Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@auditlog_clickhouse/__manifest__.py`:
- Line 21: Remove the redundant "installable": True entry from the manifest
dictionary in __manifest__.py; locate the dictionary that contains the
"installable" key and delete that key/value pair so the manifest relies on the
default (True) behavior.

In `@auditlog_clickhouse/models/auditlog_clickhouse_config.py`:
- Around line 79-84: Add a strict positive-value validation for the
queue_batch_size field: in the model class that defines queue_batch_size (e.g.,
AuditlogClickhouseConfig), add an `@api.constrains`('queue_batch_size') method
(e.g., _check_queue_batch_size) that raises a ValidationError when
self.queue_batch_size is less than or equal to 0; this ensures create/write
operations and UI forms cannot set zero or negative values and prevents invalid
batch sizes from reaching flush jobs or SQL LIMITs.
- Around line 184-228: The create and write paths can activate multiple records
in one ORM call so calling active_records._deactivate_other_configs() (or
activated._deactivate_other_configs()) lets multiple active configs persist
because the helper excludes all ids on the same recordset; fix by reducing the
caller to a single canonical active record before deactivation: when
len(active_records) or len(activated) > 1 select one representative (e.g. the
first/singleton slice of active_records or activated) and call that
single-record ._deactivate_other_configs() so all other configs (including other
newly-created/updated records) are deactivated and the single-active invariant
is preserved (apply same change in both create and write).
- Around line 357-402: The generated CREATE TABLE DDL interpolates db_name raw
(db_name) into the SQL for the tables auditlog_log and auditlog_log_line; fix by
quoting identifiers and escaping any backticks in db_name before interpolation
(e.g. produce `db_name`.`auditlog_log` and `db_name`.`auditlog_log_line`), or
use a small helper to quote_identifier(name) and apply it to db_name and the
table names when building the f-strings so special characters and reserved words
are safe.

In `@auditlog_clickhouse/models/auditlog_log_buffer.py`:
- Around line 307-333: The current try/except around client.execute for the two
INSERTs can cause duplicate audit rows when the first INSERT (auditlog_log)
succeeds and the second (auditlog_log_line) fails, because RetryableJobError
simply retries the whole batch; modify the write path in the method containing
the two client.execute calls so that inserts are idempotent before retrying: add
a deterministic deduplication token or unique id to each log row (e.g., add a
dedup_id column to rows created for the self._CH_LOG_COLUMNS and
self._CH_LINE_COLUMNS), persist that token with the rows on insert, and change
the insert logic to either (a) use an upsert/INSERT ... SELECT that filters out
dedup_ids already present, or (b) record per-buffer success state in a small
durable state table and only resend rows for buffers that previously failed;
update the exception handling to only raise RetryableJobError for the subset of
rows that actually failed, referencing the same dedup_id values so retries are
safe (affecting the code around client.execute, the construction of
log_rows/line_rows, and the RetryableJobError raise).
- Around line 309-317: The INSERT statements interpolate config.database and
unquoted table names; wrap database and table identifiers in ClickHouse
identifier quotes and sanitize the user-supplied database name to avoid
injection/invalid identifiers. Update the two client.execute calls that build
the INSERTs (the ones using self._CH_LOG_COLUMNS and self._CH_LINE_COLUMNS) to
use quoted identifiers like `\`{sanitized_db}\`.\`auditlog_log\`` and
`\`{sanitized_db}\`.\`auditlog_log_line\``, where sanitized_db =
config.database.replace("`", "``") (or an equivalent escape) so any backticks
are escaped before formatting. Ensure the rest of the query (column list and
VALUES) is left unchanged and only the database/table identifiers are changed.

In `@auditlog_clickhouse/readme/CONFIGURE.md`:
- Around line 31-32: Add a missing configuration step instructing users to click
the form button labeled "Setup FDW read" (backend action: action_setup_fdw_read)
after creating the audit tables; update CONFIGURE.md right after the "Create
Auditlog Tables" step to tell users to click "Setup FDW read" to configure the
pg_clickhouse FDW read path (ensure pg_clickhouse is available/enabled before
running this action).

In `@auditlog_clickhouse/readme/DESCRIPTION.md`:
- Line 1: Update the module description text to fix the grammar: replace
"transfers audit of logs" with "transfers of audit logs" so the sentence reads
"This module implements buffered asynchronous transfers of audit logs from
PostgreSQL to ClickHouse." Locate and edit the DESCRIPTION.md content (the
module description string) to use the corrected phrasing.

In `@auditlog_clickhouse/views/auditlog_clickhouse_config_views.xml`:
- Around line 71-78: The button labeled "Configure action"
(name="%(action_configure_auditlog_clickhouse_flush_cron)d") is misleading
because it opens the flush cron form
(ir_cron_auditlog_clickhouse_enqueue_flush); update the button's string to a
clearer label such as "Configure flush cron" so the UI accurately reflects the
target action (action_configure_auditlog_clickhouse_flush_cron ->
ir_cron_auditlog_clickhouse_enqueue_flush).

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@auditlog_clickhouse/models/auditlog_clickhouse_config.py`:
- Around line 581-584: The comment inside the _create_foreign_tables method
contains an AI-generated artifact ":contentReference[oaicite:1]{index=1}";
remove that fragment so the comment reads cleanly (e.g., "pg_clickhouse foreign
table options: table_name, (optional) database") and keep the rest of the method
intact (refer to the _create_foreign_tables function and the db_opt local
variable to locate the code).

In `@auditlog_clickhouse/models/auditlog_readonly.py`:
- Around line 5-8: The function _is_clickhouse_readonly_mode performs a
redundant check for config.is_active even though get_active_config() already
filters by is_active=True; update the return expression to drop the unnecessary
config.is_active check and just return a boolean based on config existing and
the fdw_enabled flag (e.g., use bool(config and getattr(config, "fdw_enabled",
False))). Keep references to the same env lookup
(env["auditlog.clickhouse.config"].sudo().get_active_config()) and the config
variable so the change is localized to the return expression in
_is_clickhouse_readonly_mode.

---

Duplicate comments:
In `@auditlog_clickhouse/models/auditlog_clickhouse_config.py`:
- Around line 349-402: The generated DDL in _get_clickhouse_ddl interpolates
db_name directly into the CREATE TABLE statements for auditlog_log and
auditlog_log_line; update the function to quote the database and table
identifiers (e.g., wrap {db_name} and the table names with backticks or double
quotes) wherever they are used in the returned SQL strings so identifiers are
safely quoted in all CREATE TABLE statements and ORDER BY clauses.
- Around line 79-84: Add a strict positive validation for the queue_batch_size
field on the AuditlogClickhouseConfig model: either add an _sql_constraints
entry enforcing "queue_batch_size > 0" or implement an
`@api.constrains`("queue_batch_size") method (e.g., _check_queue_batch_size) that
raises a ValidationError when queue_batch_size <= 0; reference the
queue_batch_size field and DEFAULT_QUEUE_BATCH_SIZE constant so the check
rejects zero or negative values before any flush job runs.
- Around line 184-228: The current create and write flows can leave multiple
configs active when multiple records are activated at once because
_deactivate_other_configs() excludes all of self.ids; fix by ensuring you only
exclude a single chosen keeper before deactivating others: in create(), after
computing active_records, if len(active_records) > 1 pick one keeper (e.g.,
keeper = active_records[0]) and call keeper._deactivate_other_configs() (or
change _deactivate_other_configs to accept an exclude_id(s) and call it with
only the keeper.id); similarly in write() when turning_on, compute activated =
self.filtered("is_active") and if len(activated) > 1 pick one keeper and call
keeper._deactivate_other_configs() (or pass the single keeper id) so only one
active config remains. Ensure _deactivate_other_configs signature/implementation
is adjusted accordingly if needed.

In `@auditlog_clickhouse/models/auditlog_log_buffer.py`:
- Around line 304-332: The INSERTs in _insert_rows_to_clickhouse interpolate
config.database and table/column names without quoting; update the two
client.execute calls that build INSERT INTO ... auditlog_log and INSERT INTO ...
auditlog_log_line so the database and table identifiers are quoted with
backticks (e.g. `config.database`.`auditlog_log`) and each column name from
self._CH_LOG_COLUMNS / self._CH_LINE_COLUMNS is also wrapped in backticks;
ensure you escape any backticks in config.database and in column names
(replace/backslash them) before interpolation to avoid injection or syntax
errors and keep the existing exception handling/RetryableJobError behavior.
- Around line 307-332: The current try/except retries both INSERTs together
which causes duplicate auditlog_log rows when the first INSERT (client.execute
with self._CH_LOG_COLUMNS) succeeds but the second (client.execute with
self._CH_LINE_COLUMNS) fails; change the flow to perform the auditlog_log INSERT
first, then persist progress (e.g., update the buffer state or remove/mark the
successfully-inserted log_rows from valid_buffers) before issuing the
auditlog_log_line INSERT so that if the second INSERT fails the retry only
resends the remaining line_rows; adjust the exception handling around each
client.execute call so RetryableJobError is raised only for the failed half and
reference client.execute, self._CH_LOG_COLUMNS, self._CH_LINE_COLUMNS,
valid_buffers and RetryableJobError when making these changes.

In `@auditlog_clickhouse/readme/CONFIGURE.md`:
- Around line 31-32: CONFIGURE.md is missing the post-creation step to enable
reads via pg_clickhouse: after instructing users to click "Create Auditlog
Tables" add a step telling them to click the "Setup FDW read" button in the form
view so the Foreign Data Wrapper for pg_clickhouse is configured; mention that
this is required to enable reads and reference the "Setup FDW read" control and
the pg_clickhouse integration so users complete FDW configuration after table
creation.

In `@auditlog_clickhouse/readme/DESCRIPTION.md`:
- Line 1: Update the DESCRIPTION.md sentence that currently reads "transfers
audit of logs" to the correct phrasing "transfers of audit logs" (replace the
exact substring "transfers audit of logs" with "transfers of audit logs") so the
sentence becomes "This module implements buffered asynchronous transfers of
audit logs from PostgreSQL to ClickHouse."

In `@auditlog_clickhouse/views/auditlog_clickhouse_config_views.xml`:
- Around line 71-78: The button label is misleading: update the button element
with name "%(action_configure_auditlog_clickhouse_flush_cron)d" (the button that
opens the flush cron form) to use a more descriptive string such as "Configure
flush action" by changing its string attribute so it matches the action name and
accurately describes the flush cron configuration.

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@auditlog_clickhouse/models/auditlog_clickhouse_config.py`:
- Around line 365-410: The DDL uses raw db_name interpolation into the CREATE
TABLE f-strings (see the db_name variable and the CREATE TABLE statements
building auditlog_log and auditlog_log_line) which can break with special
characters or reserved words; update the code that constructs these strings to
properly quote the database and table identifiers (e.g., wrap {db_name} and
table names in ClickHouse identifier quotes/backticks or use a small helper like
quote_identifier(db_name) and apply it where the f-strings build the CREATE
TABLE statements) so identifiers are always quoted when interpolated into the
DDL.