What you see
On a normal PAI install, the hourly CostTracker cron pops a macOS notification:
PAI cost alert: 12 NEW API-risk call site(s) since baseline 1 call site(s)
classified as BYPASS — review and patch
Because CostTracker exists to catch real Anthropic over-billing, this reads as
"money is leaking right now." It isn't.
Steps to reproduce
- A
package.json under a scan root (PULSE/, skills/, …) declares
@anthropic-ai/* as a dependency (the default install does).
- No baseline snapshot exists yet (
bun CostTracker.ts baseline never run).
- Run
bun CostTracker.ts alert-check (or wait for the cron).
Expected vs actual
- Expected: no alert. A dependency declaration never executes or bills;
the real SDK callers are guarded with delete process.env.ANTHROPIC_API_KEY.
- Actual:
package.json:<line> (the @anthropic-ai/... line) is classified
BYPASS → "review and patch"; and with no baseline, every site shows as
"NEW since baseline."
Root cause
classifyCallSite() special-cases .md as non-executable but not dependency
manifests, so the SDK-dependency string in package.json falls through to the
SDK→bypass branch. A missing baseline makes everything "NEW."
Impact
A cost/security guardrail that cries wolf trains the user to ignore it — so the
day a real bypass fires, it gets dismissed. A false positive in a security
tool is worse than silence.
Follow-ups (separate from the core fix)
- First-run UX: don't alarm "NEW since baseline" when no baseline exists —
prompt the user to run baseline instead.
- Notification: multiple alerts render as one run-on line with no separator and
no file path — hard to parse and not actionable.
Related false-negative (opposite direction): see the companion issue on the
broken x-api-key detector.
What you see
On a normal PAI install, the hourly CostTracker cron pops a macOS notification:
Because CostTracker exists to catch real Anthropic over-billing, this reads as
"money is leaking right now." It isn't.
Steps to reproduce
package.jsonunder a scan root (PULSE/,skills/, …) declares@anthropic-ai/*as a dependency (the default install does).bun CostTracker.ts baselinenever run).bun CostTracker.ts alert-check(or wait for the cron).Expected vs actual
the real SDK callers are guarded with
delete process.env.ANTHROPIC_API_KEY.package.json:<line>(the@anthropic-ai/...line) is classifiedBYPASS → "review and patch"; and with no baseline, every site shows as
"NEW since baseline."
Root cause
classifyCallSite()special-cases.mdas non-executable but not dependencymanifests, so the SDK-dependency string in
package.jsonfalls through to theSDK→bypass branch. A missing baseline makes everything "NEW."
Impact
A cost/security guardrail that cries wolf trains the user to ignore it — so the
day a real bypass fires, it gets dismissed. A false positive in a security
tool is worse than silence.
Follow-ups (separate from the core fix)
prompt the user to run
baselineinstead.no file path — hard to parse and not actionable.
Related false-negative (opposite direction): see the companion issue on the
broken
x-api-keydetector.