- Add source and confidence fields to RuntimeUsageWindow, ModelUsageEntry,
TopSession, RuntimeUsageCurrent, and ProviderUsageScrapeResult schemas
- _build_window() assigns source based on data origin:
provider_native > provider_api_rate_limit > local_jsonl_estimate
- _build_current() tags token_limit_source and cost_limit_source
- Frontend relabels 'Current session'/'All models' to 'API rate limit'
- Shows source label and confidence in usage strip
- Changes 'did not return active usage windows' to 'did not return
API rate-limit windows for percent + reset diagnostics'
The column was NOT NULL but the ORM create path doesn't populate it
until ensure_main_agent() runs after INSERT. Make it nullable so the
initial create succeeds.
Local auth was using getLocalAuthToken() which only checks in-memory
and sessionStorage — both unavailable during SSR. The env token
(NEXT_PUBLIC_LOCAL_AUTH_TOKEN) was defined but never called in the
auth flow. Now useAuth, hasLocalAuthToken, and customFetch all fall
back to getEnvToken() so SSR correctly identifies the local user as
signed in and admin.