Release: pricing overhaul, insights pipeline improvements

.agents/skills/databuddy-internal/SKILL.md

@@ -21,6 +21,7 @@ Keep additions **minimal**: one bullet, a new `rg` hint, or a routing note—eno
 - Never use production/customer data as tests, fixtures, snapshots, examples, or copied output. Tests must use placeholders/mocks only (example.com, example IDs). If production ClickHouse is queried for investigation, summarize anonymized aggregates and do not paste customer domains, client IDs, emails, or other identifiers into code or responses.
 - `apps/dashboard`: Next.js app on port `3000` (per-website **agent** chat: `@ai-sdk/react` `useChat` via `contexts/chat-context.tsx` — not the separate `chat-sdk` package; overlapping sends while streaming are queued client-side to mirror a “queue latest” strategy.)
 - Dashboard Playwright webServer commands run under CI PATH from setup-bun; avoid `bash -lc` because login shells can drop Bun from PATH. Build dist-only workspace packages such as `@databuddy/sdk` and `@databuddy/devtools` before starting the API/dashboard. Client `NEXT_PUBLIC_*` flags must use direct env access so Next can inline them. `readBooleanEnv` only treats the literal string `"true"` as enabled, so CI E2E booleans must use `"true"`/`"false"`, not `"1"`/`"0"`.
+- Local E2E dashboard smokes that need `/api/test/e2e/*` should start the API/dashboard directly (or through Playwright's webServer command), not via `bun run dev:dashboard`; Turbo runs in strict env mode and drops `DATABUDDY_E2E_MODE`/`DATABUDDY_E2E_TEST_KEY` unless they are added to `turbo.json` `globalEnv`.
 - Dashboard Playwright public/demo analytics specs call API `/v1/query` anonymously from the browser; keep `DATABUDDY_E2E_MODE` query behavior isolated from production rate limits so CI retries do not exhaust `anon:unknown`.
 - `apps/api`: Elysia API on port `3001`
 - `apps/slack`: Slack agent adapter; Slack installs must resolve through org-scoped DB integration records, not a single env bot token/default website. Agent calls must use an encrypted per-integration Databuddy API key secret as a normal bearer token, never a global internal secret.

apps/api/package.json

@@ -34,7 +34,7 @@
     "@orpc/openapi": "^1.14.0",
     "@orpc/server": "^1.14.0",
     "@orpc/zod": "^1.14.0",
-    "ai": "^6.0.154",
+    "ai": "^6.0.188",
     "autumn-js": "catalog:",
     "bullmq": "^5.66.5",
     "dayjs": "^1.11.19",

apps/api/src/billing/autumn.ts

@@ -48,69 +48,64 @@ async function stripPrivilegedBody(request: Request): Promise<Request> {
 	}
 
 	const text = await request.text();
-	if (!text) {
-		return new Request(request.url, request);
-	}
-
-	let parsed: unknown;
-	try {
-		parsed = JSON.parse(text);
-	} catch {
-		return new Request(request.url, {
-			method: request.method,
-			headers: request.headers,
-			body: text,
-		});
+	let body: string | null = text || null;
+	if (text) {
+		try {
+			body = JSON.stringify(sanitize(JSON.parse(text)));
+		} catch {
+			body = text;
+		}
 	}
 
 	return new Request(request.url, {
 		method: request.method,
 		headers: request.headers,
-		body: JSON.stringify(sanitize(parsed)),
+		body,
 	});
 }
 
+const autumn = autumnHandler({ identify: identifyAutumnCustomer });
+
 export async function handleAutumnRequest(request: Request) {
 	const sanitized = await stripPrivilegedBody(request);
-	return autumnHandler({
-		identify: identifyAutumnCustomer,
-	})(withAutumnApiPath(sanitized));
+	return autumn(withAutumnApiPath(sanitized));
 }
 
-async function identifyAutumnCustomer(request: Request) {
+async function loadSession(request: Request) {
 	try {
-		const session = await auth.api.getSession({ headers: request.headers });
-		if (!session?.user) {
-			return null;
-		}
+		return await auth.api.getSession({ headers: request.headers });
+	} catch (error) {
+		const err = error instanceof Error ? error : new Error(String(error));
+		useLogger().error(err, {
+			autumn: "identify",
+			autumn_stage: "getSession",
+		});
+		throw err;
+	}
+}
+
+async function identifyAutumnCustomer(request: Request) {
+	const session = await loadSession(request);
+	if (!session?.user) {
+		return null;
+	}
 
-		const activeOrgId = (
-			session.session as { activeOrganizationId?: string | null }
-		)?.activeOrganizationId;
+	const activeOrgId = session.session.activeOrganizationId ?? null;
 
-		if (activeOrgId) {
-			const role = await getMemberRole(session.user.id, activeOrgId);
-			if (role !== "owner" && role !== "admin") {
-				return null;
-			}
+	if (activeOrgId) {
+		const role = await getMemberRole(session.user.id, activeOrgId);
+		if (role !== "owner" && role !== "admin") {
+			return null;
 		}
+	}
 
-		const customerId = await getBillingCustomerId(session.user.id, activeOrgId);
+	const customerId = await getBillingCustomerId(session.user.id, activeOrgId);
 
-		return {
-			customerId,
-			customerData: {
-				name: session.user.name,
-				email: session.user.email,
-			},
-		};
-	} catch (error) {
-		useLogger().error(
-			error instanceof Error ? error : new Error(String(error)),
-			{
-				autumn: "identify",
-			}
-		);
-		return null;
-	}
+	return {
+		customerId,
+		customerData: {
+			name: session.user.name,
+			email: session.user.email,
+		},
+	};
 }