codecash
transparency

We never read your code.

codecash shows one sponsored line in your agent's wait state — nothing more. Here is exactly what leaves your machine, what never does, and why an event can't be faked. This page is written from the actual request payloads in our client.

what we send

What leaves your machine

Every request the extension makes, and the complete set of fields in it. Nothing else is attached.

A device recordOnce, when you connect

The adapter (e.g. claude-cli), your OS name (e.g. darwin), and your Claude Code version — so we can check compatibility. No username, no machine name.

GET /api/ads/nextA fresh ad every ~20s while serving

Just your device token. The server picks a creative and returns it with a signed token and how long to show it before the next one. We send nothing about your editor, project, or code.

An impression (and, if you click, a click)After an ad is on screen 5s

The server-signed token we were handed, a random idempotency key, how many milliseconds the ad was visible, and a timestamp. That's the entire billable payload.

Funnel telemetryAs the ad lifecycle progresses

Which step happened (rendered → viewable → threshold), the adapter, the serve/creative ids, visible-ms, and a timestamp. Your identity is read from your token server-side — the client never sends it.

GET /api/me/earningsFor the earnings widget

Just your device token. We return your today/lifetime totals in micro-dollars.

what we never touch

What never leaves your machine

Your source code
File names or contents
Your prompts to the agent
The model's output
Your repo or project structure
Keystrokes
Your dependency list
Anything for ad targeting

Some tools in this category read your dependency files to target ads. We don't — there is no targeting pipeline, and there is no code path that opens your files.

how it's built

Why none of this can be faked

The render script never phones home

The status-line script only reads a small local cache file and prints one line. It makes zero network calls, backs up your original settings, restores them on uninstall, bounds every child process, and is built to never break your CLI.

Earnings are server-signed — the client can't mint them

Every impression is authorized by a token the server itself signed (Ed25519) and verifies on the way back in. A modified client can't fabricate an event or inflate view time; the server re-derives it.

Updates are signed; your editor is never patched

We use Claude Code's documented config (spinnerVerbs / statusLine) — we don't patch anyone's editor bundle. Auto-updates are signed and verified before they apply.

Your attention, your money, your choice.

Opt in, watch it, turn it off in one click — it never touches your work.

Start earning →