token-studio 4.8.0

package/test/attribution-summary.test.mjs

@@ -0,0 +1,164 @@
+import assert from 'node:assert/strict';
+import test from 'node:test';
+import {
+  buildReviewAttributionProgress,
+  buildReviewAttributionChecklist,
+  buildReviewUnattributedSessions,
+  buildAttributionStatusSummary,
+  buildUnattributedSessions,
+  isReviewUnattributedSession,
+  isUnattributedSession
+} from '../src/client/dashboard/attribution.js';
+
+const sessions = [
+  {
+    sessionId: 'published',
+    taskType: '功能开发',
+    outputStatus: '已发布',
+    workPurpose: '功能开发',
+    workStage: '发布',
+    valueLevel: '高',
+    inputTokens: 60,
+    outputTokens: 40,
+    totalTokens: 100,
+    costUSD: 1
+  },
+  {
+    sessionId: 'completed-without-task',
+    taskType: '未分类',
+    outputStatus: '已完成',
+    workPurpose: '功能开发',
+    workStage: '实现',
+    valueLevel: '中',
+    inputTokens: 30,
+    outputTokens: 20,
+    totalTokens: 50,
+    costUSD: 0.5
+  },
+  {
+    sessionId: 'unmarked-status',
+    taskType: '问题修复',
+    outputStatus: '未标注',
+    workPurpose: '调试修复',
+    workStage: '验证',
+    valueLevel: '中',
+    inputTokens: 15,
+    outputTokens: 10,
+    totalTokens: 25,
+    costUSD: 0.25
+  },
+  {
+    sessionId: 'discarded',
+    taskType: '技术调研',
+    outputStatus: '已废弃',
+    workPurpose: '未说明',
+    workStage: '探索',
+    valueLevel: '低',
+    inputTokens: 20,
+    outputTokens: 5,
+    totalTokens: 25,
+    costUSD: 0.1
+  }
+];
+
+test('isUnattributedSession uses the broad task-or-status rule', () => {
+  assert.equal(isUnattributedSession(sessions[0]), false);
+  assert.equal(isUnattributedSession(sessions[1]), true);
+  assert.equal(isUnattributedSession(sessions[2]), true);
+  assert.equal(isUnattributedSession({}), true);
+});
+
+test('isReviewUnattributedSession also requires purpose stage and value', () => {
+  assert.equal(isReviewUnattributedSession(sessions[0]), false);
+  assert.equal(isReviewUnattributedSession(sessions[1]), true);
+  assert.equal(isReviewUnattributedSession(sessions[2]), true);
+  assert.equal(isReviewUnattributedSession(sessions[3]), true);
+  assert.equal(isReviewUnattributedSession({
+    taskType: '功能开发',
+    outputStatus: '已完成',
+    workPurpose: '功能开发',
+    workStage: '未说明',
+    valueLevel: '高'
+  }), true);
+});
+
+test('buildReviewUnattributedSessions sorts v3 review gaps by token cost', () => {
+  const rows = buildReviewUnattributedSessions(sessions);
+  assert.deepEqual(rows.map(row => row.sessionId), ['completed-without-task', 'unmarked-status', 'discarded']);
+});
+
+test('buildReviewAttributionProgress reports session and token completion', () => {
+  const progress = buildReviewAttributionProgress(sessions);
+
+  assert.equal(progress.sessionCount, 4);
+  assert.equal(progress.attributedSessionCount, 1);
+  assert.equal(progress.unattributedSessionCount, 3);
+  assert.equal(progress.totalTokens, 200);
+  assert.equal(progress.attributedTokens, 100);
+  assert.equal(progress.unattributedTokens, 100);
+  assert.equal(progress.completionShare, 0.25);
+  assert.equal(progress.tokenCompletionShare, 0.5);
+});
+
+test('buildReviewAttributionChecklist copies highest cost real work gaps', () => {
+  const checklist = buildReviewAttributionChecklist([
+    ...sessions,
+    {
+      sessionId: '=danger',
+      projectAlias: '+formula|project',
+      taskType: '功能开发',
+      outputStatus: '已完成',
+      workPurpose: '未说明',
+      workStage: '未说明',
+      valueLevel: '未评估',
+      totalTokens: 75,
+      costUSD: 2,
+      model: 'gpt-5.5',
+      source: 'Codex CLI',
+      lastActivity: '2026-06-12'
+    }
+  ], {
+    limit: 2,
+    generatedAt: new Date(2026, 5, 12, 9, 30)
+  });
+
+  assert.match(checklist, /^# Token Studio 归因工作清单/);
+  assert.match(checklist, /不包含对话正文/);
+  assert.match(checklist, /人工核对项目、任务、目的、阶段、价值和产出状态/);
+  assert.match(checklist, /任务类型/);
+  assert.match(checklist, /工作目的、工作阶段、产出价值/);
+  assert.match(checklist, /'\=danger/);
+  assert.match(checklist, /'\+formula\\\|project/);
+  assert.equal(checklist.includes('unmarked-status'), false);
+});
+
+test('buildUnattributedSessions filters and sorts highest token work first', () => {
+  const rows = buildUnattributedSessions(sessions);
+  assert.deepEqual(rows.map(row => row.sessionId), ['completed-without-task', 'unmarked-status']);
+});
+
+test('buildAttributionStatusSummary aggregates output status and unattributed rows', () => {
+  const summary = buildAttributionStatusSummary(sessions);
+  const byId = Object.fromEntries(summary.map(row => [row.id, row]));
+
+  assert.equal(byId.published.sessionCount, 1);
+  assert.equal(byId.published.totalTokens, 100);
+  assert.equal(byId.published.costUSD, 1);
+  assert.equal(byId.published.share, 0.5);
+
+  assert.equal(byId.completed.sessionCount, 1);
+  assert.equal(byId.completed.totalTokens, 50);
+  assert.equal(byId.completed.share, 0.25);
+
+  assert.equal(byId.inProgress.sessionCount, 0);
+  assert.equal(byId.inProgress.totalTokens, 0);
+
+  assert.equal(byId.discarded.sessionCount, 1);
+  assert.equal(byId.discarded.totalTokens, 25);
+  assert.equal(byId.discarded.share, 0.125);
+
+  assert.equal(byId.unattributed.sessionCount, 2);
+  assert.equal(byId.unattributed.totalTokens, 75);
+  assert.equal(byId.unattributed.costUSD, 0.75);
+  assert.equal(byId.unattributed.share, 0.375);
+});

package/test/auto-attribution.test.mjs

@@ -0,0 +1,116 @@
+import assert from 'node:assert/strict';
+import test from 'node:test';
+import {
+  attachAutoSuggestions,
+  buildAutoAttributionPlan,
+  buildAutoAttributionSuggestion
+} from '../src/auto-attribution.mjs';
+
+const baseSession = {
+  device: 'local',
+  source: 'Codex CLI',
+  sessionId: 'local:codex:D:\\HighROIProjects\\TokenStudio:gpt-5.5',
+  projectPath: 'D:\\HighROIProjects\\TokenStudio',
+  taskType: '未分类',
+  outputStatus: '未标注',
+  workPurpose: '未说明',
+  workStage: '未说明',
+  valueLevel: '未评估',
+  inputTokens: 100_000,
+  outputTokens: 20_000,
+  totalTokens: 120_000,
+  costUSD: 3,
+  lastActivity: '2026-06-15'
+};
+
+test('project alias rules create high-confidence suggestions', () => {
+  const suggestion = buildAutoAttributionSuggestion(baseSession, {
+    projectAliasRules: [{
+      enabled: true,
+      matchType: 'prefix',
+      pattern: 'D:\\HighROIProjects\\TokenStudio',
+      projectAlias: 'Token Studio'
+    }],
+    now: new Date('2026-06-30T00:00:00Z')
+  });
+
+  assert.equal(suggestion.values.projectAlias, 'Token Studio');
+  assert.equal(suggestion.annotationConfidence, 92);
+  assert.equal(suggestion.canApply, true);
+  assert.match(suggestion.annotationReason, /项目别名规则/);
+});
+
+test('output links infer productive work without writing critical value', () => {
+  const suggestion = buildAutoAttributionSuggestion({
+    ...baseSession,
+    outputUrl: 'https://github.com/example/repo/pull/42',
+    outputType: 'PR'
+  });
+
+  assert.equal(suggestion.values.taskType, '功能开发');
+  assert.equal(suggestion.values.outputStatus, '已完成');
+  assert.equal(suggestion.values.workPurpose, '功能开发');
+  assert.equal(suggestion.values.workStage, '实现');
+  assert.equal(suggestion.values.valueLevel, '中');
+  assert.notEqual(suggestion.values.valueLevel, '关键');
+  assert.equal(suggestion.annotationConfidence, 80);
+});
+
+test('deploy output infers published high value but not critical value', () => {
+  const suggestion = buildAutoAttributionSuggestion({
+    ...baseSession,
+    outputUrl: 'https://example.com/app',
+    outputType: '部署'
+  });
+
+  assert.equal(suggestion.values.outputStatus, '已发布');
+  assert.equal(suggestion.values.workStage, '发布');
+  assert.equal(suggestion.values.valueLevel, '高');
+  assert.notEqual(suggestion.values.valueLevel, '关键');
+  assert.equal(suggestion.annotationConfidence, 80);
+});
+
+test('high input low output only creates low-confidence review suggestions', () => {
+  const suggestion = buildAutoAttributionSuggestion({
+    ...baseSession,
+    projectPath: '',
+    inputTokens: 900_000,
+    outputTokens: 50_000,
+    totalTokens: 1_000_000
+  }, {
+    now: new Date('2026-06-30T00:00:00Z')
+  });
+
+  assert.equal(suggestion.values.taskType, '技术调研');
+  assert.equal(suggestion.values.workPurpose, '上下文整理');
+  assert.equal(suggestion.values.outputStatus, '未标注');
+  assert.equal(suggestion.annotationConfidence, 65);
+  assert.equal(suggestion.canApply, false);
+});
+
+test('manual or imported annotations are never suggested for overwrite', () => {
+  assert.equal(buildAutoAttributionSuggestion({
+    ...baseSession,
+    annotationSource: 'manual',
+    annotationConfidence: 100
+  }), null);
+  assert.equal(buildAutoAttributionSuggestion({
+    ...baseSession,
+    annotationSource: 'imported',
+    annotationConfidence: 100
+  }), null);
+});
+
+test('plan reports lazy-mode reduction and attaches suggestions', () => {
+  const sessions = [
+    { ...baseSession, sessionId: 's1', outputUrl: 'https://example.com/doc', outputType: '文档' },
+    { ...baseSession, sessionId: 's2', annotationSource: 'manual', taskType: '功能开发' }
+  ];
+  const plan = buildAutoAttributionPlan({ sessions, now: new Date('2026-06-16T00:00:00Z') });
+  const attached = attachAutoSuggestions(sessions, plan.suggestions);
+
+  assert.equal(plan.highConfidenceCount, 1);
+  assert.equal(plan.lowConfidenceCount, 0);
+  assert.equal(attached[0].autoSuggestion.canApply, true);
+  assert.equal(attached[1].autoSuggestion, null);
+});

package/test/ccusage-bridge.test.mjs

@@ -0,0 +1,36 @@
+import test from 'node:test';
+import assert from 'node:assert/strict';
+import { ccusageInvocation } from '../src/ccusage-bridge.mjs';
+import { planCcusageImport } from '../src/ccusage-import.mjs';
+
+test('ccusage bridge builds npx invocation with json and no-cost flags', () => {
+  const invocation = ccusageInvocation({ report: 'daily' });
+  assert.match(invocation.command, process.platform === 'win32' ? /npx\.cmd$/ : /npx$/);
+  assert.deepEqual(invocation.args, ['ccusage@latest', 'daily', '--json', '--no-cost']);
+  assert.equal(invocation.commandLabel, 'npx ccusage@latest daily --json --no-cost');
+});
+
+test('ccusage bridge accepts explicit binary and rejects unknown reports', () => {
+  const invocation = ccusageInvocation({ report: 'blocks', ccusageBin: 'ccusage' });
+  assert.equal(invocation.command, 'ccusage');
+  assert.deepEqual(invocation.args, ['blocks', '--json', '--no-cost']);
+  assert.equal(invocation.commandLabel, 'ccusage blocks --json --no-cost');
+  assert.throws(() => ccusageInvocation({ report: 'bad' }), /--report must be one of/);
+});
+
+test('ccusage import planner supports weekly report shape', () => {
+  const plan = planCcusageImport({
+    type: 'weekly',
+    data: [{
+      week: '2026-06-15',
+      source: 'Codex CLI',
+      models: ['gpt-5.3-codex'],
+      inputTokens: 100,
+      outputTokens: 25,
+      totalTokens: 125
+    }]
+  }, { device: 'test-device' });
+  assert.equal(plan.detectedShape, 'weekly');
+  assert.equal(plan.sessions.length, 1);
+  assert.equal(plan.tokenEvents.length, 1);
+});

package/test/ccusage-import.test.mjs

@@ -0,0 +1,93 @@
+import test from 'node:test';
+import assert from 'node:assert/strict';
+import { mkdtempSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import { applyCcusageImport, parseCcusageJsonText, planCcusageImport } from '../src/ccusage-import.mjs';
+import { openDb } from '../src/db.mjs';
+
+function tempDb() {
+  const dir = mkdtempSync(join(tmpdir(), 'token-studio-ccusage-'));
+  return openDb(join(dir, 'usage.sqlite'));
+}
+
+test('ccusage import supports documented daily and project daily shapes', () => {
+  const daily = planCcusageImport({
+    daily: [{
+      date: '2026-06-17',
+      modelsUsed: ['<synthetic>'],
+      inputTokens: 1000,
+      outputTokens: 200,
+      cacheReadTokens: 300,
+      totalTokens: 1500,
+      totalCost: 99
+    }]
+  }, { device: 'test-device', now: new Date('2026-06-17T10:00:00Z') });
+
+  assert.equal(daily.detectedShape, 'daily');
+  assert.equal(daily.daily.length, 1);
+  assert.equal(daily.sessions.length, 1);
+  assert.equal(daily.daily[0].costUSD < 99, true);
+  assert.equal(daily.warnings[0].type, 'ignored-imported-cost');
+
+  const projectDaily = planCcusageImport({
+    projects: {
+      'token-studio-roi': [{
+        date: '2026-06-17',
+        modelsUsed: ['claude-sonnet-4'],
+        inputTokens: 500,
+        outputTokens: 100
+      }]
+    }
+  }, { device: 'test-device' });
+
+  assert.equal(projectDaily.detectedShape, 'project-daily');
+  assert.equal(projectDaily.sessions[0].projectPath, 'token-studio-roi');
+});
+
+test('ccusage import supports session, blocks and monthly reports', () => {
+  for (const payload of [
+    {
+      type: 'session',
+      data: [{ session: 's1', models: ['gpt-5.3-codex'], inputTokens: 100, outputTokens: 20, firstActivity: '2026-06-17T01:00:00Z', lastActivity: '2026-06-17T02:00:00Z' }]
+    },
+    {
+      type: 'blocks',
+      data: [{ blockStart: '2026-06-17T01:00:00Z', blockEnd: '2026-06-17T02:00:00Z', models: ['gpt-5.3-codex'], inputTokens: 100, outputTokens: 20 }]
+    },
+    {
+      type: 'monthly',
+      data: [{ month: '2026-06', models: ['gpt-5.3-codex'], inputTokens: 100, outputTokens: 20 }]
+    }
+  ]) {
+    const plan = planCcusageImport(payload, { device: 'test-device' });
+    assert.equal(plan.daily.length, 1);
+    assert.equal(plan.sessions.length, 1);
+    assert.equal(plan.tokenEvents.length, 1);
+  }
+});
+
+test('ccusage apply is idempotent and dry-run plans do not write', () => {
+  const db = tempDb();
+  const payload = {
+    type: 'session',
+    data: [{ session: 's1', models: ['gpt-5.3-codex'], inputTokens: 100, outputTokens: 20, lastActivity: '2026-06-17T02:00:00Z' }]
+  };
+  const plan = planCcusageImport(payload, { device: 'test-device' });
+
+  assert.equal(db.prepare('SELECT COUNT(*) AS count FROM session_usage').get().count, 0);
+  applyCcusageImport(db, plan);
+  applyCcusageImport(db, plan);
+  assert.equal(db.prepare('SELECT COUNT(*) AS count FROM daily_usage').get().count, 1);
+  assert.equal(db.prepare('SELECT COUNT(*) AS count FROM session_usage').get().count, 1);
+  assert.equal(db.prepare('SELECT COUNT(*) AS count FROM token_events').get().count, 1);
+  assert.equal(db.prepare('SELECT COUNT(*) AS count FROM collection_runs WHERE source = ?').get('import:ccusage-json').count, 2);
+  db.close();
+});
+
+test('ccusage parser rejects conversation-like fields', () => {
+  assert.throws(() => parseCcusageJsonText(JSON.stringify({
+    type: 'session',
+    data: [{ session: 's1', prompt: 'do not ingest', inputTokens: 1 }]
+  })), /conversation-like field/);
+});

package/test/cli-v43.test.mjs

@@ -0,0 +1,64 @@
+import test from 'node:test';
+import assert from 'node:assert/strict';
+import { spawn } from 'node:child_process';
+import { mkdtempSync, rmSync, writeFileSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+
+test('v4.3 CLI imports ccusage dry-run/apply and prints report JSON', async () => {
+  const dir = mkdtempSync(join(tmpdir(), 'token-studio-cli-v43-'));
+  const dbPath = join(dir, 'usage.sqlite');
+  const jsonPath = join(dir, 'ccusage.json');
+  writeFileSync(jsonPath, JSON.stringify({
+    type: 'session',
+    data: [{
+      session: 's1',
+      models: ['gpt-5.3-codex'],
+      inputTokens: 100,
+      outputTokens: 20,
+      lastActivity: '2026-06-17T02:00:00Z'
+    }]
+  }), 'utf8');
+
+  try {
+    const dryRun = await runCli(['import-usage', '--format=ccusage-json', '--file', jsonPath, '--db', dbPath, '--dry-run', '--json']);
+    assert.equal(dryRun.code, 0, dryRun.stderr);
+    assert.equal(JSON.parse(dryRun.stdout).mode, 'dry-run');
+
+    const applied = await runCli(['import-usage', '--format=ccusage-json', '--file', jsonPath, '--db', dbPath, '--apply', '--json']);
+    assert.equal(applied.code, 0, applied.stderr);
+    assert.equal(JSON.parse(applied.stdout).applied.sessions, 1);
+
+    const budget = await runCli(['budget', 'set', '--db', dbPath, '--source', 'Codex CLI', '--label', 'Codex 15m', '--window-minutes', '15', '--token-budget', '1000']);
+    assert.equal(budget.code, 0, budget.stderr);
+
+    const list = await runCli(['budget', 'list', '--db', dbPath, '--json']);
+    assert.equal(list.code, 0, list.stderr);
+    assert.equal(JSON.parse(list.stdout).profiles.length, 1);
+
+    const report = await runCli(['report', '--db', dbPath, '--period', 'all', '--format', 'json']);
+    assert.equal(report.code, 0, report.stderr);
+    assert.equal(JSON.parse(report.stdout).totals.totalTokens, 120);
+  } finally {
+    rmSync(dir, { recursive: true, force: true });
+  }
+});
+
+function runCli(argv, env = {}) {
+  return new Promise(resolve => {
+    const child = spawn(process.execPath, ['src/cli.mjs', ...argv], {
+      cwd: process.cwd(),
+      env: { ...process.env, ...env },
+      stdio: ['ignore', 'pipe', 'pipe'],
+      windowsHide: true
+    });
+    let stdout = '';
+    let stderr = '';
+    child.stdout.setEncoding('utf8');
+    child.stderr.setEncoding('utf8');
+    child.stdout.on('data', chunk => { stdout += chunk; });
+    child.stderr.on('data', chunk => { stderr += chunk; });
+    child.on('close', code => resolve({ code, stdout, stderr }));
+    child.on('error', error => resolve({ code: 1, stdout, stderr: `${stderr}${error.message}` }));
+  });
+}

package/test/cli-v45.test.mjs

@@ -0,0 +1,34 @@
+import test from 'node:test';
+import assert from 'node:assert/strict';
+import { spawn } from 'node:child_process';
+
+test('CLI help exposes open and import-usage help', async () => {
+  const help = await runCli(['--help']);
+  assert.equal(help.code, 0, help.stderr);
+  assert.match(help.stdout, /token-studio open/);
+
+  const importHelp = await runCli(['import-usage', '--help']);
+  assert.equal(importHelp.code, 0, importHelp.stderr);
+  assert.match(importHelp.stdout, /ccusage Import/);
+  assert.match(importHelp.stdout, /--dry-run/);
+  assert.match(importHelp.stdout, /prompt, response, messages/);
+});
+
+function runCli(argv) {
+  return new Promise(resolve => {
+    const child = spawn(process.execPath, ['src/cli.mjs', ...argv], {
+      cwd: process.cwd(),
+      env: process.env,
+      stdio: ['ignore', 'pipe', 'pipe'],
+      windowsHide: true
+    });
+    let stdout = '';
+    let stderr = '';
+    child.stdout.setEncoding('utf8');
+    child.stderr.setEncoding('utf8');
+    child.stdout.on('data', chunk => { stdout += chunk; });
+    child.stderr.on('data', chunk => { stderr += chunk; });
+    child.on('close', code => resolve({ code, stdout, stderr }));
+    child.on('error', error => resolve({ code: 1, stdout, stderr: `${stderr}${error.message}` }));
+  });
+}

package/test/cli-v46.test.mjs

@@ -0,0 +1,129 @@
+import test from 'node:test';
+import assert from 'node:assert/strict';
+import { spawn } from 'node:child_process';
+import { chmodSync, existsSync, mkdtempSync, rmSync, writeFileSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import { openDb } from '../src/db.mjs';
+
+test('v4.6 CLI bridge refuses non-interactive external scans without --yes', async () => {
+  const dir = mkdtempSync(join(tmpdir(), 'token-studio-cli-v46-refuse-'));
+  const dbPath = join(dir, 'usage.sqlite');
+  const mock = createMockCcusage(dir);
+  try {
+    const result = await runCli(['import-usage', '--format=ccusage-cli', '--report=session', '--ccusage-bin', mock, '--db', dbPath, '--dry-run', '--json']);
+    assert.notEqual(result.code, 0);
+    assert.match(result.stderr, /requires --yes/);
+    assert.equal(existsSync(dbPath), false);
+  } finally {
+    rmSync(dir, { recursive: true, force: true });
+  }
+});
+
+test('v4.6 CLI bridge dry-run/apply imports ccusage CLI JSON safely', async () => {
+  const dir = mkdtempSync(join(tmpdir(), 'token-studio-cli-v46-bridge-'));
+  const dbPath = join(dir, 'usage.sqlite');
+  const mock = createMockCcusage(dir);
+  try {
+    const dryRun = await runCli(['import-usage', '--format=ccusage-cli', '--report=session', '--ccusage-bin', mock, '--db', dbPath, '--dry-run', '--yes', '--json']);
+    assert.equal(dryRun.code, 0, dryRun.stderr);
+    const dryRunBody = JSON.parse(dryRun.stdout);
+    assert.equal(dryRunBody.mode, 'dry-run');
+    assert.equal(dryRunBody.format, 'ccusage-cli');
+    assert.equal(dryRunBody.bridge.report, 'session');
+    assert.equal(dryRunBody.sessions, 1);
+    assert.equal(existsSync(dbPath), false);
+
+    const applied = await runCli(['import-usage', '--format=ccusage-cli', '--report=session', '--ccusage-bin', mock, '--db', dbPath, '--apply', '--yes', '--json']);
+    assert.equal(applied.code, 0, applied.stderr);
+    const appliedBody = JSON.parse(applied.stdout);
+    assert.equal(appliedBody.applied.sessions, 1);
+    assert.equal(appliedBody.applied.tokenEvents, 1);
+    assert.ok(appliedBody.backup?.path);
+    assert.ok(existsSync(appliedBody.backup.path));
+
+    const db = openDb(dbPath);
+    try {
+      assert.equal(db.prepare('SELECT COUNT(*) AS count FROM collection_runs WHERE source = ?').get('import:ccusage-cli').count, 1);
+      assert.equal(db.prepare('SELECT COUNT(*) AS count FROM token_events WHERE tool_category = ?').get('import:ccusage-cli').count, 1);
+      assert.equal(db.prepare('SELECT COUNT(*) AS count FROM session_usage').get().count, 1);
+    } finally {
+      db.close();
+    }
+  } finally {
+    rmSync(dir, { recursive: true, force: true });
+  }
+});
+
+test('v4.6 CLI bridge rejects unsafe ccusage CLI JSON', async () => {
+  const dir = mkdtempSync(join(tmpdir(), 'token-studio-cli-v46-unsafe-'));
+  const dbPath = join(dir, 'usage.sqlite');
+  const mock = createMockCcusage(dir);
+  try {
+    const result = await runCli(['import-usage', '--format=ccusage-cli', '--report=session', '--ccusage-bin', mock, '--db', dbPath, '--dry-run', '--yes', '--json'], {
+      TOKEN_STUDIO_MOCK_CCUSAGE_OUTPUT: 'unsafe'
+    });
+    assert.notEqual(result.code, 0);
+    assert.match(result.stderr, /conversation-like field/);
+    assert.equal(existsSync(dbPath), false);
+  } finally {
+    rmSync(dir, { recursive: true, force: true });
+  }
+});
+
+test('v4.6 CLI bridge reports external command failures clearly', async () => {
+  const dir = mkdtempSync(join(tmpdir(), 'token-studio-cli-v46-fail-'));
+  const dbPath = join(dir, 'usage.sqlite');
+  const mock = createMockCcusage(dir);
+  try {
+    const result = await runCli(['import-usage', '--format=ccusage-cli', '--report=session', '--ccusage-bin', mock, '--db', dbPath, '--dry-run', '--yes', '--json'], {
+      TOKEN_STUDIO_MOCK_CCUSAGE_OUTPUT: 'fail'
+    });
+    assert.notEqual(result.code, 0);
+    assert.match(result.stderr, /ccusage CLI failed/);
+  } finally {
+    rmSync(dir, { recursive: true, force: true });
+  }
+});
+
+function createMockCcusage(dir) {
+  const scriptPath = join(dir, 'mock-ccusage.mjs');
+  writeFileSync(scriptPath, [
+    "const mode = process.env.TOKEN_STUDIO_MOCK_CCUSAGE_OUTPUT || 'safe';",
+    "if (!process.argv.includes('--json') || !process.argv.includes('--no-cost')) { console.error('missing expected flags'); process.exit(3); }",
+    "if (mode === 'fail') { console.error('mock failure'); process.exit(7); }",
+    "const row = { session: 'cli-bridge-s1', source: 'Codex CLI', models: ['gpt-5.3-codex'], inputTokens: 100, outputTokens: 20, cacheReadTokens: 5, lastActivity: '2026-06-17T02:00:00Z' };",
+    "if (mode === 'unsafe') row.prompt = 'secret prompt';",
+    "console.log(JSON.stringify({ type: 'session', data: [row] }));"
+  ].join('\n'), 'utf8');
+
+  if (process.platform === 'win32') {
+    const cmdPath = join(dir, 'mock-ccusage.cmd');
+    writeFileSync(cmdPath, `@echo off\r\n"${process.execPath}" "${scriptPath}" %*\r\n`, 'utf8');
+    return cmdPath;
+  }
+
+  const binPath = join(dir, 'mock-ccusage');
+  writeFileSync(binPath, `#!/usr/bin/env sh\n"${process.execPath}" "${scriptPath}" "$@"\n`, 'utf8');
+  chmodSync(binPath, 0o755);
+  return binPath;
+}
+
+function runCli(argv, env = {}) {
+  return new Promise(resolve => {
+    const child = spawn(process.execPath, ['src/cli.mjs', ...argv], {
+      cwd: process.cwd(),
+      env: { ...process.env, ...env },
+      stdio: ['ignore', 'pipe', 'pipe'],
+      windowsHide: true
+    });
+    let stdout = '';
+    let stderr = '';
+    child.stdout.setEncoding('utf8');
+    child.stderr.setEncoding('utf8');
+    child.stdout.on('data', chunk => { stdout += chunk; });
+    child.stderr.on('data', chunk => { stderr += chunk; });
+    child.on('close', code => resolve({ code, stdout, stderr }));
+    child.on('error', error => resolve({ code: 1, stdout, stderr: `${stderr}${error.message}` }));
+  });
+}