https://claude.ai/api/account", access_token)
+    if err or not data:
+        return None, None, None, err
+    email = data.get("email_address") or data.get("email") or ""
+    org_id = ""
+    plan = "max"
+    memberships = data.get("memberships") or data.get("organizations") or []
+    if isinstance(memberships, list) and memberships:
+        first = memberships[0]
+        org = first.get("organization") if isinstance(first, dict) else None
+        if isinstance(org, dict):
+            org_id = org.get("uuid") or ""
+            caps = org.get("capabilities") or []
+            if isinstance(caps, list):
+                joined = " ".join(str(c).lower() for c in caps)
+                if "max" in joined:
+                    plan = "max"
+                elif "pro" in joined:
+                    plan = "pro"
+        elif isinstance(first, dict):
+            org_id = first.get("uuid") or first.get("id") or ""
+    return email, org_id, plan, None
+
+
+def fetch_usage(access_token, org_id):
+    """GET /api/organizations/{org_id}/usage → normalized usage dict."""
+    if not org_id:
+        return None, "no_org_id"
+    url = f"https://claude.ai/api/organizations/{org_id}/usage"
+    data, err = _bearer_request(url, access_token)
+    if err or not data:
+        return None, err
+
+    five_hour = data.get("five_hour") or {}
+    seven_day = data.get("seven_day") or {}
+    extra = data.get("extra_usage") or {}
+    pct_used = float(five_hour.get("utilization") or 0)
+
+    # Parse reset timestamp → epoch
+    window_end = 0
+    resets_at = five_hour.get("resets_at") or five_hour.get("reset_at")
+    if isinstance(resets_at, str):
+        try:
+            from datetime import datetime, timezone as _tz
+            clean = resets_at.replace("Z", "+00:00")
+            dt = datetime.fromisoformat(clean)
+            if dt.tzinfo is None:
+                dt = dt.replace(tzinfo=_tz.utc)
+            window_end = int(dt.timestamp())
+        except Exception:
+            window_end = 0
+    window_start = (window_end - 18000) if window_end else 0
+
+    return {
+        "pct_used": round(pct_used, 2),
+        "five_hour_utilization": pct_used,
+        "seven_day_utilization": float(seven_day.get("utilization") or 0),
+        "extra_credits_used": float(extra.get("used_credits") or 0),
+        "extra_credits_limit": float(extra.get("monthly_limit") or 0),
+        "window_start": window_start,
+        "window_end": window_end,
+        "tokens_used": int(pct_used * 10_000),  # normalized estimate
+        "tokens_limit": 1_000_000,
+        "messages_used": 0,
+        "messages_limit": 0,
+        "raw": json.dumps(data),
+    }, None
+
+
+# ─── Push to Claudash server ─────────────────────────────────────
+
+def push_to_claudash(access_token, org_id, email, usage, plan):
+    url = f"http://{VPS_IP}:{VPS_PORT}/api/claude-ai/sync"
+    payload = {
+        "session_key": access_token,  # stored verbatim on the server
+        "org_id": org_id,
+        "browser": "oauth",
+        "account_hint": email,
+        "plan": plan,
+    }
+    if usage:
+        payload["usage"] = usage
+    body = json.dumps(payload).encode("utf-8")
+    req = Request(url, data=body, method="POST")
+    req.add_header("Content-Type", "application/json")
+    req.add_header("X-Sync-Token", SYNC_TOKEN)
+    try:
+        with urlopen(req, timeout=15) as resp:
+            data = json.loads(resp.read().decode("utf-8", errors="replace"))
+            return data.get("success", False), data
+    except HTTPError as e:
+        try:
+            err_body = json.loads(e.read().decode("utf-8", errors="replace"))
+        except Exception:
+            err_body = {"error": f"HTTP {e.code}"}
+        return False, err_body
+    except (URLError, OSError) as e:
+        return False, {"error": f"network: {e}"}
+
+
+# ─── Main ────────────────────────────────────────────────────────
+
+def main():
+    if not SYNC_TOKEN:
+        print("ERROR: SYNC_TOKEN is empty.", file=sys.stderr)
+        print("", file=sys.stderr)
+        print("Get your token on the Claudash server:", file=sys.stderr)
+        print("  python3 cli.py keys", file=sys.stderr)
+        print("", file=sys.stderr)
+        print("Then edit this file and set SYNC_TOKEN at the top.", file=sys.stderr)
+        sys.exit(1)
+
+    sources = list(collect_credentials())
+    if not sources:
+        print("No Claude Code credentials found.", file=sys.stderr)
+        print("", file=sys.stderr)
+        print("Run 'claude' in your terminal to authenticate first,", file=sys.stderr)
+        print("or edit CREDENTIALS_PATHS at the top of this file.", file=sys.stderr)
+        sys.exit(2)
+
+    pushed = 0
+    for src in sources:
+        oauth = src["oauth"]
+        token = oauth.get("accessToken") or ""
+        expires_at = oauth.get("expiresAt") or 0
+        # Claude Code stores expiresAt in milliseconds
+        if expires_at and expires_at > 1e12:
+            expires_at_sec = expires_at / 1000.0
+        else:
+            expires_at_sec = expires_at or 0
+        if expires_at_sec and expires_at_sec < time.time():
+            print(f"  {src['source']}: token expired at "
+                  f"{time.strftime('%Y-%m-%d %H:%M UTC', time.gmtime(expires_at_sec))}",
+                  file=sys.stderr)
+            continue
+
+        email, org_id, plan, err = fetch_account(token)
+        if err == "expired":
+            print(f"  {src['source']}: token rejected by claude.ai "
+                  "(run `claude` to refresh)", file=sys.stderr)
+            continue
+        if err:
+            print(f"  {src['source']}: account lookup failed — {err}", file=sys.stderr)
+            continue
+        if not org_id:
+            print(f"  {src['source']}: no org_id in /api/account response", file=sys.stderr)
+            continue
+
+        usage, usage_err = fetch_usage(token, org_id)
+        if usage_err:
+            print(f"  {src['source']}: {email} ({plan}) — usage fetch failed ({usage_err})", file=sys.stderr)
+            usage = None
+
+        ok, resp = push_to_claudash(token, org_id, email, usage, plan)
+        if ok:
+            pct = (usage or {}).get("pct_used", 0)
+            pct_str = f" — {pct:.1f}%" if usage else ""
+            print(f"  {src['source']}: {email or '(no email)'} ({plan}){pct_str} → pushed OK")
+            pushed += 1
+        else:
+            print(f"  {src['source']}: push failed — {resp.get('error') if isinstance(resp, dict) else resp}", file=sys.stderr)
+
+    print()
+    print(f"Claudash OAuth sync complete: {pushed}/{len(sources)} accounts pushed")
+    sys.exit(0 if pushed > 0 else 3)
+
+
+if __name__ == "__main__":
+    main()

package/tools/setup-pm2.sh

@@ -0,0 +1,53 @@
+#!/bin/bash
+# Sets up Claudash as a PM2 managed process
+# PM2 auto-restarts on crash, survives VPS reboots
+
+set -e
+
+SCRIPT_DIR="$(cd "$(dirname "$0")/.." && pwd)"
+
+echo "Setting up Claudash with PM2..."
+
+# Install PM2 if not present
+which pm2 >/dev/null 2>&1 || npm install -g pm2
+
+# Create PM2 ecosystem file
+cat > "$SCRIPT_DIR/ecosystem.config.js" << 'PMEOF'
+module.exports = {
+  apps: [{
+    name: 'claudash',
+    script: 'cli.py',
+    interpreter: 'python3',
+    args: 'dashboard --skip-init --no-browser',
+    cwd: __dirname,
+    watch: false,
+    autorestart: true,
+    max_restarts: 10,
+    min_uptime: '10s',
+    restart_delay: 5000,
+    error_file: '/tmp/claudash-error.log',
+    out_file: '/tmp/claudash-out.log',
+    log_date_format: 'YYYY-MM-DD HH:mm:ss',
+    env: {
+      PORT: 8080
+    }
+  }]
+}
+PMEOF
+
+# Start with PM2
+cd "$SCRIPT_DIR"
+pm2 start ecosystem.config.js
+pm2 save
+pm2 startup || true
+
+echo ""
+echo "Claudash is now managed by PM2."
+echo "Commands:"
+echo "  pm2 status         — see if running"
+echo "  pm2 logs claudash  — see logs"
+echo "  pm2 restart claudash — restart"
+echo "  pm2 stop claudash  — stop"
+echo ""
+echo "Dashboard: http://localhost:8080"
+echo "On VPS: ssh -L 8080:localhost:8080 your-server"

package/waste_patterns.py

@@ -0,0 +1,334 @@
+"""Waste pattern detection — Claudash intelligence layer.
+
+Detects four patterns of wasteful Claude Code usage:
+
+  1. FLOUNDERING           — same tool name called >=4 times in a row
+                             without any other tool, suggesting Claude
+                             is stuck retrying.
+  2. REPEATED_READS        — the same file is read via `Read` >=3 times
+                             in one session (cache churn, re-fetching).
+  3. COST_OUTLIER          — a single session's cost is >3x the 30-day
+                             per-project average.
+  4. DEEP_CONTEXT_NO_COMPACT — session has >100 turns and zero compaction
+                             events (`/compact` never fired).
+
+Each detection is UPSERTed into `waste_events` keyed on
+(session_id, pattern_type).
+
+This module reads JSONL files directly via the scan_state table — it
+does NOT require new columns on the sessions table for tool_use data.
+That keeps the waste detection independent of the main ingestion path.
+"""
+
+import hashlib
+import json
+import os
+import sqlite3
+import time
+from collections import defaultdict
+
+from db import get_conn, insert_waste_event, clear_waste_events, get_setting, set_setting
+
+
+# ─── Parameters ──────────────────────────────────────────────────
+
+FLOUNDER_THRESHOLD = 4           # consecutive same-tool calls
+REPEATED_READ_THRESHOLD = 3      # same file read N times in one session
+COST_OUTLIER_MULTIPLIER = 3.0    # session cost > Nx project avg
+DEEP_TURN_THRESHOLD = 100        # turns in a session
+
+
+# ─── JSONL tool-use extraction ───────────────────────────────────
+
+def _iter_assistant_tool_calls(filepath):
+    """Yield (turn_index, tool_name, tool_input_dict) for every tool_use
+    block in the assistant messages of a Claude Code JSONL file.
+
+    Claude Code writes one JSON object per line. Assistant messages with
+    tool use have shape:
+
+      {"type": "assistant",
+       "message": {"role": "assistant",
+                   "content": [{"type": "tool_use",
+                                "name": "Bash",
+                                "input": {"command": "..."}}]}}
+    """
+    turn = 0
+    try:
+        with open(filepath, "r", errors="replace") as f:
+            for line in f:
+                line = line.strip()
+                if not line:
+                    continue
+                try:
+                    obj = json.loads(line)
+                except json.JSONDecodeError:
+                    continue
+                turn += 1
+                if obj.get("type") != "assistant":
+                    continue
+                msg = obj.get("message") or {}
+                if not isinstance(msg, dict):
+                    continue
+                content = msg.get("content")
+                if not isinstance(content, list):
+                    continue
+                for block in content:
+                    if not isinstance(block, dict):
+                        continue
+                    if block.get("type") != "tool_use":
+                        continue
+                    name = block.get("name") or ""
+                    inp = block.get("input") or {}
+                    if isinstance(inp, dict):
+                        yield turn, name, inp
+    except OSError:
+        return
+
+
+def _file_session_id(filepath):
+    """Return the first sessionId/session_id/uuid in the file, or None."""
+    try:
+        with open(filepath, "r", errors="replace") as f:
+            for line in f:
+                line = line.strip()
+                if not line:
+                    continue
+                try:
+                    obj = json.loads(line)
+                except json.JSONDecodeError:
+                    continue
+                sid = obj.get("sessionId") or obj.get("session_id") or obj.get("uuid")
+                if sid:
+                    return sid
+    except OSError:
+        return None
+    return None
+
+
+# ─── Pattern detectors ───────────────────────────────────────────
+
+def _input_hash(inp):
+    """Short hash of tool input for deduplication. Identical (tool, input)
+    pairs are intentional retries, not floundering."""
+    if not inp:
+        return ""
+    return hashlib.md5(str(inp)[:200].encode()).hexdigest()[:8]
+
+
+def _detect_floundering(tool_calls):
+    """Return (count, detail) for FLOUNDERING — runs of >=4 consecutive
+    identical (tool_name, input_hash) pairs. Using input_hash means
+    running Bash("npm test") 5 times intentionally is NOT flagged —
+    only identical (tool, input) pairs count. `tool_calls` is an
+    iterable of (turn, name, input) tuples."""
+    runs = []
+    current_key = None
+    current_name = None
+    current_len = 0
+    current_start = 0
+    for turn, name, inp in tool_calls:
+        key = (name, _input_hash(inp))
+        if key == current_key:
+            current_len += 1
+        else:
+            if current_name and current_len >= FLOUNDER_THRESHOLD:
+                runs.append({"tool": current_name, "length": current_len, "start_turn": current_start})
+            current_key = key
+            current_name = name
+            current_len = 1
+            current_start = turn
+    if current_name and current_len >= FLOUNDER_THRESHOLD:
+        runs.append({"tool": current_name, "length": current_len, "start_turn": current_start})
+    return len(runs), {"runs": runs, "total_flounder_calls": sum(r["length"] for r in runs)}
+
+
+def _detect_repeated_reads(tool_calls):
+    """Return (count, detail) for REPEATED_READS — files `Read` >=3 times."""
+    read_counts = defaultdict(int)
+    for _turn, name, inp in tool_calls:
+        if name != "Read":
+            continue
+        file_path = inp.get("file_path") or inp.get("path") or inp.get("filename")
+        if not file_path:
+            continue
+        read_counts[file_path] += 1
+    repeats = {p: c for p, c in read_counts.items() if c >= REPEATED_READ_THRESHOLD}
+    return len(repeats), {"files": [{"path": p, "reads": c} for p, c in repeats.items()]}
+
+
+# ─── Main detection pass ─────────────────────────────────────────
+
+def detect_all(conn=None):
+    """Run every detector against the latest scan and refresh waste_events.
+
+    Returns a dict with per-pattern counts for logging.
+    """
+    should_close = False
+    if conn is None:
+        conn = get_conn()
+        should_close = True
+
+    # Incremental: only reprocess sessions newer than last waste scan
+    last_waste_scan = get_setting(conn, "last_waste_scan")
+    last_waste_ts = int(last_waste_scan) if last_waste_scan else 0
+
+    # Only clear waste events on full re-scan (first run or reset)
+    if last_waste_ts == 0:
+        clear_waste_events(conn)
+
+    # ── 1 & 2: per-file detectors (FLOUNDERING, REPEATED_READS) ──
+    if last_waste_ts > 0:
+        file_rows = conn.execute(
+            "SELECT file_path FROM scan_state WHERE last_scanned >= ? ORDER BY file_path",
+            (last_waste_ts,),
+        ).fetchall()
+    else:
+        file_rows = conn.execute("SELECT file_path FROM scan_state ORDER BY file_path").fetchall()
+    flounder_count = 0
+    repeated_count = 0
+
+    for r in file_rows:
+        filepath = r[0]
+        if not os.path.isfile(filepath):
+            continue
+        sid = _file_session_id(filepath)
+        if not sid:
+            continue
+
+        # Look up project/account/cost from sessions table
+        info = conn.execute(
+            "SELECT project, account, COALESCE(SUM(cost_usd), 0) AS cost, COUNT(*) AS turns "
+            "FROM sessions WHERE session_id = ?",
+            (sid,),
+        ).fetchone()
+        if not info or not info["project"]:
+            continue
+        project, account = info["project"], info["account"]
+        session_cost = info["cost"] or 0
+        turn_count = info["turns"] or 0
+
+        tool_calls = list(_iter_assistant_tool_calls(filepath))
+        if not tool_calls:
+            continue
+
+        # FLOUNDERING
+        n_flounder, flounder_detail = _detect_floundering(tool_calls)
+        if n_flounder > 0:
+            severity = "red" if n_flounder >= 2 else "amber"
+            insert_waste_event(
+                conn, sid, project, account, "floundering", severity,
+                turn_count, session_cost, flounder_detail,
+            )
+            flounder_count += 1
+
+        # REPEATED_READS
+        n_rep, rep_detail = _detect_repeated_reads(tool_calls)
+        if n_rep > 0:
+            severity = "amber"
+            insert_waste_event(
+                conn, sid, project, account, "repeated_reads", severity,
+                turn_count, session_cost, rep_detail,
+            )
+            repeated_count += 1
+
+    # ── 3: COST_OUTLIER — sessions whose cost is >3x project 30d avg ──
+    outlier_count = 0
+    proj_avgs = {
+        r[0]: (r[1] or 0) for r in conn.execute(
+            "SELECT project, AVG(session_cost) FROM "
+            "(SELECT project, session_id, SUM(cost_usd) AS session_cost "
+            " FROM sessions "
+            " WHERE timestamp >= strftime('%s','now') - 30*86400 "
+            " GROUP BY project, session_id) "
+            "GROUP BY project"
+        ).fetchall()
+    }
+    session_totals = conn.execute(
+        "SELECT session_id, project, account, "
+        "       SUM(cost_usd) AS cost, COUNT(*) AS turns "
+        "FROM sessions "
+        "WHERE timestamp >= strftime('%s','now') - 30*86400 "
+        "GROUP BY session_id, project, account"
+    ).fetchall()
+    for s in session_totals:
+        avg = proj_avgs.get(s["project"], 0)
+        if avg <= 0:
+            continue
+        if (s["cost"] or 0) > avg * COST_OUTLIER_MULTIPLIER:
+            insert_waste_event(
+                conn, s["session_id"], s["project"], s["account"],
+                "cost_outlier", "amber", s["turns"], s["cost"],
+                {"session_cost": round(s["cost"], 4),
+                 "project_avg": round(avg, 4),
+                 "multiplier": round(s["cost"] / avg, 1)},
+            )
+            outlier_count += 1
+
+    # ── 4: DEEP_CONTEXT_NO_COMPACT — >100 turns with zero compaction ──
+    deep_count = 0
+    deep_sessions = conn.execute(
+        "SELECT session_id, project, account, COUNT(*) AS turns, "
+        "       SUM(cost_usd) AS cost, MAX(compaction_detected) AS any_compact "
+        "FROM sessions "
+        "GROUP BY session_id "
+        "HAVING turns > ? AND any_compact = 0",
+        (DEEP_TURN_THRESHOLD,),
+    ).fetchall()
+    for s in deep_sessions:
+        insert_waste_event(
+            conn, s["session_id"], s["project"], s["account"],
+            "deep_no_compact", "amber", s["turns"], s["cost"] or 0,
+            {"turns": s["turns"]},
+        )
+        deep_count += 1
+
+    # Record scan timestamp for incremental next run
+    set_setting(conn, "last_waste_scan", str(int(time.time())))
+    conn.commit()
+
+    summary = {
+        "floundering": flounder_count,
+        "repeated_reads": repeated_count,
+        "cost_outliers": outlier_count,
+        "deep_no_compact": deep_count,
+    }
+
+    if should_close:
+        conn.close()
+    return summary
+
+
+def waste_summary_by_project(conn, days=7):
+    """Aggregate waste_events by project for the last N days. Used by
+    analyzer.full_analysis → /api/data → dashboard UI."""
+    since = int(__import__("time").time()) - (days * 86400)
+    rows = conn.execute(
+        "SELECT project, pattern_type, COUNT(*) AS n, "
+        "       SUM(token_cost) AS cost "
+        "FROM waste_events WHERE detected_at >= ? "
+        "GROUP BY project, pattern_type",
+        (since,),
+    ).fetchall()
+    result = defaultdict(lambda: {
+        "floundering_sessions": 0,
+        "repeated_read_sessions": 0,
+        "cost_outliers": 0,
+        "deep_no_compact": 0,
+        "total_waste_cost_est": 0.0,
+    })
+    for r in rows:
+        proj = r["project"] or "Other"
+        pt = r["pattern_type"]
+        n = r["n"] or 0
+        cost = r["cost"] or 0
+        if pt == "floundering":
+            result[proj]["floundering_sessions"] = n
+            result[proj]["total_waste_cost_est"] += cost
+        elif pt == "repeated_reads":
+            result[proj]["repeated_read_sessions"] = n
+        elif pt == "cost_outlier":
+            result[proj]["cost_outliers"] = n
+        elif pt == "deep_no_compact":
+            result[proj]["deep_no_compact"] = n
+    return {p: dict(v) for p, v in result.items()}