Replace usage endpoint with spend endpoint

[ItsMateo]

Based on #1178. Requires it to be merged first.

[claude]

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

_{Tip: disable this comment in your organization's Code Review settings.}

[netlify]

✅ Deploy Preview for public-surrealist ready!

Name	Link
🔨 Latest commit	1a97307
🔍 Latest deploy log	https://app.netlify.com/projects/public-surrealist/deploys/69dfce469b37e70008f35500
😎 Deploy Preview	https://deploy-preview-1185--public-surrealist.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[rowan-baker]

⛔ Snyk checks have failed. 1 issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (1)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
⛔	Code Security	0	1	0	0	1 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[rowan-baker]

  DOM-based Cross-site Scripting (XSS)

Unsanitized input from the document location flows into a React dynamic 'href' attribute, where it is used to dynamically construct the HTML page on client side. This may result in a DOM Based Cross-Site Scripting attack (DOMXSS).

Line 57 | CWE-79 | Priority score 784 | Learn more about this vulnerability

Data flow: 16 steps

Step 1 - 5

surrealist/src/screens/auth-launch/index.tsx

Line 12 in 1a97307

const params = new URLSearchParams(window.location.search);

Step 6 - 9 src/screens/auth-launch/index.tsx#L13

Step 10 - 12 src/screens/auth-launch/index.tsx#L11

Step 13 - 14 src/screens/auth-launch/index.tsx#L17

Step 15 - 16

surrealist/src/screens/auth-launch/index.tsx

Line 57 in 1a97307

href={launchUrl}