fix: cli should propagate user through pre-flight checks, update to latest schemas

Taskfile.yml

@@ -54,9 +54,9 @@ tasks:
   generate:schema:
     desc: Generate PowerSync and SQLite schema (uses local control plane)
     cmds:
-      - go generate ./internal/powersync
-      - go generate ./internal/sqlite
-      - sed '/^-- Auto-generated/d; /^-- Run .task generate/d' ../control-plane/internal/powersync/schema.sql > internal/chat/tools/query_schema.sql
+      - doppler run -- go generate ./internal/powersync
+      - doppler run -- go generate ./internal/sqlite
+      - sed '/^-- Auto-generated/d; /^-- Run .task generate/d' ../control-plane/internal/infra/powersync/schema.sql > internal/app/chattools/query_schema.sql
 
   # ===========================================================================
   # Build

internal/app/onboarding/preflight/preflight_effects.go

@@ -6,21 +6,35 @@ import (
 
 	tea "charm.land/bubbletea/v2"
 
+	"github.com/usetero/cli/internal/auth"
 	"github.com/usetero/cli/internal/core/bootstrap"
 	"github.com/usetero/cli/internal/domain"
 )
 
 func (m *Model) checkAuth() tea.Cmd {
 	return func() tea.Msg {
 		hasValidAuth := false
+		var user *auth.User
 		if m.auth.IsAuthenticated() {
-			if _, err := m.auth.GetAccessToken(m.ctx); err == nil {
+			if token, err := m.auth.GetAccessToken(m.ctx); err == nil {
 				hasValidAuth = true
+				user = userFromAccessToken(token)
 			} else {
 				_ = m.auth.ClearTokens()
 			}
 		}
-		return preflightAuthCheckCompletedMsg{hasValidAuth: hasValidAuth}
+		return preflightAuthCheckCompletedMsg{hasValidAuth: hasValidAuth, user: user}
+	}
+}
+
+func userFromAccessToken(token string) *auth.User {
+	claims, err := auth.ParseToken(token)
+	if err != nil || claims.Sub == "" {
+		return nil
+	}
+	return &auth.User{
+		ID:    claims.Sub,
+		Email: claims.Email,
 	}
 }
 

internal/app/onboarding/preflight/preflight_test.go

@@ -2,6 +2,8 @@ package preflight
 
 import (
 	"context"
+	"encoding/base64"
+	"encoding/json"
 	"errors"
 	"testing"
 
@@ -70,3 +72,51 @@ func TestPreflightOutcomeForError(t *testing.T) {
 		t.Fatalf("expected inconclusive outcome for generic error, got %v", outcome)
 	}
 }
+
+func TestUserFromAccessToken(t *testing.T) {
+	t.Parallel()
+
+	token := testJWT(map[string]any{
+		"sub":   "user-123",
+		"email": "user@example.com",
+		"exp":   int64(4102444800), // 2100-01-01
+	})
+	user := userFromAccessToken(token)
+	if user == nil {
+		t.Fatal("expected user from token")
+	}
+	if user.ID != "user-123" {
+		t.Fatalf("user.ID = %q, want %q", user.ID, "user-123")
+	}
+	if user.Email != "user@example.com" {
+		t.Fatalf("user.Email = %q, want %q", user.Email, "user@example.com")
+	}
+}
+
+func TestUserFromAccessTokenMissingSubReturnsNil(t *testing.T) {
+	t.Parallel()
+
+	token := testJWT(map[string]any{
+		"email": "user@example.com",
+		"exp":   int64(4102444800),
+	})
+	if got := userFromAccessToken(token); got != nil {
+		t.Fatalf("expected nil user for missing sub, got %#v", got)
+	}
+}
+
+func TestUserFromAccessTokenInvalidTokenReturnsNil(t *testing.T) {
+	t.Parallel()
+
+	if got := userFromAccessToken("not-a-jwt"); got != nil {
+		t.Fatalf("expected nil user for invalid token, got %#v", got)
+	}
+}
+
+func testJWT(claims map[string]any) string {
+	headerJSON, _ := json.Marshal(map[string]string{"alg": "none", "typ": "JWT"})
+	payloadJSON, _ := json.Marshal(claims)
+	header := base64.RawURLEncoding.EncodeToString(headerJSON)
+	payload := base64.RawURLEncoding.EncodeToString(payloadJSON)
+	return header + "." + payload + ".sig"
+}

internal/app/onboarding/preflight/preflight_types.go

@@ -1,6 +1,7 @@
 package preflight
 
 import (
+	"github.com/usetero/cli/internal/auth"
 	"github.com/usetero/cli/internal/core/bootstrap"
 	"github.com/usetero/cli/internal/domain"
 )
@@ -11,6 +12,7 @@ type preflightResolutionCompletedMsg struct {
 
 type preflightAuthCheckCompletedMsg struct {
 	hasValidAuth bool
+	user         *auth.User
 }
 
 type preflightOrganizationsLoadedMsg struct {

internal/app/onboarding/preflight/preflight_update.go

@@ -29,6 +29,7 @@ func (m *Model) Update(msg tea.Msg) tea.Cmd {
 
 func (m *Model) handleAuthChecked(msg preflightAuthCheckCompletedMsg) tea.Cmd {
 	m.state.HasValidAuth = msg.hasValidAuth
+	m.state.User = msg.user
 	if !m.state.HasValidAuth {
 		return m.emitResult()
 	}

internal/app/statusbar/waste/waste.go

@@ -159,10 +159,6 @@ func (m *Model) buildStateKey(s domain.AccountSummary, cats []domain.PolicyCateg
 			EstimatedCostPerHourVol: s.EstimatedCostPerHourVolume,
 			EstimatedVolumePerHour:  s.EstimatedVolumePerHour,
 			EstimatedBytesPerHour:   s.EstimatedBytesPerHour,
-			ObservedCostBefore:      s.ObservedCostBefore,
-			ObservedCostAfter:       s.ObservedCostAfter,
-			ObservedVolumeBefore:    s.ObservedVolumeBefore,
-			ObservedVolumeAfter:     s.ObservedVolumeAfter,
 			TotalCostPerHour:        s.TotalCostPerHour,
 			TotalVolumePerHour:      s.TotalVolumePerHour,
 			TotalBytesPerHour:       s.TotalBytesPerHour,
@@ -206,10 +202,6 @@ type wasteSummaryKey struct {
 	EstimatedCostPerHourVol *float64 `json:"estimated_cost_per_hour_volume"`
 	EstimatedVolumePerHour  *float64 `json:"estimated_volume_per_hour"`
 	EstimatedBytesPerHour   *float64 `json:"estimated_bytes_per_hour"`
-	ObservedCostBefore      *float64 `json:"observed_cost_before"`
-	ObservedCostAfter       *float64 `json:"observed_cost_after"`
-	ObservedVolumeBefore    *float64 `json:"observed_volume_before"`
-	ObservedVolumeAfter     *float64 `json:"observed_volume_after"`
 	TotalCostPerHour        *float64 `json:"total_cost_per_hour"`
 	TotalVolumePerHour      *float64 `json:"total_volume_per_hour"`
 	TotalBytesPerHour       *float64 `json:"total_bytes_per_hour"`
@@ -275,12 +267,6 @@ func (m *Model) CompactView() string {
 
 	var segments []string
 
-	// Observed savings from approved policies (always shown — these are measured).
-	if saving := formatObservedSaving(s); saving != "" {
-		savingStyle := lipgloss.NewStyle().Foreground(colors.Success).Background(colors.Bg)
-		segments = append(segments, savingStyle.Render("saving "+saving))
-	}
-
 	if s.AnalysisReady() {
 		// Waste percentage with pending count.
 		if wp := wastePercent(s); wp > 0 {
@@ -350,12 +336,6 @@ func (m *Model) renderWasteHeadline() string {
 
 	var parts []string
 
-	// Observed savings from approved policies (always shown — these are measured).
-	if saving := formatObservedSaving(s); saving != "" {
-		savingStyle := lipgloss.NewStyle().Foreground(colors.Success).Background(colors.Bg)
-		parts = append(parts, savingStyle.Render("saving "+saving))
-	}
-
 	// Pending count + waste %. Count first for consistency with other tabs.
 	if s.PendingPolicyCount > 0 {
 		dot := lipgloss.NewStyle().Foreground(colors.Warning).Background(colors.Bg).Render("●")
@@ -507,21 +487,3 @@ func (m *Model) cursorPrinciple() string {
 	}
 	return ""
 }
-
-// formatObservedSaving returns the observed savings from approved policies.
-func formatObservedSaving(s domain.AccountSummary) string {
-	if s.ObservedCostBefore != nil && s.ObservedCostAfter != nil {
-		diff := *s.ObservedCostBefore - *s.ObservedCostAfter
-		if diff > 0 {
-			return format.YearlyCost(diff)
-		}
-		return ""
-	}
-	if s.ObservedVolumeBefore != nil && s.ObservedVolumeAfter != nil {
-		diff := *s.ObservedVolumeBefore - *s.ObservedVolumeAfter
-		if diff > 0 {
-			return format.Volume(diff) + " evt/hr"
-		}
-	}
-	return ""
-}

internal/boundary/graphql/datadog_account_service.go

@@ -226,9 +226,9 @@ func (s *DatadogAccountService) GetStatus(ctx context.Context, datadogAccountID
 		InactiveServices:     statusNode.InactiveServices,
 		EventCount:           statusNode.LogEventCount,
 		AnalyzedCount:        statusNode.LogEventAnalyzedCount,
-		PendingPolicyCount:   statusNode.PolicyPendingCount,
-		ApprovedPolicyCount:  statusNode.PolicyApprovedCount,
-		DismissedPolicyCount: statusNode.PolicyDismissedCount,
+		PendingPolicyCount:   statusNode.PolicyPendingLowCount + statusNode.PolicyPendingMediumCount + statusNode.PolicyPendingHighCount + statusNode.PolicyPendingCriticalCount,
+		ApprovedPolicyCount:  statusNode.ApprovedRecommendationCount,
+		DismissedPolicyCount: statusNode.DismissedRecommendationCount,
 	}
 
 	s.scope.Debug("fetched datadog account status",

internal/boundary/graphql/datadog_account_service_test.go

@@ -292,16 +292,21 @@ func TestDatadogAccountService_GetStatus(t *testing.T) {
 								Node: &gen.GetDatadogAccountStatusDatadogAccountsDatadogAccountConnectionEdgesDatadogAccountEdgeNodeDatadogAccount{
 									Id: "dd-123",
 									Status: &gen.GetDatadogAccountStatusDatadogAccountsDatadogAccountConnectionEdgesDatadogAccountEdgeNodeDatadogAccountStatusDatadogAccountStatusCache{
-										Health:                gen.DatadogAccountStatusCacheHealthOk,
-										ReadyForUse:           true,
-										LogServiceCount:       10,
-										LogActiveServices:     8,
-										OkServices:            7,
-										DisabledServices:      1,
-										InactiveServices:      1,
-										LogEventCount:         200,
-										LogEventAnalyzedCount: 180,
-										PolicyPendingCount:    12,
+										Health:                       gen.DatadogAccountStatusCacheHealthOk,
+										ReadyForUse:                  true,
+										LogServiceCount:              10,
+										LogActiveServices:            8,
+										OkServices:                   7,
+										DisabledServices:             1,
+										InactiveServices:             1,
+										LogEventCount:                200,
+										LogEventAnalyzedCount:        180,
+										PolicyPendingLowCount:        3,
+										PolicyPendingMediumCount:     4,
+										PolicyPendingHighCount:       5,
+										PolicyPendingCriticalCount:   0,
+										ApprovedRecommendationCount:  9,
+										DismissedRecommendationCount: 2,
 									},
 								},
 							},
@@ -338,6 +343,12 @@ func TestDatadogAccountService_GetStatus(t *testing.T) {
 		if status.PendingPolicyCount != 12 {
 			t.Errorf("PendingPolicyCount = %d, want 12", status.PendingPolicyCount)
 		}
+		if status.ApprovedPolicyCount != 9 {
+			t.Errorf("ApprovedPolicyCount = %d, want 9", status.ApprovedPolicyCount)
+		}
+		if status.DismissedPolicyCount != 2 {
+			t.Errorf("DismissedPolicyCount = %d, want 2", status.DismissedPolicyCount)
+		}
 	})
 
 	t.Run("returns nil when no datadog account found", func(t *testing.T) {