DEV Community

Cover image for Your AI coding bill is a black box. I tried to fix that without becoming spyware and help collaborate
Teddy
Teddy

Posted on

Your AI coding bill is a black box. I tried to fix that without becoming spyware and help collaborate

In May 2026, Uber said it burned its full-year AI budget in four months. Microsoft started rationing agent access. If you've shipped Claude Code, Cursor, or Copilot to a team, you already feel it: the invoice goes up and to the right, and nobody can answer the only two questions that matter —

What is all this spend for?
Are we about to blow the budget?
The tools that exist answer neither well. LLM gateways (LiteLLM, Portkey, Bifrost) enforce budgets — but by API key, at your app's boundary, divorced from business value. Cursor/Copilot analytics show per-developer usage — but they're single-vendor and, frankly, shaped like surveillance.

So I built Abenlux (Apache-2.0): an AI spend TO value attribution plane that works across the major IDE and CLI coding tools, ties spend to a business objective by a join, not a guess, tells you what each token was for, catches budget overruns before they happen — and keeps individual developers private from management by construction. I have put it to use with a smallish team of about 30+ devs across 3 feature teams and It continues to evolve with fixes and features.

Three capabilities exist separately in the market. Abenlux is the only thing that fuses all three:

Cross-tool capture — Claude Code, Codex, Gemini CLI, Cursor, Copilot, aider, Cline, Continue, opencode, Crush, Pi, Droid… normalized to one schema. This is still evolving, more coverage in coming days.
Spend → value by join — branch/ticket → objective, priced in dollars, with purpose (new feature vs bug fix vs refactor), budgets, forecast, and drift.
Co-determination-grade privacy — redaction on the device, derived-only persistence, k-anonymity, and RBAC where no role, not even admin, can see another individual's rows.

Stop two people from solving the same problem twice — double-blind

Here's a quiet tax nobody budgets for: across a big team, people burn tokens re-solving things a colleague already figured out last sprint. The naive fix — a "these two are doing duplicate work" report on a manager's desk — is an efficiency-policing weapon, and it kills the exploration that
produces good engineering. So Abenlux does it peer-to-peer and double-blind.

Matching runs on abstracted topic embeddings (technique level, not your client's deliverable), and two walls are enforced in code: it never crosses an engagement Chinese-wall (different clients don't match) or a data-residency boundary. When there's a hit, you get a private nudge — not your manager :)

collab · A colleague is working on "Temporal saga for the approval workflow" right now.
Want a double-blind intro?

Two modes:

  • live duplication — two developers circling the same problem right now → talk before you both spend a day on it.
  • solved reuse — you're starting something the org already cracked → here's the generalized, redacted pattern. Reuse beats re-solve, and it's async, which is what a globally-distributed team actually needs.

The privacy mechanic is the whole point: matching needs identity, governance demands anonymity.
Abenlux resolves it with a mutual-consent handshake — identities are revealed only when both people opt in. Until then your peer is "a colleague (hidden)," and nothing about the match is ever visible to management.

# from the test suite — the contract, enforced
assert broker.submit(topic("alice", saga, client="acme"))        == []            # first to arrive, no match yet
assert broker.submit(topic("bob",   saga, client="acme"))[0].mode == "live_duplication"
assert broker.submit(topic("x", same_topic, client="globex"))    == []            # Chinese wall: different client, never matched
assert broker.mutually_consented("alice", "bob") is False                         # hidden until BOTH consent
Enter fullscreen mode Exit fullscreen mode

In the dashboard's My view it shows up as a card with a "Request intro" button — and the peer's name only appears once they've requested one back.

The trick: instrument the orchestration layer, on the device
The privacy posture is the pipeline order, and it runs on the developer's machine:

capture (full content, in-flight only)
  → REDACT        destroy secrets/PII before anything is written
  → DERIVE        embeddings + token facts + cost + purpose (vectors & labels, not text)
  → ATTRIBUTE     join work-context → objective, flag orphan spend
  → PSEUDONYMIZE  one-way HMAC the actor, drop the raw id
  → PERSIST       the DerivedRecord only — raw content is discarded here
  → FORWARD       ship the content-free record to the central collector
Enter fullscreen mode Exit fullscreen mode

A central gateway would see every prompt before redaction — that's how an observability tool quietly becomes a credential-exfiltration pipeline. So the developer runs a tiny edge agent locally, only the content-free DerivedRecord ever leaves the machine. There is no central, management-readable store of anyone's prompts. That asset never exists.

Developers are informed ambiently — no new app
The dashboard is for management. Developers get four private channels, none requiring a browser:

abenlux me        # your spend + waste/collab nudges
abenlux watch     # live terminal tail of your private signals
abenlux graph     # your on-device knowledge graph 
+ native desktop toasts, automatically
Enter fullscreen mode Exit fullscreen mode

abenlux graph is the developer's personal, on-device knowledge graph — objectives → tickets → purpose → tools/models → the vocabulary the system taught itself:

== Your Abenlux knowledge graph (local, private to this machine) ==
142 calls · $318.50 · 61,200,000 tokens
Objectives you work on:

  • Acme - Checkout Platform $190.20 (88 calls)
    • SHOP-1 feature $96.75
    • SHOP-2 fix $43.10 What the spend is for: feature $130 fix $90 refactor $61 test $30 Self-learned intent vocabulary: fix: race condition, rebalance storm, … It never leaves the machine. It is not the management plane.

Try it in 60 seconds (no API keys)

git clone https://github.com/sarkar4777/abenlux
cd abenlux && make install
make demo # redact → price → attribute → classify → pseudonymize, offline
make test # 156 tests
Want to see a real tool captured without spending tokens? There's a protocol-correct mock upstream:

abenlux mock                                                  # terminal A
Enter fullscreen mode Exit fullscreen mode
ABEN_ANTHROPIC_UPSTREAM=http://127.0.0.1:9111 abenlux gateway # terminal B
Enter fullscreen mode Exit fullscreen mode
ANTHROPIC_BASE_URL=http://127.0.0.1:8088 aider                # terminal C
Enter fullscreen mode Exit fullscreen mode
abenlux me
Enter fullscreen mode Exit fullscreen mode

Pointing your tool at the agent is one line — abenlux onboard prints the exact setup for your OS/shell.

Repo
https://github.com/sarkar4777/abenlux — Apache-2.0, contributions welcome.

If you're rolling out AI coding tools and your finance team has started asking pointed questions, this is the plane that answers them without turning into developer surveillance. I'd genuinely love feedback — especially on the privacy model and the self-learning loop.

Top comments (0)