Audit the silent token cost of your CLAUDE.md.

1. The bill is the wrong place to look

You opened your provider's usage page because the weekly limit slapped you on a Wednesday. Total tokens, daily breakdown, model split. Helpful for capacity planning, useless for the question you actually have: which file in my repo cost me that?

The usage page does not know your CLAUDE.md exists. ccusage (14.3K stars on GitHub, the most popular community cost CLI) reads the same total. claude-meter shows the running tally. None of them attribute a single token back to a specific line. That is what we mean by silent. The cost is real, the cause is specific, the surface you are looking at does not show the link.

A CLAUDE.md gets re-sent in full on every turn. A 6,000-token file across a 30-turn session is 180,000 input tokens, every session, whether you touched the file that day or not. The audit is the tool that breaks that number down per line.

2. The four silent surcharges

ccmd's analyzer surfaces seven finding kinds in total. Four of them are cost findings: bytes you are paying for that produce no proportional behavior. The other three (aspirational, conflict, missing_why behaviorally) are behavior findings; covered in the sibling silent failure audit.

The columns: left is what the detector matches on, right is what the surcharge actually does to your token bill. None of these appear in any log on any usage page.

3. cache_bust: the 10x silent surcharge

One finding kind is marked severity: "high" in the analyzer. It is the only one. The detector lives at line 194 of src/lib/analyzer.ts:

The regex matches an ISO date, the word "today", the phrase "this session", or "right now" in the first 20 lines. Why those four shapes? Because they are the shapes a senior engineer drops into a CLAUDE.md without thinking, assuming the agent needs orientation: Today is 2026-05-21 at the top, or We are mid-sprint on the subscriptions rewrite in the lede.

Anthropic's prompt cache returns roughly a 10x discount on cached input tokens (read tokens vs cold tokens, look it up in the model pricing page). A cache hit needs a byte-identical prefix. One line at the top of your file that mutates session to session breaks the prefix and forces a full cold read on every turn. The math is the same file, two bills, an order of magnitude apart. There is no warning on the second bill that says "your cache hit rate dropped to zero today."

4. duplicate: paying twice for one signal

The duplicate detector at line 207 normalises each line (trim, lowercase) and flags any line that matches an earlier one of at least 10 characters. The usual cause is paste from a sibling project's CLAUDE.md, or one rule that crept into both an ## Always block and a ## Style block as the file grew.

The token cost of a duplicate is exact: every byte of the duplicate ships every turn, costs full input rate, conveys no new signal. The analyzer attributes the per-line bytes to tokenSavings, so a one-line duplicate that's 14 tokens long shows up as 14 tokens per turn, or 420 tokens across a 30-turn session, recoverable by deleting the second copy.

5. bloat: tokens shipped, words ignored

The bloat detector at line 150 flags any rule line over 28 words. The threshold is empirical: rule lines past roughly 25 words consistently get treated as one signal by the model, and the back half tends to be ignored. Sentences like "we deploy to Vercel from main with preview deploys on every PR which means we have to be careful about migrations and we use a separate staging DB for that purpose so do not run destructive migrations without confirming first" fire the detector. You pay for every word, the agent reads the first half.

The analyzer estimates recoverable bytes at 35 percent of the line's token count, conservatively. Split the line into 2 or 3 short directives, each one actionable, and you recover the bytes and get more reliable behavior. Two silent surcharges cancelled by one edit.

6. dead-rule waste: bytes that buy no behavior

The vague detector at line 163 holds 14 untestable terms: appropriate, properly, carefully, as needed, where applicable, when possible, and nine more. A line that says "handle edge cases appropriately" ships its tokens every turn and produces no testable behavior change. The agent did something. You cannot tell whether it followed the rule.

missing_why is the same cost pattern from a different shape: a NEVER or DO NOTwith no "because" in the next four lines. The agent follows until an edge case shows up, then guesses, and the rule was load-bearing on the case it was guessing about. Tokens spent, guardrail not delivered.

Neither of these has a per-line dollar cost the way cache_bust and duplicate do, but they add up. A 40-line ## Always block where half the rules are vague is half the tokens of that block, every turn, that buy nothing.

7. The audit, in one paste

Paste your file into the textarea on ccmd.dev. The detector walks the bytes, returns a line-numbered list of findings, attributes per-line savings, and prints the three cost states (cold, cached, cache-busted). The numbers come from the constants at lines 266 to 267, here verbatim from the file:

A representative output on a 6,000-token file with one dated line near the top, one duplicate rule, one bloat line, and one missing-why:

The four red lines at the bottom are the surcharges. None of them show up on the bill. All of them ship every turn.

8. What the audit does not catch (yet)

• Subagent inheritance. A subagent launched from your session loads its own context; the parent CLAUDE.md does not always carry. The cost shows up multiplied across subagents in long-running pipelines. See /t/subagent-claude-md-inheritance.
• Layered files. Project CLAUDE.md plus user CLAUDE.md plus an AGENTS.md plus a nested CLAUDE.md in a subdir all ship together on a given turn. Per-file cost without per-file attribution is the same silent problem one layer up. See /t/layered-claude-md-token-cost.
• settings.json contradictions. A "never run destructive shell commands" rule plus a permissive Bash allowlist in .claude/settings.json is the silent rule that ships and silently does not work. Not a cost surcharge directly; a behavioral surcharge. On the analyzer roadmap.