Open source update: my two AI coding tools now work across 7 agents and 4 cost providers. Here's what shipped and the numbers.

I build two open-source developer tools.

• CodeLedger tracks what AI coding costs you.
• vibecop catches the structural quality issues AI agents leave behind.

Both are free, MIT licensed, and I've been shipping them alongside my other projects.

This is a combined update because the new features on both sides complement each other. The thesis: if you're using AI coding assistants seriously, you need visibility into both cost and quality. Most people have neither tracked.

The market context

Pragmatic Engineer's 2026 developer survey found 70% of developers now use 2-4 AI coding tools simultaneously. The most common pattern: Cursor or Copilot for daily editing, Claude Code for complex tasks, Codex CLI for background work. Some teams assign different tools to different phases of development.

The cost side is getting real. Average spend is $100-200 per developer per month. Engineering leaders are forecasting 20-30% of total engineering OpEx flowing to AI tooling by late 2026. One developer was tracked at over $5,600 in equivalent API spend in a single month.

On quality, CodeRabbit analyzed 470 open-source pull requests and found AI co-authored code has 1.7x more major issues than human-written code. Misconfigurations are 75% more common. Security vulnerabilities are 2.74x higher.

What shipped in CodeLedger

CodeLedger started as a Claude Code-only cost tracker. The most requested feature was support for other tools. Now it tracks:

Multi-tool cost tracking: Claude Code, Codex CLI, Cline, and Gemini CLI. Zero API keys. Reads local session files directly. One dashboard shows total spend across all tools.

Budget enforcement:

• Set monthly, weekly, or daily limits per project or globally
• Proactive stderr alerts at 75% of your limit
• You find out you're approaching the cap before you blow past it

Spend anomaly detection:

• Flags unusual daily spikes compared to your 30-day average
• Last week it caught a runaway agent that was rewriting the same file in a loop. $47 day when my average is $12.

Expanded pricing:

• OpenAI models (o3-mini, o4-mini, gpt-4o, gpt-4.1) and Google models (gemini-2.5-pro, gemini-2.5-flash) priced alongside Anthropic
• Smarter daily tracking with precise per-day calculations

What shipped in vibecop

vibecop is a deterministic linter for AI-generated code. 22 detectors, AST-based via ast-grep. The big update:

Agent hooks (vibecop init):

One command. Sets up hooks for Claude Code, Cursor, Codex CLI, Aider, Copilot, Windsurf, and Cline. After that, vibecop auto-runs every time the AI writes code. You don't have to remember to scan. The AI polices itself.

This changed how I use the tool completely. Before, vibecop was something I ran manually before commits. Now it's a guardrail that's always on. The difference between "nice to have" and "infrastructure."

--format agent: Compresses findings to ~30 tokens each. When vibecop runs inside an AI agent, the agent gets the feedback without burning context window.

LLM-specific detectors (new category):

• exec() with dynamic arguments: shell injection. AI agents write exec(userInput) constantly.
• new OpenAI() without timeout: the AI forgets to set a timeout on the API client. Your server hangs.
• Unpinned model strings like "gpt-4o": AI writes the model it knows, not the one you should pin for production.
• Hallucinated package detection: flags npm deps not in the top 5K packages. AI agents invent packages that don't exist.
• Missing system messages / unset temperature in LLM API calls.

Finding deduplication: Same line, two detectors, now only the most specific finding shows. Less noise in scan results.

Numbers

• Revenue: $0 and $0. Both are open source, MIT licensed.
• CodeLedger version: v0.2.6+ (actively shipping)
• vibecop version: v0.1.3
• Tools tracked by CodeLedger: 4 (Claude Code, Codex CLI, Cline, Gemini CLI)
• Agent hooks supported by vibecop: 7 (Claude Code, Cursor, Codex CLI, Aider, Copilot, Windsurf, Cline)
• vibecop detectors: 22 + LLM-specific category
• Cost to build: $0 out of pocket (both built with AI coding assistants, which is delightfully ironic for a tool that catches AI coding mistakes)

How they work together

CodeLedger tells you: "You spent $47 today, 60% was Opus, mostly on the auth-service project."

vibecop tells you: "The auth-service has 12 god functions, 3 empty catch blocks, and an exec() call with a dynamic argument."

Cost visibility + quality visibility = a complete picture of what AI coding is actually doing to your codebase and your wallet.

What's next

• CodeLedger: Cursor session tracking (most requested, waiting on how Cursor exposes data), team dashboards
• vibecop: Cross-file analysis (duplicate code detection across files), more language support
• Both: Better docs, more community-contributed detectors for vibecop

npm install -g codeledger
npm install -g vibecop
vibecop init

GitHub:

• CodeLedger: https://github.com/bhvbhushan/codeledger
• vibecop: https://github.com/bhvbhushan/vibecop
• vibecop playground: https://vibecop-pg.bhvbhushan7.com/

For anyone building with AI coding assistants: are you tracking cost and quality, or is it still "it compiles, ship it"? Genuinely curious how other builders are handling this as AI tool usage scales up.