token-studio 4.8.0

package/test/cli-v47.test.mjs

@@ -0,0 +1,98 @@
+import test from 'node:test';
+import assert from 'node:assert/strict';
+import { spawn } from 'node:child_process';
+import { mkdtempSync, rmSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import { openDb, upsertSession, upsertSessionAnnotation } from '../src/db.mjs';
+
+test('v4.7 budget CLI supports fixed windows and warning thresholds', async () => {
+  const dir = mkdtempSync(join(tmpdir(), 'token-studio-cli-v47-budget-'));
+  const dbPath = join(dir, 'usage.sqlite');
+  try {
+    const saved = await runCli([
+      'budget', 'set',
+      '--db', dbPath,
+      '--source', 'Codex CLI',
+      '--label', 'Codex 5h',
+      '--window-type', 'fixed',
+      '--window-minutes', '300',
+      '--reset-anchor', '2026-06-17T00:00:00Z',
+      '--warning-threshold', '0.7',
+      '--token-budget', '500000',
+      '--json'
+    ]);
+    assert.equal(saved.code, 0, saved.stderr);
+    const body = JSON.parse(saved.stdout);
+    assert.equal(body.profile.windowType, 'fixed');
+    assert.equal(body.profile.warningThreshold, 0.7);
+
+    const listed = await runCli(['budget', 'list', '--db', dbPath]);
+    assert.equal(listed.code, 0, listed.stderr);
+    assert.match(listed.stdout, /fixed:300m/);
+    assert.match(listed.stdout, /warn=70%/);
+  } finally {
+    rmSync(dir, { recursive: true, force: true });
+  }
+});
+
+test('v4.7 policy CLI exports markdown snippets without writing files', async () => {
+  const dir = mkdtempSync(join(tmpdir(), 'token-studio-cli-v47-policy-'));
+  const dbPath = join(dir, 'usage.sqlite');
+  const db = openDb(dbPath);
+  try {
+    upsertSession(db, {
+      device: 'devbox',
+      source: 'Codex CLI',
+      sessionId: 's1',
+      lastActivity: '2026-06-17T02:00:00Z',
+      totalTokens: 1200
+    });
+    upsertSessionAnnotation(db, {
+      device: 'devbox',
+      source: 'Codex CLI',
+      sessionId: 's1',
+      taskType: '功能开发',
+      outputStatus: '已完成',
+      workPurpose: '测试验证',
+      workStage: '验证',
+      valueLevel: '中'
+    });
+  } finally {
+    db.close();
+  }
+
+  try {
+    const agents = await runCli(['policy', '--db', dbPath, '--format=agents-md']);
+    assert.equal(agents.code, 0, agents.stderr);
+    assert.match(agents.stdout, /Token Studio ROI Agent Policy/);
+    assert.match(agents.stdout, /测试验证/);
+    assert.match(agents.stdout, /Do not automatically edit/);
+    assert.doesNotMatch(agents.stdout, /secret prompt|private response|actual transcript/i);
+
+    const claude = await runCli(['policy', '--db', join(dir, 'missing.sqlite'), '--format=claude-md']);
+    assert.equal(claude.code, 0, claude.stderr);
+    assert.match(claude.stdout, /Reviewed sessions|No matching annotated sessions|Claude Code/);
+  } finally {
+    rmSync(dir, { recursive: true, force: true });
+  }
+});
+
+function runCli(argv) {
+  return new Promise(resolve => {
+    const child = spawn(process.execPath, ['src/cli.mjs', ...argv], {
+      cwd: process.cwd(),
+      env: process.env,
+      stdio: ['ignore', 'pipe', 'pipe'],
+      windowsHide: true
+    });
+    let stdout = '';
+    let stderr = '';
+    child.stdout.setEncoding('utf8');
+    child.stderr.setEncoding('utf8');
+    child.stdout.on('data', chunk => { stdout += chunk; });
+    child.stderr.on('data', chunk => { stderr += chunk; });
+    child.on('close', code => resolve({ code, stdout, stderr }));
+    child.on('error', error => resolve({ code: 1, stdout, stderr: `${stderr}${error.message}` }));
+  });
+}

package/test/closure-check.test.mjs

@@ -0,0 +1,202 @@
+import assert from 'node:assert/strict';
+import { mkdtempSync, rmSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import test from 'node:test';
+import {
+  buildClosureAuditFromDb,
+  buildClosureImportTemplate,
+  formatClosureAudit,
+  formatClosureImportTemplate,
+  formatClosureWorklist,
+  openReadOnlyDb,
+  parseArgs
+} from '../src/closure-check.mjs';
+import {
+  openDb,
+  upsertDaily,
+  upsertSession,
+  upsertSessionAnnotation,
+  upsertSessionOutput
+} from '../src/db.mjs';
+
+test('buildClosureAuditFromDb reports complete P0 gate from structured data', () => withDb((db) => {
+  seedCompleteClosureData(db);
+
+  const audit = buildClosureAuditFromDb(db, { dbPath: 'temp.sqlite' });
+  assert.equal(audit.status, 'complete');
+  assert.equal(audit.counts.sessions, 10);
+  assert.equal(audit.counts.annotations, 10);
+  assert.equal(audit.counts.outputs, 3);
+  assert.equal(audit.progress.checks.find(check => check.id === 'real-attribution').complete, true);
+  assert.equal(audit.progress.checks.find(check => check.id === 'output-links').complete, true);
+  assert.equal(audit.progress.checks.find(check => check.id === 'non-label-advice').complete, true);
+  assert.equal(audit.roiAdvice.some(item => item.category !== '补标注'), true);
+  assert.equal(audit.progress.annotatedSessions[0].project, 'Token Studio');
+  assert.equal('note' in audit.progress.annotatedSessions[0], false);
+}));
+
+test('formatClosureAudit includes gaps and privacy boundary without conversation content', () => withDb((db) => {
+  upsertSession(db, {
+    device: 'local',
+    source: 'Codex CLI',
+    sessionId: 'gap-1',
+    projectPath: 'D:/Projects/token-studio-roi',
+    inputTokens: 2000,
+    outputTokens: 100,
+    totalTokens: 2100,
+    costUSD: 2
+  });
+
+  const audit = buildClosureAuditFromDb(db, { dbPath: 'temp.sqlite' });
+  const text = formatClosureAudit(audit);
+  assert.equal('session' in audit.progress.topGaps[0], false);
+  assert.match(text, /Status: needs-work/);
+  assert.match(text, /Top gaps:/);
+  assert.match(text, /missing 项目别名, 任务类型, 产出状态, 工作目的, 工作阶段, 产出价值/);
+  assert.match(text, /Privacy: read-only SQLite audit/);
+  assert.equal(text.includes('对话正文'), false);
+}));
+
+test('formatClosureWorklist prints fillable rows and escapes markdown formula cells', () => withDb((db) => {
+  upsertSession(db, {
+    device: 'local',
+    source: 'Codex CLI',
+    sessionId: '=session',
+    projectPath: '+project|name',
+    inputTokens: 2000,
+    outputTokens: 100,
+    totalTokens: 2100,
+    costUSD: 2
+  });
+
+  const audit = buildClosureAuditFromDb(db, { dbPath: 'temp.sqlite', topGapLimit: 10 });
+  const text = formatClosureWorklist(audit, { limit: 10 });
+  assert.match(text, /^# Token Studio P0 Attribution Worklist/);
+  assert.match(text, /Project alias \| Task type \| Output status/);
+  assert.match(text, /'\+project\\\|name/);
+  assert.match(text, /'\=session/);
+  assert.match(text, /Privacy: no conversation content/);
+  assert.equal(text.includes('conversation body'), false);
+}));
+
+test('formatClosureImportTemplate prints import-ready blank JSON for real gaps', () => withDb((db) => {
+  upsertSession(db, {
+    device: 'local',
+    source: 'Codex CLI',
+    sessionId: '=session',
+    projectPath: '+project|name',
+    inputTokens: 2000,
+    outputTokens: 100,
+    totalTokens: 2100,
+    costUSD: 2
+  });
+
+  const audit = buildClosureAuditFromDb(db, { dbPath: 'temp.sqlite', topGapLimit: 10 });
+  const template = buildClosureImportTemplate(audit, { limit: 10 });
+  const text = formatClosureImportTemplate(audit, { limit: 10 });
+  const parsed = JSON.parse(text);
+
+  assert.equal(template.sessions.length, 1);
+  assert.equal(template.sessions[0].device, 'local');
+  assert.equal(template.sessions[0].source, 'Codex CLI');
+  assert.equal(template.sessions[0].sessionId, '=session');
+  assert.equal(template.sessions[0].projectAlias, '');
+  assert.equal(template.sessions[0].taskType, '');
+  assert.equal(template.sessions[0].outputUrl, '');
+  assert.deepEqual(template.allowedValues.taskType.includes('功能开发'), true);
+  assert.equal(parsed.sessions[0].sessionId, '=session');
+  assert.match(text, /No conversation content was read/);
+  assert.equal(text.includes('conversation body'), false);
+}));
+
+test('parseArgs supports json and closure gate options', () => {
+  const options = parseArgs([
+    '--db', 'custom.sqlite',
+    '--json',
+    '--worklist',
+    '--template-json',
+    '--out=labels.json',
+    '--limit=8',
+    '--fail-on-incomplete',
+    '--target-sessions=12',
+    '--target-outputs=4'
+  ]);
+
+  assert.equal(options.dbPath, 'custom.sqlite');
+  assert.equal(options.json, true);
+  assert.equal(options.worklist, true);
+  assert.equal(options.templateJson, true);
+  assert.equal(options.outPath, 'labels.json');
+  assert.equal(options.worklistLimit, 8);
+  assert.equal(options.topGapLimit, 8);
+  assert.equal(options.failOnIncomplete, true);
+  assert.equal(options.targetAttributedSessions, 12);
+  assert.equal(options.targetOutputLinks, 4);
+});
+
+test('openReadOnlyDb rejects missing database instead of creating one', () => {
+  const dir = mkdtempSync(join(tmpdir(), 'token-studio-missing-db-'));
+  const dbPath = join(dir, 'missing.sqlite');
+  try {
+    assert.throws(() => openReadOnlyDb(dbPath), /not found/);
+  } finally {
+    rmSync(dir, { recursive: true, force: true });
+  }
+});
+
+function withDb(fn) {
+  const dir = mkdtempSync(join(tmpdir(), 'token-studio-closure-check-'));
+  const dbPath = join(dir, 'usage.sqlite');
+  const db = openDb(dbPath);
+  try {
+    return fn(db, dbPath);
+  } finally {
+    db.close();
+    rmSync(dir, { recursive: true, force: true });
+  }
+}
+
+function seedCompleteClosureData(db) {
+  upsertDaily(db, {
+    device: 'local',
+    source: 'Codex CLI',
+    usageDate: '2026-06-12',
+    model: 'gpt-5.3-codex',
+    inputTokens: 130000,
+    outputTokens: 10000,
+    totalTokens: 140000,
+    costUSD: 1
+  });
+
+  for (let index = 0; index < 10; index += 1) {
+    const session = {
+      device: 'local',
+      source: 'Codex CLI',
+      sessionId: `complete-${index + 1}`,
+      projectPath: 'D:/Projects/token-studio-roi',
+      inputTokens: 13000,
+      outputTokens: 800,
+      totalTokens: 13800,
+      costUSD: 1 + index / 10
+    };
+    upsertSession(db, session);
+    upsertSessionAnnotation(db, {
+      ...session,
+      projectAlias: 'Token Studio',
+      taskType: '功能开发',
+      outputStatus: index < 3 ? '已发布' : '已完成',
+      workPurpose: '功能开发',
+      workStage: '实现',
+      valueLevel: '高'
+    });
+    if (index < 3) {
+      upsertSessionOutput(db, {
+        ...session,
+        outputUrl: `https://example.com/output/${index + 1}`,
+        outputLabel: `Output ${index + 1}`,
+        outputType: '文档'
+      });
+    }
+  }
+}

package/test/closure-import.test.mjs

@@ -0,0 +1,263 @@
+import assert from 'node:assert/strict';
+import { existsSync, mkdtempSync, rmSync, writeFileSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import test from 'node:test';
+import {
+  applyClosureImport,
+  buildClosureFillGuide,
+  buildClosureImportReport,
+  formatApplyValidResult,
+  formatClosureFillGuide,
+  formatImportReport,
+  formatImportPlan,
+  loadClosureImportFile,
+  parseImportArgs,
+  planClosureImport,
+  planValidClosureImport
+} from '../src/closure-import.mjs';
+import { openDb, upsertSession } from '../src/db.mjs';
+
+const baseSession = {
+  device: 'local',
+  source: 'Codex CLI',
+  sessionId: 'session-1',
+  projectPath: 'D:/Projects/token-studio-roi',
+  inputTokens: 1000,
+  outputTokens: 100,
+  totalTokens: 1100,
+  costUSD: 1
+};
+
+const filledRow = {
+  sessionId: 'session-1',
+  projectAlias: 'Token Studio',
+  taskType: '功能开发',
+  outputStatus: '已发布',
+  workPurpose: '功能开发',
+  workStage: '发布',
+  valueLevel: '高',
+  note: '真实标注',
+  outputUrl: 'https://example.com/pr/1',
+  outputLabel: 'PR #1',
+  outputType: 'PR'
+};
+
+test('planClosureImport validates filled rows without writing SQLite', () => withDb(({ db }) => {
+  upsertSession(db, baseSession);
+  const plan = planClosureImport(db, [filledRow]);
+
+  assert.equal(plan.mode, 'dry-run');
+  assert.equal(plan.annotationCount, 1);
+  assert.equal(plan.outputCount, 1);
+  assert.equal(plan.sessions[0].device, 'local');
+  assert.equal(plan.sessions[0].hasOutput, true);
+  assert.equal(db.prepare('SELECT COUNT(*) AS total FROM session_annotations').get().total, 0);
+  assert.equal(db.prepare('SELECT COUNT(*) AS total FROM session_outputs').get().total, 0);
+}));
+
+test('applyClosureImport writes labels only after explicit apply and creates backup', () => withDb(({ db, dbPath, dir }) => {
+  upsertSession(db, baseSession);
+  const plan = planClosureImport(db, [filledRow]);
+  const result = applyClosureImport(db, plan, { dbPath, backupDir: join(dir, 'backups') });
+
+  assert.equal(result.applied, true);
+  assert.equal(result.annotationCount, 1);
+  assert.equal(result.outputCount, 1);
+  assert.equal(existsSync(result.backup.path), true);
+
+  const annotation = db.prepare('SELECT project_alias AS projectAlias, value_level AS valueLevel FROM session_annotations').get();
+  const output = db.prepare('SELECT output_url AS outputUrl, output_type AS outputType FROM session_outputs').get();
+  assert.equal(annotation.projectAlias, 'Token Studio');
+  assert.equal(annotation.valueLevel, '高');
+  assert.equal(output.outputUrl, 'https://example.com/pr/1');
+  assert.equal(output.outputType, 'PR');
+}));
+
+test('planClosureImport rejects partial labels and invalid output status for links', () => withDb(({ db }) => {
+  upsertSession(db, baseSession);
+  assert.throws(() => planClosureImport(db, [{ ...filledRow, valueLevel: '未评估' }]), /valueLevel/);
+  assert.throws(() => planClosureImport(db, [{ ...filledRow, outputStatus: '进行中' }]), /outputUrl requires/);
+  assert.throws(() => planClosureImport(db, [{ ...filledRow, taskType: '不存在' }]), /taskType must be one of/);
+}));
+
+test('buildClosureImportReport returns every invalid row without writing SQLite', () => withDb(({ db }) => {
+  upsertSession(db, baseSession);
+  upsertSession(db, { ...baseSession, sessionId: 'session-2' });
+
+  const report = buildClosureImportReport(db, [
+    { ...filledRow, valueLevel: '未评估' },
+    { ...filledRow, sessionId: 'session-2', outputStatus: '进行中' },
+    { ...filledRow, sessionId: 'missing-session' }
+  ]);
+  const text = formatImportReport(report);
+
+  assert.equal(report.mode, 'report');
+  assert.equal(report.valid, false);
+  assert.equal(report.rowCount, 3);
+  assert.equal(report.validCount, 0);
+  assert.equal(report.errorCount, 3);
+  assert.match(report.errors[0].error, /valueLevel/);
+  assert.match(report.errors[1].error, /outputUrl requires/);
+  assert.match(report.errors[2].error, /does not exist/);
+  assert.match(text, /Invalid: 3/);
+  assert.match(text, /does not run collect, write SQLite, or read conversation content/);
+  assert.equal(db.prepare('SELECT COUNT(*) AS total FROM session_annotations').get().total, 0);
+  assert.equal(db.prepare('SELECT COUNT(*) AS total FROM session_outputs').get().total, 0);
+}));
+
+test('buildClosureImportReport reports a valid filled file', () => withDb(({ db }) => {
+  upsertSession(db, baseSession);
+  const report = buildClosureImportReport(db, [filledRow]);
+  const text = formatImportReport(report);
+
+  assert.equal(report.valid, true);
+  assert.equal(report.validCount, 1);
+  assert.equal(report.errorCount, 0);
+  assert.equal(report.outputCount, 1);
+  assert.match(text, /All rows are valid/);
+}));
+
+test('buildClosureFillGuide prints missing fields and enum choices without writing', () => withDb(({ db }) => {
+  upsertSession(db, baseSession);
+  const guide = buildClosureFillGuide(db, [{
+    ...baseSession,
+    projectHint: 'Token Studio',
+    officialCostUSD: 1,
+    projectAlias: '',
+    taskType: '',
+    outputStatus: '',
+    workPurpose: '',
+    workStage: '',
+    valueLevel: ''
+  }]);
+  const text = formatClosureFillGuide(guide);
+
+  assert.equal(guide.mode, 'fill-guide');
+  assert.equal(guide.readyCount, 0);
+  assert.equal(guide.needsInputCount, 1);
+  assert.equal(guide.rows[0].missingFields.includes('projectAlias'), true);
+  assert.equal(guide.allowedValues.taskType.includes('功能开发'), true);
+  assert.match(text, /Token Studio Closure Fill Guide/);
+  assert.match(text, /taskType: 未分类 \/ 功能开发/);
+  assert.match(text, /fill required fields/);
+  assert.match(text, /no collect, no SQLite writes, no conversation content/);
+  assert.equal(db.prepare('SELECT COUNT(*) AS total FROM session_annotations').get().total, 0);
+  assert.equal(db.prepare('SELECT COUNT(*) AS total FROM session_outputs').get().total, 0);
+}));
+
+test('buildClosureFillGuide reports no rows when labels are complete', () => withDb(({ db }) => {
+  upsertSession(db, baseSession);
+  const guide = buildClosureFillGuide(db, [filledRow]);
+  const text = formatClosureFillGuide(guide);
+
+  assert.equal(guide.readyCount, 1);
+  assert.equal(guide.needsInputCount, 0);
+  assert.equal(guide.rows.length, 0);
+  assert.match(text, /No rows need input/);
+}));
+
+test('planValidClosureImport writes valid rows and skips invalid rows', () => withDb(({ db, dbPath, dir }) => {
+  upsertSession(db, baseSession);
+  upsertSession(db, { ...baseSession, sessionId: 'session-2' });
+
+  const plan = planValidClosureImport(db, [
+    filledRow,
+    { ...filledRow, sessionId: 'session-2', valueLevel: '未评估' }
+  ]);
+  const result = applyClosureImport(db, plan, {
+    dbPath,
+    backupDir: join(dir, 'backups'),
+    mode: 'apply-valid',
+    reason: 'closure-import-valid'
+  });
+  const text = formatApplyValidResult(plan, result);
+
+  assert.equal(plan.annotationCount, 1);
+  assert.equal(plan.outputCount, 1);
+  assert.equal(plan.skippedCount, 1);
+  assert.equal(result.mode, 'apply-valid');
+  assert.equal(result.applied, true);
+  assert.equal(existsSync(result.backup.path), true);
+  assert.match(text, /Applied annotations: 1/);
+  assert.match(text, /Skipped invalid rows: 1/);
+  assert.equal(db.prepare('SELECT COUNT(*) AS total FROM session_annotations').get().total, 1);
+  assert.equal(db.prepare('SELECT COUNT(*) AS total FROM session_outputs').get().total, 1);
+}));
+
+test('planValidClosureImport does not write or back up when no rows are valid', () => withDb(({ db, dbPath, dir }) => {
+  upsertSession(db, baseSession);
+
+  const plan = planValidClosureImport(db, [{ ...filledRow, valueLevel: '未评估' }]);
+  const result = applyClosureImport(db, plan, {
+    dbPath,
+    backupDir: join(dir, 'backups'),
+    mode: 'apply-valid',
+    reason: 'closure-import-valid'
+  });
+  const text = formatApplyValidResult(plan, result);
+
+  assert.equal(plan.annotationCount, 0);
+  assert.equal(plan.skippedCount, 1);
+  assert.equal(result.applied, false);
+  assert.equal(result.backup, null);
+  assert.match(text, /No valid rows were found/);
+  assert.equal(db.prepare('SELECT COUNT(*) AS total FROM session_annotations').get().total, 0);
+  assert.equal(db.prepare('SELECT COUNT(*) AS total FROM session_outputs').get().total, 0);
+}));
+
+test('planClosureImport requires device and source for ambiguous session ids', () => withDb(({ db }) => {
+  upsertSession(db, baseSession);
+  upsertSession(db, { ...baseSession, device: 'other', source: 'Claude Code' });
+
+  assert.throws(() => planClosureImport(db, [filledRow]), /ambiguous/);
+  const plan = planClosureImport(db, [{ ...filledRow, device: 'local', source: 'Codex CLI' }]);
+  assert.equal(plan.sessions[0].source, 'Codex CLI');
+}));
+
+test('loadClosureImportFile and parseImportArgs support dry-run workflow', () => {
+  const dir = mkdtempSync(join(tmpdir(), 'token-studio-closure-import-file-'));
+  try {
+    const filePath = join(dir, 'labels.json');
+    writeFileSync(filePath, JSON.stringify({ sessions: [filledRow] }), 'utf8');
+    const loaded = loadClosureImportFile(filePath);
+    const args = parseImportArgs(['--file', filePath, '--db=usage.sqlite', '--json', '--report', '--limit=3']);
+
+    assert.equal(loaded.rows.length, 1);
+    assert.equal(args.file, filePath);
+    assert.equal(args.dbPath, 'usage.sqlite');
+    assert.equal(args.json, true);
+    assert.equal(args.report, true);
+    assert.equal(args.limit, 3);
+    assert.equal(parseImportArgs(['--file', filePath, '--fill-guide']).fillGuide, true);
+    assert.equal(parseImportArgs(['--file', filePath, '--apply-valid']).applyValid, true);
+    assert.equal(args.apply, false);
+    assert.throws(() => parseImportArgs(['--file', filePath, '--report', '--apply']), /cannot be combined/);
+    assert.throws(() => parseImportArgs(['--file', filePath, '--report', '--apply-valid']), /cannot be combined/);
+    assert.throws(() => parseImportArgs(['--file', filePath, '--fill-guide', '--apply-valid']), /cannot be combined/);
+    assert.throws(() => parseImportArgs(['--file', filePath, '--limit=0']), /positive integer/);
+  } finally {
+    rmSync(dir, { recursive: true, force: true });
+  }
+});
+
+test('formatImportPlan makes dry-run status explicit', () => withDb(({ db }) => {
+  upsertSession(db, baseSession);
+  const plan = planClosureImport(db, [filledRow]);
+  const text = formatImportPlan(plan);
+  assert.match(text, /Mode: dry-run/);
+  assert.match(text, /Dry run only/);
+  assert.match(text, /does not run collect or read conversation content/);
+}));
+
+function withDb(fn) {
+  const dir = mkdtempSync(join(tmpdir(), 'token-studio-closure-import-'));
+  const dbPath = join(dir, 'usage.sqlite');
+  const db = openDb(dbPath);
+  try {
+    return fn({ db, dbPath, dir });
+  } finally {
+    db.close();
+    rmSync(dir, { recursive: true, force: true });
+  }
+}

package/test/collector-config.test.mjs

@@ -0,0 +1,25 @@
+import test from 'node:test';
+import assert from 'node:assert/strict';
+import { mkdtempSync, writeFileSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+
+test('collector config accepts UTF-8 BOM files instead of falling back to defaults', async () => {
+  const dir = mkdtempSync(join(tmpdir(), 'token-studio-config-'));
+  const configPath = join(dir, 'collectors.json');
+  writeFileSync(configPath, `\uFEFF${JSON.stringify({
+    collectors: { cursor: { roots: ['D:/fixture/cursor'] } },
+    enabledCollectors: ['cursor']
+  })}`, 'utf8');
+
+  const old = process.env.TOKEN_STUDIO_CONFIG;
+  process.env.TOKEN_STUDIO_CONFIG = configPath;
+  try {
+    const moduleUrl = `../src/collector-config.mjs?case=${Date.now()}`;
+    const { configuredPaths } = await import(moduleUrl);
+    assert.deepEqual(configuredPaths('cursor', 'roots'), ['D:/fixture/cursor']);
+  } finally {
+    if (old == null) delete process.env.TOKEN_STUDIO_CONFIG;
+    else process.env.TOKEN_STUDIO_CONFIG = old;
+  }
+});

package/test/collector-registry.test.mjs

@@ -0,0 +1,56 @@
+import test from 'node:test';
+import assert from 'node:assert/strict';
+import {
+  collectableCollectors,
+  collectorLabel,
+  detectCollectors,
+  enabledCollectorIds,
+  stableCollectors
+} from '../src/collector-registry.mjs';
+
+test('collector registry exposes six stable v4 sources', () => {
+  const stable = stableCollectors().map(item => item.id).sort();
+  assert.deepEqual(stable, ['claude', 'codex', 'gemini', 'hermes', 'openclaw', 'opencode']);
+  assert.equal(collectorLabel('codex'), 'Codex CLI');
+});
+
+test('collector detection includes v4.1 experimental source metadata', () => {
+  const rows = detectCollectors();
+  const cursor = rows.find(item => item.id === 'cursor');
+  const copilot = rows.find(item => item.id === 'copilot');
+  assert.equal(cursor.supportStatus, 'experimental');
+  assert.equal(copilot.defaultEnabled, false);
+  assert.equal(cursor.readsConversationContent, false);
+  assert.equal(cursor.tokenReliability, 'explicit-token-fields-only');
+  assert.ok(cursor.dataFields.includes('input_tokens'));
+});
+
+test('enabled collectors ignore experimental ids by default', () => {
+  const old = process.env.TOKEN_STUDIO_COLLECTORS;
+  process.env.TOKEN_STUDIO_COLLECTORS = 'claude,cursor,codex';
+  try {
+    assert.deepEqual(Array.from(enabledCollectorIds()).sort(), ['claude', 'codex']);
+    assert.deepEqual(Array.from(enabledCollectorIds({ includeExperimental: true })).sort(), ['claude', 'codex', 'cursor']);
+  } finally {
+    if (old == null) delete process.env.TOKEN_STUDIO_COLLECTORS;
+    else process.env.TOKEN_STUDIO_COLLECTORS = old;
+  }
+});
+
+test('collectable collectors include experimental modules only when requested', () => {
+  assert.equal(collectableCollectors().some(item => item.id === 'cursor'), false);
+  assert.equal(collectableCollectors({ includeExperimental: true }).some(item => item.id === 'cursor'), true);
+});
+
+test('collector matrix includes import-only and detected-only entries without collect modules', () => {
+  const rows = detectCollectors();
+  const ccusage = rows.find(item => item.id === 'ccusage');
+  const amp = rows.find(item => item.id === 'amp');
+  const roo = rows.find(item => item.id === 'roo-code');
+  assert.equal(ccusage.supportStatus, 'import-only');
+  assert.equal(ccusage.module, null);
+  assert.equal(ccusage.readsConversationContent, false);
+  assert.equal(amp.supportStatus, 'detected-only');
+  assert.equal(roo.tokenReliability, 'unknown-no-usage-import');
+  assert.equal(collectableCollectors({ includeExperimental: true }).some(item => item.id === 'ccusage'), false);
+});

package/test/csv.test.mjs

@@ -0,0 +1,19 @@
+import assert from 'node:assert/strict';
+import test from 'node:test';
+import { U } from '../src/client/shared/utils.js';
+
+test('csvCell escapes spreadsheet formula prefixes', () => {
+  assert.equal(U.csvCell('=IMPORTXML("https://example.com")'), '"\'=IMPORTXML(""https://example.com"")"');
+  assert.equal(U.csvCell('+cmd|calc'), "'+cmd|calc");
+  assert.equal(U.csvCell('-1'), "'-1");
+  assert.equal(U.csvCell('@SUM(A1:A2)'), "'@SUM(A1:A2)");
+  assert.equal(U.csvCell('\t=SUM(A1:A2)'), "'\t=SUM(A1:A2)");
+  assert.equal(U.csvCell('\r=SUM(A1:A2)'), '"\'\r=SUM(A1:A2)"');
+});
+
+test('csvCell still applies RFC-style quoting for commas and quotes', () => {
+  assert.equal(U.csvCell('safe text'), 'safe text');
+  assert.equal(U.csvCell('hello,world'), '"hello,world"');
+  assert.equal(U.csvCell('say "hi"'), '"say ""hi"""');
+  assert.equal(U.csvCell(null), '');
+});