fix(submit): preserve source-scoped multi-machine submissions

[IvGolovach]

Summary

• preserve usage from multiple machines by storing submissions per source instead of collapsing all submits into a single row per user
• upgrade the first source-aware submit from a legacy account in place to avoid duplicate totals during cutover
• aggregate profile, embed, and leaderboard reads across all submission rows for the same user

Why

Tokscale currently stores a single submission row per user. That means a later submit from another machine can overwrite usage for the same client instead of aggregating it, which breaks profiles, leaderboard totals, and public stats for users who submit from more than one device.

Diff scope

• add sourceId and sourceName to submit payload validation and CLI submission metadata
• add source-scoped submission storage with additive migration 0005_tan_rumiko_fujikawa
• upgrade the existing unsourced row in place on the first source-aware submit to avoid legacy duplication
• reject ambiguous unsourced submits with 409 once a user has entered source-scoped mode
• aggregate profile, embed, and leaderboard reads across all submission rows
• add regression tests for scope resolution, profile/embed aggregation, and auth/submit edge cases

Test proof

• cargo test -p tokscale-cli
  • unit tests: 314 passed, 0 failed, 1 ignored
  • integration tests: 74 passed, 0 failed
• cargo clippy -p tokscale-cli --all-features -- -D warnings
  • passed
• bun x vitest run __tests__/api/*.test.ts __tests__/lib/*.test.ts
  • 17 files, 123 tests passed
• cargo fmt --all --check
  • passed
• git diff --check
  • passed

Migration notes

• adds migration 0005_tan_rumiko_fujikawa
• additive schema change: introduces source_id and source_name plus source-scoped uniqueness
• legacy single-row accounts are upgraded in place on the first source-aware submit
• no destructive backfill is required up front

Rollback plan

• if merged with a merge commit: git revert <merge_commit_sha>
• if merged as a squash commit: git revert <squash_commit_sha>
• rollback would require a follow-up schema migration before removing the new columns or indexes in production

Known residual risks

• older clients that continue submitting without source identity will receive 409 after the account has entered source-scoped mode
• this PR does not add a new UI for managing or renaming sources beyond the submitted sourceName

Closes

• Feature Request: Multi-device stats aggregation for the same account #378

[vercel]

@IvGolovach is attempting to deploy a commit to the Inevitable Team on Vercel.

A member of the Team first needs to authorize it.

[cubic-dev-ai]

4 issues found across 18 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="packages/frontend/src/app/api/users/[username]/route.ts">

<violation number="1" location="packages/frontend/src/app/api/users/[username]/route.ts:68">
P2: Selecting latest submission metadata with only `updatedAt` ordering is nondeterministic on timestamp ties, so `cliVersion`/`schemaVersion` and freshness metadata can vary across requests.</violation>
</file>

<file name="packages/frontend/src/lib/db/helpers.ts">

<violation number="1" location="packages/frontend/src/lib/db/helpers.ts:89">
P2: Unsourced submissions are still accepted for mixed-state accounts because the unsourced-row return happens before the missing-source rejection, so `rejectMissingSourceIdentity` never triggers when an unsourced row exists alongside scoped rows.</violation>
</file>

<file name="packages/frontend/src/lib/db/migrations/0005_tan_rumiko_fujikawa.sql">

<violation number="1" location="packages/frontend/src/lib/db/migrations/0005_tan_rumiko_fujikawa.sql:5">
P1: Migration builds multiple indexes on `submissions` non-concurrently, which can block writes during deploy and cause ingestion downtime.</violation>
</file>

<file name="packages/frontend/src/app/api/submit/route.ts">

<violation number="1" location="packages/frontend/src/app/api/submit/route.ts:263">
P2: `isNewSubmission` remains true on insert-conflict fallback, causing incorrect `mode: "create"` responses for merged submissions.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[cubic-dev-ai]

2 issues found across 11 files (changes from recent commits).

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="packages/frontend/__tests__/api/submitAuth.test.ts">

<violation number="1" location="packages/frontend/__tests__/api/submitAuth.test.ts:361">
P2: The regression test labeled as a fallback/merge test bypasses the transaction callback by resolving `db.transaction` directly, so it never executes the actual fallback/conflict logic it claims to validate. This can let real regressions in the fallback path slip through.</violation>
</file>

<file name="packages/frontend/src/lib/db/migrations/0005_conscious_cargill.sql">

<violation number="1" location="packages/frontend/src/lib/db/migrations/0005_conscious_cargill.sql:5">
P1: Migration uses PostgreSQL version-sensitive `UNIQUE NULLS NOT DISTINCT`, which can fail on older Postgres deployments.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}