agentlytics 0.2.6 → 0.2.7

package/cache.js

@@ -778,9 +778,10 @@ async function scanAllAsync(onProgress, opts = {}) {
   let analyzed = 0;
   let skipped = 0;
 
+  // Build existing cache map with both timestamp and bubble count
   const existing = {};
-  for (const row of db.prepare('SELECT id, last_updated_at FROM chats').all()) {
-    existing[row.id] = row.last_updated_at;
+  for (const row of db.prepare('SELECT id, last_updated_at, bubble_count FROM chats').all()) {
+    existing[row.id] = { ts: row.last_updated_at, bc: row.bubble_count };
   }
 
   // Normalize folder paths
@@ -803,10 +804,12 @@ async function scanAllAsync(onProgress, opts = {}) {
 
   for (const chat of chats) {
     scanned++;
-    const cachedTs = existing[chat.composerId];
     const chatTs = chat.lastUpdatedAt || chat.createdAt || 0;
+    const chatBc = chat.bubbleCount || 0;
 
-    if (cachedTs && cachedTs >= chatTs) {
+    // Skip if already cached, not updated, and bubble count hasn't grown
+    const cached = existing[chat.composerId];
+    if (cached && cached.ts && cached.ts >= chatTs && cached.bc >= chatBc) {
       const hasStat = db.prepare('SELECT 1 FROM chat_stats WHERE chat_id = ?').get(chat.composerId);
       if (hasStat) {
         skipped++;

package/editors/antigravity.js

@@ -855,6 +855,8 @@ function getMessages(chat) {
 // ============================================================
 
 function getUsage() {
+  const { isSubscriptionAccessAllowed } = require('./base');
+  if (!isSubscriptionAccessAllowed()) return null;
   const resp = callRpc('GetUserStatus', {});
   if (!resp || !resp.userStatus) return null;
 

package/editors/base.js

@@ -1,8 +1,19 @@
 const path = require('path');
 const os = require('os');
+const fs = require('fs');
 
 const HOME = os.homedir();
 
+// --- Permission check ---
+
+function isSubscriptionAccessAllowed() {
+  try {
+    const configPath = path.join(HOME, '.agentlytics', 'config.json');
+    const config = JSON.parse(fs.readFileSync(configPath, 'utf-8'));
+    return config.allowSubscriptionAccess === true;
+  } catch { return false; }
+}
+
 // --- Platform utilities ---
 
 /**
@@ -303,6 +314,7 @@ function queryMcpServerToolsStdio(server, timeout) {
 
 module.exports = {
   getAppDataPath,
+  isSubscriptionAccessAllowed,
   scanArtifacts,
   parseMcpConfigFile,
   queryMcpServerTools,

package/editors/claude.js

@@ -204,18 +204,11 @@ function extractAssistantContent(content) {
 // Usage / quota data from Anthropic OAuth API
 // ============================================================
 
-function isKeychainAccessAllowed() {
-  try {
-    const configPath = path.join(os.homedir(), '.agentlytics', 'config.json');
-    const config = JSON.parse(fs.readFileSync(configPath, 'utf-8'));
-    return config.allowKeychainAccess === true;
-  } catch { return false; }
-}
-
 function getClaudeCredentials() {
   // macOS: Keychain; Linux: secret-tool; Windows: not yet supported
-  // Requires explicit user permission (allowKeychainAccess in config)
-  if (!isKeychainAccessAllowed()) return null;
+  // Requires explicit user permission (allowSubscriptionAccess in config)
+  const { isSubscriptionAccessAllowed } = require('./base');
+  if (!isSubscriptionAccessAllowed()) return null;
   try {
     const { execSync } = require('child_process');
     let raw;

package/editors/codex.js

@@ -477,6 +477,8 @@ function decodeJwtPayload(token) {
 }
 
 async function getUsage() {
+  const { isSubscriptionAccessAllowed } = require('./base');
+  if (!isSubscriptionAccessAllowed()) return null;
   const auth = getCodexAuth();
   if (!auth || !auth.tokens) return null;
 

package/editors/copilot.js

@@ -211,6 +211,8 @@ function fetchCopilotStatus(token) {
 }
 
 async function getUsage() {
+  const { isSubscriptionAccessAllowed } = require('./base');
+  if (!isSubscriptionAccessAllowed()) return null;
   const creds = getCopilotToken();
   if (!creds) return null;
 

package/editors/cursor.js

@@ -374,6 +374,8 @@ function cursorApiFetch(endpoint, token) {
 }
 
 async function getUsage() {
+  const { isSubscriptionAccessAllowed } = require('./base');
+  if (!isSubscriptionAccessAllowed()) return null;
   const token = getCursorAccessToken();
   if (!token) return null;
 

package/editors/vscode.js

@@ -355,6 +355,8 @@ function fetchCopilotStatus(token) {
 }
 
 async function getUsage() {
+  const { isSubscriptionAccessAllowed } = require('./base');
+  if (!isSubscriptionAccessAllowed()) return null;
   const creds = getCopilotToken();
   if (!creds) return null;
 

package/editors/windsurf.js

@@ -476,6 +476,9 @@ function getWindsurfApiKey(appName) {
 }
 
 function getUsage() {
+  const { isSubscriptionAccessAllowed } = require('./base');
+  if (!isSubscriptionAccessAllowed()) return [];
+
   const results = [];
 
   for (const variant of VARIANTS) {

package/index.js

@@ -253,37 +253,48 @@ const BOT_STYLES = [
 ];
 
 (async () => {
-  // ── Ask for keychain access permission (first run only) ──
+  // ── Ask for subscription access permission (first run only) ──
   const CONFIG_DIR = path.join(os.homedir(), '.agentlytics');
   const CONFIG_FILE = path.join(CONFIG_DIR, 'config.json');
   let agentConfig = {};
   try { agentConfig = JSON.parse(fs.readFileSync(CONFIG_FILE, 'utf-8')); } catch {}
 
-  if (agentConfig.allowKeychainAccess === undefined) {
-    // Only relevant on macOS / Linux where keychain/secret-tool is used
-    if (process.platform === 'darwin' || process.platform === 'linux') {
-      const storeName = process.platform === 'darwin' ? 'Keychain' : 'secret store';
-      console.log(chalk.yellow(`  ⚠ Some subscription details (e.g. Claude Code) require ${storeName} access.`));
-      console.log(chalk.dim(`    This reads stored credentials to show plan/usage info.`));
-      console.log('');
-      const readline = require('readline');
-      const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
-      const answer = await new Promise(r => {
-        rl.question(chalk.bold(`  Allow ${storeName} access for subscription details? (y/N) `), (a) => {
-          rl.close();
-          r(a.trim().toLowerCase());
-        });
+  if (agentConfig.allowSubscriptionAccess === undefined) {
+    console.log(chalk.yellow('  ⚠ Subscription & usage details require access to local auth tokens.'));
+    console.log('');
+    console.log(chalk.dim('    To show your plan and usage info, Agentlytics needs to read'));
+    console.log(chalk.dim('    locally stored tokens from the following sources:'));
+    console.log('');
+    console.log(chalk.dim('      • Claude Code  – macOS Keychain / Linux secret-tool'));
+    console.log(chalk.dim('      • Cursor       – local SQLite (state.vscdb)'));
+    console.log(chalk.dim('      • Copilot      – ~/.config/github-copilot/apps.json'));
+    console.log(chalk.dim('      • VS Code      – ~/.config/github-copilot/apps.json'));
+    console.log(chalk.dim('      • Codex        – local auth.json (JWT decode only)'));
+    console.log(chalk.dim('      • Windsurf     – local SQLite (state.vscdb)'));
+    console.log('');
+    console.log(chalk.dim('    These tokens are used to query each editor\'s own API for'));
+    console.log(chalk.dim('    your plan name and usage limits.'));
+    console.log('');
+    console.log(chalk.bold.white('    → Tokens are kept in-memory only and never sent to any'));
+    console.log(chalk.bold.white('      third-party service. They are discarded after the request.'));
+    console.log('');
+    const readline = require('readline');
+    const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+    const answer = await new Promise(r => {
+      rl.question(chalk.bold('  Allow local token inspection for subscription details? (y/N) '), (a) => {
+        rl.close();
+        r(a.trim().toLowerCase());
       });
-      agentConfig.allowKeychainAccess = answer === 'y' || answer === 'yes';
-      if (!fs.existsSync(CONFIG_DIR)) fs.mkdirSync(CONFIG_DIR, { recursive: true });
-      fs.writeFileSync(CONFIG_FILE, JSON.stringify(agentConfig, null, 2));
-      if (agentConfig.allowKeychainAccess) {
-        console.log(chalk.green(`  ✓ ${storeName} access enabled`));
-      } else {
-        console.log(chalk.dim(`  – ${storeName} access skipped (subscription details won't be collected)`));
-      }
-      console.log('');
+    });
+    agentConfig.allowSubscriptionAccess = answer === 'y' || answer === 'yes';
+    if (!fs.existsSync(CONFIG_DIR)) fs.mkdirSync(CONFIG_DIR, { recursive: true });
+    fs.writeFileSync(CONFIG_FILE, JSON.stringify(agentConfig, null, 2));
+    if (agentConfig.allowSubscriptionAccess) {
+      console.log(chalk.green('  ✓ Subscription access enabled'));
+    } else {
+      console.log(chalk.dim('  – Subscription access skipped (plan/usage details won\'t be collected)'));
     }
+    console.log('');
   }
 
   let tick = 0;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agentlytics",
-  "version": "0.2.6",
+  "version": "0.2.7",
   "description": "Comprehensive analytics dashboard for AI coding agents — Cursor, Windsurf, Claude Code, VS Code Copilot, Zed, Antigravity, OpenCode, Command Code",
   "main": "index.js",
   "bin": {

package/ui/src/pages/Settings.jsx

@@ -1,5 +1,5 @@
 import { useState, useEffect } from 'react'
-import { Settings as SettingsIcon, EyeOff, Eye, FolderOpen, Search } from 'lucide-react'
+import { Settings as SettingsIcon, EyeOff, Eye, FolderOpen, Search, ShieldCheck, ShieldOff, AlertTriangle, X } from 'lucide-react'
 import { fetchConfig, updateConfig, fetchAllProjects } from '../lib/api'
 import { editorLabel, formatNumber, formatDate } from '../lib/constants'
 import EditorIcon from '../components/EditorIcon'
@@ -13,6 +13,7 @@ export default function Settings() {
   const [loading, setLoading] = useState(true)
   const [saving, setSaving] = useState(false)
   const [search, setSearch] = useState('')
+  const [showConfirm, setShowConfirm] = useState(false)
 
   useEffect(() => {
     Promise.all([fetchConfig(), fetchAllProjects()]).then(([cfg, projs]) => {
@@ -47,10 +48,45 @@ export default function Settings() {
 
   const sorted = [...filtered].sort((a, b) => a.name.localeCompare(b.name))
 
+  const subscriptionAccess = !!config.allowSubscriptionAccess
+
+  const toggleSubscriptionAccess = async () => {
+    setSaving(true)
+    const newConfig = await updateConfig({ allowSubscriptionAccess: !subscriptionAccess })
+    setConfig(newConfig)
+    setSaving(false)
+    setShowConfirm(false)
+  }
+
   return (
     <div className="fade-in space-y-3">
       <PageHeader icon={SettingsIcon} title="Settings" />
 
+      <div className="card overflow-hidden">
+        <div className="px-3 py-2 flex items-center justify-between" style={{ borderBottom: '1px solid var(--c-border)' }}>
+          <SectionTitle>
+            {subscriptionAccess ? <ShieldCheck size={11} className="inline mr-1" /> : <ShieldOff size={11} className="inline mr-1" />}
+            subscription access
+          </SectionTitle>
+          <button
+            onClick={() => setShowConfirm(true)}
+            disabled={saving}
+            className="text-[11px] px-2 py-0.5 rounded transition"
+            style={{
+              background: subscriptionAccess ? 'rgba(34,197,94,0.08)' : 'rgba(239,68,68,0.08)',
+              color: subscriptionAccess ? '#22c55e' : '#ef4444',
+              border: `1px solid ${subscriptionAccess ? 'rgba(34,197,94,0.15)' : 'rgba(239,68,68,0.15)'}`,
+            }}
+          >
+            {subscriptionAccess ? 'Enabled' : 'Disabled'}
+          </button>
+        </div>
+        <div className="text-[11px] px-3 py-2" style={{ color: 'var(--c-text3)' }}>
+          When enabled, Agentlytics reads locally stored auth tokens (Keychain, SQLite, config files) to show your plan and usage info for each editor.
+          Tokens are kept in-memory only and <span style={{ color: 'var(--c-text2)' }}>never sent to any third-party service</span>.
+        </div>
+      </div>
+
       <div className="card overflow-hidden">
         <div className="px-3 py-2 flex items-center justify-between" style={{ borderBottom: '1px solid var(--c-border)' }}>
           <SectionTitle>
@@ -88,6 +124,70 @@ export default function Settings() {
           <div className="text-center py-6 text-[12px]" style={{ color: 'var(--c-text3)' }}>no projects match filter</div>
         )}
       </div>
+      {showConfirm && (
+        <ConfirmModal
+          enabling={!subscriptionAccess}
+          saving={saving}
+          onConfirm={toggleSubscriptionAccess}
+          onCancel={() => setShowConfirm(false)}
+        />
+      )}
+    </div>
+  )
+}
+
+function ConfirmModal({ enabling, saving, onConfirm, onCancel }) {
+  return (
+    <div className="fixed inset-0 z-50 flex items-center justify-center" style={{ background: 'rgba(0,0,0,0.6)' }} onClick={onCancel}>
+      <div className="card w-[420px] mx-4" onClick={e => e.stopPropagation()} style={{ background: 'var(--c-bg2)', border: '1px solid var(--c-border)' }}>
+        <div className="flex items-center justify-between px-4 py-3" style={{ borderBottom: '1px solid var(--c-border)' }}>
+          <div className="flex items-center gap-2 text-[13px] font-medium" style={{ color: 'var(--c-white)' }}>
+            <AlertTriangle size={14} style={{ color: enabling ? '#fbbf24' : '#ef4444' }} />
+            {enabling ? 'Enable' : 'Disable'} Subscription Access
+          </div>
+          <button onClick={onCancel} className="p-1 rounded hover:bg-[var(--c-bg3)]" style={{ color: 'var(--c-text3)' }}>
+            <X size={14} />
+          </button>
+        </div>
+        <div className="px-4 py-3 text-[11px] space-y-2" style={{ color: 'var(--c-text2)' }}>
+          {enabling ? (
+            <>
+              <p>This will allow Agentlytics to read locally stored auth tokens from:</p>
+              <ul className="space-y-1 pl-3" style={{ color: 'var(--c-text3)' }}>
+                <li>Claude Code &ndash; macOS Keychain / Linux secret-tool</li>
+                <li>Cursor &ndash; local SQLite (state.vscdb)</li>
+                <li>Copilot / VS Code &ndash; ~/.config/github-copilot/apps.json</li>
+                <li>Codex &ndash; local auth.json (JWT decode only)</li>
+                <li>Windsurf &ndash; local SQLite (state.vscdb)</li>
+              </ul>
+              <p style={{ color: 'var(--c-text2)' }}>Tokens are kept <strong>in-memory only</strong> and never sent to any third-party service.</p>
+            </>
+          ) : (
+            <p>This will stop Agentlytics from reading any local auth tokens. Subscription and plan details will no longer be collected.</p>
+          )}
+        </div>
+        <div className="flex justify-end gap-2 px-4 py-3" style={{ borderTop: '1px solid var(--c-border)' }}>
+          <button
+            onClick={onCancel}
+            className="text-[11px] px-3 py-1 rounded transition"
+            style={{ color: 'var(--c-text3)', border: '1px solid var(--c-border)' }}
+          >
+            Cancel
+          </button>
+          <button
+            onClick={onConfirm}
+            disabled={saving}
+            className="text-[11px] px-3 py-1 rounded transition font-medium"
+            style={{
+              background: enabling ? 'rgba(34,197,94,0.12)' : 'rgba(239,68,68,0.12)',
+              color: enabling ? '#22c55e' : '#ef4444',
+              border: `1px solid ${enabling ? 'rgba(34,197,94,0.2)' : 'rgba(239,68,68,0.2)'}`,
+            }}
+          >
+            {saving ? 'Saving...' : enabling ? 'Yes, enable' : 'Yes, disable'}
+          </button>
+        </div>
+      </div>
     </div>
   )
 }