Cost Control

This package appears to implement exactly what it claims: a local cost tracker, an external watchdog that can kill a process, and a manual kill switch. Before installing or deploying: - Run code review and test in staging; verify record_call() is invoked reliably by your app. - Ensure the state directory (default ./state) is writable only by the intended user and not writable by untrusted users to prevent tampering (someone creating cost_emergency.flag or KILL_SWITCH will block API calls). - If using the watchdog, make sure your application writes state/app.pid with its own PID and that the PID path in cost_watchdog.py points to that file. Be careful: pointing the watchdog to the wrong PID file can kill other processes. - Prefer running the watchdog under a dedicated, unprivileged cron/systemd service and restrict who can edit its config or state files. - Consider adding safeguards: validate PID ownership (compare uid), check process command line/name before killing, enforce file permissions, and test kill/restart procedures. - Understand limitations in LIMITATIONS.md: file-based state is single-process, clock skew and delayed billing can cause false positives/negatives, and emergency recovery is manual. If you cannot enforce these deployment constraints or secure the state files, exercise caution — the feature that kills processes is necessary for the purpose but can be disruptive if misconfigured.