tokentracker-cli 0.47.3 → 0.49.0

package/src/lib/rollout.js

@@ -746,6 +746,9 @@ async function parseRolloutFile({
   let model = typeof lastModel === "string" ? lastModel : null;
   let totals = lastTotal && typeof lastTotal === "object" ? lastTotal : null;
   let currentCwd = null;
+  let currentDate = null;
+  let isForkedRollout = false;
+  const rolloutDate = rolloutDateFromPath(filePath);
   let currentProjectRef = projectRef || null;
   let currentProjectKey = projectKey || null;
   let eventsAggregated = 0;
@@ -756,7 +759,10 @@ async function parseRolloutFile({
     const maybeTurnContext =
       !maybeTokenCount &&
       (line.includes('"turn_context"') || line.includes('"session_meta"')) &&
-      (line.includes('"model"') || line.includes('"cwd"'));
+      (line.includes('"model"') ||
+        line.includes('"cwd"') ||
+        line.includes('"current_date"') ||
+        line.includes('"forked_from_id"'));
     if (!maybeTokenCount && !maybeTurnContext) continue;
 
     let obj;
@@ -771,6 +777,12 @@ async function parseRolloutFile({
       obj?.payload &&
       typeof obj.payload === "object"
     ) {
+      if (obj.type === "session_meta" && typeof obj.payload.forked_from_id === "string") {
+        isForkedRollout = obj.payload.forked_from_id.trim().length > 0;
+      }
+      if (obj.type === "turn_context" && typeof obj.payload.current_date === "string") {
+        currentDate = normalizeIsoDate(obj.payload.current_date);
+      }
       if (typeof obj.payload.model === "string") {
         model = obj.payload.model;
       }
@@ -812,6 +824,9 @@ async function parseRolloutFile({
       totals = totalUsage;
     }
 
+    // date matching is conservative; same-day fork replays are still counted.
+    if (isForkedReplayToken({ isForkedRollout, rolloutDate, currentDate })) continue;
+
     const bucketStart = toUtcHalfHourStart(tokenTimestamp);
     if (!bucketStart) continue;
 
@@ -1772,6 +1787,21 @@ function toUtcHalfHourStart(ts) {
   return bucketStart.toISOString();
 }
 
+function rolloutDateFromPath(filePath) {
+  const match = path.basename(String(filePath || "")).match(/^rollout-(\d{4}-\d{2}-\d{2})T/);
+  return match ? match[1] : null;
+}
+
+function normalizeIsoDate(value) {
+  const raw = typeof value === "string" ? value.trim() : "";
+  const match = raw.match(/^(\d{4}-\d{2}-\d{2})/);
+  return match ? match[1] : null;
+}
+
+function isForkedReplayToken({ isForkedRollout, rolloutDate, currentDate }) {
+  return Boolean(isForkedRollout && rolloutDate && currentDate && currentDate < rolloutDate);
+}
+
 function normalizeNonNegativeNumber(value) {
   const n = Number(value || 0);
   if (!Number.isFinite(n) || n <= 0) return 0;
@@ -2619,13 +2649,32 @@ async function parseCursorApiIncremental({
   const total = records.length;
 
   if (records.length > 0) {
-    for (const [key, bucket] of Object.entries(hourlyState.buckets || {})) {
-      const parsed = parseBucketKey(key);
-      const sourceKey = normalizeSourceInput(parsed.source) || DEFAULT_SOURCE;
-      if (sourceKey !== defaultSource) continue;
-      if (!bucket?.totals) continue;
-      bucket.totals = initTotals();
-      touchedBuckets.add(key);
+    // Guard (2026-06 audit): only wipe buckets the fetched export can
+    // actually rebuild. The wipe-then-refill design assumes the CSV is a
+    // FULL-history export; if Cursor ever windows or truncates the export,
+    // unconditionally zeroing every bucket would erase (and upload zeros
+    // over) all history older than the response. Wiping from the earliest
+    // record onward is identical for full exports and fail-safe for
+    // partial ones.
+    let earliestBucketStart = null;
+    for (const record of records) {
+      if (!record?.date) continue;
+      const b = toUtcHalfHourStart(record.date);
+      if (b && (!earliestBucketStart || b < earliestBucketStart)) earliestBucketStart = b;
+    }
+    // No parseable record date at all means the export is malformed —
+    // refilling would add nothing, so wiping would zero out (and upload
+    // zeros over) the entire history. Skip the wipe entirely.
+    if (earliestBucketStart) {
+      for (const [key, bucket] of Object.entries(hourlyState.buckets || {})) {
+        const parsed = parseBucketKey(key);
+        const sourceKey = normalizeSourceInput(parsed.source) || DEFAULT_SOURCE;
+        if (sourceKey !== defaultSource) continue;
+        if (!bucket?.totals) continue;
+        if (parsed.hourStart && parsed.hourStart < earliestBucketStart) continue;
+        bucket.totals = initTotals();
+        touchedBuckets.add(key);
+      }
     }
   }
 
@@ -3076,7 +3125,7 @@ function readHermesSessions(dbPath, lastCompletedEpoch, unfinishedSessionIds = [
   // in-progress (ended_at IS NULL), OR sessions that were previously observed
   // unfinished.  Hermes updates token counts in real-time, including a final
   // delta when an active session later gets ended_at set.
-  const sql = `SELECT id, model, started_at, ended_at, input_tokens, output_tokens, cache_read_tokens, cache_write_tokens, reasoning_tokens, message_count FROM sessions WHERE (started_at >= ${since} OR ended_at IS NULL${forceIncludeSql}) AND (input_tokens > 0 OR output_tokens > 0 OR cache_read_tokens > 0 OR reasoning_tokens > 0) ORDER BY started_at ASC`;
+  const sql = `SELECT id, model, started_at, ended_at, input_tokens, output_tokens, cache_read_tokens, cache_write_tokens, reasoning_tokens, message_count FROM sessions WHERE (started_at >= ${since} OR ended_at IS NULL${forceIncludeSql}) AND (input_tokens > 0 OR output_tokens > 0 OR cache_read_tokens > 0 OR cache_write_tokens > 0 OR reasoning_tokens > 0) ORDER BY started_at ASC`;
 
   let snapshot = null;
   let effectiveDbPath = dbPath;
@@ -3166,7 +3215,13 @@ async function parseHermesIncremental({ hermesPath, dbPath, cursors, queuePath,
       const cacheWrite = toNonNegativeInt(row.cache_write_tokens);
       const reasoning = toNonNegativeInt(row.reasoning_tokens);
       const messageCount = toNonNegativeInt(row.message_count);
-      if (inputTokens === 0 && outputTokens === 0 && cacheRead === 0 && reasoning === 0) continue;
+      if (
+        inputTokens === 0 &&
+        outputTokens === 0 &&
+        cacheRead === 0 &&
+        cacheWrite === 0 &&
+        reasoning === 0
+      ) continue;
 
       // Save current snapshot for next sync
       nextSnapshots[row.id] = { in: inputTokens, out: outputTokens, cacheRead, cacheWrite, reasoning, message_count: messageCount };
@@ -3850,13 +3905,26 @@ async function parseKiroCliIncremental({ sessionFiles, cursors, queuePath, onPro
     const updatedAt = new Date().toISOString();
     hourlyState.updatedAt = updatedAt;
     cursors.hourly = hourlyState;
-    cursors.kiroCli = { ...kiroCliState, requests: cappedEarly, updatedAt };
+    cursors.kiroCli = {
+      ...kiroCliState,
+      requests: cappedEarly.requests,
+      watermarkMs: Math.max(Number(kiroCliState.watermarkMs) || 0, cappedEarly.watermarkMs),
+      updatedAt,
+    };
     return { recordsProcessed: 0, eventsAggregated: 0, bucketsQueued };
   }
   const cb = typeof onProgress === "function" ? onProgress : null;
   let recordsProcessed = 0;
   let eventsAggregated = 0;
 
+  // 2026-06 audit fix: requests older than the persisted prune watermark were
+  // already counted once and had their cursor entry pruned by
+  // clampAndCapKiroCliState — re-processing them (prev === undefined) re-ADDED
+  // their tokens to the same bucket on every sync, inflating old buckets
+  // without bound. Skip them; the watermark only ever advances, and starts at
+  // 0 so a first-ever parse still ingests the full DB history.
+  const kiroCliWatermarkMs = Number(kiroCliState.watermarkMs) || 0;
+
   for (let i = 0; i < flat.length; i++) {
     const r = flat[i];
     recordsProcessed++;
@@ -3871,6 +3939,7 @@ async function parseKiroCliIncremental({ sessionFiles, cursors, queuePath, onPro
 
     const tsMs = Number(r.request_start_timestamp_ms);
     if (!Number.isFinite(tsMs) || tsMs <= 0) continue;
+    if (tsMs < kiroCliWatermarkMs) continue;
     const bucketStart = toUtcHalfHourStart(new Date(tsMs).toISOString());
     if (!bucketStart) continue;
 
@@ -3952,7 +4021,12 @@ async function parseKiroCliIncremental({ sessionFiles, cursors, queuePath, onPro
   const updatedAt = new Date().toISOString();
   hourlyState.updatedAt = updatedAt;
   cursors.hourly = hourlyState;
-  cursors.kiroCli = { ...kiroCliState, requests: cappedState, updatedAt };
+  cursors.kiroCli = {
+    ...kiroCliState,
+    requests: cappedState.requests,
+    watermarkMs: Math.max(kiroCliWatermarkMs, cappedState.watermarkMs),
+    updatedAt,
+  };
 
   return { recordsProcessed, eventsAggregated, bucketsQueued };
 }
@@ -3978,6 +4052,14 @@ function clampAndCapKiroCliState({ requestState, hourlyState, touchedBuckets })
   }
   // TASK-004: cap cursors.kiroCli.requests by age + count. Runs LAST so
   // nothing active or just-retracted is pruned mid-flight.
+  //
+  // 2026-06 audit fix: pruning an entry while readKiroCliRequests has no
+  // time floor meant the same request came back next sync with
+  // `prev === undefined` and was re-ADDED to its (old) bucket — every sync,
+  // forever. The returned watermarkMs records how far this prune reached;
+  // the parse loop skips any request older than the persisted watermark, so
+  // a pruned request can never be re-counted. First-ever parse still counts
+  // arbitrarily old history (watermark starts at 0).
   const ageCutoffMs = Date.now() - KIRO_CLI_CURSOR_MAX_AGE_MS;
   const cappedEntries = [];
   for (const [reqId, entry] of Object.entries(requestState)) {
@@ -3986,13 +4068,22 @@ function clampAndCapKiroCliState({ requestState, hourlyState, touchedBuckets })
     if (!Number.isFinite(ts) || ts < ageCutoffMs) continue;
     cappedEntries.push([reqId, entry, ts]);
   }
+  // +30min margin: entries are pruned by bucketStart (half-hour floor) while
+  // the parse loop skips by raw request ts, which can sit up to 30 minutes
+  // after its bucketStart. Without the margin a request whose bucket just
+  // crossed the cutoff would be pruned yet still pass the skip, re-adding for
+  // a few syncs until the watermark catches up.
+  let watermarkMs = ageCutoffMs + 30 * 60 * 1000;
   if (cappedEntries.length > KIRO_CLI_CURSOR_MAX_ENTRIES) {
     cappedEntries.sort((a, b) => b[2] - a[2]); // newest first
+    // Newest EVICTED entry sits at index MAX_ENTRIES after the sort; the
+    // watermark must clear it so count-capped evictions can't re-add either.
+    watermarkMs = Math.max(watermarkMs, cappedEntries[KIRO_CLI_CURSOR_MAX_ENTRIES][2] + 1);
     cappedEntries.length = KIRO_CLI_CURSOR_MAX_ENTRIES;
   }
   const capped = {};
   for (const [reqId, entry] of cappedEntries) capped[reqId] = entry;
-  return capped;
+  return { requests: capped, watermarkMs };
 }
 
 // Back-compat path: per-session .json files (the old fixture shape). Emits
@@ -5174,7 +5265,13 @@ async function parseRoocodeIncremental({
       const cacheReads = toNonNegativeInt(payload.cacheReads);
       const cacheWrites = toNonNegativeInt(payload.cacheWrites);
       if (tokensIn === 0 && tokensOut === 0 && cacheReads === 0 && cacheWrites === 0) {
-        seenIds.add(dedupKey);
+        // Cline-family extensions write `api_req_started` at request START
+        // (zero tokens) and back-fill the SAME message in place (same ts)
+        // once the request completes. Marking the zero placeholder as seen
+        // would skip the back-filled tokens forever — a sync racing an
+        // in-flight request silently under-counted that turn. Leave it
+        // unseen; the file-level mtime gate re-evaluates it when the task
+        // file is rewritten.
         continue;
       }
 
@@ -6443,7 +6540,10 @@ async function parseKilocodeIncremental({
       const cacheReads = toNonNegativeInt(payload.cacheReads);
       const cacheWrites = toNonNegativeInt(payload.cacheWrites);
       if (tokensIn === 0 && tokensOut === 0 && cacheReads === 0 && cacheWrites === 0) {
-        seenIds.add(dedupKey);
+        // See the roocode parser: `api_req_started` is written at request
+        // START with zero tokens and back-filled in place (same ts) on
+        // completion. Marking the placeholder seen would drop the
+        // back-filled tokens forever when a sync races an in-flight request.
         continue;
       }
 
@@ -6583,7 +6683,13 @@ async function parseOmpIncremental({
       const cacheWrite = toNonNegativeInt(usage.cacheWrite);
       const reasoningTokens = toNonNegativeInt(usage.reasoningTokens);
 
-      if (input === 0 && output === 0 && cacheRead === 0 && cacheWrite === 0) {
+      if (
+        input === 0 &&
+        output === 0 &&
+        cacheRead === 0 &&
+        cacheWrite === 0 &&
+        reasoningTokens === 0
+      ) {
         seenIds.add(entryId);
         continue;
       }
@@ -6826,7 +6932,13 @@ async function parsePiIncremental({
       const cacheWrite = toNonNegativeInt(usage.cacheWrite);
       const reasoningTokens = toNonNegativeInt(usage.reasoningTokens);
 
-      if (input === 0 && output === 0 && cacheRead === 0 && cacheWrite === 0) {
+      if (
+        input === 0 &&
+        output === 0 &&
+        cacheRead === 0 &&
+        cacheWrite === 0 &&
+        reasoningTokens === 0
+      ) {
         seenIds.add(entryId);
         continue;
       }

package/src/lib/usage-limits.js

@@ -677,8 +677,8 @@ function expandGeminiExecutableCandidates({ home } = {}) {
   return candidates;
 }
 
-function extractGeminiOauthClientCredentials({ commandRunner, home } = {}) {
-  const result = runCommand(commandRunner, "which", ["gemini"], { timeout: 2000 });
+async function extractGeminiOauthClientCredentials({ commandRunner, home } = {}) {
+  const result = await runCommand(commandRunner, "which", ["gemini"], { timeout: 2000 });
   const geminiPath = typeof result?.stdout === "string" ? result.stdout.trim() : "";
 
   const geminiPaths = [
@@ -732,7 +732,7 @@ async function refreshGeminiAccessToken({
   fetchImpl = fetch,
   commandRunner,
 }) {
-  const oauthClient = extractGeminiOauthClientCredentials({ commandRunner, home });
+  const oauthClient = await extractGeminiOauthClientCredentials({ commandRunner, home });
   if (!oauthClient?.clientId || !oauthClient?.clientSecret) {
     throw new Error("Gemini API error: Could not find Gemini CLI OAuth configuration");
   }
@@ -940,24 +940,97 @@ async function fetchGeminiLimits({ home, env, fetchImpl = fetch, commandRunner }
   }
 }
 
+// Async command runner. Previously this wrapped `cp.spawnSync`, which blocked the
+// Node event loop for the full command duration (up to 20s for Kiro) and froze every
+// other local-api endpoint plus the other providers' withProviderTimeout races.
+// Returns a promise for a spawnSync-shaped result: { status, stdout, stderr, error? }.
+// Injected runners (tests) may stay synchronous — their return value is wrapped in
+// Promise.resolve so both sync and async runners work.
 function runCommand(commandRunner, command, args, options = {}) {
-  const runner = typeof commandRunner === "function" ? commandRunner : cp.spawnSync;
-  return runner(command, args, {
+  const merged = {
     encoding: "utf8",
     maxBuffer: 10 * 1024 * 1024,
     ...options,
+  };
+  if (typeof commandRunner === "function") {
+    return Promise.resolve(commandRunner(command, args, merged));
+  }
+
+  const { timeout, maxBuffer, ...spawnOptions } = merged;
+  return new Promise((resolve) => {
+    let child;
+    try {
+      child = cp.spawn(command, args, { ...spawnOptions, stdio: ["ignore", "pipe", "pipe"] });
+    } catch (error) {
+      resolve({ status: null, stdout: "", stderr: "", error });
+      return;
+    }
+
+    let stdout = "";
+    let stderr = "";
+    let settled = false;
+    let timedOut = false;
+    let timer = null;
+    let hardTimer = null;
+
+    const settle = ({ status = null, error = null } = {}) => {
+      if (settled) return;
+      settled = true;
+      if (timer) clearTimeout(timer);
+      if (hardTimer) clearTimeout(hardTimer);
+      let finalError = error;
+      if (!finalError && timedOut) {
+        finalError = new Error(`spawn ${command} ETIMEDOUT`);
+        finalError.code = "ETIMEDOUT";
+      }
+      const result = { status, stdout, stderr };
+      if (finalError) result.error = finalError;
+      resolve(result);
+    };
+
+    if (Number.isFinite(timeout) && timeout > 0) {
+      timer = setTimeout(() => {
+        timedOut = true;
+        try { child.kill("SIGTERM"); } catch (_error) {}
+        // Guarantee settlement even if the child ignores SIGTERM or keeps stdio open.
+        hardTimer = setTimeout(() => {
+          try { child.kill("SIGKILL"); } catch (_error) {}
+          settle({ status: null });
+        }, 1000);
+        if (typeof hardTimer.unref === "function") hardTimer.unref();
+      }, timeout);
+    }
+
+    const collect = (stream, append) => {
+      if (!stream) return;
+      stream.setEncoding("utf8");
+      stream.on("data", (chunk) => {
+        append(chunk);
+        if (stdout.length + stderr.length > maxBuffer) {
+          const error = new Error(`spawn ${command} maxBuffer length exceeded`);
+          error.code = "ERR_CHILD_PROCESS_STDIO_MAXBUFFER";
+          try { child.kill("SIGKILL"); } catch (_error) {}
+          settle({ status: null, error });
+        }
+      });
+    };
+    collect(child.stdout, (chunk) => { stdout += chunk; });
+    collect(child.stderr, (chunk) => { stderr += chunk; });
+
+    child.on("error", (error) => settle({ status: null, error }));
+    child.on("close", (code) => settle({ status: timedOut ? null : code }));
   });
 }
 
-function whichBinary(binary, { commandRunner } = {}) {
-  const result = runCommand(commandRunner, "which", [binary], { timeout: 2000 });
+async function whichBinary(binary, { commandRunner } = {}) {
+  const result = await runCommand(commandRunner, "which", [binary], { timeout: 2000 });
   if (result?.error || result?.status !== 0) return null;
   const stdout = typeof result?.stdout === "string" ? result.stdout.trim() : "";
   return stdout ? stdout.split("\n")[0] : null;
 }
 
-function isBinaryAvailable(binary, { commandRunner } = {}) {
-  return whichBinary(binary, { commandRunner }) !== null;
+async function isBinaryAvailable(binary, { commandRunner } = {}) {
+  return (await whichBinary(binary, { commandRunner })) !== null;
 }
 
 function stripAnsi(text) {
@@ -1223,12 +1296,12 @@ async function fetchCopilotLimits({ home, env = process.env, fetchImpl = fetch }
   }
 }
 
-function fetchKiroLimits({ commandRunner, now = new Date() } = {}) {
-  if (!isBinaryAvailable("kiro-cli", { commandRunner })) {
+async function fetchKiroLimits({ commandRunner, now = new Date() } = {}) {
+  if (!(await isBinaryAvailable("kiro-cli", { commandRunner }))) {
     return { configured: false };
   }
 
-  const result = runCommand(
+  const result = await runCommand(
     commandRunner,
     "kiro-cli",
     ["chat", "--no-interactive", "/usage"],
@@ -1291,8 +1364,8 @@ function extractCommandFlag(command, flag) {
   return match?.[1] || null;
 }
 
-function detectAntigravityProcess({ commandRunner } = {}) {
-  const result = runCommand(commandRunner, "/bin/ps", ["-ax", "-o", "pid=,command="], {
+async function detectAntigravityProcess({ commandRunner } = {}) {
+  const result = await runCommand(commandRunner, "/bin/ps", ["-ax", "-o", "pid=,command="], {
     timeout: 4000,
   });
   const lines = String(result?.stdout || "").split("\n");
@@ -1494,7 +1567,7 @@ function clearClaudeRateLimitCooldown({ home } = {}) {
   } catch (_error) {}
 }
 
-function resolveLsofBinary({ commandRunner } = {}) {
+async function resolveLsofBinary({ commandRunner } = {}) {
   for (const candidate of ["/usr/sbin/lsof", "/usr/bin/lsof"]) {
     if (fs.existsSync(candidate)) return candidate;
   }
@@ -1513,12 +1586,12 @@ function parseListeningPorts(output) {
   return Array.from(ports).sort((a, b) => a - b);
 }
 
-function listAntigravityPorts(pid, { commandRunner } = {}) {
-  const lsof = resolveLsofBinary({ commandRunner });
+async function listAntigravityPorts(pid, { commandRunner } = {}) {
+  const lsof = await resolveLsofBinary({ commandRunner });
   if (!lsof) {
     throw new Error("Antigravity port detection needs lsof. Install it, then retry.");
   }
-  const result = runCommand(
+  const result = await runCommand(
     commandRunner,
     lsof,
     ["-nP", "-iTCP", "-sTCP:LISTEN", "-a", "-p", String(pid)],
@@ -1768,7 +1841,7 @@ async function probeAntigravityPort(port, csrfToken, { timeoutMs, requestFn } =
 }
 
 async function fetchAntigravityLimits({ home, commandRunner, requestFn, timeoutMs = 8000, nowMs = Date.now() } = {}) {
-  const processInfo = detectAntigravityProcess({ commandRunner });
+  const processInfo = await detectAntigravityProcess({ commandRunner });
   if (!processInfo.configured) {
     return readAntigravityLimitsCache({ home, nowMs }) || { configured: false };
   }
@@ -1787,7 +1860,7 @@ async function fetchAntigravityLimits({ home, commandRunner, requestFn, timeoutM
   };
 
   try {
-    const ports = listAntigravityPorts(processInfo.pid, { commandRunner });
+    const ports = await listAntigravityPorts(processInfo.pid, { commandRunner });
     let workingPort = null;
     for (const port of ports) {
       if (await probeAntigravityPort(port, processInfo.csrfToken, { timeoutMs, requestFn })) {
@@ -1864,7 +1937,29 @@ function withPlanLabel(obj, raw, brand) {
   return { ...obj, plan_label: normalizePlanLabel(raw, brand) };
 }
 
-async function getUsageLimits({
+// Single-flight guard: concurrent cache misses share one upstream fetch instead of
+// each triggering the full 9-provider round (Claude's OAuth usage endpoint 429s when
+// hammered). Survives an external resetUsageLimitsCache() (refresh=1 path in
+// local-api.js): a refresh arriving while a fetch is already running reuses that
+// in-flight fetch and returns its result.
+let inFlightFetch = null;
+
+async function getUsageLimits(options = {}) {
+  const nowMs = Date.now();
+  if (cache.data && nowMs - cache.fetchedAt < CACHE_TTL_MS) {
+    return cache.data;
+  }
+  if (inFlightFetch) {
+    return inFlightFetch;
+  }
+  const promise = fetchUsageLimitsUncached(options).finally(() => {
+    if (inFlightFetch === promise) inFlightFetch = null;
+  });
+  inFlightFetch = promise;
+  return promise;
+}
+
+async function fetchUsageLimitsUncached({
   home,
   env,
   platform,
@@ -1876,9 +1971,6 @@ async function getUsageLimits({
   providerTimeoutMs = DEFAULT_PROVIDER_TIMEOUT_MS,
 } = {}) {
   const nowMs = Date.now();
-  if (cache.data && nowMs - cache.fetchedAt < CACHE_TTL_MS) {
-    return cache.data;
-  }
 
   const [claudeToken, claudeSubscription, codexAuth] = await Promise.all([
     Promise.resolve().then(() => readClaudeCodeAccessToken({ platform, securityRunner, home })),
@@ -1949,7 +2041,7 @@ async function getUsageLimits({
       .catch((reason) => ({ configured: true, error: reason?.message || "Unknown error" })),
     withProviderTimeout(fetchGeminiLimits({ home, env, fetchImpl: providerFetch, commandRunner }), "Gemini", providerTimeoutMs)
       .catch((reason) => ({ configured: true, error: reason?.message || "Unknown error" })),
-    Promise.resolve().then(() => fetchKiroLimits({ commandRunner, now })),
+    fetchKiroLimits({ commandRunner, now }),
     fetchAntigravityLimits({ home, commandRunner, requestFn, nowMs }),
     withProviderTimeout(fetchCopilotLimits({ home, env, fetchImpl: providerFetch }), "GitHub Copilot", providerTimeoutMs)
       .catch((reason) => ({ configured: true, error: reason?.message || "Unknown error" })),
@@ -2043,6 +2135,7 @@ module.exports = {
   getUsageLimits,
   normalizePlanLabel,
   resetUsageLimitsCache,
+  runCommand,
   extractGeminiOauthClientCredentials,
   loadKimiCredentials,
   normalizeCursorUsageSummary,

package/src/lib/wrapped-aggregator.js

@@ -14,6 +14,14 @@
  * React Wrapped page.
  */
 
+// Lazy require to avoid loading the full local-api module (and its pricing
+// tables) until rows are actually aggregated. local-api.js itself requires
+// this module lazily inside a handler, so there is no top-level cycle either
+// way — but keeping this lazy preserves wrapped-aggregator as a light import.
+function normalizeQueueRow(row) {
+  return require("./local-api").normalizeQueueRow(row);
+}
+
 function isFiniteNumber(n) {
   return typeof n === "number" && Number.isFinite(n);
 }
@@ -70,7 +78,10 @@ function aggregateWrapped(rows, opts = {}) {
   for (const row of Array.isArray(rows) ? rows : []) {
     if (!row || typeof row !== "object") continue;
     const key = `${row.source || ""}|${row.model || ""}|${row.hour_start || ""}`;
-    dedup.set(key, row);
+    // Apply the same legacy-row corrections (codex inclusive-input, cursor
+    // billable=0) as local-api.js readQueueData so `tracker wrapped` matches
+    // the dashboard for identical data.
+    dedup.set(key, normalizeQueueRow(row));
   }
   const all = Array.from(dedup.values());