fix(credits): correct build_time deduction display units (60x inflation)

[WcaleNieWolny]

Summary

formatMetricAmount in Credits.vue divided the recovered build_time usage by 60, treating the value as minutes. The value is actually seconds — computeUsageFromCredits inverts the SQL pricing formula

credits = CEIL(seconds / unit_factor) * price_per_unit   -- unit_factor = 60 for build_time

so the inverse (credits / price_per_unit) * unit_factor returns raw seconds. Dividing those seconds by 60 displayed every build_time deduction at 60× its real value.

Worked example (real production case, org 6ed9fdab-261f-45d6-9705-2440afe5676b)

field	value
Credits debited (May 5, 2026)	$40.00
computeUsageFromCredits(40)	15,000 sec
Old display	15000 / 60 → "~250.0h" ❌
New display	15000 / 3600 → "~4.2h" ✅

The customer's actual May 1–7 usage was 24,120 sec (6.7h), with 6.2h of overage on a Solo plan that allows 30 min — ~4.2h is the truthful amount their $40 paid for. The old display caused an admin to believe ~250h had been billed and grant a $50 correction credit on top, compounding the problem.

What changed

src/pages/settings/organization/Credits.vue:194

-    case 'build_time':
-      // Convert minutes to hours if > 60
-      if (ceiledValue >= 60) {
-        const hours = ... format(ceiledValue / 60)
-        return t('x-hours-short', { hours })
-      }
-      return t('minutes-short', { minutes: min })
+    case 'build_time': {
+      // ceiledValue is in seconds: computeUsageFromCredits inverts the SQL pricing
+      // formula (credits = ceil(seconds / unit_factor) * price_per_unit) where
+      // unit_factor = 60, so the inverse hands back raw seconds. Convert to hours
+      // when >= 1h, otherwise show whole minutes (rounded up to match billing).
+      if (ceiledValue >= 3600) {
+        const hours = ... format(ceiledValue / 3600)
+        return t('x-hours-short', { hours })
+      }
+      const minutes = ... format(Math.ceil(ceiledValue / 60))
+      return t('minutes-short', { minutes })
+    }

Out of scope (separate follow-ups)

• Plan limit data: `plans.build_time_unit` for Solo is 1,800 sec (30 min/month), almost certainly intended as 30 min when other plans look like 60/300/1000-minute increments stored as seconds. This is what triggered the deduction in the first place. Needs product input on whether to bump those numbers.
• Refund for the affected customer: $40 deducted + $50 admin correction grant should both be reversed. Tracked separately.
• Audit other affected orgs: 5 other customers across legacy/unmapped `price_id`s have hit `usage_overage_events` against the same low limit.

Test plan

• Local: bun run dev (defaults to prod DB), navigate to org Credits page for Yehonatan organization. The May 5 deduction row should display ~4.2h (or similar single-digit hours), not ~250.0h.
• Verify a daily row with <1h of build_time overage displays as \"N min\" (rounded up to whole minutes).
• Verify MAU / bandwidth / storage deduction rows are unchanged.
• No other call sites of formatMetricAmount exist (grep -rn formatMetricAmount src/ → single hit at line 763).

Risk

Display-only change. No data migrations, no API changes, no impact on the actual billing computation (which is correct — the bug was always purely cosmetic).

Summary by CodeRabbit

• Bug Fixes

  • Corrected build-time metric in credits so values are interpreted as seconds and converted to hours or minutes (rounded up) for accurate billing display.

• New Features

  • Added a backend endpoint that reports whether Google OAuth is configured and returns available client and scopes information.

[coderabbitai]

📝 Walkthrough

Walkthrough

Reinterprets build_time metric values as seconds (converting to minutes with ceiling or to hours when ≥3600), and adds a Supabase Edge Function config_builder exporting a Hono app with a GET / endpoint that returns OAuth client config and parsed scopes.

Changes

Build Time Metric Conversion

Layer / File(s)	Summary
Build Time Conversion Logic src/pages/settings/organization/Credits.vue	formatMetricAmount function's build_time branch now treats input as seconds. Converts to hours when value ≥ 3600 (via / 3600), otherwise converts to minutes using Math.ceil(value / 60).

Supabase Config Builder

Layer / File(s)	Summary
Scopes Parsing supabase/functions/_backend/private/config_builder.ts	Adds DEFAULT_SCOPES and parseScopes(raw: string) that splits comma-separated scopes and falls back to default when empty or invalid.
Hono App & Middleware supabase/functions/_backend/private/config_builder.ts	Creates and exports app and registers CORS middleware for all routes.
GET / Handler supabase/functions/_backend/private/config_builder.ts	Implements GET / returning { enabled: false } when client ID/secret are missing, otherwise returns { enabled: true, clientId, clientSecret, scopes } with scopes from parseScopes.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Cap-go/capgo#2033: Both PRs adjust frontend handling of build_time values to use seconds instead of the old unit and update UI conversion/formatting logic.

Poem

🐰 I hopped through code, and ticked the clocks,
Seconds now counted in billing blocks.
A little endpoint sprung up neat,
Scopes parsed clean and CORS complete.
Hooray — small changes, tidy and sweet!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: correcting build_time display units that were inflated by 60×.
Description check	✅ Passed	The description covers the summary, root cause, and test plan, but the test plan checklist items are unchecked and lack manual testing confirmation steps.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/credits-build-time-display-units

⚔️ Resolve merge conflicts

• Resolve merge conflict in branch fix/credits-build-time-display-units

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codspeed-hq]

Merging this PR will not alter performance

✅ 43 untouched benchmarks
⏩ 2 skipped benchmarks¹

---

_{Comparing fix/credits-build-time-display-units (f0f9d49) with main (5e19137)²}

Footnotes

1. 2 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports. ↩

2. No successful run was found on main (c786fd6) during the generation of this report, so 5e19137 was used instead as the comparison base. There might be some changes unrelated to this pull request in this report. ↩

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@supabase/functions/_backend/private/config_builder.ts`:
- Around line 15-39: Replace the raw Hono instantiation with the
backend-standard factory and add structured request-id logging: swap the
exported "app = new Hono<MiddlewareKeyVariables>()" to use "createHono(...)"
from utils/hono.ts (preserving middleware like useCors), and in the GET '/'
handler (the function using getEnv, getEnv(c, 'GOOGLE_OAUTH_CLIENT_ID'),
getEnv(c, 'GOOGLE_OAUTH_CLIENT_SECRET'), parseScopes) call c.get('requestId')
and pass that ID into cloudlog() for all log entries (e.g., when returning
enabled:false or enabled:true) so the endpoint uses the request context and
structured request-id logging per guidelines while keeping existing behavior.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 9282d640-4fcd-400a-970e-1b521a1fcc3f

📥 Commits

Reviewing files that changed from the base of the PR and between 7871dff and de43060.

📒 Files selected for processing (1)

• supabase/functions/_backend/private/config_builder.ts

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Use backend-standard Hono bootstrap and structured request-id logging.

Line 15 creates the app with new Hono(...), and Line 19 handler does not use c.get('requestId') with cloudlog(). In this backend path, please switch to createHono and add request-id structured logging in the endpoint.

As per coding guidelines: "Use Hono framework via createHono from utils/hono.ts for all route handlers with middleware for request context (requestId, apikey, auth)" and "All endpoints must ... use c.get('requestId') for structured logging with cloudlog()".

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@supabase/functions/_backend/private/config_builder.ts` around lines 15 - 39,
Replace the raw Hono instantiation with the backend-standard factory and add
structured request-id logging: swap the exported "app = new
Hono<MiddlewareKeyVariables>()" to use "createHono(...)" from utils/hono.ts
(preserving middleware like useCors), and in the GET '/' handler (the function
using getEnv, getEnv(c, 'GOOGLE_OAUTH_CLIENT_ID'), getEnv(c,
'GOOGLE_OAUTH_CLIENT_SECRET'), parseScopes) call c.get('requestId') and pass
that ID into cloudlog() for all log entries (e.g., when returning enabled:false
or enabled:true) so the endpoint uses the request context and structured
request-id logging per guidelines while keeping existing behavior.

[WcaleNieWolny]

Unrelated, but i will launch a fix

[coderabbitai]

@WcaleNieWolny, sounds good! Once the follow-up fix is in, the endpoint will align with the backend standard (createHono + cloudlog() with c.get('requestId')). Thanks for the heads-up!

---

🧠 Learnings used

Learnt from: riderx
Repo: Cap-go/capgo PR: 1875
File: supabase/functions/_backend/utils/stripe.ts:302-307
Timestamp: 2026-03-30T20:56:33.552Z
Learning: In `supabase/functions/_backend` utility/helper code, it’s acceptable to use `supabaseAdmin(c)` for single-statement, non-transactional service-role writes (e.g., a simple `.update().eq()` call). Prefer `getPgClient()`/`getDrizzleClient()` (Drizzle ORM) when the write is multi-step, involves joins, needs transactions, or is schema-heavy. Do not flag the use of `supabaseAdmin` as a requirement to always use Drizzle for small one-statement internal helpers where `supabaseAdmin` is the simpler correct abstraction (per `AGENTS.md`).

---

Learnt from: riderx
Repo: Cap-go/capgo PR: 1877
File: supabase/functions/_backend/private/send_existing_user_org_invite.ts:12-15
Timestamp: 2026-03-30T22:44:04.693Z
Learning: In files under `supabase/functions/_backend/` that import from `zod/mini` (e.g., `import { z } from 'zod/mini'`), use the `zod/mini` functional string-length validation API instead of `min()`/`max()`. For `z.string()` schemas, `.min()` is undefined on `zod/mini` strings—use `.check(...)` with `z.minLength(N)` / `z.maxLength(N)` (and include other checks like `z.trim()` as needed). For example, prefer `z.string().check(z.minLength(5), z.maxLength(10), z.trim())` rather than `z.string().min(5).max(10).trim()`. Do not flag `.check(z.minLength(...))` as incorrect; it is the canonical `zod/mini` pattern.

[sonarqubecloud]

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud