Skip to content

fix(CostTracker): don't classify package.json SDK deps as BYPASS call sites#1318

Closed
ugiya wants to merge 1 commit into
danielmiessler:mainfrom
ugiya:fix/costtracker-manifest-classification
Closed

fix(CostTracker): don't classify package.json SDK deps as BYPASS call sites#1318
ugiya wants to merge 1 commit into
danielmiessler:mainfrom
ugiya:fix/costtracker-manifest-classification

Conversation

@ugiya

@ugiya ugiya commented May 30, 2026

Copy link
Copy Markdown

Problem

classifyCallSite() in CostTracker.ts special-cases .md files as non-executable, but never handled dependency manifests. When a package.json under a scan root (e.g. PULSE/, skills/) lists @anthropic-ai/* as a dependency, the @anthropic-ai/... RISK_PATTERN matches the manifest text; the file isn't .md, isn't in LEGIT_HINTS, and has no ANTHROPIC_API_KEY-delete guard, so it falls through to the "SDK" branch and is misclassified as a bypass call site.

Result: a phantom "N call site(s) classified as BYPASS — review and patch" cost alert — even though a dependency declaration never executes and never bills. The real runtime callers (e.g. PULSE/modules/telegram.ts, imessage.ts) are already correctly classified legit via the delete process.env.ANTHROPIC_API_KEY guard.

Reproduce

With @anthropic-ai/claude-agent-sdk declared in PULSE/package.json:

$ bun CostTracker.ts scan
🔴 ~/.claude/PAI/PULSE/package.json:3
   SDK call without ANTHROPIC_API_KEY-delete guard — will bill API if key present in env

That line is a manifest dependency, not a call site → false positive (and it fires the BYPASS alert).

Fix

Mirror the existing .md rule for dependency manifests / lockfiles (package.json, package-lock.json, bun.lock, bun.lockb, yarn.lock): they declare packages, they don't execute, so an SDK name appearing in them is a declaration, not a billing call site.

After the fix: package.json classifies legit, bypass: 0, alert-check → no alerts. Genuine executable risk patterns (SDK usage in .ts without the guard, claude --bare, raw x-api-key HTTP) still fire as before.

Note

In this repo CostTracker.ts currently lives only at Releases/v5.0.0/.claude/PAI/TOOLS/CostTracker.ts, so the fix is applied there. Happy to retarget if there's a canonical source location elsewhere.

🤖 Generated with Claude Code

@ugiya @claude
fix(CostTracker): treat package.json/lockfiles as non-executable mani…
bc3fd16 
…fests

classifyCallSite() special-cased .md as non-executable but never handled
dependency manifests. An @anthropic-ai/* entry in a package.json under a
scan root matched a RISK_PATTERN, fell through to the 'SDK' branch, and was
misclassified as a BYPASS call site — a false positive that fires a phantom
cost alert against an empty/stale baseline. Mirror the existing .md rule for
package.json / package-lock.json / bun.lock / bun.lockb / yarn.lock.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@ugiya

ugiya commented May 30, 2026

Copy link
Copy Markdown
Author

Superseded by the hardened rewrite in #1321 — SDK-gated manifest exemption, fixed x-api-key regex, raw-HTTP→bypass, baseline keyed on pattern id, + a bun test suite. That PR leads with the user-facing symptom and Fixes #1319 / #1320. Closing this v1.

@ugiya ugiya closed this May 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ugiya