tokenleak 2.1.0 → 2.1.1

package/README.md

@@ -1,6 +1,6 @@
 # Tokenleak
 
-See where your AI tokens actually go. Tokenleak reads usage data from **Claude Code**, **Codex**, **Cursor**, **Pi (`pi-mono`)**, and **OpenCode**, then renders terminal dashboards, heatmaps, compare reports, explain/focus reports, and shareable image cards from the CLI.
+See where your AI tokens actually go. Tokenleak reads usage data from **Claude Code**, **Codex**, **Cursor**, **Gemini**, **GitHub Copilot**, **Amp**, **Codebuff**, **Droid**, **Qwen**, **Roo Code**, **Kilo Code**, **Kimi**, **Kilo CLI**, **Mux**, **Crush**, **OpenClaw**, **Hermes**, **Goose**, **Antigravity**, **Zed Agent**, **Kiro**, **Trae**, **Synthetic**, **Pi (`pi-mono`)**, and **OpenCode**, then renders terminal dashboards, heatmaps, compare reports, explain/focus reports, and shareable image cards from the CLI.
 
 ![Tokenleak OpenTUI overview](./docs/tui-overview.png)
 
@@ -8,17 +8,39 @@ See where your AI tokens actually go. Tokenleak reads usage data from **Claude C
 
 Tokenleak auto-detects supported providers from their local logs and storage. This is the quick scan of where it looks before it renders dashboards, reports, and images:
 
-| Client | Local data location | Provider key and aliases | Supported |
-| ------ | ------------------- | ------------------------ | --------- |
-| Claude Code | `~/.claude/projects/**/*.jsonl` | `claude-code`, `anthropic`, `claude`, `claudecode` | Yes |
-| Codex | `~/.codex/sessions/**/*.jsonl` | `codex`, `openai` | Yes |
-| Cursor | `~/.config/tokenleak/cursor-cache/usage*.csv` after `tokenleak cursor login` | `cursor`, `cursor-ide`, `cursoride` | Yes |
-| OpenCode | `~/.local/share/opencode/storage/message/<session>/*.json` or `~/.config/opencode/storage/message/<session>/*.json`<br />Legacy: `~/.opencode/opencode.db`, `~/.opencode/sessions.db`, `~/.opencode/sessions/*.json` | `open-code`, `opencode`, `open_code` | Yes |
-| Pi (`pi-mono`) | `~/.pi/agent/sessions/**/*.jsonl` | `pi`, `pi-mono` | Yes |
+| Icon | Client | Local data location | Provider key and aliases | Supported |
+| ---- | ------ | ------------------- | ------------------------ | --------- |
+| <img width="36" height="36" src="https://www.google.com/s2/favicons?domain=claude.ai&sz=64" alt="Claude Code icon" /> | Claude Code | `~/.claude/projects/**/*.jsonl` | `claude-code`, `anthropic`, `claude`, `claudecode` | Yes |
+| <img width="36" height="36" src="https://www.google.com/s2/favicons?domain=openai.com&sz=64" alt="Codex icon" /> | Codex | `~/.codex/sessions/**/*.jsonl` | `codex`, `openai` | Yes |
+| <img width="36" height="36" src="https://www.google.com/s2/favicons?domain=cursor.com&sz=64" alt="Cursor icon" /> | Cursor | `~/.config/tokenleak/cursor-cache/usage*.csv` after `tokenleak cursor login` | `cursor`, `cursor-ide`, `cursoride` | Yes |
+| <img width="36" height="36" src="https://www.google.com/s2/favicons?domain=gemini.google.com&sz=64" alt="Gemini icon" /> | Gemini | `~/.gemini/tmp/**/*.{json,jsonl}` | `gemini`, `google` | Yes |
+| <img width="36" height="36" src="https://cdn.simpleicons.org/githubcopilot/000000" alt="GitHub Copilot icon" /> | GitHub Copilot | `~/.copilot/otel/**/*.jsonl` | `copilot`, `github-copilot`, `copilot-otel` | Yes |
+| <img width="36" height="36" src="https://www.google.com/s2/favicons?domain=ampcode.com&sz=64" alt="Amp icon" /> | Amp | `${XDG_DATA_HOME:-~/.local/share}/amp/threads/T-*.json` | `amp`, `sourcegraph-amp` | Yes |
+| <img width="36" height="36" src="https://www.google.com/s2/favicons?domain=codebuff.com&sz=64" alt="Codebuff icon" /> | Codebuff | `~/.config/manicode/projects/**/chats/**/chat-messages.json` | `codebuff`, `manicode` | Yes |
+| <img width="36" height="36" src="https://www.google.com/s2/favicons?domain=factory.ai&sz=64" alt="Droid icon" /> | Droid | `~/.factory/sessions/*.settings.json` | `droid`, `factory` | Yes |
+| <img width="36" height="36" src="https://avatars.githubusercontent.com/QwenLM?s=64" alt="Qwen icon" /> | Qwen | `~/.qwen/projects/**/*.jsonl` | `qwen` | Yes |
+| <img width="36" height="36" src="https://avatars.githubusercontent.com/RooCodeInc?s=64" alt="Roo Code icon" /> | Roo Code | `~/.config/Code/User/globalStorage/rooveterinaryinc.roo-cline/tasks/**/ui_messages.json` | `roo-code`, `roo`, `roocode` | Yes |
+| <img width="36" height="36" src="https://avatars.githubusercontent.com/Kilo-Org?s=64" alt="Kilo Code icon" /> | Kilo Code | `~/.config/Code/User/globalStorage/kilocode.kilo-code/tasks/**/ui_messages.json` | `kilo-code`, `kilocode` | Yes |
+| <img width="36" height="36" src="https://avatars.githubusercontent.com/MoonshotAI?s=64" alt="Kimi icon" /> | Kimi CLI | `~/.kimi/sessions/**/wire.jsonl` | `kimi`, `kimi-cli` | Yes |
+| <img width="36" height="36" src="https://avatars.githubusercontent.com/Kilo-Org?s=64" alt="Kilo CLI icon" /> | Kilo CLI | `~/.local/share/kilo/kilo.db` | `kilo`, `kilo-cli` | Yes |
+| <img width="36" height="36" src="https://www.google.com/s2/favicons?domain=coder.com&sz=64" alt="Mux icon" /> | Mux | `~/.mux/sessions/**/session-usage.json` | `mux` | Yes |
+| <img width="36" height="36" src="https://www.google.com/s2/favicons?domain=crush.ai&sz=64" alt="Crush icon" /> | Crush | `${XDG_DATA_HOME:-~/.local/share}/crush/projects.json` project databases | `crush` | Yes |
+| <img width="36" height="36" src="https://www.google.com/s2/favicons?domain=openclaw.ai&sz=64" alt="OpenClaw icon" /> | OpenClaw | `~/.openclaw/agents/**/*.jsonl*` | `openclaw`, `open-claw` | Yes |
+| <img width="36" height="36" src="https://avatars.githubusercontent.com/NousResearch?s=64" alt="Hermes icon" /> | Hermes | `${HERMES_HOME:-~/.hermes}/state.db` | `hermes`, `hermes-agent` | Yes |
+| <img width="36" height="36" src="https://www.google.com/s2/favicons?domain=block.github.io&sz=64" alt="Goose icon" /> | Goose | `${XDG_DATA_HOME:-~/.local/share}/goose/sessions/sessions.db` | `goose` | Yes |
+| <img width="36" height="36" src="https://www.google.com/s2/favicons?domain=antigravity.google&sz=64" alt="Antigravity icon" /> | Antigravity | `~/.config/tokenleak/antigravity-cache/sessions/*.jsonl` cache | `antigravity` | Yes |
+| <img width="36" height="36" src="https://www.google.com/s2/favicons?domain=zed.dev&sz=64" alt="Zed icon" /> | Zed Agent | `${XDG_DATA_HOME:-~/.local/share}/zed/threads/threads.db` | `zed`, `zed-agent` | Yes |
+| <img width="36" height="36" src="https://www.google.com/s2/favicons?domain=kiro.dev&sz=64" alt="Kiro icon" /> | Kiro | `~/.kiro/sessions/cli/*.json` | `kiro` | Yes |
+| <img width="36" height="36" src="https://www.google.com/s2/favicons?domain=trae.ai&sz=64" alt="Trae icon" /> | Trae | `~/.config/tokenleak/trae-cache/sessions/*.json` cache | `trae` | Yes |
+| <img width="36" height="36" src="https://www.google.com/s2/favicons?domain=synthetic.new&sz=64" alt="Synthetic icon" /> | Synthetic | `~/.local/share/octofriend/sqlite.db` | `synthetic`, `octofriend` | Yes |
+| <img width="36" height="36" src="https://opencode.ai/favicon.ico" alt="OpenCode icon" /> | OpenCode | `~/.local/share/opencode/storage/message/<session>/*.json` or `~/.config/opencode/storage/message/<session>/*.json`<br />Legacy: `~/.opencode/opencode.db`, `~/.opencode/sessions.db`, `~/.opencode/sessions/*.json` | `open-code`, `opencode`, `open_code` | Yes |
+| <img width="36" height="36" src="https://pi.dev/logo.svg" alt="Pi icon" /> | Pi (`pi-mono`) | `~/.pi/agent/sessions/**/*.jsonl` | `pi`, `pi-mono` | Yes |
 
 - Use `CLAUDE_CONFIG_DIR` to override the Claude Code base directory.
 - Use `CODEX_HOME` to override the Codex base directory.
 - Use `TOKENLEAK_CURSOR_DIR` to override the Cursor credentials/cache directory.
+- Use `TOKENLEAK_GEMINI_DIR`, `TOKENLEAK_COPILOT_OTEL_DIR`, `TOKENLEAK_AMP_DIR`, `TOKENLEAK_CODEBUFF_DIR`, `TOKENLEAK_DROID_DIR`, `TOKENLEAK_QWEN_DIR`, `TOKENLEAK_ROO_CODE_DIR`, `TOKENLEAK_KILO_CODE_DIR`, `TOKENLEAK_KIMI_DIR`, `TOKENLEAK_KILO_DIR`, `TOKENLEAK_MUX_DIR`, `TOKENLEAK_CRUSH_DIR`, `TOKENLEAK_OPENCLAW_DIR`, `TOKENLEAK_HERMES_DIR`, `TOKENLEAK_GOOSE_DIR`, `TOKENLEAK_ANTIGRAVITY_DIR`, `TOKENLEAK_ZED_DIR`, `TOKENLEAK_KIRO_DIR`, `TOKENLEAK_TRAE_DIR`, and `TOKENLEAK_SYNTHETIC_DIR` to override provider data locations.
+- Hermes also honors `HERMES_HOME`.
 - Use `PI_CODING_AGENT_DIR` to override the Pi base directory.
 - See [Provider details](#provider-details) for the parser behavior and per-provider notes.
 
@@ -39,17 +61,18 @@ npx tokenleak --help
 ```
 
 After installing, run `tokenleak` in your terminal. It auto-detects supported providers from their local logs.
-In an interactive TTY, plain `tokenleak` launches a full-screen TUI dashboard with 8 views:
+In an interactive TTY, plain `tokenleak` launches a full-screen TUI dashboard with 10 views:
 
 - **Overview** — heatmap, stats, providers, and top models
 - **Matrix** — 4-page deep-dive with activity patterns, cache economics, sessions, model efficiency, attribution, and cache ROI by model
-- **Advisor** — model efficiency recommendations with projected savings
+- **Advisor** — model efficiency recommendations, projected savings, and waste-pattern recipes
 - **Focus** — deep-work session rankings scored by duration, density, and streaks
 - **Explain** — narrative day-by-day usage breakdown
 - **Compare** — side-by-side period comparison with deltas
-- **Export** — save PNG, Wrapped PNG, or launch a live server
+- **Export** — save PNG, Wrapped PNG, launch a live server, or copy an LLM-ready analysis prompt
 - **Wrapped** — Spotify-Wrapped-style stats card with achievements and usage breakdown
 - **Replay** — chronological session timeline with flow blocks, pulse chart, and flow/think ratio
+- **AI ROI** — token spend versus local Git output, including commits, changed lines, and cost/token ratios per repo
 
 Use `tokenleak --legacy` to open the classic interactive launcher instead.
 
@@ -90,6 +113,11 @@ tokenleak --format svg --output usage.svg
 # Export a PNG image
 tokenleak --format png --output usage.png
 
+# Export anonymized aggregate data or an LLM-ready analysis prompt
+tokenleak commons export --days 90 --output commons.json
+tokenleak commons prompt --days 90 --clipboard
+tokenleak commons prompt --provider claude,codex --output tokenleak-llm-prompt.md
+
 # Generate your AI Coding Wrapped story card
 tokenleak --format wrapped
 tokenleak --format wrapped --theme light --output my-wrapped.png --open
@@ -115,10 +143,22 @@ tokenleak explain 2026-03-10 --format json
 tokenleak replay
 tokenleak replay 2026-03-10 --format json
 
+# Open the interactive replay scrub UI in your browser
+tokenleak replay 2026-03-10 --interactive
+
 # Rank deep-work sessions
 tokenleak focus
 tokenleak focus --provider codex --days 30
 
+# Compare AI token spend against local Git output
+tokenleak nutrition
+tokenleak nutrition --days 30 --format json
+
+# Optimization intelligence
+tokenleak simulate-routing --days 30
+tokenleak waste --severity high
+tokenleak behavior-diff --provider claude-code,codex --days 30 --format json
+
 # Authenticate Cursor and sync its local cache
 tokenleak cursor login --name work
 
@@ -128,7 +168,7 @@ tokenleak --list-providers
 
 ### Analysis commands
 
-Tokenleak ships three dedicated investigation commands in addition to the main dashboard flow:
+Tokenleak ships dedicated investigation and optimization commands in addition to the main dashboard flow:
 
 ```bash
 # Explain what drove a specific day
@@ -148,11 +188,34 @@ tokenleak replay
 
 # Replay a specific day with JSON output
 tokenleak replay 2026-03-10 --format json --output replay.json
+
+# Open the day in an interactive browser scrub UI
+tokenleak replay 2026-03-10 --interactive
+tokenleak replay 2026-03-10 --interactive --open --port 4567
+
+# Estimate AI ROI from token usage and local Git output
+tokenleak nutrition --days 30
+
+# Emit the AI ROI report as JSON
+tokenleak nutrition --format json --output ai-roi.json
+
+# Estimate savings from model routing
+tokenleak simulate-routing --days 30
+
+# Detect agent waste signals with evidence and recipes
+tokenleak waste --days 30
+
+# Compare two agent/provider/model cohorts
+tokenleak behavior-diff --provider claude-code,codex --days 30
 ```
 
 - `tokenleak explain <date>` builds a narrative day report with top providers, sessions, projects, models, and anomaly flags.
 - `tokenleak focus` ranks sessions by a deep-work score derived from duration, token density, and project streak.
-- `tokenleak replay [date]` shows a chronological timeline of all sessions for a day, clustering events into flow blocks with a pulse chart and flow/think ratio. Defaults to today.
+- `tokenleak replay [date]` shows a chronological timeline of all sessions for a day, clustering events into flow blocks with a pulse chart and flow/think ratio. Defaults to today. Pass `--interactive` (or `-i`) to open a browser scrub UI on `http://localhost:3567` — drag the timeline, press space to play the day at 60–600× speed, watch the cumulative cost odometer tick up. Combine with `--open` to launch the browser automatically.
+- `tokenleak nutrition` powers the TUI **AI ROI** view. It resolves local Git repo roots from provider project paths, runs read-only `git log --numstat`, and reports tokens/cost per commit and changed line. `No Git signal` means Tokenleak saw AI usage for a repo path but found no commits in the selected date window; switch to a wider window or ensure the project path exists locally as a Git worktree.
+- `tokenleak simulate-routing` re-prices historical events under conservative downgrade rules so pro users can estimate savings before changing model habits or team guidance.
+- `tokenleak waste` detects deterministic waste signals such as context drag, repeated prompt clusters, model churn, cache misses, and premium models used for small tasks.
+- `tokenleak behavior-diff` compares cohorts such as provider-vs-provider or model-vs-model and emits deterministic takeaways for engineering teams.
 
 ### Cursor commands
 
@@ -162,6 +225,7 @@ Use these commands to manage Cursor authentication and the local cache that Toke
 tokenleak cursor login --name work
 tokenleak cursor status
 tokenleak cursor accounts --json
+tokenleak cursor doctor
 tokenleak cursor switch work
 tokenleak cursor logout --name work
 tokenleak cursor logout --all --purge-cache
@@ -204,6 +268,28 @@ bun packages/cli/dist/cli.js --provider cursor --format json
 - If `cursor status` is valid but `--list-providers` still shows Cursor as unavailable, run `tokenleak --provider cursor` once to sync the cache, then rerun `--list-providers`.
 - Cursor session tokens are stored in plaintext at `~/.config/tokenleak/cursor-credentials.json` (or under `TOKENLEAK_CURSOR_DIR`) with local-only file permissions.
 
+#### Corporate VPN / protected network
+
+If `tokenleak cursor login` works off VPN but fails on a company protected VPN with a connection, proxy, or certificate error, run the token-free doctor first:
+
+```bash
+tokenleak cursor doctor
+```
+
+For managed proxy networks, pass a Cursor-specific proxy or use your standard shell proxy variables:
+
+```bash
+TOKENLEAK_CURSOR_PROXY=http://proxy.company:8080 tokenleak cursor doctor
+```
+
+For TLS inspection networks, export the company root CA as a PEM file and point Tokenleak at it:
+
+```bash
+TOKENLEAK_CURSOR_CA_FILE=/path/company-root-ca.pem tokenleak cursor doctor --with-token
+```
+
+Tokenleak also honors `HTTPS_PROXY`, `HTTP_PROXY`, `NO_PROXY`, and `TOKENLEAK_CURSOR_TIMEOUT_MS` for Cursor API requests. `tokenleak cursor doctor --insecure-skip-tls-verify` exists only to prove that TLS inspection is the failure mode; do not use it for normal login or sync.
+
 ### Date filtering
 
 By default, Tokenleak shows the last **90 days** of usage.
@@ -336,12 +422,14 @@ tokenleak --advisor
 tokenleak --advisor --days 30 --claude
 ```
 
-The advisor detects three types of opportunities:
+The advisor detects optimization opportunities:
 
 - **Model downgrades** — identifies expensive models used for short outputs and suggests cheaper alternatives with concrete $/month savings
 - **Cache optimization** — flags low cache hit rates and poor reuse ratios
 - **Usage patterns** — warns about model concentration risk, cost trend increases, and burst days
 
+In the TUI Advisor view, the same screen also includes **Waste Patterns**: deterministic findings such as context drag, burst spikes, wasted cache writes, and model-switch churn. Each finding includes severity, evidence, estimated savings where defensible, and a concrete local recipe for what to try next.
+
 Each recommendation includes current cost, projected cost, monthly savings, and a confidence level (high/medium/low). The advisor is also available as a `get_efficiency_advice` tool in the MCP server.
 
 ### Themes
@@ -397,7 +485,7 @@ tokenleak --format json --upload gist
 
 ### TUI dashboard (default)
 
-In a real TTY, `tokenleak` launches a full-screen terminal dashboard built with [@opentui/core](https://www.npmjs.com/package/@opentui/core). The TUI provides 8 views with keyboard and mouse navigation:
+In a real TTY, `tokenleak` launches a full-screen terminal dashboard built with [@opentui/core](https://www.npmjs.com/package/@opentui/core). The TUI provides 8 views with keyboard and mouse navigation. The Advisor view includes both savings recommendations and waste-pattern recipes.
 
 Latest OpenTUI screenshots from the current dashboard build:
 
@@ -450,9 +538,10 @@ Subcommands:
 
 - `tokenleak explain <date>` supports `--format terminal|json`, `--output`, `--width`, and the standard provider filters.
 - `tokenleak focus` supports `--format terminal|json`, `--output`, `--width`, and the standard provider/date filters.
-- `tokenleak replay [date]` supports `--format terminal|json`, `--output`, `--width`, and the standard provider filters. Date defaults to today.
+- `tokenleak commons export` writes anonymized aggregate JSON; `tokenleak commons prompt` writes or copies a Markdown prompt for external LLM analysis; `tokenleak commons inspect <file>` validates a commons JSON export before sharing.
+- `tokenleak replay [date]` supports `--format terminal|json`, `--output`, `--width`, and the standard provider filters. Date defaults to today. Add `-i`/`--interactive` to launch a local browser scrub UI on port 3567 (override with `--port`); add `--open` to auto-open the browser. `--format`, `--output`, and `--width` are ignored in interactive mode.
 - `tokenleak cursor --help` prints the Cursor auth/cache command help text.
-- `tokenleak explain --help`, `tokenleak focus --help`, and `tokenleak replay --help` print the subcommand-specific help text.
+- `tokenleak explain --help`, `tokenleak focus --help`, `tokenleak commons --help`, and `tokenleak replay --help` print the subcommand-specific help text.
 
 | Flag | Alias | Default | Description |
 | --- | --- | --- | --- |
@@ -522,6 +611,216 @@ Reads Cursor usage CSV exports from the local Tokenleak cache. The cache is popu
 | **Provider name** | `cursor`                                              |
 | **Aliases**       | `cursor-ide`, `cursoride`                             |
 
+### Gemini
+
+Reads Gemini CLI session JSON, chat JSON, and JSONL usage records from the local Gemini temp directory.
+
+|                   |                                                             |
+| ----------------- | ----------------------------------------------------------- |
+| **Data location** | `~/.gemini/tmp/**/*.{json,jsonl}`                           |
+| **Override**      | Set `TOKENLEAK_GEMINI_DIR` environment variable             |
+| **Provider name** | `gemini`                                                    |
+| **Aliases**       | `google`                                                    |
+
+### GitHub Copilot
+
+Reads local Copilot OTEL JSONL spans and counts chat spans with `gen_ai.usage.*` token attributes.
+
+|                   |                                                                 |
+| ----------------- | --------------------------------------------------------------- |
+| **Data location** | `~/.copilot/otel/**/*.jsonl`                                    |
+| **Override**      | Set `TOKENLEAK_COPILOT_OTEL_DIR` environment variable           |
+| **Provider name** | `copilot`                                                       |
+| **Aliases**       | `github-copilot`, `copilot-otel`                                |
+
+### Amp
+
+Reads Sourcegraph Amp thread JSON files and combines usage ledger rows with message-level usage without double-counting matching entries.
+
+|                   |                                                                  |
+| ----------------- | ---------------------------------------------------------------- |
+| **Data location** | `${XDG_DATA_HOME:-~/.local/share}/amp/threads/T-*.json`          |
+| **Override**      | Set `TOKENLEAK_AMP_DIR` environment variable                     |
+| **Provider name** | `amp`                                                            |
+| **Aliases**       | `sourcegraph-amp`                                                |
+
+### Codebuff
+
+Reads Codebuff/Manicode chat history files and parses assistant usage from direct metadata or provider-options run-state fallbacks.
+
+|                   |                                                                      |
+| ----------------- | -------------------------------------------------------------------- |
+| **Data location** | `~/.config/manicode/projects/**/chats/**/chat-messages.json`         |
+| **Override**      | Set `TOKENLEAK_CODEBUFF_DIR` environment variable                    |
+| **Provider name** | `codebuff`                                                           |
+| **Aliases**       | `manicode`                                                           |
+
+### Droid
+
+Reads Factory Droid session settings files and uses sibling JSONL session text to recover a model name when Droid only records a provider lock.
+
+|                   |                                                   |
+| ----------------- | ------------------------------------------------- |
+| **Data location** | `~/.factory/sessions/*.settings.json`             |
+| **Override**      | Set `TOKENLEAK_DROID_DIR` environment variable    |
+| **Provider name** | `droid`                                           |
+| **Aliases**       | `factory`                                         |
+
+### Qwen
+
+Reads Qwen CLI project JSONL logs. Assistant records with `usageMetadata` are parsed for prompt, candidate, thought, and cached-content tokens.
+
+|                   |                                                 |
+| ----------------- | ----------------------------------------------- |
+| **Data location** | `~/.qwen/projects/**/*.jsonl`                   |
+| **Override**      | Set `TOKENLEAK_QWEN_DIR` environment variable   |
+| **Provider name** | `qwen`                                          |
+| **Aliases**       | None                                            |
+
+### Roo Code and Kilo Code
+
+Reads VS Code extension task logs from `ui_messages.json` and uses sibling `api_conversation_history.json` metadata to recover the selected model.
+
+|                   |                                                                                                  |
+| ----------------- | ------------------------------------------------------------------------------------------------ |
+| **Roo data**      | `~/.config/Code/User/globalStorage/rooveterinaryinc.roo-cline/tasks/**/ui_messages.json`         |
+| **Kilo data**     | `~/.config/Code/User/globalStorage/kilocode.kilo-code/tasks/**/ui_messages.json`                 |
+| **Override**      | Set `TOKENLEAK_ROO_CODE_DIR` or `TOKENLEAK_KILO_CODE_DIR` environment variable                   |
+| **Provider names** | `roo-code`, `kilo-code`                                                                          |
+| **Aliases**       | `roo`, `roocode`, `kilocode`                                                                      |
+
+### Kimi CLI
+
+Reads Kimi CLI wire-protocol JSONL files. `StatusUpdate` messages provide input, output, and cache token counts.
+
+|                   |                                                   |
+| ----------------- | ------------------------------------------------- |
+| **Data location** | `~/.kimi/sessions/**/wire.jsonl`                  |
+| **Override**      | Set `TOKENLEAK_KIMI_DIR` environment variable     |
+| **Provider name** | `kimi`                                            |
+| **Aliases**       | `kimi-cli`                                        |
+
+### Kilo CLI
+
+Reads Kilo CLI SQLite usage rows from the local Kilo data directory. This is separate from the VS Code Kilo Code extension provider (`kilo-code`).
+
+|                   |                                                   |
+| ----------------- | ------------------------------------------------- |
+| **Data location** | `~/.local/share/kilo/kilo.db`                     |
+| **Override**      | Set `TOKENLEAK_KILO_DIR` environment variable     |
+| **Provider name** | `kilo`                                            |
+| **Aliases**       | `kilo-cli`                                        |
+
+### Mux
+
+Reads Mux session usage JSON files and preserves provider-reported per-model cost totals when present.
+
+|                   |                                                   |
+| ----------------- | ------------------------------------------------- |
+| **Data location** | `~/.mux/sessions/**/session-usage.json`           |
+| **Override**      | Set `TOKENLEAK_MUX_DIR` environment variable      |
+| **Provider name** | `mux`                                             |
+| **Aliases**       | None                                              |
+
+### Crush
+
+Reads project-level Crush SQLite databases discovered from the Crush project registry. Crush exposes reliable session-level cost even when token breakdown is unavailable, so Tokenleak preserves cost without fabricating tokens.
+
+|                   |                                                                          |
+| ----------------- | ------------------------------------------------------------------------ |
+| **Data location** | `${XDG_DATA_HOME:-~/.local/share}/crush/projects.json` project registry  |
+| **Override**      | Set `TOKENLEAK_CRUSH_DIR` environment variable                           |
+| **Provider name** | `crush`                                                                  |
+| **Aliases**       | None                                                                     |
+
+### OpenClaw
+
+Reads OpenClaw agent transcripts and optional `sessions.json` indexes. Model-change and model-snapshot records establish the model for assistant usage rows.
+
+|                   |                                                           |
+| ----------------- | --------------------------------------------------------- |
+| **Data location** | `~/.openclaw/agents/**/*.jsonl*`                          |
+| **Override**      | Set `TOKENLEAK_OPENCLAW_DIR` environment variable         |
+| **Provider name** | `openclaw`                                                |
+| **Aliases**       | `open-claw`                                               |
+
+### Hermes
+
+Reads aggregated Hermes Agent session rows from the local SQLite state database. The parser accepts schema variants where optional cost or cache columns are absent, as long as `id`, `model`, `started_at`, and at least one token or cost signal are present.
+
+|                   |                                                   |
+| ----------------- | ------------------------------------------------- |
+| **Data location** | `${HERMES_HOME:-~/.hermes}/state.db`              |
+| **Override**      | Set `HERMES_HOME` or `TOKENLEAK_HERMES_DIR`       |
+| **Provider name** | `hermes`                                          |
+| **Aliases**       | `hermes-agent`                                    |
+
+### Goose
+
+Reads Goose session totals from the local `sessions.db` SQLite database. Tokenleak scans the XDG path by default; use the override for macOS Application Support or legacy Block/goose locations.
+
+|                   |                                                                 |
+| ----------------- | --------------------------------------------------------------- |
+| **Data location** | `${XDG_DATA_HOME:-~/.local/share}/goose/sessions/sessions.db`   |
+| **Override**      | Set `TOKENLEAK_GOOSE_DIR` or `GOOSE_PATH_ROOT`                  |
+| **Provider name** | `goose`                                                         |
+| **Aliases**       | None                                                            |
+
+### Antigravity
+
+Reads normalized Antigravity JSONL cache files. Tokenleak does not currently connect to the local Antigravity language-server RPC or create this cache; place compatible JSONL artifacts in the cache directory first.
+
+|                   |                                                                    |
+| ----------------- | ------------------------------------------------------------------ |
+| **Data location** | `~/.config/tokenleak/antigravity-cache/sessions/*.jsonl`           |
+| **Override**      | Set `TOKENLEAK_ANTIGRAVITY_DIR` environment variable               |
+| **Provider name** | `antigravity`                                                      |
+| **Aliases**       | None                                                               |
+
+### Zed Agent
+
+Reads hosted Zed Agent rows from Zed's `threads.db`. External ACP agent rows are ignored to avoid double-counting usage that belongs to another provider.
+
+|                   |                                                                             |
+| ----------------- | --------------------------------------------------------------------------- |
+| **Data location** | `${XDG_DATA_HOME:-~/.local/share}/zed/threads/threads.db`                   |
+| **Override**      | Set `TOKENLEAK_ZED_DIR` environment variable                                |
+| **Provider name** | `zed`                                                                       |
+| **Aliases**       | `zed-agent`                                                                 |
+
+### Kiro
+
+Reads Kiro CLI session JSON files with explicit turn token metadata. SQLite import can be enabled by pointing the override at a compatible local data source.
+
+|                   |                                                   |
+| ----------------- | ------------------------------------------------- |
+| **Data location** | `~/.kiro/sessions/cli/*.json`                     |
+| **Override**      | Set `TOKENLEAK_KIRO_DIR` environment variable     |
+| **Provider name** | `kiro`                                            |
+| **Aliases**       | None                                              |
+
+### Trae
+
+Reads cached Trae usage API JSON files. Tokenleak does not currently authenticate with Trae or fetch this cache; export or sync compatible JSON first, then point Tokenleak at the cache.
+
+|                   |                                                            |
+| ----------------- | ---------------------------------------------------------- |
+| **Data location** | `~/.config/tokenleak/trae-cache/sessions/*.json`           |
+| **Override**      | Set `TOKENLEAK_TRAE_DIR` environment variable              |
+| **Provider name** | `trae`                                                     |
+| **Aliases**       | None                                                       |
+
+### Synthetic
+
+Reads Octofriend/Synthetic SQLite token rows when available. Synthetic is also kept as an explicit provider filter so it does not duplicate unrelated provider usage during normal all-provider scans.
+
+|                   |                                                       |
+| ----------------- | ----------------------------------------------------- |
+| **Data location** | `~/.local/share/octofriend/sqlite.db`                 |
+| **Override**      | Set `TOKENLEAK_SYNTHETIC_DIR` environment variable    |
+| **Provider name** | `synthetic`                                           |
+| **Aliases**       | `octofriend`                                          |
+
 ### OpenCode
 
 Reads usage data from current OpenCode message storage when available. Falls back to legacy SQLite databases or legacy JSON session files.
@@ -695,6 +994,28 @@ All fields are optional. Only include the ones you want to override.
 | `CLAUDE_CONFIG_DIR` | `~/.claude` | Claude Code configuration directory |
 | `CODEX_HOME` | `~/.codex` | Codex home directory |
 | `TOKENLEAK_CURSOR_DIR` | `~/.config/tokenleak` | Cursor credentials/cache root (`cursor-credentials.json`, `cursor-cache/`) |
+| `TOKENLEAK_GEMINI_DIR` | `~/.gemini/tmp` | Gemini CLI temp/session directory |
+| `TOKENLEAK_COPILOT_OTEL_DIR` | `~/.copilot/otel` | GitHub Copilot OTEL JSONL directory |
+| `TOKENLEAK_AMP_DIR` | `${XDG_DATA_HOME:-~/.local/share}/amp/threads` | Amp thread directory |
+| `TOKENLEAK_CODEBUFF_DIR` | `~/.config/manicode` | Codebuff/Manicode project chat root |
+| `TOKENLEAK_DROID_DIR` | `~/.factory/sessions` | Droid session settings directory |
+| `TOKENLEAK_QWEN_DIR` | `~/.qwen/projects` | Qwen project log directory |
+| `TOKENLEAK_ROO_CODE_DIR` | VS Code Roo Code task storage | Roo Code task-log directory |
+| `TOKENLEAK_KILO_CODE_DIR` | VS Code Kilo Code task storage | Kilo Code task-log directory |
+| `TOKENLEAK_KIMI_DIR` | `~/.kimi` | Kimi CLI root directory |
+| `TOKENLEAK_KILO_DIR` | `~/.local/share/kilo/kilo.db` | Kilo CLI SQLite database path |
+| `TOKENLEAK_MUX_DIR` | `~/.mux/sessions` | Mux session usage directory |
+| `TOKENLEAK_CRUSH_DIR` | Crush project registry discovery | Crush data directory or `crush.db` path |
+| `TOKENLEAK_OPENCLAW_DIR` | `~/.openclaw/agents` | OpenClaw agent transcript directory |
+| `TOKENLEAK_HERMES_DIR` | `~/.hermes` | Hermes directory containing `state.db` |
+| `HERMES_HOME` | `~/.hermes` | Hermes home directory |
+| `TOKENLEAK_GOOSE_DIR` | `${XDG_DATA_HOME:-~/.local/share}/goose/sessions/sessions.db` | Goose SQLite database path |
+| `GOOSE_PATH_ROOT` | unset | Goose root directory override |
+| `TOKENLEAK_ANTIGRAVITY_DIR` | `~/.config/tokenleak/antigravity-cache/sessions` | Antigravity normalized JSONL cache directory |
+| `TOKENLEAK_ZED_DIR` | `${XDG_DATA_HOME:-~/.local/share}/zed/threads/threads.db` | Zed Agent SQLite database path |
+| `TOKENLEAK_KIRO_DIR` | `~/.kiro/sessions/cli` | Kiro CLI session JSON directory |
+| `TOKENLEAK_TRAE_DIR` | `~/.config/tokenleak/trae-cache/sessions` | Trae cached usage JSON directory |
+| `TOKENLEAK_SYNTHETIC_DIR` | `~/.local/share/octofriend/sqlite.db` | Synthetic/Octofriend SQLite database path |
 | `PI_CODING_AGENT_DIR` | `~/.pi/agent` | Pi coding agent directory (sessions live under `sessions/`) |
 
 ## What Tokenleak tracks

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "tokenleak",
-  "version": "2.1.0",
+  "version": "2.1.1",
   "description": "Visualise your AI coding-assistant token usage across providers — heatmaps, dashboards, and shareable cards.",
   "type": "module",
   "bin": {