fix(subscriptions): Prevent event creation limit bypass through deletion

[codeunia-dev]

• Add comprehensive event counting mechanism using both events and audit log
• Count ALL events created in billing period, including deleted events
• Prevent potential subscription tier limit circumvention
• Improve event tracking accuracy across active and deleted events
• Enhance subscription service to use more robust event counting strategy

Summary by CodeRabbit

• Bug Fixes
  • Enhanced event counting mechanism to more accurately track usage during billing periods and prevent circumvention of subscription limits through event deletion. This ensures more reliable enforcement of subscription terms.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
codeunia	Building	Preview	Comment	Nov 14, 2025 11:26am

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

The subscription service's event counting logic is enhanced to consult both active events and audit log tables during billing period reconciliation, prioritizing audit counts to prevent subscription evasion through event deletion.

Changes

Cohort / File(s)	Summary
Event Counting Enhancement lib/services/subscription-service.ts	Modified event counting to query both active events table and event audit log for the billing period; uses audit log count when available, otherwise falls back to active events count, strengthening enforcement against deletion-based loopholes.

Sequence Diagram

sequenceDiagram
    actor Service as Subscription Service
    participant ActiveDB as Active Events Table
    participant AuditDB as Event Audit Log
    participant Logic as Count Logic

    Service->>ActiveDB: Query active events for period
    ActiveDB-->>Service: activeCount
    Service->>AuditDB: Query created events in audit log
    AuditDB-->>Service: auditCount
    Service->>Logic: Determine final count
    alt auditCount available
        Logic-->>Service: Use auditCount
    else auditCount unavailable
        Logic-->>Service: Fall back to activeCount
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Security-critical logic: Review the fallback precedence and ensure audit log queries reliably capture all event creation events
• Dual-table dependency: Verify that both table queries are consistent and that the audit log cannot be tampered with or circumvented
• Edge cases: Confirm handling of scenarios where one table is unavailable or records diverge

Poem

🐰 Audits and tables, a tale of duet,
No deletions now dodge what we set!
From logs that remember all traces we take,
Fair counting of events, no cheating to break!

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/companyfunctions

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 728b59a and c3d0a9d.

📒 Files selected for processing (1)

• lib/services/subscription-service.ts (2 hunks)

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}