@marginfront/code-cost-clarity 0.6.0 → 0.6.1

package/dist/cli.js

@@ -8,1850 +8,1897 @@ import process3 from "process";
 
 // src/connector.ts
 import {
-  existsSync,
+  existsSync as existsSync2,
   mkdirSync,
-  writeFileSync,
-  readFileSync,
-  openSync,
-  rmSync,
+  writeFileSync as writeFileSync2,
+  readFileSync as readFileSync2,
+  openSync as openSync2,
+  rmSync as rmSync2,
   chmodSync,
   copyFileSync
 } from "fs";
 import { spawn, spawnSync, execFileSync } from "child_process";
-import { createHash } from "crypto";
+import { createHash as createHash2 } from "crypto";
 import { homedir, tmpdir, platform, arch } from "os";
 import { join, dirname } from "path";
 import { fileURLToPath } from "url";
-import process from "process";
-var CONFIG_DIR = join(homedir(), ".marginfront-ccc");
-var ENV_PATH = join(CONFIG_DIR, ".env");
-var COLLECTOR_CONFIG_PATH = join(CONFIG_DIR, "otel-collector.yaml");
-var COLLECTOR_BIN_PATH = join(CONFIG_DIR, "otelcol-contrib");
-var LIVE_JSONL_PATH = join(CONFIG_DIR, "live-otlp.jsonl");
-var COLLECTOR_PID_PATH = join(CONFIG_DIR, "collector.pid");
-var COLLECTOR_LOG_PATH = join(CONFIG_DIR, "collector.log");
-var FORWARDER_CURSOR_PATH = join(CONFIG_DIR, "forwarder.cursor");
-var FORWARDER_QUEUE_PATH = join(CONFIG_DIR, "forwarder.queue.jsonl");
-var FORWARDER_PID_PATH = join(CONFIG_DIR, "forwarder.pid");
-var VERSION_PATTERN = /^v\d+\.\d+\.\d+$/;
-function resolveOtelcolVersion(override = process.env.CCC_OTELCOL_VERSION) {
-  const DEFAULT_VERSION = "v0.154.0";
-  if (!override) return DEFAULT_VERSION;
-  if (!VERSION_PATTERN.test(override)) {
-    throw new Error(
-      `Invalid CCC_OTELCOL_VERSION "${override}".
-What happened: you set the collector version override, but it isn't a valid version number.
-Why this is strict: that value goes into a download URL and a filename, so a malformed one could point the installer somewhere unsafe. We refuse rather than guess.
-Fix: use the form vMAJOR.MINOR.PATCH (for example CCC_OTELCOL_VERSION=v0.154.0), or unset it to use the built-in pinned version.`
-    );
-  }
-  return override;
-}
-var OTELCOL_VERSION = resolveOtelcolVersion();
-var COLLECTOR_CHECKSUMS = {
-  "otelcol-contrib_0.154.0_darwin_amd64.tar.gz": "14f7f825a7ad7ee0799947ff70a42b9a5528a9c1411ab45f8fcc4caeb9346f7b",
-  "otelcol-contrib_0.154.0_darwin_arm64.tar.gz": "de3af70ef0b80af213911cc9ba8daf553348dd22ed1fb15db561d207fc2cb3d9",
-  "otelcol-contrib_0.154.0_linux_amd64.tar.gz": "f0fe6e7b1d81936d4e5a3aad7a678f3fc2f8ada2a9f8f37f37542813c12ed322",
-  "otelcol-contrib_0.154.0_linux_arm64.tar.gz": "52310bfcb5a952c072e8abff7f0f2940ee38cea36752a4a4e1a4e21c2088c3f9"
-};
-function verifyTarballChecksum(tarballPath, expectedSha256) {
-  const actual = createHash("sha256").update(readFileSync(tarballPath)).digest("hex").toLowerCase();
-  return actual === expectedSha256.toLowerCase();
-}
-function renderEnvFile() {
-  return `# ============================================================
-# Claude Code -> MarginFront connector: environment settings
-# ============================================================
-# MAIN JOB of this file: hold your MARGINFRONT_API_KEY (below) so the background
-# meter can read it - fill that in (init usually does it for you).
-#
-# As of v0.5.0 you do NOT need to 'source' this before running Claude Code:
-# 'init' wires the telemetry settings into ~/.claude/settings.json for you, so
-# every 'claude'/'codex' session (and the desktop apps) broadcast on their own.
-# Sourcing this is only useful for the manual, foreground 'run' path.
-#
-# This file stays on your machine; it is never published or committed.
-# ============================================================
-
-# Turns on Claude Code's usage broadcasting. Leave as 1.
-CLAUDE_CODE_ENABLE_TELEMETRY=1
-
-# Send usage as OpenTelemetry metrics. Leave as otlp.
-OTEL_METRICS_EXPORTER=otlp
-
-# Send Claude Code's EVENTS (the per-tool-call records) too. Leave as otlp.
-# Tokens come in as metrics (above); a paid tool call (Google Maps, Browserbase,
-# a paid MCP server) only shows up on this EVENT stream - without this line Claude
-# Code broadcasts no tool activity and tool spend can't be tracked (LOWAI-478).
-OTEL_LOGS_EXPORTER=otlp
-
-# Use HTTP/protobuf. Verified working; gRPC on 4317 silently failed in testing.
-OTEL_EXPORTER_OTLP_PROTOCOL=http/protobuf
-
-# Where the local collector listens. Must match the collector YAML.
-OTEL_EXPORTER_OTLP_ENDPOINT=http://127.0.0.1:4318
-
-# How often Claude Code flushes usage, in milliseconds.
-#   300000 = 5 minutes - batches usage so you get roughly one event per turn
-#   without a long wait. Raise to 600000 (10 min) to batch harder; lower to
-#   60000 (1 min) or 5000 (5 s) for a more live drip.
-OTEL_METRIC_EXPORT_INTERVAL=300000
-
-# Tool-call costs (LOWAI-478) need NOTHING configured here. Every tool your agents
-# fire (other than free built-ins like Read/Bash) is forwarded automatically;
-# MarginFront's pricing catalog decides what's billable and at what rate. Add price
-# rows for your paid tools in MarginFront - there's no client-side list to maintain.
-
-# WHO this machine's AI cost belongs to (per-developer attribution).
-# WHY THIS EXISTS, plainly: lots of teams share ONE Claude/Codex login, so every
-# developer's usage carries the SAME login email and all the cost piles onto one
-# person. CCC runs locally on each laptop, so naming the developer here splits that
-# shared-login cost back out per developer. This is INTERNAL cost visibility only -
-# it does NOT change anyone's bill.
-#
-# HOW IT'S USED at send time (precedence, highest wins):
-#   1. This CCC_DEVELOPER_EMAIL, when set - it wins for EVERY record from this machine.
-#   2. Otherwise the email the coding-agent login reports (user.email).
-#   3. Otherwise a clearly-labeled no-identity placeholder.
-# Leave it BLANK to keep today's behavior (auto-detect from the login). init fills
-# this in for you, defaulting to your global git user.email - change it anytime.
-CCC_DEVELOPER_EMAIL=
-
-# YOUR MarginFront SECRET key (mf_sk_*). Create or copy one at:
-#   app.marginfront.com -> Build -> API Keys -> "Create Key Pair"
-#   (https://app.marginfront.com/developer-zone/api-keys)
-# Use the SECRET key (mf_sk_*) - a publishable key (mf_pk_*) is rejected on send.
-# The forwarder reads this from the environment only; it is never hardcoded.
-# Leave blank to run in no-identity preview mode (see the README).
-MARGINFRONT_API_KEY=
-`;
-}
-function renderCollectorYaml(jsonlPath = LIVE_JSONL_PATH) {
-  return `# OpenTelemetry Collector config - Claude Code -> MarginFront
-# ---------------------------------------------------------------------------
-# WHAT THIS DOES, plainly: it's the "catcher." Claude Code broadcasts its token
-# usage here; this collector batches what it hears and writes it to a file,
-# which the forwarder tails and turns into MarginFront usage rows.
-# ---------------------------------------------------------------------------
-
-receivers:
-  # The door Claude Code knocks on. It listens for OpenTelemetry (OTLP) on the
-  # two standard local ports. We point Claude Code at HTTP/protobuf on 4318 -
-  # gRPC on 4317 silently failed to connect from Claude Code 2.1.185 in testing,
-  # so 4318 is the one that actually works. Bound to localhost only.
-  otlp:
-    protocols:
-      grpc:
-        endpoint: 127.0.0.1:4317
-      http:
-        endpoint: 127.0.0.1:4318
-
-processors:
-  # THE NO-DOUBLE-COUNT PROCESSOR. Claude Code emits CUMULATIVE counters (each
-  # export is the running total since the session started), and it ignores the
-  # "give me deltas" env var. Without this, the forwarder would record the
-  # running total every export - re-counting everything before it. This turns
-  # each cumulative total into the increment since the last export.
-  cumulativetodelta: {}
-
-  # Group what arrives into small batches and flush quickly, so the live view
-  # feels near-real-time rather than trickling one datapoint at a time.
-  batch:
-    timeout: 1s
-
-exporters:
-  # Write each batch as one line of OTLP/JSON (JSON Lines). The forwarder
-  # watches this file and records each new line. Both pipelines below share this
-  # one exporter, so Claude Code's metrics and Codex's logs land in the SAME file
-  # (each as its own line) and the one forwarder reads both.
-  file:
-    path: ${jsonlPath}
+import process2 from "process";
 
-service:
-  telemetry:
-    logs:
-      # The collector's OWN log verbosity (how chatty otelcol itself is). This is
-      # NOT a data pipeline - it does not catch Codex's usage logs. The pipeline
-      # that does is service.pipelines.logs below. Keep this quiet.
-      level: warn
-  pipelines:
-    # Claude Code source: token + cost COUNTERS arrive as metrics.
-    # Receive -> de-dupe (cumulative->delta) -> batch -> file.
-    metrics:
-      receivers: [otlp]
-      processors: [cumulativetodelta, batch]
-      exporters: [file]
-    # Codex source (LOWAI-463): Codex reports usage on the LOG stream, not as
-    # metrics, so it needs its own pipeline. No cumulativetodelta here - that's a
-    # METRICS processor and doesn't apply to logs; each Codex log record is one
-    # turn's usage on its own. Receive -> batch -> file (the same file).
-    logs:
-      receivers: [otlp]
-      processors: [batch]
-      exporters: [file]
-`;
-}
-var CODEX_CONFIG_PATH = join(homedir(), ".codex", "config.toml");
-var CODEX_CCC_BEGIN_MARKER = "# >>> MarginFront code-cost-clarity - auto-added; `npx @marginfront/code-cost-clarity uninstall` removes this block >>>";
-var CODEX_CCC_END_MARKER = "# <<< MarginFront code-cost-clarity - end of auto-added block <<<";
-var CODEX_OTEL_TOML_BLOCK = [
-  "[otel]",
-  'exporter = { otlp-http = { endpoint = "http://127.0.0.1:4318/v1/logs", protocol = "binary" } }'
-].join("\n");
-function renderCodexCccBlock() {
-  return [
-    CODEX_CCC_BEGIN_MARKER,
-    CODEX_OTEL_TOML_BLOCK,
-    CODEX_CCC_END_MARKER
-  ].join("\n");
-}
-function renderCodexConfigInstructions() {
-  return [
-    "Optional - also capture Codex (in addition to, or instead of, Claude Code):",
-    "",
-    "  Codex reports its usage to the SAME local collector, so there's nothing",
-    "  extra to install. Add this block to your ~/.codex/config.toml:",
-    "",
-    // Single-sourced from CODEX_OTEL_TOML_BLOCK above, indented for the printout,
-    // so the pasted block always matches what the auto-writer would write.
-    ...CODEX_OTEL_TOML_BLOCK.split("\n").map((line) => "    " + line),
-    "",
-    "  Then run Codex normally. `run` already watches both sources - Claude Code,",
-    "  Codex, or both - from the one collector file; there's no extra flag.",
-    "",
-    "  Note: exact [otel] key names can vary by Codex version, and whether your",
-    "  developer email shows up depends on how you sign in (org API key vs ChatGPT",
-    "  login). If the email doesn't surface, usage still lands under the no-identity",
-    "  placeholder. See the README's Codex section for the full details."
-  ].join("\n");
-}
-function lineDeclaresOtelTable(rawLine) {
-  const beforeComment = rawLine.split("#")[0].trim();
-  if (!beforeComment) return false;
-  let firstToken;
-  if (beforeComment.startsWith("[")) {
-    const inner = beforeComment.replace(/^\[+/, "").trim();
-    const path = inner.split("]")[0].trim();
-    firstToken = path.split(".")[0].trim();
-  } else {
-    firstToken = beforeComment.split(/[.=\s]/)[0].trim();
+// src/forwarder.ts
+import {
+  readFileSync,
+  existsSync,
+  statSync,
+  openSync,
+  readSync,
+  closeSync,
+  writeFileSync,
+  appendFileSync,
+  rmSync
+} from "fs";
+import { createHash } from "crypto";
+import { createRequire } from "module";
+import process from "process";
+var _cccRequire = createRequire(import.meta.url);
+function resolveCccPackageVersion() {
+  if ("0.6.1".length > 0) {
+    return "0.6.1";
   }
-  firstToken = firstToken.replace(/^["']|["']$/g, "");
-  return firstToken === "otel";
-}
-function codexConfigHasOtelTable(content) {
-  return content.split(/\r?\n/).some(lineDeclaresOtelTable);
-}
-function codexConfigHasCccBlock(configPath = CODEX_CONFIG_PATH) {
-  if (!existsSync(configPath)) return false;
   try {
-    return readFileSync(configPath, "utf8").includes(CODEX_CCC_BEGIN_MARKER);
+    const pkg = _cccRequire("../package.json");
+    if (typeof pkg.version === "string" && pkg.version.length > 0) {
+      return pkg.version;
+    }
   } catch {
-    return false;
   }
+  return "0.0.0-unknown";
 }
-function writeCodexOtelConfig({
-  configPath = CODEX_CONFIG_PATH,
-  log = console.log
-} = {}) {
-  if (!existsSync(configPath)) {
-    mkdirSync(dirname(configPath), { recursive: true });
-    writeFileSync(configPath, renderCodexCccBlock() + "\n");
-    log(
-      `Created ${configPath} and wired Codex to the local collector for you.`
-    );
-    return { action: "created", backupPath: null };
-  }
-  const content = readFileSync(configPath, "utf8");
-  if (content.includes(CODEX_CCC_BEGIN_MARKER)) {
-    log(`Codex is already wired up in ${configPath} - nothing to do.`);
-    return { action: "skipped-existing", backupPath: null };
-  }
-  if (codexConfigHasOtelTable(content)) {
-    log(
-      `Left your existing [otel] settings in ${configPath} untouched - add the MarginFront block by hand if you want Codex captured too.`
-    );
-    return { action: "skipped-existing", backupPath: null };
+var CCC_PACKAGE_VERSION = resolveCccPackageVersion();
+var DEFAULT_INGEST_URL = "https://api.marginfront.com/v1/sdk/usage/record";
+function resolveIngestUrl(override = process.env.MARGINFRONT_INGEST_URL) {
+  if (!override) return DEFAULT_INGEST_URL;
+  try {
+    const url = new URL(override);
+    const host = url.hostname;
+    const onMarginFront = host === "marginfront.com" || host.endsWith(".marginfront.com");
+    if (url.protocol === "https:" && onMarginFront) return override;
+  } catch {
   }
-  const backupPath = `${configPath}.ccc-bak`;
-  copyFileSync(configPath, backupPath);
-  const separator = content.length > 0 ? "\n" : "";
-  writeFileSync(configPath, content + separator + renderCodexCccBlock() + "\n");
-  log(
-    `Added the MarginFront telemetry block to ${configPath} (backup at ${backupPath}).`
+  console.error(
+    "Ignoring MARGINFRONT_INGEST_URL - only an https://*.marginfront.com URL is allowed; sending to production instead."
   );
-  return { action: "appended", backupPath };
+  return DEFAULT_INGEST_URL;
 }
-function removeCodexOtelConfig({
-  configPath = CODEX_CONFIG_PATH,
-  log = console.log
-} = {}) {
-  if (!existsSync(configPath)) {
-    log(
-      `Nothing to undo: ${configPath} doesn't exist (Codex was never wired up here).`
-    );
-    return { action: "missing", backupPath: null };
-  }
-  const content = readFileSync(configPath, "utf8");
-  const beginIdx = content.indexOf(CODEX_CCC_BEGIN_MARKER);
-  const endIdx = content.indexOf(CODEX_CCC_END_MARKER);
-  if (beginIdx === -1 || endIdx === -1 || endIdx < beginIdx) {
-    log(
-      `Nothing to undo: ${configPath} has no MarginFront block (left every other setting untouched).`
-    );
-    return { action: "no-marker", backupPath: null };
-  }
-  let cutStart = beginIdx;
-  let cutEnd = endIdx + CODEX_CCC_END_MARKER.length;
-  if (content[cutEnd] === "\n") cutEnd += 1;
-  if (content[cutStart - 1] === "\n") {
-    cutStart -= 1;
-  }
-  const backupPath = existsSync(`${configPath}.ccc-bak`) ? `${configPath}.ccc-bak` : null;
-  writeFileSync(configPath, content.slice(0, cutStart) + content.slice(cutEnd));
-  log(
-    `Removed the MarginFront block from ${configPath}` + (backupPath ? ` (your original is preserved at ${backupPath}).` : ".")
-  );
-  return { action: "removed", backupPath };
+var MARGINFRONT_INGEST_URL = resolveIngestUrl();
+function resolveDeveloperOverride(env) {
+  return (env.CCC_DEVELOPER_EMAIL || "").trim() || void 0;
 }
-function resolveCollectorAsset(nodePlatform = platform(), nodeArch = arch(), version = OTELCOL_VERSION) {
-  const osMap = { darwin: "darwin", linux: "linux" };
-  const archMap = { arm64: "arm64", x64: "amd64" };
-  const os = osMap[nodePlatform];
-  const cpu = archMap[nodeArch];
-  if (!os) {
-    throw new Error(
-      `Unsupported operating system "${nodePlatform}". The bundled collector supports macOS (darwin) and Linux. On Windows, run this under WSL.`
-    );
-  }
-  if (!cpu) {
-    throw new Error(
-      `Unsupported CPU architecture "${nodeArch}". The bundled collector supports arm64 and x64 (amd64).`
-    );
+var AGENT_CODE = "claude-code";
+var SIGNAL_NAME = "claude-code-turn";
+var MODEL_PROVIDER = "anthropic";
+var AGENT_CODE_CODEX = "codex";
+var SIGNAL_NAME_CODEX = "codex-turn";
+var MODEL_PROVIDER_CODEX = "openai";
+var CODEX_USAGE_EVENT_NAME = "codex.sse_event";
+var CODEX_INPUT_TOKEN_KEY = "input_token_count";
+var CODEX_OUTPUT_TOKEN_KEY = "output_token_count";
+var CODEX_CACHED_TOKEN_KEY = "cached_token_count";
+var CODEX_REASONING_TOKEN_KEY = "reasoning_token_count";
+var CODEX_TOOL_TOKEN_KEY = "tool_token_count";
+var CODEX_TOKEN_KEYS = [
+  CODEX_INPUT_TOKEN_KEY,
+  CODEX_OUTPUT_TOKEN_KEY,
+  CODEX_CACHED_TOKEN_KEY,
+  CODEX_REASONING_TOKEN_KEY
+];
+var CODEX_EXCLUDED_MODELS = /* @__PURE__ */ new Set(["codex-auto-review"]);
+var SIGNAL_NAME_TOOL = "claude-code-tool";
+var SIGNAL_NAME_TOOL_CODEX = "codex-tool";
+var CLAUDE_TOOL_RESULT_EVENT = "claude_code.tool_result";
+var CODEX_TOOL_RESULT_EVENT = "codex.tool_result";
+var TOOL_NAME_KEYS = ["tool_name", "tool.name"];
+var MODEL_PROVIDER_TOOL = "tool";
+var BUILTIN_NONBILLABLE_TOOLS = /* @__PURE__ */ new Set([
+  // Claude Code built-ins
+  "Read",
+  "Edit",
+  "Write",
+  "MultiEdit",
+  "NotebookEdit",
+  "NotebookRead",
+  "Bash",
+  "BashOutput",
+  "KillShell",
+  "KillBash",
+  "Grep",
+  "Glob",
+  "LS",
+  "TodoWrite",
+  "ExitPlanMode",
+  "Task",
+  "Agent",
+  // alternate name for Task - hedge against the rename
+  "SlashCommand",
+  "ToolSearch",
+  // Codex built-ins (free + high-volume)
+  "exec_command",
+  "apply_patch"
+]);
+var ENVIRONMENT = "development";
+var WATCH_POLL_MS = 1e3;
+var NO_IDENTITY_CUSTOMER = "claude-code-no-identity";
+var CODEX_NO_IDENTITY_CUSTOMER = "codex-no-identity";
+function attributesToLookup(attributeList) {
+  const lookup = {};
+  if (!Array.isArray(attributeList)) return lookup;
+  for (const attribute of attributeList) {
+    if (attribute && typeof attribute.key === "string" && attribute.value) {
+      lookup[attribute.key] = attribute.value.stringValue;
+    }
   }
-  const versionNoV = version.replace(/^v/, "");
-  const asset = `otelcol-contrib_${versionNoV}_${os}_${cpu}.tar.gz`;
-  const url = `https://github.com/open-telemetry/opentelemetry-collector-releases/releases/download/${version}/${asset}`;
-  return { os, cpu, asset, url, version };
+  return lookup;
 }
-function ensureCollectorBinary({
-  force = false,
-  log = console.log
-} = {}) {
-  if (existsSync(COLLECTOR_BIN_PATH) && !force) {
-    log(
-      `Collector already present at ${COLLECTOR_BIN_PATH} - skipping download.`
-    );
-    return COLLECTOR_BIN_PATH;
-  }
-  const { asset, url, version } = resolveCollectorAsset();
-  const tgzPath = join(tmpdir(), asset);
-  log(
-    `Downloading the collector (${asset}, ~360 MB) - this can take a minute\u2026`
-  );
-  try {
-    execFileSync("curl", ["-fSL", "-o", tgzPath, url], { stdio: "inherit" });
-  } catch {
-    throw new Error(
-      `Could not download the collector from ${url}
-What happened: the download failed (network issue, or version ${version} has no asset for your platform).
-Fix: check your internet connection, or pin a different version with CCC_OTELCOL_VERSION=v0.155.0 (see the OpenTelemetry collector releases page).`
-    );
-  }
-  const expectedSha256 = COLLECTOR_CHECKSUMS[asset];
-  if (!expectedSha256) {
-    throw new Error(
-      `Refusing to run an unverified collector.
-What happened: there is no pinned, known-good fingerprint on file for "${asset}" (version ${version}).
-Why: this tool refuses to make ANY downloaded program executable unless we can first confirm it's exactly the release we trust.
-Fix: install the built-in pinned version (unset CCC_OTELCOL_VERSION), or add this release's official signed SHA-256 to the package's pinned checksums before installing it. The download is left at ${tgzPath} so you can verify it yourself.`
-    );
+function dataPointTokenCount(dataPoint) {
+  if (dataPoint == null) return 0;
+  if (dataPoint.asInt !== void 0 && dataPoint.asInt !== null) {
+    const parsed = parseInt(String(dataPoint.asInt), 10);
+    return Number.isFinite(parsed) ? parsed : 0;
   }
-  log("Verifying the downloaded collector's fingerprint\u2026");
-  if (!verifyTarballChecksum(tgzPath, expectedSha256)) {
-    try {
-      rmSync(tgzPath, { force: true });
-    } catch {
-    }
-    throw new Error(
-      `Collector integrity check FAILED - refusing to install.
-What happened: the collector we downloaded for "${asset}" does NOT match its known-good fingerprint, so we deleted it and stopped.
-Why this probably happened: the file was altered between GitHub and your machine - most often a corporate TLS-inspecting proxy rewriting the download, a corrupted transfer, or (worst case) a tampered release.
-Fix: re-run the install on a network without a man-in-the-middle proxy. If it keeps failing on a clean network, do NOT bypass this - report it, because a persistent mismatch can mean the download is being tampered with.`
-    );
+  if (dataPoint.asDouble !== void 0 && dataPoint.asDouble !== null) {
+    const parsed = Math.round(Number(dataPoint.asDouble));
+    return Number.isFinite(parsed) ? parsed : 0;
   }
-  log("Fingerprint verified - the collector is exactly the trusted release.");
-  log(`Unpacking the collector into ${CONFIG_DIR}\u2026`);
-  try {
-    execFileSync("tar", ["xzf", tgzPath, "-C", CONFIG_DIR, "otelcol-contrib"], {
-      stdio: "inherit"
-    });
-  } catch {
-    throw new Error(
-      `Could not unpack ${tgzPath}.
-What happened: the downloaded archive didn't contain the expected otelcol-contrib binary, or tar isn't available.
-Fix: delete the file above and re-run \`npx @marginfront/code-cost-clarity init\`.`
-    );
-  } finally {
-    try {
-      rmSync(tgzPath, { force: true });
-    } catch {
+  return 0;
+}
+function collectDataPointsForMetric(parsedOtlp, metricName) {
+  const collectedDataPoints = [];
+  const resourceMetricsList = parsedOtlp?.resourceMetrics;
+  if (!Array.isArray(resourceMetricsList)) return collectedDataPoints;
+  for (const resourceMetric of resourceMetricsList) {
+    const scopeMetricsList = resourceMetric?.scopeMetrics;
+    if (!Array.isArray(scopeMetricsList)) continue;
+    for (const scopeMetric of scopeMetricsList) {
+      const metricsList = scopeMetric?.metrics;
+      if (!Array.isArray(metricsList)) continue;
+      for (const metric of metricsList) {
+        if (metric?.name !== metricName) continue;
+        const dataPointsList = metric?.sum?.dataPoints;
+        if (!Array.isArray(dataPointsList)) continue;
+        for (const dataPoint of dataPointsList) {
+          collectedDataPoints.push(dataPoint);
+        }
+      }
     }
   }
-  try {
-    execFileSync("chmod", ["755", COLLECTOR_BIN_PATH]);
-  } catch {
-  }
-  log(`Collector installed at ${COLLECTOR_BIN_PATH}.`);
-  return COLLECTOR_BIN_PATH;
+  return collectedDataPoints;
 }
-function ensureConfigFiles({
-  log = console.log
-} = {}) {
-  if (!existsSync(CONFIG_DIR)) {
-    mkdirSync(CONFIG_DIR, { recursive: true });
-    log(`Created ${CONFIG_DIR}.`);
-  }
-  if (existsSync(ENV_PATH)) {
-    log(`Kept your existing settings file at ${ENV_PATH} (API key preserved).`);
-  } else {
-    writeFileSync(ENV_PATH, renderEnvFile(), { mode: 384 });
-    log(`Wrote settings template to ${ENV_PATH} - add your API key there.`);
-  }
-  writeFileSync(COLLECTOR_CONFIG_PATH, renderCollectorYaml());
-  log(`Wrote collector config to ${COLLECTOR_CONFIG_PATH}.`);
+function normalizeModelId(rawModelId) {
+  if (typeof rawModelId !== "string") return rawModelId;
+  const withoutContextSuffix = rawModelId.replace(/\[.*\]$/, "");
+  const dottedVersion = withoutContextSuffix.replace(
+    /^(claude-[a-z]+-\d+)-(\d+)$/,
+    "$1.$2"
+  );
+  return dottedVersion;
 }
-function loadEnvFile(path = ENV_PATH) {
-  if (!existsSync(path)) return {};
-  const loaded = {};
-  let text;
-  try {
-    text = readFileSync(path, "utf8");
-  } catch {
-    return {};
+function idempotencyKeyFor(rawSourceLine, email, rawModel, sessionId, indexWithinLine) {
+  return createHash("sha256").update(
+    `${rawSourceLine}|${email}|${rawModel}|${sessionId ?? ""}|${indexWithinLine}`
+  ).digest("hex");
+}
+function buildMarginFrontRequestBody(parsedOtlp, options = {}) {
+  const foldCache = options.foldCache === true;
+  const fallbackCustomerId = typeof options.fallbackCustomerId === "string" && options.fallbackCustomerId.length > 0 ? options.fallbackCustomerId : null;
+  const developerOverride = options.developerOverride;
+  const tokenDataPoints = collectDataPointsForMetric(
+    parsedOtlp,
+    "claude_code.token.usage"
+  );
+  const costDataPoints = collectDataPointsForMetric(
+    parsedOtlp,
+    "claude_code.cost.usage"
+  );
+  const groupsByKey = /* @__PURE__ */ new Map();
+  function makeGroupKey(email, model, sessionId) {
+    return `${email}
+${model}
+${sessionId}`;
   }
-  for (const rawLine of text.split("\n")) {
-    const line = rawLine.trim();
-    if (!line || line.startsWith("#")) continue;
-    const eq = line.indexOf("=");
-    if (eq === -1) continue;
-    const key = line.slice(0, eq).trim();
-    let value = line.slice(eq + 1).trim();
-    if (value.length >= 2 && (value.startsWith('"') && value.endsWith('"') || value.startsWith("'") && value.endsWith("'"))) {
-      value = value.slice(1, -1);
+  for (const dataPoint of tokenDataPoints) {
+    const attributes = attributesToLookup(dataPoint.attributes);
+    const email = developerOverride || attributes["user.email"] || fallbackCustomerId;
+    const rawModel = attributes["model"];
+    const sessionId = attributes["session.id"];
+    const tokenType = attributes["type"];
+    const tokenCount = dataPointTokenCount(dataPoint);
+    if (!email || !rawModel || !sessionId) continue;
+    const groupKey = makeGroupKey(email, rawModel, sessionId);
+    let group = groupsByKey.get(groupKey);
+    if (!group) {
+      group = {
+        email,
+        rawModel,
+        sessionId,
+        inputTokens: 0,
+        outputTokens: 0,
+        cacheReadTokens: 0,
+        cacheCreationTokens: 0
+      };
+      groupsByKey.set(groupKey, group);
     }
-    if (!key) continue;
-    loaded[key] = value;
-    if (process.env[key] === void 0) {
-      process.env[key] = value;
+    if (tokenType === "input") {
+      group.inputTokens += tokenCount;
+    } else if (tokenType === "output") {
+      group.outputTokens += tokenCount;
+    } else if (tokenType === "cacheRead") {
+      group.cacheReadTokens += tokenCount;
+    } else if (tokenType === "cacheCreation") {
+      group.cacheCreationTokens += tokenCount;
     }
   }
-  return loaded;
-}
-function writeApiKeyToEnv(value, path = ENV_PATH) {
-  const current = existsSync(path) ? readFileSync(path, "utf8") : renderEnvFile();
-  const keyLine = /^MARGINFRONT_API_KEY=.*$/m;
-  let next;
-  if (keyLine.test(current)) {
-    next = current.replace(keyLine, () => `MARGINFRONT_API_KEY=${value}`);
-  } else {
-    const sep = current.endsWith("\n") || current === "" ? "" : "\n";
-    next = `${current}${sep}MARGINFRONT_API_KEY=${value}
-`;
+  function findCostForGroup(email, rawModel, sessionId) {
+    for (const costPoint of costDataPoints) {
+      const costAttributes = attributesToLookup(costPoint.attributes);
+      const costEmail = developerOverride || costAttributes["user.email"] || fallbackCustomerId;
+      if (costEmail === email && costAttributes["model"] === rawModel && costAttributes["session.id"] === sessionId) {
+        return typeof costPoint.asDouble === "number" ? costPoint.asDouble : null;
+      }
+    }
+    return null;
   }
-  writeFileSync(path, next, { mode: 384 });
-  chmodSync(path, 384);
-}
-function gitGlobalUserEmail() {
-  try {
-    const out = execFileSync("git", ["config", "--global", "user.email"], {
-      encoding: "utf8",
-      // Swallow git's own stderr so a "key not set" message can't leak to the user.
-      stdio: ["ignore", "pipe", "ignore"]
-    });
-    return out.trim();
-  } catch {
-    return "";
+  const records = [];
+  for (const group of groupsByKey.values()) {
+    const cacheReadTokens = group.cacheReadTokens;
+    const cacheCreationTokens = group.cacheCreationTokens;
+    const cacheTokens = cacheReadTokens + cacheCreationTokens;
+    const billedInputTokens = foldCache ? group.inputTokens + cacheTokens : group.inputTokens;
+    if (group.inputTokens === 0 && group.outputTokens === 0 && cacheTokens === 0)
+      continue;
+    const claudeCodeCostUsd = findCostForGroup(
+      group.email,
+      group.rawModel,
+      group.sessionId
+    );
+    const record = {
+      // Per-developer attribution: the developer's email IS the customer id (or the
+      // no-identity placeholder).
+      customerExternalId: group.email,
+      agentCode: AGENT_CODE,
+      signalName: SIGNAL_NAME,
+      model: normalizeModelId(group.rawModel),
+      modelProvider: MODEL_PROVIDER,
+      inputTokens: billedInputTokens,
+      outputTokens: group.outputTokens,
+      environment: ENVIRONMENT,
+      // usageDate omitted so MarginFront defaults it to "now."
+      metadata: {
+        sessionId: group.sessionId,
+        rawModel: group.rawModel,
+        // Raw cache numbers ALWAYS recorded (audit), whether typed or folded.
+        cacheReadTokens,
+        cacheCreationTokens,
+        // Whether inputTokens includes cache (fold) or not (default).
+        cacheFoldedIntoInput: foldCache,
+        // Claude Code's own cache-accurate cost - reconciliation ground truth,
+        // not the billed figure.
+        claudeCodeCostUsd
+      }
+    };
+    if (!foldCache) {
+      record.cacheReadTokens = cacheReadTokens;
+      record.cacheWriteTokens = cacheCreationTokens;
+    }
+    if (options.rawSourceLine !== void 0) {
+      record.idempotencyKey = idempotencyKeyFor(
+        options.rawSourceLine,
+        group.email,
+        group.rawModel,
+        group.sessionId,
+        records.length
+      );
+    }
+    records.push(record);
   }
+  return { records };
 }
-function writeDeveloperEmailToEnv(value, path = ENV_PATH) {
-  const current = existsSync(path) ? readFileSync(path, "utf8") : renderEnvFile();
-  const developerLine = /^CCC_DEVELOPER_EMAIL=.*$/m;
-  let next;
-  if (developerLine.test(current)) {
-    next = current.replace(developerLine, () => `CCC_DEVELOPER_EMAIL=${value}`);
-  } else {
-    const sep = current.endsWith("\n") || current === "" ? "" : "\n";
-    next = `${current}${sep}CCC_DEVELOPER_EMAIL=${value}
-`;
+function logAttributesToLookup(attributeList) {
+  const lookup = {};
+  if (!Array.isArray(attributeList)) return lookup;
+  for (const attribute of attributeList) {
+    if (attribute && typeof attribute.key === "string" && attribute.value) {
+      lookup[attribute.key] = attribute.value;
+    }
   }
-  writeFileSync(path, next, { mode: 384 });
-  chmodSync(path, 384);
-}
-var CLAUDE_SETTINGS_PATH = join(homedir(), ".claude", "settings.json");
-var CLAUDE_SETTINGS_OWNERSHIP_PATH = join(
-  CONFIG_DIR,
-  "claude-settings-owned.json"
-);
-var CCC_OWNED_TELEMETRY_KEYS = [
-  "CLAUDE_CODE_ENABLE_TELEMETRY",
-  "OTEL_METRICS_EXPORTER",
-  "OTEL_LOGS_EXPORTER",
-  "OTEL_EXPORTER_OTLP_PROTOCOL",
-  "OTEL_EXPORTER_OTLP_ENDPOINT",
-  "OTEL_METRIC_EXPORT_INTERVAL"
-];
-var CCC_TELEMETRY_VALUES = {
-  // Turns on Claude Code's usage broadcasting.
-  CLAUDE_CODE_ENABLE_TELEMETRY: "1",
-  // Send token usage as OpenTelemetry metrics.
-  OTEL_METRICS_EXPORTER: "otlp",
-  // Send the per-tool-call EVENT stream too (needed for tool-call line items).
-  OTEL_LOGS_EXPORTER: "otlp",
-  // HTTP/protobuf - verified working; gRPC on 4317 silently failed in testing.
-  OTEL_EXPORTER_OTLP_PROTOCOL: "http/protobuf",
-  // Point Claude Code at the local collector (must match the collector YAML).
-  OTEL_EXPORTER_OTLP_ENDPOINT: "http://127.0.0.1:4318",
-  // Flush usage every 5 minutes (batched ~one event per turn).
-  OTEL_METRIC_EXPORT_INTERVAL: "300000"
-};
-function isPlainObject(value) {
-  return typeof value === "object" && value !== null && !Array.isArray(value);
+  return lookup;
 }
-function backupClaudeSettings(settingsPath) {
-  const backupPath = `${settingsPath}.ccc-bak`;
-  copyFileSync(settingsPath, backupPath);
-  return backupPath;
+function logAttrString(value) {
+  if (value && typeof value.stringValue === "string") return value.stringValue;
+  return void 0;
 }
-function readClaudeSettingsOwnership(ownershipPath) {
-  if (!existsSync(ownershipPath)) return null;
-  try {
-    const parsed = JSON.parse(readFileSync(ownershipPath, "utf8"));
-    if (!isPlainObject(parsed) || !isPlainObject(parsed.ownedKeys)) {
-      return null;
-    }
-    const out = {};
-    for (const [key, value] of Object.entries(parsed.ownedKeys)) {
-      out[key] = String(value);
-    }
-    return out;
-  } catch {
-    return null;
+function logAttrTokenCount(value) {
+  if (value == null) return 0;
+  if (value.intValue !== void 0 && value.intValue !== null) {
+    const parsed = parseInt(String(value.intValue), 10);
+    return Number.isFinite(parsed) ? parsed : 0;
+  }
+  if (value.doubleValue !== void 0 && value.doubleValue !== null) {
+    const parsed = Math.round(Number(value.doubleValue));
+    return Number.isFinite(parsed) ? parsed : 0;
+  }
+  if (typeof value.stringValue === "string") {
+    const parsed = parseInt(value.stringValue, 10);
+    return Number.isFinite(parsed) ? parsed : 0;
   }
+  return 0;
 }
-function writeClaudeSettingsOwnership(ownershipPath, ownedKeys) {
-  mkdirSync(dirname(ownershipPath), { recursive: true });
-  const payload = {
-    _comment: "MarginFront code-cost-clarity wrote these telemetry keys into your Claude Code settings.json. Uninstall removes ONLY the keys below, and only if their value still matches. Safe to delete by hand if you've already cleaned up settings.json yourself.",
-    ownedKeys
-  };
-  writeFileSync(ownershipPath, JSON.stringify(payload, null, 2) + "\n");
+function isCodexUsageRecord(lookup, eventName) {
+  if (eventName === CODEX_USAGE_EVENT_NAME) return true;
+  return CODEX_TOKEN_KEYS.some((key) => lookup[key] !== void 0);
 }
-function writeClaudeTelemetrySettings(vars, {
-  settingsPath = CLAUDE_SETTINGS_PATH,
-  ownershipPath = CLAUDE_SETTINGS_OWNERSHIP_PATH,
-  log = console.log
-} = {}) {
-  let settings = {};
-  const fileExists = existsSync(settingsPath);
-  if (fileExists) {
-    let parsed;
-    try {
-      parsed = JSON.parse(readFileSync(settingsPath, "utf8"));
-    } catch {
-      const backupPath2 = backupClaudeSettings(settingsPath);
-      throw new Error(
-        `Could not update ${settingsPath}.
-What happened: your Claude Code settings file isn't valid JSON, so we stopped instead of risking your settings.
-What we did: saved an untouched copy at ${backupPath2}.
-Fix: open the file and repair the JSON (a common cause is a trailing comma or a missing quote), then run init again. We will not modify a file we can't read.`
-      );
-    }
-    if (!isPlainObject(parsed)) {
-      const backupPath2 = backupClaudeSettings(settingsPath);
-      throw new Error(
-        `Could not update ${settingsPath}.
-What happened: the top level of your Claude Code settings file isn't a JSON object (it looks like an array or a single value), so there's nowhere safe to add the telemetry settings.
-What we did: saved an untouched copy at ${backupPath2}.
-Fix: make the file a normal JSON object like { "env": { ... } }, then run init again.`
-      );
+function buildCodexRequestBody(parsedOtlp, options = {}) {
+  const foldCache = options.foldCache === true;
+  const fallbackCustomerId = typeof options.fallbackCustomerId === "string" && options.fallbackCustomerId.length > 0 ? options.fallbackCustomerId : CODEX_NO_IDENTITY_CUSTOMER;
+  const developerOverride = options.developerOverride;
+  const records = [];
+  const resourceLogsList = parsedOtlp?.resourceLogs;
+  if (!Array.isArray(resourceLogsList)) return { records };
+  for (const resourceLog of resourceLogsList) {
+    const scopeLogsList = resourceLog?.scopeLogs;
+    if (!Array.isArray(scopeLogsList)) continue;
+    for (const scopeLog of scopeLogsList) {
+      const logRecordsList = scopeLog?.logRecords;
+      if (!Array.isArray(logRecordsList)) continue;
+      for (const logRecord of logRecordsList) {
+        const lookup = logAttributesToLookup(logRecord?.attributes);
+        const eventName = logAttrString(lookup["event.name"]) ?? logAttrString(logRecord?.body);
+        if (toolResultSource(eventName) !== null) continue;
+        if (!isCodexUsageRecord(lookup, eventName)) continue;
+        const rawModel = logAttrString(lookup["model"]);
+        if (!rawModel) continue;
+        if (CODEX_EXCLUDED_MODELS.has(rawModel.trim().toLowerCase())) continue;
+        const email = developerOverride || logAttrString(lookup["user.email"]) || fallbackCustomerId;
+        if (!email) continue;
+        const sessionId = logAttrString(lookup["session.id"]) ?? logAttrString(lookup["conversation.id"]) ?? logAttrString(lookup["session_id"]) ?? null;
+        const inputCount = logAttrTokenCount(lookup[CODEX_INPUT_TOKEN_KEY]);
+        const outputCount = logAttrTokenCount(lookup[CODEX_OUTPUT_TOKEN_KEY]);
+        const cachedCount = logAttrTokenCount(lookup[CODEX_CACHED_TOKEN_KEY]);
+        const reasoningCount = logAttrTokenCount(
+          lookup[CODEX_REASONING_TOKEN_KEY]
+        );
+        const toolCount = logAttrTokenCount(lookup[CODEX_TOOL_TOKEN_KEY]);
+        if (inputCount === 0 && outputCount === 0 && cachedCount === 0)
+          continue;
+        const freshInputTokens = Math.max(0, inputCount - cachedCount);
+        const billedInputTokens = foldCache ? inputCount : freshInputTokens;
+        const record = {
+          customerExternalId: email,
+          agentCode: AGENT_CODE_CODEX,
+          signalName: SIGNAL_NAME_CODEX,
+          model: normalizeModelId(rawModel),
+          modelProvider: MODEL_PROVIDER_CODEX,
+          inputTokens: billedInputTokens,
+          // Reasoning is ALREADY inside this number - do NOT add it again.
+          outputTokens: outputCount,
+          environment: ENVIRONMENT,
+          // usageDate omitted so MarginFront defaults it to "now."
+          metadata: {
+            source: "codex",
+            sessionId,
+            rawModel,
+            // Audit-only - nested inside input/output already, never added to the
+            // billed tokens; recorded to prove we didn't drop anything.
+            cachedTokens: cachedCount,
+            reasoningTokens: reasoningCount,
+            toolTokens: toolCount,
+            cacheFoldedIntoInput: foldCache
+          }
+        };
+        if (!foldCache) {
+          record.cacheReadTokens = cachedCount;
+        }
+        if (options.rawSourceLine !== void 0) {
+          record.idempotencyKey = idempotencyKeyFor(
+            options.rawSourceLine,
+            email,
+            rawModel,
+            sessionId,
+            records.length
+          );
+        }
+        records.push(record);
+      }
     }
-    settings = parsed;
   }
-  if ("env" in settings && !isPlainObject(settings.env)) {
-    const backupPath2 = backupClaudeSettings(settingsPath);
-    throw new Error(
-      `Could not update ${settingsPath}.
-What happened: your settings file has an "env" entry that isn't a block of key/value settings (it's null, a list, or a single value), so we stopped instead of overwriting it.
-What we did: saved an untouched copy at ${backupPath2}.
-Fix: change "env" to a normal object like { "KEY": "value" } (or remove it), then run init again.`
-    );
+  return { records };
+}
+function toolResultSource(eventName) {
+  if (!eventName) return null;
+  if (eventName === CODEX_TOOL_RESULT_EVENT) return "codex";
+  if (eventName === CLAUDE_TOOL_RESULT_EVENT || eventName === "tool_result") {
+    return "claude-code";
   }
-  const hadEnv = isPlainObject(settings.env);
-  const env = hadEnv ? settings.env : {};
-  const priorOwned = readClaudeSettingsOwnership(ownershipPath) ?? {};
-  const ownedKeys = {};
-  const written = [];
-  const skipped = [];
-  let mutated = false;
-  for (const key of CCC_OWNED_TELEMETRY_KEYS) {
-    if (!(key in vars)) continue;
-    const canonical = String(vars[key]);
-    const current = env[key];
-    if (current === void 0) {
-      env[key] = canonical;
-      ownedKeys[key] = canonical;
-      written.push(key);
-      mutated = true;
-    } else if (current === canonical) {
-      if (priorOwned[key] === canonical) {
-        ownedKeys[key] = canonical;
-        written.push(key);
-      } else {
-        skipped.push(key);
+  return null;
+}
+function buildToolUsageRecords(parsedOtlp, options = {}) {
+  const fallbackCustomerId = typeof options.fallbackCustomerId === "string" && options.fallbackCustomerId.length > 0 ? options.fallbackCustomerId : CODEX_NO_IDENTITY_CUSTOMER;
+  const developerOverride = options.developerOverride;
+  const records = [];
+  const resourceLogsList = parsedOtlp?.resourceLogs;
+  if (!Array.isArray(resourceLogsList)) return { records };
+  const groups = /* @__PURE__ */ new Map();
+  for (const resourceLog of resourceLogsList) {
+    const scopeLogsList = resourceLog?.scopeLogs;
+    if (!Array.isArray(scopeLogsList)) continue;
+    for (const scopeLog of scopeLogsList) {
+      const logRecordsList = scopeLog?.logRecords;
+      if (!Array.isArray(logRecordsList)) continue;
+      for (const logRecord of logRecordsList) {
+        const lookup = logAttributesToLookup(logRecord?.attributes);
+        const eventName = logAttrString(lookup["event.name"]) ?? logAttrString(logRecord?.body);
+        const source = toolResultSource(eventName);
+        if (!source) continue;
+        let toolName;
+        for (const key of TOOL_NAME_KEYS) {
+          const candidate = logAttrString(lookup[key]);
+          if (candidate) {
+            toolName = candidate;
+            break;
+          }
+        }
+        if (!toolName) continue;
+        if (BUILTIN_NONBILLABLE_TOOLS.has(toolName)) continue;
+        const email = developerOverride || logAttrString(lookup["user.email"]) || fallbackCustomerId;
+        if (!email) continue;
+        const sessionId = logAttrString(lookup["session.id"]) ?? logAttrString(lookup["conversation.id"]) ?? logAttrString(lookup["session_id"]) ?? null;
+        const groupKey = `${email}
+${sessionId ?? ""}
+${source}
+${toolName}`;
+        let group = groups.get(groupKey);
+        if (!group) {
+          group = {
+            email,
+            sessionId,
+            telemetrySource: source,
+            toolName,
+            count: 0
+          };
+          groups.set(groupKey, group);
+        }
+        group.count += 1;
       }
-    } else {
-      skipped.push(key);
     }
   }
-  let backupPath = null;
-  if (mutated) {
-    if (!hadEnv) settings.env = env;
-    if (fileExists) backupPath = backupClaudeSettings(settingsPath);
-    mkdirSync(dirname(settingsPath), { recursive: true });
-    writeFileSync(settingsPath, JSON.stringify(settings, null, 2) + "\n");
-    log(
-      `Wrote ${written.length} telemetry setting(s) into ${settingsPath}` + (backupPath ? ` (backup at ${backupPath}).` : ".")
-    );
-  } else {
-    log(`No changes needed in ${settingsPath} - telemetry already in place.`);
+  for (const group of groups.values()) {
+    if (group.count === 0) continue;
+    const isCodex = group.telemetrySource === "codex";
+    const record = {
+      customerExternalId: group.email,
+      agentCode: isCodex ? AGENT_CODE_CODEX : AGENT_CODE,
+      signalName: isCodex ? SIGNAL_NAME_TOOL_CODEX : SIGNAL_NAME_TOOL,
+      // Raw tool NAME as the service id, verbatim - NOT through normalizeModelId
+      // (that's Claude-LLM-name-specific). Catalog matches (model=tool name,
+      // modelProvider="tool").
+      model: group.toolName,
+      modelProvider: MODEL_PROVIDER_TOOL,
+      // Billing volume = times this tool fired this flush; no token fields (not an
+      // LLM turn). Server prices quantity x unitPrice.
+      quantity: group.count,
+      environment: ENVIRONMENT,
+      metadata: {
+        source: "tool",
+        sessionId: group.sessionId,
+        toolName: group.toolName,
+        telemetrySource: group.telemetrySource,
+        estimated: true
+      }
+    };
+    if (options.rawSourceLine !== void 0) {
+      record.idempotencyKey = idempotencyKeyFor(
+        options.rawSourceLine,
+        group.email,
+        `tool:${group.toolName}`,
+        group.sessionId,
+        records.length
+      );
+    }
+    records.push(record);
   }
-  writeClaudeSettingsOwnership(ownershipPath, ownedKeys);
-  if (skipped.length) {
-    log(
-      `Left ${skipped.length} setting(s) you already had in place untouched: ` + skipped.join(", ")
-    );
+  return { records };
+}
+function buildRequestBodyForLine(parsedOtlp, options = {}) {
+  if (parsedOtlp && Array.isArray(parsedOtlp.resourceLogs)) {
+    const codexOptions = options.fallbackCustomerId === NO_IDENTITY_CUSTOMER ? { ...options, fallbackCustomerId: CODEX_NO_IDENTITY_CUSTOMER } : options;
+    const tokenBody = buildCodexRequestBody(parsedOtlp, codexOptions);
+    const toolBody = buildToolUsageRecords(parsedOtlp, codexOptions);
+    return { records: [...tokenBody.records, ...toolBody.records] };
   }
-  return { written, skipped, backupPath };
+  return buildMarginFrontRequestBody(parsedOtlp, options);
 }
-function removeClaudeTelemetrySettings({
-  settingsPath = CLAUDE_SETTINGS_PATH,
-  ownershipPath = CLAUDE_SETTINGS_OWNERSHIP_PATH,
-  log = console.log
-} = {}) {
-  const removed = [];
-  const kept = [];
-  const owned = readClaudeSettingsOwnership(ownershipPath);
-  if (owned === null) {
-    log(
-      `Nothing to undo: no MarginFront ownership record found at ${ownershipPath} (either it was never written, or it's already been removed).`
+function readAndParseOtlpFile(inputFilePath) {
+  if (!existsSync(inputFilePath)) {
+    console.error(
+      `Could not read/parse ${inputFilePath}: file does not exist. Check the path and try again.`
     );
-    return { removed, kept, backupPath: null };
+    process.exit(1);
   }
-  if (!existsSync(settingsPath)) {
-    log(
-      `Nothing to undo: ${settingsPath} doesn't exist. Removing the stale ownership record.`
+  let fileText;
+  try {
+    fileText = readFileSync(inputFilePath, "utf8");
+  } catch (readError) {
+    console.error(
+      `Could not read/parse ${inputFilePath}: ${readError.message}`
     );
-    rmSync(ownershipPath, { force: true });
-    return { removed, kept, backupPath: null };
+    process.exit(1);
   }
-  let parsed;
   try {
-    parsed = JSON.parse(readFileSync(settingsPath, "utf8"));
+    return JSON.parse(fileText);
   } catch {
-    log(
-      `Could not undo cleanly: ${settingsPath} isn't valid JSON right now, so we left it untouched. Fix the JSON and re-run uninstall, or remove the telemetry keys by hand.`
+    console.error(
+      `Could not read/parse ${inputFilePath}: the file is not valid JSON. Make sure it is an OTLP/JSON export line (Claude Code metrics or Codex logs), not raw text.`
     );
-    return { removed, kept, backupPath: null };
+    process.exit(1);
   }
-  if (!isPlainObject(parsed)) {
-    log(
-      `Could not undo cleanly: ${settingsPath} isn't a JSON object, so we left it untouched.`
-    );
-    return { removed, kept, backupPath: null };
+}
+async function postToMarginFront(requestBody) {
+  const apiKey = process.env.MARGINFRONT_API_KEY;
+  if (!apiKey) {
+    return { ok: false, reason: "no-key" };
   }
-  const settings = parsed;
-  const env = isPlainObject(settings.env) ? settings.env : null;
-  let mutated = false;
-  for (const [key, canonical] of Object.entries(owned)) {
-    if (env && env[key] === canonical) {
-      delete env[key];
-      removed.push(key);
-      mutated = true;
-    } else {
-      kept.push(key);
-    }
+  let response;
+  try {
+    response = await fetch(MARGINFRONT_INGEST_URL, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        // MarginFront authenticates with x-api-key, NOT Bearer/Authorization.
+        "x-api-key": apiKey,
+        // This User-Agent is what lets the server tag these events as source='ccc'
+        // instead of the generic 'api' fallback. Without it, PostHog dashboards
+        // can't distinguish "developer paying for AI tokens via CCC" traffic from
+        // raw API clients - every CCC event would be mislabelled as source='api'.
+        "User-Agent": `@marginfront/code-cost-clarity/${CCC_PACKAGE_VERSION}`
+      },
+      body: JSON.stringify(requestBody)
+    });
+  } catch (networkError) {
+    return {
+      ok: false,
+      reason: "network",
+      message: networkError.message
+    };
   }
-  if (env && Object.keys(env).length === 0) {
-    delete settings.env;
-    mutated = true;
+  const responseText = await response.text();
+  if (!response.ok) {
+    return {
+      ok: false,
+      reason: "http",
+      status: response.status,
+      body: responseText
+    };
   }
-  let backupPath = null;
-  if (mutated) {
-    backupPath = backupClaudeSettings(settingsPath);
-    writeFileSync(settingsPath, JSON.stringify(settings, null, 2) + "\n");
-    log(
-      `Removed ${removed.length} MarginFront telemetry setting(s) from ${settingsPath} (backup at ${backupPath}).`
-    );
-  } else {
-    log(
-      `Nothing to remove from ${settingsPath} - the telemetry keys were already gone or you'd changed them (left untouched).`
-    );
+  let parsed = null;
+  try {
+    parsed = JSON.parse(responseText);
+  } catch {
+    parsed = null;
   }
-  rmSync(ownershipPath, { force: true });
-  return { removed, kept, backupPath };
+  return { ok: true, parsed, body: responseText };
 }
-function isPidAlive(pid) {
-  if (!pid || !Number.isInteger(pid)) return false;
+function successRowsFrom(parsed) {
+  const rows = parsed?.results?.success;
+  return Array.isArray(rows) ? rows : [];
+}
+function readWatchCursor(cursorPath) {
+  if (!cursorPath || !existsSync(cursorPath)) return 0;
   try {
-    process.kill(pid, 0);
-    return true;
-  } catch (err) {
-    return err?.code === "EPERM";
+    const parsed = parseInt(readFileSync(cursorPath, "utf8").trim(), 10);
+    return Number.isInteger(parsed) && parsed >= 0 ? parsed : 0;
+  } catch {
+    return 0;
   }
 }
-function readCollectorPid() {
-  if (!existsSync(COLLECTOR_PID_PATH)) return null;
+function writeWatchCursor(cursorPath, byteOffset) {
+  if (!cursorPath) return;
   try {
-    const pid = parseInt(readFileSync(COLLECTOR_PID_PATH, "utf8").trim(), 10);
-    return Number.isInteger(pid) ? pid : null;
+    writeFileSync(cursorPath, String(byteOffset));
   } catch {
-    return null;
   }
 }
-function startCollector({ log = console.log } = {}) {
-  const existing = readCollectorPid();
-  if (isPidAlive(existing)) {
-    log(`Collector already running (pid ${existing}).`);
-    return { pid: existing, startedByUs: false };
+function readNewCompleteLines(filePath, fromByte) {
+  if (!existsSync(filePath)) return { lines: [], nextCursor: fromByte };
+  let size;
+  try {
+    size = statSync(filePath).size;
+  } catch {
+    return { lines: [], nextCursor: fromByte };
   }
-  if (!existsSync(COLLECTOR_BIN_PATH)) {
-    throw new Error(
-      "Collector binary is missing. Run `npx @marginfront/code-cost-clarity init` first."
-    );
+  let start = fromByte;
+  if (size < start) start = 0;
+  if (size === start) return { lines: [], nextCursor: start };
+  const length = size - start;
+  const buffer = Buffer.alloc(length);
+  let bytesRead = 0;
+  let fd;
+  try {
+    fd = openSync(filePath, "r");
+    bytesRead = readSync(fd, buffer, 0, length, start);
+  } catch {
+    return { lines: [], nextCursor: fromByte };
+  } finally {
+    if (fd !== void 0) closeSync(fd);
   }
-  const logFd = openSync(COLLECTOR_LOG_PATH, "a");
-  const child = spawn(COLLECTOR_BIN_PATH, ["--config", COLLECTOR_CONFIG_PATH], {
-    cwd: CONFIG_DIR,
-    detached: true,
-    stdio: ["ignore", logFd, logFd]
-  });
-  child.unref();
-  writeFileSync(COLLECTOR_PID_PATH, String(child.pid));
-  log(`Started collector (pid ${child.pid}); logs at ${COLLECTOR_LOG_PATH}.`);
-  return { pid: child.pid, startedByUs: true };
-}
-function stopCollector({
-  log = console.log
-} = {}) {
-  const pid = readCollectorPid();
-  if (!isPidAlive(pid)) {
-    if (existsSync(COLLECTOR_PID_PATH))
-      rmSync(COLLECTOR_PID_PATH, { force: true });
-    log("No running collector found.");
-    return false;
+  const chunk = buffer.subarray(0, bytesRead);
+  const lastNewline = chunk.lastIndexOf(10);
+  if (lastNewline === -1) {
+    return { lines: [], nextCursor: start };
   }
+  const completeText = chunk.subarray(0, lastNewline + 1).toString("utf8");
+  const nextCursor = start + lastNewline + 1;
+  const parts = completeText.split("\n");
+  parts.pop();
+  return { lines: parts, nextCursor };
+}
+var MAX_QUEUE_RECORDS = 1e4;
+var MAX_RECORDS_PER_DRAIN = 100;
+var QUEUE_BACKOFF_START_MS = 2e3;
+var QUEUE_BACKOFF_MAX_MS = 6e4;
+var COLLECTOR_REVIVE_BACKOFF_MS = 3e4;
+function maybeReviveCollector(deps, nextReviveAllowedAt, backoffMs) {
+  if (deps.isCollectorAlive()) return nextReviveAllowedAt;
+  const now = deps.now();
+  if (now < nextReviveAllowedAt) return nextReviveAllowedAt;
+  const log = deps.log ?? console.error;
+  const updatedReviveAllowedAt = now + backoffMs;
+  log("collector was down, restarted it");
   try {
-    process.kill(pid);
-    log(`Stopped collector (pid ${pid}).`);
+    deps.reviveCollector();
   } catch (err) {
-    log(`Could not stop collector (pid ${pid}): ${err.message}`);
+    log(`collector revive attempt failed: ${err.message}`);
   }
-  rmSync(COLLECTOR_PID_PATH, { force: true });
-  return true;
-}
-var PLIST_LABEL = "ai.marginfront.ccc";
-var PLIST_PATH = join(
-  homedir(),
-  "Library",
-  "LaunchAgents",
-  PLIST_LABEL + ".plist"
-);
-var DAEMON_CLI_PATH = join(CONFIG_DIR, "cli.js");
-var DAEMON_STDOUT_LOG_PATH = join(CONFIG_DIR, "forwarder.out.log");
-var DAEMON_STDERR_LOG_PATH = join(CONFIG_DIR, "forwarder.err.log");
-function defaultLaunchctlRunner(args) {
-  const result = spawnSync("launchctl", args, { encoding: "utf8" });
-  return {
-    // A spawn error (e.g. launchctl missing on a non-mac) leaves status null; we
-    // treat that as a failure so callers don't read it as "succeeded."
-    status: typeof result.status === "number" ? result.status : 1,
-    stdout: result.stdout ?? "",
-    stderr: result.stderr ?? ""
-  };
+  return updatedReviveAllowedAt;
 }
-function setDesktopGuiEnv(runLaunchctl = defaultLaunchctlRunner) {
-  for (const key of CCC_OWNED_TELEMETRY_KEYS) {
-    runLaunchctl(["setenv", key, CCC_TELEMETRY_VALUES[key]]);
+function isRetryablePostResult(result) {
+  if (result.ok) return false;
+  if (result.reason === "network") return true;
+  if (result.reason === "no-key") return false;
+  if (result.reason === "http") {
+    return result.status === 429 || result.status >= 500;
   }
+  return false;
 }
-function unsetDesktopGuiEnv(runLaunchctl = defaultLaunchctlRunner) {
-  for (const key of CCC_OWNED_TELEMETRY_KEYS) {
-    runLaunchctl(["unsetenv", key]);
+function readQueue(queuePath) {
+  if (!queuePath || !existsSync(queuePath)) return [];
+  let text;
+  try {
+    text = readFileSync(queuePath, "utf8");
+  } catch {
+    return [];
+  }
+  const out = [];
+  for (const line of text.split("\n")) {
+    const trimmed = line.trim();
+    if (!trimmed) continue;
+    try {
+      out.push(JSON.parse(trimmed));
+    } catch {
+    }
   }
+  return out;
 }
-function currentUid() {
-  return typeof process.getuid === "function" ? process.getuid() : 0;
+function appendToQueue(queuePath, records) {
+  if (!queuePath || records.length === 0) return;
+  const payload = records.map((r) => JSON.stringify(r) + "\n").join("");
+  try {
+    appendFileSync(queuePath, payload);
+  } catch {
+  }
 }
-function escapeXml(value) {
-  return value.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&apos;");
+function writeQueue(queuePath, records) {
+  if (!queuePath) return;
+  try {
+    if (records.length === 0) {
+      if (existsSync(queuePath)) rmSync(queuePath, { force: true });
+      return;
+    }
+    writeFileSync(
+      queuePath,
+      records.map((r) => JSON.stringify(r) + "\n").join("")
+    );
+  } catch {
+  }
 }
-function renderDaemonPlist({
-  nodePath,
-  cliPath
-}) {
-  return `<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-<dict>
-  <key>Label</key>
-  <string>${escapeXml(PLIST_LABEL)}</string>
-  <key>ProgramArguments</key>
-  <array>
-    <string>${escapeXml(nodePath)}</string>
-    <string>${escapeXml(cliPath)}</string>
-    <string>run</string>
-  </array>
-  <key>WorkingDirectory</key>
-  <string>${escapeXml(CONFIG_DIR)}</string>
-  <key>RunAtLoad</key>
-  <true/>
-  <key>KeepAlive</key>
-  <true/>
-  <key>StandardOutPath</key>
-  <string>${escapeXml(DAEMON_STDOUT_LOG_PATH)}</string>
-  <key>StandardErrorPath</key>
-  <string>${escapeXml(DAEMON_STDERR_LOG_PATH)}</string>
-</dict>
-</plist>
+function watchAndForward(filePath, options = {}) {
+  const foldCache = options.foldCache === true;
+  const fallbackCustomerId = options.fallbackCustomerId;
+  const cursorPath = options.cursorPath;
+  const pidFilePath = options.pidFilePath;
+  const developerOverride = resolveDeveloperOverride(process.env);
+  if (!process.env.MARGINFRONT_API_KEY) {
+    console.error(
+      "MARGINFRONT_API_KEY is not set. Set it in your shell before watching: export MARGINFRONT_API_KEY=..."
+    );
+    process.exit(1);
+  }
+  if (pidFilePath) {
+    try {
+      writeFileSync(pidFilePath, String(process.pid));
+    } catch {
+    }
+  }
+  console.log(
+    `Watching ${filePath} for live Claude Code + Codex usage` + (foldCache ? " (fold-cache: cache tokens rolled into input)" : "") + "\u2026 Ctrl-C to stop."
+  );
+  let cursorBytes = readWatchCursor(cursorPath);
+  let running = false;
+  const queuePath = options.queuePath;
+  let queuedCount = readQueue(queuePath).length;
+  let queueBackoffMs = QUEUE_BACKOFF_START_MS;
+  let nextQueueRetryAt = 0;
+  const hhmmss = () => (/* @__PURE__ */ new Date()).toISOString().slice(11, 19);
+  let nextCollectorReviveAt = 0;
+  const collectorHealDeps = {
+    isCollectorAlive: () => isPidAlive(readCollectorPid()),
+    reviveCollector: () => {
+      startCollector();
+    },
+    now: () => Date.now(),
+    log: (message) => console.error(`[${hhmmss()}] ${message}`)
+  };
+  function logSuccess(body, result, stamp) {
+    if (!result.ok) return;
+    for (const rec of body.records) {
+      const row = successRowsFrom(result.parsed).find(
+        (r) => r?.customerExternalId === rec.customerExternalId
+      );
+      const cost = row?.totalCostUsd != null ? `$${row.totalCostUsd}` : "$?";
+      const eventId = row?.eventId ? ` event=${row.eventId}` : "";
+      const reference = "source" in rec.metadata ? `src=${rec.metadata.source}` : `cc=$${rec.metadata.claudeCodeCostUsd ?? "?"}`;
+      const volume = rec.quantity !== void 0 ? `qty=${rec.quantity} tool=${"toolName" in rec.metadata ? rec.metadata.toolName : "?"}` : `in=${rec.inputTokens} out=${rec.outputTokens}`;
+      console.log(
+        `[${stamp}] recorded ${rec.customerExternalId} \xB7 ${volume} \xB7 server=${cost} \xB7 ${reference}${eventId}`
+      );
+    }
+  }
+  function logFailure(result, stamp) {
+    if (result.ok) return;
+    if (result.reason === "http") {
+      console.error(
+        `[${stamp}] MarginFront HTTP ${result.status}: ${result.body}`
+      );
+    } else if (result.reason === "network") {
+      console.error(
+        `[${stamp}] could not reach MarginFront: ${result.message}`
+      );
+    } else {
+      console.error(`[${stamp}] send failed (${result.reason}).`);
+    }
+  }
+  function enqueueFailed(records, stamp) {
+    const room = Math.max(0, MAX_QUEUE_RECORDS - queuedCount);
+    const toQueue = records.slice(0, room);
+    const shed = records.length - toQueue.length;
+    if (toQueue.length > 0) {
+      appendToQueue(queuePath, toQueue);
+      queuedCount += toQueue.length;
+      console.error(
+        `[${stamp}] send failed - queued ${toQueue.length} record(s) for retry (${queuedCount} now in queue).`
+      );
+    }
+    if (shed > 0) {
+      console.error(
+        `[${stamp}] QUEUE FULL (cap ${MAX_QUEUE_RECORDS}): shed ${shed} record(s) - these turns are LOST. The ingest endpoint has been unreachable for a long time; check connectivity.`
+      );
+    }
+    nextQueueRetryAt = Date.now() + queueBackoffMs;
+    queueBackoffMs = Math.min(queueBackoffMs * 2, QUEUE_BACKOFF_MAX_MS);
+  }
+  async function drainQueue() {
+    if (!queuePath || queuedCount === 0) return;
+    if (Date.now() < nextQueueRetryAt) return;
+    const queued = readQueue(queuePath);
+    queuedCount = queued.length;
+    if (queued.length === 0) return;
+    const batch = queued.slice(0, MAX_RECORDS_PER_DRAIN);
+    const result = await postToMarginFront({ records: batch });
+    const stamp = hhmmss();
+    if (result.ok) {
+      const remaining = queued.slice(batch.length);
+      writeQueue(queuePath, remaining);
+      queuedCount = remaining.length;
+      queueBackoffMs = QUEUE_BACKOFF_START_MS;
+      nextQueueRetryAt = 0;
+      console.log(
+        `[${stamp}] queue: ${batch.length} retried record(s) landed \xB7 ${remaining.length} still queued.`
+      );
+    } else if (isRetryablePostResult(result)) {
+      logFailure(result, stamp);
+      const waitMs = queueBackoffMs;
+      nextQueueRetryAt = Date.now() + waitMs;
+      queueBackoffMs = Math.min(queueBackoffMs * 2, QUEUE_BACKOFF_MAX_MS);
+      console.error(
+        `[${stamp}] queue: retry failed, ${queued.length} record(s) still queued (next attempt in ~${Math.round(waitMs / 1e3)}s).`
+      );
+    } else {
+      const remaining = queued.slice(batch.length);
+      writeQueue(queuePath, remaining);
+      queuedCount = remaining.length;
+      console.error(
+        `[${stamp}] queue: dropping ${batch.length} record(s) - terminal failure (server rejected them, retrying can't help).`
+      );
+    }
+  }
+  async function processNewLines() {
+    if (running) return;
+    running = true;
+    try {
+      await drainQueue();
+      const { lines, nextCursor } = readNewCompleteLines(filePath, cursorBytes);
+      for (const rawLine of lines) {
+        const line = rawLine.trim();
+        if (!line) continue;
+        let parsed;
+        try {
+          parsed = JSON.parse(line);
+        } catch {
+          console.error("(skipped one telemetry line that wasn't valid JSON)");
+          continue;
+        }
+        const body = buildRequestBodyForLine(parsed, {
+          foldCache,
+          fallbackCustomerId,
+          developerOverride,
+          rawSourceLine: line
+        });
+        if (!body.records.length) continue;
+        const result = await postToMarginFront(body);
+        const stamp = hhmmss();
+        if (!result.ok) {
+          logFailure(result, stamp);
+          if (queuePath && isRetryablePostResult(result)) {
+            enqueueFailed(body.records, stamp);
+          } else if (queuePath) {
+            console.error(
+              `[${stamp}] dropping ${body.records.length} record(s): terminal send failure (not retryable).`
+            );
+          }
+          continue;
+        }
+        logSuccess(body, result, stamp);
+        if (queuedCount > 0) {
+          queueBackoffMs = QUEUE_BACKOFF_START_MS;
+          nextQueueRetryAt = 0;
+        }
+      }
+      if (nextCursor !== cursorBytes) {
+        cursorBytes = nextCursor;
+        writeWatchCursor(cursorPath, cursorBytes);
+      }
+    } finally {
+      running = false;
+    }
+  }
+  processNewLines().catch(
+    (e) => console.error(`watch error: ${e.message}`)
+  );
+  const timer = setInterval(() => {
+    nextCollectorReviveAt = maybeReviveCollector(
+      collectorHealDeps,
+      nextCollectorReviveAt,
+      COLLECTOR_REVIVE_BACKOFF_MS
+    );
+    processNewLines().catch(
+      (e) => console.error(`watch error: ${e.message}`)
+    );
+  }, WATCH_POLL_MS);
+  return function stop() {
+    clearInterval(timer);
+    if (pidFilePath) {
+      try {
+        rmSync(pidFilePath, { force: true });
+      } catch {
+      }
+    }
+  };
+}
+
+// src/connector.ts
+var CONFIG_DIR = join(homedir(), ".marginfront-ccc");
+var ENV_PATH = join(CONFIG_DIR, ".env");
+var COLLECTOR_CONFIG_PATH = join(CONFIG_DIR, "otel-collector.yaml");
+var COLLECTOR_BIN_PATH = join(CONFIG_DIR, "otelcol-contrib");
+var LIVE_JSONL_PATH = join(CONFIG_DIR, "live-otlp.jsonl");
+var COLLECTOR_PID_PATH = join(CONFIG_DIR, "collector.pid");
+var COLLECTOR_LOG_PATH = join(CONFIG_DIR, "collector.log");
+var FORWARDER_CURSOR_PATH = join(CONFIG_DIR, "forwarder.cursor");
+var FORWARDER_QUEUE_PATH = join(CONFIG_DIR, "forwarder.queue.jsonl");
+var FORWARDER_PID_PATH = join(CONFIG_DIR, "forwarder.pid");
+var VERSION_PATTERN = /^v\d+\.\d+\.\d+$/;
+function resolveOtelcolVersion(override = process2.env.CCC_OTELCOL_VERSION) {
+  const DEFAULT_VERSION = "v0.154.0";
+  if (!override) return DEFAULT_VERSION;
+  if (!VERSION_PATTERN.test(override)) {
+    throw new Error(
+      `Invalid CCC_OTELCOL_VERSION "${override}".
+What happened: you set the collector version override, but it isn't a valid version number.
+Why this is strict: that value goes into a download URL and a filename, so a malformed one could point the installer somewhere unsafe. We refuse rather than guess.
+Fix: use the form vMAJOR.MINOR.PATCH (for example CCC_OTELCOL_VERSION=v0.154.0), or unset it to use the built-in pinned version.`
+    );
+  }
+  return override;
+}
+var OTELCOL_VERSION = resolveOtelcolVersion();
+var COLLECTOR_CHECKSUMS = {
+  "otelcol-contrib_0.154.0_darwin_amd64.tar.gz": "14f7f825a7ad7ee0799947ff70a42b9a5528a9c1411ab45f8fcc4caeb9346f7b",
+  "otelcol-contrib_0.154.0_darwin_arm64.tar.gz": "de3af70ef0b80af213911cc9ba8daf553348dd22ed1fb15db561d207fc2cb3d9",
+  "otelcol-contrib_0.154.0_linux_amd64.tar.gz": "f0fe6e7b1d81936d4e5a3aad7a678f3fc2f8ada2a9f8f37f37542813c12ed322",
+  "otelcol-contrib_0.154.0_linux_arm64.tar.gz": "52310bfcb5a952c072e8abff7f0f2940ee38cea36752a4a4e1a4e21c2088c3f9"
+};
+function verifyTarballChecksum(tarballPath, expectedSha256) {
+  const actual = createHash2("sha256").update(readFileSync2(tarballPath)).digest("hex").toLowerCase();
+  return actual === expectedSha256.toLowerCase();
+}
+function renderEnvFile() {
+  return `# ============================================================
+# Claude Code -> MarginFront connector: environment settings
+# ============================================================
+# MAIN JOB of this file: hold your MARGINFRONT_API_KEY (below) so the background
+# meter can read it - fill that in (init usually does it for you).
+#
+# As of v0.5.0 you do NOT need to 'source' this before running Claude Code:
+# 'init' wires the telemetry settings into ~/.claude/settings.json for you, so
+# every 'claude'/'codex' session (and the desktop apps) broadcast on their own.
+# Sourcing this is only useful for the manual, foreground 'run' path.
+#
+# This file stays on your machine; it is never published or committed.
+# ============================================================
+
+# Turns on Claude Code's usage broadcasting. Leave as 1.
+CLAUDE_CODE_ENABLE_TELEMETRY=1
+
+# Send usage as OpenTelemetry metrics. Leave as otlp.
+OTEL_METRICS_EXPORTER=otlp
+
+# Send Claude Code's EVENTS (the per-tool-call records) too. Leave as otlp.
+# Tokens come in as metrics (above); a paid tool call (Google Maps, Browserbase,
+# a paid MCP server) only shows up on this EVENT stream - without this line Claude
+# Code broadcasts no tool activity and tool spend can't be tracked (LOWAI-478).
+OTEL_LOGS_EXPORTER=otlp
+
+# Use HTTP/protobuf. Verified working; gRPC on 4317 silently failed in testing.
+OTEL_EXPORTER_OTLP_PROTOCOL=http/protobuf
+
+# Where the local collector listens. Must match the collector YAML.
+OTEL_EXPORTER_OTLP_ENDPOINT=http://127.0.0.1:4318
+
+# How often Claude Code flushes usage, in milliseconds.
+#   300000 = 5 minutes - batches usage so you get roughly one event per turn
+#   without a long wait. Raise to 600000 (10 min) to batch harder; lower to
+#   60000 (1 min) or 5000 (5 s) for a more live drip.
+OTEL_METRIC_EXPORT_INTERVAL=300000
+
+# Tool-call costs (LOWAI-478) need NOTHING configured here. Every tool your agents
+# fire (other than free built-ins like Read/Bash) is forwarded automatically;
+# MarginFront's pricing catalog decides what's billable and at what rate. Add price
+# rows for your paid tools in MarginFront - there's no client-side list to maintain.
+
+# WHO this machine's AI cost belongs to (per-developer attribution).
+# WHY THIS EXISTS, plainly: lots of teams share ONE Claude/Codex login, so every
+# developer's usage carries the SAME login email and all the cost piles onto one
+# person. CCC runs locally on each laptop, so naming the developer here splits that
+# shared-login cost back out per developer. This is INTERNAL cost visibility only -
+# it does NOT change anyone's bill.
+#
+# HOW IT'S USED at send time (precedence, highest wins):
+#   1. This CCC_DEVELOPER_EMAIL, when set - it wins for EVERY record from this machine.
+#   2. Otherwise the email the coding-agent login reports (user.email).
+#   3. Otherwise a clearly-labeled no-identity placeholder.
+# Leave it BLANK to keep today's behavior (auto-detect from the login). init fills
+# this in for you, defaulting to your global git user.email - change it anytime.
+CCC_DEVELOPER_EMAIL=
+
+# YOUR MarginFront SECRET key (mf_sk_*). Create or copy one at:
+#   app.marginfront.com -> Build -> API Keys -> "Create Key Pair"
+#   (https://app.marginfront.com/developer-zone/api-keys)
+# Use the SECRET key (mf_sk_*) - a publishable key (mf_pk_*) is rejected on send.
+# The forwarder reads this from the environment only; it is never hardcoded.
+# Leave blank to run in no-identity preview mode (see the README).
+MARGINFRONT_API_KEY=
 `;
 }
-function installDaemon(options = {}) {
-  const runLaunchctl = options.runLaunchctl ?? defaultLaunchctlRunner;
-  const log = options.log ?? console.log;
-  const nodePath = options.nodePath ?? process.execPath;
-  const sourceCliPath = options.sourceCliPath ?? fileURLToPath(import.meta.url);
-  const daemonCliPath = options.daemonCliPath ?? DAEMON_CLI_PATH;
-  const plistPath = options.plistPath ?? PLIST_PATH;
-  const uid = options.uid ?? currentUid();
-  if (nodePath === "npx" || nodePath.endsWith("/npx")) {
-    throw new Error(
-      "Refusing to install the background daemon with 'npx' as its program.\nWhat happened: the daemon must be pinned to the real node binary (process.execPath), because npx runs from a temporary cache that gets cleaned up - a daemon pointed at npx would crash-loop once that cache is gone.\nFix: this is an internal error; the daemon should always be installed with process.execPath. Re-run `start` from the npx-installed CLI."
+function renderCollectorYaml(jsonlPath = LIVE_JSONL_PATH) {
+  return `# OpenTelemetry Collector config - Claude Code -> MarginFront
+# ---------------------------------------------------------------------------
+# WHAT THIS DOES, plainly: it's the "catcher." Claude Code broadcasts its token
+# usage here; this collector batches what it hears and writes it to a file,
+# which the forwarder tails and turns into MarginFront usage rows.
+# ---------------------------------------------------------------------------
+
+receivers:
+  # The door Claude Code knocks on. It listens for OpenTelemetry (OTLP) on the
+  # two standard local ports. We point Claude Code at HTTP/protobuf on 4318 -
+  # gRPC on 4317 silently failed to connect from Claude Code 2.1.185 in testing,
+  # so 4318 is the one that actually works. Bound to localhost only.
+  otlp:
+    protocols:
+      grpc:
+        endpoint: 127.0.0.1:4317
+      http:
+        endpoint: 127.0.0.1:4318
+
+processors:
+  # THE NO-DOUBLE-COUNT PROCESSOR. Claude Code emits CUMULATIVE counters (each
+  # export is the running total since the session started), and it ignores the
+  # "give me deltas" env var. Without this, the forwarder would record the
+  # running total every export - re-counting everything before it. This turns
+  # each cumulative total into the increment since the last export.
+  cumulativetodelta: {}
+
+  # Group what arrives into small batches and flush quickly, so the live view
+  # feels near-real-time rather than trickling one datapoint at a time.
+  batch:
+    timeout: 1s
+
+exporters:
+  # Write each batch as one line of OTLP/JSON (JSON Lines). The forwarder
+  # watches this file and records each new line. Both pipelines below share this
+  # one exporter, so Claude Code's metrics and Codex's logs land in the SAME file
+  # (each as its own line) and the one forwarder reads both.
+  file:
+    path: ${jsonlPath}
+
+service:
+  telemetry:
+    logs:
+      # The collector's OWN log verbosity (how chatty otelcol itself is). This is
+      # NOT a data pipeline - it does not catch Codex's usage logs. The pipeline
+      # that does is service.pipelines.logs below. Keep this quiet.
+      level: warn
+  pipelines:
+    # Claude Code source: token + cost COUNTERS arrive as metrics.
+    # Receive -> de-dupe (cumulative->delta) -> batch -> file.
+    metrics:
+      receivers: [otlp]
+      processors: [cumulativetodelta, batch]
+      exporters: [file]
+    # Codex source (LOWAI-463): Codex reports usage on the LOG stream, not as
+    # metrics, so it needs its own pipeline. No cumulativetodelta here - that's a
+    # METRICS processor and doesn't apply to logs; each Codex log record is one
+    # turn's usage on its own. Receive -> batch -> file (the same file).
+    logs:
+      receivers: [otlp]
+      processors: [batch]
+      exporters: [file]
+`;
+}
+var CODEX_CONFIG_PATH = join(homedir(), ".codex", "config.toml");
+var CODEX_CCC_BEGIN_MARKER = "# >>> MarginFront code-cost-clarity - auto-added; `npx @marginfront/code-cost-clarity uninstall` removes this block >>>";
+var CODEX_CCC_END_MARKER = "# <<< MarginFront code-cost-clarity - end of auto-added block <<<";
+var CODEX_OTEL_TOML_BLOCK = [
+  "[otel]",
+  'exporter = { otlp-http = { endpoint = "http://127.0.0.1:4318/v1/logs", protocol = "binary" } }'
+].join("\n");
+function renderCodexCccBlock() {
+  return [
+    CODEX_CCC_BEGIN_MARKER,
+    CODEX_OTEL_TOML_BLOCK,
+    CODEX_CCC_END_MARKER
+  ].join("\n");
+}
+function renderCodexConfigInstructions() {
+  return [
+    "Optional - also capture Codex (in addition to, or instead of, Claude Code):",
+    "",
+    "  Codex reports its usage to the SAME local collector, so there's nothing",
+    "  extra to install. Add this block to your ~/.codex/config.toml:",
+    "",
+    // Single-sourced from CODEX_OTEL_TOML_BLOCK above, indented for the printout,
+    // so the pasted block always matches what the auto-writer would write.
+    ...CODEX_OTEL_TOML_BLOCK.split("\n").map((line) => "    " + line),
+    "",
+    "  Then run Codex normally. `run` already watches both sources - Claude Code,",
+    "  Codex, or both - from the one collector file; there's no extra flag.",
+    "",
+    "  Note: exact [otel] key names can vary by Codex version, and whether your",
+    "  developer email shows up depends on how you sign in (org API key vs ChatGPT",
+    "  login). If the email doesn't surface, usage still lands under the no-identity",
+    "  placeholder. See the README's Codex section for the full details."
+  ].join("\n");
+}
+function lineDeclaresOtelTable(rawLine) {
+  const beforeComment = rawLine.split("#")[0].trim();
+  if (!beforeComment) return false;
+  let firstToken;
+  if (beforeComment.startsWith("[")) {
+    const inner = beforeComment.replace(/^\[+/, "").trim();
+    const path = inner.split("]")[0].trim();
+    firstToken = path.split(".")[0].trim();
+  } else {
+    firstToken = beforeComment.split(/[.=\s]/)[0].trim();
+  }
+  firstToken = firstToken.replace(/^["']|["']$/g, "");
+  return firstToken === "otel";
+}
+function codexConfigHasOtelTable(content) {
+  return content.split(/\r?\n/).some(lineDeclaresOtelTable);
+}
+function codexConfigHasCccBlock(configPath = CODEX_CONFIG_PATH) {
+  if (!existsSync2(configPath)) return false;
+  try {
+    return readFileSync2(configPath, "utf8").includes(CODEX_CCC_BEGIN_MARKER);
+  } catch {
+    return false;
+  }
+}
+function writeCodexOtelConfig({
+  configPath = CODEX_CONFIG_PATH,
+  log = console.log
+} = {}) {
+  if (!existsSync2(configPath)) {
+    mkdirSync(dirname(configPath), { recursive: true });
+    writeFileSync2(configPath, renderCodexCccBlock() + "\n");
+    log(
+      `Created ${configPath} and wired Codex to the local collector for you.`
     );
+    return { action: "created", backupPath: null };
   }
-  mkdirSync(dirname(daemonCliPath), { recursive: true });
-  copyFileSync(sourceCliPath, daemonCliPath);
+  const content = readFileSync2(configPath, "utf8");
+  if (content.includes(CODEX_CCC_BEGIN_MARKER)) {
+    log(`Codex is already wired up in ${configPath} - nothing to do.`);
+    return { action: "skipped-existing", backupPath: null };
+  }
+  if (codexConfigHasOtelTable(content)) {
+    log(
+      `Left your existing [otel] settings in ${configPath} untouched - add the MarginFront block by hand if you want Codex captured too.`
+    );
+    return { action: "skipped-existing", backupPath: null };
+  }
+  const backupPath = `${configPath}.ccc-bak`;
+  copyFileSync(configPath, backupPath);
+  const separator = content.length > 0 ? "\n" : "";
+  writeFileSync2(configPath, content + separator + renderCodexCccBlock() + "\n");
   log(
-    `Copied the meter program to ${daemonCliPath} (a stable copy that survives npx cleanup).`
-  );
-  mkdirSync(dirname(plistPath), { recursive: true });
-  writeFileSync(
-    plistPath,
-    renderDaemonPlist({ nodePath, cliPath: daemonCliPath })
+    `Added the MarginFront telemetry block to ${configPath} (backup at ${backupPath}).`
   );
-  log(`Wrote the background-job definition to ${plistPath}.`);
-  const domainTarget = `gui/${uid}`;
-  const serviceTarget = `gui/${uid}/${PLIST_LABEL}`;
-  const alreadyLoaded = runLaunchctl(["print", serviceTarget]).status === 0;
-  let reloaded = false;
-  if (alreadyLoaded) {
+  return { action: "appended", backupPath };
+}
+function removeCodexOtelConfig({
+  configPath = CODEX_CONFIG_PATH,
+  log = console.log
+} = {}) {
+  if (!existsSync2(configPath)) {
     log(
-      "A background meter is already loaded - reloading it with the new settings."
+      `Nothing to undo: ${configPath} doesn't exist (Codex was never wired up here).`
     );
-    runLaunchctl(["bootout", serviceTarget]);
-    reloaded = true;
+    return { action: "missing", backupPath: null };
   }
-  const bootstrap = runLaunchctl(["bootstrap", domainTarget, plistPath]);
-  if (bootstrap.status !== 0) {
-    throw new Error(
-      `Could not start the background meter (launchctl bootstrap failed).
-What happened: macOS refused to load the job at ${plistPath}.
-` + (bootstrap.stderr ? `launchctl said: ${bootstrap.stderr.trim()}
-` : "") + `Fix: run \`npx @marginfront/code-cost-clarity status\` to see the current state, or \`stop\` then \`start\` again. If it keeps failing, confirm you're on macOS and that ${plistPath} looks like valid XML.`
+  const content = readFileSync2(configPath, "utf8");
+  const beginIdx = content.indexOf(CODEX_CCC_BEGIN_MARKER);
+  const endIdx = content.indexOf(CODEX_CCC_END_MARKER);
+  if (beginIdx === -1 || endIdx === -1 || endIdx < beginIdx) {
+    log(
+      `Nothing to undo: ${configPath} has no MarginFront block (left every other setting untouched).`
     );
+    return { action: "no-marker", backupPath: null };
   }
-  log("The background meter is loaded and will start at login from now on.");
-  return { reloaded, plistPath, daemonCliPath };
+  let cutStart = beginIdx;
+  let cutEnd = endIdx + CODEX_CCC_END_MARKER.length;
+  if (content[cutEnd] === "\n") cutEnd += 1;
+  if (content[cutStart - 1] === "\n") {
+    cutStart -= 1;
+  }
+  const backupPath = existsSync2(`${configPath}.ccc-bak`) ? `${configPath}.ccc-bak` : null;
+  writeFileSync2(configPath, content.slice(0, cutStart) + content.slice(cutEnd));
+  log(
+    `Removed the MarginFront block from ${configPath}` + (backupPath ? ` (your original is preserved at ${backupPath}).` : ".")
+  );
+  return { action: "removed", backupPath };
 }
-function uninstallDaemon(options = {}) {
-  const runLaunchctl = options.runLaunchctl ?? defaultLaunchctlRunner;
-  const log = options.log ?? console.log;
-  const daemonCliPath = options.daemonCliPath ?? DAEMON_CLI_PATH;
-  const plistPath = options.plistPath ?? PLIST_PATH;
-  const uid = options.uid ?? currentUid();
-  runLaunchctl(["bootout", `gui/${uid}/${PLIST_LABEL}`]);
-  if (existsSync(plistPath)) {
-    rmSync(plistPath, { force: true });
-    log(`Removed the background-job definition at ${plistPath}.`);
+function resolveCollectorAsset(nodePlatform = platform(), nodeArch = arch(), version = OTELCOL_VERSION) {
+  const osMap = { darwin: "darwin", linux: "linux" };
+  const archMap = { arm64: "arm64", x64: "amd64" };
+  const os = osMap[nodePlatform];
+  const cpu = archMap[nodeArch];
+  if (!os) {
+    throw new Error(
+      `Unsupported operating system "${nodePlatform}". The bundled collector supports macOS (darwin) and Linux. On Windows, run this under WSL.`
+    );
   }
-  if (existsSync(daemonCliPath)) {
-    rmSync(daemonCliPath, { force: true });
-    log(`Removed the meter program copy at ${daemonCliPath}.`);
+  if (!cpu) {
+    throw new Error(
+      `Unsupported CPU architecture "${nodeArch}". The bundled collector supports arm64 and x64 (amd64).`
+    );
   }
+  const versionNoV = version.replace(/^v/, "");
+  const asset = `otelcol-contrib_${versionNoV}_${os}_${cpu}.tar.gz`;
+  const url = `https://github.com/open-telemetry/opentelemetry-collector-releases/releases/download/${version}/${asset}`;
+  return { os, cpu, asset, url, version };
 }
-function bootoutDaemon(options = {}) {
-  const runLaunchctl = options.runLaunchctl ?? defaultLaunchctlRunner;
-  const uid = options.uid ?? currentUid();
-  const result = runLaunchctl(["bootout", `gui/${uid}/${PLIST_LABEL}`]);
-  return result.status === 0;
-}
-function parseDaemonPrint(result) {
-  if (result.status !== 0) {
-    return { loaded: false, running: false, pid: null };
+function ensureCollectorBinary({
+  force = false,
+  log = console.log
+} = {}) {
+  if (existsSync2(COLLECTOR_BIN_PATH) && !force) {
+    log(
+      `Collector already present at ${COLLECTOR_BIN_PATH} - skipping download.`
+    );
+    return COLLECTOR_BIN_PATH;
   }
-  const out = result.stdout;
-  const running = /\bstate\s*=\s*running\b/.test(out);
-  const pidMatch = out.match(/\bpid\s*=\s*(\d+)/);
-  const pid = pidMatch ? parseInt(pidMatch[1], 10) : null;
-  return { loaded: true, running, pid };
-}
-function queryDaemonStatus(options = {}) {
-  const runLaunchctl = options.runLaunchctl ?? defaultLaunchctlRunner;
-  const uid = options.uid ?? currentUid();
-  return parseDaemonPrint(runLaunchctl(["print", `gui/${uid}/${PLIST_LABEL}`]));
-}
-function readLastLines(path, maxLines) {
-  if (!existsSync(path)) return [];
-  let text;
+  const { asset, url, version } = resolveCollectorAsset();
+  const tgzPath = join(tmpdir(), asset);
+  log(
+    `Downloading the collector (${asset}, ~360 MB) - this can take a minute\u2026`
+  );
   try {
-    text = readFileSync(path, "utf8");
+    execFileSync("curl", ["-fSL", "-o", tgzPath, url], { stdio: "inherit" });
   } catch {
-    return [];
+    throw new Error(
+      `Could not download the collector from ${url}
+What happened: the download failed (network issue, or version ${version} has no asset for your platform).
+Fix: check your internet connection, or pin a different version with CCC_OTELCOL_VERSION=v0.155.0 (see the OpenTelemetry collector releases page).`
+    );
+  }
+  const expectedSha256 = COLLECTOR_CHECKSUMS[asset];
+  if (!expectedSha256) {
+    throw new Error(
+      `Refusing to run an unverified collector.
+What happened: there is no pinned, known-good fingerprint on file for "${asset}" (version ${version}).
+Why: this tool refuses to make ANY downloaded program executable unless we can first confirm it's exactly the release we trust.
+Fix: install the built-in pinned version (unset CCC_OTELCOL_VERSION), or add this release's official signed SHA-256 to the package's pinned checksums before installing it. The download is left at ${tgzPath} so you can verify it yourself.`
+    );
+  }
+  log("Verifying the downloaded collector's fingerprint\u2026");
+  if (!verifyTarballChecksum(tgzPath, expectedSha256)) {
+    try {
+      rmSync2(tgzPath, { force: true });
+    } catch {
+    }
+    throw new Error(
+      `Collector integrity check FAILED - refusing to install.
+What happened: the collector we downloaded for "${asset}" does NOT match its known-good fingerprint, so we deleted it and stopped.
+Why this probably happened: the file was altered between GitHub and your machine - most often a corporate TLS-inspecting proxy rewriting the download, a corrupted transfer, or (worst case) a tampered release.
+Fix: re-run the install on a network without a man-in-the-middle proxy. If it keeps failing on a clean network, do NOT bypass this - report it, because a persistent mismatch can mean the download is being tampered with.`
+    );
+  }
+  log("Fingerprint verified - the collector is exactly the trusted release.");
+  log(`Unpacking the collector into ${CONFIG_DIR}\u2026`);
+  try {
+    execFileSync("tar", ["xzf", tgzPath, "-C", CONFIG_DIR, "otelcol-contrib"], {
+      stdio: "inherit"
+    });
+  } catch {
+    throw new Error(
+      `Could not unpack ${tgzPath}.
+What happened: the downloaded archive didn't contain the expected otelcol-contrib binary, or tar isn't available.
+Fix: delete the file above and re-run \`npx @marginfront/code-cost-clarity init\`.`
+    );
+  } finally {
+    try {
+      rmSync2(tgzPath, { force: true });
+    } catch {
+    }
   }
-  const lines = text.split("\n");
-  if (lines.length > 0 && lines[lines.length - 1] === "") lines.pop();
-  return lines.slice(-maxLines);
-}
-var ZSHRC_PATH = join(homedir(), ".zshrc");
-function lineSourcesCccEnv(rawLine) {
-  const trimmed = rawLine.trim();
-  if (!trimmed || trimmed.startsWith("#")) return false;
-  if (!/^(source|\.)\s/.test(trimmed)) return false;
-  return trimmed.includes(".marginfront-ccc/.env");
-}
-function findCccZshrcSourceLines(zshrcPath = ZSHRC_PATH) {
-  if (!existsSync(zshrcPath)) return { found: false, matchedLines: [] };
-  let text;
   try {
-    text = readFileSync(zshrcPath, "utf8");
+    execFileSync("chmod", ["755", COLLECTOR_BIN_PATH]);
   } catch {
-    return { found: false, matchedLines: [] };
   }
-  const matchedLines = text.split("\n").filter(lineSourcesCccEnv).map((line) => line.trim());
-  return { found: matchedLines.length > 0, matchedLines };
+  log(`Collector installed at ${COLLECTOR_BIN_PATH}.`);
+  return COLLECTOR_BIN_PATH;
 }
-function removeCccZshrcSourceLine({
-  zshrcPath = ZSHRC_PATH,
+function ensureConfigFiles({
   log = console.log
 } = {}) {
-  if (!existsSync(zshrcPath)) {
-    log(`Nothing to remove: ${zshrcPath} doesn't exist.`);
-    return { removed: [], backupPath: null };
+  if (!existsSync2(CONFIG_DIR)) {
+    mkdirSync(CONFIG_DIR, { recursive: true });
+    log(`Created ${CONFIG_DIR}.`);
+  }
+  if (existsSync2(ENV_PATH)) {
+    log(`Kept your existing settings file at ${ENV_PATH} (API key preserved).`);
+  } else {
+    writeFileSync2(ENV_PATH, renderEnvFile(), { mode: 384 });
+    log(`Wrote settings template to ${ENV_PATH} - add your API key there.`);
   }
+  writeFileSync2(COLLECTOR_CONFIG_PATH, renderCollectorYaml());
+  log(`Wrote collector config to ${COLLECTOR_CONFIG_PATH}.`);
+}
+function loadEnvFile(path = ENV_PATH) {
+  if (!existsSync2(path)) return {};
+  const loaded = {};
   let text;
   try {
-    text = readFileSync(zshrcPath, "utf8");
+    text = readFileSync2(path, "utf8");
   } catch {
-    log(
-      `Could not read ${zshrcPath}, so I left it untouched - remove the \`source ~/.marginfront-ccc/.env\` line by hand if you like.`
-    );
-    return { removed: [], backupPath: null };
-  }
-  const removed = [];
-  const kept = [];
-  for (const line of text.split("\n")) {
-    if (lineSourcesCccEnv(line)) removed.push(line.trim());
-    else kept.push(line);
+    return {};
   }
-  if (removed.length === 0) {
-    log(`Nothing to remove in ${zshrcPath}: no MarginFront source line found.`);
-    return { removed: [], backupPath: null };
+  for (const rawLine of text.split("\n")) {
+    const line = rawLine.trim();
+    if (!line || line.startsWith("#")) continue;
+    const eq = line.indexOf("=");
+    if (eq === -1) continue;
+    const key = line.slice(0, eq).trim();
+    let value = line.slice(eq + 1).trim();
+    if (value.length >= 2 && (value.startsWith('"') && value.endsWith('"') || value.startsWith("'") && value.endsWith("'"))) {
+      value = value.slice(1, -1);
+    }
+    if (!key) continue;
+    loaded[key] = value;
+    if (process2.env[key] === void 0) {
+      process2.env[key] = value;
+    }
   }
-  const backupPath = `${zshrcPath}.ccc-bak`;
-  copyFileSync(zshrcPath, backupPath);
-  writeFileSync(zshrcPath, kept.join("\n"));
-  log(
-    `Removed the redundant 'source ~/.marginfront-ccc/.env' line from ${zshrcPath} (backup at ${backupPath}).`
-  );
-  return { removed, backupPath };
+  return loaded;
 }
-
-// src/forwarder.ts
-import {
-  readFileSync as readFileSync2,
-  existsSync as existsSync2,
-  statSync,
-  openSync as openSync2,
-  readSync,
-  closeSync,
-  writeFileSync as writeFileSync2,
-  appendFileSync,
-  rmSync as rmSync2
-} from "fs";
-import { createHash as createHash2 } from "crypto";
-import { createRequire } from "module";
-import process2 from "process";
-var _cccRequire = createRequire(import.meta.url);
-function resolveCccPackageVersion() {
-  if ("0.6.0".length > 0) {
-    return "0.6.0";
+function writeApiKeyToEnv(value, path = ENV_PATH) {
+  const current = existsSync2(path) ? readFileSync2(path, "utf8") : renderEnvFile();
+  const keyLine = /^MARGINFRONT_API_KEY=.*$/m;
+  let next;
+  if (keyLine.test(current)) {
+    next = current.replace(keyLine, () => `MARGINFRONT_API_KEY=${value}`);
+  } else {
+    const sep = current.endsWith("\n") || current === "" ? "" : "\n";
+    next = `${current}${sep}MARGINFRONT_API_KEY=${value}
+`;
   }
+  writeFileSync2(path, next, { mode: 384 });
+  chmodSync(path, 384);
+}
+function gitGlobalUserEmail() {
   try {
-    const pkg = _cccRequire("../package.json");
-    if (typeof pkg.version === "string" && pkg.version.length > 0) {
-      return pkg.version;
-    }
+    const out = execFileSync("git", ["config", "--global", "user.email"], {
+      encoding: "utf8",
+      // Swallow git's own stderr so a "key not set" message can't leak to the user.
+      stdio: ["ignore", "pipe", "ignore"]
+    });
+    return out.trim();
   } catch {
+    return "";
   }
-  return "0.0.0-unknown";
 }
-var CCC_PACKAGE_VERSION = resolveCccPackageVersion();
-var DEFAULT_INGEST_URL = "https://api.marginfront.com/v1/sdk/usage/record";
-function resolveIngestUrl(override = process2.env.MARGINFRONT_INGEST_URL) {
-  if (!override) return DEFAULT_INGEST_URL;
+function writeDeveloperEmailToEnv(value, path = ENV_PATH) {
+  const current = existsSync2(path) ? readFileSync2(path, "utf8") : renderEnvFile();
+  const developerLine = /^CCC_DEVELOPER_EMAIL=.*$/m;
+  let next;
+  if (developerLine.test(current)) {
+    next = current.replace(developerLine, () => `CCC_DEVELOPER_EMAIL=${value}`);
+  } else {
+    const sep = current.endsWith("\n") || current === "" ? "" : "\n";
+    next = `${current}${sep}CCC_DEVELOPER_EMAIL=${value}
+`;
+  }
+  writeFileSync2(path, next, { mode: 384 });
+  chmodSync(path, 384);
+}
+var CLAUDE_SETTINGS_PATH = join(homedir(), ".claude", "settings.json");
+var CLAUDE_SETTINGS_OWNERSHIP_PATH = join(
+  CONFIG_DIR,
+  "claude-settings-owned.json"
+);
+var CCC_OWNED_TELEMETRY_KEYS = [
+  "CLAUDE_CODE_ENABLE_TELEMETRY",
+  "OTEL_METRICS_EXPORTER",
+  "OTEL_LOGS_EXPORTER",
+  "OTEL_EXPORTER_OTLP_PROTOCOL",
+  "OTEL_EXPORTER_OTLP_ENDPOINT",
+  "OTEL_METRIC_EXPORT_INTERVAL"
+];
+var CCC_TELEMETRY_VALUES = {
+  // Turns on Claude Code's usage broadcasting.
+  CLAUDE_CODE_ENABLE_TELEMETRY: "1",
+  // Send token usage as OpenTelemetry metrics.
+  OTEL_METRICS_EXPORTER: "otlp",
+  // Send the per-tool-call EVENT stream too (needed for tool-call line items).
+  OTEL_LOGS_EXPORTER: "otlp",
+  // HTTP/protobuf - verified working; gRPC on 4317 silently failed in testing.
+  OTEL_EXPORTER_OTLP_PROTOCOL: "http/protobuf",
+  // Point Claude Code at the local collector (must match the collector YAML).
+  OTEL_EXPORTER_OTLP_ENDPOINT: "http://127.0.0.1:4318",
+  // Flush usage every 5 minutes (batched ~one event per turn).
+  OTEL_METRIC_EXPORT_INTERVAL: "300000"
+};
+function isPlainObject(value) {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function backupClaudeSettings(settingsPath) {
+  const backupPath = `${settingsPath}.ccc-bak`;
+  copyFileSync(settingsPath, backupPath);
+  return backupPath;
+}
+function readClaudeSettingsOwnership(ownershipPath) {
+  if (!existsSync2(ownershipPath)) return null;
   try {
-    const url = new URL(override);
-    const host = url.hostname;
-    const onMarginFront = host === "marginfront.com" || host.endsWith(".marginfront.com");
-    if (url.protocol === "https:" && onMarginFront) return override;
+    const parsed = JSON.parse(readFileSync2(ownershipPath, "utf8"));
+    if (!isPlainObject(parsed) || !isPlainObject(parsed.ownedKeys)) {
+      return null;
+    }
+    const out = {};
+    for (const [key, value] of Object.entries(parsed.ownedKeys)) {
+      out[key] = String(value);
+    }
+    return out;
   } catch {
+    return null;
   }
-  console.error(
-    "Ignoring MARGINFRONT_INGEST_URL - only an https://*.marginfront.com URL is allowed; sending to production instead."
-  );
-  return DEFAULT_INGEST_URL;
 }
-var MARGINFRONT_INGEST_URL = resolveIngestUrl();
-function resolveDeveloperOverride(env) {
-  return (env.CCC_DEVELOPER_EMAIL || "").trim() || void 0;
+function writeClaudeSettingsOwnership(ownershipPath, ownedKeys) {
+  mkdirSync(dirname(ownershipPath), { recursive: true });
+  const payload = {
+    _comment: "MarginFront code-cost-clarity wrote these telemetry keys into your Claude Code settings.json. Uninstall removes ONLY the keys below, and only if their value still matches. Safe to delete by hand if you've already cleaned up settings.json yourself.",
+    ownedKeys
+  };
+  writeFileSync2(ownershipPath, JSON.stringify(payload, null, 2) + "\n");
 }
-var AGENT_CODE = "claude-code";
-var SIGNAL_NAME = "claude-code-turn";
-var MODEL_PROVIDER = "anthropic";
-var AGENT_CODE_CODEX = "codex";
-var SIGNAL_NAME_CODEX = "codex-turn";
-var MODEL_PROVIDER_CODEX = "openai";
-var CODEX_USAGE_EVENT_NAME = "codex.sse_event";
-var CODEX_INPUT_TOKEN_KEY = "input_token_count";
-var CODEX_OUTPUT_TOKEN_KEY = "output_token_count";
-var CODEX_CACHED_TOKEN_KEY = "cached_token_count";
-var CODEX_REASONING_TOKEN_KEY = "reasoning_token_count";
-var CODEX_TOOL_TOKEN_KEY = "tool_token_count";
-var CODEX_TOKEN_KEYS = [
-  CODEX_INPUT_TOKEN_KEY,
-  CODEX_OUTPUT_TOKEN_KEY,
-  CODEX_CACHED_TOKEN_KEY,
-  CODEX_REASONING_TOKEN_KEY
-];
-var CODEX_EXCLUDED_MODELS = /* @__PURE__ */ new Set(["codex-auto-review"]);
-var SIGNAL_NAME_TOOL = "claude-code-tool";
-var SIGNAL_NAME_TOOL_CODEX = "codex-tool";
-var CLAUDE_TOOL_RESULT_EVENT = "claude_code.tool_result";
-var CODEX_TOOL_RESULT_EVENT = "codex.tool_result";
-var TOOL_NAME_KEYS = ["tool_name", "tool.name"];
-var MODEL_PROVIDER_TOOL = "tool";
-var BUILTIN_NONBILLABLE_TOOLS = /* @__PURE__ */ new Set([
-  // Claude Code built-ins
-  "Read",
-  "Edit",
-  "Write",
-  "MultiEdit",
-  "NotebookEdit",
-  "NotebookRead",
-  "Bash",
-  "BashOutput",
-  "KillShell",
-  "KillBash",
-  "Grep",
-  "Glob",
-  "LS",
-  "TodoWrite",
-  "ExitPlanMode",
-  "Task",
-  "Agent",
-  // alternate name for Task - hedge against the rename
-  "SlashCommand",
-  "ToolSearch",
-  // Codex built-ins (free + high-volume)
-  "exec_command",
-  "apply_patch"
-]);
-var ENVIRONMENT = "development";
-var WATCH_POLL_MS = 1e3;
-var NO_IDENTITY_CUSTOMER = "claude-code-no-identity";
-var CODEX_NO_IDENTITY_CUSTOMER = "codex-no-identity";
-function attributesToLookup(attributeList) {
-  const lookup = {};
-  if (!Array.isArray(attributeList)) return lookup;
-  for (const attribute of attributeList) {
-    if (attribute && typeof attribute.key === "string" && attribute.value) {
-      lookup[attribute.key] = attribute.value.stringValue;
+function writeClaudeTelemetrySettings(vars, {
+  settingsPath = CLAUDE_SETTINGS_PATH,
+  ownershipPath = CLAUDE_SETTINGS_OWNERSHIP_PATH,
+  log = console.log
+} = {}) {
+  let settings = {};
+  const fileExists = existsSync2(settingsPath);
+  if (fileExists) {
+    let parsed;
+    try {
+      parsed = JSON.parse(readFileSync2(settingsPath, "utf8"));
+    } catch {
+      const backupPath2 = backupClaudeSettings(settingsPath);
+      throw new Error(
+        `Could not update ${settingsPath}.
+What happened: your Claude Code settings file isn't valid JSON, so we stopped instead of risking your settings.
+What we did: saved an untouched copy at ${backupPath2}.
+Fix: open the file and repair the JSON (a common cause is a trailing comma or a missing quote), then run init again. We will not modify a file we can't read.`
+      );
+    }
+    if (!isPlainObject(parsed)) {
+      const backupPath2 = backupClaudeSettings(settingsPath);
+      throw new Error(
+        `Could not update ${settingsPath}.
+What happened: the top level of your Claude Code settings file isn't a JSON object (it looks like an array or a single value), so there's nowhere safe to add the telemetry settings.
+What we did: saved an untouched copy at ${backupPath2}.
+Fix: make the file a normal JSON object like { "env": { ... } }, then run init again.`
+      );
     }
+    settings = parsed;
   }
-  return lookup;
-}
-function dataPointTokenCount(dataPoint) {
-  if (dataPoint == null) return 0;
-  if (dataPoint.asInt !== void 0 && dataPoint.asInt !== null) {
-    const parsed = parseInt(String(dataPoint.asInt), 10);
-    return Number.isFinite(parsed) ? parsed : 0;
-  }
-  if (dataPoint.asDouble !== void 0 && dataPoint.asDouble !== null) {
-    const parsed = Math.round(Number(dataPoint.asDouble));
-    return Number.isFinite(parsed) ? parsed : 0;
+  if ("env" in settings && !isPlainObject(settings.env)) {
+    const backupPath2 = backupClaudeSettings(settingsPath);
+    throw new Error(
+      `Could not update ${settingsPath}.
+What happened: your settings file has an "env" entry that isn't a block of key/value settings (it's null, a list, or a single value), so we stopped instead of overwriting it.
+What we did: saved an untouched copy at ${backupPath2}.
+Fix: change "env" to a normal object like { "KEY": "value" } (or remove it), then run init again.`
+    );
   }
-  return 0;
-}
-function collectDataPointsForMetric(parsedOtlp, metricName) {
-  const collectedDataPoints = [];
-  const resourceMetricsList = parsedOtlp?.resourceMetrics;
-  if (!Array.isArray(resourceMetricsList)) return collectedDataPoints;
-  for (const resourceMetric of resourceMetricsList) {
-    const scopeMetricsList = resourceMetric?.scopeMetrics;
-    if (!Array.isArray(scopeMetricsList)) continue;
-    for (const scopeMetric of scopeMetricsList) {
-      const metricsList = scopeMetric?.metrics;
-      if (!Array.isArray(metricsList)) continue;
-      for (const metric of metricsList) {
-        if (metric?.name !== metricName) continue;
-        const dataPointsList = metric?.sum?.dataPoints;
-        if (!Array.isArray(dataPointsList)) continue;
-        for (const dataPoint of dataPointsList) {
-          collectedDataPoints.push(dataPoint);
-        }
+  const hadEnv = isPlainObject(settings.env);
+  const env = hadEnv ? settings.env : {};
+  const priorOwned = readClaudeSettingsOwnership(ownershipPath) ?? {};
+  const ownedKeys = {};
+  const written = [];
+  const skipped = [];
+  let mutated = false;
+  for (const key of CCC_OWNED_TELEMETRY_KEYS) {
+    if (!(key in vars)) continue;
+    const canonical = String(vars[key]);
+    const current = env[key];
+    if (current === void 0) {
+      env[key] = canonical;
+      ownedKeys[key] = canonical;
+      written.push(key);
+      mutated = true;
+    } else if (current === canonical) {
+      if (priorOwned[key] === canonical) {
+        ownedKeys[key] = canonical;
+        written.push(key);
+      } else {
+        skipped.push(key);
       }
+    } else {
+      skipped.push(key);
     }
   }
-  return collectedDataPoints;
-}
-function normalizeModelId(rawModelId) {
-  if (typeof rawModelId !== "string") return rawModelId;
-  const withoutContextSuffix = rawModelId.replace(/\[.*\]$/, "");
-  const dottedVersion = withoutContextSuffix.replace(
-    /^(claude-[a-z]+-\d+)-(\d+)$/,
-    "$1.$2"
-  );
-  return dottedVersion;
-}
-function idempotencyKeyFor(rawSourceLine, email, rawModel, sessionId, indexWithinLine) {
-  return createHash2("sha256").update(
-    `${rawSourceLine}|${email}|${rawModel}|${sessionId ?? ""}|${indexWithinLine}`
-  ).digest("hex");
+  let backupPath = null;
+  if (mutated) {
+    if (!hadEnv) settings.env = env;
+    if (fileExists) backupPath = backupClaudeSettings(settingsPath);
+    mkdirSync(dirname(settingsPath), { recursive: true });
+    writeFileSync2(settingsPath, JSON.stringify(settings, null, 2) + "\n");
+    log(
+      `Wrote ${written.length} telemetry setting(s) into ${settingsPath}` + (backupPath ? ` (backup at ${backupPath}).` : ".")
+    );
+  } else {
+    log(`No changes needed in ${settingsPath} - telemetry already in place.`);
+  }
+  writeClaudeSettingsOwnership(ownershipPath, ownedKeys);
+  if (skipped.length) {
+    log(
+      `Left ${skipped.length} setting(s) you already had in place untouched: ` + skipped.join(", ")
+    );
+  }
+  return { written, skipped, backupPath };
 }
-function buildMarginFrontRequestBody(parsedOtlp, options = {}) {
-  const foldCache = options.foldCache === true;
-  const fallbackCustomerId = typeof options.fallbackCustomerId === "string" && options.fallbackCustomerId.length > 0 ? options.fallbackCustomerId : null;
-  const developerOverride = options.developerOverride;
-  const tokenDataPoints = collectDataPointsForMetric(
-    parsedOtlp,
-    "claude_code.token.usage"
-  );
-  const costDataPoints = collectDataPointsForMetric(
-    parsedOtlp,
-    "claude_code.cost.usage"
-  );
-  const groupsByKey = /* @__PURE__ */ new Map();
-  function makeGroupKey(email, model, sessionId) {
-    return `${email}
-${model}
-${sessionId}`;
+function removeClaudeTelemetrySettings({
+  settingsPath = CLAUDE_SETTINGS_PATH,
+  ownershipPath = CLAUDE_SETTINGS_OWNERSHIP_PATH,
+  log = console.log
+} = {}) {
+  const removed = [];
+  const kept = [];
+  const owned = readClaudeSettingsOwnership(ownershipPath);
+  if (owned === null) {
+    log(
+      `Nothing to undo: no MarginFront ownership record found at ${ownershipPath} (either it was never written, or it's already been removed).`
+    );
+    return { removed, kept, backupPath: null };
   }
-  for (const dataPoint of tokenDataPoints) {
-    const attributes = attributesToLookup(dataPoint.attributes);
-    const email = developerOverride || attributes["user.email"] || fallbackCustomerId;
-    const rawModel = attributes["model"];
-    const sessionId = attributes["session.id"];
-    const tokenType = attributes["type"];
-    const tokenCount = dataPointTokenCount(dataPoint);
-    if (!email || !rawModel || !sessionId) continue;
-    const groupKey = makeGroupKey(email, rawModel, sessionId);
-    let group = groupsByKey.get(groupKey);
-    if (!group) {
-      group = {
-        email,
-        rawModel,
-        sessionId,
-        inputTokens: 0,
-        outputTokens: 0,
-        cacheReadTokens: 0,
-        cacheCreationTokens: 0
-      };
-      groupsByKey.set(groupKey, group);
-    }
-    if (tokenType === "input") {
-      group.inputTokens += tokenCount;
-    } else if (tokenType === "output") {
-      group.outputTokens += tokenCount;
-    } else if (tokenType === "cacheRead") {
-      group.cacheReadTokens += tokenCount;
-    } else if (tokenType === "cacheCreation") {
-      group.cacheCreationTokens += tokenCount;
-    }
+  if (!existsSync2(settingsPath)) {
+    log(
+      `Nothing to undo: ${settingsPath} doesn't exist. Removing the stale ownership record.`
+    );
+    rmSync2(ownershipPath, { force: true });
+    return { removed, kept, backupPath: null };
   }
-  function findCostForGroup(email, rawModel, sessionId) {
-    for (const costPoint of costDataPoints) {
-      const costAttributes = attributesToLookup(costPoint.attributes);
-      const costEmail = developerOverride || costAttributes["user.email"] || fallbackCustomerId;
-      if (costEmail === email && costAttributes["model"] === rawModel && costAttributes["session.id"] === sessionId) {
-        return typeof costPoint.asDouble === "number" ? costPoint.asDouble : null;
-      }
-    }
-    return null;
+  let parsed;
+  try {
+    parsed = JSON.parse(readFileSync2(settingsPath, "utf8"));
+  } catch {
+    log(
+      `Could not undo cleanly: ${settingsPath} isn't valid JSON right now, so we left it untouched. Fix the JSON and re-run uninstall, or remove the telemetry keys by hand.`
+    );
+    return { removed, kept, backupPath: null };
   }
-  const records = [];
-  for (const group of groupsByKey.values()) {
-    const cacheReadTokens = group.cacheReadTokens;
-    const cacheCreationTokens = group.cacheCreationTokens;
-    const cacheTokens = cacheReadTokens + cacheCreationTokens;
-    const billedInputTokens = foldCache ? group.inputTokens + cacheTokens : group.inputTokens;
-    if (group.inputTokens === 0 && group.outputTokens === 0 && cacheTokens === 0)
-      continue;
-    const claudeCodeCostUsd = findCostForGroup(
-      group.email,
-      group.rawModel,
-      group.sessionId
+  if (!isPlainObject(parsed)) {
+    log(
+      `Could not undo cleanly: ${settingsPath} isn't a JSON object, so we left it untouched.`
     );
-    const record = {
-      // Per-developer attribution: the developer's email IS the customer id (or the
-      // no-identity placeholder).
-      customerExternalId: group.email,
-      agentCode: AGENT_CODE,
-      signalName: SIGNAL_NAME,
-      model: normalizeModelId(group.rawModel),
-      modelProvider: MODEL_PROVIDER,
-      inputTokens: billedInputTokens,
-      outputTokens: group.outputTokens,
-      environment: ENVIRONMENT,
-      // usageDate omitted so MarginFront defaults it to "now."
-      metadata: {
-        sessionId: group.sessionId,
-        rawModel: group.rawModel,
-        // Raw cache numbers ALWAYS recorded (audit), whether typed or folded.
-        cacheReadTokens,
-        cacheCreationTokens,
-        // Whether inputTokens includes cache (fold) or not (default).
-        cacheFoldedIntoInput: foldCache,
-        // Claude Code's own cache-accurate cost - reconciliation ground truth,
-        // not the billed figure.
-        claudeCodeCostUsd
-      }
-    };
-    if (!foldCache) {
-      record.cacheReadTokens = cacheReadTokens;
-      record.cacheWriteTokens = cacheCreationTokens;
-    }
-    if (options.rawSourceLine !== void 0) {
-      record.idempotencyKey = idempotencyKeyFor(
-        options.rawSourceLine,
-        group.email,
-        group.rawModel,
-        group.sessionId,
-        records.length
-      );
+    return { removed, kept, backupPath: null };
+  }
+  const settings = parsed;
+  const env = isPlainObject(settings.env) ? settings.env : null;
+  let mutated = false;
+  for (const [key, canonical] of Object.entries(owned)) {
+    if (env && env[key] === canonical) {
+      delete env[key];
+      removed.push(key);
+      mutated = true;
+    } else {
+      kept.push(key);
     }
-    records.push(record);
   }
-  return { records };
+  if (env && Object.keys(env).length === 0) {
+    delete settings.env;
+    mutated = true;
+  }
+  let backupPath = null;
+  if (mutated) {
+    backupPath = backupClaudeSettings(settingsPath);
+    writeFileSync2(settingsPath, JSON.stringify(settings, null, 2) + "\n");
+    log(
+      `Removed ${removed.length} MarginFront telemetry setting(s) from ${settingsPath} (backup at ${backupPath}).`
+    );
+  } else {
+    log(
+      `Nothing to remove from ${settingsPath} - the telemetry keys were already gone or you'd changed them (left untouched).`
+    );
+  }
+  rmSync2(ownershipPath, { force: true });
+  return { removed, kept, backupPath };
 }
-function logAttributesToLookup(attributeList) {
-  const lookup = {};
-  if (!Array.isArray(attributeList)) return lookup;
-  for (const attribute of attributeList) {
-    if (attribute && typeof attribute.key === "string" && attribute.value) {
-      lookup[attribute.key] = attribute.value;
-    }
+function isPidAlive(pid) {
+  if (!pid || !Number.isInteger(pid)) return false;
+  try {
+    process2.kill(pid, 0);
+    return true;
+  } catch (err) {
+    return err?.code === "EPERM";
   }
-  return lookup;
 }
-function logAttrString(value) {
-  if (value && typeof value.stringValue === "string") return value.stringValue;
-  return void 0;
-}
-function logAttrTokenCount(value) {
-  if (value == null) return 0;
-  if (value.intValue !== void 0 && value.intValue !== null) {
-    const parsed = parseInt(String(value.intValue), 10);
-    return Number.isFinite(parsed) ? parsed : 0;
+function readCollectorPid() {
+  if (!existsSync2(COLLECTOR_PID_PATH)) return null;
+  try {
+    const pid = parseInt(readFileSync2(COLLECTOR_PID_PATH, "utf8").trim(), 10);
+    return Number.isInteger(pid) ? pid : null;
+  } catch {
+    return null;
   }
-  if (value.doubleValue !== void 0 && value.doubleValue !== null) {
-    const parsed = Math.round(Number(value.doubleValue));
-    return Number.isFinite(parsed) ? parsed : 0;
+}
+function startCollector({ log = console.log } = {}) {
+  const existing = readCollectorPid();
+  if (isPidAlive(existing)) {
+    log(`Collector already running (pid ${existing}).`);
+    return { pid: existing, startedByUs: false };
   }
-  if (typeof value.stringValue === "string") {
-    const parsed = parseInt(value.stringValue, 10);
-    return Number.isFinite(parsed) ? parsed : 0;
+  if (!existsSync2(COLLECTOR_BIN_PATH)) {
+    throw new Error(
+      "Collector binary is missing. Run `npx @marginfront/code-cost-clarity init` first."
+    );
   }
-  return 0;
-}
-function isCodexUsageRecord(lookup, eventName) {
-  if (eventName === CODEX_USAGE_EVENT_NAME) return true;
-  return CODEX_TOKEN_KEYS.some((key) => lookup[key] !== void 0);
+  const logFd = openSync2(COLLECTOR_LOG_PATH, "a");
+  const child = spawn(COLLECTOR_BIN_PATH, ["--config", COLLECTOR_CONFIG_PATH], {
+    cwd: CONFIG_DIR,
+    detached: true,
+    stdio: ["ignore", logFd, logFd]
+  });
+  child.unref();
+  writeFileSync2(COLLECTOR_PID_PATH, String(child.pid));
+  log(`Started collector (pid ${child.pid}); logs at ${COLLECTOR_LOG_PATH}.`);
+  return { pid: child.pid, startedByUs: true };
 }
-function buildCodexRequestBody(parsedOtlp, options = {}) {
-  const foldCache = options.foldCache === true;
-  const fallbackCustomerId = typeof options.fallbackCustomerId === "string" && options.fallbackCustomerId.length > 0 ? options.fallbackCustomerId : CODEX_NO_IDENTITY_CUSTOMER;
-  const developerOverride = options.developerOverride;
-  const records = [];
-  const resourceLogsList = parsedOtlp?.resourceLogs;
-  if (!Array.isArray(resourceLogsList)) return { records };
-  for (const resourceLog of resourceLogsList) {
-    const scopeLogsList = resourceLog?.scopeLogs;
-    if (!Array.isArray(scopeLogsList)) continue;
-    for (const scopeLog of scopeLogsList) {
-      const logRecordsList = scopeLog?.logRecords;
-      if (!Array.isArray(logRecordsList)) continue;
-      for (const logRecord of logRecordsList) {
-        const lookup = logAttributesToLookup(logRecord?.attributes);
-        const eventName = logAttrString(lookup["event.name"]) ?? logAttrString(logRecord?.body);
-        if (toolResultSource(eventName) !== null) continue;
-        if (!isCodexUsageRecord(lookup, eventName)) continue;
-        const rawModel = logAttrString(lookup["model"]);
-        if (!rawModel) continue;
-        if (CODEX_EXCLUDED_MODELS.has(rawModel.trim().toLowerCase())) continue;
-        const email = developerOverride || logAttrString(lookup["user.email"]) || fallbackCustomerId;
-        if (!email) continue;
-        const sessionId = logAttrString(lookup["session.id"]) ?? logAttrString(lookup["conversation.id"]) ?? logAttrString(lookup["session_id"]) ?? null;
-        const inputCount = logAttrTokenCount(lookup[CODEX_INPUT_TOKEN_KEY]);
-        const outputCount = logAttrTokenCount(lookup[CODEX_OUTPUT_TOKEN_KEY]);
-        const cachedCount = logAttrTokenCount(lookup[CODEX_CACHED_TOKEN_KEY]);
-        const reasoningCount = logAttrTokenCount(
-          lookup[CODEX_REASONING_TOKEN_KEY]
-        );
-        const toolCount = logAttrTokenCount(lookup[CODEX_TOOL_TOKEN_KEY]);
-        if (inputCount === 0 && outputCount === 0 && cachedCount === 0)
-          continue;
-        const freshInputTokens = Math.max(0, inputCount - cachedCount);
-        const billedInputTokens = foldCache ? inputCount : freshInputTokens;
-        const record = {
-          customerExternalId: email,
-          agentCode: AGENT_CODE_CODEX,
-          signalName: SIGNAL_NAME_CODEX,
-          model: normalizeModelId(rawModel),
-          modelProvider: MODEL_PROVIDER_CODEX,
-          inputTokens: billedInputTokens,
-          // Reasoning is ALREADY inside this number - do NOT add it again.
-          outputTokens: outputCount,
-          environment: ENVIRONMENT,
-          // usageDate omitted so MarginFront defaults it to "now."
-          metadata: {
-            source: "codex",
-            sessionId,
-            rawModel,
-            // Audit-only - nested inside input/output already, never added to the
-            // billed tokens; recorded to prove we didn't drop anything.
-            cachedTokens: cachedCount,
-            reasoningTokens: reasoningCount,
-            toolTokens: toolCount,
-            cacheFoldedIntoInput: foldCache
-          }
-        };
-        if (!foldCache) {
-          record.cacheReadTokens = cachedCount;
-        }
-        if (options.rawSourceLine !== void 0) {
-          record.idempotencyKey = idempotencyKeyFor(
-            options.rawSourceLine,
-            email,
-            rawModel,
-            sessionId,
-            records.length
-          );
-        }
-        records.push(record);
-      }
-    }
+function stopCollector({
+  log = console.log
+} = {}) {
+  const pid = readCollectorPid();
+  if (!isPidAlive(pid)) {
+    if (existsSync2(COLLECTOR_PID_PATH))
+      rmSync2(COLLECTOR_PID_PATH, { force: true });
+    log("No running collector found.");
+    return false;
   }
-  return { records };
-}
-function toolResultSource(eventName) {
-  if (!eventName) return null;
-  if (eventName === CODEX_TOOL_RESULT_EVENT) return "codex";
-  if (eventName === CLAUDE_TOOL_RESULT_EVENT || eventName === "tool_result") {
-    return "claude-code";
+  try {
+    process2.kill(pid);
+    log(`Stopped collector (pid ${pid}).`);
+  } catch (err) {
+    log(`Could not stop collector (pid ${pid}): ${err.message}`);
   }
-  return null;
+  rmSync2(COLLECTOR_PID_PATH, { force: true });
+  return true;
 }
-function buildToolUsageRecords(parsedOtlp, options = {}) {
-  const fallbackCustomerId = typeof options.fallbackCustomerId === "string" && options.fallbackCustomerId.length > 0 ? options.fallbackCustomerId : CODEX_NO_IDENTITY_CUSTOMER;
-  const developerOverride = options.developerOverride;
-  const records = [];
-  const resourceLogsList = parsedOtlp?.resourceLogs;
-  if (!Array.isArray(resourceLogsList)) return { records };
-  const groups = /* @__PURE__ */ new Map();
-  for (const resourceLog of resourceLogsList) {
-    const scopeLogsList = resourceLog?.scopeLogs;
-    if (!Array.isArray(scopeLogsList)) continue;
-    for (const scopeLog of scopeLogsList) {
-      const logRecordsList = scopeLog?.logRecords;
-      if (!Array.isArray(logRecordsList)) continue;
-      for (const logRecord of logRecordsList) {
-        const lookup = logAttributesToLookup(logRecord?.attributes);
-        const eventName = logAttrString(lookup["event.name"]) ?? logAttrString(logRecord?.body);
-        const source = toolResultSource(eventName);
-        if (!source) continue;
-        let toolName;
-        for (const key of TOOL_NAME_KEYS) {
-          const candidate = logAttrString(lookup[key]);
-          if (candidate) {
-            toolName = candidate;
-            break;
-          }
-        }
-        if (!toolName) continue;
-        if (BUILTIN_NONBILLABLE_TOOLS.has(toolName)) continue;
-        const email = developerOverride || logAttrString(lookup["user.email"]) || fallbackCustomerId;
-        if (!email) continue;
-        const sessionId = logAttrString(lookup["session.id"]) ?? logAttrString(lookup["conversation.id"]) ?? logAttrString(lookup["session_id"]) ?? null;
-        const groupKey = `${email}
-${sessionId ?? ""}
-${source}
-${toolName}`;
-        let group = groups.get(groupKey);
-        if (!group) {
-          group = {
-            email,
-            sessionId,
-            telemetrySource: source,
-            toolName,
-            count: 0
-          };
-          groups.set(groupKey, group);
-        }
-        group.count += 1;
-      }
-    }
-  }
-  for (const group of groups.values()) {
-    if (group.count === 0) continue;
-    const isCodex = group.telemetrySource === "codex";
-    const record = {
-      customerExternalId: group.email,
-      agentCode: isCodex ? AGENT_CODE_CODEX : AGENT_CODE,
-      signalName: isCodex ? SIGNAL_NAME_TOOL_CODEX : SIGNAL_NAME_TOOL,
-      // Raw tool NAME as the service id, verbatim - NOT through normalizeModelId
-      // (that's Claude-LLM-name-specific). Catalog matches (model=tool name,
-      // modelProvider="tool").
-      model: group.toolName,
-      modelProvider: MODEL_PROVIDER_TOOL,
-      // Billing volume = times this tool fired this flush; no token fields (not an
-      // LLM turn). Server prices quantity x unitPrice.
-      quantity: group.count,
-      environment: ENVIRONMENT,
-      metadata: {
-        source: "tool",
-        sessionId: group.sessionId,
-        toolName: group.toolName,
-        telemetrySource: group.telemetrySource,
-        estimated: true
-      }
-    };
-    if (options.rawSourceLine !== void 0) {
-      record.idempotencyKey = idempotencyKeyFor(
-        options.rawSourceLine,
-        group.email,
-        `tool:${group.toolName}`,
-        group.sessionId,
-        records.length
-      );
-    }
-    records.push(record);
+var PLIST_LABEL = "ai.marginfront.ccc";
+var PLIST_PATH = join(
+  homedir(),
+  "Library",
+  "LaunchAgents",
+  PLIST_LABEL + ".plist"
+);
+var DAEMON_CLI_PATH = join(CONFIG_DIR, "cli.js");
+var DAEMON_STDOUT_LOG_PATH = join(CONFIG_DIR, "forwarder.out.log");
+var DAEMON_STDERR_LOG_PATH = join(CONFIG_DIR, "forwarder.err.log");
+function defaultLaunchctlRunner(args) {
+  const result = spawnSync("launchctl", args, { encoding: "utf8" });
+  return {
+    // A spawn error (e.g. launchctl missing on a non-mac) leaves status null; we
+    // treat that as a failure so callers don't read it as "succeeded."
+    status: typeof result.status === "number" ? result.status : 1,
+    stdout: result.stdout ?? "",
+    stderr: result.stderr ?? ""
+  };
+}
+function setDesktopGuiEnv(runLaunchctl = defaultLaunchctlRunner) {
+  for (const key of CCC_OWNED_TELEMETRY_KEYS) {
+    runLaunchctl(["setenv", key, CCC_TELEMETRY_VALUES[key]]);
   }
-  return { records };
 }
-function buildRequestBodyForLine(parsedOtlp, options = {}) {
-  if (parsedOtlp && Array.isArray(parsedOtlp.resourceLogs)) {
-    const codexOptions = options.fallbackCustomerId === NO_IDENTITY_CUSTOMER ? { ...options, fallbackCustomerId: CODEX_NO_IDENTITY_CUSTOMER } : options;
-    const tokenBody = buildCodexRequestBody(parsedOtlp, codexOptions);
-    const toolBody = buildToolUsageRecords(parsedOtlp, codexOptions);
-    return { records: [...tokenBody.records, ...toolBody.records] };
+function unsetDesktopGuiEnv(runLaunchctl = defaultLaunchctlRunner) {
+  for (const key of CCC_OWNED_TELEMETRY_KEYS) {
+    runLaunchctl(["unsetenv", key]);
   }
-  return buildMarginFrontRequestBody(parsedOtlp, options);
 }
-function readAndParseOtlpFile(inputFilePath) {
-  if (!existsSync2(inputFilePath)) {
-    console.error(
-      `Could not read/parse ${inputFilePath}: file does not exist. Check the path and try again.`
+function currentUid() {
+  return typeof process2.getuid === "function" ? process2.getuid() : 0;
+}
+function escapeXml(value) {
+  return value.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&apos;");
+}
+function renderDaemonPlist({
+  nodePath,
+  cliPath
+}) {
+  return `<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+  <key>Label</key>
+  <string>${escapeXml(PLIST_LABEL)}</string>
+  <key>ProgramArguments</key>
+  <array>
+    <string>${escapeXml(nodePath)}</string>
+    <string>${escapeXml(cliPath)}</string>
+    <string>run</string>
+  </array>
+  <key>WorkingDirectory</key>
+  <string>${escapeXml(CONFIG_DIR)}</string>
+  <key>RunAtLoad</key>
+  <true/>
+  <key>KeepAlive</key>
+  <true/>
+  <key>StandardOutPath</key>
+  <string>${escapeXml(DAEMON_STDOUT_LOG_PATH)}</string>
+  <key>StandardErrorPath</key>
+  <string>${escapeXml(DAEMON_STDERR_LOG_PATH)}</string>
+</dict>
+</plist>
+`;
+}
+var INSTALL_BOOTOUT_WAIT_ATTEMPTS = 20;
+var INSTALL_BOOTOUT_WAIT_MS = 100;
+var INSTALL_BOOTSTRAP_RETRY_MS = 250;
+function blockingSleep(ms) {
+  if (ms <= 0) return;
+  Atomics.wait(new Int32Array(new SharedArrayBuffer(4)), 0, 0, ms);
+}
+function installDaemon(options = {}) {
+  const runLaunchctl = options.runLaunchctl ?? defaultLaunchctlRunner;
+  const log = options.log ?? console.log;
+  const nodePath = options.nodePath ?? process2.execPath;
+  const sourceCliPath = options.sourceCliPath ?? fileURLToPath(import.meta.url);
+  const daemonCliPath = options.daemonCliPath ?? DAEMON_CLI_PATH;
+  const plistPath = options.plistPath ?? PLIST_PATH;
+  const uid = options.uid ?? currentUid();
+  const sleep = options.sleep ?? blockingSleep;
+  if (nodePath === "npx" || nodePath.endsWith("/npx")) {
+    throw new Error(
+      "Refusing to install the background daemon with 'npx' as its program.\nWhat happened: the daemon must be pinned to the real node binary (process.execPath), because npx runs from a temporary cache that gets cleaned up - a daemon pointed at npx would crash-loop once that cache is gone.\nFix: this is an internal error; the daemon should always be installed with process.execPath. Re-run `start` from the npx-installed CLI."
     );
-    process2.exit(1);
   }
-  let fileText;
-  try {
-    fileText = readFileSync2(inputFilePath, "utf8");
-  } catch (readError) {
-    console.error(
-      `Could not read/parse ${inputFilePath}: ${readError.message}`
+  mkdirSync(dirname(daemonCliPath), { recursive: true });
+  copyFileSync(sourceCliPath, daemonCliPath);
+  log(
+    `Copied the meter program to ${daemonCliPath} (a stable copy that survives npx cleanup).`
+  );
+  mkdirSync(dirname(plistPath), { recursive: true });
+  writeFileSync2(
+    plistPath,
+    renderDaemonPlist({ nodePath, cliPath: daemonCliPath })
+  );
+  log(`Wrote the background-job definition to ${plistPath}.`);
+  const domainTarget = `gui/${uid}`;
+  const serviceTarget = `gui/${uid}/${PLIST_LABEL}`;
+  const alreadyLoaded = runLaunchctl(["print", serviceTarget]).status === 0;
+  let reloaded = false;
+  if (alreadyLoaded) {
+    log(
+      "A background meter is already loaded - reloading it with the new settings."
     );
-    process2.exit(1);
+    runLaunchctl(["bootout", serviceTarget]);
+    reloaded = true;
+    for (let attempt = 0; attempt < INSTALL_BOOTOUT_WAIT_ATTEMPTS; attempt++) {
+      if (runLaunchctl(["print", serviceTarget]).status !== 0) break;
+      sleep(INSTALL_BOOTOUT_WAIT_MS);
+    }
   }
-  try {
-    return JSON.parse(fileText);
-  } catch {
-    console.error(
-      `Could not read/parse ${inputFilePath}: the file is not valid JSON. Make sure it is an OTLP/JSON export line (Claude Code metrics or Codex logs), not raw text.`
+  runLaunchctl(["enable", serviceTarget]);
+  let bootstrap = runLaunchctl(["bootstrap", domainTarget, plistPath]);
+  if (bootstrap.status !== 0) {
+    sleep(INSTALL_BOOTSTRAP_RETRY_MS);
+    bootstrap = runLaunchctl(["bootstrap", domainTarget, plistPath]);
+  }
+  if (bootstrap.status !== 0) {
+    throw new Error(
+      `Could not start the background meter (launchctl bootstrap failed).
+What happened: macOS refused to load the job at ${plistPath}.
+` + (bootstrap.stderr ? `launchctl said: ${bootstrap.stderr.trim()}
+` : "") + `Running CCC version: ${CCC_PACKAGE_VERSION}.
+Fix: run \`npx @marginfront/code-cost-clarity@latest status\` to see the current state, or \`stop\` then \`start\` again. The @latest pin makes sure a stale npx cache isn't hiding the real version. If it keeps failing, confirm you're on macOS and that ${plistPath} looks like valid XML.`
     );
-    process2.exit(1);
   }
+  log("The background meter is loaded and will start at login from now on.");
+  return { reloaded, plistPath, daemonCliPath };
 }
-async function postToMarginFront(requestBody) {
-  const apiKey = process2.env.MARGINFRONT_API_KEY;
-  if (!apiKey) {
-    return { ok: false, reason: "no-key" };
-  }
-  let response;
-  try {
-    response = await fetch(MARGINFRONT_INGEST_URL, {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        // MarginFront authenticates with x-api-key, NOT Bearer/Authorization.
-        "x-api-key": apiKey,
-        // This User-Agent is what lets the server tag these events as source='ccc'
-        // instead of the generic 'api' fallback. Without it, PostHog dashboards
-        // can't distinguish "developer paying for AI tokens via CCC" traffic from
-        // raw API clients - every CCC event would be mislabelled as source='api'.
-        "User-Agent": `@marginfront/code-cost-clarity/${CCC_PACKAGE_VERSION}`
-      },
-      body: JSON.stringify(requestBody)
-    });
-  } catch (networkError) {
-    return {
-      ok: false,
-      reason: "network",
-      message: networkError.message
-    };
-  }
-  const responseText = await response.text();
-  if (!response.ok) {
-    return {
-      ok: false,
-      reason: "http",
-      status: response.status,
-      body: responseText
-    };
-  }
-  let parsed = null;
-  try {
-    parsed = JSON.parse(responseText);
-  } catch {
-    parsed = null;
+var CCC_LABEL_PATTERN = /^ai\.marginfront\.ccc(\.|$)/;
+function defaultLaunchdLabelLister(runLaunchctl, uid) {
+  const labels = /* @__PURE__ */ new Set();
+  const list = runLaunchctl(["list"]);
+  if (list.status === 0) {
+    for (const line of list.stdout.split("\n")) {
+      const label = (line.split("	")[2] ?? "").trim();
+      if (label) labels.add(label);
+    }
   }
-  return { ok: true, parsed, body: responseText };
-}
-function successRowsFrom(parsed) {
-  const rows = parsed?.results?.success;
-  return Array.isArray(rows) ? rows : [];
-}
-function readWatchCursor(cursorPath) {
-  if (!cursorPath || !existsSync2(cursorPath)) return 0;
-  try {
-    const parsed = parseInt(readFileSync2(cursorPath, "utf8").trim(), 10);
-    return Number.isInteger(parsed) && parsed >= 0 ? parsed : 0;
-  } catch {
-    return 0;
+  const disabled = runLaunchctl(["print-disabled", `gui/${uid}`]);
+  if (disabled.status === 0) {
+    const quoted = /"([^"]+)"\s*=>/g;
+    let match;
+    while ((match = quoted.exec(disabled.stdout)) !== null) {
+      labels.add(match[1]);
+    }
   }
+  return [...labels];
 }
-function writeWatchCursor(cursorPath, byteOffset) {
-  if (!cursorPath) return;
-  try {
-    writeFileSync2(cursorPath, String(byteOffset));
-  } catch {
+function uninstallDaemon(options = {}) {
+  const runLaunchctl = options.runLaunchctl ?? defaultLaunchctlRunner;
+  const log = options.log ?? console.log;
+  const daemonCliPath = options.daemonCliPath ?? DAEMON_CLI_PATH;
+  const plistPath = options.plistPath ?? PLIST_PATH;
+  const uid = options.uid ?? currentUid();
+  const listLabels = options.labelLister ?? defaultLaunchdLabelLister;
+  const toBootOut = /* @__PURE__ */ new Set([PLIST_LABEL]);
+  for (const label of listLabels(runLaunchctl, uid)) {
+    if (CCC_LABEL_PATTERN.test(label)) toBootOut.add(label);
   }
-}
-function readNewCompleteLines(filePath, fromByte) {
-  if (!existsSync2(filePath)) return { lines: [], nextCursor: fromByte };
-  let size;
-  try {
-    size = statSync(filePath).size;
-  } catch {
-    return { lines: [], nextCursor: fromByte };
+  for (const label of toBootOut) {
+    runLaunchctl(["bootout", `gui/${uid}/${label}`]);
   }
-  let start = fromByte;
-  if (size < start) start = 0;
-  if (size === start) return { lines: [], nextCursor: start };
-  const length = size - start;
-  const buffer = Buffer.alloc(length);
-  let bytesRead = 0;
-  let fd;
-  try {
-    fd = openSync2(filePath, "r");
-    bytesRead = readSync(fd, buffer, 0, length, start);
-  } catch {
-    return { lines: [], nextCursor: fromByte };
-  } finally {
-    if (fd !== void 0) closeSync(fd);
+  if (existsSync2(plistPath)) {
+    rmSync2(plistPath, { force: true });
+    log(`Removed the background-job definition at ${plistPath}.`);
   }
-  const chunk = buffer.subarray(0, bytesRead);
-  const lastNewline = chunk.lastIndexOf(10);
-  if (lastNewline === -1) {
-    return { lines: [], nextCursor: start };
+  if (existsSync2(daemonCliPath)) {
+    rmSync2(daemonCliPath, { force: true });
+    log(`Removed the meter program copy at ${daemonCliPath}.`);
   }
-  const completeText = chunk.subarray(0, lastNewline + 1).toString("utf8");
-  const nextCursor = start + lastNewline + 1;
-  const parts = completeText.split("\n");
-  parts.pop();
-  return { lines: parts, nextCursor };
 }
-var MAX_QUEUE_RECORDS = 1e4;
-var MAX_RECORDS_PER_DRAIN = 100;
-var QUEUE_BACKOFF_START_MS = 2e3;
-var QUEUE_BACKOFF_MAX_MS = 6e4;
-var COLLECTOR_REVIVE_BACKOFF_MS = 3e4;
-function maybeReviveCollector(deps, nextReviveAllowedAt, backoffMs) {
-  if (deps.isCollectorAlive()) return nextReviveAllowedAt;
-  const now = deps.now();
-  if (now < nextReviveAllowedAt) return nextReviveAllowedAt;
-  const log = deps.log ?? console.error;
-  const updatedReviveAllowedAt = now + backoffMs;
-  log("collector was down, restarted it");
-  try {
-    deps.reviveCollector();
-  } catch (err) {
-    log(`collector revive attempt failed: ${err.message}`);
-  }
-  return updatedReviveAllowedAt;
+function bootoutDaemon(options = {}) {
+  const runLaunchctl = options.runLaunchctl ?? defaultLaunchctlRunner;
+  const uid = options.uid ?? currentUid();
+  const result = runLaunchctl(["bootout", `gui/${uid}/${PLIST_LABEL}`]);
+  return result.status === 0;
 }
-function isRetryablePostResult(result) {
-  if (result.ok) return false;
-  if (result.reason === "network") return true;
-  if (result.reason === "no-key") return false;
-  if (result.reason === "http") {
-    return result.status === 429 || result.status >= 500;
+function parseDaemonPrint(result) {
+  if (result.status !== 0) {
+    return { loaded: false, running: false, pid: null };
   }
-  return false;
+  const out = result.stdout;
+  const running = /\bstate\s*=\s*running\b/.test(out);
+  const pidMatch = out.match(/\bpid\s*=\s*(\d+)/);
+  const pid = pidMatch ? parseInt(pidMatch[1], 10) : null;
+  return { loaded: true, running, pid };
 }
-function readQueue(queuePath) {
-  if (!queuePath || !existsSync2(queuePath)) return [];
+function queryDaemonStatus(options = {}) {
+  const runLaunchctl = options.runLaunchctl ?? defaultLaunchctlRunner;
+  const uid = options.uid ?? currentUid();
+  return parseDaemonPrint(runLaunchctl(["print", `gui/${uid}/${PLIST_LABEL}`]));
+}
+function readLastLines(path, maxLines) {
+  if (!existsSync2(path)) return [];
   let text;
   try {
-    text = readFileSync2(queuePath, "utf8");
+    text = readFileSync2(path, "utf8");
   } catch {
     return [];
   }
-  const out = [];
-  for (const line of text.split("\n")) {
-    const trimmed = line.trim();
-    if (!trimmed) continue;
-    try {
-      out.push(JSON.parse(trimmed));
-    } catch {
-    }
-  }
-  return out;
+  const lines = text.split("\n");
+  if (lines.length > 0 && lines[lines.length - 1] === "") lines.pop();
+  return lines.slice(-maxLines);
+}
+var ZSHRC_PATH = join(homedir(), ".zshrc");
+function lineSourcesCccEnv(rawLine) {
+  const trimmed = rawLine.trim();
+  if (!trimmed || trimmed.startsWith("#")) return false;
+  if (!/^(source|\.)\s/.test(trimmed)) return false;
+  return trimmed.includes(".marginfront-ccc/.env");
 }
-function appendToQueue(queuePath, records) {
-  if (!queuePath || records.length === 0) return;
-  const payload = records.map((r) => JSON.stringify(r) + "\n").join("");
+function findCccZshrcSourceLines(zshrcPath = ZSHRC_PATH) {
+  if (!existsSync2(zshrcPath)) return { found: false, matchedLines: [] };
+  let text;
   try {
-    appendFileSync(queuePath, payload);
+    text = readFileSync2(zshrcPath, "utf8");
   } catch {
+    return { found: false, matchedLines: [] };
   }
+  const matchedLines = text.split("\n").filter(lineSourcesCccEnv).map((line) => line.trim());
+  return { found: matchedLines.length > 0, matchedLines };
 }
-function writeQueue(queuePath, records) {
-  if (!queuePath) return;
+function removeCccZshrcSourceLine({
+  zshrcPath = ZSHRC_PATH,
+  log = console.log
+} = {}) {
+  if (!existsSync2(zshrcPath)) {
+    log(`Nothing to remove: ${zshrcPath} doesn't exist.`);
+    return { removed: [], backupPath: null };
+  }
+  let text;
   try {
-    if (records.length === 0) {
-      if (existsSync2(queuePath)) rmSync2(queuePath, { force: true });
-      return;
-    }
-    writeFileSync2(
-      queuePath,
-      records.map((r) => JSON.stringify(r) + "\n").join("")
-    );
+    text = readFileSync2(zshrcPath, "utf8");
   } catch {
-  }
-}
-function watchAndForward(filePath, options = {}) {
-  const foldCache = options.foldCache === true;
-  const fallbackCustomerId = options.fallbackCustomerId;
-  const cursorPath = options.cursorPath;
-  const pidFilePath = options.pidFilePath;
-  const developerOverride = resolveDeveloperOverride(process2.env);
-  if (!process2.env.MARGINFRONT_API_KEY) {
-    console.error(
-      "MARGINFRONT_API_KEY is not set. Set it in your shell before watching: export MARGINFRONT_API_KEY=..."
+    log(
+      `Could not read ${zshrcPath}, so I left it untouched - remove the \`source ~/.marginfront-ccc/.env\` line by hand if you like.`
     );
-    process2.exit(1);
-  }
-  if (pidFilePath) {
-    try {
-      writeFileSync2(pidFilePath, String(process2.pid));
-    } catch {
-    }
-  }
-  console.log(
-    `Watching ${filePath} for live Claude Code + Codex usage` + (foldCache ? " (fold-cache: cache tokens rolled into input)" : "") + "\u2026 Ctrl-C to stop."
-  );
-  let cursorBytes = readWatchCursor(cursorPath);
-  let running = false;
-  const queuePath = options.queuePath;
-  let queuedCount = readQueue(queuePath).length;
-  let queueBackoffMs = QUEUE_BACKOFF_START_MS;
-  let nextQueueRetryAt = 0;
-  const hhmmss = () => (/* @__PURE__ */ new Date()).toISOString().slice(11, 19);
-  let nextCollectorReviveAt = 0;
-  const collectorHealDeps = {
-    isCollectorAlive: () => isPidAlive(readCollectorPid()),
-    reviveCollector: () => {
-      startCollector();
-    },
-    now: () => Date.now(),
-    log: (message) => console.error(`[${hhmmss()}] ${message}`)
-  };
-  function logSuccess(body, result, stamp) {
-    if (!result.ok) return;
-    for (const rec of body.records) {
-      const row = successRowsFrom(result.parsed).find(
-        (r) => r?.customerExternalId === rec.customerExternalId
-      );
-      const cost = row?.totalCostUsd != null ? `$${row.totalCostUsd}` : "$?";
-      const eventId = row?.eventId ? ` event=${row.eventId}` : "";
-      const reference = "source" in rec.metadata ? `src=${rec.metadata.source}` : `cc=$${rec.metadata.claudeCodeCostUsd ?? "?"}`;
-      const volume = rec.quantity !== void 0 ? `qty=${rec.quantity} tool=${"toolName" in rec.metadata ? rec.metadata.toolName : "?"}` : `in=${rec.inputTokens} out=${rec.outputTokens}`;
-      console.log(
-        `[${stamp}] recorded ${rec.customerExternalId} \xB7 ${volume} \xB7 server=${cost} \xB7 ${reference}${eventId}`
-      );
-    }
-  }
-  function logFailure(result, stamp) {
-    if (result.ok) return;
-    if (result.reason === "http") {
-      console.error(
-        `[${stamp}] MarginFront HTTP ${result.status}: ${result.body}`
-      );
-    } else if (result.reason === "network") {
-      console.error(
-        `[${stamp}] could not reach MarginFront: ${result.message}`
-      );
-    } else {
-      console.error(`[${stamp}] send failed (${result.reason}).`);
-    }
-  }
-  function enqueueFailed(records, stamp) {
-    const room = Math.max(0, MAX_QUEUE_RECORDS - queuedCount);
-    const toQueue = records.slice(0, room);
-    const shed = records.length - toQueue.length;
-    if (toQueue.length > 0) {
-      appendToQueue(queuePath, toQueue);
-      queuedCount += toQueue.length;
-      console.error(
-        `[${stamp}] send failed - queued ${toQueue.length} record(s) for retry (${queuedCount} now in queue).`
-      );
-    }
-    if (shed > 0) {
-      console.error(
-        `[${stamp}] QUEUE FULL (cap ${MAX_QUEUE_RECORDS}): shed ${shed} record(s) - these turns are LOST. The ingest endpoint has been unreachable for a long time; check connectivity.`
-      );
-    }
-    nextQueueRetryAt = Date.now() + queueBackoffMs;
-    queueBackoffMs = Math.min(queueBackoffMs * 2, QUEUE_BACKOFF_MAX_MS);
+    return { removed: [], backupPath: null };
   }
-  async function drainQueue() {
-    if (!queuePath || queuedCount === 0) return;
-    if (Date.now() < nextQueueRetryAt) return;
-    const queued = readQueue(queuePath);
-    queuedCount = queued.length;
-    if (queued.length === 0) return;
-    const batch = queued.slice(0, MAX_RECORDS_PER_DRAIN);
-    const result = await postToMarginFront({ records: batch });
-    const stamp = hhmmss();
-    if (result.ok) {
-      const remaining = queued.slice(batch.length);
-      writeQueue(queuePath, remaining);
-      queuedCount = remaining.length;
-      queueBackoffMs = QUEUE_BACKOFF_START_MS;
-      nextQueueRetryAt = 0;
-      console.log(
-        `[${stamp}] queue: ${batch.length} retried record(s) landed \xB7 ${remaining.length} still queued.`
-      );
-    } else if (isRetryablePostResult(result)) {
-      logFailure(result, stamp);
-      const waitMs = queueBackoffMs;
-      nextQueueRetryAt = Date.now() + waitMs;
-      queueBackoffMs = Math.min(queueBackoffMs * 2, QUEUE_BACKOFF_MAX_MS);
-      console.error(
-        `[${stamp}] queue: retry failed, ${queued.length} record(s) still queued (next attempt in ~${Math.round(waitMs / 1e3)}s).`
-      );
-    } else {
-      const remaining = queued.slice(batch.length);
-      writeQueue(queuePath, remaining);
-      queuedCount = remaining.length;
-      console.error(
-        `[${stamp}] queue: dropping ${batch.length} record(s) - terminal failure (server rejected them, retrying can't help).`
-      );
-    }
+  const removed = [];
+  const kept = [];
+  for (const line of text.split("\n")) {
+    if (lineSourcesCccEnv(line)) removed.push(line.trim());
+    else kept.push(line);
   }
-  async function processNewLines() {
-    if (running) return;
-    running = true;
-    try {
-      await drainQueue();
-      const { lines, nextCursor } = readNewCompleteLines(filePath, cursorBytes);
-      for (const rawLine of lines) {
-        const line = rawLine.trim();
-        if (!line) continue;
-        let parsed;
-        try {
-          parsed = JSON.parse(line);
-        } catch {
-          console.error("(skipped one telemetry line that wasn't valid JSON)");
-          continue;
-        }
-        const body = buildRequestBodyForLine(parsed, {
-          foldCache,
-          fallbackCustomerId,
-          developerOverride,
-          rawSourceLine: line
-        });
-        if (!body.records.length) continue;
-        const result = await postToMarginFront(body);
-        const stamp = hhmmss();
-        if (!result.ok) {
-          logFailure(result, stamp);
-          if (queuePath && isRetryablePostResult(result)) {
-            enqueueFailed(body.records, stamp);
-          } else if (queuePath) {
-            console.error(
-              `[${stamp}] dropping ${body.records.length} record(s): terminal send failure (not retryable).`
-            );
-          }
-          continue;
-        }
-        logSuccess(body, result, stamp);
-        if (queuedCount > 0) {
-          queueBackoffMs = QUEUE_BACKOFF_START_MS;
-          nextQueueRetryAt = 0;
-        }
-      }
-      if (nextCursor !== cursorBytes) {
-        cursorBytes = nextCursor;
-        writeWatchCursor(cursorPath, cursorBytes);
-      }
-    } finally {
-      running = false;
-    }
+  if (removed.length === 0) {
+    log(`Nothing to remove in ${zshrcPath}: no MarginFront source line found.`);
+    return { removed: [], backupPath: null };
   }
-  processNewLines().catch(
-    (e) => console.error(`watch error: ${e.message}`)
+  const backupPath = `${zshrcPath}.ccc-bak`;
+  copyFileSync(zshrcPath, backupPath);
+  writeFileSync2(zshrcPath, kept.join("\n"));
+  log(
+    `Removed the redundant 'source ~/.marginfront-ccc/.env' line from ${zshrcPath} (backup at ${backupPath}).`
   );
-  const timer = setInterval(() => {
-    nextCollectorReviveAt = maybeReviveCollector(
-      collectorHealDeps,
-      nextCollectorReviveAt,
-      COLLECTOR_REVIVE_BACKOFF_MS
-    );
-    processNewLines().catch(
-      (e) => console.error(`watch error: ${e.message}`)
-    );
-  }, WATCH_POLL_MS);
-  return function stop() {
-    clearInterval(timer);
-    if (pidFilePath) {
-      try {
-        rmSync2(pidFilePath, { force: true });
-      } catch {
-      }
-    }
-  };
+  return { removed, backupPath };
 }
 
 // src/cli.ts
@@ -2268,8 +2315,10 @@ async function cmdStart(deps = {}) {
     errorLog(
       [
         "",
-        `Check again anytime:  npx ${PKG_NAME} status`,
-        `Re-check your MarginFront key (mf_sk_...) with:  npx ${PKG_NAME} init  (then run start again)`
+        // Pin @latest so a stale npx cache can't run an old build that hides the real
+        // version (or a command this build added).
+        `Check again anytime:  npx ${PKG_NAME}@latest status`,
+        `Re-check your MarginFront key (mf_sk_...) with:  npx ${PKG_NAME}@latest init  (then run start again)`
       ].join("\n")
     );
     return 1;
@@ -2299,6 +2348,10 @@ function printDaemonLogTail(label, path) {
   for (const line of lines) console.log(`  ${line}`);
 }
 function cmdStatus() {
+  console.log(`CCC version ${readVersion()}.`);
+  console.log(
+    `  (If a command looks missing, re-run pinned to the latest: npx ${PKG_NAME}@latest status)`
+  );
   const status = queryDaemonStatus();
   if (!status.loaded) {
     console.log(
@@ -2329,9 +2382,12 @@ function cmdPreview(positionals, foldCache) {
     return 1;
   }
   const parsedOtlp = readAndParseOtlpFile(inputFilePath);
+  loadEnvFile();
+  const developerOverride = resolveDeveloperOverride(process3.env);
   const body = buildRequestBodyForLine(parsedOtlp, {
     foldCache,
-    fallbackCustomerId: NO_IDENTITY_CUSTOMER
+    fallbackCustomerId: NO_IDENTITY_CUSTOMER,
+    developerOverride
   });
   console.log(JSON.stringify(body, null, 2));
   const usedFallback = body.records.some(
@@ -2482,12 +2538,31 @@ async function cmdStop() {
   }
   return 0;
 }
-function cmdUninstall(purge, deps = {}) {
+async function cmdUninstall(purge, deps = {}) {
   const log = deps.log ?? console.log;
   const removeDaemon = deps.uninstallDaemon ?? (() => uninstallDaemon({ log }));
   const stopColl = deps.stopCollector ?? (() => {
     stopCollector({ log });
   });
+  const readForwarderPid = deps.readForwarderPid ?? (() => {
+    if (!existsSync3(FORWARDER_PID_PATH)) return null;
+    try {
+      const raw = readFileSync3(FORWARDER_PID_PATH, "utf8").trim();
+      const parsed = parseInt(raw, 10);
+      return Number.isInteger(parsed) ? parsed : null;
+    } catch {
+      return null;
+    }
+  });
+  const isForwarderAlive = deps.isForwarderAlive ?? ((pid) => isPidAlive(pid));
+  const signalForwarder = deps.signalForwarder ?? ((pid, signal) => {
+    try {
+      process3.kill(pid, signal);
+    } catch {
+    }
+  });
+  const sleep = deps.sleep ?? ((ms) => new Promise((r) => setTimeout(r, ms)));
+  const now = deps.now ?? (() => Date.now());
   const removeClaude = deps.removeClaudeTelemetry ?? (() => removeClaudeTelemetrySettings({ log }));
   const removeCodex = deps.removeCodexConfig ?? (() => removeCodexOtelConfig({ log }));
   const removeFile = deps.removeRuntimeFile ?? ((path) => {
@@ -2500,7 +2575,23 @@ function cmdUninstall(purge, deps = {}) {
   const findZshrc = deps.findZshrcLines ?? (() => findCccZshrcSourceLines());
   const unsetDesktop = deps.unsetDesktopEnv ?? (() => unsetDesktopGuiEnv());
   removeDaemon();
-  stopColl();
+  const forwarderPid = readForwarderPid();
+  await stopForwarderThenStopCollector(
+    {
+      isForwarderAlive: () => forwarderPid !== null && isForwarderAlive(forwarderPid),
+      signalForwarder: (signal) => {
+        if (forwarderPid !== null) signalForwarder(forwarderPid, signal);
+      },
+      stopCollector: () => {
+        stopColl();
+      },
+      sleep,
+      now,
+      log
+    },
+    STOP_FORWARDER_POLL_MS,
+    STOP_FORWARDER_TIMEOUT_MS
+  );
   removeClaude();
   removeCodex();
   unsetDesktop();
@@ -2581,7 +2672,7 @@ async function main() {
     case "stop":
       return cmdStop();
     case "uninstall":
-      return cmdUninstall(flags.has("--purge"));
+      return await cmdUninstall(flags.has("--purge"));
     default:
       console.error(`Unknown command "${command}".
 `);