@marginfront/code-cost-clarity 0.5.4

package/dist/cli.js

@@ -0,0 +1,2496 @@
+#!/usr/bin/env node
+
+// src/cli.ts
+import { existsSync as existsSync3, rmSync as rmSync3, readFileSync as readFileSync3, realpathSync } from "fs";
+import { fileURLToPath as fileURLToPath2 } from "url";
+import readline from "readline";
+import process3 from "process";
+
+// src/connector.ts
+import {
+  existsSync,
+  mkdirSync,
+  writeFileSync,
+  readFileSync,
+  openSync,
+  rmSync,
+  chmodSync,
+  copyFileSync
+} from "fs";
+import { spawn, spawnSync, execFileSync } from "child_process";
+import { createHash } from "crypto";
+import { homedir, tmpdir, platform, arch } from "os";
+import { join, dirname } from "path";
+import { fileURLToPath } from "url";
+import process from "process";
+var CONFIG_DIR = join(homedir(), ".marginfront-ccc");
+var ENV_PATH = join(CONFIG_DIR, ".env");
+var COLLECTOR_CONFIG_PATH = join(CONFIG_DIR, "otel-collector.yaml");
+var COLLECTOR_BIN_PATH = join(CONFIG_DIR, "otelcol-contrib");
+var LIVE_JSONL_PATH = join(CONFIG_DIR, "live-otlp.jsonl");
+var COLLECTOR_PID_PATH = join(CONFIG_DIR, "collector.pid");
+var COLLECTOR_LOG_PATH = join(CONFIG_DIR, "collector.log");
+var FORWARDER_CURSOR_PATH = join(CONFIG_DIR, "forwarder.cursor");
+var FORWARDER_QUEUE_PATH = join(CONFIG_DIR, "forwarder.queue.jsonl");
+var FORWARDER_PID_PATH = join(CONFIG_DIR, "forwarder.pid");
+var VERSION_PATTERN = /^v\d+\.\d+\.\d+$/;
+function resolveOtelcolVersion(override = process.env.CCC_OTELCOL_VERSION) {
+  const DEFAULT_VERSION = "v0.154.0";
+  if (!override) return DEFAULT_VERSION;
+  if (!VERSION_PATTERN.test(override)) {
+    throw new Error(
+      `Invalid CCC_OTELCOL_VERSION "${override}".
+What happened: you set the collector version override, but it isn't a valid version number.
+Why this is strict: that value goes into a download URL and a filename, so a malformed one could point the installer somewhere unsafe. We refuse rather than guess.
+Fix: use the form vMAJOR.MINOR.PATCH (for example CCC_OTELCOL_VERSION=v0.154.0), or unset it to use the built-in pinned version.`
+    );
+  }
+  return override;
+}
+var OTELCOL_VERSION = resolveOtelcolVersion();
+var COLLECTOR_CHECKSUMS = {
+  "otelcol-contrib_0.154.0_darwin_amd64.tar.gz": "14f7f825a7ad7ee0799947ff70a42b9a5528a9c1411ab45f8fcc4caeb9346f7b",
+  "otelcol-contrib_0.154.0_darwin_arm64.tar.gz": "de3af70ef0b80af213911cc9ba8daf553348dd22ed1fb15db561d207fc2cb3d9",
+  "otelcol-contrib_0.154.0_linux_amd64.tar.gz": "f0fe6e7b1d81936d4e5a3aad7a678f3fc2f8ada2a9f8f37f37542813c12ed322",
+  "otelcol-contrib_0.154.0_linux_arm64.tar.gz": "52310bfcb5a952c072e8abff7f0f2940ee38cea36752a4a4e1a4e21c2088c3f9"
+};
+function verifyTarballChecksum(tarballPath, expectedSha256) {
+  const actual = createHash("sha256").update(readFileSync(tarballPath)).digest("hex").toLowerCase();
+  return actual === expectedSha256.toLowerCase();
+}
+function renderEnvFile() {
+  return `# ============================================================
+# Claude Code -> MarginFront connector: environment settings
+# ============================================================
+# MAIN JOB of this file: hold your MARGINFRONT_API_KEY (below) so the background
+# meter can read it - fill that in (init usually does it for you).
+#
+# As of v0.5.0 you do NOT need to 'source' this before running Claude Code:
+# 'init' wires the telemetry settings into ~/.claude/settings.json for you, so
+# every 'claude'/'codex' session (and the desktop apps) broadcast on their own.
+# Sourcing this is only useful for the manual, foreground 'run' path.
+#
+# This file stays on your machine; it is never published or committed.
+# ============================================================
+
+# Turns on Claude Code's usage broadcasting. Leave as 1.
+CLAUDE_CODE_ENABLE_TELEMETRY=1
+
+# Send usage as OpenTelemetry metrics. Leave as otlp.
+OTEL_METRICS_EXPORTER=otlp
+
+# Send Claude Code's EVENTS (the per-tool-call records) too. Leave as otlp.
+# Tokens come in as metrics (above); a paid tool call (Google Maps, Browserbase,
+# a paid MCP server) only shows up on this EVENT stream - without this line Claude
+# Code broadcasts no tool activity and tool spend can't be tracked (LOWAI-478).
+OTEL_LOGS_EXPORTER=otlp
+
+# Use HTTP/protobuf. Verified working; gRPC on 4317 silently failed in testing.
+OTEL_EXPORTER_OTLP_PROTOCOL=http/protobuf
+
+# Where the local collector listens. Must match the collector YAML.
+OTEL_EXPORTER_OTLP_ENDPOINT=http://127.0.0.1:4318
+
+# How often Claude Code flushes usage, in milliseconds.
+#   300000 = 5 minutes - batches usage so you get roughly one event per turn
+#   without a long wait. Raise to 600000 (10 min) to batch harder; lower to
+#   60000 (1 min) or 5000 (5 s) for a more live drip.
+OTEL_METRIC_EXPORT_INTERVAL=300000
+
+# Tool-call costs (LOWAI-478) need NOTHING configured here. Every tool your agents
+# fire (other than free built-ins like Read/Bash) is forwarded automatically;
+# MarginFront's pricing catalog decides what's billable and at what rate. Add price
+# rows for your paid tools in MarginFront - there's no client-side list to maintain.
+
+# YOUR MarginFront SECRET key (mf_sk_*). Create or copy one at:
+#   app.marginfront.com -> Build -> API Keys -> "Create Key Pair"
+#   (https://app.marginfront.com/developer-zone/api-keys)
+# Use the SECRET key (mf_sk_*) - a publishable key (mf_pk_*) is rejected on send.
+# The forwarder reads this from the environment only; it is never hardcoded.
+# Leave blank to run in no-identity preview mode (see the README).
+MARGINFRONT_API_KEY=
+`;
+}
+function renderCollectorYaml(jsonlPath = LIVE_JSONL_PATH) {
+  return `# OpenTelemetry Collector config - Claude Code -> MarginFront
+# ---------------------------------------------------------------------------
+# WHAT THIS DOES, plainly: it's the "catcher." Claude Code broadcasts its token
+# usage here; this collector batches what it hears and writes it to a file,
+# which the forwarder tails and turns into MarginFront usage rows.
+# ---------------------------------------------------------------------------
+
+receivers:
+  # The door Claude Code knocks on. It listens for OpenTelemetry (OTLP) on the
+  # two standard local ports. We point Claude Code at HTTP/protobuf on 4318 -
+  # gRPC on 4317 silently failed to connect from Claude Code 2.1.185 in testing,
+  # so 4318 is the one that actually works. Bound to localhost only.
+  otlp:
+    protocols:
+      grpc:
+        endpoint: 127.0.0.1:4317
+      http:
+        endpoint: 127.0.0.1:4318
+
+processors:
+  # THE NO-DOUBLE-COUNT PROCESSOR. Claude Code emits CUMULATIVE counters (each
+  # export is the running total since the session started), and it ignores the
+  # "give me deltas" env var. Without this, the forwarder would record the
+  # running total every export - re-counting everything before it. This turns
+  # each cumulative total into the increment since the last export.
+  cumulativetodelta: {}
+
+  # Group what arrives into small batches and flush quickly, so the live view
+  # feels near-real-time rather than trickling one datapoint at a time.
+  batch:
+    timeout: 1s
+
+exporters:
+  # Write each batch as one line of OTLP/JSON (JSON Lines). The forwarder
+  # watches this file and records each new line. Both pipelines below share this
+  # one exporter, so Claude Code's metrics and Codex's logs land in the SAME file
+  # (each as its own line) and the one forwarder reads both.
+  file:
+    path: ${jsonlPath}
+
+service:
+  telemetry:
+    logs:
+      # The collector's OWN log verbosity (how chatty otelcol itself is). This is
+      # NOT a data pipeline - it does not catch Codex's usage logs. The pipeline
+      # that does is service.pipelines.logs below. Keep this quiet.
+      level: warn
+  pipelines:
+    # Claude Code source: token + cost COUNTERS arrive as metrics.
+    # Receive -> de-dupe (cumulative->delta) -> batch -> file.
+    metrics:
+      receivers: [otlp]
+      processors: [cumulativetodelta, batch]
+      exporters: [file]
+    # Codex source (LOWAI-463): Codex reports usage on the LOG stream, not as
+    # metrics, so it needs its own pipeline. No cumulativetodelta here - that's a
+    # METRICS processor and doesn't apply to logs; each Codex log record is one
+    # turn's usage on its own. Receive -> batch -> file (the same file).
+    logs:
+      receivers: [otlp]
+      processors: [batch]
+      exporters: [file]
+`;
+}
+var CODEX_CONFIG_PATH = join(homedir(), ".codex", "config.toml");
+var CODEX_CCC_BEGIN_MARKER = "# >>> MarginFront code-cost-clarity - auto-added; `npx @marginfront/code-cost-clarity uninstall` removes this block >>>";
+var CODEX_CCC_END_MARKER = "# <<< MarginFront code-cost-clarity - end of auto-added block <<<";
+var CODEX_OTEL_TOML_BLOCK = [
+  "[otel]",
+  'exporter = { otlp-http = { endpoint = "http://127.0.0.1:4318/v1/logs", protocol = "binary" } }'
+].join("\n");
+function renderCodexCccBlock() {
+  return [
+    CODEX_CCC_BEGIN_MARKER,
+    CODEX_OTEL_TOML_BLOCK,
+    CODEX_CCC_END_MARKER
+  ].join("\n");
+}
+function renderCodexConfigInstructions() {
+  return [
+    "Optional - also capture Codex (in addition to, or instead of, Claude Code):",
+    "",
+    "  Codex reports its usage to the SAME local collector, so there's nothing",
+    "  extra to install. Add this block to your ~/.codex/config.toml:",
+    "",
+    // Single-sourced from CODEX_OTEL_TOML_BLOCK above, indented for the printout,
+    // so the pasted block always matches what the auto-writer would write.
+    ...CODEX_OTEL_TOML_BLOCK.split("\n").map((line) => "    " + line),
+    "",
+    "  Then run Codex normally. `run` already watches both sources - Claude Code,",
+    "  Codex, or both - from the one collector file; there's no extra flag.",
+    "",
+    "  Note: exact [otel] key names can vary by Codex version, and whether your",
+    "  engineer email shows up depends on how you sign in (org API key vs ChatGPT",
+    "  login). If the email doesn't surface, usage still lands under the no-identity",
+    "  placeholder. See the README's Codex section for the full details."
+  ].join("\n");
+}
+function lineDeclaresOtelTable(rawLine) {
+  const beforeComment = rawLine.split("#")[0].trim();
+  if (!beforeComment) return false;
+  let firstToken;
+  if (beforeComment.startsWith("[")) {
+    const inner = beforeComment.replace(/^\[+/, "").trim();
+    const path = inner.split("]")[0].trim();
+    firstToken = path.split(".")[0].trim();
+  } else {
+    firstToken = beforeComment.split(/[.=\s]/)[0].trim();
+  }
+  firstToken = firstToken.replace(/^["']|["']$/g, "");
+  return firstToken === "otel";
+}
+function codexConfigHasOtelTable(content) {
+  return content.split(/\r?\n/).some(lineDeclaresOtelTable);
+}
+function codexConfigHasCccBlock(configPath = CODEX_CONFIG_PATH) {
+  if (!existsSync(configPath)) return false;
+  try {
+    return readFileSync(configPath, "utf8").includes(CODEX_CCC_BEGIN_MARKER);
+  } catch {
+    return false;
+  }
+}
+function writeCodexOtelConfig({
+  configPath = CODEX_CONFIG_PATH,
+  log = console.log
+} = {}) {
+  if (!existsSync(configPath)) {
+    mkdirSync(dirname(configPath), { recursive: true });
+    writeFileSync(configPath, renderCodexCccBlock() + "\n");
+    log(
+      `Created ${configPath} and wired Codex to the local collector for you.`
+    );
+    return { action: "created", backupPath: null };
+  }
+  const content = readFileSync(configPath, "utf8");
+  if (content.includes(CODEX_CCC_BEGIN_MARKER)) {
+    log(`Codex is already wired up in ${configPath} - nothing to do.`);
+    return { action: "skipped-existing", backupPath: null };
+  }
+  if (codexConfigHasOtelTable(content)) {
+    log(
+      `Left your existing [otel] settings in ${configPath} untouched - add the MarginFront block by hand if you want Codex captured too.`
+    );
+    return { action: "skipped-existing", backupPath: null };
+  }
+  const backupPath = `${configPath}.ccc-bak`;
+  copyFileSync(configPath, backupPath);
+  const separator = content.length > 0 ? "\n" : "";
+  writeFileSync(configPath, content + separator + renderCodexCccBlock() + "\n");
+  log(
+    `Added the MarginFront telemetry block to ${configPath} (backup at ${backupPath}).`
+  );
+  return { action: "appended", backupPath };
+}
+function removeCodexOtelConfig({
+  configPath = CODEX_CONFIG_PATH,
+  log = console.log
+} = {}) {
+  if (!existsSync(configPath)) {
+    log(
+      `Nothing to undo: ${configPath} doesn't exist (Codex was never wired up here).`
+    );
+    return { action: "missing", backupPath: null };
+  }
+  const content = readFileSync(configPath, "utf8");
+  const beginIdx = content.indexOf(CODEX_CCC_BEGIN_MARKER);
+  const endIdx = content.indexOf(CODEX_CCC_END_MARKER);
+  if (beginIdx === -1 || endIdx === -1 || endIdx < beginIdx) {
+    log(
+      `Nothing to undo: ${configPath} has no MarginFront block (left every other setting untouched).`
+    );
+    return { action: "no-marker", backupPath: null };
+  }
+  let cutStart = beginIdx;
+  let cutEnd = endIdx + CODEX_CCC_END_MARKER.length;
+  if (content[cutEnd] === "\n") cutEnd += 1;
+  if (content[cutStart - 1] === "\n") {
+    cutStart -= 1;
+  }
+  const backupPath = existsSync(`${configPath}.ccc-bak`) ? `${configPath}.ccc-bak` : null;
+  writeFileSync(configPath, content.slice(0, cutStart) + content.slice(cutEnd));
+  log(
+    `Removed the MarginFront block from ${configPath}` + (backupPath ? ` (your original is preserved at ${backupPath}).` : ".")
+  );
+  return { action: "removed", backupPath };
+}
+function resolveCollectorAsset(nodePlatform = platform(), nodeArch = arch(), version = OTELCOL_VERSION) {
+  const osMap = { darwin: "darwin", linux: "linux" };
+  const archMap = { arm64: "arm64", x64: "amd64" };
+  const os = osMap[nodePlatform];
+  const cpu = archMap[nodeArch];
+  if (!os) {
+    throw new Error(
+      `Unsupported operating system "${nodePlatform}". The bundled collector supports macOS (darwin) and Linux. On Windows, run this under WSL.`
+    );
+  }
+  if (!cpu) {
+    throw new Error(
+      `Unsupported CPU architecture "${nodeArch}". The bundled collector supports arm64 and x64 (amd64).`
+    );
+  }
+  const versionNoV = version.replace(/^v/, "");
+  const asset = `otelcol-contrib_${versionNoV}_${os}_${cpu}.tar.gz`;
+  const url = `https://github.com/open-telemetry/opentelemetry-collector-releases/releases/download/${version}/${asset}`;
+  return { os, cpu, asset, url, version };
+}
+function ensureCollectorBinary({
+  force = false,
+  log = console.log
+} = {}) {
+  if (existsSync(COLLECTOR_BIN_PATH) && !force) {
+    log(
+      `Collector already present at ${COLLECTOR_BIN_PATH} - skipping download.`
+    );
+    return COLLECTOR_BIN_PATH;
+  }
+  const { asset, url, version } = resolveCollectorAsset();
+  const tgzPath = join(tmpdir(), asset);
+  log(
+    `Downloading the collector (${asset}, ~360 MB) - this can take a minute\u2026`
+  );
+  try {
+    execFileSync("curl", ["-fSL", "-o", tgzPath, url], { stdio: "inherit" });
+  } catch {
+    throw new Error(
+      `Could not download the collector from ${url}
+What happened: the download failed (network issue, or version ${version} has no asset for your platform).
+Fix: check your internet connection, or pin a different version with CCC_OTELCOL_VERSION=v0.155.0 (see the OpenTelemetry collector releases page).`
+    );
+  }
+  const expectedSha256 = COLLECTOR_CHECKSUMS[asset];
+  if (!expectedSha256) {
+    throw new Error(
+      `Refusing to run an unverified collector.
+What happened: there is no pinned, known-good fingerprint on file for "${asset}" (version ${version}).
+Why: this tool refuses to make ANY downloaded program executable unless we can first confirm it's exactly the release we trust.
+Fix: install the built-in pinned version (unset CCC_OTELCOL_VERSION), or add this release's official signed SHA-256 to the package's pinned checksums before installing it. The download is left at ${tgzPath} so you can verify it yourself.`
+    );
+  }
+  log("Verifying the downloaded collector's fingerprint\u2026");
+  if (!verifyTarballChecksum(tgzPath, expectedSha256)) {
+    try {
+      rmSync(tgzPath, { force: true });
+    } catch {
+    }
+    throw new Error(
+      `Collector integrity check FAILED - refusing to install.
+What happened: the collector we downloaded for "${asset}" does NOT match its known-good fingerprint, so we deleted it and stopped.
+Why this probably happened: the file was altered between GitHub and your machine - most often a corporate TLS-inspecting proxy rewriting the download, a corrupted transfer, or (worst case) a tampered release.
+Fix: re-run the install on a network without a man-in-the-middle proxy. If it keeps failing on a clean network, do NOT bypass this - report it, because a persistent mismatch can mean the download is being tampered with.`
+    );
+  }
+  log("Fingerprint verified - the collector is exactly the trusted release.");
+  log(`Unpacking the collector into ${CONFIG_DIR}\u2026`);
+  try {
+    execFileSync("tar", ["xzf", tgzPath, "-C", CONFIG_DIR, "otelcol-contrib"], {
+      stdio: "inherit"
+    });
+  } catch {
+    throw new Error(
+      `Could not unpack ${tgzPath}.
+What happened: the downloaded archive didn't contain the expected otelcol-contrib binary, or tar isn't available.
+Fix: delete the file above and re-run \`npx @marginfront/code-cost-clarity init\`.`
+    );
+  } finally {
+    try {
+      rmSync(tgzPath, { force: true });
+    } catch {
+    }
+  }
+  try {
+    execFileSync("chmod", ["755", COLLECTOR_BIN_PATH]);
+  } catch {
+  }
+  log(`Collector installed at ${COLLECTOR_BIN_PATH}.`);
+  return COLLECTOR_BIN_PATH;
+}
+function ensureConfigFiles({
+  log = console.log
+} = {}) {
+  if (!existsSync(CONFIG_DIR)) {
+    mkdirSync(CONFIG_DIR, { recursive: true });
+    log(`Created ${CONFIG_DIR}.`);
+  }
+  if (existsSync(ENV_PATH)) {
+    log(`Kept your existing settings file at ${ENV_PATH} (API key preserved).`);
+  } else {
+    writeFileSync(ENV_PATH, renderEnvFile(), { mode: 384 });
+    log(`Wrote settings template to ${ENV_PATH} - add your API key there.`);
+  }
+  writeFileSync(COLLECTOR_CONFIG_PATH, renderCollectorYaml());
+  log(`Wrote collector config to ${COLLECTOR_CONFIG_PATH}.`);
+}
+function loadEnvFile(path = ENV_PATH) {
+  if (!existsSync(path)) return {};
+  const loaded = {};
+  let text;
+  try {
+    text = readFileSync(path, "utf8");
+  } catch {
+    return {};
+  }
+  for (const rawLine of text.split("\n")) {
+    const line = rawLine.trim();
+    if (!line || line.startsWith("#")) continue;
+    const eq = line.indexOf("=");
+    if (eq === -1) continue;
+    const key = line.slice(0, eq).trim();
+    let value = line.slice(eq + 1).trim();
+    if (value.length >= 2 && (value.startsWith('"') && value.endsWith('"') || value.startsWith("'") && value.endsWith("'"))) {
+      value = value.slice(1, -1);
+    }
+    if (!key) continue;
+    loaded[key] = value;
+    if (process.env[key] === void 0) {
+      process.env[key] = value;
+    }
+  }
+  return loaded;
+}
+function writeApiKeyToEnv(value, path = ENV_PATH) {
+  const current = existsSync(path) ? readFileSync(path, "utf8") : renderEnvFile();
+  const keyLine = /^MARGINFRONT_API_KEY=.*$/m;
+  let next;
+  if (keyLine.test(current)) {
+    next = current.replace(keyLine, () => `MARGINFRONT_API_KEY=${value}`);
+  } else {
+    const sep = current.endsWith("\n") || current === "" ? "" : "\n";
+    next = `${current}${sep}MARGINFRONT_API_KEY=${value}
+`;
+  }
+  writeFileSync(path, next, { mode: 384 });
+  chmodSync(path, 384);
+}
+var CLAUDE_SETTINGS_PATH = join(homedir(), ".claude", "settings.json");
+var CLAUDE_SETTINGS_OWNERSHIP_PATH = join(
+  CONFIG_DIR,
+  "claude-settings-owned.json"
+);
+var CCC_OWNED_TELEMETRY_KEYS = [
+  "CLAUDE_CODE_ENABLE_TELEMETRY",
+  "OTEL_METRICS_EXPORTER",
+  "OTEL_LOGS_EXPORTER",
+  "OTEL_EXPORTER_OTLP_PROTOCOL",
+  "OTEL_EXPORTER_OTLP_ENDPOINT",
+  "OTEL_METRIC_EXPORT_INTERVAL"
+];
+var CCC_TELEMETRY_VALUES = {
+  // Turns on Claude Code's usage broadcasting.
+  CLAUDE_CODE_ENABLE_TELEMETRY: "1",
+  // Send token usage as OpenTelemetry metrics.
+  OTEL_METRICS_EXPORTER: "otlp",
+  // Send the per-tool-call EVENT stream too (needed for tool-call line items).
+  OTEL_LOGS_EXPORTER: "otlp",
+  // HTTP/protobuf - verified working; gRPC on 4317 silently failed in testing.
+  OTEL_EXPORTER_OTLP_PROTOCOL: "http/protobuf",
+  // Point Claude Code at the local collector (must match the collector YAML).
+  OTEL_EXPORTER_OTLP_ENDPOINT: "http://127.0.0.1:4318",
+  // Flush usage every 5 minutes (batched ~one event per turn).
+  OTEL_METRIC_EXPORT_INTERVAL: "300000"
+};
+function isPlainObject(value) {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function backupClaudeSettings(settingsPath) {
+  const backupPath = `${settingsPath}.ccc-bak`;
+  copyFileSync(settingsPath, backupPath);
+  return backupPath;
+}
+function readClaudeSettingsOwnership(ownershipPath) {
+  if (!existsSync(ownershipPath)) return null;
+  try {
+    const parsed = JSON.parse(readFileSync(ownershipPath, "utf8"));
+    if (!isPlainObject(parsed) || !isPlainObject(parsed.ownedKeys)) {
+      return null;
+    }
+    const out = {};
+    for (const [key, value] of Object.entries(parsed.ownedKeys)) {
+      out[key] = String(value);
+    }
+    return out;
+  } catch {
+    return null;
+  }
+}
+function writeClaudeSettingsOwnership(ownershipPath, ownedKeys) {
+  mkdirSync(dirname(ownershipPath), { recursive: true });
+  const payload = {
+    _comment: "MarginFront code-cost-clarity wrote these telemetry keys into your Claude Code settings.json. Uninstall removes ONLY the keys below, and only if their value still matches. Safe to delete by hand if you've already cleaned up settings.json yourself.",
+    ownedKeys
+  };
+  writeFileSync(ownershipPath, JSON.stringify(payload, null, 2) + "\n");
+}
+function writeClaudeTelemetrySettings(vars, {
+  settingsPath = CLAUDE_SETTINGS_PATH,
+  ownershipPath = CLAUDE_SETTINGS_OWNERSHIP_PATH,
+  log = console.log
+} = {}) {
+  let settings = {};
+  const fileExists = existsSync(settingsPath);
+  if (fileExists) {
+    let parsed;
+    try {
+      parsed = JSON.parse(readFileSync(settingsPath, "utf8"));
+    } catch {
+      const backupPath2 = backupClaudeSettings(settingsPath);
+      throw new Error(
+        `Could not update ${settingsPath}.
+What happened: your Claude Code settings file isn't valid JSON, so we stopped instead of risking your settings.
+What we did: saved an untouched copy at ${backupPath2}.
+Fix: open the file and repair the JSON (a common cause is a trailing comma or a missing quote), then run init again. We will not modify a file we can't read.`
+      );
+    }
+    if (!isPlainObject(parsed)) {
+      const backupPath2 = backupClaudeSettings(settingsPath);
+      throw new Error(
+        `Could not update ${settingsPath}.
+What happened: the top level of your Claude Code settings file isn't a JSON object (it looks like an array or a single value), so there's nowhere safe to add the telemetry settings.
+What we did: saved an untouched copy at ${backupPath2}.
+Fix: make the file a normal JSON object like { "env": { ... } }, then run init again.`
+      );
+    }
+    settings = parsed;
+  }
+  if ("env" in settings && !isPlainObject(settings.env)) {
+    const backupPath2 = backupClaudeSettings(settingsPath);
+    throw new Error(
+      `Could not update ${settingsPath}.
+What happened: your settings file has an "env" entry that isn't a block of key/value settings (it's null, a list, or a single value), so we stopped instead of overwriting it.
+What we did: saved an untouched copy at ${backupPath2}.
+Fix: change "env" to a normal object like { "KEY": "value" } (or remove it), then run init again.`
+    );
+  }
+  const hadEnv = isPlainObject(settings.env);
+  const env = hadEnv ? settings.env : {};
+  const priorOwned = readClaudeSettingsOwnership(ownershipPath) ?? {};
+  const ownedKeys = {};
+  const written = [];
+  const skipped = [];
+  let mutated = false;
+  for (const key of CCC_OWNED_TELEMETRY_KEYS) {
+    if (!(key in vars)) continue;
+    const canonical = String(vars[key]);
+    const current = env[key];
+    if (current === void 0) {
+      env[key] = canonical;
+      ownedKeys[key] = canonical;
+      written.push(key);
+      mutated = true;
+    } else if (current === canonical) {
+      if (priorOwned[key] === canonical) {
+        ownedKeys[key] = canonical;
+        written.push(key);
+      } else {
+        skipped.push(key);
+      }
+    } else {
+      skipped.push(key);
+    }
+  }
+  let backupPath = null;
+  if (mutated) {
+    if (!hadEnv) settings.env = env;
+    if (fileExists) backupPath = backupClaudeSettings(settingsPath);
+    mkdirSync(dirname(settingsPath), { recursive: true });
+    writeFileSync(settingsPath, JSON.stringify(settings, null, 2) + "\n");
+    log(
+      `Wrote ${written.length} telemetry setting(s) into ${settingsPath}` + (backupPath ? ` (backup at ${backupPath}).` : ".")
+    );
+  } else {
+    log(`No changes needed in ${settingsPath} - telemetry already in place.`);
+  }
+  writeClaudeSettingsOwnership(ownershipPath, ownedKeys);
+  if (skipped.length) {
+    log(
+      `Left ${skipped.length} setting(s) you already had in place untouched: ` + skipped.join(", ")
+    );
+  }
+  return { written, skipped, backupPath };
+}
+function removeClaudeTelemetrySettings({
+  settingsPath = CLAUDE_SETTINGS_PATH,
+  ownershipPath = CLAUDE_SETTINGS_OWNERSHIP_PATH,
+  log = console.log
+} = {}) {
+  const removed = [];
+  const kept = [];
+  const owned = readClaudeSettingsOwnership(ownershipPath);
+  if (owned === null) {
+    log(
+      `Nothing to undo: no MarginFront ownership record found at ${ownershipPath} (either it was never written, or it's already been removed).`
+    );
+    return { removed, kept, backupPath: null };
+  }
+  if (!existsSync(settingsPath)) {
+    log(
+      `Nothing to undo: ${settingsPath} doesn't exist. Removing the stale ownership record.`
+    );
+    rmSync(ownershipPath, { force: true });
+    return { removed, kept, backupPath: null };
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(readFileSync(settingsPath, "utf8"));
+  } catch {
+    log(
+      `Could not undo cleanly: ${settingsPath} isn't valid JSON right now, so we left it untouched. Fix the JSON and re-run uninstall, or remove the telemetry keys by hand.`
+    );
+    return { removed, kept, backupPath: null };
+  }
+  if (!isPlainObject(parsed)) {
+    log(
+      `Could not undo cleanly: ${settingsPath} isn't a JSON object, so we left it untouched.`
+    );
+    return { removed, kept, backupPath: null };
+  }
+  const settings = parsed;
+  const env = isPlainObject(settings.env) ? settings.env : null;
+  let mutated = false;
+  for (const [key, canonical] of Object.entries(owned)) {
+    if (env && env[key] === canonical) {
+      delete env[key];
+      removed.push(key);
+      mutated = true;
+    } else {
+      kept.push(key);
+    }
+  }
+  if (env && Object.keys(env).length === 0) {
+    delete settings.env;
+    mutated = true;
+  }
+  let backupPath = null;
+  if (mutated) {
+    backupPath = backupClaudeSettings(settingsPath);
+    writeFileSync(settingsPath, JSON.stringify(settings, null, 2) + "\n");
+    log(
+      `Removed ${removed.length} MarginFront telemetry setting(s) from ${settingsPath} (backup at ${backupPath}).`
+    );
+  } else {
+    log(
+      `Nothing to remove from ${settingsPath} - the telemetry keys were already gone or you'd changed them (left untouched).`
+    );
+  }
+  rmSync(ownershipPath, { force: true });
+  return { removed, kept, backupPath };
+}
+function isPidAlive(pid) {
+  if (!pid || !Number.isInteger(pid)) return false;
+  try {
+    process.kill(pid, 0);
+    return true;
+  } catch (err) {
+    return err?.code === "EPERM";
+  }
+}
+function readCollectorPid() {
+  if (!existsSync(COLLECTOR_PID_PATH)) return null;
+  try {
+    const pid = parseInt(readFileSync(COLLECTOR_PID_PATH, "utf8").trim(), 10);
+    return Number.isInteger(pid) ? pid : null;
+  } catch {
+    return null;
+  }
+}
+function startCollector({ log = console.log } = {}) {
+  const existing = readCollectorPid();
+  if (isPidAlive(existing)) {
+    log(`Collector already running (pid ${existing}).`);
+    return { pid: existing, startedByUs: false };
+  }
+  if (!existsSync(COLLECTOR_BIN_PATH)) {
+    throw new Error(
+      "Collector binary is missing. Run `npx @marginfront/code-cost-clarity init` first."
+    );
+  }
+  const logFd = openSync(COLLECTOR_LOG_PATH, "a");
+  const child = spawn(COLLECTOR_BIN_PATH, ["--config", COLLECTOR_CONFIG_PATH], {
+    cwd: CONFIG_DIR,
+    detached: true,
+    stdio: ["ignore", logFd, logFd]
+  });
+  child.unref();
+  writeFileSync(COLLECTOR_PID_PATH, String(child.pid));
+  log(`Started collector (pid ${child.pid}); logs at ${COLLECTOR_LOG_PATH}.`);
+  return { pid: child.pid, startedByUs: true };
+}
+function stopCollector({
+  log = console.log
+} = {}) {
+  const pid = readCollectorPid();
+  if (!isPidAlive(pid)) {
+    if (existsSync(COLLECTOR_PID_PATH))
+      rmSync(COLLECTOR_PID_PATH, { force: true });
+    log("No running collector found.");
+    return false;
+  }
+  try {
+    process.kill(pid);
+    log(`Stopped collector (pid ${pid}).`);
+  } catch (err) {
+    log(`Could not stop collector (pid ${pid}): ${err.message}`);
+  }
+  rmSync(COLLECTOR_PID_PATH, { force: true });
+  return true;
+}
+var PLIST_LABEL = "ai.marginfront.ccc";
+var PLIST_PATH = join(
+  homedir(),
+  "Library",
+  "LaunchAgents",
+  PLIST_LABEL + ".plist"
+);
+var DAEMON_CLI_PATH = join(CONFIG_DIR, "cli.js");
+var DAEMON_STDOUT_LOG_PATH = join(CONFIG_DIR, "forwarder.out.log");
+var DAEMON_STDERR_LOG_PATH = join(CONFIG_DIR, "forwarder.err.log");
+function defaultLaunchctlRunner(args) {
+  const result = spawnSync("launchctl", args, { encoding: "utf8" });
+  return {
+    // A spawn error (e.g. launchctl missing on a non-mac) leaves status null; we
+    // treat that as a failure so callers don't read it as "succeeded."
+    status: typeof result.status === "number" ? result.status : 1,
+    stdout: result.stdout ?? "",
+    stderr: result.stderr ?? ""
+  };
+}
+function setDesktopGuiEnv(runLaunchctl = defaultLaunchctlRunner) {
+  for (const key of CCC_OWNED_TELEMETRY_KEYS) {
+    runLaunchctl(["setenv", key, CCC_TELEMETRY_VALUES[key]]);
+  }
+}
+function unsetDesktopGuiEnv(runLaunchctl = defaultLaunchctlRunner) {
+  for (const key of CCC_OWNED_TELEMETRY_KEYS) {
+    runLaunchctl(["unsetenv", key]);
+  }
+}
+function currentUid() {
+  return typeof process.getuid === "function" ? process.getuid() : 0;
+}
+function escapeXml(value) {
+  return value.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&apos;");
+}
+function renderDaemonPlist({
+  nodePath,
+  cliPath
+}) {
+  return `<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+  <key>Label</key>
+  <string>${escapeXml(PLIST_LABEL)}</string>
+  <key>ProgramArguments</key>
+  <array>
+    <string>${escapeXml(nodePath)}</string>
+    <string>${escapeXml(cliPath)}</string>
+    <string>run</string>
+  </array>
+  <key>WorkingDirectory</key>
+  <string>${escapeXml(CONFIG_DIR)}</string>
+  <key>RunAtLoad</key>
+  <true/>
+  <key>KeepAlive</key>
+  <true/>
+  <key>StandardOutPath</key>
+  <string>${escapeXml(DAEMON_STDOUT_LOG_PATH)}</string>
+  <key>StandardErrorPath</key>
+  <string>${escapeXml(DAEMON_STDERR_LOG_PATH)}</string>
+</dict>
+</plist>
+`;
+}
+function installDaemon(options = {}) {
+  const runLaunchctl = options.runLaunchctl ?? defaultLaunchctlRunner;
+  const log = options.log ?? console.log;
+  const nodePath = options.nodePath ?? process.execPath;
+  const sourceCliPath = options.sourceCliPath ?? fileURLToPath(import.meta.url);
+  const daemonCliPath = options.daemonCliPath ?? DAEMON_CLI_PATH;
+  const plistPath = options.plistPath ?? PLIST_PATH;
+  const uid = options.uid ?? currentUid();
+  if (nodePath === "npx" || nodePath.endsWith("/npx")) {
+    throw new Error(
+      "Refusing to install the background daemon with 'npx' as its program.\nWhat happened: the daemon must be pinned to the real node binary (process.execPath), because npx runs from a temporary cache that gets cleaned up - a daemon pointed at npx would crash-loop once that cache is gone.\nFix: this is an internal error; the daemon should always be installed with process.execPath. Re-run `start` from the npx-installed CLI."
+    );
+  }
+  mkdirSync(dirname(daemonCliPath), { recursive: true });
+  copyFileSync(sourceCliPath, daemonCliPath);
+  log(
+    `Copied the meter program to ${daemonCliPath} (a stable copy that survives npx cleanup).`
+  );
+  mkdirSync(dirname(plistPath), { recursive: true });
+  writeFileSync(
+    plistPath,
+    renderDaemonPlist({ nodePath, cliPath: daemonCliPath })
+  );
+  log(`Wrote the background-job definition to ${plistPath}.`);
+  const domainTarget = `gui/${uid}`;
+  const serviceTarget = `gui/${uid}/${PLIST_LABEL}`;
+  const alreadyLoaded = runLaunchctl(["print", serviceTarget]).status === 0;
+  let reloaded = false;
+  if (alreadyLoaded) {
+    log(
+      "A background meter is already loaded - reloading it with the new settings."
+    );
+    runLaunchctl(["bootout", serviceTarget]);
+    reloaded = true;
+  }
+  const bootstrap = runLaunchctl(["bootstrap", domainTarget, plistPath]);
+  if (bootstrap.status !== 0) {
+    throw new Error(
+      `Could not start the background meter (launchctl bootstrap failed).
+What happened: macOS refused to load the job at ${plistPath}.
+` + (bootstrap.stderr ? `launchctl said: ${bootstrap.stderr.trim()}
+` : "") + `Fix: run \`npx @marginfront/code-cost-clarity status\` to see the current state, or \`stop\` then \`start\` again. If it keeps failing, confirm you're on macOS and that ${plistPath} looks like valid XML.`
+    );
+  }
+  log("The background meter is loaded and will start at login from now on.");
+  return { reloaded, plistPath, daemonCliPath };
+}
+function uninstallDaemon(options = {}) {
+  const runLaunchctl = options.runLaunchctl ?? defaultLaunchctlRunner;
+  const log = options.log ?? console.log;
+  const daemonCliPath = options.daemonCliPath ?? DAEMON_CLI_PATH;
+  const plistPath = options.plistPath ?? PLIST_PATH;
+  const uid = options.uid ?? currentUid();
+  runLaunchctl(["bootout", `gui/${uid}/${PLIST_LABEL}`]);
+  if (existsSync(plistPath)) {
+    rmSync(plistPath, { force: true });
+    log(`Removed the background-job definition at ${plistPath}.`);
+  }
+  if (existsSync(daemonCliPath)) {
+    rmSync(daemonCliPath, { force: true });
+    log(`Removed the meter program copy at ${daemonCliPath}.`);
+  }
+}
+function bootoutDaemon(options = {}) {
+  const runLaunchctl = options.runLaunchctl ?? defaultLaunchctlRunner;
+  const uid = options.uid ?? currentUid();
+  const result = runLaunchctl(["bootout", `gui/${uid}/${PLIST_LABEL}`]);
+  return result.status === 0;
+}
+function parseDaemonPrint(result) {
+  if (result.status !== 0) {
+    return { loaded: false, running: false, pid: null };
+  }
+  const out = result.stdout;
+  const running = /\bstate\s*=\s*running\b/.test(out);
+  const pidMatch = out.match(/\bpid\s*=\s*(\d+)/);
+  const pid = pidMatch ? parseInt(pidMatch[1], 10) : null;
+  return { loaded: true, running, pid };
+}
+function queryDaemonStatus(options = {}) {
+  const runLaunchctl = options.runLaunchctl ?? defaultLaunchctlRunner;
+  const uid = options.uid ?? currentUid();
+  return parseDaemonPrint(runLaunchctl(["print", `gui/${uid}/${PLIST_LABEL}`]));
+}
+function readLastLines(path, maxLines) {
+  if (!existsSync(path)) return [];
+  let text;
+  try {
+    text = readFileSync(path, "utf8");
+  } catch {
+    return [];
+  }
+  const lines = text.split("\n");
+  if (lines.length > 0 && lines[lines.length - 1] === "") lines.pop();
+  return lines.slice(-maxLines);
+}
+var ZSHRC_PATH = join(homedir(), ".zshrc");
+function lineSourcesCccEnv(rawLine) {
+  const trimmed = rawLine.trim();
+  if (!trimmed || trimmed.startsWith("#")) return false;
+  if (!/^(source|\.)\s/.test(trimmed)) return false;
+  return trimmed.includes(".marginfront-ccc/.env");
+}
+function findCccZshrcSourceLines(zshrcPath = ZSHRC_PATH) {
+  if (!existsSync(zshrcPath)) return { found: false, matchedLines: [] };
+  let text;
+  try {
+    text = readFileSync(zshrcPath, "utf8");
+  } catch {
+    return { found: false, matchedLines: [] };
+  }
+  const matchedLines = text.split("\n").filter(lineSourcesCccEnv).map((line) => line.trim());
+  return { found: matchedLines.length > 0, matchedLines };
+}
+function removeCccZshrcSourceLine({
+  zshrcPath = ZSHRC_PATH,
+  log = console.log
+} = {}) {
+  if (!existsSync(zshrcPath)) {
+    log(`Nothing to remove: ${zshrcPath} doesn't exist.`);
+    return { removed: [], backupPath: null };
+  }
+  let text;
+  try {
+    text = readFileSync(zshrcPath, "utf8");
+  } catch {
+    log(
+      `Could not read ${zshrcPath}, so I left it untouched - remove the \`source ~/.marginfront-ccc/.env\` line by hand if you like.`
+    );
+    return { removed: [], backupPath: null };
+  }
+  const removed = [];
+  const kept = [];
+  for (const line of text.split("\n")) {
+    if (lineSourcesCccEnv(line)) removed.push(line.trim());
+    else kept.push(line);
+  }
+  if (removed.length === 0) {
+    log(`Nothing to remove in ${zshrcPath}: no MarginFront source line found.`);
+    return { removed: [], backupPath: null };
+  }
+  const backupPath = `${zshrcPath}.ccc-bak`;
+  copyFileSync(zshrcPath, backupPath);
+  writeFileSync(zshrcPath, kept.join("\n"));
+  log(
+    `Removed the redundant 'source ~/.marginfront-ccc/.env' line from ${zshrcPath} (backup at ${backupPath}).`
+  );
+  return { removed, backupPath };
+}
+
+// src/forwarder.ts
+import {
+  readFileSync as readFileSync2,
+  existsSync as existsSync2,
+  statSync,
+  openSync as openSync2,
+  readSync,
+  closeSync,
+  writeFileSync as writeFileSync2,
+  appendFileSync,
+  rmSync as rmSync2
+} from "fs";
+import { createHash as createHash2 } from "crypto";
+import { createRequire } from "module";
+import process2 from "process";
+var _cccRequire = createRequire(import.meta.url);
+function resolveCccPackageVersion() {
+  if ("0.5.4".length > 0) {
+    return "0.5.4";
+  }
+  try {
+    const pkg = _cccRequire("../package.json");
+    if (typeof pkg.version === "string" && pkg.version.length > 0) {
+      return pkg.version;
+    }
+  } catch {
+  }
+  return "0.0.0-unknown";
+}
+var CCC_PACKAGE_VERSION = resolveCccPackageVersion();
+var DEFAULT_INGEST_URL = "https://api.marginfront.com/v1/sdk/usage/record";
+function resolveIngestUrl(override = process2.env.MARGINFRONT_INGEST_URL) {
+  if (!override) return DEFAULT_INGEST_URL;
+  try {
+    const url = new URL(override);
+    const host = url.hostname;
+    const onMarginFront = host === "marginfront.com" || host.endsWith(".marginfront.com");
+    if (url.protocol === "https:" && onMarginFront) return override;
+  } catch {
+  }
+  console.error(
+    "Ignoring MARGINFRONT_INGEST_URL - only an https://*.marginfront.com URL is allowed; sending to production instead."
+  );
+  return DEFAULT_INGEST_URL;
+}
+var MARGINFRONT_INGEST_URL = resolveIngestUrl();
+var AGENT_CODE = "claude-code";
+var SIGNAL_NAME = "claude-code-turn";
+var MODEL_PROVIDER = "anthropic";
+var AGENT_CODE_CODEX = "codex";
+var SIGNAL_NAME_CODEX = "codex-turn";
+var MODEL_PROVIDER_CODEX = "openai";
+var CODEX_USAGE_EVENT_NAME = "codex.sse_event";
+var CODEX_INPUT_TOKEN_KEY = "input_token_count";
+var CODEX_OUTPUT_TOKEN_KEY = "output_token_count";
+var CODEX_CACHED_TOKEN_KEY = "cached_token_count";
+var CODEX_REASONING_TOKEN_KEY = "reasoning_token_count";
+var CODEX_TOOL_TOKEN_KEY = "tool_token_count";
+var CODEX_TOKEN_KEYS = [
+  CODEX_INPUT_TOKEN_KEY,
+  CODEX_OUTPUT_TOKEN_KEY,
+  CODEX_CACHED_TOKEN_KEY,
+  CODEX_REASONING_TOKEN_KEY
+];
+var CODEX_EXCLUDED_MODELS = /* @__PURE__ */ new Set(["codex-auto-review"]);
+var SIGNAL_NAME_TOOL = "claude-code-tool";
+var SIGNAL_NAME_TOOL_CODEX = "codex-tool";
+var CLAUDE_TOOL_RESULT_EVENT = "claude_code.tool_result";
+var CODEX_TOOL_RESULT_EVENT = "codex.tool_result";
+var TOOL_NAME_KEYS = ["tool_name", "tool.name"];
+var MODEL_PROVIDER_TOOL = "tool";
+var BUILTIN_NONBILLABLE_TOOLS = /* @__PURE__ */ new Set([
+  // Claude Code built-ins
+  "Read",
+  "Edit",
+  "Write",
+  "MultiEdit",
+  "NotebookEdit",
+  "NotebookRead",
+  "Bash",
+  "BashOutput",
+  "KillShell",
+  "KillBash",
+  "Grep",
+  "Glob",
+  "LS",
+  "TodoWrite",
+  "ExitPlanMode",
+  "Task",
+  "Agent",
+  // alternate name for Task - hedge against the rename
+  "SlashCommand",
+  "ToolSearch",
+  // Codex built-ins (free + high-volume)
+  "exec_command",
+  "apply_patch"
+]);
+var ENVIRONMENT = "development";
+var WATCH_POLL_MS = 1e3;
+var NO_IDENTITY_CUSTOMER = "claude-code-no-identity";
+var CODEX_NO_IDENTITY_CUSTOMER = "codex-no-identity";
+function attributesToLookup(attributeList) {
+  const lookup = {};
+  if (!Array.isArray(attributeList)) return lookup;
+  for (const attribute of attributeList) {
+    if (attribute && typeof attribute.key === "string" && attribute.value) {
+      lookup[attribute.key] = attribute.value.stringValue;
+    }
+  }
+  return lookup;
+}
+function dataPointTokenCount(dataPoint) {
+  if (dataPoint == null) return 0;
+  if (dataPoint.asInt !== void 0 && dataPoint.asInt !== null) {
+    const parsed = parseInt(String(dataPoint.asInt), 10);
+    return Number.isFinite(parsed) ? parsed : 0;
+  }
+  if (dataPoint.asDouble !== void 0 && dataPoint.asDouble !== null) {
+    const parsed = Math.round(Number(dataPoint.asDouble));
+    return Number.isFinite(parsed) ? parsed : 0;
+  }
+  return 0;
+}
+function collectDataPointsForMetric(parsedOtlp, metricName) {
+  const collectedDataPoints = [];
+  const resourceMetricsList = parsedOtlp?.resourceMetrics;
+  if (!Array.isArray(resourceMetricsList)) return collectedDataPoints;
+  for (const resourceMetric of resourceMetricsList) {
+    const scopeMetricsList = resourceMetric?.scopeMetrics;
+    if (!Array.isArray(scopeMetricsList)) continue;
+    for (const scopeMetric of scopeMetricsList) {
+      const metricsList = scopeMetric?.metrics;
+      if (!Array.isArray(metricsList)) continue;
+      for (const metric of metricsList) {
+        if (metric?.name !== metricName) continue;
+        const dataPointsList = metric?.sum?.dataPoints;
+        if (!Array.isArray(dataPointsList)) continue;
+        for (const dataPoint of dataPointsList) {
+          collectedDataPoints.push(dataPoint);
+        }
+      }
+    }
+  }
+  return collectedDataPoints;
+}
+function normalizeModelId(rawModelId) {
+  if (typeof rawModelId !== "string") return rawModelId;
+  const withoutContextSuffix = rawModelId.replace(/\[.*\]$/, "");
+  const dottedVersion = withoutContextSuffix.replace(
+    /^(claude-[a-z]+-\d+)-(\d+)$/,
+    "$1.$2"
+  );
+  return dottedVersion;
+}
+function idempotencyKeyFor(rawSourceLine, email, rawModel, sessionId, indexWithinLine) {
+  return createHash2("sha256").update(
+    `${rawSourceLine}|${email}|${rawModel}|${sessionId ?? ""}|${indexWithinLine}`
+  ).digest("hex");
+}
+function buildMarginFrontRequestBody(parsedOtlp, options = {}) {
+  const foldCache = options.foldCache === true;
+  const fallbackCustomerId = typeof options.fallbackCustomerId === "string" && options.fallbackCustomerId.length > 0 ? options.fallbackCustomerId : null;
+  const tokenDataPoints = collectDataPointsForMetric(
+    parsedOtlp,
+    "claude_code.token.usage"
+  );
+  const costDataPoints = collectDataPointsForMetric(
+    parsedOtlp,
+    "claude_code.cost.usage"
+  );
+  const groupsByKey = /* @__PURE__ */ new Map();
+  function makeGroupKey(email, model, sessionId) {
+    return `${email}
+${model}
+${sessionId}`;
+  }
+  for (const dataPoint of tokenDataPoints) {
+    const attributes = attributesToLookup(dataPoint.attributes);
+    const email = attributes["user.email"] || fallbackCustomerId;
+    const rawModel = attributes["model"];
+    const sessionId = attributes["session.id"];
+    const tokenType = attributes["type"];
+    const tokenCount = dataPointTokenCount(dataPoint);
+    if (!email || !rawModel || !sessionId) continue;
+    const groupKey = makeGroupKey(email, rawModel, sessionId);
+    let group = groupsByKey.get(groupKey);
+    if (!group) {
+      group = {
+        email,
+        rawModel,
+        sessionId,
+        inputTokens: 0,
+        outputTokens: 0,
+        cacheReadTokens: 0,
+        cacheCreationTokens: 0
+      };
+      groupsByKey.set(groupKey, group);
+    }
+    if (tokenType === "input") {
+      group.inputTokens += tokenCount;
+    } else if (tokenType === "output") {
+      group.outputTokens += tokenCount;
+    } else if (tokenType === "cacheRead") {
+      group.cacheReadTokens += tokenCount;
+    } else if (tokenType === "cacheCreation") {
+      group.cacheCreationTokens += tokenCount;
+    }
+  }
+  function findCostForGroup(email, rawModel, sessionId) {
+    for (const costPoint of costDataPoints) {
+      const costAttributes = attributesToLookup(costPoint.attributes);
+      const costEmail = costAttributes["user.email"] || fallbackCustomerId;
+      if (costEmail === email && costAttributes["model"] === rawModel && costAttributes["session.id"] === sessionId) {
+        return typeof costPoint.asDouble === "number" ? costPoint.asDouble : null;
+      }
+    }
+    return null;
+  }
+  const records = [];
+  for (const group of groupsByKey.values()) {
+    const cacheReadTokens = group.cacheReadTokens;
+    const cacheCreationTokens = group.cacheCreationTokens;
+    const cacheTokens = cacheReadTokens + cacheCreationTokens;
+    const billedInputTokens = foldCache ? group.inputTokens + cacheTokens : group.inputTokens;
+    if (group.inputTokens === 0 && group.outputTokens === 0 && cacheTokens === 0)
+      continue;
+    const claudeCodeCostUsd = findCostForGroup(
+      group.email,
+      group.rawModel,
+      group.sessionId
+    );
+    const record = {
+      // Per-engineer attribution: the engineer's email IS the customer id (or the
+      // no-identity placeholder).
+      customerExternalId: group.email,
+      agentCode: AGENT_CODE,
+      signalName: SIGNAL_NAME,
+      model: normalizeModelId(group.rawModel),
+      modelProvider: MODEL_PROVIDER,
+      inputTokens: billedInputTokens,
+      outputTokens: group.outputTokens,
+      environment: ENVIRONMENT,
+      // usageDate omitted so MarginFront defaults it to "now."
+      metadata: {
+        sessionId: group.sessionId,
+        rawModel: group.rawModel,
+        // Raw cache numbers ALWAYS recorded (audit), whether typed or folded.
+        cacheReadTokens,
+        cacheCreationTokens,
+        // Whether inputTokens includes cache (fold) or not (default).
+        cacheFoldedIntoInput: foldCache,
+        // Claude Code's own cache-accurate cost - reconciliation ground truth,
+        // not the billed figure.
+        claudeCodeCostUsd
+      }
+    };
+    if (!foldCache) {
+      record.cacheReadTokens = cacheReadTokens;
+      record.cacheWriteTokens = cacheCreationTokens;
+    }
+    if (options.rawSourceLine !== void 0) {
+      record.idempotencyKey = idempotencyKeyFor(
+        options.rawSourceLine,
+        group.email,
+        group.rawModel,
+        group.sessionId,
+        records.length
+      );
+    }
+    records.push(record);
+  }
+  return { records };
+}
+function logAttributesToLookup(attributeList) {
+  const lookup = {};
+  if (!Array.isArray(attributeList)) return lookup;
+  for (const attribute of attributeList) {
+    if (attribute && typeof attribute.key === "string" && attribute.value) {
+      lookup[attribute.key] = attribute.value;
+    }
+  }
+  return lookup;
+}
+function logAttrString(value) {
+  if (value && typeof value.stringValue === "string") return value.stringValue;
+  return void 0;
+}
+function logAttrTokenCount(value) {
+  if (value == null) return 0;
+  if (value.intValue !== void 0 && value.intValue !== null) {
+    const parsed = parseInt(String(value.intValue), 10);
+    return Number.isFinite(parsed) ? parsed : 0;
+  }
+  if (value.doubleValue !== void 0 && value.doubleValue !== null) {
+    const parsed = Math.round(Number(value.doubleValue));
+    return Number.isFinite(parsed) ? parsed : 0;
+  }
+  if (typeof value.stringValue === "string") {
+    const parsed = parseInt(value.stringValue, 10);
+    return Number.isFinite(parsed) ? parsed : 0;
+  }
+  return 0;
+}
+function isCodexUsageRecord(lookup, eventName) {
+  if (eventName === CODEX_USAGE_EVENT_NAME) return true;
+  return CODEX_TOKEN_KEYS.some((key) => lookup[key] !== void 0);
+}
+function buildCodexRequestBody(parsedOtlp, options = {}) {
+  const foldCache = options.foldCache === true;
+  const fallbackCustomerId = typeof options.fallbackCustomerId === "string" && options.fallbackCustomerId.length > 0 ? options.fallbackCustomerId : CODEX_NO_IDENTITY_CUSTOMER;
+  const records = [];
+  const resourceLogsList = parsedOtlp?.resourceLogs;
+  if (!Array.isArray(resourceLogsList)) return { records };
+  for (const resourceLog of resourceLogsList) {
+    const scopeLogsList = resourceLog?.scopeLogs;
+    if (!Array.isArray(scopeLogsList)) continue;
+    for (const scopeLog of scopeLogsList) {
+      const logRecordsList = scopeLog?.logRecords;
+      if (!Array.isArray(logRecordsList)) continue;
+      for (const logRecord of logRecordsList) {
+        const lookup = logAttributesToLookup(logRecord?.attributes);
+        const eventName = logAttrString(lookup["event.name"]) ?? logAttrString(logRecord?.body);
+        if (toolResultSource(eventName) !== null) continue;
+        if (!isCodexUsageRecord(lookup, eventName)) continue;
+        const rawModel = logAttrString(lookup["model"]);
+        if (!rawModel) continue;
+        if (CODEX_EXCLUDED_MODELS.has(rawModel.trim().toLowerCase())) continue;
+        const email = logAttrString(lookup["user.email"]) || fallbackCustomerId;
+        if (!email) continue;
+        const sessionId = logAttrString(lookup["session.id"]) ?? logAttrString(lookup["conversation.id"]) ?? logAttrString(lookup["session_id"]) ?? null;
+        const inputCount = logAttrTokenCount(lookup[CODEX_INPUT_TOKEN_KEY]);
+        const outputCount = logAttrTokenCount(lookup[CODEX_OUTPUT_TOKEN_KEY]);
+        const cachedCount = logAttrTokenCount(lookup[CODEX_CACHED_TOKEN_KEY]);
+        const reasoningCount = logAttrTokenCount(
+          lookup[CODEX_REASONING_TOKEN_KEY]
+        );
+        const toolCount = logAttrTokenCount(lookup[CODEX_TOOL_TOKEN_KEY]);
+        if (inputCount === 0 && outputCount === 0 && cachedCount === 0)
+          continue;
+        const freshInputTokens = Math.max(0, inputCount - cachedCount);
+        const billedInputTokens = foldCache ? inputCount : freshInputTokens;
+        const record = {
+          customerExternalId: email,
+          agentCode: AGENT_CODE_CODEX,
+          signalName: SIGNAL_NAME_CODEX,
+          model: normalizeModelId(rawModel),
+          modelProvider: MODEL_PROVIDER_CODEX,
+          inputTokens: billedInputTokens,
+          // Reasoning is ALREADY inside this number - do NOT add it again.
+          outputTokens: outputCount,
+          environment: ENVIRONMENT,
+          // usageDate omitted so MarginFront defaults it to "now."
+          metadata: {
+            source: "codex",
+            sessionId,
+            rawModel,
+            // Audit-only - nested inside input/output already, never added to the
+            // billed tokens; recorded to prove we didn't drop anything.
+            cachedTokens: cachedCount,
+            reasoningTokens: reasoningCount,
+            toolTokens: toolCount,
+            cacheFoldedIntoInput: foldCache
+          }
+        };
+        if (!foldCache) {
+          record.cacheReadTokens = cachedCount;
+        }
+        if (options.rawSourceLine !== void 0) {
+          record.idempotencyKey = idempotencyKeyFor(
+            options.rawSourceLine,
+            email,
+            rawModel,
+            sessionId,
+            records.length
+          );
+        }
+        records.push(record);
+      }
+    }
+  }
+  return { records };
+}
+function toolResultSource(eventName) {
+  if (!eventName) return null;
+  if (eventName === CODEX_TOOL_RESULT_EVENT) return "codex";
+  if (eventName === CLAUDE_TOOL_RESULT_EVENT || eventName === "tool_result") {
+    return "claude-code";
+  }
+  return null;
+}
+function buildToolUsageRecords(parsedOtlp, options = {}) {
+  const fallbackCustomerId = typeof options.fallbackCustomerId === "string" && options.fallbackCustomerId.length > 0 ? options.fallbackCustomerId : CODEX_NO_IDENTITY_CUSTOMER;
+  const records = [];
+  const resourceLogsList = parsedOtlp?.resourceLogs;
+  if (!Array.isArray(resourceLogsList)) return { records };
+  const groups = /* @__PURE__ */ new Map();
+  for (const resourceLog of resourceLogsList) {
+    const scopeLogsList = resourceLog?.scopeLogs;
+    if (!Array.isArray(scopeLogsList)) continue;
+    for (const scopeLog of scopeLogsList) {
+      const logRecordsList = scopeLog?.logRecords;
+      if (!Array.isArray(logRecordsList)) continue;
+      for (const logRecord of logRecordsList) {
+        const lookup = logAttributesToLookup(logRecord?.attributes);
+        const eventName = logAttrString(lookup["event.name"]) ?? logAttrString(logRecord?.body);
+        const source = toolResultSource(eventName);
+        if (!source) continue;
+        let toolName;
+        for (const key of TOOL_NAME_KEYS) {
+          const candidate = logAttrString(lookup[key]);
+          if (candidate) {
+            toolName = candidate;
+            break;
+          }
+        }
+        if (!toolName) continue;
+        if (BUILTIN_NONBILLABLE_TOOLS.has(toolName)) continue;
+        const email = logAttrString(lookup["user.email"]) || fallbackCustomerId;
+        if (!email) continue;
+        const sessionId = logAttrString(lookup["session.id"]) ?? logAttrString(lookup["conversation.id"]) ?? logAttrString(lookup["session_id"]) ?? null;
+        const groupKey = `${email}
+${sessionId ?? ""}
+${source}
+${toolName}`;
+        let group = groups.get(groupKey);
+        if (!group) {
+          group = {
+            email,
+            sessionId,
+            telemetrySource: source,
+            toolName,
+            count: 0
+          };
+          groups.set(groupKey, group);
+        }
+        group.count += 1;
+      }
+    }
+  }
+  for (const group of groups.values()) {
+    if (group.count === 0) continue;
+    const isCodex = group.telemetrySource === "codex";
+    const record = {
+      customerExternalId: group.email,
+      agentCode: isCodex ? AGENT_CODE_CODEX : AGENT_CODE,
+      signalName: isCodex ? SIGNAL_NAME_TOOL_CODEX : SIGNAL_NAME_TOOL,
+      // Raw tool NAME as the service id, verbatim - NOT through normalizeModelId
+      // (that's Claude-LLM-name-specific). Catalog matches (model=tool name,
+      // modelProvider="tool").
+      model: group.toolName,
+      modelProvider: MODEL_PROVIDER_TOOL,
+      // Billing volume = times this tool fired this flush; no token fields (not an
+      // LLM turn). Server prices quantity x unitPrice.
+      quantity: group.count,
+      environment: ENVIRONMENT,
+      metadata: {
+        source: "tool",
+        sessionId: group.sessionId,
+        toolName: group.toolName,
+        telemetrySource: group.telemetrySource,
+        estimated: true
+      }
+    };
+    if (options.rawSourceLine !== void 0) {
+      record.idempotencyKey = idempotencyKeyFor(
+        options.rawSourceLine,
+        group.email,
+        `tool:${group.toolName}`,
+        group.sessionId,
+        records.length
+      );
+    }
+    records.push(record);
+  }
+  return { records };
+}
+function buildRequestBodyForLine(parsedOtlp, options = {}) {
+  if (parsedOtlp && Array.isArray(parsedOtlp.resourceLogs)) {
+    const codexOptions = options.fallbackCustomerId === NO_IDENTITY_CUSTOMER ? { ...options, fallbackCustomerId: CODEX_NO_IDENTITY_CUSTOMER } : options;
+    const tokenBody = buildCodexRequestBody(parsedOtlp, codexOptions);
+    const toolBody = buildToolUsageRecords(parsedOtlp, codexOptions);
+    return { records: [...tokenBody.records, ...toolBody.records] };
+  }
+  return buildMarginFrontRequestBody(parsedOtlp, options);
+}
+function readAndParseOtlpFile(inputFilePath) {
+  if (!existsSync2(inputFilePath)) {
+    console.error(
+      `Could not read/parse ${inputFilePath}: file does not exist. Check the path and try again.`
+    );
+    process2.exit(1);
+  }
+  let fileText;
+  try {
+    fileText = readFileSync2(inputFilePath, "utf8");
+  } catch (readError) {
+    console.error(
+      `Could not read/parse ${inputFilePath}: ${readError.message}`
+    );
+    process2.exit(1);
+  }
+  try {
+    return JSON.parse(fileText);
+  } catch {
+    console.error(
+      `Could not read/parse ${inputFilePath}: the file is not valid JSON. Make sure it is an OTLP/JSON export line (Claude Code metrics or Codex logs), not raw text.`
+    );
+    process2.exit(1);
+  }
+}
+async function postToMarginFront(requestBody) {
+  const apiKey = process2.env.MARGINFRONT_API_KEY;
+  if (!apiKey) {
+    return { ok: false, reason: "no-key" };
+  }
+  let response;
+  try {
+    response = await fetch(MARGINFRONT_INGEST_URL, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        // MarginFront authenticates with x-api-key, NOT Bearer/Authorization.
+        "x-api-key": apiKey,
+        // This User-Agent is what lets the server tag these events as source='ccc'
+        // instead of the generic 'api' fallback. Without it, PostHog dashboards
+        // can't distinguish "developer paying for AI tokens via CCC" traffic from
+        // raw API clients - every CCC event would be mislabelled as source='api'.
+        "User-Agent": `@marginfront/code-cost-clarity/${CCC_PACKAGE_VERSION}`
+      },
+      body: JSON.stringify(requestBody)
+    });
+  } catch (networkError) {
+    return {
+      ok: false,
+      reason: "network",
+      message: networkError.message
+    };
+  }
+  const responseText = await response.text();
+  if (!response.ok) {
+    return {
+      ok: false,
+      reason: "http",
+      status: response.status,
+      body: responseText
+    };
+  }
+  let parsed = null;
+  try {
+    parsed = JSON.parse(responseText);
+  } catch {
+    parsed = null;
+  }
+  return { ok: true, parsed, body: responseText };
+}
+function successRowsFrom(parsed) {
+  const rows = parsed?.results?.success;
+  return Array.isArray(rows) ? rows : [];
+}
+function readWatchCursor(cursorPath) {
+  if (!cursorPath || !existsSync2(cursorPath)) return 0;
+  try {
+    const parsed = parseInt(readFileSync2(cursorPath, "utf8").trim(), 10);
+    return Number.isInteger(parsed) && parsed >= 0 ? parsed : 0;
+  } catch {
+    return 0;
+  }
+}
+function writeWatchCursor(cursorPath, byteOffset) {
+  if (!cursorPath) return;
+  try {
+    writeFileSync2(cursorPath, String(byteOffset));
+  } catch {
+  }
+}
+function readNewCompleteLines(filePath, fromByte) {
+  if (!existsSync2(filePath)) return { lines: [], nextCursor: fromByte };
+  let size;
+  try {
+    size = statSync(filePath).size;
+  } catch {
+    return { lines: [], nextCursor: fromByte };
+  }
+  let start = fromByte;
+  if (size < start) start = 0;
+  if (size === start) return { lines: [], nextCursor: start };
+  const length = size - start;
+  const buffer = Buffer.alloc(length);
+  let bytesRead = 0;
+  let fd;
+  try {
+    fd = openSync2(filePath, "r");
+    bytesRead = readSync(fd, buffer, 0, length, start);
+  } catch {
+    return { lines: [], nextCursor: fromByte };
+  } finally {
+    if (fd !== void 0) closeSync(fd);
+  }
+  const chunk = buffer.subarray(0, bytesRead);
+  const lastNewline = chunk.lastIndexOf(10);
+  if (lastNewline === -1) {
+    return { lines: [], nextCursor: start };
+  }
+  const completeText = chunk.subarray(0, lastNewline + 1).toString("utf8");
+  const nextCursor = start + lastNewline + 1;
+  const parts = completeText.split("\n");
+  parts.pop();
+  return { lines: parts, nextCursor };
+}
+var MAX_QUEUE_RECORDS = 1e4;
+var MAX_RECORDS_PER_DRAIN = 100;
+var QUEUE_BACKOFF_START_MS = 2e3;
+var QUEUE_BACKOFF_MAX_MS = 6e4;
+var COLLECTOR_REVIVE_BACKOFF_MS = 3e4;
+function maybeReviveCollector(deps, nextReviveAllowedAt, backoffMs) {
+  if (deps.isCollectorAlive()) return nextReviveAllowedAt;
+  const now = deps.now();
+  if (now < nextReviveAllowedAt) return nextReviveAllowedAt;
+  const log = deps.log ?? console.error;
+  const updatedReviveAllowedAt = now + backoffMs;
+  log("collector was down, restarted it");
+  try {
+    deps.reviveCollector();
+  } catch (err) {
+    log(`collector revive attempt failed: ${err.message}`);
+  }
+  return updatedReviveAllowedAt;
+}
+function isRetryablePostResult(result) {
+  if (result.ok) return false;
+  if (result.reason === "network") return true;
+  if (result.reason === "no-key") return false;
+  if (result.reason === "http") {
+    return result.status === 429 || result.status >= 500;
+  }
+  return false;
+}
+function readQueue(queuePath) {
+  if (!queuePath || !existsSync2(queuePath)) return [];
+  let text;
+  try {
+    text = readFileSync2(queuePath, "utf8");
+  } catch {
+    return [];
+  }
+  const out = [];
+  for (const line of text.split("\n")) {
+    const trimmed = line.trim();
+    if (!trimmed) continue;
+    try {
+      out.push(JSON.parse(trimmed));
+    } catch {
+    }
+  }
+  return out;
+}
+function appendToQueue(queuePath, records) {
+  if (!queuePath || records.length === 0) return;
+  const payload = records.map((r) => JSON.stringify(r) + "\n").join("");
+  try {
+    appendFileSync(queuePath, payload);
+  } catch {
+  }
+}
+function writeQueue(queuePath, records) {
+  if (!queuePath) return;
+  try {
+    if (records.length === 0) {
+      if (existsSync2(queuePath)) rmSync2(queuePath, { force: true });
+      return;
+    }
+    writeFileSync2(
+      queuePath,
+      records.map((r) => JSON.stringify(r) + "\n").join("")
+    );
+  } catch {
+  }
+}
+function watchAndForward(filePath, options = {}) {
+  const foldCache = options.foldCache === true;
+  const fallbackCustomerId = options.fallbackCustomerId;
+  const cursorPath = options.cursorPath;
+  const pidFilePath = options.pidFilePath;
+  if (!process2.env.MARGINFRONT_API_KEY) {
+    console.error(
+      "MARGINFRONT_API_KEY is not set. Set it in your shell before watching: export MARGINFRONT_API_KEY=..."
+    );
+    process2.exit(1);
+  }
+  if (pidFilePath) {
+    try {
+      writeFileSync2(pidFilePath, String(process2.pid));
+    } catch {
+    }
+  }
+  console.log(
+    `Watching ${filePath} for live Claude Code + Codex usage` + (foldCache ? " (fold-cache: cache tokens rolled into input)" : "") + "\u2026 Ctrl-C to stop."
+  );
+  let cursorBytes = readWatchCursor(cursorPath);
+  let running = false;
+  const queuePath = options.queuePath;
+  let queuedCount = readQueue(queuePath).length;
+  let queueBackoffMs = QUEUE_BACKOFF_START_MS;
+  let nextQueueRetryAt = 0;
+  const hhmmss = () => (/* @__PURE__ */ new Date()).toISOString().slice(11, 19);
+  let nextCollectorReviveAt = 0;
+  const collectorHealDeps = {
+    isCollectorAlive: () => isPidAlive(readCollectorPid()),
+    reviveCollector: () => {
+      startCollector();
+    },
+    now: () => Date.now(),
+    log: (message) => console.error(`[${hhmmss()}] ${message}`)
+  };
+  function logSuccess(body, result, stamp) {
+    if (!result.ok) return;
+    for (const rec of body.records) {
+      const row = successRowsFrom(result.parsed).find(
+        (r) => r?.customerExternalId === rec.customerExternalId
+      );
+      const cost = row?.totalCostUsd != null ? `$${row.totalCostUsd}` : "$?";
+      const eventId = row?.eventId ? ` event=${row.eventId}` : "";
+      const reference = "source" in rec.metadata ? `src=${rec.metadata.source}` : `cc=$${rec.metadata.claudeCodeCostUsd ?? "?"}`;
+      const volume = rec.quantity !== void 0 ? `qty=${rec.quantity} tool=${"toolName" in rec.metadata ? rec.metadata.toolName : "?"}` : `in=${rec.inputTokens} out=${rec.outputTokens}`;
+      console.log(
+        `[${stamp}] recorded ${rec.customerExternalId} \xB7 ${volume} \xB7 server=${cost} \xB7 ${reference}${eventId}`
+      );
+    }
+  }
+  function logFailure(result, stamp) {
+    if (result.ok) return;
+    if (result.reason === "http") {
+      console.error(
+        `[${stamp}] MarginFront HTTP ${result.status}: ${result.body}`
+      );
+    } else if (result.reason === "network") {
+      console.error(
+        `[${stamp}] could not reach MarginFront: ${result.message}`
+      );
+    } else {
+      console.error(`[${stamp}] send failed (${result.reason}).`);
+    }
+  }
+  function enqueueFailed(records, stamp) {
+    const room = Math.max(0, MAX_QUEUE_RECORDS - queuedCount);
+    const toQueue = records.slice(0, room);
+    const shed = records.length - toQueue.length;
+    if (toQueue.length > 0) {
+      appendToQueue(queuePath, toQueue);
+      queuedCount += toQueue.length;
+      console.error(
+        `[${stamp}] send failed - queued ${toQueue.length} record(s) for retry (${queuedCount} now in queue).`
+      );
+    }
+    if (shed > 0) {
+      console.error(
+        `[${stamp}] QUEUE FULL (cap ${MAX_QUEUE_RECORDS}): shed ${shed} record(s) - these turns are LOST. The ingest endpoint has been unreachable for a long time; check connectivity.`
+      );
+    }
+    nextQueueRetryAt = Date.now() + queueBackoffMs;
+    queueBackoffMs = Math.min(queueBackoffMs * 2, QUEUE_BACKOFF_MAX_MS);
+  }
+  async function drainQueue() {
+    if (!queuePath || queuedCount === 0) return;
+    if (Date.now() < nextQueueRetryAt) return;
+    const queued = readQueue(queuePath);
+    queuedCount = queued.length;
+    if (queued.length === 0) return;
+    const batch = queued.slice(0, MAX_RECORDS_PER_DRAIN);
+    const result = await postToMarginFront({ records: batch });
+    const stamp = hhmmss();
+    if (result.ok) {
+      const remaining = queued.slice(batch.length);
+      writeQueue(queuePath, remaining);
+      queuedCount = remaining.length;
+      queueBackoffMs = QUEUE_BACKOFF_START_MS;
+      nextQueueRetryAt = 0;
+      console.log(
+        `[${stamp}] queue: ${batch.length} retried record(s) landed \xB7 ${remaining.length} still queued.`
+      );
+    } else if (isRetryablePostResult(result)) {
+      logFailure(result, stamp);
+      const waitMs = queueBackoffMs;
+      nextQueueRetryAt = Date.now() + waitMs;
+      queueBackoffMs = Math.min(queueBackoffMs * 2, QUEUE_BACKOFF_MAX_MS);
+      console.error(
+        `[${stamp}] queue: retry failed, ${queued.length} record(s) still queued (next attempt in ~${Math.round(waitMs / 1e3)}s).`
+      );
+    } else {
+      const remaining = queued.slice(batch.length);
+      writeQueue(queuePath, remaining);
+      queuedCount = remaining.length;
+      console.error(
+        `[${stamp}] queue: dropping ${batch.length} record(s) - terminal failure (server rejected them, retrying can't help).`
+      );
+    }
+  }
+  async function processNewLines() {
+    if (running) return;
+    running = true;
+    try {
+      await drainQueue();
+      const { lines, nextCursor } = readNewCompleteLines(filePath, cursorBytes);
+      for (const rawLine of lines) {
+        const line = rawLine.trim();
+        if (!line) continue;
+        let parsed;
+        try {
+          parsed = JSON.parse(line);
+        } catch {
+          console.error("(skipped one telemetry line that wasn't valid JSON)");
+          continue;
+        }
+        const body = buildRequestBodyForLine(parsed, {
+          foldCache,
+          fallbackCustomerId,
+          rawSourceLine: line
+        });
+        if (!body.records.length) continue;
+        const result = await postToMarginFront(body);
+        const stamp = hhmmss();
+        if (!result.ok) {
+          logFailure(result, stamp);
+          if (queuePath && isRetryablePostResult(result)) {
+            enqueueFailed(body.records, stamp);
+          } else if (queuePath) {
+            console.error(
+              `[${stamp}] dropping ${body.records.length} record(s): terminal send failure (not retryable).`
+            );
+          }
+          continue;
+        }
+        logSuccess(body, result, stamp);
+        if (queuedCount > 0) {
+          queueBackoffMs = QUEUE_BACKOFF_START_MS;
+          nextQueueRetryAt = 0;
+        }
+      }
+      if (nextCursor !== cursorBytes) {
+        cursorBytes = nextCursor;
+        writeWatchCursor(cursorPath, cursorBytes);
+      }
+    } finally {
+      running = false;
+    }
+  }
+  processNewLines().catch(
+    (e) => console.error(`watch error: ${e.message}`)
+  );
+  const timer = setInterval(() => {
+    nextCollectorReviveAt = maybeReviveCollector(
+      collectorHealDeps,
+      nextCollectorReviveAt,
+      COLLECTOR_REVIVE_BACKOFF_MS
+    );
+    processNewLines().catch(
+      (e) => console.error(`watch error: ${e.message}`)
+    );
+  }, WATCH_POLL_MS);
+  return function stop() {
+    clearInterval(timer);
+    if (pidFilePath) {
+      try {
+        rmSync2(pidFilePath, { force: true });
+      } catch {
+      }
+    }
+  };
+}
+
+// src/cli.ts
+var PKG_NAME = "@marginfront/code-cost-clarity";
+function readVersion() {
+  return CCC_PACKAGE_VERSION;
+}
+function printHelp() {
+  console.log(
+    [
+      `${PKG_NAME} - see your Claude Code + Codex spend in MarginFront`,
+      "",
+      "Usage:",
+      "  npx @marginfront/code-cost-clarity <command> [options]",
+      "",
+      "Commands:",
+      "  init                 Set up everything: save your MarginFront secret key (mf_sk_...), not",
+      "                       your Anthropic or OpenAI key. Wire telemetry into your Claude/Codex",
+      "                       config (with your OK), and start the background meter.",
+      "  start                (Re)start the background meter - starts at login, no terminal to keep open.",
+      "  status               Is the background meter running? Shows recent activity + errors.",
+      "  preview <file.json>  Show the exact record it would send for a capture. No key needed.",
+      "  run                  Stream your live spend in THIS terminal instead of the background. Ctrl-C to stop.",
+      "  stop                 Pause the meter - the background daemon AND any foreground run.",
+      "  uninstall            Shut it off, undo every config change, and reclaim disk. --purge also deletes settings.",
+      "  help                 Show this message.",
+      "  version              Print the version.",
+      "",
+      "Options:",
+      "  --no-prompt          (init only) Skip BOTH questions (the MarginFront key paste and the",
+      "                       consent prompt) and proceed - it WILL wire your global config. For CI / scripts.",
+      "  --fold-cache         Round-up mode: roll cache tokens into billed input. Only use",
+      "                       for a model MarginFront can't price yet - the default is accurate.",
+      "  --purge              (uninstall only) Also delete your settings, including your MarginFront secret key (mf_sk_...).",
+      "",
+      "Setup is one step now:",
+      "  npx @marginfront/code-cost-clarity init",
+      "    \u2192 paste your MarginFront secret key (mf_sk_...), say 'y' to the consent prompt,",
+      "      and you're done.",
+      "  Then just run `claude` or `codex` (or open the desktop apps) - telemetry flows",
+      "  automatically. No `source`, no second terminal. Check on it with `status` anytime.",
+      "",
+      "Prefer a live terminal view instead of the background meter? After init, run:",
+      "  npx @marginfront/code-cost-clarity run"
+    ].join("\n")
+  );
+}
+function printNoIdentityHint() {
+  console.log(
+    [
+      "Note: usage with no engineer email is attributed to a no-identity placeholder",
+      `  ("${NO_IDENTITY_CUSTOMER}" for Claude Code, "${CODEX_NO_IDENTITY_CUSTOMER}" for Codex).`,
+      "  Why: org-managed seats stamp the email automatically; some interactive logins don't.",
+      "  Fix: sign in with an org-managed seat, or attach your own MarginFront customer",
+      "  mapping. Until then the spend still lands, under the placeholder instead of the",
+      "  engineer's name."
+    ].join("\n")
+  );
+}
+function promptSecret(promptText) {
+  return new Promise((resolve) => {
+    const rl = readline.createInterface({
+      input: process3.stdin,
+      output: process3.stdout,
+      terminal: true
+    });
+    rl._writeToOutput = () => {
+    };
+    let settled = false;
+    const finish = (answer) => {
+      if (settled) return;
+      settled = true;
+      rl.close();
+      process3.stdout.write("\n");
+      resolve(answer.trim());
+    };
+    process3.stdout.write(promptText);
+    rl.question("", (answer) => finish(answer));
+    rl.on("SIGINT", () => finish(""));
+  });
+}
+function promptYesNo(promptText, io = {}, defaultYes = false) {
+  return new Promise((resolve) => {
+    const input = io.input ?? process3.stdin;
+    const output = io.output ?? process3.stdout;
+    const interactive = io.terminal ?? Boolean(input.isTTY);
+    const rl = readline.createInterface({
+      input,
+      output,
+      terminal: interactive
+    });
+    let settled = false;
+    const finish = (answer, fromKeypress) => {
+      if (settled) return;
+      settled = true;
+      rl.close();
+      const normalized = answer.trim().toLowerCase();
+      if (normalized === "") {
+        resolve(fromKeypress && interactive ? defaultYes : false);
+        return;
+      }
+      resolve(normalized === "y" || normalized === "yes");
+    };
+    output.write(promptText);
+    rl.question("", (answer) => finish(answer, true));
+    rl.on("SIGINT", () => finish("", false));
+    rl.on("close", () => finish("", false));
+  });
+}
+function printConsentDisclosure(log) {
+  log(
+    [
+      "",
+      "Before I change anything, here's EXACTLY what I'll touch on your computer,",
+      "OUTSIDE this tool's own folder (~/.marginfront-ccc):",
+      "",
+      `1. ${CLAUDE_SETTINGS_PATH}`,
+      '   I add these six settings to its "env" block - and nothing else:',
+      ...Object.entries(CCC_TELEMETRY_VALUES).map(
+        ([key, value]) => `       ${key}=${value}`
+      ),
+      "   WHAT THIS MEANS: Claude Code telemetry turns ON for EVERY `claude` session on",
+      "   this machine - the command line AND the Claude Desktop app (they share this",
+      "   one file) - automatically, with no per-terminal setup. Your MarginFront secret",
+      "   key is NOT written here; it stays only in ~/.marginfront-ccc/.env (mode 600).",
+      "",
+      `2. ${CODEX_CONFIG_PATH}`,
+      "   I add a small [otel] block so Codex reports to the same local collector. If you",
+      "   already have your own [otel] settings, I leave them alone and just print the",
+      "   block for you to paste.",
+      "",
+      "3. A small background helper (a macOS LaunchAgent) so the meter runs on its own,",
+      "   starts at login, and needs no second terminal.",
+      "",
+      "All of this is fully reversible: `uninstall` removes ONLY what it added.",
+      ""
+    ].join("\n")
+  );
+}
+async function cmdInit(noPrompt, deps = {}) {
+  const log = deps.log ?? console.log;
+  const isTTY = deps.isTTY ?? (() => Boolean(process3.stdin.isTTY));
+  const ensureConfig = deps.ensureConfigFiles ?? (() => ensureConfigFiles());
+  const ensureBinary = deps.ensureCollectorBinary ?? (() => ensureCollectorBinary());
+  const loadEnv = deps.loadEnv ?? (() => loadEnvFile());
+  const askSecret = deps.promptSecret ?? promptSecret;
+  const saveKey = deps.writeApiKey ?? ((value) => writeApiKeyToEnv(value));
+  log("Setting up the Claude Code + Codex -> MarginFront connector\u2026\n");
+  ensureConfig();
+  ensureBinary();
+  const savedKey = loadEnv()["MARGINFRONT_API_KEY"];
+  const shouldPromptKey = !noPrompt && isTTY() && !savedKey;
+  let keySaved = Boolean(savedKey);
+  if (shouldPromptKey) {
+    log(
+      [
+        "",
+        "Now paste your MarginFront secret key (mf_sk_...), not your Anthropic or OpenAI key, so we can save it for you.",
+        '  Where to get it:  app.marginfront.com -> Build -> API Keys -> "Create Key Pair"',
+        "  Direct link:      https://app.marginfront.com/developer-zone/api-keys",
+        "  Use the SECRET key (mf_sk_*). A publishable key (mf_pk_*) is rejected on send.",
+        ""
+      ].join("\n")
+    );
+    let entered = await askSecret(
+      "Paste your MarginFront SECRET key (mf_sk_*) - not your Anthropic/OpenAI key (Enter to skip): "
+    );
+    if (entered.startsWith("mf_pk_")) {
+      log(
+        "  Heads up: that looks like a PUBLISHABLE key (mf_pk_*). The forwarder POSTs your\n  usage, and publishable keys are rejected on writes - you want a SECRET key (mf_sk_*)."
+      );
+      const retry = await askSecret(
+        "Paste your SECRET key (mf_sk_*), or press Enter to keep what you typed: "
+      );
+      if (retry) entered = retry;
+    }
+    if (entered) {
+      saveKey(entered);
+      log(
+        `Saved your MarginFront secret key (mf_sk_...) to ${ENV_PATH} (mode 600).`
+      );
+      keySaved = true;
+    }
+  }
+  printConsentDisclosure(log);
+  let consented;
+  if (noPrompt) {
+    log(
+      "--no-prompt set: proceeding without asking (CI / scripted install). This WILL change your global Claude/Codex config as listed above."
+    );
+    consented = true;
+  } else if (isTTY()) {
+    const askConsent = deps.promptConsent ?? (() => promptYesNo(
+      "\nWire it up now? Press Enter for yes, or type n to cancel. [Y/n] ",
+      {},
+      true
+    ));
+    consented = await askConsent();
+  } else {
+    consented = false;
+  }
+  if (!consented) {
+    log(
+      [
+        "",
+        "No problem - I did NOT change ~/.claude/settings.json or ~/.codex/config.toml,",
+        "and I did NOT install the background helper. Nothing outside ~/.marginfront-ccc",
+        "was touched.",
+        "",
+        "Recommended: re-run `init` and answer 'y' so the meter wires itself up and just",
+        "works on its own - no source, no second terminal.",
+        "",
+        "Fallback (only because you declined the auto-wiring): with no background helper,",
+        "you can still run it by hand, one terminal at a time:",
+        "  1. source ~/.marginfront-ccc/.env",
+        "  2. claude            (or codex)",
+        "  3. in another terminal:  npx @marginfront/code-cost-clarity run"
+      ].join("\n")
+    );
+    return 0;
+  }
+  const writeClaude = deps.writeClaudeTelemetry ?? (() => writeClaudeTelemetrySettings(CCC_TELEMETRY_VALUES, { log }));
+  const claudeResult = writeClaude();
+  if (claudeResult.skipped.length > 0) {
+    log(
+      `Left ${claudeResult.skipped.length} Claude setting(s) you'd already set untouched.`
+    );
+  }
+  const writeCodex = deps.writeCodexConfig ?? (() => writeCodexOtelConfig({ log }));
+  const codexHasBlock = deps.codexHasCccBlock ?? (() => codexConfigHasCccBlock());
+  const codexResult = writeCodex();
+  if (codexResult.action === "skipped-existing" && !codexHasBlock()) {
+    log("");
+    log(renderCodexConfigInstructions());
+  }
+  const keyIsPresent = (deps.hasApiKey ?? (() => keySaved))();
+  if (keyIsPresent) {
+    const install = deps.installDaemon ?? (() => installDaemon({ log }));
+    install();
+    log(
+      [
+        "",
+        "Done. Just run `claude` or `codex` (or open the desktop apps) - telemetry flows",
+        "automatically; no source, no second terminal."
+      ].join("\n")
+    );
+  } else {
+    log(
+      [
+        "",
+        "Telemetry is wired up, but I did NOT start the background meter yet because no",
+        "MarginFront key is saved (without one it would just loop doing nothing).",
+        `Finish up: paste your SECRET key (mf_sk_*) after MARGINFRONT_API_KEY= in ${ENV_PATH}`,
+        "  (or re-run `init`), then run:  npx @marginfront/code-cost-clarity start"
+      ].join("\n")
+    );
+  }
+  const findZshrc = deps.findZshrcLines ?? (() => findCccZshrcSourceLines());
+  const zshrc = findZshrc();
+  if (zshrc.found) {
+    log(
+      [
+        "",
+        "One more thing: your ~/.zshrc still has a leftover line from the old setup:",
+        ...zshrc.matchedLines.map((line) => `    ${line}`),
+        "Now that telemetry is wired through settings.json, that line is redundant."
+      ].join("\n")
+    );
+    let removeIt = false;
+    if (!noPrompt && isTTY()) {
+      const askRemove = deps.promptRemoveZshrc ?? (() => promptYesNo(
+        "Remove that redundant line from your ~/.zshrc now? [y/N]: "
+      ));
+      removeIt = await askRemove();
+    }
+    if (removeIt) {
+      const removeZshrc = deps.removeZshrcLines ?? (() => {
+        removeCccZshrcSourceLine({ log });
+      });
+      removeZshrc();
+    } else {
+      log(
+        "Left your ~/.zshrc as-is - you can delete that line by hand whenever you like."
+      );
+    }
+  }
+  return 0;
+}
+var START_HEALTH_ATTEMPTS = 6;
+var START_HEALTH_INTERVAL_MS = 300;
+async function cmdStart(deps = {}) {
+  const log = deps.log ?? console.log;
+  const errorLog = deps.errorLog ?? console.error;
+  const hasApiKey = deps.hasApiKey ?? (() => {
+    loadEnvFile();
+    return Boolean(process3.env.MARGINFRONT_API_KEY);
+  });
+  if (!hasApiKey()) {
+    errorLog(
+      [
+        "Can't start the background meter yet - no MarginFront API key is saved.",
+        "The background job restarts itself whenever it stops, so starting it",
+        "  without a key would just loop forever, doing nothing.",
+        `Fix: run  npx ${PKG_NAME} init  and paste your SECRET key (mf_sk_*),`,
+        `     or add it after MARGINFRONT_API_KEY= in ${ENV_PATH}, then run start again.`
+      ].join("\n")
+    );
+    return 1;
+  }
+  const isSetUp = deps.isSetUp ?? (() => existsSync3(COLLECTOR_BIN_PATH) && existsSync3(COLLECTOR_CONFIG_PATH));
+  if (!isSetUp()) {
+    errorLog(`Not set up yet. Run  npx ${PKG_NAME} init  first, then start.`);
+    return 1;
+  }
+  const install = deps.installDaemon ?? (() => installDaemon({ log }));
+  install();
+  const queryStatus = deps.queryStatus ?? (() => queryDaemonStatus());
+  const sleep = deps.sleep ?? ((ms) => new Promise((r) => setTimeout(r, ms)));
+  let running = false;
+  for (let attempt = 0; attempt < START_HEALTH_ATTEMPTS; attempt++) {
+    await sleep(START_HEALTH_INTERVAL_MS);
+    if (queryStatus().running) {
+      running = true;
+      break;
+    }
+  }
+  if (!running) {
+    const errLogTail = deps.errLogTail ?? (() => readLastLines(DAEMON_STDERR_LOG_PATH, 15));
+    errorLog(
+      [
+        "The background meter was installed, but it isn't running yet.",
+        "macOS loaded the job, but the meter keeps stopping - most often a",
+        "  missing or expired MarginFront key (mf_sk_...) or a setup problem it can't fix itself.",
+        "Here are the last lines of its error log:"
+      ].join("\n")
+    );
+    const tail = errLogTail();
+    if (tail.length === 0) {
+      errorLog(`  (no errors logged yet at ${DAEMON_STDERR_LOG_PATH})`);
+    } else {
+      for (const line of tail) errorLog(`  ${line}`);
+    }
+    errorLog(
+      [
+        "",
+        `Check again anytime:  npx ${PKG_NAME} status`,
+        `Re-check your MarginFront key (mf_sk_...) with:  npx ${PKG_NAME} init  (then run start again)`
+      ].join("\n")
+    );
+    return 1;
+  }
+  log(
+    [
+      "",
+      "The MarginFront cost meter is now running in the background.",
+      "  - It starts itself automatically every time you log in.",
+      "  - It keeps running after you close this window or reboot.",
+      `  - Check on it anytime:  npx ${PKG_NAME} status`,
+      `  - Pause it:             npx ${PKG_NAME} stop`,
+      "",
+      "Just use Claude Code (and/or Codex) normally - your spend shows up in MarginFront."
+    ].join("\n")
+  );
+  return 0;
+}
+function printDaemonLogTail(label, path) {
+  const lines = readLastLines(path, 15);
+  console.log("");
+  if (lines.length === 0) {
+    console.log(`Recent ${label} (${path}): none yet.`);
+    return;
+  }
+  console.log(`Recent ${label} (last ${lines.length} lines of ${path}):`);
+  for (const line of lines) console.log(`  ${line}`);
+}
+function cmdStatus() {
+  const status = queryDaemonStatus();
+  if (!status.loaded) {
+    console.log(
+      [
+        "The background cost meter is NOT running (not installed/loaded).",
+        `  Turn it on with:  npx ${PKG_NAME} start`
+      ].join("\n")
+    );
+  } else if (status.running) {
+    console.log(
+      "The background cost meter is running" + (status.pid ? ` (pid ${status.pid})` : "") + ". Your spend is being captured."
+    );
+  } else {
+    console.log(
+      "The background cost meter is installed but not running right now (launchd may be restarting it - check the errors below)."
+    );
+  }
+  printDaemonLogTail("output", DAEMON_STDOUT_LOG_PATH);
+  printDaemonLogTail("errors", DAEMON_STDERR_LOG_PATH);
+  return 0;
+}
+function cmdPreview(positionals, foldCache) {
+  const inputFilePath = positionals[0];
+  if (!inputFilePath) {
+    console.error(
+      "preview needs a capture file:  npx @marginfront/code-cost-clarity preview <capture.json>\nA capture is one OTLP/JSON snapshot - e.g. a line from ~/.marginfront-ccc/live-otlp.jsonl."
+    );
+    return 1;
+  }
+  const parsedOtlp = readAndParseOtlpFile(inputFilePath);
+  const body = buildRequestBodyForLine(parsedOtlp, {
+    foldCache,
+    fallbackCustomerId: NO_IDENTITY_CUSTOMER
+  });
+  console.log(JSON.stringify(body, null, 2));
+  const usedFallback = body.records.some(
+    (r) => r.customerExternalId === NO_IDENTITY_CUSTOMER || r.customerExternalId === CODEX_NO_IDENTITY_CUSTOMER
+  );
+  if (usedFallback) {
+    console.log("");
+    printNoIdentityHint();
+  }
+  return 0;
+}
+function runningForwarderPid(pidFilePath) {
+  if (!existsSync3(pidFilePath)) return null;
+  try {
+    const raw = readFileSync3(pidFilePath, "utf8").trim();
+    const parsed = parseInt(raw, 10);
+    if (Number.isInteger(parsed) && isPidAlive(parsed)) return parsed;
+  } catch {
+  }
+  return null;
+}
+function cmdRun(foldCache, _overridePidPath) {
+  const guardPath = _overridePidPath ?? FORWARDER_PID_PATH;
+  const livePid = runningForwarderPid(guardPath);
+  if (livePid !== null) {
+    console.error(
+      `A CCC forwarder is already running (pid ${livePid}).
+  Stop it first:  npx @marginfront/code-cost-clarity stop
+  (If nothing seems to be running, 'stop' also clears the stale
+  pid file at ${FORWARDER_PID_PATH}.)`
+    );
+    return 1;
+  }
+  loadEnvFile();
+  if (!existsSync3(COLLECTOR_BIN_PATH) || !existsSync3(COLLECTOR_CONFIG_PATH)) {
+    console.error(
+      "Not set up yet. Run `npx @marginfront/code-cost-clarity init` first."
+    );
+    return 1;
+  }
+  if (!process3.env.MARGINFRONT_API_KEY) {
+    console.error(
+      [
+        "No MARGINFRONT_API_KEY found, so there's nothing to send to.",
+        `Fix: paste your MarginFront secret key (mf_sk_...) after MARGINFRONT_API_KEY= in ${ENV_PATH},`,
+        "     or export MARGINFRONT_API_KEY=... in this shell, then re-run.",
+        "No key handy? `preview <capture.json>` shows what it would send without one."
+      ].join("\n")
+    );
+    return 1;
+  }
+  const { startedByUs } = startCollector();
+  setDesktopGuiEnv();
+  console.log("");
+  printNoIdentityHint();
+  console.log("");
+  const stopWatch = watchAndForward(LIVE_JSONL_PATH, {
+    foldCache,
+    fallbackCustomerId: NO_IDENTITY_CUSTOMER,
+    // Resume from the last cursor so stop-then-run doesn't re-send (re-bill) a session.
+    cursorPath: FORWARDER_CURSOR_PATH,
+    // Park transient send failures instead of dropping them; drains each poll
+    // (LOWAI-467 Half B - pairs with server dedup for exactly-once delivery).
+    queuePath: FORWARDER_QUEUE_PATH,
+    // Single-instance guard: watchAndForward writes process.pid here and removes it
+    // on clean stop. cmdRun read it above to refuse a duplicate; now pass it so the
+    // forwarder owns the slot for the lifetime of this run. Use guardPath so a
+    // test-path override flows through to the forwarder too.
+    pidFilePath: guardPath
+  });
+  const shutdown = () => {
+    console.log("\nStopping\u2026");
+    stopWatch();
+    if (startedByUs) stopCollector();
+    process3.exit(0);
+  };
+  process3.on("SIGINT", shutdown);
+  process3.on("SIGTERM", shutdown);
+  return null;
+}
+var STOP_FORWARDER_POLL_MS = 50;
+var STOP_FORWARDER_TIMEOUT_MS = 3e3;
+async function stopForwarderThenStopCollector(deps, pollMs, timeoutMs) {
+  const log = deps.log ?? console.log;
+  if (deps.isForwarderAlive()) {
+    deps.signalForwarder("SIGTERM");
+    const deadline = deps.now() + timeoutMs;
+    while (deps.isForwarderAlive() && deps.now() < deadline) {
+      await deps.sleep(pollMs);
+    }
+    if (deps.isForwarderAlive()) {
+      log("Forwarder didn't stop on its own; forcing it down.");
+      deps.signalForwarder("SIGKILL");
+      const hardDeadline = deps.now() + timeoutMs;
+      while (deps.isForwarderAlive() && deps.now() < hardDeadline) {
+        await deps.sleep(pollMs);
+      }
+    }
+  }
+  deps.stopCollector();
+}
+async function cmdStop() {
+  const daemonWasLoaded = bootoutDaemon();
+  if (daemonWasLoaded) {
+    console.log(
+      "Paused the background daemon (it won't auto-restart until you run `start` or log in again)."
+    );
+  }
+  let forwarderPid = null;
+  if (existsSync3(FORWARDER_PID_PATH)) {
+    try {
+      const raw = readFileSync3(FORWARDER_PID_PATH, "utf8").trim();
+      const parsed = parseInt(raw, 10);
+      if (Number.isInteger(parsed)) forwarderPid = parsed;
+    } catch {
+    }
+  }
+  await stopForwarderThenStopCollector(
+    {
+      isForwarderAlive: () => forwarderPid !== null && isPidAlive(forwarderPid),
+      signalForwarder: (signal) => {
+        if (forwarderPid === null) return;
+        try {
+          process3.kill(forwarderPid, signal);
+          if (signal === "SIGTERM") {
+            console.log(
+              `Sent SIGTERM to forwarder (pid ${forwarderPid}). Waiting for it to stop\u2026`
+            );
+          }
+        } catch {
+        }
+      },
+      stopCollector: () => {
+        stopCollector();
+      },
+      sleep: (ms) => new Promise((resolve) => setTimeout(resolve, ms)),
+      now: () => Date.now(),
+      log: (message) => console.log(message)
+    },
+    STOP_FORWARDER_POLL_MS,
+    STOP_FORWARDER_TIMEOUT_MS
+  );
+  if (existsSync3(FORWARDER_PID_PATH)) {
+    try {
+      rmSync3(FORWARDER_PID_PATH, { force: true });
+    } catch {
+    }
+  }
+  return 0;
+}
+function cmdUninstall(purge, deps = {}) {
+  const log = deps.log ?? console.log;
+  const removeDaemon = deps.uninstallDaemon ?? (() => uninstallDaemon({ log }));
+  const stopColl = deps.stopCollector ?? (() => {
+    stopCollector({ log });
+  });
+  const removeClaude = deps.removeClaudeTelemetry ?? (() => removeClaudeTelemetrySettings({ log }));
+  const removeCodex = deps.removeCodexConfig ?? (() => removeCodexOtelConfig({ log }));
+  const removeFile = deps.removeRuntimeFile ?? ((path) => {
+    if (existsSync3(path)) rmSync3(path, { force: true });
+  });
+  const purgeDir = deps.purgeConfigDir ?? (() => {
+    if (existsSync3(CONFIG_DIR))
+      rmSync3(CONFIG_DIR, { recursive: true, force: true });
+  });
+  const findZshrc = deps.findZshrcLines ?? (() => findCccZshrcSourceLines());
+  const unsetDesktop = deps.unsetDesktopEnv ?? (() => unsetDesktopGuiEnv());
+  removeDaemon();
+  stopColl();
+  removeClaude();
+  removeCodex();
+  unsetDesktop();
+  const toRemove = [
+    COLLECTOR_BIN_PATH,
+    COLLECTOR_CONFIG_PATH,
+    LIVE_JSONL_PATH,
+    COLLECTOR_PID_PATH,
+    COLLECTOR_LOG_PATH,
+    // Clear the resume cursor too - it points into the live file we just removed.
+    FORWARDER_CURSOR_PATH,
+    // And the retry queue - its records reference the now-removed live file (LOWAI-467).
+    FORWARDER_QUEUE_PATH,
+    // And the single-instance guard pidfile - no forwarder will be running after this.
+    FORWARDER_PID_PATH
+  ];
+  for (const path of toRemove) removeFile(path);
+  log("Removed the collector binary, its config, and runtime files.");
+  if (purge) {
+    purgeDir();
+    log(
+      `Purged ${CONFIG_DIR} - your saved settings and MarginFront secret key (mf_sk_...) are gone.`
+    );
+  } else {
+    log(
+      `Kept your settings at ${ENV_PATH}. Re-run init anytime to reinstall, or add --purge to delete settings too.`
+    );
+  }
+  const zshrc = findZshrc();
+  if (zshrc.found) {
+    log(
+      [
+        "Reminder: your ~/.zshrc still has a leftover MarginFront line:",
+        ...zshrc.matchedLines.map((line) => `    ${line}`),
+        "It's harmless now, but you can delete it by hand if you like."
+      ].join("\n")
+    );
+  }
+  log(
+    [
+      "",
+      "Reverted: the background daemon was removed, the collector stopped, the Claude",
+      "telemetry settings and the Codex [otel] block undone, and the collector binary +",
+      "runtime files deleted." + (purge ? " Your saved settings and MarginFront secret key (mf_sk_...) were purged too." : " Your saved settings and MarginFront secret key (mf_sk_...) were kept.")
+    ].join("\n")
+  );
+  return 0;
+}
+async function main() {
+  const argv = process3.argv.slice(2);
+  const command = argv[0];
+  const rest = argv.slice(1);
+  const flags = new Set(rest.filter((a) => a.startsWith("--")));
+  const positionals = rest.filter((a) => !a.startsWith("--"));
+  const foldCache = flags.has("--fold-cache");
+  switch (command) {
+    case void 0:
+    case "help":
+    case "--help":
+    case "-h":
+      printHelp();
+      return 0;
+    case "version":
+    case "--version":
+    case "-v":
+      console.log(readVersion());
+      return 0;
+    case "init":
+      return cmdInit(flags.has("--no-prompt"));
+    case "start":
+      return cmdStart();
+    case "status":
+      return cmdStatus();
+    case "preview":
+      return cmdPreview(positionals, foldCache);
+    case "run":
+      return cmdRun(foldCache);
+    case "stop":
+      return cmdStop();
+    case "uninstall":
+      return cmdUninstall(flags.has("--purge"));
+    default:
+      console.error(`Unknown command "${command}".
+`);
+      printHelp();
+      return 1;
+  }
+}
+var __thisFile = fileURLToPath2(import.meta.url);
+var __isEntryPoint = false;
+try {
+  __isEntryPoint = process3.argv[1] !== void 0 && realpathSync(process3.argv[1]) === realpathSync(__thisFile);
+} catch {
+}
+if (__isEntryPoint) {
+  main().then((code) => {
+    if (code !== null && code !== void 0) process3.exit(code);
+  }).catch((unexpectedError) => {
+    console.error(
+      `Something went wrong: ${unexpectedError.message}`
+    );
+    process3.exit(1);
+  });
+}
+export {
+  cmdInit,
+  cmdRun,
+  cmdStart,
+  cmdUninstall,
+  promptYesNo,
+  runningForwarderPid,
+  stopForwarderThenStopCollector
+};