If you discover a security vulnerability, please report it privately via GitHub Security Advisories.

Do not open a public issue for security vulnerabilities.

ccost is an offline CLI tool that reads local JSONL log files. It makes no network requests and stores no data. The primary security concern is safe handling of file paths and log content.