Harden time-limit counting against batched Screen Time threshold events

[brendan-ch]

Summary

Hardens time-limit enforcement against unreliable Screen Time threshold
events, which iOS batches/coalesces and re-delivers across midnight (the daily
activity uses repeats: true, so an event carries minutes-k but no date).
This caused two failure modes: phantom blocks (yesterday's spent budget
flushed the next morning re-blocked apps the user never opened today) and
under-counts (yesterday's residual events cut into today's budget), plus the
known "Usage counter stalls at ~14/15m" display lag.

Two complementary parts (design + plan in Docs/Agents/):

Part A — background hardening (unit-tested)

• Record only for eligible rules — handleUsageMinutes now records usage
  after the enabled/kind/un-paused/scheduled-today guards, so a stale or
  off-day event can't corrupt today's ledger.
• Confirmed day-start gate — new DayStartStore (app group) records each
  rule's confirmed daily-activity start; checkpoints that arrive before today's
  start is confirmed are dropped (closes the pre-boundary cross-midnight race).
  Day start zeroes today's ledger once, only on the new-day transition.
• Foreground safety net — RuleEnforcer.refresh establishes today's
  confirmed start if the monitor's intervalDidStart was skipped, so the gate
  can't silently suppress a whole day's recording.

Part B — foreground authoritative reconciliation

• Single block event — MonitoringPlan registers one minutes-<budget>
  event instead of a per-minute chain, shrinking the cross-midnight stale
  surface to its minimum.
• Authoritative usage — RuleUsage gains authoritativeMinutesUsed /
  authoritativeAsOf and effectiveMinutesUsed(asOf:); limitReached and the
  Usage strings prefer a fresh authoritative total, else fall back to the
  threshold count. One resolver does the right thing in both contexts
  (foreground trusts the report; background falls back to the event).
• OpenAppLockReport — a new DeviceActivityReport extension (added to
  project.pbxproj) sums each rule's true daily totalActivityDuration while
  the app is foreground and writes it to the ledger; MainView hosts an
  invisible DeviceActivityReport so it recomputes whenever the app is open.

Net effect: a false block is prevented in the common case (A) or corrected
within one foreground refresh (B); the display lag is fixed.

Testing

• Unit: 253/253 pass via the Xcode MCP on the simulator (227 baseline + 26
  new across DayStartStore, LimitEnforcement, MonitoringPlan, RuleUsage,
  UsageLedger, RuleStatus/status, RuleEnforcer, and UsageDisplay). Each
  change was written red→green.
• Build: app + all four extensions (incl. the new OpenAppLockReport)
  build clean.

Device-only — pending verification (Simulator delivers no DeviceActivity data)

• Usage counter shows the true total on app open (no ~14/15m stall).
• A maxed-out day does not re-block unused apps the next morning (or
  clears within one foreground refresh).
• A modest prior day does not shrink today's budget.
• The single block event still blocks at the budget in pure background.
• Report attribution covers category/web-domain selections (currently only
  application tokens are summed).
• Tune RuleUsage.authoritativeFreshness (120s) for the foreground cadence.

Notes

• Establishes Docs/Agents/ as an agent-modifiable docs folder (recorded in
  AGENTS.md); spec + plan live under Docs/Agents/Specs and Docs/Agents/Plans.
• main is merged in. Since PR docs: fold the Rules feature spec into the codebase #16 folded the feature spec into source doc
  comments and deleted Docs/AGENT_RULES_FEATURE_SPEC.md, the hardening
  behavior is documented in the owning source doc comments (DayStartStore,
  LimitEnforcement, MonitoringPlan, the report files, RuleEnforcer); AGENTS.md
  gets the new components in its repo layout, "Rules feature map", and known gaps.

🤖 Generated with Claude Code

https://claude.ai/code/session_01TD4vdHbB8KqLPGYNbYNS5U