@marginfront/code-cost-clarity 0.5.4 → 0.6.1

package/dist/cli.js

@@ -8,1801 +8,1897 @@ import process3 from "process";
 
 // src/connector.ts
 import {
-  existsSync,
+  existsSync as existsSync2,
   mkdirSync,
-  writeFileSync,
-  readFileSync,
-  openSync,
-  rmSync,
+  writeFileSync as writeFileSync2,
+  readFileSync as readFileSync2,
+  openSync as openSync2,
+  rmSync as rmSync2,
   chmodSync,
   copyFileSync
 } from "fs";
 import { spawn, spawnSync, execFileSync } from "child_process";
-import { createHash } from "crypto";
+import { createHash as createHash2 } from "crypto";
 import { homedir, tmpdir, platform, arch } from "os";
 import { join, dirname } from "path";
 import { fileURLToPath } from "url";
+import process2 from "process";
+
+// src/forwarder.ts
+import {
+  readFileSync,
+  existsSync,
+  statSync,
+  openSync,
+  readSync,
+  closeSync,
+  writeFileSync,
+  appendFileSync,
+  rmSync
+} from "fs";
+import { createHash } from "crypto";
+import { createRequire } from "module";
 import process from "process";
-var CONFIG_DIR = join(homedir(), ".marginfront-ccc");
-var ENV_PATH = join(CONFIG_DIR, ".env");
-var COLLECTOR_CONFIG_PATH = join(CONFIG_DIR, "otel-collector.yaml");
-var COLLECTOR_BIN_PATH = join(CONFIG_DIR, "otelcol-contrib");
-var LIVE_JSONL_PATH = join(CONFIG_DIR, "live-otlp.jsonl");
-var COLLECTOR_PID_PATH = join(CONFIG_DIR, "collector.pid");
-var COLLECTOR_LOG_PATH = join(CONFIG_DIR, "collector.log");
-var FORWARDER_CURSOR_PATH = join(CONFIG_DIR, "forwarder.cursor");
-var FORWARDER_QUEUE_PATH = join(CONFIG_DIR, "forwarder.queue.jsonl");
-var FORWARDER_PID_PATH = join(CONFIG_DIR, "forwarder.pid");
-var VERSION_PATTERN = /^v\d+\.\d+\.\d+$/;
-function resolveOtelcolVersion(override = process.env.CCC_OTELCOL_VERSION) {
-  const DEFAULT_VERSION = "v0.154.0";
-  if (!override) return DEFAULT_VERSION;
-  if (!VERSION_PATTERN.test(override)) {
-    throw new Error(
-      `Invalid CCC_OTELCOL_VERSION "${override}".
-What happened: you set the collector version override, but it isn't a valid version number.
-Why this is strict: that value goes into a download URL and a filename, so a malformed one could point the installer somewhere unsafe. We refuse rather than guess.
-Fix: use the form vMAJOR.MINOR.PATCH (for example CCC_OTELCOL_VERSION=v0.154.0), or unset it to use the built-in pinned version.`
-    );
+var _cccRequire = createRequire(import.meta.url);
+function resolveCccPackageVersion() {
+  if ("0.6.1".length > 0) {
+    return "0.6.1";
   }
-  return override;
-}
-var OTELCOL_VERSION = resolveOtelcolVersion();
-var COLLECTOR_CHECKSUMS = {
-  "otelcol-contrib_0.154.0_darwin_amd64.tar.gz": "14f7f825a7ad7ee0799947ff70a42b9a5528a9c1411ab45f8fcc4caeb9346f7b",
-  "otelcol-contrib_0.154.0_darwin_arm64.tar.gz": "de3af70ef0b80af213911cc9ba8daf553348dd22ed1fb15db561d207fc2cb3d9",
-  "otelcol-contrib_0.154.0_linux_amd64.tar.gz": "f0fe6e7b1d81936d4e5a3aad7a678f3fc2f8ada2a9f8f37f37542813c12ed322",
-  "otelcol-contrib_0.154.0_linux_arm64.tar.gz": "52310bfcb5a952c072e8abff7f0f2940ee38cea36752a4a4e1a4e21c2088c3f9"
-};
-function verifyTarballChecksum(tarballPath, expectedSha256) {
-  const actual = createHash("sha256").update(readFileSync(tarballPath)).digest("hex").toLowerCase();
-  return actual === expectedSha256.toLowerCase();
-}
-function renderEnvFile() {
-  return `# ============================================================
-# Claude Code -> MarginFront connector: environment settings
-# ============================================================
-# MAIN JOB of this file: hold your MARGINFRONT_API_KEY (below) so the background
-# meter can read it - fill that in (init usually does it for you).
-#
-# As of v0.5.0 you do NOT need to 'source' this before running Claude Code:
-# 'init' wires the telemetry settings into ~/.claude/settings.json for you, so
-# every 'claude'/'codex' session (and the desktop apps) broadcast on their own.
-# Sourcing this is only useful for the manual, foreground 'run' path.
-#
-# This file stays on your machine; it is never published or committed.
-# ============================================================
-
-# Turns on Claude Code's usage broadcasting. Leave as 1.
-CLAUDE_CODE_ENABLE_TELEMETRY=1
-
-# Send usage as OpenTelemetry metrics. Leave as otlp.
-OTEL_METRICS_EXPORTER=otlp
-
-# Send Claude Code's EVENTS (the per-tool-call records) too. Leave as otlp.
-# Tokens come in as metrics (above); a paid tool call (Google Maps, Browserbase,
-# a paid MCP server) only shows up on this EVENT stream - without this line Claude
-# Code broadcasts no tool activity and tool spend can't be tracked (LOWAI-478).
-OTEL_LOGS_EXPORTER=otlp
-
-# Use HTTP/protobuf. Verified working; gRPC on 4317 silently failed in testing.
-OTEL_EXPORTER_OTLP_PROTOCOL=http/protobuf
-
-# Where the local collector listens. Must match the collector YAML.
-OTEL_EXPORTER_OTLP_ENDPOINT=http://127.0.0.1:4318
-
-# How often Claude Code flushes usage, in milliseconds.
-#   300000 = 5 minutes - batches usage so you get roughly one event per turn
-#   without a long wait. Raise to 600000 (10 min) to batch harder; lower to
-#   60000 (1 min) or 5000 (5 s) for a more live drip.
-OTEL_METRIC_EXPORT_INTERVAL=300000
-
-# Tool-call costs (LOWAI-478) need NOTHING configured here. Every tool your agents
-# fire (other than free built-ins like Read/Bash) is forwarded automatically;
-# MarginFront's pricing catalog decides what's billable and at what rate. Add price
-# rows for your paid tools in MarginFront - there's no client-side list to maintain.
-
-# YOUR MarginFront SECRET key (mf_sk_*). Create or copy one at:
-#   app.marginfront.com -> Build -> API Keys -> "Create Key Pair"
-#   (https://app.marginfront.com/developer-zone/api-keys)
-# Use the SECRET key (mf_sk_*) - a publishable key (mf_pk_*) is rejected on send.
-# The forwarder reads this from the environment only; it is never hardcoded.
-# Leave blank to run in no-identity preview mode (see the README).
-MARGINFRONT_API_KEY=
-`;
-}
-function renderCollectorYaml(jsonlPath = LIVE_JSONL_PATH) {
-  return `# OpenTelemetry Collector config - Claude Code -> MarginFront
-# ---------------------------------------------------------------------------
-# WHAT THIS DOES, plainly: it's the "catcher." Claude Code broadcasts its token
-# usage here; this collector batches what it hears and writes it to a file,
-# which the forwarder tails and turns into MarginFront usage rows.
-# ---------------------------------------------------------------------------
-
-receivers:
-  # The door Claude Code knocks on. It listens for OpenTelemetry (OTLP) on the
-  # two standard local ports. We point Claude Code at HTTP/protobuf on 4318 -
-  # gRPC on 4317 silently failed to connect from Claude Code 2.1.185 in testing,
-  # so 4318 is the one that actually works. Bound to localhost only.
-  otlp:
-    protocols:
-      grpc:
-        endpoint: 127.0.0.1:4317
-      http:
-        endpoint: 127.0.0.1:4318
-
-processors:
-  # THE NO-DOUBLE-COUNT PROCESSOR. Claude Code emits CUMULATIVE counters (each
-  # export is the running total since the session started), and it ignores the
-  # "give me deltas" env var. Without this, the forwarder would record the
-  # running total every export - re-counting everything before it. This turns
-  # each cumulative total into the increment since the last export.
-  cumulativetodelta: {}
-
-  # Group what arrives into small batches and flush quickly, so the live view
-  # feels near-real-time rather than trickling one datapoint at a time.
-  batch:
-    timeout: 1s
-
-exporters:
-  # Write each batch as one line of OTLP/JSON (JSON Lines). The forwarder
-  # watches this file and records each new line. Both pipelines below share this
-  # one exporter, so Claude Code's metrics and Codex's logs land in the SAME file
-  # (each as its own line) and the one forwarder reads both.
-  file:
-    path: ${jsonlPath}
-
-service:
-  telemetry:
-    logs:
-      # The collector's OWN log verbosity (how chatty otelcol itself is). This is
-      # NOT a data pipeline - it does not catch Codex's usage logs. The pipeline
-      # that does is service.pipelines.logs below. Keep this quiet.
-      level: warn
-  pipelines:
-    # Claude Code source: token + cost COUNTERS arrive as metrics.
-    # Receive -> de-dupe (cumulative->delta) -> batch -> file.
-    metrics:
-      receivers: [otlp]
-      processors: [cumulativetodelta, batch]
-      exporters: [file]
-    # Codex source (LOWAI-463): Codex reports usage on the LOG stream, not as
-    # metrics, so it needs its own pipeline. No cumulativetodelta here - that's a
-    # METRICS processor and doesn't apply to logs; each Codex log record is one
-    # turn's usage on its own. Receive -> batch -> file (the same file).
-    logs:
-      receivers: [otlp]
-      processors: [batch]
-      exporters: [file]
-`;
-}
-var CODEX_CONFIG_PATH = join(homedir(), ".codex", "config.toml");
-var CODEX_CCC_BEGIN_MARKER = "# >>> MarginFront code-cost-clarity - auto-added; `npx @marginfront/code-cost-clarity uninstall` removes this block >>>";
-var CODEX_CCC_END_MARKER = "# <<< MarginFront code-cost-clarity - end of auto-added block <<<";
-var CODEX_OTEL_TOML_BLOCK = [
-  "[otel]",
-  'exporter = { otlp-http = { endpoint = "http://127.0.0.1:4318/v1/logs", protocol = "binary" } }'
-].join("\n");
-function renderCodexCccBlock() {
-  return [
-    CODEX_CCC_BEGIN_MARKER,
-    CODEX_OTEL_TOML_BLOCK,
-    CODEX_CCC_END_MARKER
-  ].join("\n");
-}
-function renderCodexConfigInstructions() {
-  return [
-    "Optional - also capture Codex (in addition to, or instead of, Claude Code):",
-    "",
-    "  Codex reports its usage to the SAME local collector, so there's nothing",
-    "  extra to install. Add this block to your ~/.codex/config.toml:",
-    "",
-    // Single-sourced from CODEX_OTEL_TOML_BLOCK above, indented for the printout,
-    // so the pasted block always matches what the auto-writer would write.
-    ...CODEX_OTEL_TOML_BLOCK.split("\n").map((line) => "    " + line),
-    "",
-    "  Then run Codex normally. `run` already watches both sources - Claude Code,",
-    "  Codex, or both - from the one collector file; there's no extra flag.",
-    "",
-    "  Note: exact [otel] key names can vary by Codex version, and whether your",
-    "  engineer email shows up depends on how you sign in (org API key vs ChatGPT",
-    "  login). If the email doesn't surface, usage still lands under the no-identity",
-    "  placeholder. See the README's Codex section for the full details."
-  ].join("\n");
-}
-function lineDeclaresOtelTable(rawLine) {
-  const beforeComment = rawLine.split("#")[0].trim();
-  if (!beforeComment) return false;
-  let firstToken;
-  if (beforeComment.startsWith("[")) {
-    const inner = beforeComment.replace(/^\[+/, "").trim();
-    const path = inner.split("]")[0].trim();
-    firstToken = path.split(".")[0].trim();
-  } else {
-    firstToken = beforeComment.split(/[.=\s]/)[0].trim();
+  try {
+    const pkg = _cccRequire("../package.json");
+    if (typeof pkg.version === "string" && pkg.version.length > 0) {
+      return pkg.version;
+    }
+  } catch {
   }
-  firstToken = firstToken.replace(/^["']|["']$/g, "");
-  return firstToken === "otel";
-}
-function codexConfigHasOtelTable(content) {
-  return content.split(/\r?\n/).some(lineDeclaresOtelTable);
+  return "0.0.0-unknown";
 }
-function codexConfigHasCccBlock(configPath = CODEX_CONFIG_PATH) {
-  if (!existsSync(configPath)) return false;
+var CCC_PACKAGE_VERSION = resolveCccPackageVersion();
+var DEFAULT_INGEST_URL = "https://api.marginfront.com/v1/sdk/usage/record";
+function resolveIngestUrl(override = process.env.MARGINFRONT_INGEST_URL) {
+  if (!override) return DEFAULT_INGEST_URL;
   try {
-    return readFileSync(configPath, "utf8").includes(CODEX_CCC_BEGIN_MARKER);
+    const url = new URL(override);
+    const host = url.hostname;
+    const onMarginFront = host === "marginfront.com" || host.endsWith(".marginfront.com");
+    if (url.protocol === "https:" && onMarginFront) return override;
   } catch {
-    return false;
   }
+  console.error(
+    "Ignoring MARGINFRONT_INGEST_URL - only an https://*.marginfront.com URL is allowed; sending to production instead."
+  );
+  return DEFAULT_INGEST_URL;
 }
-function writeCodexOtelConfig({
-  configPath = CODEX_CONFIG_PATH,
-  log = console.log
-} = {}) {
-  if (!existsSync(configPath)) {
-    mkdirSync(dirname(configPath), { recursive: true });
-    writeFileSync(configPath, renderCodexCccBlock() + "\n");
-    log(
-      `Created ${configPath} and wired Codex to the local collector for you.`
-    );
-    return { action: "created", backupPath: null };
-  }
-  const content = readFileSync(configPath, "utf8");
-  if (content.includes(CODEX_CCC_BEGIN_MARKER)) {
-    log(`Codex is already wired up in ${configPath} - nothing to do.`);
-    return { action: "skipped-existing", backupPath: null };
-  }
-  if (codexConfigHasOtelTable(content)) {
-    log(
-      `Left your existing [otel] settings in ${configPath} untouched - add the MarginFront block by hand if you want Codex captured too.`
-    );
-    return { action: "skipped-existing", backupPath: null };
+var MARGINFRONT_INGEST_URL = resolveIngestUrl();
+function resolveDeveloperOverride(env) {
+  return (env.CCC_DEVELOPER_EMAIL || "").trim() || void 0;
+}
+var AGENT_CODE = "claude-code";
+var SIGNAL_NAME = "claude-code-turn";
+var MODEL_PROVIDER = "anthropic";
+var AGENT_CODE_CODEX = "codex";
+var SIGNAL_NAME_CODEX = "codex-turn";
+var MODEL_PROVIDER_CODEX = "openai";
+var CODEX_USAGE_EVENT_NAME = "codex.sse_event";
+var CODEX_INPUT_TOKEN_KEY = "input_token_count";
+var CODEX_OUTPUT_TOKEN_KEY = "output_token_count";
+var CODEX_CACHED_TOKEN_KEY = "cached_token_count";
+var CODEX_REASONING_TOKEN_KEY = "reasoning_token_count";
+var CODEX_TOOL_TOKEN_KEY = "tool_token_count";
+var CODEX_TOKEN_KEYS = [
+  CODEX_INPUT_TOKEN_KEY,
+  CODEX_OUTPUT_TOKEN_KEY,
+  CODEX_CACHED_TOKEN_KEY,
+  CODEX_REASONING_TOKEN_KEY
+];
+var CODEX_EXCLUDED_MODELS = /* @__PURE__ */ new Set(["codex-auto-review"]);
+var SIGNAL_NAME_TOOL = "claude-code-tool";
+var SIGNAL_NAME_TOOL_CODEX = "codex-tool";
+var CLAUDE_TOOL_RESULT_EVENT = "claude_code.tool_result";
+var CODEX_TOOL_RESULT_EVENT = "codex.tool_result";
+var TOOL_NAME_KEYS = ["tool_name", "tool.name"];
+var MODEL_PROVIDER_TOOL = "tool";
+var BUILTIN_NONBILLABLE_TOOLS = /* @__PURE__ */ new Set([
+  // Claude Code built-ins
+  "Read",
+  "Edit",
+  "Write",
+  "MultiEdit",
+  "NotebookEdit",
+  "NotebookRead",
+  "Bash",
+  "BashOutput",
+  "KillShell",
+  "KillBash",
+  "Grep",
+  "Glob",
+  "LS",
+  "TodoWrite",
+  "ExitPlanMode",
+  "Task",
+  "Agent",
+  // alternate name for Task - hedge against the rename
+  "SlashCommand",
+  "ToolSearch",
+  // Codex built-ins (free + high-volume)
+  "exec_command",
+  "apply_patch"
+]);
+var ENVIRONMENT = "development";
+var WATCH_POLL_MS = 1e3;
+var NO_IDENTITY_CUSTOMER = "claude-code-no-identity";
+var CODEX_NO_IDENTITY_CUSTOMER = "codex-no-identity";
+function attributesToLookup(attributeList) {
+  const lookup = {};
+  if (!Array.isArray(attributeList)) return lookup;
+  for (const attribute of attributeList) {
+    if (attribute && typeof attribute.key === "string" && attribute.value) {
+      lookup[attribute.key] = attribute.value.stringValue;
+    }
   }
-  const backupPath = `${configPath}.ccc-bak`;
-  copyFileSync(configPath, backupPath);
-  const separator = content.length > 0 ? "\n" : "";
-  writeFileSync(configPath, content + separator + renderCodexCccBlock() + "\n");
-  log(
-    `Added the MarginFront telemetry block to ${configPath} (backup at ${backupPath}).`
-  );
-  return { action: "appended", backupPath };
+  return lookup;
 }
-function removeCodexOtelConfig({
-  configPath = CODEX_CONFIG_PATH,
-  log = console.log
-} = {}) {
-  if (!existsSync(configPath)) {
-    log(
-      `Nothing to undo: ${configPath} doesn't exist (Codex was never wired up here).`
-    );
-    return { action: "missing", backupPath: null };
+function dataPointTokenCount(dataPoint) {
+  if (dataPoint == null) return 0;
+  if (dataPoint.asInt !== void 0 && dataPoint.asInt !== null) {
+    const parsed = parseInt(String(dataPoint.asInt), 10);
+    return Number.isFinite(parsed) ? parsed : 0;
   }
-  const content = readFileSync(configPath, "utf8");
-  const beginIdx = content.indexOf(CODEX_CCC_BEGIN_MARKER);
-  const endIdx = content.indexOf(CODEX_CCC_END_MARKER);
-  if (beginIdx === -1 || endIdx === -1 || endIdx < beginIdx) {
-    log(
-      `Nothing to undo: ${configPath} has no MarginFront block (left every other setting untouched).`
-    );
-    return { action: "no-marker", backupPath: null };
+  if (dataPoint.asDouble !== void 0 && dataPoint.asDouble !== null) {
+    const parsed = Math.round(Number(dataPoint.asDouble));
+    return Number.isFinite(parsed) ? parsed : 0;
   }
-  let cutStart = beginIdx;
-  let cutEnd = endIdx + CODEX_CCC_END_MARKER.length;
-  if (content[cutEnd] === "\n") cutEnd += 1;
-  if (content[cutStart - 1] === "\n") {
-    cutStart -= 1;
+  return 0;
+}
+function collectDataPointsForMetric(parsedOtlp, metricName) {
+  const collectedDataPoints = [];
+  const resourceMetricsList = parsedOtlp?.resourceMetrics;
+  if (!Array.isArray(resourceMetricsList)) return collectedDataPoints;
+  for (const resourceMetric of resourceMetricsList) {
+    const scopeMetricsList = resourceMetric?.scopeMetrics;
+    if (!Array.isArray(scopeMetricsList)) continue;
+    for (const scopeMetric of scopeMetricsList) {
+      const metricsList = scopeMetric?.metrics;
+      if (!Array.isArray(metricsList)) continue;
+      for (const metric of metricsList) {
+        if (metric?.name !== metricName) continue;
+        const dataPointsList = metric?.sum?.dataPoints;
+        if (!Array.isArray(dataPointsList)) continue;
+        for (const dataPoint of dataPointsList) {
+          collectedDataPoints.push(dataPoint);
+        }
+      }
+    }
   }
-  const backupPath = existsSync(`${configPath}.ccc-bak`) ? `${configPath}.ccc-bak` : null;
-  writeFileSync(configPath, content.slice(0, cutStart) + content.slice(cutEnd));
-  log(
-    `Removed the MarginFront block from ${configPath}` + (backupPath ? ` (your original is preserved at ${backupPath}).` : ".")
+  return collectedDataPoints;
+}
+function normalizeModelId(rawModelId) {
+  if (typeof rawModelId !== "string") return rawModelId;
+  const withoutContextSuffix = rawModelId.replace(/\[.*\]$/, "");
+  const dottedVersion = withoutContextSuffix.replace(
+    /^(claude-[a-z]+-\d+)-(\d+)$/,
+    "$1.$2"
   );
-  return { action: "removed", backupPath };
+  return dottedVersion;
 }
-function resolveCollectorAsset(nodePlatform = platform(), nodeArch = arch(), version = OTELCOL_VERSION) {
-  const osMap = { darwin: "darwin", linux: "linux" };
-  const archMap = { arm64: "arm64", x64: "amd64" };
-  const os = osMap[nodePlatform];
-  const cpu = archMap[nodeArch];
-  if (!os) {
-    throw new Error(
-      `Unsupported operating system "${nodePlatform}". The bundled collector supports macOS (darwin) and Linux. On Windows, run this under WSL.`
-    );
-  }
-  if (!cpu) {
-    throw new Error(
-      `Unsupported CPU architecture "${nodeArch}". The bundled collector supports arm64 and x64 (amd64).`
-    );
-  }
-  const versionNoV = version.replace(/^v/, "");
-  const asset = `otelcol-contrib_${versionNoV}_${os}_${cpu}.tar.gz`;
-  const url = `https://github.com/open-telemetry/opentelemetry-collector-releases/releases/download/${version}/${asset}`;
-  return { os, cpu, asset, url, version };
+function idempotencyKeyFor(rawSourceLine, email, rawModel, sessionId, indexWithinLine) {
+  return createHash("sha256").update(
+    `${rawSourceLine}|${email}|${rawModel}|${sessionId ?? ""}|${indexWithinLine}`
+  ).digest("hex");
 }
-function ensureCollectorBinary({
-  force = false,
-  log = console.log
-} = {}) {
-  if (existsSync(COLLECTOR_BIN_PATH) && !force) {
-    log(
-      `Collector already present at ${COLLECTOR_BIN_PATH} - skipping download.`
-    );
-    return COLLECTOR_BIN_PATH;
-  }
-  const { asset, url, version } = resolveCollectorAsset();
-  const tgzPath = join(tmpdir(), asset);
-  log(
-    `Downloading the collector (${asset}, ~360 MB) - this can take a minute\u2026`
+function buildMarginFrontRequestBody(parsedOtlp, options = {}) {
+  const foldCache = options.foldCache === true;
+  const fallbackCustomerId = typeof options.fallbackCustomerId === "string" && options.fallbackCustomerId.length > 0 ? options.fallbackCustomerId : null;
+  const developerOverride = options.developerOverride;
+  const tokenDataPoints = collectDataPointsForMetric(
+    parsedOtlp,
+    "claude_code.token.usage"
   );
-  try {
-    execFileSync("curl", ["-fSL", "-o", tgzPath, url], { stdio: "inherit" });
-  } catch {
-    throw new Error(
-      `Could not download the collector from ${url}
-What happened: the download failed (network issue, or version ${version} has no asset for your platform).
-Fix: check your internet connection, or pin a different version with CCC_OTELCOL_VERSION=v0.155.0 (see the OpenTelemetry collector releases page).`
-    );
+  const costDataPoints = collectDataPointsForMetric(
+    parsedOtlp,
+    "claude_code.cost.usage"
+  );
+  const groupsByKey = /* @__PURE__ */ new Map();
+  function makeGroupKey(email, model, sessionId) {
+    return `${email}
+${model}
+${sessionId}`;
   }
-  const expectedSha256 = COLLECTOR_CHECKSUMS[asset];
-  if (!expectedSha256) {
-    throw new Error(
-      `Refusing to run an unverified collector.
-What happened: there is no pinned, known-good fingerprint on file for "${asset}" (version ${version}).
-Why: this tool refuses to make ANY downloaded program executable unless we can first confirm it's exactly the release we trust.
-Fix: install the built-in pinned version (unset CCC_OTELCOL_VERSION), or add this release's official signed SHA-256 to the package's pinned checksums before installing it. The download is left at ${tgzPath} so you can verify it yourself.`
-    );
+  for (const dataPoint of tokenDataPoints) {
+    const attributes = attributesToLookup(dataPoint.attributes);
+    const email = developerOverride || attributes["user.email"] || fallbackCustomerId;
+    const rawModel = attributes["model"];
+    const sessionId = attributes["session.id"];
+    const tokenType = attributes["type"];
+    const tokenCount = dataPointTokenCount(dataPoint);
+    if (!email || !rawModel || !sessionId) continue;
+    const groupKey = makeGroupKey(email, rawModel, sessionId);
+    let group = groupsByKey.get(groupKey);
+    if (!group) {
+      group = {
+        email,
+        rawModel,
+        sessionId,
+        inputTokens: 0,
+        outputTokens: 0,
+        cacheReadTokens: 0,
+        cacheCreationTokens: 0
+      };
+      groupsByKey.set(groupKey, group);
+    }
+    if (tokenType === "input") {
+      group.inputTokens += tokenCount;
+    } else if (tokenType === "output") {
+      group.outputTokens += tokenCount;
+    } else if (tokenType === "cacheRead") {
+      group.cacheReadTokens += tokenCount;
+    } else if (tokenType === "cacheCreation") {
+      group.cacheCreationTokens += tokenCount;
+    }
   }
-  log("Verifying the downloaded collector's fingerprint\u2026");
-  if (!verifyTarballChecksum(tgzPath, expectedSha256)) {
-    try {
-      rmSync(tgzPath, { force: true });
-    } catch {
+  function findCostForGroup(email, rawModel, sessionId) {
+    for (const costPoint of costDataPoints) {
+      const costAttributes = attributesToLookup(costPoint.attributes);
+      const costEmail = developerOverride || costAttributes["user.email"] || fallbackCustomerId;
+      if (costEmail === email && costAttributes["model"] === rawModel && costAttributes["session.id"] === sessionId) {
+        return typeof costPoint.asDouble === "number" ? costPoint.asDouble : null;
+      }
     }
-    throw new Error(
-      `Collector integrity check FAILED - refusing to install.
-What happened: the collector we downloaded for "${asset}" does NOT match its known-good fingerprint, so we deleted it and stopped.
-Why this probably happened: the file was altered between GitHub and your machine - most often a corporate TLS-inspecting proxy rewriting the download, a corrupted transfer, or (worst case) a tampered release.
-Fix: re-run the install on a network without a man-in-the-middle proxy. If it keeps failing on a clean network, do NOT bypass this - report it, because a persistent mismatch can mean the download is being tampered with.`
-    );
+    return null;
   }
-  log("Fingerprint verified - the collector is exactly the trusted release.");
-  log(`Unpacking the collector into ${CONFIG_DIR}\u2026`);
-  try {
-    execFileSync("tar", ["xzf", tgzPath, "-C", CONFIG_DIR, "otelcol-contrib"], {
-      stdio: "inherit"
-    });
-  } catch {
-    throw new Error(
-      `Could not unpack ${tgzPath}.
-What happened: the downloaded archive didn't contain the expected otelcol-contrib binary, or tar isn't available.
-Fix: delete the file above and re-run \`npx @marginfront/code-cost-clarity init\`.`
+  const records = [];
+  for (const group of groupsByKey.values()) {
+    const cacheReadTokens = group.cacheReadTokens;
+    const cacheCreationTokens = group.cacheCreationTokens;
+    const cacheTokens = cacheReadTokens + cacheCreationTokens;
+    const billedInputTokens = foldCache ? group.inputTokens + cacheTokens : group.inputTokens;
+    if (group.inputTokens === 0 && group.outputTokens === 0 && cacheTokens === 0)
+      continue;
+    const claudeCodeCostUsd = findCostForGroup(
+      group.email,
+      group.rawModel,
+      group.sessionId
     );
-  } finally {
-    try {
-      rmSync(tgzPath, { force: true });
-    } catch {
+    const record = {
+      // Per-developer attribution: the developer's email IS the customer id (or the
+      // no-identity placeholder).
+      customerExternalId: group.email,
+      agentCode: AGENT_CODE,
+      signalName: SIGNAL_NAME,
+      model: normalizeModelId(group.rawModel),
+      modelProvider: MODEL_PROVIDER,
+      inputTokens: billedInputTokens,
+      outputTokens: group.outputTokens,
+      environment: ENVIRONMENT,
+      // usageDate omitted so MarginFront defaults it to "now."
+      metadata: {
+        sessionId: group.sessionId,
+        rawModel: group.rawModel,
+        // Raw cache numbers ALWAYS recorded (audit), whether typed or folded.
+        cacheReadTokens,
+        cacheCreationTokens,
+        // Whether inputTokens includes cache (fold) or not (default).
+        cacheFoldedIntoInput: foldCache,
+        // Claude Code's own cache-accurate cost - reconciliation ground truth,
+        // not the billed figure.
+        claudeCodeCostUsd
+      }
+    };
+    if (!foldCache) {
+      record.cacheReadTokens = cacheReadTokens;
+      record.cacheWriteTokens = cacheCreationTokens;
     }
+    if (options.rawSourceLine !== void 0) {
+      record.idempotencyKey = idempotencyKeyFor(
+        options.rawSourceLine,
+        group.email,
+        group.rawModel,
+        group.sessionId,
+        records.length
+      );
+    }
+    records.push(record);
   }
-  try {
-    execFileSync("chmod", ["755", COLLECTOR_BIN_PATH]);
-  } catch {
-  }
-  log(`Collector installed at ${COLLECTOR_BIN_PATH}.`);
-  return COLLECTOR_BIN_PATH;
+  return { records };
 }
-function ensureConfigFiles({
-  log = console.log
-} = {}) {
-  if (!existsSync(CONFIG_DIR)) {
-    mkdirSync(CONFIG_DIR, { recursive: true });
-    log(`Created ${CONFIG_DIR}.`);
-  }
-  if (existsSync(ENV_PATH)) {
-    log(`Kept your existing settings file at ${ENV_PATH} (API key preserved).`);
-  } else {
-    writeFileSync(ENV_PATH, renderEnvFile(), { mode: 384 });
-    log(`Wrote settings template to ${ENV_PATH} - add your API key there.`);
+function logAttributesToLookup(attributeList) {
+  const lookup = {};
+  if (!Array.isArray(attributeList)) return lookup;
+  for (const attribute of attributeList) {
+    if (attribute && typeof attribute.key === "string" && attribute.value) {
+      lookup[attribute.key] = attribute.value;
+    }
   }
-  writeFileSync(COLLECTOR_CONFIG_PATH, renderCollectorYaml());
-  log(`Wrote collector config to ${COLLECTOR_CONFIG_PATH}.`);
+  return lookup;
 }
-function loadEnvFile(path = ENV_PATH) {
-  if (!existsSync(path)) return {};
-  const loaded = {};
-  let text;
-  try {
-    text = readFileSync(path, "utf8");
-  } catch {
-    return {};
+function logAttrString(value) {
+  if (value && typeof value.stringValue === "string") return value.stringValue;
+  return void 0;
+}
+function logAttrTokenCount(value) {
+  if (value == null) return 0;
+  if (value.intValue !== void 0 && value.intValue !== null) {
+    const parsed = parseInt(String(value.intValue), 10);
+    return Number.isFinite(parsed) ? parsed : 0;
   }
-  for (const rawLine of text.split("\n")) {
-    const line = rawLine.trim();
-    if (!line || line.startsWith("#")) continue;
-    const eq = line.indexOf("=");
-    if (eq === -1) continue;
-    const key = line.slice(0, eq).trim();
-    let value = line.slice(eq + 1).trim();
-    if (value.length >= 2 && (value.startsWith('"') && value.endsWith('"') || value.startsWith("'") && value.endsWith("'"))) {
-      value = value.slice(1, -1);
-    }
-    if (!key) continue;
-    loaded[key] = value;
-    if (process.env[key] === void 0) {
-      process.env[key] = value;
-    }
+  if (value.doubleValue !== void 0 && value.doubleValue !== null) {
+    const parsed = Math.round(Number(value.doubleValue));
+    return Number.isFinite(parsed) ? parsed : 0;
   }
-  return loaded;
-}
-function writeApiKeyToEnv(value, path = ENV_PATH) {
-  const current = existsSync(path) ? readFileSync(path, "utf8") : renderEnvFile();
-  const keyLine = /^MARGINFRONT_API_KEY=.*$/m;
-  let next;
-  if (keyLine.test(current)) {
-    next = current.replace(keyLine, () => `MARGINFRONT_API_KEY=${value}`);
-  } else {
-    const sep = current.endsWith("\n") || current === "" ? "" : "\n";
-    next = `${current}${sep}MARGINFRONT_API_KEY=${value}
-`;
+  if (typeof value.stringValue === "string") {
+    const parsed = parseInt(value.stringValue, 10);
+    return Number.isFinite(parsed) ? parsed : 0;
   }
-  writeFileSync(path, next, { mode: 384 });
-  chmodSync(path, 384);
-}
-var CLAUDE_SETTINGS_PATH = join(homedir(), ".claude", "settings.json");
-var CLAUDE_SETTINGS_OWNERSHIP_PATH = join(
-  CONFIG_DIR,
-  "claude-settings-owned.json"
-);
-var CCC_OWNED_TELEMETRY_KEYS = [
-  "CLAUDE_CODE_ENABLE_TELEMETRY",
-  "OTEL_METRICS_EXPORTER",
-  "OTEL_LOGS_EXPORTER",
-  "OTEL_EXPORTER_OTLP_PROTOCOL",
-  "OTEL_EXPORTER_OTLP_ENDPOINT",
-  "OTEL_METRIC_EXPORT_INTERVAL"
-];
-var CCC_TELEMETRY_VALUES = {
-  // Turns on Claude Code's usage broadcasting.
-  CLAUDE_CODE_ENABLE_TELEMETRY: "1",
-  // Send token usage as OpenTelemetry metrics.
-  OTEL_METRICS_EXPORTER: "otlp",
-  // Send the per-tool-call EVENT stream too (needed for tool-call line items).
-  OTEL_LOGS_EXPORTER: "otlp",
-  // HTTP/protobuf - verified working; gRPC on 4317 silently failed in testing.
-  OTEL_EXPORTER_OTLP_PROTOCOL: "http/protobuf",
-  // Point Claude Code at the local collector (must match the collector YAML).
-  OTEL_EXPORTER_OTLP_ENDPOINT: "http://127.0.0.1:4318",
-  // Flush usage every 5 minutes (batched ~one event per turn).
-  OTEL_METRIC_EXPORT_INTERVAL: "300000"
-};
-function isPlainObject(value) {
-  return typeof value === "object" && value !== null && !Array.isArray(value);
+  return 0;
 }
-function backupClaudeSettings(settingsPath) {
-  const backupPath = `${settingsPath}.ccc-bak`;
-  copyFileSync(settingsPath, backupPath);
-  return backupPath;
+function isCodexUsageRecord(lookup, eventName) {
+  if (eventName === CODEX_USAGE_EVENT_NAME) return true;
+  return CODEX_TOKEN_KEYS.some((key) => lookup[key] !== void 0);
 }
-function readClaudeSettingsOwnership(ownershipPath) {
-  if (!existsSync(ownershipPath)) return null;
-  try {
-    const parsed = JSON.parse(readFileSync(ownershipPath, "utf8"));
-    if (!isPlainObject(parsed) || !isPlainObject(parsed.ownedKeys)) {
-      return null;
-    }
-    const out = {};
-    for (const [key, value] of Object.entries(parsed.ownedKeys)) {
-      out[key] = String(value);
+function buildCodexRequestBody(parsedOtlp, options = {}) {
+  const foldCache = options.foldCache === true;
+  const fallbackCustomerId = typeof options.fallbackCustomerId === "string" && options.fallbackCustomerId.length > 0 ? options.fallbackCustomerId : CODEX_NO_IDENTITY_CUSTOMER;
+  const developerOverride = options.developerOverride;
+  const records = [];
+  const resourceLogsList = parsedOtlp?.resourceLogs;
+  if (!Array.isArray(resourceLogsList)) return { records };
+  for (const resourceLog of resourceLogsList) {
+    const scopeLogsList = resourceLog?.scopeLogs;
+    if (!Array.isArray(scopeLogsList)) continue;
+    for (const scopeLog of scopeLogsList) {
+      const logRecordsList = scopeLog?.logRecords;
+      if (!Array.isArray(logRecordsList)) continue;
+      for (const logRecord of logRecordsList) {
+        const lookup = logAttributesToLookup(logRecord?.attributes);
+        const eventName = logAttrString(lookup["event.name"]) ?? logAttrString(logRecord?.body);
+        if (toolResultSource(eventName) !== null) continue;
+        if (!isCodexUsageRecord(lookup, eventName)) continue;
+        const rawModel = logAttrString(lookup["model"]);
+        if (!rawModel) continue;
+        if (CODEX_EXCLUDED_MODELS.has(rawModel.trim().toLowerCase())) continue;
+        const email = developerOverride || logAttrString(lookup["user.email"]) || fallbackCustomerId;
+        if (!email) continue;
+        const sessionId = logAttrString(lookup["session.id"]) ?? logAttrString(lookup["conversation.id"]) ?? logAttrString(lookup["session_id"]) ?? null;
+        const inputCount = logAttrTokenCount(lookup[CODEX_INPUT_TOKEN_KEY]);
+        const outputCount = logAttrTokenCount(lookup[CODEX_OUTPUT_TOKEN_KEY]);
+        const cachedCount = logAttrTokenCount(lookup[CODEX_CACHED_TOKEN_KEY]);
+        const reasoningCount = logAttrTokenCount(
+          lookup[CODEX_REASONING_TOKEN_KEY]
+        );
+        const toolCount = logAttrTokenCount(lookup[CODEX_TOOL_TOKEN_KEY]);
+        if (inputCount === 0 && outputCount === 0 && cachedCount === 0)
+          continue;
+        const freshInputTokens = Math.max(0, inputCount - cachedCount);
+        const billedInputTokens = foldCache ? inputCount : freshInputTokens;
+        const record = {
+          customerExternalId: email,
+          agentCode: AGENT_CODE_CODEX,
+          signalName: SIGNAL_NAME_CODEX,
+          model: normalizeModelId(rawModel),
+          modelProvider: MODEL_PROVIDER_CODEX,
+          inputTokens: billedInputTokens,
+          // Reasoning is ALREADY inside this number - do NOT add it again.
+          outputTokens: outputCount,
+          environment: ENVIRONMENT,
+          // usageDate omitted so MarginFront defaults it to "now."
+          metadata: {
+            source: "codex",
+            sessionId,
+            rawModel,
+            // Audit-only - nested inside input/output already, never added to the
+            // billed tokens; recorded to prove we didn't drop anything.
+            cachedTokens: cachedCount,
+            reasoningTokens: reasoningCount,
+            toolTokens: toolCount,
+            cacheFoldedIntoInput: foldCache
+          }
+        };
+        if (!foldCache) {
+          record.cacheReadTokens = cachedCount;
+        }
+        if (options.rawSourceLine !== void 0) {
+          record.idempotencyKey = idempotencyKeyFor(
+            options.rawSourceLine,
+            email,
+            rawModel,
+            sessionId,
+            records.length
+          );
+        }
+        records.push(record);
+      }
     }
-    return out;
-  } catch {
-    return null;
   }
+  return { records };
 }
-function writeClaudeSettingsOwnership(ownershipPath, ownedKeys) {
-  mkdirSync(dirname(ownershipPath), { recursive: true });
-  const payload = {
-    _comment: "MarginFront code-cost-clarity wrote these telemetry keys into your Claude Code settings.json. Uninstall removes ONLY the keys below, and only if their value still matches. Safe to delete by hand if you've already cleaned up settings.json yourself.",
-    ownedKeys
-  };
-  writeFileSync(ownershipPath, JSON.stringify(payload, null, 2) + "\n");
+function toolResultSource(eventName) {
+  if (!eventName) return null;
+  if (eventName === CODEX_TOOL_RESULT_EVENT) return "codex";
+  if (eventName === CLAUDE_TOOL_RESULT_EVENT || eventName === "tool_result") {
+    return "claude-code";
+  }
+  return null;
 }
-function writeClaudeTelemetrySettings(vars, {
-  settingsPath = CLAUDE_SETTINGS_PATH,
-  ownershipPath = CLAUDE_SETTINGS_OWNERSHIP_PATH,
-  log = console.log
-} = {}) {
-  let settings = {};
-  const fileExists = existsSync(settingsPath);
-  if (fileExists) {
-    let parsed;
-    try {
-      parsed = JSON.parse(readFileSync(settingsPath, "utf8"));
-    } catch {
-      const backupPath2 = backupClaudeSettings(settingsPath);
-      throw new Error(
-        `Could not update ${settingsPath}.
-What happened: your Claude Code settings file isn't valid JSON, so we stopped instead of risking your settings.
-What we did: saved an untouched copy at ${backupPath2}.
-Fix: open the file and repair the JSON (a common cause is a trailing comma or a missing quote), then run init again. We will not modify a file we can't read.`
-      );
-    }
-    if (!isPlainObject(parsed)) {
-      const backupPath2 = backupClaudeSettings(settingsPath);
-      throw new Error(
-        `Could not update ${settingsPath}.
-What happened: the top level of your Claude Code settings file isn't a JSON object (it looks like an array or a single value), so there's nowhere safe to add the telemetry settings.
-What we did: saved an untouched copy at ${backupPath2}.
-Fix: make the file a normal JSON object like { "env": { ... } }, then run init again.`
-      );
+function buildToolUsageRecords(parsedOtlp, options = {}) {
+  const fallbackCustomerId = typeof options.fallbackCustomerId === "string" && options.fallbackCustomerId.length > 0 ? options.fallbackCustomerId : CODEX_NO_IDENTITY_CUSTOMER;
+  const developerOverride = options.developerOverride;
+  const records = [];
+  const resourceLogsList = parsedOtlp?.resourceLogs;
+  if (!Array.isArray(resourceLogsList)) return { records };
+  const groups = /* @__PURE__ */ new Map();
+  for (const resourceLog of resourceLogsList) {
+    const scopeLogsList = resourceLog?.scopeLogs;
+    if (!Array.isArray(scopeLogsList)) continue;
+    for (const scopeLog of scopeLogsList) {
+      const logRecordsList = scopeLog?.logRecords;
+      if (!Array.isArray(logRecordsList)) continue;
+      for (const logRecord of logRecordsList) {
+        const lookup = logAttributesToLookup(logRecord?.attributes);
+        const eventName = logAttrString(lookup["event.name"]) ?? logAttrString(logRecord?.body);
+        const source = toolResultSource(eventName);
+        if (!source) continue;
+        let toolName;
+        for (const key of TOOL_NAME_KEYS) {
+          const candidate = logAttrString(lookup[key]);
+          if (candidate) {
+            toolName = candidate;
+            break;
+          }
+        }
+        if (!toolName) continue;
+        if (BUILTIN_NONBILLABLE_TOOLS.has(toolName)) continue;
+        const email = developerOverride || logAttrString(lookup["user.email"]) || fallbackCustomerId;
+        if (!email) continue;
+        const sessionId = logAttrString(lookup["session.id"]) ?? logAttrString(lookup["conversation.id"]) ?? logAttrString(lookup["session_id"]) ?? null;
+        const groupKey = `${email}
+${sessionId ?? ""}
+${source}
+${toolName}`;
+        let group = groups.get(groupKey);
+        if (!group) {
+          group = {
+            email,
+            sessionId,
+            telemetrySource: source,
+            toolName,
+            count: 0
+          };
+          groups.set(groupKey, group);
+        }
+        group.count += 1;
+      }
     }
-    settings = parsed;
-  }
-  if ("env" in settings && !isPlainObject(settings.env)) {
-    const backupPath2 = backupClaudeSettings(settingsPath);
-    throw new Error(
-      `Could not update ${settingsPath}.
-What happened: your settings file has an "env" entry that isn't a block of key/value settings (it's null, a list, or a single value), so we stopped instead of overwriting it.
-What we did: saved an untouched copy at ${backupPath2}.
-Fix: change "env" to a normal object like { "KEY": "value" } (or remove it), then run init again.`
-    );
   }
-  const hadEnv = isPlainObject(settings.env);
-  const env = hadEnv ? settings.env : {};
-  const priorOwned = readClaudeSettingsOwnership(ownershipPath) ?? {};
-  const ownedKeys = {};
-  const written = [];
-  const skipped = [];
-  let mutated = false;
-  for (const key of CCC_OWNED_TELEMETRY_KEYS) {
-    if (!(key in vars)) continue;
-    const canonical = String(vars[key]);
-    const current = env[key];
-    if (current === void 0) {
-      env[key] = canonical;
-      ownedKeys[key] = canonical;
-      written.push(key);
-      mutated = true;
-    } else if (current === canonical) {
-      if (priorOwned[key] === canonical) {
-        ownedKeys[key] = canonical;
-        written.push(key);
-      } else {
-        skipped.push(key);
+  for (const group of groups.values()) {
+    if (group.count === 0) continue;
+    const isCodex = group.telemetrySource === "codex";
+    const record = {
+      customerExternalId: group.email,
+      agentCode: isCodex ? AGENT_CODE_CODEX : AGENT_CODE,
+      signalName: isCodex ? SIGNAL_NAME_TOOL_CODEX : SIGNAL_NAME_TOOL,
+      // Raw tool NAME as the service id, verbatim - NOT through normalizeModelId
+      // (that's Claude-LLM-name-specific). Catalog matches (model=tool name,
+      // modelProvider="tool").
+      model: group.toolName,
+      modelProvider: MODEL_PROVIDER_TOOL,
+      // Billing volume = times this tool fired this flush; no token fields (not an
+      // LLM turn). Server prices quantity x unitPrice.
+      quantity: group.count,
+      environment: ENVIRONMENT,
+      metadata: {
+        source: "tool",
+        sessionId: group.sessionId,
+        toolName: group.toolName,
+        telemetrySource: group.telemetrySource,
+        estimated: true
       }
-    } else {
-      skipped.push(key);
+    };
+    if (options.rawSourceLine !== void 0) {
+      record.idempotencyKey = idempotencyKeyFor(
+        options.rawSourceLine,
+        group.email,
+        `tool:${group.toolName}`,
+        group.sessionId,
+        records.length
+      );
     }
+    records.push(record);
   }
-  let backupPath = null;
-  if (mutated) {
-    if (!hadEnv) settings.env = env;
-    if (fileExists) backupPath = backupClaudeSettings(settingsPath);
-    mkdirSync(dirname(settingsPath), { recursive: true });
-    writeFileSync(settingsPath, JSON.stringify(settings, null, 2) + "\n");
-    log(
-      `Wrote ${written.length} telemetry setting(s) into ${settingsPath}` + (backupPath ? ` (backup at ${backupPath}).` : ".")
-    );
-  } else {
-    log(`No changes needed in ${settingsPath} - telemetry already in place.`);
-  }
-  writeClaudeSettingsOwnership(ownershipPath, ownedKeys);
-  if (skipped.length) {
-    log(
-      `Left ${skipped.length} setting(s) you already had in place untouched: ` + skipped.join(", ")
-    );
+  return { records };
+}
+function buildRequestBodyForLine(parsedOtlp, options = {}) {
+  if (parsedOtlp && Array.isArray(parsedOtlp.resourceLogs)) {
+    const codexOptions = options.fallbackCustomerId === NO_IDENTITY_CUSTOMER ? { ...options, fallbackCustomerId: CODEX_NO_IDENTITY_CUSTOMER } : options;
+    const tokenBody = buildCodexRequestBody(parsedOtlp, codexOptions);
+    const toolBody = buildToolUsageRecords(parsedOtlp, codexOptions);
+    return { records: [...tokenBody.records, ...toolBody.records] };
   }
-  return { written, skipped, backupPath };
+  return buildMarginFrontRequestBody(parsedOtlp, options);
 }
-function removeClaudeTelemetrySettings({
-  settingsPath = CLAUDE_SETTINGS_PATH,
-  ownershipPath = CLAUDE_SETTINGS_OWNERSHIP_PATH,
-  log = console.log
-} = {}) {
-  const removed = [];
-  const kept = [];
-  const owned = readClaudeSettingsOwnership(ownershipPath);
-  if (owned === null) {
-    log(
-      `Nothing to undo: no MarginFront ownership record found at ${ownershipPath} (either it was never written, or it's already been removed).`
+function readAndParseOtlpFile(inputFilePath) {
+  if (!existsSync(inputFilePath)) {
+    console.error(
+      `Could not read/parse ${inputFilePath}: file does not exist. Check the path and try again.`
     );
-    return { removed, kept, backupPath: null };
+    process.exit(1);
   }
-  if (!existsSync(settingsPath)) {
-    log(
-      `Nothing to undo: ${settingsPath} doesn't exist. Removing the stale ownership record.`
+  let fileText;
+  try {
+    fileText = readFileSync(inputFilePath, "utf8");
+  } catch (readError) {
+    console.error(
+      `Could not read/parse ${inputFilePath}: ${readError.message}`
     );
-    rmSync(ownershipPath, { force: true });
-    return { removed, kept, backupPath: null };
+    process.exit(1);
   }
-  let parsed;
   try {
-    parsed = JSON.parse(readFileSync(settingsPath, "utf8"));
+    return JSON.parse(fileText);
   } catch {
-    log(
-      `Could not undo cleanly: ${settingsPath} isn't valid JSON right now, so we left it untouched. Fix the JSON and re-run uninstall, or remove the telemetry keys by hand.`
-    );
-    return { removed, kept, backupPath: null };
-  }
-  if (!isPlainObject(parsed)) {
-    log(
-      `Could not undo cleanly: ${settingsPath} isn't a JSON object, so we left it untouched.`
-    );
-    return { removed, kept, backupPath: null };
-  }
-  const settings = parsed;
-  const env = isPlainObject(settings.env) ? settings.env : null;
-  let mutated = false;
-  for (const [key, canonical] of Object.entries(owned)) {
-    if (env && env[key] === canonical) {
-      delete env[key];
-      removed.push(key);
-      mutated = true;
-    } else {
-      kept.push(key);
-    }
-  }
-  if (env && Object.keys(env).length === 0) {
-    delete settings.env;
-    mutated = true;
-  }
-  let backupPath = null;
-  if (mutated) {
-    backupPath = backupClaudeSettings(settingsPath);
-    writeFileSync(settingsPath, JSON.stringify(settings, null, 2) + "\n");
-    log(
-      `Removed ${removed.length} MarginFront telemetry setting(s) from ${settingsPath} (backup at ${backupPath}).`
-    );
-  } else {
-    log(
-      `Nothing to remove from ${settingsPath} - the telemetry keys were already gone or you'd changed them (left untouched).`
+    console.error(
+      `Could not read/parse ${inputFilePath}: the file is not valid JSON. Make sure it is an OTLP/JSON export line (Claude Code metrics or Codex logs), not raw text.`
     );
+    process.exit(1);
   }
-  rmSync(ownershipPath, { force: true });
-  return { removed, kept, backupPath };
 }
-function isPidAlive(pid) {
-  if (!pid || !Number.isInteger(pid)) return false;
-  try {
-    process.kill(pid, 0);
-    return true;
-  } catch (err) {
-    return err?.code === "EPERM";
+async function postToMarginFront(requestBody) {
+  const apiKey = process.env.MARGINFRONT_API_KEY;
+  if (!apiKey) {
+    return { ok: false, reason: "no-key" };
   }
-}
-function readCollectorPid() {
-  if (!existsSync(COLLECTOR_PID_PATH)) return null;
+  let response;
   try {
-    const pid = parseInt(readFileSync(COLLECTOR_PID_PATH, "utf8").trim(), 10);
-    return Number.isInteger(pid) ? pid : null;
-  } catch {
-    return null;
-  }
-}
-function startCollector({ log = console.log } = {}) {
-  const existing = readCollectorPid();
-  if (isPidAlive(existing)) {
-    log(`Collector already running (pid ${existing}).`);
-    return { pid: existing, startedByUs: false };
-  }
-  if (!existsSync(COLLECTOR_BIN_PATH)) {
-    throw new Error(
-      "Collector binary is missing. Run `npx @marginfront/code-cost-clarity init` first."
-    );
+    response = await fetch(MARGINFRONT_INGEST_URL, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        // MarginFront authenticates with x-api-key, NOT Bearer/Authorization.
+        "x-api-key": apiKey,
+        // This User-Agent is what lets the server tag these events as source='ccc'
+        // instead of the generic 'api' fallback. Without it, PostHog dashboards
+        // can't distinguish "developer paying for AI tokens via CCC" traffic from
+        // raw API clients - every CCC event would be mislabelled as source='api'.
+        "User-Agent": `@marginfront/code-cost-clarity/${CCC_PACKAGE_VERSION}`
+      },
+      body: JSON.stringify(requestBody)
+    });
+  } catch (networkError) {
+    return {
+      ok: false,
+      reason: "network",
+      message: networkError.message
+    };
   }
-  const logFd = openSync(COLLECTOR_LOG_PATH, "a");
-  const child = spawn(COLLECTOR_BIN_PATH, ["--config", COLLECTOR_CONFIG_PATH], {
-    cwd: CONFIG_DIR,
-    detached: true,
-    stdio: ["ignore", logFd, logFd]
-  });
-  child.unref();
-  writeFileSync(COLLECTOR_PID_PATH, String(child.pid));
-  log(`Started collector (pid ${child.pid}); logs at ${COLLECTOR_LOG_PATH}.`);
-  return { pid: child.pid, startedByUs: true };
-}
-function stopCollector({
-  log = console.log
-} = {}) {
-  const pid = readCollectorPid();
-  if (!isPidAlive(pid)) {
-    if (existsSync(COLLECTOR_PID_PATH))
-      rmSync(COLLECTOR_PID_PATH, { force: true });
-    log("No running collector found.");
-    return false;
+  const responseText = await response.text();
+  if (!response.ok) {
+    return {
+      ok: false,
+      reason: "http",
+      status: response.status,
+      body: responseText
+    };
   }
+  let parsed = null;
   try {
-    process.kill(pid);
-    log(`Stopped collector (pid ${pid}).`);
-  } catch (err) {
-    log(`Could not stop collector (pid ${pid}): ${err.message}`);
+    parsed = JSON.parse(responseText);
+  } catch {
+    parsed = null;
   }
-  rmSync(COLLECTOR_PID_PATH, { force: true });
-  return true;
+  return { ok: true, parsed, body: responseText };
 }
-var PLIST_LABEL = "ai.marginfront.ccc";
-var PLIST_PATH = join(
-  homedir(),
-  "Library",
-  "LaunchAgents",
-  PLIST_LABEL + ".plist"
-);
-var DAEMON_CLI_PATH = join(CONFIG_DIR, "cli.js");
-var DAEMON_STDOUT_LOG_PATH = join(CONFIG_DIR, "forwarder.out.log");
-var DAEMON_STDERR_LOG_PATH = join(CONFIG_DIR, "forwarder.err.log");
-function defaultLaunchctlRunner(args) {
-  const result = spawnSync("launchctl", args, { encoding: "utf8" });
-  return {
-    // A spawn error (e.g. launchctl missing on a non-mac) leaves status null; we
-    // treat that as a failure so callers don't read it as "succeeded."
-    status: typeof result.status === "number" ? result.status : 1,
-    stdout: result.stdout ?? "",
-    stderr: result.stderr ?? ""
-  };
+function successRowsFrom(parsed) {
+  const rows = parsed?.results?.success;
+  return Array.isArray(rows) ? rows : [];
 }
-function setDesktopGuiEnv(runLaunchctl = defaultLaunchctlRunner) {
-  for (const key of CCC_OWNED_TELEMETRY_KEYS) {
-    runLaunchctl(["setenv", key, CCC_TELEMETRY_VALUES[key]]);
+function readWatchCursor(cursorPath) {
+  if (!cursorPath || !existsSync(cursorPath)) return 0;
+  try {
+    const parsed = parseInt(readFileSync(cursorPath, "utf8").trim(), 10);
+    return Number.isInteger(parsed) && parsed >= 0 ? parsed : 0;
+  } catch {
+    return 0;
   }
 }
-function unsetDesktopGuiEnv(runLaunchctl = defaultLaunchctlRunner) {
-  for (const key of CCC_OWNED_TELEMETRY_KEYS) {
-    runLaunchctl(["unsetenv", key]);
+function writeWatchCursor(cursorPath, byteOffset) {
+  if (!cursorPath) return;
+  try {
+    writeFileSync(cursorPath, String(byteOffset));
+  } catch {
   }
 }
-function currentUid() {
-  return typeof process.getuid === "function" ? process.getuid() : 0;
-}
-function escapeXml(value) {
-  return value.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&apos;");
-}
-function renderDaemonPlist({
-  nodePath,
-  cliPath
-}) {
-  return `<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-<dict>
-  <key>Label</key>
-  <string>${escapeXml(PLIST_LABEL)}</string>
-  <key>ProgramArguments</key>
-  <array>
-    <string>${escapeXml(nodePath)}</string>
-    <string>${escapeXml(cliPath)}</string>
-    <string>run</string>
-  </array>
-  <key>WorkingDirectory</key>
-  <string>${escapeXml(CONFIG_DIR)}</string>
-  <key>RunAtLoad</key>
-  <true/>
-  <key>KeepAlive</key>
-  <true/>
-  <key>StandardOutPath</key>
-  <string>${escapeXml(DAEMON_STDOUT_LOG_PATH)}</string>
-  <key>StandardErrorPath</key>
-  <string>${escapeXml(DAEMON_STDERR_LOG_PATH)}</string>
-</dict>
-</plist>
-`;
-}
-function installDaemon(options = {}) {
-  const runLaunchctl = options.runLaunchctl ?? defaultLaunchctlRunner;
-  const log = options.log ?? console.log;
-  const nodePath = options.nodePath ?? process.execPath;
-  const sourceCliPath = options.sourceCliPath ?? fileURLToPath(import.meta.url);
-  const daemonCliPath = options.daemonCliPath ?? DAEMON_CLI_PATH;
-  const plistPath = options.plistPath ?? PLIST_PATH;
-  const uid = options.uid ?? currentUid();
-  if (nodePath === "npx" || nodePath.endsWith("/npx")) {
-    throw new Error(
-      "Refusing to install the background daemon with 'npx' as its program.\nWhat happened: the daemon must be pinned to the real node binary (process.execPath), because npx runs from a temporary cache that gets cleaned up - a daemon pointed at npx would crash-loop once that cache is gone.\nFix: this is an internal error; the daemon should always be installed with process.execPath. Re-run `start` from the npx-installed CLI."
-    );
+function readNewCompleteLines(filePath, fromByte) {
+  if (!existsSync(filePath)) return { lines: [], nextCursor: fromByte };
+  let size;
+  try {
+    size = statSync(filePath).size;
+  } catch {
+    return { lines: [], nextCursor: fromByte };
   }
-  mkdirSync(dirname(daemonCliPath), { recursive: true });
-  copyFileSync(sourceCliPath, daemonCliPath);
-  log(
-    `Copied the meter program to ${daemonCliPath} (a stable copy that survives npx cleanup).`
-  );
-  mkdirSync(dirname(plistPath), { recursive: true });
-  writeFileSync(
-    plistPath,
-    renderDaemonPlist({ nodePath, cliPath: daemonCliPath })
-  );
-  log(`Wrote the background-job definition to ${plistPath}.`);
-  const domainTarget = `gui/${uid}`;
-  const serviceTarget = `gui/${uid}/${PLIST_LABEL}`;
-  const alreadyLoaded = runLaunchctl(["print", serviceTarget]).status === 0;
-  let reloaded = false;
-  if (alreadyLoaded) {
-    log(
-      "A background meter is already loaded - reloading it with the new settings."
-    );
-    runLaunchctl(["bootout", serviceTarget]);
-    reloaded = true;
+  let start = fromByte;
+  if (size < start) start = 0;
+  if (size === start) return { lines: [], nextCursor: start };
+  const length = size - start;
+  const buffer = Buffer.alloc(length);
+  let bytesRead = 0;
+  let fd;
+  try {
+    fd = openSync(filePath, "r");
+    bytesRead = readSync(fd, buffer, 0, length, start);
+  } catch {
+    return { lines: [], nextCursor: fromByte };
+  } finally {
+    if (fd !== void 0) closeSync(fd);
   }
-  const bootstrap = runLaunchctl(["bootstrap", domainTarget, plistPath]);
-  if (bootstrap.status !== 0) {
-    throw new Error(
-      `Could not start the background meter (launchctl bootstrap failed).
-What happened: macOS refused to load the job at ${plistPath}.
-` + (bootstrap.stderr ? `launchctl said: ${bootstrap.stderr.trim()}
-` : "") + `Fix: run \`npx @marginfront/code-cost-clarity status\` to see the current state, or \`stop\` then \`start\` again. If it keeps failing, confirm you're on macOS and that ${plistPath} looks like valid XML.`
-    );
+  const chunk = buffer.subarray(0, bytesRead);
+  const lastNewline = chunk.lastIndexOf(10);
+  if (lastNewline === -1) {
+    return { lines: [], nextCursor: start };
   }
-  log("The background meter is loaded and will start at login from now on.");
-  return { reloaded, plistPath, daemonCliPath };
+  const completeText = chunk.subarray(0, lastNewline + 1).toString("utf8");
+  const nextCursor = start + lastNewline + 1;
+  const parts = completeText.split("\n");
+  parts.pop();
+  return { lines: parts, nextCursor };
 }
-function uninstallDaemon(options = {}) {
-  const runLaunchctl = options.runLaunchctl ?? defaultLaunchctlRunner;
-  const log = options.log ?? console.log;
-  const daemonCliPath = options.daemonCliPath ?? DAEMON_CLI_PATH;
-  const plistPath = options.plistPath ?? PLIST_PATH;
-  const uid = options.uid ?? currentUid();
-  runLaunchctl(["bootout", `gui/${uid}/${PLIST_LABEL}`]);
-  if (existsSync(plistPath)) {
-    rmSync(plistPath, { force: true });
-    log(`Removed the background-job definition at ${plistPath}.`);
-  }
-  if (existsSync(daemonCliPath)) {
-    rmSync(daemonCliPath, { force: true });
-    log(`Removed the meter program copy at ${daemonCliPath}.`);
+var MAX_QUEUE_RECORDS = 1e4;
+var MAX_RECORDS_PER_DRAIN = 100;
+var QUEUE_BACKOFF_START_MS = 2e3;
+var QUEUE_BACKOFF_MAX_MS = 6e4;
+var COLLECTOR_REVIVE_BACKOFF_MS = 3e4;
+function maybeReviveCollector(deps, nextReviveAllowedAt, backoffMs) {
+  if (deps.isCollectorAlive()) return nextReviveAllowedAt;
+  const now = deps.now();
+  if (now < nextReviveAllowedAt) return nextReviveAllowedAt;
+  const log = deps.log ?? console.error;
+  const updatedReviveAllowedAt = now + backoffMs;
+  log("collector was down, restarted it");
+  try {
+    deps.reviveCollector();
+  } catch (err) {
+    log(`collector revive attempt failed: ${err.message}`);
   }
+  return updatedReviveAllowedAt;
 }
-function bootoutDaemon(options = {}) {
-  const runLaunchctl = options.runLaunchctl ?? defaultLaunchctlRunner;
-  const uid = options.uid ?? currentUid();
-  const result = runLaunchctl(["bootout", `gui/${uid}/${PLIST_LABEL}`]);
-  return result.status === 0;
-}
-function parseDaemonPrint(result) {
-  if (result.status !== 0) {
-    return { loaded: false, running: false, pid: null };
+function isRetryablePostResult(result) {
+  if (result.ok) return false;
+  if (result.reason === "network") return true;
+  if (result.reason === "no-key") return false;
+  if (result.reason === "http") {
+    return result.status === 429 || result.status >= 500;
   }
-  const out = result.stdout;
-  const running = /\bstate\s*=\s*running\b/.test(out);
-  const pidMatch = out.match(/\bpid\s*=\s*(\d+)/);
-  const pid = pidMatch ? parseInt(pidMatch[1], 10) : null;
-  return { loaded: true, running, pid };
-}
-function queryDaemonStatus(options = {}) {
-  const runLaunchctl = options.runLaunchctl ?? defaultLaunchctlRunner;
-  const uid = options.uid ?? currentUid();
-  return parseDaemonPrint(runLaunchctl(["print", `gui/${uid}/${PLIST_LABEL}`]));
+  return false;
 }
-function readLastLines(path, maxLines) {
-  if (!existsSync(path)) return [];
+function readQueue(queuePath) {
+  if (!queuePath || !existsSync(queuePath)) return [];
   let text;
   try {
-    text = readFileSync(path, "utf8");
+    text = readFileSync(queuePath, "utf8");
   } catch {
     return [];
   }
-  const lines = text.split("\n");
-  if (lines.length > 0 && lines[lines.length - 1] === "") lines.pop();
-  return lines.slice(-maxLines);
-}
-var ZSHRC_PATH = join(homedir(), ".zshrc");
-function lineSourcesCccEnv(rawLine) {
-  const trimmed = rawLine.trim();
-  if (!trimmed || trimmed.startsWith("#")) return false;
-  if (!/^(source|\.)\s/.test(trimmed)) return false;
-  return trimmed.includes(".marginfront-ccc/.env");
-}
-function findCccZshrcSourceLines(zshrcPath = ZSHRC_PATH) {
-  if (!existsSync(zshrcPath)) return { found: false, matchedLines: [] };
-  let text;
-  try {
-    text = readFileSync(zshrcPath, "utf8");
-  } catch {
-    return { found: false, matchedLines: [] };
+  const out = [];
+  for (const line of text.split("\n")) {
+    const trimmed = line.trim();
+    if (!trimmed) continue;
+    try {
+      out.push(JSON.parse(trimmed));
+    } catch {
+    }
   }
-  const matchedLines = text.split("\n").filter(lineSourcesCccEnv).map((line) => line.trim());
-  return { found: matchedLines.length > 0, matchedLines };
+  return out;
 }
-function removeCccZshrcSourceLine({
-  zshrcPath = ZSHRC_PATH,
-  log = console.log
-} = {}) {
-  if (!existsSync(zshrcPath)) {
-    log(`Nothing to remove: ${zshrcPath} doesn't exist.`);
-    return { removed: [], backupPath: null };
-  }
-  let text;
+function appendToQueue(queuePath, records) {
+  if (!queuePath || records.length === 0) return;
+  const payload = records.map((r) => JSON.stringify(r) + "\n").join("");
   try {
-    text = readFileSync(zshrcPath, "utf8");
+    appendFileSync(queuePath, payload);
   } catch {
-    log(
-      `Could not read ${zshrcPath}, so I left it untouched - remove the \`source ~/.marginfront-ccc/.env\` line by hand if you like.`
-    );
-    return { removed: [], backupPath: null };
-  }
-  const removed = [];
-  const kept = [];
-  for (const line of text.split("\n")) {
-    if (lineSourcesCccEnv(line)) removed.push(line.trim());
-    else kept.push(line);
-  }
-  if (removed.length === 0) {
-    log(`Nothing to remove in ${zshrcPath}: no MarginFront source line found.`);
-    return { removed: [], backupPath: null };
   }
-  const backupPath = `${zshrcPath}.ccc-bak`;
-  copyFileSync(zshrcPath, backupPath);
-  writeFileSync(zshrcPath, kept.join("\n"));
-  log(
-    `Removed the redundant 'source ~/.marginfront-ccc/.env' line from ${zshrcPath} (backup at ${backupPath}).`
-  );
-  return { removed, backupPath };
 }
-
-// src/forwarder.ts
-import {
-  readFileSync as readFileSync2,
-  existsSync as existsSync2,
-  statSync,
-  openSync as openSync2,
-  readSync,
-  closeSync,
-  writeFileSync as writeFileSync2,
-  appendFileSync,
-  rmSync as rmSync2
-} from "fs";
-import { createHash as createHash2 } from "crypto";
-import { createRequire } from "module";
-import process2 from "process";
-var _cccRequire = createRequire(import.meta.url);
-function resolveCccPackageVersion() {
-  if ("0.5.4".length > 0) {
-    return "0.5.4";
-  }
+function writeQueue(queuePath, records) {
+  if (!queuePath) return;
   try {
-    const pkg = _cccRequire("../package.json");
-    if (typeof pkg.version === "string" && pkg.version.length > 0) {
-      return pkg.version;
+    if (records.length === 0) {
+      if (existsSync(queuePath)) rmSync(queuePath, { force: true });
+      return;
     }
+    writeFileSync(
+      queuePath,
+      records.map((r) => JSON.stringify(r) + "\n").join("")
+    );
   } catch {
   }
-  return "0.0.0-unknown";
 }
-var CCC_PACKAGE_VERSION = resolveCccPackageVersion();
-var DEFAULT_INGEST_URL = "https://api.marginfront.com/v1/sdk/usage/record";
-function resolveIngestUrl(override = process2.env.MARGINFRONT_INGEST_URL) {
-  if (!override) return DEFAULT_INGEST_URL;
-  try {
-    const url = new URL(override);
-    const host = url.hostname;
-    const onMarginFront = host === "marginfront.com" || host.endsWith(".marginfront.com");
-    if (url.protocol === "https:" && onMarginFront) return override;
-  } catch {
+function watchAndForward(filePath, options = {}) {
+  const foldCache = options.foldCache === true;
+  const fallbackCustomerId = options.fallbackCustomerId;
+  const cursorPath = options.cursorPath;
+  const pidFilePath = options.pidFilePath;
+  const developerOverride = resolveDeveloperOverride(process.env);
+  if (!process.env.MARGINFRONT_API_KEY) {
+    console.error(
+      "MARGINFRONT_API_KEY is not set. Set it in your shell before watching: export MARGINFRONT_API_KEY=..."
+    );
+    process.exit(1);
   }
-  console.error(
-    "Ignoring MARGINFRONT_INGEST_URL - only an https://*.marginfront.com URL is allowed; sending to production instead."
-  );
-  return DEFAULT_INGEST_URL;
-}
-var MARGINFRONT_INGEST_URL = resolveIngestUrl();
-var AGENT_CODE = "claude-code";
-var SIGNAL_NAME = "claude-code-turn";
-var MODEL_PROVIDER = "anthropic";
-var AGENT_CODE_CODEX = "codex";
-var SIGNAL_NAME_CODEX = "codex-turn";
-var MODEL_PROVIDER_CODEX = "openai";
-var CODEX_USAGE_EVENT_NAME = "codex.sse_event";
-var CODEX_INPUT_TOKEN_KEY = "input_token_count";
-var CODEX_OUTPUT_TOKEN_KEY = "output_token_count";
-var CODEX_CACHED_TOKEN_KEY = "cached_token_count";
-var CODEX_REASONING_TOKEN_KEY = "reasoning_token_count";
-var CODEX_TOOL_TOKEN_KEY = "tool_token_count";
-var CODEX_TOKEN_KEYS = [
-  CODEX_INPUT_TOKEN_KEY,
-  CODEX_OUTPUT_TOKEN_KEY,
-  CODEX_CACHED_TOKEN_KEY,
-  CODEX_REASONING_TOKEN_KEY
-];
-var CODEX_EXCLUDED_MODELS = /* @__PURE__ */ new Set(["codex-auto-review"]);
-var SIGNAL_NAME_TOOL = "claude-code-tool";
-var SIGNAL_NAME_TOOL_CODEX = "codex-tool";
-var CLAUDE_TOOL_RESULT_EVENT = "claude_code.tool_result";
-var CODEX_TOOL_RESULT_EVENT = "codex.tool_result";
-var TOOL_NAME_KEYS = ["tool_name", "tool.name"];
-var MODEL_PROVIDER_TOOL = "tool";
-var BUILTIN_NONBILLABLE_TOOLS = /* @__PURE__ */ new Set([
-  // Claude Code built-ins
-  "Read",
-  "Edit",
-  "Write",
-  "MultiEdit",
-  "NotebookEdit",
-  "NotebookRead",
-  "Bash",
-  "BashOutput",
-  "KillShell",
-  "KillBash",
-  "Grep",
-  "Glob",
-  "LS",
-  "TodoWrite",
-  "ExitPlanMode",
-  "Task",
-  "Agent",
-  // alternate name for Task - hedge against the rename
-  "SlashCommand",
-  "ToolSearch",
-  // Codex built-ins (free + high-volume)
-  "exec_command",
-  "apply_patch"
-]);
-var ENVIRONMENT = "development";
-var WATCH_POLL_MS = 1e3;
-var NO_IDENTITY_CUSTOMER = "claude-code-no-identity";
-var CODEX_NO_IDENTITY_CUSTOMER = "codex-no-identity";
-function attributesToLookup(attributeList) {
-  const lookup = {};
-  if (!Array.isArray(attributeList)) return lookup;
-  for (const attribute of attributeList) {
-    if (attribute && typeof attribute.key === "string" && attribute.value) {
-      lookup[attribute.key] = attribute.value.stringValue;
+  if (pidFilePath) {
+    try {
+      writeFileSync(pidFilePath, String(process.pid));
+    } catch {
     }
   }
-  return lookup;
-}
-function dataPointTokenCount(dataPoint) {
-  if (dataPoint == null) return 0;
-  if (dataPoint.asInt !== void 0 && dataPoint.asInt !== null) {
-    const parsed = parseInt(String(dataPoint.asInt), 10);
-    return Number.isFinite(parsed) ? parsed : 0;
-  }
-  if (dataPoint.asDouble !== void 0 && dataPoint.asDouble !== null) {
-    const parsed = Math.round(Number(dataPoint.asDouble));
-    return Number.isFinite(parsed) ? parsed : 0;
+  console.log(
+    `Watching ${filePath} for live Claude Code + Codex usage` + (foldCache ? " (fold-cache: cache tokens rolled into input)" : "") + "\u2026 Ctrl-C to stop."
+  );
+  let cursorBytes = readWatchCursor(cursorPath);
+  let running = false;
+  const queuePath = options.queuePath;
+  let queuedCount = readQueue(queuePath).length;
+  let queueBackoffMs = QUEUE_BACKOFF_START_MS;
+  let nextQueueRetryAt = 0;
+  const hhmmss = () => (/* @__PURE__ */ new Date()).toISOString().slice(11, 19);
+  let nextCollectorReviveAt = 0;
+  const collectorHealDeps = {
+    isCollectorAlive: () => isPidAlive(readCollectorPid()),
+    reviveCollector: () => {
+      startCollector();
+    },
+    now: () => Date.now(),
+    log: (message) => console.error(`[${hhmmss()}] ${message}`)
+  };
+  function logSuccess(body, result, stamp) {
+    if (!result.ok) return;
+    for (const rec of body.records) {
+      const row = successRowsFrom(result.parsed).find(
+        (r) => r?.customerExternalId === rec.customerExternalId
+      );
+      const cost = row?.totalCostUsd != null ? `$${row.totalCostUsd}` : "$?";
+      const eventId = row?.eventId ? ` event=${row.eventId}` : "";
+      const reference = "source" in rec.metadata ? `src=${rec.metadata.source}` : `cc=$${rec.metadata.claudeCodeCostUsd ?? "?"}`;
+      const volume = rec.quantity !== void 0 ? `qty=${rec.quantity} tool=${"toolName" in rec.metadata ? rec.metadata.toolName : "?"}` : `in=${rec.inputTokens} out=${rec.outputTokens}`;
+      console.log(
+        `[${stamp}] recorded ${rec.customerExternalId} \xB7 ${volume} \xB7 server=${cost} \xB7 ${reference}${eventId}`
+      );
+    }
   }
-  return 0;
-}
-function collectDataPointsForMetric(parsedOtlp, metricName) {
-  const collectedDataPoints = [];
-  const resourceMetricsList = parsedOtlp?.resourceMetrics;
-  if (!Array.isArray(resourceMetricsList)) return collectedDataPoints;
-  for (const resourceMetric of resourceMetricsList) {
-    const scopeMetricsList = resourceMetric?.scopeMetrics;
-    if (!Array.isArray(scopeMetricsList)) continue;
-    for (const scopeMetric of scopeMetricsList) {
-      const metricsList = scopeMetric?.metrics;
-      if (!Array.isArray(metricsList)) continue;
-      for (const metric of metricsList) {
-        if (metric?.name !== metricName) continue;
-        const dataPointsList = metric?.sum?.dataPoints;
-        if (!Array.isArray(dataPointsList)) continue;
-        for (const dataPoint of dataPointsList) {
-          collectedDataPoints.push(dataPoint);
-        }
-      }
+  function logFailure(result, stamp) {
+    if (result.ok) return;
+    if (result.reason === "http") {
+      console.error(
+        `[${stamp}] MarginFront HTTP ${result.status}: ${result.body}`
+      );
+    } else if (result.reason === "network") {
+      console.error(
+        `[${stamp}] could not reach MarginFront: ${result.message}`
+      );
+    } else {
+      console.error(`[${stamp}] send failed (${result.reason}).`);
     }
   }
-  return collectedDataPoints;
-}
-function normalizeModelId(rawModelId) {
-  if (typeof rawModelId !== "string") return rawModelId;
-  const withoutContextSuffix = rawModelId.replace(/\[.*\]$/, "");
-  const dottedVersion = withoutContextSuffix.replace(
-    /^(claude-[a-z]+-\d+)-(\d+)$/,
-    "$1.$2"
-  );
-  return dottedVersion;
-}
-function idempotencyKeyFor(rawSourceLine, email, rawModel, sessionId, indexWithinLine) {
-  return createHash2("sha256").update(
-    `${rawSourceLine}|${email}|${rawModel}|${sessionId ?? ""}|${indexWithinLine}`
-  ).digest("hex");
-}
-function buildMarginFrontRequestBody(parsedOtlp, options = {}) {
-  const foldCache = options.foldCache === true;
-  const fallbackCustomerId = typeof options.fallbackCustomerId === "string" && options.fallbackCustomerId.length > 0 ? options.fallbackCustomerId : null;
-  const tokenDataPoints = collectDataPointsForMetric(
-    parsedOtlp,
-    "claude_code.token.usage"
-  );
-  const costDataPoints = collectDataPointsForMetric(
-    parsedOtlp,
-    "claude_code.cost.usage"
-  );
-  const groupsByKey = /* @__PURE__ */ new Map();
-  function makeGroupKey(email, model, sessionId) {
-    return `${email}
-${model}
-${sessionId}`;
-  }
-  for (const dataPoint of tokenDataPoints) {
-    const attributes = attributesToLookup(dataPoint.attributes);
-    const email = attributes["user.email"] || fallbackCustomerId;
-    const rawModel = attributes["model"];
-    const sessionId = attributes["session.id"];
-    const tokenType = attributes["type"];
-    const tokenCount = dataPointTokenCount(dataPoint);
-    if (!email || !rawModel || !sessionId) continue;
-    const groupKey = makeGroupKey(email, rawModel, sessionId);
-    let group = groupsByKey.get(groupKey);
-    if (!group) {
-      group = {
-        email,
-        rawModel,
-        sessionId,
-        inputTokens: 0,
-        outputTokens: 0,
-        cacheReadTokens: 0,
-        cacheCreationTokens: 0
-      };
-      groupsByKey.set(groupKey, group);
+  function enqueueFailed(records, stamp) {
+    const room = Math.max(0, MAX_QUEUE_RECORDS - queuedCount);
+    const toQueue = records.slice(0, room);
+    const shed = records.length - toQueue.length;
+    if (toQueue.length > 0) {
+      appendToQueue(queuePath, toQueue);
+      queuedCount += toQueue.length;
+      console.error(
+        `[${stamp}] send failed - queued ${toQueue.length} record(s) for retry (${queuedCount} now in queue).`
+      );
     }
-    if (tokenType === "input") {
-      group.inputTokens += tokenCount;
-    } else if (tokenType === "output") {
-      group.outputTokens += tokenCount;
-    } else if (tokenType === "cacheRead") {
-      group.cacheReadTokens += tokenCount;
-    } else if (tokenType === "cacheCreation") {
-      group.cacheCreationTokens += tokenCount;
+    if (shed > 0) {
+      console.error(
+        `[${stamp}] QUEUE FULL (cap ${MAX_QUEUE_RECORDS}): shed ${shed} record(s) - these turns are LOST. The ingest endpoint has been unreachable for a long time; check connectivity.`
+      );
     }
+    nextQueueRetryAt = Date.now() + queueBackoffMs;
+    queueBackoffMs = Math.min(queueBackoffMs * 2, QUEUE_BACKOFF_MAX_MS);
   }
-  function findCostForGroup(email, rawModel, sessionId) {
-    for (const costPoint of costDataPoints) {
-      const costAttributes = attributesToLookup(costPoint.attributes);
-      const costEmail = costAttributes["user.email"] || fallbackCustomerId;
-      if (costEmail === email && costAttributes["model"] === rawModel && costAttributes["session.id"] === sessionId) {
-        return typeof costPoint.asDouble === "number" ? costPoint.asDouble : null;
+  async function drainQueue() {
+    if (!queuePath || queuedCount === 0) return;
+    if (Date.now() < nextQueueRetryAt) return;
+    const queued = readQueue(queuePath);
+    queuedCount = queued.length;
+    if (queued.length === 0) return;
+    const batch = queued.slice(0, MAX_RECORDS_PER_DRAIN);
+    const result = await postToMarginFront({ records: batch });
+    const stamp = hhmmss();
+    if (result.ok) {
+      const remaining = queued.slice(batch.length);
+      writeQueue(queuePath, remaining);
+      queuedCount = remaining.length;
+      queueBackoffMs = QUEUE_BACKOFF_START_MS;
+      nextQueueRetryAt = 0;
+      console.log(
+        `[${stamp}] queue: ${batch.length} retried record(s) landed \xB7 ${remaining.length} still queued.`
+      );
+    } else if (isRetryablePostResult(result)) {
+      logFailure(result, stamp);
+      const waitMs = queueBackoffMs;
+      nextQueueRetryAt = Date.now() + waitMs;
+      queueBackoffMs = Math.min(queueBackoffMs * 2, QUEUE_BACKOFF_MAX_MS);
+      console.error(
+        `[${stamp}] queue: retry failed, ${queued.length} record(s) still queued (next attempt in ~${Math.round(waitMs / 1e3)}s).`
+      );
+    } else {
+      const remaining = queued.slice(batch.length);
+      writeQueue(queuePath, remaining);
+      queuedCount = remaining.length;
+      console.error(
+        `[${stamp}] queue: dropping ${batch.length} record(s) - terminal failure (server rejected them, retrying can't help).`
+      );
+    }
+  }
+  async function processNewLines() {
+    if (running) return;
+    running = true;
+    try {
+      await drainQueue();
+      const { lines, nextCursor } = readNewCompleteLines(filePath, cursorBytes);
+      for (const rawLine of lines) {
+        const line = rawLine.trim();
+        if (!line) continue;
+        let parsed;
+        try {
+          parsed = JSON.parse(line);
+        } catch {
+          console.error("(skipped one telemetry line that wasn't valid JSON)");
+          continue;
+        }
+        const body = buildRequestBodyForLine(parsed, {
+          foldCache,
+          fallbackCustomerId,
+          developerOverride,
+          rawSourceLine: line
+        });
+        if (!body.records.length) continue;
+        const result = await postToMarginFront(body);
+        const stamp = hhmmss();
+        if (!result.ok) {
+          logFailure(result, stamp);
+          if (queuePath && isRetryablePostResult(result)) {
+            enqueueFailed(body.records, stamp);
+          } else if (queuePath) {
+            console.error(
+              `[${stamp}] dropping ${body.records.length} record(s): terminal send failure (not retryable).`
+            );
+          }
+          continue;
+        }
+        logSuccess(body, result, stamp);
+        if (queuedCount > 0) {
+          queueBackoffMs = QUEUE_BACKOFF_START_MS;
+          nextQueueRetryAt = 0;
+        }
+      }
+      if (nextCursor !== cursorBytes) {
+        cursorBytes = nextCursor;
+        writeWatchCursor(cursorPath, cursorBytes);
       }
+    } finally {
+      running = false;
     }
-    return null;
   }
-  const records = [];
-  for (const group of groupsByKey.values()) {
-    const cacheReadTokens = group.cacheReadTokens;
-    const cacheCreationTokens = group.cacheCreationTokens;
-    const cacheTokens = cacheReadTokens + cacheCreationTokens;
-    const billedInputTokens = foldCache ? group.inputTokens + cacheTokens : group.inputTokens;
-    if (group.inputTokens === 0 && group.outputTokens === 0 && cacheTokens === 0)
-      continue;
-    const claudeCodeCostUsd = findCostForGroup(
-      group.email,
-      group.rawModel,
-      group.sessionId
+  processNewLines().catch(
+    (e) => console.error(`watch error: ${e.message}`)
+  );
+  const timer = setInterval(() => {
+    nextCollectorReviveAt = maybeReviveCollector(
+      collectorHealDeps,
+      nextCollectorReviveAt,
+      COLLECTOR_REVIVE_BACKOFF_MS
     );
-    const record = {
-      // Per-engineer attribution: the engineer's email IS the customer id (or the
-      // no-identity placeholder).
-      customerExternalId: group.email,
-      agentCode: AGENT_CODE,
-      signalName: SIGNAL_NAME,
-      model: normalizeModelId(group.rawModel),
-      modelProvider: MODEL_PROVIDER,
-      inputTokens: billedInputTokens,
-      outputTokens: group.outputTokens,
-      environment: ENVIRONMENT,
-      // usageDate omitted so MarginFront defaults it to "now."
-      metadata: {
-        sessionId: group.sessionId,
-        rawModel: group.rawModel,
-        // Raw cache numbers ALWAYS recorded (audit), whether typed or folded.
-        cacheReadTokens,
-        cacheCreationTokens,
-        // Whether inputTokens includes cache (fold) or not (default).
-        cacheFoldedIntoInput: foldCache,
-        // Claude Code's own cache-accurate cost - reconciliation ground truth,
-        // not the billed figure.
-        claudeCodeCostUsd
+    processNewLines().catch(
+      (e) => console.error(`watch error: ${e.message}`)
+    );
+  }, WATCH_POLL_MS);
+  return function stop() {
+    clearInterval(timer);
+    if (pidFilePath) {
+      try {
+        rmSync(pidFilePath, { force: true });
+      } catch {
       }
-    };
-    if (!foldCache) {
-      record.cacheReadTokens = cacheReadTokens;
-      record.cacheWriteTokens = cacheCreationTokens;
-    }
-    if (options.rawSourceLine !== void 0) {
-      record.idempotencyKey = idempotencyKeyFor(
-        options.rawSourceLine,
-        group.email,
-        group.rawModel,
-        group.sessionId,
-        records.length
-      );
     }
-    records.push(record);
-  }
-  return { records };
+  };
 }
-function logAttributesToLookup(attributeList) {
-  const lookup = {};
-  if (!Array.isArray(attributeList)) return lookup;
-  for (const attribute of attributeList) {
-    if (attribute && typeof attribute.key === "string" && attribute.value) {
-      lookup[attribute.key] = attribute.value;
-    }
+
+// src/connector.ts
+var CONFIG_DIR = join(homedir(), ".marginfront-ccc");
+var ENV_PATH = join(CONFIG_DIR, ".env");
+var COLLECTOR_CONFIG_PATH = join(CONFIG_DIR, "otel-collector.yaml");
+var COLLECTOR_BIN_PATH = join(CONFIG_DIR, "otelcol-contrib");
+var LIVE_JSONL_PATH = join(CONFIG_DIR, "live-otlp.jsonl");
+var COLLECTOR_PID_PATH = join(CONFIG_DIR, "collector.pid");
+var COLLECTOR_LOG_PATH = join(CONFIG_DIR, "collector.log");
+var FORWARDER_CURSOR_PATH = join(CONFIG_DIR, "forwarder.cursor");
+var FORWARDER_QUEUE_PATH = join(CONFIG_DIR, "forwarder.queue.jsonl");
+var FORWARDER_PID_PATH = join(CONFIG_DIR, "forwarder.pid");
+var VERSION_PATTERN = /^v\d+\.\d+\.\d+$/;
+function resolveOtelcolVersion(override = process2.env.CCC_OTELCOL_VERSION) {
+  const DEFAULT_VERSION = "v0.154.0";
+  if (!override) return DEFAULT_VERSION;
+  if (!VERSION_PATTERN.test(override)) {
+    throw new Error(
+      `Invalid CCC_OTELCOL_VERSION "${override}".
+What happened: you set the collector version override, but it isn't a valid version number.
+Why this is strict: that value goes into a download URL and a filename, so a malformed one could point the installer somewhere unsafe. We refuse rather than guess.
+Fix: use the form vMAJOR.MINOR.PATCH (for example CCC_OTELCOL_VERSION=v0.154.0), or unset it to use the built-in pinned version.`
+    );
   }
-  return lookup;
+  return override;
 }
-function logAttrString(value) {
-  if (value && typeof value.stringValue === "string") return value.stringValue;
-  return void 0;
+var OTELCOL_VERSION = resolveOtelcolVersion();
+var COLLECTOR_CHECKSUMS = {
+  "otelcol-contrib_0.154.0_darwin_amd64.tar.gz": "14f7f825a7ad7ee0799947ff70a42b9a5528a9c1411ab45f8fcc4caeb9346f7b",
+  "otelcol-contrib_0.154.0_darwin_arm64.tar.gz": "de3af70ef0b80af213911cc9ba8daf553348dd22ed1fb15db561d207fc2cb3d9",
+  "otelcol-contrib_0.154.0_linux_amd64.tar.gz": "f0fe6e7b1d81936d4e5a3aad7a678f3fc2f8ada2a9f8f37f37542813c12ed322",
+  "otelcol-contrib_0.154.0_linux_arm64.tar.gz": "52310bfcb5a952c072e8abff7f0f2940ee38cea36752a4a4e1a4e21c2088c3f9"
+};
+function verifyTarballChecksum(tarballPath, expectedSha256) {
+  const actual = createHash2("sha256").update(readFileSync2(tarballPath)).digest("hex").toLowerCase();
+  return actual === expectedSha256.toLowerCase();
 }
-function logAttrTokenCount(value) {
-  if (value == null) return 0;
-  if (value.intValue !== void 0 && value.intValue !== null) {
-    const parsed = parseInt(String(value.intValue), 10);
-    return Number.isFinite(parsed) ? parsed : 0;
+function renderEnvFile() {
+  return `# ============================================================
+# Claude Code -> MarginFront connector: environment settings
+# ============================================================
+# MAIN JOB of this file: hold your MARGINFRONT_API_KEY (below) so the background
+# meter can read it - fill that in (init usually does it for you).
+#
+# As of v0.5.0 you do NOT need to 'source' this before running Claude Code:
+# 'init' wires the telemetry settings into ~/.claude/settings.json for you, so
+# every 'claude'/'codex' session (and the desktop apps) broadcast on their own.
+# Sourcing this is only useful for the manual, foreground 'run' path.
+#
+# This file stays on your machine; it is never published or committed.
+# ============================================================
+
+# Turns on Claude Code's usage broadcasting. Leave as 1.
+CLAUDE_CODE_ENABLE_TELEMETRY=1
+
+# Send usage as OpenTelemetry metrics. Leave as otlp.
+OTEL_METRICS_EXPORTER=otlp
+
+# Send Claude Code's EVENTS (the per-tool-call records) too. Leave as otlp.
+# Tokens come in as metrics (above); a paid tool call (Google Maps, Browserbase,
+# a paid MCP server) only shows up on this EVENT stream - without this line Claude
+# Code broadcasts no tool activity and tool spend can't be tracked (LOWAI-478).
+OTEL_LOGS_EXPORTER=otlp
+
+# Use HTTP/protobuf. Verified working; gRPC on 4317 silently failed in testing.
+OTEL_EXPORTER_OTLP_PROTOCOL=http/protobuf
+
+# Where the local collector listens. Must match the collector YAML.
+OTEL_EXPORTER_OTLP_ENDPOINT=http://127.0.0.1:4318
+
+# How often Claude Code flushes usage, in milliseconds.
+#   300000 = 5 minutes - batches usage so you get roughly one event per turn
+#   without a long wait. Raise to 600000 (10 min) to batch harder; lower to
+#   60000 (1 min) or 5000 (5 s) for a more live drip.
+OTEL_METRIC_EXPORT_INTERVAL=300000
+
+# Tool-call costs (LOWAI-478) need NOTHING configured here. Every tool your agents
+# fire (other than free built-ins like Read/Bash) is forwarded automatically;
+# MarginFront's pricing catalog decides what's billable and at what rate. Add price
+# rows for your paid tools in MarginFront - there's no client-side list to maintain.
+
+# WHO this machine's AI cost belongs to (per-developer attribution).
+# WHY THIS EXISTS, plainly: lots of teams share ONE Claude/Codex login, so every
+# developer's usage carries the SAME login email and all the cost piles onto one
+# person. CCC runs locally on each laptop, so naming the developer here splits that
+# shared-login cost back out per developer. This is INTERNAL cost visibility only -
+# it does NOT change anyone's bill.
+#
+# HOW IT'S USED at send time (precedence, highest wins):
+#   1. This CCC_DEVELOPER_EMAIL, when set - it wins for EVERY record from this machine.
+#   2. Otherwise the email the coding-agent login reports (user.email).
+#   3. Otherwise a clearly-labeled no-identity placeholder.
+# Leave it BLANK to keep today's behavior (auto-detect from the login). init fills
+# this in for you, defaulting to your global git user.email - change it anytime.
+CCC_DEVELOPER_EMAIL=
+
+# YOUR MarginFront SECRET key (mf_sk_*). Create or copy one at:
+#   app.marginfront.com -> Build -> API Keys -> "Create Key Pair"
+#   (https://app.marginfront.com/developer-zone/api-keys)
+# Use the SECRET key (mf_sk_*) - a publishable key (mf_pk_*) is rejected on send.
+# The forwarder reads this from the environment only; it is never hardcoded.
+# Leave blank to run in no-identity preview mode (see the README).
+MARGINFRONT_API_KEY=
+`;
+}
+function renderCollectorYaml(jsonlPath = LIVE_JSONL_PATH) {
+  return `# OpenTelemetry Collector config - Claude Code -> MarginFront
+# ---------------------------------------------------------------------------
+# WHAT THIS DOES, plainly: it's the "catcher." Claude Code broadcasts its token
+# usage here; this collector batches what it hears and writes it to a file,
+# which the forwarder tails and turns into MarginFront usage rows.
+# ---------------------------------------------------------------------------
+
+receivers:
+  # The door Claude Code knocks on. It listens for OpenTelemetry (OTLP) on the
+  # two standard local ports. We point Claude Code at HTTP/protobuf on 4318 -
+  # gRPC on 4317 silently failed to connect from Claude Code 2.1.185 in testing,
+  # so 4318 is the one that actually works. Bound to localhost only.
+  otlp:
+    protocols:
+      grpc:
+        endpoint: 127.0.0.1:4317
+      http:
+        endpoint: 127.0.0.1:4318
+
+processors:
+  # THE NO-DOUBLE-COUNT PROCESSOR. Claude Code emits CUMULATIVE counters (each
+  # export is the running total since the session started), and it ignores the
+  # "give me deltas" env var. Without this, the forwarder would record the
+  # running total every export - re-counting everything before it. This turns
+  # each cumulative total into the increment since the last export.
+  cumulativetodelta: {}
+
+  # Group what arrives into small batches and flush quickly, so the live view
+  # feels near-real-time rather than trickling one datapoint at a time.
+  batch:
+    timeout: 1s
+
+exporters:
+  # Write each batch as one line of OTLP/JSON (JSON Lines). The forwarder
+  # watches this file and records each new line. Both pipelines below share this
+  # one exporter, so Claude Code's metrics and Codex's logs land in the SAME file
+  # (each as its own line) and the one forwarder reads both.
+  file:
+    path: ${jsonlPath}
+
+service:
+  telemetry:
+    logs:
+      # The collector's OWN log verbosity (how chatty otelcol itself is). This is
+      # NOT a data pipeline - it does not catch Codex's usage logs. The pipeline
+      # that does is service.pipelines.logs below. Keep this quiet.
+      level: warn
+  pipelines:
+    # Claude Code source: token + cost COUNTERS arrive as metrics.
+    # Receive -> de-dupe (cumulative->delta) -> batch -> file.
+    metrics:
+      receivers: [otlp]
+      processors: [cumulativetodelta, batch]
+      exporters: [file]
+    # Codex source (LOWAI-463): Codex reports usage on the LOG stream, not as
+    # metrics, so it needs its own pipeline. No cumulativetodelta here - that's a
+    # METRICS processor and doesn't apply to logs; each Codex log record is one
+    # turn's usage on its own. Receive -> batch -> file (the same file).
+    logs:
+      receivers: [otlp]
+      processors: [batch]
+      exporters: [file]
+`;
+}
+var CODEX_CONFIG_PATH = join(homedir(), ".codex", "config.toml");
+var CODEX_CCC_BEGIN_MARKER = "# >>> MarginFront code-cost-clarity - auto-added; `npx @marginfront/code-cost-clarity uninstall` removes this block >>>";
+var CODEX_CCC_END_MARKER = "# <<< MarginFront code-cost-clarity - end of auto-added block <<<";
+var CODEX_OTEL_TOML_BLOCK = [
+  "[otel]",
+  'exporter = { otlp-http = { endpoint = "http://127.0.0.1:4318/v1/logs", protocol = "binary" } }'
+].join("\n");
+function renderCodexCccBlock() {
+  return [
+    CODEX_CCC_BEGIN_MARKER,
+    CODEX_OTEL_TOML_BLOCK,
+    CODEX_CCC_END_MARKER
+  ].join("\n");
+}
+function renderCodexConfigInstructions() {
+  return [
+    "Optional - also capture Codex (in addition to, or instead of, Claude Code):",
+    "",
+    "  Codex reports its usage to the SAME local collector, so there's nothing",
+    "  extra to install. Add this block to your ~/.codex/config.toml:",
+    "",
+    // Single-sourced from CODEX_OTEL_TOML_BLOCK above, indented for the printout,
+    // so the pasted block always matches what the auto-writer would write.
+    ...CODEX_OTEL_TOML_BLOCK.split("\n").map((line) => "    " + line),
+    "",
+    "  Then run Codex normally. `run` already watches both sources - Claude Code,",
+    "  Codex, or both - from the one collector file; there's no extra flag.",
+    "",
+    "  Note: exact [otel] key names can vary by Codex version, and whether your",
+    "  developer email shows up depends on how you sign in (org API key vs ChatGPT",
+    "  login). If the email doesn't surface, usage still lands under the no-identity",
+    "  placeholder. See the README's Codex section for the full details."
+  ].join("\n");
+}
+function lineDeclaresOtelTable(rawLine) {
+  const beforeComment = rawLine.split("#")[0].trim();
+  if (!beforeComment) return false;
+  let firstToken;
+  if (beforeComment.startsWith("[")) {
+    const inner = beforeComment.replace(/^\[+/, "").trim();
+    const path = inner.split("]")[0].trim();
+    firstToken = path.split(".")[0].trim();
+  } else {
+    firstToken = beforeComment.split(/[.=\s]/)[0].trim();
+  }
+  firstToken = firstToken.replace(/^["']|["']$/g, "");
+  return firstToken === "otel";
+}
+function codexConfigHasOtelTable(content) {
+  return content.split(/\r?\n/).some(lineDeclaresOtelTable);
+}
+function codexConfigHasCccBlock(configPath = CODEX_CONFIG_PATH) {
+  if (!existsSync2(configPath)) return false;
+  try {
+    return readFileSync2(configPath, "utf8").includes(CODEX_CCC_BEGIN_MARKER);
+  } catch {
+    return false;
+  }
+}
+function writeCodexOtelConfig({
+  configPath = CODEX_CONFIG_PATH,
+  log = console.log
+} = {}) {
+  if (!existsSync2(configPath)) {
+    mkdirSync(dirname(configPath), { recursive: true });
+    writeFileSync2(configPath, renderCodexCccBlock() + "\n");
+    log(
+      `Created ${configPath} and wired Codex to the local collector for you.`
+    );
+    return { action: "created", backupPath: null };
+  }
+  const content = readFileSync2(configPath, "utf8");
+  if (content.includes(CODEX_CCC_BEGIN_MARKER)) {
+    log(`Codex is already wired up in ${configPath} - nothing to do.`);
+    return { action: "skipped-existing", backupPath: null };
+  }
+  if (codexConfigHasOtelTable(content)) {
+    log(
+      `Left your existing [otel] settings in ${configPath} untouched - add the MarginFront block by hand if you want Codex captured too.`
+    );
+    return { action: "skipped-existing", backupPath: null };
+  }
+  const backupPath = `${configPath}.ccc-bak`;
+  copyFileSync(configPath, backupPath);
+  const separator = content.length > 0 ? "\n" : "";
+  writeFileSync2(configPath, content + separator + renderCodexCccBlock() + "\n");
+  log(
+    `Added the MarginFront telemetry block to ${configPath} (backup at ${backupPath}).`
+  );
+  return { action: "appended", backupPath };
+}
+function removeCodexOtelConfig({
+  configPath = CODEX_CONFIG_PATH,
+  log = console.log
+} = {}) {
+  if (!existsSync2(configPath)) {
+    log(
+      `Nothing to undo: ${configPath} doesn't exist (Codex was never wired up here).`
+    );
+    return { action: "missing", backupPath: null };
+  }
+  const content = readFileSync2(configPath, "utf8");
+  const beginIdx = content.indexOf(CODEX_CCC_BEGIN_MARKER);
+  const endIdx = content.indexOf(CODEX_CCC_END_MARKER);
+  if (beginIdx === -1 || endIdx === -1 || endIdx < beginIdx) {
+    log(
+      `Nothing to undo: ${configPath} has no MarginFront block (left every other setting untouched).`
+    );
+    return { action: "no-marker", backupPath: null };
+  }
+  let cutStart = beginIdx;
+  let cutEnd = endIdx + CODEX_CCC_END_MARKER.length;
+  if (content[cutEnd] === "\n") cutEnd += 1;
+  if (content[cutStart - 1] === "\n") {
+    cutStart -= 1;
+  }
+  const backupPath = existsSync2(`${configPath}.ccc-bak`) ? `${configPath}.ccc-bak` : null;
+  writeFileSync2(configPath, content.slice(0, cutStart) + content.slice(cutEnd));
+  log(
+    `Removed the MarginFront block from ${configPath}` + (backupPath ? ` (your original is preserved at ${backupPath}).` : ".")
+  );
+  return { action: "removed", backupPath };
+}
+function resolveCollectorAsset(nodePlatform = platform(), nodeArch = arch(), version = OTELCOL_VERSION) {
+  const osMap = { darwin: "darwin", linux: "linux" };
+  const archMap = { arm64: "arm64", x64: "amd64" };
+  const os = osMap[nodePlatform];
+  const cpu = archMap[nodeArch];
+  if (!os) {
+    throw new Error(
+      `Unsupported operating system "${nodePlatform}". The bundled collector supports macOS (darwin) and Linux. On Windows, run this under WSL.`
+    );
+  }
+  if (!cpu) {
+    throw new Error(
+      `Unsupported CPU architecture "${nodeArch}". The bundled collector supports arm64 and x64 (amd64).`
+    );
+  }
+  const versionNoV = version.replace(/^v/, "");
+  const asset = `otelcol-contrib_${versionNoV}_${os}_${cpu}.tar.gz`;
+  const url = `https://github.com/open-telemetry/opentelemetry-collector-releases/releases/download/${version}/${asset}`;
+  return { os, cpu, asset, url, version };
+}
+function ensureCollectorBinary({
+  force = false,
+  log = console.log
+} = {}) {
+  if (existsSync2(COLLECTOR_BIN_PATH) && !force) {
+    log(
+      `Collector already present at ${COLLECTOR_BIN_PATH} - skipping download.`
+    );
+    return COLLECTOR_BIN_PATH;
+  }
+  const { asset, url, version } = resolveCollectorAsset();
+  const tgzPath = join(tmpdir(), asset);
+  log(
+    `Downloading the collector (${asset}, ~360 MB) - this can take a minute\u2026`
+  );
+  try {
+    execFileSync("curl", ["-fSL", "-o", tgzPath, url], { stdio: "inherit" });
+  } catch {
+    throw new Error(
+      `Could not download the collector from ${url}
+What happened: the download failed (network issue, or version ${version} has no asset for your platform).
+Fix: check your internet connection, or pin a different version with CCC_OTELCOL_VERSION=v0.155.0 (see the OpenTelemetry collector releases page).`
+    );
+  }
+  const expectedSha256 = COLLECTOR_CHECKSUMS[asset];
+  if (!expectedSha256) {
+    throw new Error(
+      `Refusing to run an unverified collector.
+What happened: there is no pinned, known-good fingerprint on file for "${asset}" (version ${version}).
+Why: this tool refuses to make ANY downloaded program executable unless we can first confirm it's exactly the release we trust.
+Fix: install the built-in pinned version (unset CCC_OTELCOL_VERSION), or add this release's official signed SHA-256 to the package's pinned checksums before installing it. The download is left at ${tgzPath} so you can verify it yourself.`
+    );
+  }
+  log("Verifying the downloaded collector's fingerprint\u2026");
+  if (!verifyTarballChecksum(tgzPath, expectedSha256)) {
+    try {
+      rmSync2(tgzPath, { force: true });
+    } catch {
+    }
+    throw new Error(
+      `Collector integrity check FAILED - refusing to install.
+What happened: the collector we downloaded for "${asset}" does NOT match its known-good fingerprint, so we deleted it and stopped.
+Why this probably happened: the file was altered between GitHub and your machine - most often a corporate TLS-inspecting proxy rewriting the download, a corrupted transfer, or (worst case) a tampered release.
+Fix: re-run the install on a network without a man-in-the-middle proxy. If it keeps failing on a clean network, do NOT bypass this - report it, because a persistent mismatch can mean the download is being tampered with.`
+    );
+  }
+  log("Fingerprint verified - the collector is exactly the trusted release.");
+  log(`Unpacking the collector into ${CONFIG_DIR}\u2026`);
+  try {
+    execFileSync("tar", ["xzf", tgzPath, "-C", CONFIG_DIR, "otelcol-contrib"], {
+      stdio: "inherit"
+    });
+  } catch {
+    throw new Error(
+      `Could not unpack ${tgzPath}.
+What happened: the downloaded archive didn't contain the expected otelcol-contrib binary, or tar isn't available.
+Fix: delete the file above and re-run \`npx @marginfront/code-cost-clarity init\`.`
+    );
+  } finally {
+    try {
+      rmSync2(tgzPath, { force: true });
+    } catch {
+    }
+  }
+  try {
+    execFileSync("chmod", ["755", COLLECTOR_BIN_PATH]);
+  } catch {
+  }
+  log(`Collector installed at ${COLLECTOR_BIN_PATH}.`);
+  return COLLECTOR_BIN_PATH;
+}
+function ensureConfigFiles({
+  log = console.log
+} = {}) {
+  if (!existsSync2(CONFIG_DIR)) {
+    mkdirSync(CONFIG_DIR, { recursive: true });
+    log(`Created ${CONFIG_DIR}.`);
   }
-  if (value.doubleValue !== void 0 && value.doubleValue !== null) {
-    const parsed = Math.round(Number(value.doubleValue));
-    return Number.isFinite(parsed) ? parsed : 0;
+  if (existsSync2(ENV_PATH)) {
+    log(`Kept your existing settings file at ${ENV_PATH} (API key preserved).`);
+  } else {
+    writeFileSync2(ENV_PATH, renderEnvFile(), { mode: 384 });
+    log(`Wrote settings template to ${ENV_PATH} - add your API key there.`);
   }
-  if (typeof value.stringValue === "string") {
-    const parsed = parseInt(value.stringValue, 10);
-    return Number.isFinite(parsed) ? parsed : 0;
+  writeFileSync2(COLLECTOR_CONFIG_PATH, renderCollectorYaml());
+  log(`Wrote collector config to ${COLLECTOR_CONFIG_PATH}.`);
+}
+function loadEnvFile(path = ENV_PATH) {
+  if (!existsSync2(path)) return {};
+  const loaded = {};
+  let text;
+  try {
+    text = readFileSync2(path, "utf8");
+  } catch {
+    return {};
   }
-  return 0;
+  for (const rawLine of text.split("\n")) {
+    const line = rawLine.trim();
+    if (!line || line.startsWith("#")) continue;
+    const eq = line.indexOf("=");
+    if (eq === -1) continue;
+    const key = line.slice(0, eq).trim();
+    let value = line.slice(eq + 1).trim();
+    if (value.length >= 2 && (value.startsWith('"') && value.endsWith('"') || value.startsWith("'") && value.endsWith("'"))) {
+      value = value.slice(1, -1);
+    }
+    if (!key) continue;
+    loaded[key] = value;
+    if (process2.env[key] === void 0) {
+      process2.env[key] = value;
+    }
+  }
+  return loaded;
 }
-function isCodexUsageRecord(lookup, eventName) {
-  if (eventName === CODEX_USAGE_EVENT_NAME) return true;
-  return CODEX_TOKEN_KEYS.some((key) => lookup[key] !== void 0);
+function writeApiKeyToEnv(value, path = ENV_PATH) {
+  const current = existsSync2(path) ? readFileSync2(path, "utf8") : renderEnvFile();
+  const keyLine = /^MARGINFRONT_API_KEY=.*$/m;
+  let next;
+  if (keyLine.test(current)) {
+    next = current.replace(keyLine, () => `MARGINFRONT_API_KEY=${value}`);
+  } else {
+    const sep = current.endsWith("\n") || current === "" ? "" : "\n";
+    next = `${current}${sep}MARGINFRONT_API_KEY=${value}
+`;
+  }
+  writeFileSync2(path, next, { mode: 384 });
+  chmodSync(path, 384);
 }
-function buildCodexRequestBody(parsedOtlp, options = {}) {
-  const foldCache = options.foldCache === true;
-  const fallbackCustomerId = typeof options.fallbackCustomerId === "string" && options.fallbackCustomerId.length > 0 ? options.fallbackCustomerId : CODEX_NO_IDENTITY_CUSTOMER;
-  const records = [];
-  const resourceLogsList = parsedOtlp?.resourceLogs;
-  if (!Array.isArray(resourceLogsList)) return { records };
-  for (const resourceLog of resourceLogsList) {
-    const scopeLogsList = resourceLog?.scopeLogs;
-    if (!Array.isArray(scopeLogsList)) continue;
-    for (const scopeLog of scopeLogsList) {
-      const logRecordsList = scopeLog?.logRecords;
-      if (!Array.isArray(logRecordsList)) continue;
-      for (const logRecord of logRecordsList) {
-        const lookup = logAttributesToLookup(logRecord?.attributes);
-        const eventName = logAttrString(lookup["event.name"]) ?? logAttrString(logRecord?.body);
-        if (toolResultSource(eventName) !== null) continue;
-        if (!isCodexUsageRecord(lookup, eventName)) continue;
-        const rawModel = logAttrString(lookup["model"]);
-        if (!rawModel) continue;
-        if (CODEX_EXCLUDED_MODELS.has(rawModel.trim().toLowerCase())) continue;
-        const email = logAttrString(lookup["user.email"]) || fallbackCustomerId;
-        if (!email) continue;
-        const sessionId = logAttrString(lookup["session.id"]) ?? logAttrString(lookup["conversation.id"]) ?? logAttrString(lookup["session_id"]) ?? null;
-        const inputCount = logAttrTokenCount(lookup[CODEX_INPUT_TOKEN_KEY]);
-        const outputCount = logAttrTokenCount(lookup[CODEX_OUTPUT_TOKEN_KEY]);
-        const cachedCount = logAttrTokenCount(lookup[CODEX_CACHED_TOKEN_KEY]);
-        const reasoningCount = logAttrTokenCount(
-          lookup[CODEX_REASONING_TOKEN_KEY]
-        );
-        const toolCount = logAttrTokenCount(lookup[CODEX_TOOL_TOKEN_KEY]);
-        if (inputCount === 0 && outputCount === 0 && cachedCount === 0)
-          continue;
-        const freshInputTokens = Math.max(0, inputCount - cachedCount);
-        const billedInputTokens = foldCache ? inputCount : freshInputTokens;
-        const record = {
-          customerExternalId: email,
-          agentCode: AGENT_CODE_CODEX,
-          signalName: SIGNAL_NAME_CODEX,
-          model: normalizeModelId(rawModel),
-          modelProvider: MODEL_PROVIDER_CODEX,
-          inputTokens: billedInputTokens,
-          // Reasoning is ALREADY inside this number - do NOT add it again.
-          outputTokens: outputCount,
-          environment: ENVIRONMENT,
-          // usageDate omitted so MarginFront defaults it to "now."
-          metadata: {
-            source: "codex",
-            sessionId,
-            rawModel,
-            // Audit-only - nested inside input/output already, never added to the
-            // billed tokens; recorded to prove we didn't drop anything.
-            cachedTokens: cachedCount,
-            reasoningTokens: reasoningCount,
-            toolTokens: toolCount,
-            cacheFoldedIntoInput: foldCache
-          }
-        };
-        if (!foldCache) {
-          record.cacheReadTokens = cachedCount;
-        }
-        if (options.rawSourceLine !== void 0) {
-          record.idempotencyKey = idempotencyKeyFor(
-            options.rawSourceLine,
-            email,
-            rawModel,
-            sessionId,
-            records.length
-          );
-        }
-        records.push(record);
-      }
-    }
+function gitGlobalUserEmail() {
+  try {
+    const out = execFileSync("git", ["config", "--global", "user.email"], {
+      encoding: "utf8",
+      // Swallow git's own stderr so a "key not set" message can't leak to the user.
+      stdio: ["ignore", "pipe", "ignore"]
+    });
+    return out.trim();
+  } catch {
+    return "";
   }
-  return { records };
 }
-function toolResultSource(eventName) {
-  if (!eventName) return null;
-  if (eventName === CODEX_TOOL_RESULT_EVENT) return "codex";
-  if (eventName === CLAUDE_TOOL_RESULT_EVENT || eventName === "tool_result") {
-    return "claude-code";
+function writeDeveloperEmailToEnv(value, path = ENV_PATH) {
+  const current = existsSync2(path) ? readFileSync2(path, "utf8") : renderEnvFile();
+  const developerLine = /^CCC_DEVELOPER_EMAIL=.*$/m;
+  let next;
+  if (developerLine.test(current)) {
+    next = current.replace(developerLine, () => `CCC_DEVELOPER_EMAIL=${value}`);
+  } else {
+    const sep = current.endsWith("\n") || current === "" ? "" : "\n";
+    next = `${current}${sep}CCC_DEVELOPER_EMAIL=${value}
+`;
   }
-  return null;
+  writeFileSync2(path, next, { mode: 384 });
+  chmodSync(path, 384);
 }
-function buildToolUsageRecords(parsedOtlp, options = {}) {
-  const fallbackCustomerId = typeof options.fallbackCustomerId === "string" && options.fallbackCustomerId.length > 0 ? options.fallbackCustomerId : CODEX_NO_IDENTITY_CUSTOMER;
-  const records = [];
-  const resourceLogsList = parsedOtlp?.resourceLogs;
-  if (!Array.isArray(resourceLogsList)) return { records };
-  const groups = /* @__PURE__ */ new Map();
-  for (const resourceLog of resourceLogsList) {
-    const scopeLogsList = resourceLog?.scopeLogs;
-    if (!Array.isArray(scopeLogsList)) continue;
-    for (const scopeLog of scopeLogsList) {
-      const logRecordsList = scopeLog?.logRecords;
-      if (!Array.isArray(logRecordsList)) continue;
-      for (const logRecord of logRecordsList) {
-        const lookup = logAttributesToLookup(logRecord?.attributes);
-        const eventName = logAttrString(lookup["event.name"]) ?? logAttrString(logRecord?.body);
-        const source = toolResultSource(eventName);
-        if (!source) continue;
-        let toolName;
-        for (const key of TOOL_NAME_KEYS) {
-          const candidate = logAttrString(lookup[key]);
-          if (candidate) {
-            toolName = candidate;
-            break;
-          }
-        }
-        if (!toolName) continue;
-        if (BUILTIN_NONBILLABLE_TOOLS.has(toolName)) continue;
-        const email = logAttrString(lookup["user.email"]) || fallbackCustomerId;
-        if (!email) continue;
-        const sessionId = logAttrString(lookup["session.id"]) ?? logAttrString(lookup["conversation.id"]) ?? logAttrString(lookup["session_id"]) ?? null;
-        const groupKey = `${email}
-${sessionId ?? ""}
-${source}
-${toolName}`;
-        let group = groups.get(groupKey);
-        if (!group) {
-          group = {
-            email,
-            sessionId,
-            telemetrySource: source,
-            toolName,
-            count: 0
-          };
-          groups.set(groupKey, group);
-        }
-        group.count += 1;
-      }
+var CLAUDE_SETTINGS_PATH = join(homedir(), ".claude", "settings.json");
+var CLAUDE_SETTINGS_OWNERSHIP_PATH = join(
+  CONFIG_DIR,
+  "claude-settings-owned.json"
+);
+var CCC_OWNED_TELEMETRY_KEYS = [
+  "CLAUDE_CODE_ENABLE_TELEMETRY",
+  "OTEL_METRICS_EXPORTER",
+  "OTEL_LOGS_EXPORTER",
+  "OTEL_EXPORTER_OTLP_PROTOCOL",
+  "OTEL_EXPORTER_OTLP_ENDPOINT",
+  "OTEL_METRIC_EXPORT_INTERVAL"
+];
+var CCC_TELEMETRY_VALUES = {
+  // Turns on Claude Code's usage broadcasting.
+  CLAUDE_CODE_ENABLE_TELEMETRY: "1",
+  // Send token usage as OpenTelemetry metrics.
+  OTEL_METRICS_EXPORTER: "otlp",
+  // Send the per-tool-call EVENT stream too (needed for tool-call line items).
+  OTEL_LOGS_EXPORTER: "otlp",
+  // HTTP/protobuf - verified working; gRPC on 4317 silently failed in testing.
+  OTEL_EXPORTER_OTLP_PROTOCOL: "http/protobuf",
+  // Point Claude Code at the local collector (must match the collector YAML).
+  OTEL_EXPORTER_OTLP_ENDPOINT: "http://127.0.0.1:4318",
+  // Flush usage every 5 minutes (batched ~one event per turn).
+  OTEL_METRIC_EXPORT_INTERVAL: "300000"
+};
+function isPlainObject(value) {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function backupClaudeSettings(settingsPath) {
+  const backupPath = `${settingsPath}.ccc-bak`;
+  copyFileSync(settingsPath, backupPath);
+  return backupPath;
+}
+function readClaudeSettingsOwnership(ownershipPath) {
+  if (!existsSync2(ownershipPath)) return null;
+  try {
+    const parsed = JSON.parse(readFileSync2(ownershipPath, "utf8"));
+    if (!isPlainObject(parsed) || !isPlainObject(parsed.ownedKeys)) {
+      return null;
     }
-  }
-  for (const group of groups.values()) {
-    if (group.count === 0) continue;
-    const isCodex = group.telemetrySource === "codex";
-    const record = {
-      customerExternalId: group.email,
-      agentCode: isCodex ? AGENT_CODE_CODEX : AGENT_CODE,
-      signalName: isCodex ? SIGNAL_NAME_TOOL_CODEX : SIGNAL_NAME_TOOL,
-      // Raw tool NAME as the service id, verbatim - NOT through normalizeModelId
-      // (that's Claude-LLM-name-specific). Catalog matches (model=tool name,
-      // modelProvider="tool").
-      model: group.toolName,
-      modelProvider: MODEL_PROVIDER_TOOL,
-      // Billing volume = times this tool fired this flush; no token fields (not an
-      // LLM turn). Server prices quantity x unitPrice.
-      quantity: group.count,
-      environment: ENVIRONMENT,
-      metadata: {
-        source: "tool",
-        sessionId: group.sessionId,
-        toolName: group.toolName,
-        telemetrySource: group.telemetrySource,
-        estimated: true
-      }
-    };
-    if (options.rawSourceLine !== void 0) {
-      record.idempotencyKey = idempotencyKeyFor(
-        options.rawSourceLine,
-        group.email,
-        `tool:${group.toolName}`,
-        group.sessionId,
-        records.length
-      );
+    const out = {};
+    for (const [key, value] of Object.entries(parsed.ownedKeys)) {
+      out[key] = String(value);
     }
-    records.push(record);
+    return out;
+  } catch {
+    return null;
   }
-  return { records };
 }
-function buildRequestBodyForLine(parsedOtlp, options = {}) {
-  if (parsedOtlp && Array.isArray(parsedOtlp.resourceLogs)) {
-    const codexOptions = options.fallbackCustomerId === NO_IDENTITY_CUSTOMER ? { ...options, fallbackCustomerId: CODEX_NO_IDENTITY_CUSTOMER } : options;
-    const tokenBody = buildCodexRequestBody(parsedOtlp, codexOptions);
-    const toolBody = buildToolUsageRecords(parsedOtlp, codexOptions);
-    return { records: [...tokenBody.records, ...toolBody.records] };
-  }
-  return buildMarginFrontRequestBody(parsedOtlp, options);
+function writeClaudeSettingsOwnership(ownershipPath, ownedKeys) {
+  mkdirSync(dirname(ownershipPath), { recursive: true });
+  const payload = {
+    _comment: "MarginFront code-cost-clarity wrote these telemetry keys into your Claude Code settings.json. Uninstall removes ONLY the keys below, and only if their value still matches. Safe to delete by hand if you've already cleaned up settings.json yourself.",
+    ownedKeys
+  };
+  writeFileSync2(ownershipPath, JSON.stringify(payload, null, 2) + "\n");
 }
-function readAndParseOtlpFile(inputFilePath) {
-  if (!existsSync2(inputFilePath)) {
-    console.error(
-      `Could not read/parse ${inputFilePath}: file does not exist. Check the path and try again.`
+function writeClaudeTelemetrySettings(vars, {
+  settingsPath = CLAUDE_SETTINGS_PATH,
+  ownershipPath = CLAUDE_SETTINGS_OWNERSHIP_PATH,
+  log = console.log
+} = {}) {
+  let settings = {};
+  const fileExists = existsSync2(settingsPath);
+  if (fileExists) {
+    let parsed;
+    try {
+      parsed = JSON.parse(readFileSync2(settingsPath, "utf8"));
+    } catch {
+      const backupPath2 = backupClaudeSettings(settingsPath);
+      throw new Error(
+        `Could not update ${settingsPath}.
+What happened: your Claude Code settings file isn't valid JSON, so we stopped instead of risking your settings.
+What we did: saved an untouched copy at ${backupPath2}.
+Fix: open the file and repair the JSON (a common cause is a trailing comma or a missing quote), then run init again. We will not modify a file we can't read.`
+      );
+    }
+    if (!isPlainObject(parsed)) {
+      const backupPath2 = backupClaudeSettings(settingsPath);
+      throw new Error(
+        `Could not update ${settingsPath}.
+What happened: the top level of your Claude Code settings file isn't a JSON object (it looks like an array or a single value), so there's nowhere safe to add the telemetry settings.
+What we did: saved an untouched copy at ${backupPath2}.
+Fix: make the file a normal JSON object like { "env": { ... } }, then run init again.`
+      );
+    }
+    settings = parsed;
+  }
+  if ("env" in settings && !isPlainObject(settings.env)) {
+    const backupPath2 = backupClaudeSettings(settingsPath);
+    throw new Error(
+      `Could not update ${settingsPath}.
+What happened: your settings file has an "env" entry that isn't a block of key/value settings (it's null, a list, or a single value), so we stopped instead of overwriting it.
+What we did: saved an untouched copy at ${backupPath2}.
+Fix: change "env" to a normal object like { "KEY": "value" } (or remove it), then run init again.`
     );
-    process2.exit(1);
   }
-  let fileText;
-  try {
-    fileText = readFileSync2(inputFilePath, "utf8");
-  } catch (readError) {
-    console.error(
-      `Could not read/parse ${inputFilePath}: ${readError.message}`
+  const hadEnv = isPlainObject(settings.env);
+  const env = hadEnv ? settings.env : {};
+  const priorOwned = readClaudeSettingsOwnership(ownershipPath) ?? {};
+  const ownedKeys = {};
+  const written = [];
+  const skipped = [];
+  let mutated = false;
+  for (const key of CCC_OWNED_TELEMETRY_KEYS) {
+    if (!(key in vars)) continue;
+    const canonical = String(vars[key]);
+    const current = env[key];
+    if (current === void 0) {
+      env[key] = canonical;
+      ownedKeys[key] = canonical;
+      written.push(key);
+      mutated = true;
+    } else if (current === canonical) {
+      if (priorOwned[key] === canonical) {
+        ownedKeys[key] = canonical;
+        written.push(key);
+      } else {
+        skipped.push(key);
+      }
+    } else {
+      skipped.push(key);
+    }
+  }
+  let backupPath = null;
+  if (mutated) {
+    if (!hadEnv) settings.env = env;
+    if (fileExists) backupPath = backupClaudeSettings(settingsPath);
+    mkdirSync(dirname(settingsPath), { recursive: true });
+    writeFileSync2(settingsPath, JSON.stringify(settings, null, 2) + "\n");
+    log(
+      `Wrote ${written.length} telemetry setting(s) into ${settingsPath}` + (backupPath ? ` (backup at ${backupPath}).` : ".")
     );
-    process2.exit(1);
+  } else {
+    log(`No changes needed in ${settingsPath} - telemetry already in place.`);
   }
-  try {
-    return JSON.parse(fileText);
-  } catch {
-    console.error(
-      `Could not read/parse ${inputFilePath}: the file is not valid JSON. Make sure it is an OTLP/JSON export line (Claude Code metrics or Codex logs), not raw text.`
+  writeClaudeSettingsOwnership(ownershipPath, ownedKeys);
+  if (skipped.length) {
+    log(
+      `Left ${skipped.length} setting(s) you already had in place untouched: ` + skipped.join(", ")
     );
-    process2.exit(1);
   }
+  return { written, skipped, backupPath };
 }
-async function postToMarginFront(requestBody) {
-  const apiKey = process2.env.MARGINFRONT_API_KEY;
-  if (!apiKey) {
-    return { ok: false, reason: "no-key" };
-  }
-  let response;
-  try {
-    response = await fetch(MARGINFRONT_INGEST_URL, {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        // MarginFront authenticates with x-api-key, NOT Bearer/Authorization.
-        "x-api-key": apiKey,
-        // This User-Agent is what lets the server tag these events as source='ccc'
-        // instead of the generic 'api' fallback. Without it, PostHog dashboards
-        // can't distinguish "developer paying for AI tokens via CCC" traffic from
-        // raw API clients - every CCC event would be mislabelled as source='api'.
-        "User-Agent": `@marginfront/code-cost-clarity/${CCC_PACKAGE_VERSION}`
-      },
-      body: JSON.stringify(requestBody)
-    });
-  } catch (networkError) {
-    return {
-      ok: false,
-      reason: "network",
-      message: networkError.message
-    };
-  }
-  const responseText = await response.text();
-  if (!response.ok) {
-    return {
-      ok: false,
-      reason: "http",
-      status: response.status,
-      body: responseText
-    };
-  }
-  let parsed = null;
-  try {
-    parsed = JSON.parse(responseText);
-  } catch {
-    parsed = null;
+function removeClaudeTelemetrySettings({
+  settingsPath = CLAUDE_SETTINGS_PATH,
+  ownershipPath = CLAUDE_SETTINGS_OWNERSHIP_PATH,
+  log = console.log
+} = {}) {
+  const removed = [];
+  const kept = [];
+  const owned = readClaudeSettingsOwnership(ownershipPath);
+  if (owned === null) {
+    log(
+      `Nothing to undo: no MarginFront ownership record found at ${ownershipPath} (either it was never written, or it's already been removed).`
+    );
+    return { removed, kept, backupPath: null };
   }
-  return { ok: true, parsed, body: responseText };
-}
-function successRowsFrom(parsed) {
-  const rows = parsed?.results?.success;
-  return Array.isArray(rows) ? rows : [];
-}
-function readWatchCursor(cursorPath) {
-  if (!cursorPath || !existsSync2(cursorPath)) return 0;
-  try {
-    const parsed = parseInt(readFileSync2(cursorPath, "utf8").trim(), 10);
-    return Number.isInteger(parsed) && parsed >= 0 ? parsed : 0;
-  } catch {
-    return 0;
+  if (!existsSync2(settingsPath)) {
+    log(
+      `Nothing to undo: ${settingsPath} doesn't exist. Removing the stale ownership record.`
+    );
+    rmSync2(ownershipPath, { force: true });
+    return { removed, kept, backupPath: null };
   }
-}
-function writeWatchCursor(cursorPath, byteOffset) {
-  if (!cursorPath) return;
+  let parsed;
   try {
-    writeFileSync2(cursorPath, String(byteOffset));
+    parsed = JSON.parse(readFileSync2(settingsPath, "utf8"));
   } catch {
+    log(
+      `Could not undo cleanly: ${settingsPath} isn't valid JSON right now, so we left it untouched. Fix the JSON and re-run uninstall, or remove the telemetry keys by hand.`
+    );
+    return { removed, kept, backupPath: null };
   }
-}
-function readNewCompleteLines(filePath, fromByte) {
-  if (!existsSync2(filePath)) return { lines: [], nextCursor: fromByte };
-  let size;
-  try {
-    size = statSync(filePath).size;
-  } catch {
-    return { lines: [], nextCursor: fromByte };
+  if (!isPlainObject(parsed)) {
+    log(
+      `Could not undo cleanly: ${settingsPath} isn't a JSON object, so we left it untouched.`
+    );
+    return { removed, kept, backupPath: null };
   }
-  let start = fromByte;
-  if (size < start) start = 0;
-  if (size === start) return { lines: [], nextCursor: start };
-  const length = size - start;
-  const buffer = Buffer.alloc(length);
-  let bytesRead = 0;
-  let fd;
-  try {
-    fd = openSync2(filePath, "r");
-    bytesRead = readSync(fd, buffer, 0, length, start);
-  } catch {
-    return { lines: [], nextCursor: fromByte };
-  } finally {
-    if (fd !== void 0) closeSync(fd);
+  const settings = parsed;
+  const env = isPlainObject(settings.env) ? settings.env : null;
+  let mutated = false;
+  for (const [key, canonical] of Object.entries(owned)) {
+    if (env && env[key] === canonical) {
+      delete env[key];
+      removed.push(key);
+      mutated = true;
+    } else {
+      kept.push(key);
+    }
   }
-  const chunk = buffer.subarray(0, bytesRead);
-  const lastNewline = chunk.lastIndexOf(10);
-  if (lastNewline === -1) {
-    return { lines: [], nextCursor: start };
+  if (env && Object.keys(env).length === 0) {
+    delete settings.env;
+    mutated = true;
   }
-  const completeText = chunk.subarray(0, lastNewline + 1).toString("utf8");
-  const nextCursor = start + lastNewline + 1;
-  const parts = completeText.split("\n");
-  parts.pop();
-  return { lines: parts, nextCursor };
-}
-var MAX_QUEUE_RECORDS = 1e4;
-var MAX_RECORDS_PER_DRAIN = 100;
-var QUEUE_BACKOFF_START_MS = 2e3;
-var QUEUE_BACKOFF_MAX_MS = 6e4;
-var COLLECTOR_REVIVE_BACKOFF_MS = 3e4;
-function maybeReviveCollector(deps, nextReviveAllowedAt, backoffMs) {
-  if (deps.isCollectorAlive()) return nextReviveAllowedAt;
-  const now = deps.now();
-  if (now < nextReviveAllowedAt) return nextReviveAllowedAt;
-  const log = deps.log ?? console.error;
-  const updatedReviveAllowedAt = now + backoffMs;
-  log("collector was down, restarted it");
-  try {
-    deps.reviveCollector();
-  } catch (err) {
-    log(`collector revive attempt failed: ${err.message}`);
+  let backupPath = null;
+  if (mutated) {
+    backupPath = backupClaudeSettings(settingsPath);
+    writeFileSync2(settingsPath, JSON.stringify(settings, null, 2) + "\n");
+    log(
+      `Removed ${removed.length} MarginFront telemetry setting(s) from ${settingsPath} (backup at ${backupPath}).`
+    );
+  } else {
+    log(
+      `Nothing to remove from ${settingsPath} - the telemetry keys were already gone or you'd changed them (left untouched).`
+    );
   }
-  return updatedReviveAllowedAt;
+  rmSync2(ownershipPath, { force: true });
+  return { removed, kept, backupPath };
 }
-function isRetryablePostResult(result) {
-  if (result.ok) return false;
-  if (result.reason === "network") return true;
-  if (result.reason === "no-key") return false;
-  if (result.reason === "http") {
-    return result.status === 429 || result.status >= 500;
+function isPidAlive(pid) {
+  if (!pid || !Number.isInteger(pid)) return false;
+  try {
+    process2.kill(pid, 0);
+    return true;
+  } catch (err) {
+    return err?.code === "EPERM";
   }
-  return false;
 }
-function readQueue(queuePath) {
-  if (!queuePath || !existsSync2(queuePath)) return [];
-  let text;
+function readCollectorPid() {
+  if (!existsSync2(COLLECTOR_PID_PATH)) return null;
   try {
-    text = readFileSync2(queuePath, "utf8");
+    const pid = parseInt(readFileSync2(COLLECTOR_PID_PATH, "utf8").trim(), 10);
+    return Number.isInteger(pid) ? pid : null;
   } catch {
-    return [];
+    return null;
   }
-  const out = [];
-  for (const line of text.split("\n")) {
-    const trimmed = line.trim();
-    if (!trimmed) continue;
-    try {
-      out.push(JSON.parse(trimmed));
-    } catch {
-    }
+}
+function startCollector({ log = console.log } = {}) {
+  const existing = readCollectorPid();
+  if (isPidAlive(existing)) {
+    log(`Collector already running (pid ${existing}).`);
+    return { pid: existing, startedByUs: false };
   }
-  return out;
+  if (!existsSync2(COLLECTOR_BIN_PATH)) {
+    throw new Error(
+      "Collector binary is missing. Run `npx @marginfront/code-cost-clarity init` first."
+    );
+  }
+  const logFd = openSync2(COLLECTOR_LOG_PATH, "a");
+  const child = spawn(COLLECTOR_BIN_PATH, ["--config", COLLECTOR_CONFIG_PATH], {
+    cwd: CONFIG_DIR,
+    detached: true,
+    stdio: ["ignore", logFd, logFd]
+  });
+  child.unref();
+  writeFileSync2(COLLECTOR_PID_PATH, String(child.pid));
+  log(`Started collector (pid ${child.pid}); logs at ${COLLECTOR_LOG_PATH}.`);
+  return { pid: child.pid, startedByUs: true };
 }
-function appendToQueue(queuePath, records) {
-  if (!queuePath || records.length === 0) return;
-  const payload = records.map((r) => JSON.stringify(r) + "\n").join("");
+function stopCollector({
+  log = console.log
+} = {}) {
+  const pid = readCollectorPid();
+  if (!isPidAlive(pid)) {
+    if (existsSync2(COLLECTOR_PID_PATH))
+      rmSync2(COLLECTOR_PID_PATH, { force: true });
+    log("No running collector found.");
+    return false;
+  }
   try {
-    appendFileSync(queuePath, payload);
-  } catch {
+    process2.kill(pid);
+    log(`Stopped collector (pid ${pid}).`);
+  } catch (err) {
+    log(`Could not stop collector (pid ${pid}): ${err.message}`);
   }
+  rmSync2(COLLECTOR_PID_PATH, { force: true });
+  return true;
 }
-function writeQueue(queuePath, records) {
-  if (!queuePath) return;
-  try {
-    if (records.length === 0) {
-      if (existsSync2(queuePath)) rmSync2(queuePath, { force: true });
-      return;
-    }
-    writeFileSync2(
-      queuePath,
-      records.map((r) => JSON.stringify(r) + "\n").join("")
-    );
-  } catch {
+var PLIST_LABEL = "ai.marginfront.ccc";
+var PLIST_PATH = join(
+  homedir(),
+  "Library",
+  "LaunchAgents",
+  PLIST_LABEL + ".plist"
+);
+var DAEMON_CLI_PATH = join(CONFIG_DIR, "cli.js");
+var DAEMON_STDOUT_LOG_PATH = join(CONFIG_DIR, "forwarder.out.log");
+var DAEMON_STDERR_LOG_PATH = join(CONFIG_DIR, "forwarder.err.log");
+function defaultLaunchctlRunner(args) {
+  const result = spawnSync("launchctl", args, { encoding: "utf8" });
+  return {
+    // A spawn error (e.g. launchctl missing on a non-mac) leaves status null; we
+    // treat that as a failure so callers don't read it as "succeeded."
+    status: typeof result.status === "number" ? result.status : 1,
+    stdout: result.stdout ?? "",
+    stderr: result.stderr ?? ""
+  };
+}
+function setDesktopGuiEnv(runLaunchctl = defaultLaunchctlRunner) {
+  for (const key of CCC_OWNED_TELEMETRY_KEYS) {
+    runLaunchctl(["setenv", key, CCC_TELEMETRY_VALUES[key]]);
   }
 }
-function watchAndForward(filePath, options = {}) {
-  const foldCache = options.foldCache === true;
-  const fallbackCustomerId = options.fallbackCustomerId;
-  const cursorPath = options.cursorPath;
-  const pidFilePath = options.pidFilePath;
-  if (!process2.env.MARGINFRONT_API_KEY) {
-    console.error(
-      "MARGINFRONT_API_KEY is not set. Set it in your shell before watching: export MARGINFRONT_API_KEY=..."
-    );
-    process2.exit(1);
+function unsetDesktopGuiEnv(runLaunchctl = defaultLaunchctlRunner) {
+  for (const key of CCC_OWNED_TELEMETRY_KEYS) {
+    runLaunchctl(["unsetenv", key]);
   }
-  if (pidFilePath) {
-    try {
-      writeFileSync2(pidFilePath, String(process2.pid));
-    } catch {
-    }
+}
+function currentUid() {
+  return typeof process2.getuid === "function" ? process2.getuid() : 0;
+}
+function escapeXml(value) {
+  return value.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&apos;");
+}
+function renderDaemonPlist({
+  nodePath,
+  cliPath
+}) {
+  return `<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+  <key>Label</key>
+  <string>${escapeXml(PLIST_LABEL)}</string>
+  <key>ProgramArguments</key>
+  <array>
+    <string>${escapeXml(nodePath)}</string>
+    <string>${escapeXml(cliPath)}</string>
+    <string>run</string>
+  </array>
+  <key>WorkingDirectory</key>
+  <string>${escapeXml(CONFIG_DIR)}</string>
+  <key>RunAtLoad</key>
+  <true/>
+  <key>KeepAlive</key>
+  <true/>
+  <key>StandardOutPath</key>
+  <string>${escapeXml(DAEMON_STDOUT_LOG_PATH)}</string>
+  <key>StandardErrorPath</key>
+  <string>${escapeXml(DAEMON_STDERR_LOG_PATH)}</string>
+</dict>
+</plist>
+`;
+}
+var INSTALL_BOOTOUT_WAIT_ATTEMPTS = 20;
+var INSTALL_BOOTOUT_WAIT_MS = 100;
+var INSTALL_BOOTSTRAP_RETRY_MS = 250;
+function blockingSleep(ms) {
+  if (ms <= 0) return;
+  Atomics.wait(new Int32Array(new SharedArrayBuffer(4)), 0, 0, ms);
+}
+function installDaemon(options = {}) {
+  const runLaunchctl = options.runLaunchctl ?? defaultLaunchctlRunner;
+  const log = options.log ?? console.log;
+  const nodePath = options.nodePath ?? process2.execPath;
+  const sourceCliPath = options.sourceCliPath ?? fileURLToPath(import.meta.url);
+  const daemonCliPath = options.daemonCliPath ?? DAEMON_CLI_PATH;
+  const plistPath = options.plistPath ?? PLIST_PATH;
+  const uid = options.uid ?? currentUid();
+  const sleep = options.sleep ?? blockingSleep;
+  if (nodePath === "npx" || nodePath.endsWith("/npx")) {
+    throw new Error(
+      "Refusing to install the background daemon with 'npx' as its program.\nWhat happened: the daemon must be pinned to the real node binary (process.execPath), because npx runs from a temporary cache that gets cleaned up - a daemon pointed at npx would crash-loop once that cache is gone.\nFix: this is an internal error; the daemon should always be installed with process.execPath. Re-run `start` from the npx-installed CLI."
+    );
   }
-  console.log(
-    `Watching ${filePath} for live Claude Code + Codex usage` + (foldCache ? " (fold-cache: cache tokens rolled into input)" : "") + "\u2026 Ctrl-C to stop."
+  mkdirSync(dirname(daemonCliPath), { recursive: true });
+  copyFileSync(sourceCliPath, daemonCliPath);
+  log(
+    `Copied the meter program to ${daemonCliPath} (a stable copy that survives npx cleanup).`
   );
-  let cursorBytes = readWatchCursor(cursorPath);
-  let running = false;
-  const queuePath = options.queuePath;
-  let queuedCount = readQueue(queuePath).length;
-  let queueBackoffMs = QUEUE_BACKOFF_START_MS;
-  let nextQueueRetryAt = 0;
-  const hhmmss = () => (/* @__PURE__ */ new Date()).toISOString().slice(11, 19);
-  let nextCollectorReviveAt = 0;
-  const collectorHealDeps = {
-    isCollectorAlive: () => isPidAlive(readCollectorPid()),
-    reviveCollector: () => {
-      startCollector();
-    },
-    now: () => Date.now(),
-    log: (message) => console.error(`[${hhmmss()}] ${message}`)
-  };
-  function logSuccess(body, result, stamp) {
-    if (!result.ok) return;
-    for (const rec of body.records) {
-      const row = successRowsFrom(result.parsed).find(
-        (r) => r?.customerExternalId === rec.customerExternalId
-      );
-      const cost = row?.totalCostUsd != null ? `$${row.totalCostUsd}` : "$?";
-      const eventId = row?.eventId ? ` event=${row.eventId}` : "";
-      const reference = "source" in rec.metadata ? `src=${rec.metadata.source}` : `cc=$${rec.metadata.claudeCodeCostUsd ?? "?"}`;
-      const volume = rec.quantity !== void 0 ? `qty=${rec.quantity} tool=${"toolName" in rec.metadata ? rec.metadata.toolName : "?"}` : `in=${rec.inputTokens} out=${rec.outputTokens}`;
-      console.log(
-        `[${stamp}] recorded ${rec.customerExternalId} \xB7 ${volume} \xB7 server=${cost} \xB7 ${reference}${eventId}`
-      );
+  mkdirSync(dirname(plistPath), { recursive: true });
+  writeFileSync2(
+    plistPath,
+    renderDaemonPlist({ nodePath, cliPath: daemonCliPath })
+  );
+  log(`Wrote the background-job definition to ${plistPath}.`);
+  const domainTarget = `gui/${uid}`;
+  const serviceTarget = `gui/${uid}/${PLIST_LABEL}`;
+  const alreadyLoaded = runLaunchctl(["print", serviceTarget]).status === 0;
+  let reloaded = false;
+  if (alreadyLoaded) {
+    log(
+      "A background meter is already loaded - reloading it with the new settings."
+    );
+    runLaunchctl(["bootout", serviceTarget]);
+    reloaded = true;
+    for (let attempt = 0; attempt < INSTALL_BOOTOUT_WAIT_ATTEMPTS; attempt++) {
+      if (runLaunchctl(["print", serviceTarget]).status !== 0) break;
+      sleep(INSTALL_BOOTOUT_WAIT_MS);
     }
   }
-  function logFailure(result, stamp) {
-    if (result.ok) return;
-    if (result.reason === "http") {
-      console.error(
-        `[${stamp}] MarginFront HTTP ${result.status}: ${result.body}`
-      );
-    } else if (result.reason === "network") {
-      console.error(
-        `[${stamp}] could not reach MarginFront: ${result.message}`
-      );
-    } else {
-      console.error(`[${stamp}] send failed (${result.reason}).`);
-    }
+  runLaunchctl(["enable", serviceTarget]);
+  let bootstrap = runLaunchctl(["bootstrap", domainTarget, plistPath]);
+  if (bootstrap.status !== 0) {
+    sleep(INSTALL_BOOTSTRAP_RETRY_MS);
+    bootstrap = runLaunchctl(["bootstrap", domainTarget, plistPath]);
   }
-  function enqueueFailed(records, stamp) {
-    const room = Math.max(0, MAX_QUEUE_RECORDS - queuedCount);
-    const toQueue = records.slice(0, room);
-    const shed = records.length - toQueue.length;
-    if (toQueue.length > 0) {
-      appendToQueue(queuePath, toQueue);
-      queuedCount += toQueue.length;
-      console.error(
-        `[${stamp}] send failed - queued ${toQueue.length} record(s) for retry (${queuedCount} now in queue).`
-      );
-    }
-    if (shed > 0) {
-      console.error(
-        `[${stamp}] QUEUE FULL (cap ${MAX_QUEUE_RECORDS}): shed ${shed} record(s) - these turns are LOST. The ingest endpoint has been unreachable for a long time; check connectivity.`
-      );
-    }
-    nextQueueRetryAt = Date.now() + queueBackoffMs;
-    queueBackoffMs = Math.min(queueBackoffMs * 2, QUEUE_BACKOFF_MAX_MS);
+  if (bootstrap.status !== 0) {
+    throw new Error(
+      `Could not start the background meter (launchctl bootstrap failed).
+What happened: macOS refused to load the job at ${plistPath}.
+` + (bootstrap.stderr ? `launchctl said: ${bootstrap.stderr.trim()}
+` : "") + `Running CCC version: ${CCC_PACKAGE_VERSION}.
+Fix: run \`npx @marginfront/code-cost-clarity@latest status\` to see the current state, or \`stop\` then \`start\` again. The @latest pin makes sure a stale npx cache isn't hiding the real version. If it keeps failing, confirm you're on macOS and that ${plistPath} looks like valid XML.`
+    );
   }
-  async function drainQueue() {
-    if (!queuePath || queuedCount === 0) return;
-    if (Date.now() < nextQueueRetryAt) return;
-    const queued = readQueue(queuePath);
-    queuedCount = queued.length;
-    if (queued.length === 0) return;
-    const batch = queued.slice(0, MAX_RECORDS_PER_DRAIN);
-    const result = await postToMarginFront({ records: batch });
-    const stamp = hhmmss();
-    if (result.ok) {
-      const remaining = queued.slice(batch.length);
-      writeQueue(queuePath, remaining);
-      queuedCount = remaining.length;
-      queueBackoffMs = QUEUE_BACKOFF_START_MS;
-      nextQueueRetryAt = 0;
-      console.log(
-        `[${stamp}] queue: ${batch.length} retried record(s) landed \xB7 ${remaining.length} still queued.`
-      );
-    } else if (isRetryablePostResult(result)) {
-      logFailure(result, stamp);
-      const waitMs = queueBackoffMs;
-      nextQueueRetryAt = Date.now() + waitMs;
-      queueBackoffMs = Math.min(queueBackoffMs * 2, QUEUE_BACKOFF_MAX_MS);
-      console.error(
-        `[${stamp}] queue: retry failed, ${queued.length} record(s) still queued (next attempt in ~${Math.round(waitMs / 1e3)}s).`
-      );
-    } else {
-      const remaining = queued.slice(batch.length);
-      writeQueue(queuePath, remaining);
-      queuedCount = remaining.length;
-      console.error(
-        `[${stamp}] queue: dropping ${batch.length} record(s) - terminal failure (server rejected them, retrying can't help).`
-      );
+  log("The background meter is loaded and will start at login from now on.");
+  return { reloaded, plistPath, daemonCliPath };
+}
+var CCC_LABEL_PATTERN = /^ai\.marginfront\.ccc(\.|$)/;
+function defaultLaunchdLabelLister(runLaunchctl, uid) {
+  const labels = /* @__PURE__ */ new Set();
+  const list = runLaunchctl(["list"]);
+  if (list.status === 0) {
+    for (const line of list.stdout.split("\n")) {
+      const label = (line.split("	")[2] ?? "").trim();
+      if (label) labels.add(label);
     }
   }
-  async function processNewLines() {
-    if (running) return;
-    running = true;
-    try {
-      await drainQueue();
-      const { lines, nextCursor } = readNewCompleteLines(filePath, cursorBytes);
-      for (const rawLine of lines) {
-        const line = rawLine.trim();
-        if (!line) continue;
-        let parsed;
-        try {
-          parsed = JSON.parse(line);
-        } catch {
-          console.error("(skipped one telemetry line that wasn't valid JSON)");
-          continue;
-        }
-        const body = buildRequestBodyForLine(parsed, {
-          foldCache,
-          fallbackCustomerId,
-          rawSourceLine: line
-        });
-        if (!body.records.length) continue;
-        const result = await postToMarginFront(body);
-        const stamp = hhmmss();
-        if (!result.ok) {
-          logFailure(result, stamp);
-          if (queuePath && isRetryablePostResult(result)) {
-            enqueueFailed(body.records, stamp);
-          } else if (queuePath) {
-            console.error(
-              `[${stamp}] dropping ${body.records.length} record(s): terminal send failure (not retryable).`
-            );
-          }
-          continue;
-        }
-        logSuccess(body, result, stamp);
-        if (queuedCount > 0) {
-          queueBackoffMs = QUEUE_BACKOFF_START_MS;
-          nextQueueRetryAt = 0;
-        }
-      }
-      if (nextCursor !== cursorBytes) {
-        cursorBytes = nextCursor;
-        writeWatchCursor(cursorPath, cursorBytes);
-      }
-    } finally {
-      running = false;
+  const disabled = runLaunchctl(["print-disabled", `gui/${uid}`]);
+  if (disabled.status === 0) {
+    const quoted = /"([^"]+)"\s*=>/g;
+    let match;
+    while ((match = quoted.exec(disabled.stdout)) !== null) {
+      labels.add(match[1]);
     }
   }
-  processNewLines().catch(
-    (e) => console.error(`watch error: ${e.message}`)
-  );
-  const timer = setInterval(() => {
-    nextCollectorReviveAt = maybeReviveCollector(
-      collectorHealDeps,
-      nextCollectorReviveAt,
-      COLLECTOR_REVIVE_BACKOFF_MS
-    );
-    processNewLines().catch(
-      (e) => console.error(`watch error: ${e.message}`)
+  return [...labels];
+}
+function uninstallDaemon(options = {}) {
+  const runLaunchctl = options.runLaunchctl ?? defaultLaunchctlRunner;
+  const log = options.log ?? console.log;
+  const daemonCliPath = options.daemonCliPath ?? DAEMON_CLI_PATH;
+  const plistPath = options.plistPath ?? PLIST_PATH;
+  const uid = options.uid ?? currentUid();
+  const listLabels = options.labelLister ?? defaultLaunchdLabelLister;
+  const toBootOut = /* @__PURE__ */ new Set([PLIST_LABEL]);
+  for (const label of listLabels(runLaunchctl, uid)) {
+    if (CCC_LABEL_PATTERN.test(label)) toBootOut.add(label);
+  }
+  for (const label of toBootOut) {
+    runLaunchctl(["bootout", `gui/${uid}/${label}`]);
+  }
+  if (existsSync2(plistPath)) {
+    rmSync2(plistPath, { force: true });
+    log(`Removed the background-job definition at ${plistPath}.`);
+  }
+  if (existsSync2(daemonCliPath)) {
+    rmSync2(daemonCliPath, { force: true });
+    log(`Removed the meter program copy at ${daemonCliPath}.`);
+  }
+}
+function bootoutDaemon(options = {}) {
+  const runLaunchctl = options.runLaunchctl ?? defaultLaunchctlRunner;
+  const uid = options.uid ?? currentUid();
+  const result = runLaunchctl(["bootout", `gui/${uid}/${PLIST_LABEL}`]);
+  return result.status === 0;
+}
+function parseDaemonPrint(result) {
+  if (result.status !== 0) {
+    return { loaded: false, running: false, pid: null };
+  }
+  const out = result.stdout;
+  const running = /\bstate\s*=\s*running\b/.test(out);
+  const pidMatch = out.match(/\bpid\s*=\s*(\d+)/);
+  const pid = pidMatch ? parseInt(pidMatch[1], 10) : null;
+  return { loaded: true, running, pid };
+}
+function queryDaemonStatus(options = {}) {
+  const runLaunchctl = options.runLaunchctl ?? defaultLaunchctlRunner;
+  const uid = options.uid ?? currentUid();
+  return parseDaemonPrint(runLaunchctl(["print", `gui/${uid}/${PLIST_LABEL}`]));
+}
+function readLastLines(path, maxLines) {
+  if (!existsSync2(path)) return [];
+  let text;
+  try {
+    text = readFileSync2(path, "utf8");
+  } catch {
+    return [];
+  }
+  const lines = text.split("\n");
+  if (lines.length > 0 && lines[lines.length - 1] === "") lines.pop();
+  return lines.slice(-maxLines);
+}
+var ZSHRC_PATH = join(homedir(), ".zshrc");
+function lineSourcesCccEnv(rawLine) {
+  const trimmed = rawLine.trim();
+  if (!trimmed || trimmed.startsWith("#")) return false;
+  if (!/^(source|\.)\s/.test(trimmed)) return false;
+  return trimmed.includes(".marginfront-ccc/.env");
+}
+function findCccZshrcSourceLines(zshrcPath = ZSHRC_PATH) {
+  if (!existsSync2(zshrcPath)) return { found: false, matchedLines: [] };
+  let text;
+  try {
+    text = readFileSync2(zshrcPath, "utf8");
+  } catch {
+    return { found: false, matchedLines: [] };
+  }
+  const matchedLines = text.split("\n").filter(lineSourcesCccEnv).map((line) => line.trim());
+  return { found: matchedLines.length > 0, matchedLines };
+}
+function removeCccZshrcSourceLine({
+  zshrcPath = ZSHRC_PATH,
+  log = console.log
+} = {}) {
+  if (!existsSync2(zshrcPath)) {
+    log(`Nothing to remove: ${zshrcPath} doesn't exist.`);
+    return { removed: [], backupPath: null };
+  }
+  let text;
+  try {
+    text = readFileSync2(zshrcPath, "utf8");
+  } catch {
+    log(
+      `Could not read ${zshrcPath}, so I left it untouched - remove the \`source ~/.marginfront-ccc/.env\` line by hand if you like.`
     );
-  }, WATCH_POLL_MS);
-  return function stop() {
-    clearInterval(timer);
-    if (pidFilePath) {
-      try {
-        rmSync2(pidFilePath, { force: true });
-      } catch {
-      }
-    }
-  };
+    return { removed: [], backupPath: null };
+  }
+  const removed = [];
+  const kept = [];
+  for (const line of text.split("\n")) {
+    if (lineSourcesCccEnv(line)) removed.push(line.trim());
+    else kept.push(line);
+  }
+  if (removed.length === 0) {
+    log(`Nothing to remove in ${zshrcPath}: no MarginFront source line found.`);
+    return { removed: [], backupPath: null };
+  }
+  const backupPath = `${zshrcPath}.ccc-bak`;
+  copyFileSync(zshrcPath, backupPath);
+  writeFileSync2(zshrcPath, kept.join("\n"));
+  log(
+    `Removed the redundant 'source ~/.marginfront-ccc/.env' line from ${zshrcPath} (backup at ${backupPath}).`
+  );
+  return { removed, backupPath };
 }
 
 // src/cli.ts
@@ -1820,8 +1916,10 @@ function printHelp() {
       "",
       "Commands:",
       "  init                 Set up everything: save your MarginFront secret key (mf_sk_...), not",
-      "                       your Anthropic or OpenAI key. Wire telemetry into your Claude/Codex",
-      "                       config (with your OK), and start the background meter.",
+      "                       your Anthropic or OpenAI key. Ask which developer THIS machine's AI",
+      "                       cost belongs to (for teams on a shared Claude/Codex login). Wire",
+      "                       telemetry into your Claude/Codex config (with your OK), and start",
+      "                       the background meter.",
       "  start                (Re)start the background meter - starts at login, no terminal to keep open.",
       "  status               Is the background meter running? Shows recent activity + errors.",
       "  preview <file.json>  Show the exact record it would send for a capture. No key needed.",
@@ -1846,19 +1944,29 @@ function printHelp() {
       "  automatically. No `source`, no second terminal. Check on it with `status` anytime.",
       "",
       "Prefer a live terminal view instead of the background meter? After init, run:",
-      "  npx @marginfront/code-cost-clarity run"
+      "  npx @marginfront/code-cost-clarity run",
+      "",
+      "Sharing one Claude/Codex login across a team? (per-developer cost attribution)",
+      "  During `init` we ask which developer THIS machine's AI cost belongs to and save it",
+      "  as CCC_DEVELOPER_EMAIL in ~/.marginfront-ccc/.env. At send time the order is:",
+      "    1. CCC_DEVELOPER_EMAIL (this machine's developer) - if set, it always wins;",
+      "    2. otherwise the email the coding-agent login reports;",
+      "    3. otherwise a no-identity placeholder.",
+      "  Leave it BLANK to keep the old auto-detect behavior. Edit the .env to change it,",
+      "  then `stop` and `start` (or just re-run `init`). Internal cost visibility only -",
+      "  it does NOT change anyone's bill."
     ].join("\n")
   );
 }
 function printNoIdentityHint() {
   console.log(
     [
-      "Note: usage with no engineer email is attributed to a no-identity placeholder",
+      "Note: usage with no developer email is attributed to a no-identity placeholder",
       `  ("${NO_IDENTITY_CUSTOMER}" for Claude Code, "${CODEX_NO_IDENTITY_CUSTOMER}" for Codex).`,
       "  Why: org-managed seats stamp the email automatically; some interactive logins don't.",
       "  Fix: sign in with an org-managed seat, or attach your own MarginFront customer",
       "  mapping. Until then the spend still lands, under the placeholder instead of the",
-      "  engineer's name."
+      "  developer's name."
     ].join("\n")
   );
 }
@@ -1912,6 +2020,30 @@ function promptYesNo(promptText, io = {}, defaultYes = false) {
     rl.on("close", () => finish("", false));
   });
 }
+function promptVisible(promptText, defaultValue = "", io = {}) {
+  return new Promise((resolve) => {
+    const input = io.input ?? process3.stdin;
+    const output = io.output ?? process3.stdout;
+    const interactive = io.terminal ?? Boolean(input.isTTY);
+    const rl = readline.createInterface({
+      input,
+      output,
+      terminal: interactive
+    });
+    let settled = false;
+    const finish = (answer) => {
+      if (settled) return;
+      settled = true;
+      rl.close();
+      resolve(answer.trim());
+    };
+    output.write(promptText);
+    rl.question("", (answer) => finish(answer));
+    if (interactive && defaultValue) rl.write(defaultValue);
+    rl.on("SIGINT", () => finish(""));
+    rl.on("close", () => finish(""));
+  });
+}
 function printConsentDisclosure(log) {
   log(
     [
@@ -1987,6 +2119,41 @@ async function cmdInit(noPrompt, deps = {}) {
       keySaved = true;
     }
   }
+  const shouldPromptDeveloper = !noPrompt && isTTY();
+  if (shouldPromptDeveloper) {
+    const gitDefault = (deps.gitDefaultEmail ?? (() => gitGlobalUserEmail()))();
+    const savedDeveloperEmail = loadEnv()["CCC_DEVELOPER_EMAIL"];
+    const defaultEmail = savedDeveloperEmail || gitDefault;
+    log(
+      [
+        "",
+        "Who should this machine's AI cost be attributed to?",
+        "  If your team shares ONE Claude/Codex login, every developer's usage looks",
+        "  like the same person. Naming the developer here splits this laptop's spend",
+        "  back out to them. (Internal cost visibility only - it does NOT change anyone's bill.)",
+        "",
+        "  - Press Enter to accept the pre-filled email (from your global git config).",
+        "  - Type a different email to attribute this machine to someone else.",
+        "  - Clear it and leave it BLANK to auto-detect from your coding-agent login",
+        "    (today's behavior - usage is tagged with whatever email the login reports).",
+        ""
+      ].join("\n")
+    );
+    const askDeveloper = deps.promptDeveloperEmail ?? ((defaultValue) => promptVisible(
+      "Developer email for this machine's AI cost: ",
+      defaultValue
+    ));
+    const chosenEmail = (await askDeveloper(defaultEmail)).trim();
+    const writeDeveloper = deps.writeDeveloperEmail ?? ((value) => writeDeveloperEmailToEnv(value));
+    writeDeveloper(chosenEmail);
+    if (chosenEmail) {
+      log(`Will attribute this machine's AI cost to ${chosenEmail}.`);
+    } else {
+      log(
+        "Left attribution on auto-detect (this machine's AI cost follows the coding-agent login)."
+      );
+    }
+  }
   printConsentDisclosure(log);
   let consented;
   if (noPrompt) {
@@ -2148,8 +2315,10 @@ async function cmdStart(deps = {}) {
     errorLog(
       [
         "",
-        `Check again anytime:  npx ${PKG_NAME} status`,
-        `Re-check your MarginFront key (mf_sk_...) with:  npx ${PKG_NAME} init  (then run start again)`
+        // Pin @latest so a stale npx cache can't run an old build that hides the real
+        // version (or a command this build added).
+        `Check again anytime:  npx ${PKG_NAME}@latest status`,
+        `Re-check your MarginFront key (mf_sk_...) with:  npx ${PKG_NAME}@latest init  (then run start again)`
       ].join("\n")
     );
     return 1;
@@ -2179,6 +2348,10 @@ function printDaemonLogTail(label, path) {
   for (const line of lines) console.log(`  ${line}`);
 }
 function cmdStatus() {
+  console.log(`CCC version ${readVersion()}.`);
+  console.log(
+    `  (If a command looks missing, re-run pinned to the latest: npx ${PKG_NAME}@latest status)`
+  );
   const status = queryDaemonStatus();
   if (!status.loaded) {
     console.log(
@@ -2209,9 +2382,12 @@ function cmdPreview(positionals, foldCache) {
     return 1;
   }
   const parsedOtlp = readAndParseOtlpFile(inputFilePath);
+  loadEnvFile();
+  const developerOverride = resolveDeveloperOverride(process3.env);
   const body = buildRequestBodyForLine(parsedOtlp, {
     foldCache,
-    fallbackCustomerId: NO_IDENTITY_CUSTOMER
+    fallbackCustomerId: NO_IDENTITY_CUSTOMER,
+    developerOverride
   });
   console.log(JSON.stringify(body, null, 2));
   const usedFallback = body.records.some(
@@ -2362,12 +2538,31 @@ async function cmdStop() {
   }
   return 0;
 }
-function cmdUninstall(purge, deps = {}) {
+async function cmdUninstall(purge, deps = {}) {
   const log = deps.log ?? console.log;
   const removeDaemon = deps.uninstallDaemon ?? (() => uninstallDaemon({ log }));
   const stopColl = deps.stopCollector ?? (() => {
     stopCollector({ log });
   });
+  const readForwarderPid = deps.readForwarderPid ?? (() => {
+    if (!existsSync3(FORWARDER_PID_PATH)) return null;
+    try {
+      const raw = readFileSync3(FORWARDER_PID_PATH, "utf8").trim();
+      const parsed = parseInt(raw, 10);
+      return Number.isInteger(parsed) ? parsed : null;
+    } catch {
+      return null;
+    }
+  });
+  const isForwarderAlive = deps.isForwarderAlive ?? ((pid) => isPidAlive(pid));
+  const signalForwarder = deps.signalForwarder ?? ((pid, signal) => {
+    try {
+      process3.kill(pid, signal);
+    } catch {
+    }
+  });
+  const sleep = deps.sleep ?? ((ms) => new Promise((r) => setTimeout(r, ms)));
+  const now = deps.now ?? (() => Date.now());
   const removeClaude = deps.removeClaudeTelemetry ?? (() => removeClaudeTelemetrySettings({ log }));
   const removeCodex = deps.removeCodexConfig ?? (() => removeCodexOtelConfig({ log }));
   const removeFile = deps.removeRuntimeFile ?? ((path) => {
@@ -2380,7 +2575,23 @@ function cmdUninstall(purge, deps = {}) {
   const findZshrc = deps.findZshrcLines ?? (() => findCccZshrcSourceLines());
   const unsetDesktop = deps.unsetDesktopEnv ?? (() => unsetDesktopGuiEnv());
   removeDaemon();
-  stopColl();
+  const forwarderPid = readForwarderPid();
+  await stopForwarderThenStopCollector(
+    {
+      isForwarderAlive: () => forwarderPid !== null && isForwarderAlive(forwarderPid),
+      signalForwarder: (signal) => {
+        if (forwarderPid !== null) signalForwarder(forwarderPid, signal);
+      },
+      stopCollector: () => {
+        stopColl();
+      },
+      sleep,
+      now,
+      log
+    },
+    STOP_FORWARDER_POLL_MS,
+    STOP_FORWARDER_TIMEOUT_MS
+  );
   removeClaude();
   removeCodex();
   unsetDesktop();
@@ -2461,7 +2672,7 @@ async function main() {
     case "stop":
       return cmdStop();
     case "uninstall":
-      return cmdUninstall(flags.has("--purge"));
+      return await cmdUninstall(flags.has("--purge"));
     default:
       console.error(`Unknown command "${command}".
 `);
@@ -2490,6 +2701,7 @@ export {
   cmdRun,
   cmdStart,
   cmdUninstall,
+  promptVisible,
   promptYesNo,
   runningForwarderPid,
   stopForwarderThenStopCollector