v0.4.0

What's new in v0.4.0

Claude Cowork usage now counts on the leaderboard.

Claude Cowork tracking

Claude Cowork — the Claude Desktop app's agentic "local agent mode" — runs in a local sandbox and writes the same session JSONL as the Claude Code CLI, just under the Desktop app's own data dir, where the daemon never looked. So Cowork token burn was invisible to the leaderboard. Now it's captured.

• The daemon discovers Cowork session transcripts under the Claude Desktop data dir (~/Library/Application Support/Claude/{local-agent-mode-sessions,claude-code-sessions}/…/.claude/projects/…) and parses them through the same Claude Code parser — full token counts (input / output / cache), per model, with the same de-duplication.
• Reported as a distinct claude_cowork source, so Cowork shows up separately from CLI usage (its sandbox project paths would otherwise mislabel the per-project view).
• On by default. Set TOKENLEADER_CLAUDE_COWORK=0 to disable, or point TOKENLEADER_CLAUDE_COWORK_DIR at a non-default Desktop data dir (Linux ~/.config/Claude, Windows %APPDATA%/Claude).
• Tolerates both the local-agent-mode-sessions and migrated claude-code-sessions layouts, and is scoped so the scan never descends into the multi-GB local VM bundle.

Scope

Cloud / remote Cowork sessions execute on Anthropic's servers and leave nothing on disk, so a local daemon can't see them — they're out of scope; only local Cowork is captured. Privacy is unchanged: token counts, model names, and timestamps — never message content.

Upgrade note

On by default means existing daemons backfill historical Cowork sessions from byte 0 on the first tick after upgrade. This is intended and de-dup-safe (keyed on message IDs), so re-reading never double-counts.

Quality

The new source reuses the existing Claude Code parser unchanged — parameterized only by its source tag — with discovery, parsing, tick routing, and ingest all covered by new tests. Shipped after a simplify / deslop / thermo-nuclear review pass; 581 tests, typecheck, and lint green.

Full diff: v0.3.0...v0.4.0

v0.3.0

What's new in v0.3.0

Cursor cloud sync — contributed by @octavi42 in #2. Thank you!

Cursor cloud sync

Track your real Cursor usage — accurate models, token counts, and costs — straight from Cursor's official dashboard API, instead of local heuristics.

• tokenleader login-cursor --auto (macOS) reads your signed-in Cursor IDE session automatically, verifies your account, and stores credentials for token refresh. No copy-pasting.
• Manual fallback on any platform: tokenleader login-cursor <token>, or tokenleader login-cursor - to read the token from stdin so it stays out of your shell history (pbpaste | tokenleader login-cursor -).
• Official usage is ingested as a new cursor source with real model names, tokens, and per-event cost.
• Automatic background backfill — once a token is saved, the daemon pulls your full dashboard history in bounded chunks across ticks (never blocking a tick), then settles into a cheap incremental window. tokenleader sync-cursor does the same full backfill immediately in the foreground.
• Local-Cursor fallback (cursor_local, parsed from state.vscdb) when cloud sync is unavailable; the server reconciles the two so the same usage is never double-counted.

Operator note

Server and daemon ship together — the server must accept source: "cursor" before daemons send it. The production server has already been updated for this release.

Hardening (from review)

Bounded/resumable pagination so no events are dropped at the page cap; window-pinned resume; corrupt-credential tolerance; request timeouts that survive a caller-supplied abort signal; redirect-safe credential requests; a per-event cost ceiling; and an isolated e2e harness.

Full diff: v0.2.2...v0.3.0

v0.2.2

tokenleader v0.2.2

Merges the project's first external contribution — PR #1 by @wing-anara.

Fixed

• Bounded, newline-aligned windowed reads (src/parser/read-slice.ts, 64 MiB cap) replace file.slice(offset).text(), which materialized a multi-GB session remainder as a single string and tripped the JS string-length ceiling as a native abort — bypassing the parsers' try/catch and causing a permanent daemon crash loop.
• Oversized single records (> 64 MiB) are now dropped and reported (oversize_record_skipped) instead of crashing the daemon.
• Off-by-one fix so a record exactly maxBytes long isn't dropped, and over-window record drops are surfaced instead of silently skipped.

Full diff: v0.2.1...v0.2.2

v0.2.1

tokenleader v0.2.1

Fixed

• Running tokenleader with no subcommand now prints CLI usage instead of the daemon's config_error. The single binary is both the launchd daemon and the user-facing CLI; they're disambiguated by the presence of TOKENLEADER_USER, which launchd always sets.

v0.2.0

tokenleader v0.2.0 — multi-device

One handle, many machines.

Added

• Multi-device support: a new user_devices table (one row per machine, sha256 of that machine's TOFU secret); /ingest authenticates against any active device.
• Link codes: tokenleader link (or admin POST /admin/link) mints a one-time, 10-minute, single-use code. A new machine installs with --link=CODE and redeems it on first ingest (X-Tokenleader-Link).
• Device management: tokenleader devices / tokenleader revoke, GET /devices, POST /devices/revoke, and a per-device fleet view.
• TOKENLEADER_COMPANY_ALIASES: operator-defined rewrites for self-reported company headers at ingest.
• README wired to the published Railway deploy template.

Security

• Server-side handle charset validation (/^[a-z0-9._-]{1,64}$/) in validateEvent, closing a metacharacter-in-handle vector.
• Durable revocation: a revoked device's secret is barred from auto-reclaim, so a kicked daemon can't resurrect.
• Rollback-drift reconciliation on auth-success and at boot.

Fixed

• The binary installs as anara-leaderboard but the CLI is invoked as tokenleader (command not found). The installer now drops a guarded tokenleader -> anara-leaderboard symlink, and the daemon self-heals one on boot — so auto-updated machines get it without reinstalling; the uninstaller removes it.

v0.1.0

tokenleader v0.1.0 — first public release

Self-hosted token-usage leaderboard for Claude Code, Codex CLI, and Cursor. It reports token counts, model names, and timestamps — never message content.

Highlights

• Server: Bun + Hono + bun:sqlite (single-file, WAL). Typed env configuration with zero required variables (src/server/config.ts owns the full contract, mirrored in .env.example and enforced by a parity test).
• macOS daemon (Apple Silicon + Intel) that parses local Claude Code / Codex CLI session logs and posts token counts, with sha256-verified, atomically-swapped auto-update.
• One-command install served by each team's own server (/install), with a matching /uninstall.
• Dashboard: React SPA (Vite + TanStack Router/Query) served by the same container; optional viewer token (TOKENLEADER_DASHBOARD_TOKEN) with a cookie-based /login.
• Stable API: GET /api/v1/usage with uniform half-open UTC ranges [since, until) (unix-ms or strict ISO-8601 input), optional bearer auth.
• Identity: per-user TOFU ingest identity, plus an optional join code (TOKENLEADER_JOIN_TOKEN) gating first claims of new leaderboard names.
• Cursor mirror (optional): server-side usage import via the Cursor Teams Admin API (off by default; requires an explicit email-to-handle map).
• Binary mirror: the server caches daemon binaries and manifest.json locally so teammate machines never call GitHub.
• Deploy targets: Dockerfile + docker-compose (ghcr.io image), Railway template, fly.toml; Litestream backup profile.
• Tag-driven release pipeline: one vX.Y.Z tag builds the daemons, emits the dual-shape manifest, publishes release assets, and pushes the multi-arch server image.