APAI.runv0.1
Registry/CostGuard

CostGuard

Token spend ceilings, spike alerts, anomaly detection, and emergency stop guidance for AI workspaces.

Medium risk
Cost guardv0.1.0-preview·by apai-officialVerified publisher (apai-official)See permission delta ->

About

Monitors model usage events from supported providers, computes rolling cost windows, raises alerts on cost spikes vs declared budget, and emits an emergency-stop signal that downstream agents can respect. Requires provider billing API access when connected. Monitors only; does not authorize spend.

Native install

For environments with file or shell access (Codex, Claude Code, Gemini CLI, Cursor, local CLI). v0.1: the apai CLI is a scaffold; real install behavior lands in Phase 1.

$ apai install costguard
$ apai passport costguard
$ apai audit costguard
$ apai rollback costguard

The apai CLI is a TypeScript scaffold at v0.1. See /honest-status for the full shipped vs stubbed list.

Prompt install

Hosted chat apps (ChatGPT, Claude, Gemini, Grok) cannot silently install software. Paste the snippet below into the chat to load the package protocol for the current conversation only.

Install card (paste into chat)

Paste this into any LLM that does not have shell access to your machine - chatgpt.com, claude.ai, gemini.google.com, grok.com - and the model will load the Capability Passport and apply the package protocol. If you are using Claude Code, Codex, Cursor, Gemini CLI, or another tool-enabled agent, use apai install instead - it produces a durable install receipt.

Install https://apai.run/packages/costguard for this chat. Load the capability passport. Track token cost only when usage metadata is supplied. Do not request billing credentials. Surface the cost summary; do not authorize spend.

Install card source: https://apai.run/packages/costguard/llms.txt

Capability Passport

APAI.passport.v0.1Capability Passport

Reads

  • ·Usage metadata supplied at runtime
  • ·Optional provider billing APIs when explicitly configured

Writes

  • ·Alerts and policy state to local store

Accesses

  • ·Provider billing endpoints only when operator-configured
$

Spends

  • ·No spend authorized - monitors spend only

Exposes

  • ·Aggregated cost metadata if cloud sync is enabled

Approvals required

  • ·Approval required for provider connection
  • ·Approval required for cloud sync

Rollback

Disconnect provider, delete local policy file, remove installed adapter. No remote state to revoke.

Scanner

heuristic-stub-v0- no findings on v0.1 regex + Unicode stub

heuristic-stub-v0 means the v0.1 scanner (13 suspicious-pattern regex checks + Unicode format-character detection) found nothing. It does NOT mean the package is certified safe. Real prompt-injection, OAuth-scope, and dependency scanning lands in Phase 5. See honest status.