npm - claude-code-limiter - Versions diffs - 1.0.0 - Mend

claude-code-limiter 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2026 Basha
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/bin/cli.js ADDED Viewed

@@ -0,0 +1,174 @@
+#!/usr/bin/env node
+'use strict';
+// ---- Color helpers (no external deps) ----
+const supportsColor = process.stdout.isTTY && !process.env.NO_COLOR;
+const c = {
+  red:    (s) => supportsColor ? `\x1b[31m${s}\x1b[0m` : s,
+  green:  (s) => supportsColor ? `\x1b[32m${s}\x1b[0m` : s,
+  yellow: (s) => supportsColor ? `\x1b[33m${s}\x1b[0m` : s,
+  cyan:   (s) => supportsColor ? `\x1b[36m${s}\x1b[0m` : s,
+  bold:   (s) => supportsColor ? `\x1b[1m${s}\x1b[0m`  : s,
+  dim:    (s) => supportsColor ? `\x1b[2m${s}\x1b[0m`  : s,
+};
+// ---- Help text ----
+const HELP = `
+${c.bold('claude-code-limiter')} - Share one Claude Code subscription across multiple users
+${c.bold('USAGE')}
+  claude-code-limiter <command> [options]
+${c.bold('COMMANDS')}
+  ${c.cyan('setup')}       Install the limiter hook on this machine (requires sudo)
+  ${c.cyan('uninstall')}   Remove all limiter files and restore original settings (requires sudo)
+  ${c.cyan('status')}      Show current usage and limits for this machine's user
+  ${c.cyan('sync')}        Force re-sync config from the server (requires sudo)
+  ${c.cyan('serve')}       Start the limiter server (REST API + dashboard)
+${c.bold('OPTIONS')}
+  --code <CODE>       One-time install code from the admin dashboard (setup only)
+  --server <URL>      Server URL, e.g. https://limiter.example.com (setup only)
+  --port <PORT>       Port for the server to listen on (serve only, default: 3000)
+  --yes, -y           Skip confirmation prompts
+  --help, -h          Show this help message
+${c.bold('EXAMPLES')}
+  ${c.dim('# Install on a user\'s machine (admin gives them the code)')}
+  sudo npx claude-code-limiter setup --code CLM-alice-a8f3e2 --server https://your-server:3000
+  ${c.dim('# Check current usage')}
+  npx claude-code-limiter status
+  ${c.dim('# Force re-sync config from server')}
+  sudo npx claude-code-limiter sync
+  ${c.dim('# Remove the limiter from this machine')}
+  sudo npx claude-code-limiter uninstall
+  ${c.dim('# Start the server')}
+  npx claude-code-limiter serve --port 3000
+  ${c.dim('# Start the server via Docker')}
+  docker run -p 3000:3000 -v data:/data -e ADMIN_PASSWORD=xxx claude-code-limiter
+`.trim();
+// ---- Argument parsing (no external deps, just process.argv) ----
+const argv = process.argv.slice(2);
+function hasFlag(name) {
+  return argv.includes(name);
+}
+function getOption(name) {
+  const idx = argv.indexOf(name);
+  if (idx !== -1 && idx + 1 < argv.length) {
+    return argv[idx + 1];
+  }
+  return undefined;
+}
+// Find the first positional arg (not a flag and not a flag's value)
+function getCommand() {
+  const flagsWithValue = new Set(['--code', '--server', '--port']);
+  const skip = new Set();
+  for (let i = 0; i < argv.length; i++) {
+    if (flagsWithValue.has(argv[i])) {
+      skip.add(i);
+      skip.add(i + 1);
+    }
+  }
+  for (let i = 0; i < argv.length; i++) {
+    if (!skip.has(i) && !argv[i].startsWith('-')) {
+      return argv[i];
+    }
+  }
+  return undefined;
+}
+const showHelp    = hasFlag('--help') || hasFlag('-h');
+const skipConfirm = hasFlag('--yes')  || hasFlag('-y');
+const code        = getOption('--code');
+const server      = getOption('--server');
+const port        = getOption('--port');
+const command     = getCommand();
+// ---- Help / no command ----
+if (showHelp || !command) {
+  console.log(HELP);
+  process.exit(showHelp ? 0 : 1);
+}
+// ---- Error helpers ----
+function die(msg) {
+  console.error(c.red('Error: ') + msg);
+  process.exit(1);
+}
+// ---- Route commands ----
+async function main() {
+  switch (command) {
+    case 'setup': {
+      if (!code) {
+        die('--code is required for setup.\n'
+          + c.dim('Usage: sudo npx claude-code-limiter setup --code <CODE> --server <URL>'));
+      }
+      if (!server) {
+        die('--server is required for setup.\n'
+          + c.dim('Usage: sudo npx claude-code-limiter setup --code <CODE> --server <URL>'));
+      }
+      const installer = require('../src/installer.js');
+      await installer.setup({ code, server, skipConfirm });
+      break;
+    }
+    case 'uninstall': {
+      const installer = require('../src/installer.js');
+      await installer.uninstall({ skipConfirm });
+      break;
+    }
+    case 'status': {
+      const installer = require('../src/installer.js');
+      await installer.status();
+      break;
+    }
+    case 'sync': {
+      const installer = require('../src/installer.js');
+      await installer.sync();
+      break;
+    }
+    case 'serve': {
+      const serverPort = parseInt(port || process.env.PORT || '3000', 10);
+      if (isNaN(serverPort) || serverPort < 1 || serverPort > 65535) {
+        die('Invalid port number. Must be between 1 and 65535.');
+      }
+      const app = require('../../server/src/server/index.js');
+      app.start(serverPort);
+      break;
+    }
+    default:
+      console.error(c.red(`Unknown command: ${command}`));
+      console.log('');
+      console.log(HELP);
+      process.exit(1);
+  }
+}
+main().catch((err) => {
+  console.error(c.red('Fatal error: ') + err.message);
+  if (process.env.DEBUG) {
+    console.error(err.stack);
+  }
+  process.exit(1);
+});

package/package.json ADDED Viewed

@@ -0,0 +1,20 @@
+{
+  "name": "claude-code-limiter",
+  "version": "1.0.0",
+  "description": "Per-user rate limits for Claude Code — share one subscription fairly",
+  "bin": { "claude-code-limiter": "./bin/cli.js" },
+  "files": ["bin/", "src/", "LICENSE"],
+  "engines": { "node": ">=18.0.0" },
+  "license": "MIT",
+  "author": "howincodes",
+  "contributors": [
+    "farisbasha"
+  ],
+  "keywords": ["claude", "claude-code", "rate-limiter", "hooks", "managed-settings", "usage-limits", "quota"],
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/howincodes/claude-code-limiter"
+  },
+  "homepage": "https://github.com/howincodes/claude-code-limiter#readme",
+  "bugs": "https://github.com/howincodes/claude-code-limiter/issues"
+}

package/src/hook.js ADDED Viewed

@@ -0,0 +1,624 @@
+#!/usr/bin/env node
+/**
+ * claude-code-limiter — Hook Script
+ * ==================================
+ * Standalone rate limiter invoked by Claude Code managed hooks.
+ * Zero npm dependencies. Uses only Node.js built-ins.
+ * Gets copied to the system-protected directory during setup.
+ *
+ * Invoked by managed-settings.json hooks:
+ *   node hook.js sync     → SessionStart   (cache model, sync config from server)
+ *   node hook.js check    → UserPromptSubmit (gate: block if over limit)
+ *   node hook.js count    → Stop           (increment turn counter)
+ *   node hook.js enforce  → PreToolUse     (local-only kill/pause check)
+ *   node hook.js status   → Terminal       (human-readable status)
+ */
+"use strict";
+const fs = require("fs");
+const path = require("path");
+const os = require("os");
+const http = require("http");
+const https = require("https");
+// ════════════════════════════════════════════════════════════
+// PATHS — System-protected locations per platform
+// ════════════════════════════════════════════════════════════
+const IS_WIN = process.platform === "win32";
+const IS_MAC = process.platform === "darwin";
+// CLAUDE_LIMITER_DIR override: for testing or custom install locations.
+const LIMITER_DIR =
+  process.env.CLAUDE_LIMITER_DIR ||
+  (IS_WIN
+    ? path.join("C:", "Program Files", "ClaudeCode", "limiter")
+    : IS_MAC
+      ? path.join("/Library", "Application Support", "ClaudeCode", "limiter")
+      : path.join("/etc", "claude-code", "limiter"));
+const CONFIG_FILE = path.join(LIMITER_DIR, "config.json");
+const SERVER_FILE = path.join(LIMITER_DIR, "server.json");
+const CACHE_FILE = path.join(LIMITER_DIR, "cache.json");
+const MODEL_FILE = path.join(LIMITER_DIR, "session-model.txt");
+const USAGE_DIR = path.join(LIMITER_DIR, "usage");
+const DEBUG_LOG = path.join(LIMITER_DIR, "debug.log");
+const TODAY = new Date().toISOString().slice(0, 10);
+const USAGE_FILE = path.join(USAGE_DIR, `${TODAY}.json`);
+// ════════════════════════════════════════════════════════════
+// SAFE I/O — Every read/write is wrapped. Hook must never crash.
+// ════════════════════════════════════════════════════════════
+function readJSON(filepath) {
+  try {
+    return JSON.parse(fs.readFileSync(filepath, "utf-8"));
+  } catch {
+    return null;
+  }
+}
+function writeJSON(filepath, data) {
+  try {
+    fs.mkdirSync(path.dirname(filepath), { recursive: true });
+    const tmp = filepath + ".tmp." + process.pid;
+    fs.writeFileSync(tmp, JSON.stringify(data, null, 2));
+    fs.renameSync(tmp, filepath);
+  } catch (err) {
+    debugLog(`WRITE_ERROR: ${filepath}: ${err.message}`);
+  }
+}
+function readText(filepath) {
+  try {
+    return fs.readFileSync(filepath, "utf-8").trim();
+  } catch {
+    return null;
+  }
+}
+function writeText(filepath, text) {
+  try {
+    fs.mkdirSync(path.dirname(filepath), { recursive: true });
+    fs.writeFileSync(filepath, text);
+  } catch {}
+}
+let _debugEnabled = false;
+function debugLog(msg) {
+  if (!_debugEnabled) return;
+  try {
+    const ts = new Date().toISOString();
+    fs.appendFileSync(DEBUG_LOG, `[${ts}] ${msg}\n`);
+  } catch {}
+}
+function readStdin() {
+  try {
+    if (process.stdin.isTTY) return {};
+    return JSON.parse(fs.readFileSync(0, "utf-8").trim());
+  } catch {
+    return {};
+  }
+}
+// ════════════════════════════════════════════════════════════
+// MODEL DETECTION
+//
+// Priority:
+//   1. SessionStart stdin (only in sync action)
+//   2. ~/.claude/settings.json → model field (catches /model changes)
+//   3. ~/.claude/settings.local.json → model
+//   4. .claude/settings.json (project) → model
+//   5. session-model.txt (cached from SessionStart)
+//   6. ANTHROPIC_MODEL env var
+//   7. CLAUDE_MODEL env var
+//   8. Falls back to "opus" (default when no model key present)
+//
+// Normalization: string containing "opus"/"sonnet"/"haiku"
+// maps to that family. Everything else → "default".
+// ════════════════════════════════════════════════════════════
+function normalizeModel(raw) {
+  const lower = String(raw || "").toLowerCase();
+  if (lower.includes("opus")) return "opus";
+  if (lower.includes("sonnet")) return "sonnet";
+  if (lower.includes("haiku")) return "haiku";
+  return "default";
+}
+function detectModel(stdinData) {
+  // Source 1: Hook input (SessionStart only)
+  if (stdinData && stdinData.model) {
+    return normalizeModel(stdinData.model);
+  }
+  // Source 2: User settings (updated by /model command)
+  const home = os.homedir();
+  const userSettings = readJSON(path.join(home, ".claude", "settings.json"));
+  if (userSettings && userSettings.model) {
+    return normalizeModel(userSettings.model);
+  }
+  // Source 3: Local project settings
+  const localSettings = readJSON(
+    path.join(process.cwd(), ".claude", "settings.local.json"),
+  );
+  if (localSettings && localSettings.model) {
+    return normalizeModel(localSettings.model);
+  }
+  // Source 4: Project settings
+  const projectSettings = readJSON(
+    path.join(process.cwd(), ".claude", "settings.json"),
+  );
+  if (projectSettings && projectSettings.model) {
+    return normalizeModel(projectSettings.model);
+  }
+  // Source 5: Cached from SessionStart
+  const cached = readText(MODEL_FILE);
+  if (cached) return normalizeModel(cached);
+  // Source 6-7: Environment variables
+  if (process.env.ANTHROPIC_MODEL) return normalizeModel(process.env.ANTHROPIC_MODEL);
+  if (process.env.CLAUDE_MODEL) return normalizeModel(process.env.CLAUDE_MODEL);
+  // Default: opus (Claude Code's default model — absence of model key = opus)
+  return "opus";
+}
+// ════════════════════════════════════════════════════════════
+// SERVER COMMUNICATION
+// ════════════════════════════════════════════════════════════
+function serverRequest(endpoint, payload, timeoutMs) {
+  const serverConfig = readJSON(SERVER_FILE);
+  if (!serverConfig || !serverConfig.url) return Promise.resolve(null);
+  return new Promise((resolve) => {
+    try {
+      const url = new URL(endpoint, serverConfig.url);
+      const body = JSON.stringify(payload);
+      const client = url.protocol === "https:" ? https : http;
+      const req = client.request(
+        url,
+        {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json",
+            "Authorization": `Bearer ${serverConfig.auth_token}`,
+            "Content-Length": Buffer.byteLength(body),
+          },
+        },
+        (res) => {
+          let data = "";
+          res.on("data", (chunk) => (data += chunk));
+          res.on("end", () => {
+            try {
+              resolve(JSON.parse(data));
+            } catch {
+              resolve(null);
+            }
+          });
+        },
+      );
+      req.on("error", () => resolve(null));
+      req.setTimeout(timeoutMs || 3000, () => {
+        req.destroy();
+        resolve(null);
+      });
+      req.write(body);
+      req.end();
+    } catch {
+      resolve(null);
+    }
+  });
+}
+// ════════════════════════════════════════════════════════════
+// USAGE TRACKING (local fallback)
+// ════════════════════════════════════════════════════════════
+function loadUsage() {
+  try { fs.mkdirSync(USAGE_DIR, { recursive: true }); } catch {}
+  return readJSON(USAGE_FILE) || {};
+}
+function saveUsage(usage) {
+  writeJSON(USAGE_FILE, usage);
+}
+function cleanupOldUsage(keepDays) {
+  keepDays = keepDays || 7;
+  try {
+    const cutoff = Date.now() - keepDays * 86400000;
+    for (const f of fs.readdirSync(USAGE_DIR)) {
+      if (!f.endsWith(".json")) continue;
+      const d = new Date(f.replace(".json", "") + "T00:00:00Z");
+      if (!isNaN(d.getTime()) && d.getTime() < cutoff) {
+        try { fs.unlinkSync(path.join(USAGE_DIR, f)); } catch {}
+      }
+    }
+  } catch {}
+}
+// ════════════════════════════════════════════════════════════
+// LOCAL LIMIT EVALUATION (offline fallback)
+// ════════════════════════════════════════════════════════════
+function evaluateLimitsLocally(config, model, usage) {
+  if (!config || !config.limits) return { allowed: true };
+  const limits = config.limits;
+  const creditWeights = config.credit_weights || { opus: 10, sonnet: 3, haiku: 1 };
+  // Check kill/pause status
+  if (config.status === "killed" || config.status === "paused") {
+    return {
+      allowed: false,
+      reason: config.status === "killed"
+        ? "Your Claude Code access has been revoked by the admin.\nContact your admin to restore access."
+        : "Your Claude Code access has been paused by the admin.\nContact your admin to resume access.",
+    };
+  }
+  for (const rule of limits) {
+    // 1. Time-of-day
+    if (rule.type === "time_of_day") {
+      if (rule.model && rule.model !== model) continue;
+      if (rule.schedule_start && rule.schedule_end) {
+        const now = new Date();
+        const hhmm = String(now.getHours()).padStart(2, "0") + ":" +
+                     String(now.getMinutes()).padStart(2, "0");
+        if (hhmm < rule.schedule_start || hhmm >= rule.schedule_end) {
+          return {
+            allowed: false,
+            reason: `${model} is only available ${rule.schedule_start} - ${rule.schedule_end}.\nCurrent time: ${hhmm}. Try another model.`,
+          };
+        }
+      }
+      continue;
+    }
+    // 2. Per-model cap
+    if (rule.type === "per_model") {
+      if (rule.model && rule.model !== model) continue;
+      const limit = rule.value;
+      if (limit < 0) continue;
+      if (limit === 0) return { allowed: false, reason: `${model} is blocked for your account.` };
+      const used = usage[rule.model || model] || 0;
+      if (used >= limit) {
+        return { allowed: false, reason: `Daily ${model} limit reached.\nUsed ${used}/${limit} prompts today.` };
+      }
+    }
+    // 3. Credit budget
+    if (rule.type === "credits") {
+      const budget = rule.value;
+      if (budget < 0) continue;
+      let totalCredits = 0;
+      for (const [m, count] of Object.entries(usage)) {
+        totalCredits += count * (creditWeights[m] || 1);
+      }
+      const nextCost = creditWeights[model] || 1;
+      if (totalCredits + nextCost > budget) {
+        return {
+          allowed: false,
+          reason: `Daily credit budget exhausted.\nUsed ${totalCredits}/${budget} credits.\nNext ${model} prompt costs ${nextCost} credits.`,
+        };
+      }
+    }
+  }
+  return { allowed: true };
+}
+// ════════════════════════════════════════════════════════════
+// BUILD BLOCK MESSAGE
+// ════════════════════════════════════════════════════════════
+function buildBlockMessage(config, model, usage, reason) {
+  const creditWeights = config.credit_weights || { opus: 10, sonnet: 3, haiku: 1 };
+  const limits = config.limits || [];
+  const lines = [reason, ""];
+  // Usage summary
+  const models = ["opus", "sonnet", "haiku"];
+  const summaryLines = [];
+  for (const m of models) {
+    const used = usage[m] || 0;
+    const rule = limits.find((r) => r.type === "per_model" && (r.model === m || !r.model));
+    const lim = rule ? rule.value : -1;
+    const limStr = lim < 0 ? "∞" : lim;
+    const remaining = lim < 0 ? "∞" : Math.max(0, lim - used);
+    summaryLines.push(`  ${m}: ${used}/${limStr} (${remaining} left)`);
+  }
+  if (summaryLines.length > 0) {
+    lines.push("All usage today:", ...summaryLines, "");
+  }
+  // Credit balance
+  const creditRule = limits.find((r) => r.type === "credits");
+  if (creditRule && creditRule.value >= 0) {
+    let totalCredits = 0;
+    for (const [m, count] of Object.entries(usage)) {
+      totalCredits += count * (creditWeights[m] || 1);
+    }
+    lines.push(`Credit balance: ${Math.max(0, creditRule.value - totalCredits)}/${creditRule.value}`, "");
+  }
+  lines.push("Options:", "  Switch to another model (if quota remains)", "  Try again later");
+  return lines.join("\n");
+}
+// ════════════════════════════════════════════════════════════
+// KILL SWITCH — LOGOUT HELPER
+// ════════════════════════════════════════════════════════════
+function triggerLogout() {
+  try {
+    const { spawn } = require("child_process");
+    const child = spawn("claude", ["auth", "logout"], {
+      detached: true,
+      stdio: "ignore",
+    });
+    child.unref();
+    debugLog("KILL triggered claude auth logout");
+  } catch (err) {
+    debugLog(`KILL logout error: ${err.message}`);
+  }
+}
+// ════════════════════════════════════════════════════════════
+// ACTIONS
+// ════════════════════════════════════════════════════════════
+/**
+ * SYNC — SessionStart hook.
+ * Cache model, sync config from server.
+ */
+async function actionSync(config) {
+  const stdinData = readStdin();
+  const model = detectModel(stdinData);
+  writeText(MODEL_FILE, model);
+  debugLog(`SYNC model=${model} source=${stdinData.source || "unknown"}`);
+  const serverResp = await serverRequest("/api/v1/sync", {
+    model,
+    hostname: os.hostname(),
+    platform: process.platform,
+  }, 8000);
+  if (serverResp) {
+    writeJSON(CACHE_FILE, serverResp);
+    if (serverResp.limits) {
+      const updated = { ...config, limits: serverResp.limits };
+      if (serverResp.credit_weights) updated.credit_weights = serverResp.credit_weights;
+      if (serverResp.status) updated.status = serverResp.status;
+      writeJSON(CONFIG_FILE, updated);
+    }
+    debugLog(`SYNC server_response status=${serverResp.status}`);
+  }
+}
+/**
+ * CHECK — UserPromptSubmit hook.
+ * Gate: block prompt if over limit.
+ */
+async function actionCheck(config) {
+  const stdinData = readStdin();
+  const model = detectModel(stdinData);
+  const usage = loadUsage();
+  debugLog(`CHECK model=${model} usage=${JSON.stringify(usage)}`);
+  const serverResp = await serverRequest("/api/v1/check", {
+    model,
+    local_usage: usage,
+  }, 3000);
+  let allowed, reason;
+  if (serverResp) {
+    writeJSON(CACHE_FILE, serverResp);
+    if (serverResp.limits) {
+      const updated = { ...config, limits: serverResp.limits, status: serverResp.status };
+      if (serverResp.credit_weights) updated.credit_weights = serverResp.credit_weights;
+      writeJSON(CONFIG_FILE, updated);
+    }
+    allowed = serverResp.allowed;
+    reason = serverResp.reason;
+    if (serverResp.status === "killed") {
+      allowed = false;
+      reason = "Your Claude Code access has been revoked by the admin.\nContact your admin to restore access.";
+      triggerLogout();
+    }
+  } else {
+    // Offline: evaluate locally
+    const cached = readJSON(CACHE_FILE);
+    const evalConfig = cached || config;
+    const result = evaluateLimitsLocally(evalConfig, model, usage);
+    allowed = result.allowed;
+    reason = result.reason;
+    debugLog("CHECK offline_mode");
+  }
+  if (!allowed) {
+    const fullMessage = buildBlockMessage(config, model, usage, reason);
+    process.stdout.write(JSON.stringify({ decision: "block", reason: fullMessage }));
+    debugLog(`CHECK BLOCKED: ${reason}`);
+  }
+}
+/**
+ * COUNT — Stop hook.
+ * Increment counter, report to server.
+ */
+async function actionCount(config) {
+  const stdinData = readStdin();
+  const model = detectModel(stdinData);
+  const usage = loadUsage();
+  const prev = usage[model] || 0;
+  usage[model] = prev + 1;
+  saveUsage(usage);
+  cleanupOldUsage();
+  debugLog(`COUNT model=${model} ${prev} → ${prev + 1}`);
+  // Fire and forget
+  serverRequest("/api/v1/count", {
+    model,
+    timestamp: new Date().toISOString(),
+  }, 3000);
+}
+/**
+ * ENFORCE — PreToolUse hook.
+ * Fast local-only kill/pause check. No server call.
+ */
+function actionEnforce() {
+  const stdinData = readStdin();
+  const cached = readJSON(CACHE_FILE);
+  const status = (cached && cached.status) || "active";
+  if (status === "killed" || status === "paused") {
+    const msg = status === "killed"
+      ? "Your Claude Code access has been revoked by the admin.\nContact your admin to restore access."
+      : "Your Claude Code access has been paused by the admin.\nContact your admin to resume access.";
+    process.stdout.write(JSON.stringify({
+      hookSpecificOutput: {
+        hookEventName: "PreToolUse",
+        permissionDecision: "deny",
+        permissionDecisionReason: msg,
+      },
+    }));
+  }
+  // Active — no output = allow
+}
+/**
+ * STATUS — Terminal command for humans.
+ */
+function actionStatus(config) {
+  const model = detectModel({});
+  const usage = loadUsage();
+  const userName = config.user_name || "Unknown";
+  const serverConfig = readJSON(SERVER_FILE);
+  console.log("");
+  console.log("╔══════════════════════════════════════════════╗");
+  console.log("║     claude-code-limiter — Status              ║");
+  console.log("╚══════════════════════════════════════════════╝");
+  console.log("");
+  console.log(`  User:          ${userName}`);
+  console.log(`  Date:          ${TODAY}`);
+  console.log(`  Active model:  ${model}`);
+  console.log(`  Config:        ${CONFIG_FILE}`);
+  if (serverConfig && serverConfig.url) console.log(`  Server:        ${serverConfig.url}`);
+  console.log("");
+  const limits = (config && config.limits) || [];
+  const creditWeights = (config && config.credit_weights) || { opus: 10, sonnet: 3, haiku: 1 };
+  if (limits.length === 0) {
+    console.log("  No limits configured — unlimited mode\n");
+    return;
+  }
+  console.log("  ┌────────────┬───────┬───────┬──────────────────────┬──────────┐");
+  console.log("  │ Model      │ Used  │ Limit │ Progress             │ Left     │");
+  console.log("  ├────────────┼───────┼───────┼──────────────────────┼──────────┤");
+  for (const m of ["opus", "sonnet", "haiku"]) {
+    const used = usage[m] || 0;
+    const rule = limits.find((r) => r.type === "per_model" && (r.model === m || !r.model));
+    const limit = rule ? rule.value : -1;
+    let limitStr, bar, leftStr;
+    if (limit < 0) {
+      limitStr = "  ∞  "; bar = "  ∞ unlimited     "; leftStr = "   ∞    ";
+    } else {
+      const remaining = Math.max(0, limit - used);
+      limitStr = String(limit).padStart(3) + "  ";
+      leftStr = String(remaining).padStart(4) + "    ";
+      const total = 18;
+      const filled = limit > 0 ? Math.min(total, Math.round((used / limit) * total)) : 0;
+      bar = "█".repeat(filled) + "░".repeat(total - filled);
+    }
+    console.log(`  │ ${m.padEnd(10)} │ ${String(used).padStart(3)}   │ ${limitStr} │ ${bar} │ ${leftStr} │`);
+  }
+  console.log("  └────────────┴───────┴───────┴──────────────────────┴──────────┘");
+  const creditRule = limits.find((r) => r.type === "credits");
+  if (creditRule && creditRule.value >= 0) {
+    let totalCredits = 0;
+    for (const [m, count] of Object.entries(usage)) {
+      totalCredits += count * (creditWeights[m] || 1);
+    }
+    console.log(`\n  Credits: ${Math.max(0, creditRule.value - totalCredits)}/${creditRule.value} remaining`);
+  }
+  console.log("");
+}
+// ════════════════════════════════════════════════════════════
+// MAIN
+// ════════════════════════════════════════════════════════════
+async function main() {
+  const action = process.argv[2] || "check";
+  const config = readJSON(CONFIG_FILE);
+  _debugEnabled = !!(config && config.debug);
+  if (!config || Object.keys(config).length === 0) {
+    if (action === "status") {
+      console.log("\n  No limiter config found — unlimited mode.");
+      console.log(`  Config path: ${CONFIG_FILE}\n`);
+      return;
+    }
+    if (action !== "status") {
+      // Fail-closed if server.json exists (limiter installed but config deleted)
+      const serverConfig = readJSON(SERVER_FILE);
+      if (serverConfig && serverConfig.url) {
+        if (action === "check") {
+          readStdin();
+          process.stdout.write(JSON.stringify({ decision: "block", reason: "Limiter configuration missing. Contact your admin." }));
+        } else if (action === "enforce") {
+          readStdin();
+          process.stdout.write(JSON.stringify({ hookSpecificOutput: { hookEventName: "PreToolUse", permissionDecision: "deny", permissionDecisionReason: "Limiter configuration missing. Contact your admin." } }));
+        } else {
+          readStdin();
+        }
+        return;
+      }
+      // No server.json — limiter not installed, allow
+      readStdin();
+    }
+    return;
+  }
+  switch (action) {
+    case "sync": await actionSync(config); break;
+    case "check": await actionCheck(config); break;
+    case "count": await actionCount(config); break;
+    case "enforce": actionEnforce(); break;
+    case "status": actionStatus(config); break;
+    default:
+      process.stderr.write(`claude-code-limiter hook: unknown action "${action}"\n`);
+      process.exit(1);
+  }
+}
+try {
+  main().catch((err) => {
+    try { fs.appendFileSync(DEBUG_LOG, `[${new Date().toISOString()}] ASYNC_ERROR: ${err.stack || err.message}\n`); } catch {}
+  });
+} catch (err) {
+  try { fs.appendFileSync(DEBUG_LOG, `[${new Date().toISOString()}] FATAL: ${err.stack || err.message}\n`); } catch {}
+}

package/src/installer.js ADDED Viewed

@@ -0,0 +1,520 @@
+/**
+ * claude-code-limiter — Installer
+ * ================================
+ * Handles setup, uninstall, status, and sync for the client side.
+ * Cross-platform: Linux, macOS, Windows.
+ */
+"use strict";
+const fs = require("fs");
+const path = require("path");
+const os = require("os");
+const https = require("https");
+const http = require("http");
+const readline = require("readline");
+const { execSync } = require("child_process");
+const crypto = require("crypto");
+// ════════════════════════════════════════════════════════════
+// PLATFORM CONSTANTS
+// ════════════════════════════════════════════════════════════
+const IS_WIN = process.platform === "win32";
+const IS_MAC = process.platform === "darwin";
+const IS_LINUX = process.platform === "linux";
+const PATHS = (() => {
+  const base = IS_WIN
+    ? path.join("C:", "Program Files", "ClaudeCode")
+    : IS_MAC
+      ? path.join("/Library", "Application Support", "ClaudeCode")
+      : "/etc/claude-code";
+  const limiter = path.join(base, "limiter");
+  return {
+    base,
+    managedSettings: path.join(base, "managed-settings.json"),
+    limiterDir: limiter,
+    hook: path.join(limiter, "hook.js"),
+    config: path.join(limiter, "config.json"),
+    server: path.join(limiter, "server.json"),
+    meta: path.join(limiter, "meta.json"),
+    usageDir: path.join(limiter, "usage"),
+    backupDir: path.join(base, ".backup"),
+    debugLog: path.join(limiter, "debug.log"),
+  };
+})();
+// ════════════════════════════════════════════════════════════
+// TERMINAL UI
+// ════════════════════════════════════════════════════════════
+const C = {
+  bold: (s) => `\x1b[1m${s}\x1b[0m`,
+  dim: (s) => `\x1b[2m${s}\x1b[0m`,
+  green: (s) => `\x1b[32m${s}\x1b[0m`,
+  red: (s) => `\x1b[31m${s}\x1b[0m`,
+  yellow: (s) => `\x1b[33m${s}\x1b[0m`,
+  cyan: (s) => `\x1b[36m${s}\x1b[0m`,
+};
+function log(msg = "") { console.log(msg); }
+function ok(msg)       { console.log(C.green(`  ✅ ${msg}`)); }
+function warn(msg)     { console.log(C.yellow(`  ⚠️  ${msg}`)); }
+function fail(msg)     { console.error(C.red(`  ❌ ${msg}`)); }
+function info(msg)     { console.log(C.cyan(`  ℹ  ${msg}`)); }
+function ask(question) {
+  const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+  return new Promise((resolve) => {
+    rl.question(`  ${C.bold(question)} `, (answer) => { rl.close(); resolve(answer.trim()); });
+  });
+}
+// ════════════════════════════════════════════════════════════
+// NETWORK
+// ════════════════════════════════════════════════════════════
+function fetchJSON(url, options) {
+  return new Promise((resolve, reject) => {
+    const urlObj = new URL(url);
+    const client = urlObj.protocol === "https:" ? https : http;
+    const body = options.body ? JSON.stringify(options.body) : null;
+    const req = client.request(urlObj, {
+      method: options.method || "GET",
+      headers: {
+        "Content-Type": "application/json",
+        ...(body ? { "Content-Length": Buffer.byteLength(body) } : {}),
+        ...(options.headers || {}),
+      },
+    }, (res) => {
+      let data = "";
+      res.on("data", (chunk) => (data += chunk));
+      res.on("end", () => {
+        if (res.statusCode >= 400) return reject(new Error(`HTTP ${res.statusCode}: ${data.slice(0, 200)}`));
+        try { resolve(JSON.parse(data)); } catch { reject(new Error("Invalid JSON response")); }
+      });
+    });
+    req.on("error", reject);
+    req.setTimeout(15000, () => { req.destroy(); reject(new Error("Request timed out")); });
+    if (body) req.write(body);
+    req.end();
+  });
+}
+// ════════════════════════════════════════════════════════════
+// PRIVILEGE CHECKS
+// ════════════════════════════════════════════════════════════
+function isElevated() {
+  if (IS_WIN) {
+    try { execSync("net session", { stdio: "ignore" }); return true; } catch { return false; }
+  }
+  return process.getuid && process.getuid() === 0;
+}
+function requireElevated(action) {
+  if (isElevated()) return;
+  log("");
+  fail(`"${action}" requires elevated privileges.`);
+  log("");
+  if (IS_WIN) {
+    info("Right-click PowerShell → 'Run as administrator', then retry.");
+  } else {
+    info(`Run with sudo:  sudo npx claude-code-limiter ${action}`);
+  }
+  log("");
+  process.exit(1);
+}
+// ════════════════════════════════════════════════════════════
+// MANAGED-SETTINGS.JSON GENERATOR
+// ════════════════════════════════════════════════════════════
+function generateManagedSettings(existingSettings) {
+  const hookPath = PATHS.hook;
+  const nodeCmd = IS_WIN
+    ? `"${process.execPath.replace(/\\/g, "\\\\")}" "${hookPath.replace(/\\/g, "\\\\")}"`
+    : `node "${hookPath}"`;
+  const base = existingSettings || {};
+  return {
+    ...base,
+    _readme: "Auto-generated by claude-code-limiter. Do not edit manually.",
+    allowManagedHooksOnly: true,
+    hooks: {
+      ...(base.hooks || {}),
+      SessionStart: [{
+        matcher: "",
+        hooks: [{ type: "command", command: `${nodeCmd} sync`, timeout: 10 }],
+      }],
+      UserPromptSubmit: [{
+        hooks: [{ type: "command", command: `${nodeCmd} check`, timeout: 5 }],
+      }],
+      Stop: [{
+        hooks: [{ type: "command", command: `${nodeCmd} count`, timeout: 5 }],
+      }],
+      PreToolUse: [{
+        hooks: [{ type: "command", command: `${nodeCmd} enforce`, timeout: 2 }],
+      }],
+    },
+  };
+}
+// ════════════════════════════════════════════════════════════
+// FILE PERMISSIONS
+// ════════════════════════════════════════════════════════════
+function lockPermissions() {
+  try {
+    if (IS_WIN) {
+      execSync(`icacls "${PATHS.limiterDir}" /inheritance:r /grant:r Administrators:(OI)(CI)F /grant:r Users:(OI)(CI)RX /T`, { stdio: "ignore" });
+      execSync(`icacls "${PATHS.usageDir}" /grant:r Users:(OI)(CI)M`, { stdio: "ignore" });
+      execSync(`icacls "${PATHS.managedSettings}" /inheritance:r /grant:r Administrators:F /grant:r Users:R`, { stdio: "ignore" });
+      execSync(`icacls "${PATHS.backupDir}" /inheritance:r /grant:r Administrators:(OI)(CI)F /T`, { stdio: "ignore" });
+    } else {
+      const owner = IS_MAC ? "root:wheel" : "root:root";
+      execSync(`chown -R ${owner} "${PATHS.limiterDir}"`, { stdio: "ignore" });
+      execSync(`chmod 755 "${PATHS.limiterDir}"`, { stdio: "ignore" });
+      execSync(`chmod 644 "${PATHS.hook}" "${PATHS.config}"`, { stdio: "ignore" });
+      if (fs.existsSync(PATHS.server)) execSync(`chmod 644 "${PATHS.server}"`, { stdio: "ignore" });
+      if (fs.existsSync(PATHS.meta)) execSync(`chmod 644 "${PATHS.meta}"`, { stdio: "ignore" });
+      execSync(`chmod 1777 "${PATHS.usageDir}"`, { stdio: "ignore" });
+      execSync(`chown ${owner} "${PATHS.managedSettings}" && chmod 644 "${PATHS.managedSettings}"`, { stdio: "ignore" });
+      execSync(`chown -R ${owner} "${PATHS.backupDir}" && chmod -R 700 "${PATHS.backupDir}"`, { stdio: "ignore" });
+    }
+    ok("File permissions locked");
+  } catch (err) {
+    warn(`Permissions partially set: ${err.message}`);
+  }
+}
+// ════════════════════════════════════════════════════════════
+// WATCHDOG
+// ════════════════════════════════════════════════════════════
+function setupWatchdog() {
+  if (IS_WIN) {
+    const script = [
+      `$b = "${PATHS.backupDir.replace(/\\/g, "\\\\")}"`,
+      `$m = "${PATHS.managedSettings.replace(/\\/g, "\\\\")}"`,
+      `$h = "${PATHS.hook.replace(/\\/g, "\\\\")}"`,
+      `$c = "${PATHS.config.replace(/\\/g, "\\\\")}"`,
+      `if (!(Test-Path $m)) { Copy-Item "$b\\managed-settings.json" $m -Force -EA SilentlyContinue }`,
+      `if (!(Test-Path $h)) { Copy-Item "$b\\hook.js" $h -Force -EA SilentlyContinue }`,
+      `if (!(Test-Path $c)) { Copy-Item "$b\\config.json" $c -Force -EA SilentlyContinue }`,
+      `$bHash = (Get-FileHash "$b\\hook.js" -Algorithm SHA256 -EA SilentlyContinue).Hash`,
+      `$hHash = (Get-FileHash $h -Algorithm SHA256 -EA SilentlyContinue).Hash`,
+      `if ($bHash -and $hHash -and ($bHash -ne $hHash)) {`,
+      `  Copy-Item "$b\\hook.js" $h -Force; Copy-Item "$b\\config.json" $c -Force; Copy-Item "$b\\managed-settings.json" $m -Force`,
+      `}`,
+    ].join("\n");
+    const scriptPath = path.join(PATHS.base, "watchdog.ps1");
+    fs.writeFileSync(scriptPath, script);
+    try { execSync('schtasks /delete /tn "ClaudeLimiterWatchdog" /f', { stdio: "ignore" }); } catch {}
+    execSync(`schtasks /create /tn "ClaudeLimiterWatchdog" /tr "powershell -NoProfile -ExecutionPolicy Bypass -File \\"${scriptPath}\\"" /sc minute /mo 5 /ru SYSTEM /f`, { stdio: "ignore" });
+    ok("Watchdog scheduled task created");
+  } else if (IS_MAC) {
+    const plist = `<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+  <key>Label</key><string>com.claude-limiter.watchdog</string>
+  <key>ProgramArguments</key>
+  <array>
+    <string>/bin/bash</string>
+    <string>-c</string>
+    <string>
+B="${PATHS.backupDir}"; M="${PATHS.managedSettings}"; H="${PATHS.hook}"; C="${PATHS.config}"
+[ ! -f "$M" ] &amp;&amp; cp "$B/managed-settings.json" "$M" 2>/dev/null
+[ ! -f "$H" ] &amp;&amp; cp "$B/hook.js" "$H" 2>/dev/null
+[ ! -f "$C" ] &amp;&amp; cp "$B/config.json" "$C" 2>/dev/null
+BHASH=$(shasum -a 256 "$B/hook.js" 2>/dev/null | cut -d' ' -f1)
+HHASH=$(shasum -a 256 "$H" 2>/dev/null | cut -d' ' -f1)
+if [ -n "$BHASH" ] &amp;&amp; [ -n "$HHASH" ] &amp;&amp; [ "$BHASH" != "$HHASH" ]; then
+  cp "$B/hook.js" "$H"; cp "$B/config.json" "$C"; cp "$B/managed-settings.json" "$M"
+  chown root:wheel "$M" "$H" "$C"; chmod 644 "$M" "$H" "$C"
+fi
+    </string>
+  </array>
+  <key>StartInterval</key><integer>300</integer>
+  <key>RunAtLoad</key><true/>
+</dict>
+</plist>`;
+    const plistPath = "/Library/LaunchDaemons/com.claude-limiter.watchdog.plist";
+    fs.writeFileSync(plistPath, plist);
+    try { execSync(`launchctl unload "${plistPath}" 2>/dev/null`, { stdio: "ignore" }); } catch {}
+    execSync(`launchctl load "${plistPath}"`, { stdio: "ignore" });
+    ok("Watchdog launchd daemon created");
+  } else {
+    const service = `[Unit]\nDescription=Claude Code Limiter Watchdog\n[Service]\nType=oneshot\nExecStart=/bin/bash -c 'B="${PATHS.backupDir}"; M="${PATHS.managedSettings}"; H="${PATHS.hook}"; C="${PATHS.config}"; [ ! -f "$M" ] && cp "$B/managed-settings.json" "$M"; [ ! -f "$H" ] && cp "$B/hook.js" "$H"; [ ! -f "$C" ] && cp "$B/config.json" "$C"; BHASH=$(sha256sum "$B/hook.js" 2>/dev/null | cut -d" " -f1); HHASH=$(sha256sum "$H" 2>/dev/null | cut -d" " -f1); if [ -n "$BHASH" ] && [ -n "$HHASH" ] && [ "$BHASH" != "$HHASH" ]; then cp "$B/hook.js" "$H"; cp "$B/config.json" "$C"; cp "$B/managed-settings.json" "$M"; chown root:root "$M" "$H" "$C"; chmod 644 "$M" "$H" "$C"; fi'`;
+    const timer = `[Unit]\nDescription=Claude Code Limiter Watchdog Timer\n[Timer]\nOnBootSec=1min\nOnUnitActiveSec=5min\n[Install]\nWantedBy=timers.target`;
+    fs.writeFileSync("/etc/systemd/system/claude-limiter-watchdog.service", service);
+    fs.writeFileSync("/etc/systemd/system/claude-limiter-watchdog.timer", timer);
+    execSync("systemctl daemon-reload", { stdio: "ignore" });
+    execSync("systemctl enable --now claude-limiter-watchdog.timer", { stdio: "ignore" });
+    ok("Watchdog systemd timer created");
+  }
+}
+function removeWatchdog() {
+  if (IS_WIN) {
+    try { execSync('schtasks /delete /tn "ClaudeLimiterWatchdog" /f', { stdio: "ignore" }); ok("Removed watchdog task"); } catch { warn("No watchdog task found"); }
+    try { fs.unlinkSync(path.join(PATHS.base, "watchdog.ps1")); } catch {}
+  } else if (IS_MAC) {
+    const plist = "/Library/LaunchDaemons/com.claude-limiter.watchdog.plist";
+    try { execSync(`launchctl unload "${plist}" 2>/dev/null`, { stdio: "ignore" }); fs.unlinkSync(plist); ok("Removed watchdog"); } catch { warn("No watchdog found"); }
+  } else {
+    try {
+      execSync("systemctl stop claude-limiter-watchdog.timer 2>/dev/null", { stdio: "ignore" });
+      execSync("systemctl disable claude-limiter-watchdog.timer 2>/dev/null", { stdio: "ignore" });
+      for (const f of ["claude-limiter-watchdog.service", "claude-limiter-watchdog.timer"]) {
+        try { fs.unlinkSync(`/etc/systemd/system/${f}`); } catch {}
+      }
+      execSync("systemctl daemon-reload 2>/dev/null", { stdio: "ignore" });
+      ok("Removed watchdog");
+    } catch { warn("No watchdog found"); }
+  }
+}
+// ════════════════════════════════════════════════════════════
+// BACKUP
+// ════════════════════════════════════════════════════════════
+function createBackup() {
+  fs.mkdirSync(PATHS.backupDir, { recursive: true });
+  const checksums = {};
+  for (const [src, name] of [[PATHS.managedSettings, "managed-settings.json"], [PATHS.hook, "hook.js"], [PATHS.config, "config.json"]]) {
+    if (fs.existsSync(src)) {
+      fs.copyFileSync(src, path.join(PATHS.backupDir, name));
+      const hash = crypto.createHash("sha256").update(fs.readFileSync(src)).digest("hex");
+      checksums[name] = hash;
+    }
+  }
+  fs.writeFileSync(path.join(PATHS.backupDir, "checksums.json"), JSON.stringify(checksums, null, 2));
+  ok("Backup created");
+}
+// ════════════════════════════════════════════════════════════
+// SETUP
+// ════════════════════════════════════════════════════════════
+async function setup(flags) {
+  requireElevated("setup");
+  log("");
+  log(C.bold("  ╔══════════════════════════════════════════╗"));
+  log(C.bold("  ║   Claude Code Limiter — Setup            ║"));
+  log(C.bold("  ╚══════════════════════════════════════════╝"));
+  log("");
+  let code = flags.code;
+  let serverUrl = flags.server;
+  if (!code) code = await ask("Install code:");
+  if (!serverUrl) serverUrl = await ask("Server URL:");
+  if (!code || !serverUrl) {
+    fail("Install code and server URL are required.");
+    process.exit(1);
+  }
+  // Normalize server URL
+  serverUrl = serverUrl.replace(/\/+$/, "");
+  log("");
+  info("Registering with server...");
+  let registration;
+  try {
+    registration = await fetchJSON(`${serverUrl}/api/v1/register`, {
+      method: "POST",
+      body: { code },
+    });
+  } catch (err) {
+    fail(`Registration failed: ${err.message}`);
+    process.exit(1);
+  }
+  if (!registration || !registration.auth_token) {
+    fail("Invalid server response — missing auth_token.");
+    process.exit(1);
+  }
+  const { auth_token, user_name, limits, credit_weights, status } = registration;
+  ok(`Registered as "${user_name}"`);
+  // Show limits
+  info("Limits:");
+  for (const rule of (limits || [])) {
+    if (rule.type === "per_model") {
+      log(`     ${rule.model || "all"}: ${rule.value < 0 ? "∞" : rule.value}/${rule.window || "daily"}`);
+    } else if (rule.type === "credits") {
+      log(`     credits: ${rule.value}/${rule.window || "daily"}`);
+    } else if (rule.type === "time_of_day") {
+      log(`     ${rule.model || "all"}: ${rule.schedule_start}-${rule.schedule_end} (${rule.schedule_tz || "local"})`);
+    }
+  }
+  if (!flags.yes) {
+    log("");
+    const confirm = await ask("Proceed with installation? (y/N):");
+    if (!confirm.match(/^y(es)?$/i)) { log("\n  Cancelled.\n"); process.exit(0); }
+  }
+  log("");
+  info("Installing...");
+  log("");
+  // Create directories
+  for (const dir of [PATHS.limiterDir, PATHS.usageDir, PATHS.backupDir]) {
+    fs.mkdirSync(dir, { recursive: true });
+  }
+  // Copy hook script
+  const hookSource = path.join(__dirname, "hook.js");
+  fs.copyFileSync(hookSource, PATHS.hook);
+  ok(`Hook → ${PATHS.hook}`);
+  // Write config
+  const localConfig = {
+    user_name,
+    status: status || "active",
+    debug: false,
+    limits: limits || [],
+    credit_weights: credit_weights || { opus: 10, sonnet: 3, haiku: 1 },
+  };
+  fs.writeFileSync(PATHS.config, JSON.stringify(localConfig, null, 2));
+  ok(`Config → ${PATHS.config}`);
+  // Write server connection info
+  const serverConfig = { url: serverUrl, auth_token };
+  fs.writeFileSync(PATHS.server, JSON.stringify(serverConfig, null, 2));
+  ok(`Server → ${PATHS.server}`);
+  // Write meta
+  const meta = {
+    serverUrl,
+    installedAt: new Date().toISOString(),
+    platform: process.platform,
+    arch: process.arch,
+    nodeVersion: process.version,
+  };
+  fs.writeFileSync(PATHS.meta, JSON.stringify(meta, null, 2));
+  // Generate managed-settings.json
+  let existingMS = null;
+  try { existingMS = JSON.parse(fs.readFileSync(PATHS.managedSettings, "utf-8")); } catch {}
+  const managedSettings = generateManagedSettings(existingMS);
+  fs.writeFileSync(PATHS.managedSettings, JSON.stringify(managedSettings, null, 2));
+  ok(`Managed settings → ${PATHS.managedSettings}`);
+  ok("allowManagedHooksOnly: true");
+  // Backup
+  createBackup();
+  // Permissions
+  lockPermissions();
+  // Watchdog
+  setupWatchdog();
+  log("");
+  log(C.green(C.bold("  Installation complete!")));
+  log("");
+  log("  Enforcement layers:");
+  log("    1. managed-settings.json  (highest priority)");
+  log("    2. allowManagedHooksOnly  (user hooks blocked)");
+  log(`    3. File permissions        (${IS_WIN ? "admin" : "root"}-only write)`);
+  log("    4. Watchdog               (auto-restores every 5 min)");
+  log("    5. Server-side tracking   (tamper-proof usage)");
+  log("");
+  log(C.yellow("  Restart Claude Code for hooks to take effect."));
+  log("");
+}
+// ════════════════════════════════════════════════════════════
+// UNINSTALL
+// ════════════════════════════════════════════════════════════
+async function uninstall(flags) {
+  requireElevated("uninstall");
+  log("");
+  log(C.bold("  Uninstalling Claude Code Limiter"));
+  log("");
+  if (!flags.yes) {
+    const confirm = await ask("Remove all limiter files and watchdog? (y/N):");
+    if (!confirm.match(/^y(es)?$/i)) { log("\n  Cancelled.\n"); return; }
+    log("");
+  }
+  removeWatchdog();
+  for (const p of [PATHS.limiterDir, PATHS.backupDir]) {
+    try { fs.rmSync(p, { recursive: true, force: true }); ok(`Removed ${p}`); } catch { warn(`Could not remove ${p}`); }
+  }
+  try {
+    const ms = JSON.parse(fs.readFileSync(PATHS.managedSettings, "utf-8"));
+    if (ms._readme && ms._readme.includes("claude-code-limiter")) {
+      fs.unlinkSync(PATHS.managedSettings);
+      ok(`Removed ${PATHS.managedSettings}`);
+    } else {
+      delete ms.allowManagedHooksOnly;
+      delete ms._readme;
+      if (ms.hooks) {
+        delete ms.hooks.SessionStart;
+        delete ms.hooks.UserPromptSubmit;
+        delete ms.hooks.Stop;
+        delete ms.hooks.PreToolUse;
+        if (Object.keys(ms.hooks).length === 0) delete ms.hooks;
+      }
+      fs.writeFileSync(PATHS.managedSettings, JSON.stringify(ms, null, 2));
+      ok(`Cleaned limiter hooks from managed-settings`);
+    }
+  } catch { warn(`Could not clean ${PATHS.managedSettings}`); }
+  log("");
+  log(C.green("  Done. Restart Claude Code for changes to take effect."));
+  log("");
+}
+// ════════════════════════════════════════════════════════════
+// STATUS
+// ════════════════════════════════════════════════════════════
+function status() {
+  if (!fs.existsSync(PATHS.hook)) {
+    log("");
+    warn("Limiter not installed on this machine.");
+    log(C.dim(`  Expected hook at: ${PATHS.hook}`));
+    log(C.dim("  Run: sudo npx claude-code-limiter setup"));
+    log("");
+    return;
+  }
+  try { execSync(`node "${PATHS.hook}" status`, { stdio: "inherit" }); } catch { fail("Could not run status"); }
+}
+// ════════════════════════════════════════════════════════════
+// SYNC
+// ════════════════════════════════════════════════════════════
+async function sync(flags) {
+  requireElevated("sync");
+  if (!fs.existsSync(PATHS.hook)) { fail("Limiter not installed."); process.exit(1); }
+  info("Syncing with server...");
+  try {
+    execSync(`node "${PATHS.hook}" sync < /dev/null`, { stdio: "inherit" });
+    ok("Sync complete.");
+  } catch { fail("Sync failed."); }
+}
+// ════════════════════════════════════════════════════════════
+// EXPORTS
+// ════════════════════════════════════════════════════════════
+module.exports = { setup, uninstall, status, sync };