This CLI is the open-source client for tokenflexing. It is published in full so anyone can verify exactly what it does with your data.

It scans the local usage/session files your AI coding tools already write to disk (Claude Code, Codex, Cursor, OpenCode, Cline, Roo, Gemini CLI, and more) and extracts only token counts and cost metadata — never prompts, never completions, never file contents.

The scanner is intentionally limited to usage/token blocks. Grep the source for the parsers in src/cli.js to confirm: it reads input/output/cached token fields and model names, and nothing else.

• The CLI holds no database credentials and no secrets. None.
• It talks to exactly one public endpoint, https://tokenflex.ing (overridable via the TOKENFLEX_SITE env var — see Self-hosting).
• Writes require a per-user device token (tf_live_…) that you mint by signing in through your browser. The token is stored locally under your config dir (~/.config/tokenflexing/) and sent as a Bearer header on sync.

The server side (database, admin, API) is not in this repository. Reading or forking 100% of this client gives an attacker nothing, because every write to the hosted backend goes through an authenticated, validated API that enforces:

• device-token authentication (tokens stored only as SHA-256 hashes, bound to a user)
• row-level-security deny-by-default writes on the stats table
• server-side cost recomputation from token counts (client-supplied dollar figures are ignored), with hard per-source and per-user clamps
• rate limiting

A forked client can still only do what any signed-in user can: write that user's own, bounded usage row.

Point the CLI at your own backend with the TOKENFLEX_SITE env var:

TOKENFLEX_SITE=https://your-instance.example.com npx tokenflexing sync

Please do not open a public issue for security reports. Email the maintainer (see the GitHub profile) with details and steps to reproduce. We aim to respond within 72 hours.