From credo
Governs API budget caps, reset rules, and commit-identity gate for Claude Code. Activates when starting autonomous work, spawning subagents, near a limit, or before a commit.
How this skill is triggered — by the user, by Claude, or both
Slash command
/credo:budgetThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
This skill is the one place that decides how much API budget may be spent and what to do
This skill is the one place that decides how much API budget may be spent and what to do as a limit fills up. It is config-driven: the cap schedule and thresholds live in the credo config, this skill explains how to read and apply them. It also owns the commit-identity gate that must pass before any commit.
There are three completely separate budget axes. Keep them strictly apart; a rule for one never applies to another:
five_hour.utilization (percent used). This skill governs it.seven_day.utilization (percent used).
This skill governs it.compact.thresholds config, not here. Do not mix it into 5h/weekly reasoning.When you say "budget" be explicit about which axis. "5h at 80 percent" and "context at 80 percent" are unrelated facts with unrelated responses.
The limit plugin is a PREREQUISITE for all budget data. If it is absent, budget features are silently unavailable - do not error, just note that budget data cannot be read and fall back to the fail-safe caps below.
Two ways to read the current numbers:
The [limit] ... | 5h X% | Weekly Y% context line, injected by the limit plugin's hook.
When that line is present, use those percentages directly - no file read needed.
The limit cache file for exact values and reset timestamps. Use the read-only helper:
"${CLAUDE_PLUGIN_ROOT}/scripts/credo-budget-read.sh" # key=value lines
"${CLAUDE_PLUGIN_ROOT}/scripts/credo-budget-read.sh" --json # trimmed JSON
It finds the newest /tmp/claude-mb-limit-cache_*.json (one per profile), checks the
file is fresh, and prints five_hour_utilization, five_hour_resets_at,
seven_day_utilization, seven_day_resets_at, seven_day_sonnet_utilization, plus the
cache age. Exit codes: 0 fresh data printed, 3 no cache (limit plugin absent), 4
cache stale (do not use). Only use the cache when it is present AND fresh; a stale cache
(old mtime, limit plugin dormant) must NOT be trusted - treat it like absent.
~/.claude/.credentials.json or any OAuth token.The cap schedule is a universal default in the config under budget.schedule; read it,
do not re-invent it. Each entry has day, window, five_hour_cap, weekly_cap
(percentages). Read it with:
"${CLAUDE_PLUGIN_ROOT}/scripts/credo-config.sh" get budget.schedule
"${CLAUDE_PLUGIN_ROOT}/scripts/credo-config.sh" get budget.work_hours
"${CLAUDE_PLUGIN_ROOT}/scripts/credo-config.sh" get budget.five_hour
The schedule renews daily. How to pick the row that applies now:
budget.work_hours gives start (default 9) and end (default 17). Work hours apply
Mon-Fri only; on Saturday and Sunday there is no work-hours row.window for the day:
all_day - the whole day (Sunday).work_hours - Mon-Fri, hour in [start, end).off_hours - Mon-Thu, outside [start, end).after_17 - Friday from end onward.before_reset / after_reset - Saturday, split at the weekly reset (seven_day.resets_at,
around 18:00 local): before the reset the weekly ceiling is high (weekend catch-up),
after the reset the fresh week starts low again.five_hour_cap is the hard 5h cap for now; weekly_cap is the
weekly ceiling for now.For the 5-hour axis, off-hours use a soft/hard band from budget.five_hour:
soft_percent (default 92, warn and start winding down) and hard_percent (default 95,
stop). The schedule's five_hour_cap for off-hours rows equals the hard value. Work-hours
rows cap the 5h window low (default 40) so the 09:00 guard below can hold.
Worked examples (with the shipped defaults):
work_hours row -> 5h cap 40, weekly cap 60.off_hours row -> 5h band soft 92 / hard 95, weekly cap 60.work_hours -> 5h cap 40, weekly cap 80.after_17 -> 5h soft 92 / hard 95, weekly cap 99.before_reset -> 5h 95, weekly 99.after_reset -> 5h 95, weekly 30.all_day -> 5h 95, weekly 30.An explicit budget order from the user (for example "stay under 25 percent weekly today") overrides the schedule, but ONLY until the user-named end. The main agent must actively ask for that end (date/time) and must, before every autonomous start, ask whether the default caps fit or need a temporary change and until when. When the named end passes, the schedule defaults resume automatically. Do not persist an override past its end and do not invent one the user did not state.
Independent of the real reset timing, at 09:00 on each work day at least
budget.nine_oclock_guard_reserve_percent of the 5h limit must remain - default 60, i.e.
no more than 40 percent consumed by 09:00. Throttle proactively as 09:00 approaches: do
not spend the window down late at night such that it cannot recover to the reserve by 09:00.
This guard is why the work-hours 5h cap is low. Read the reserve with:
"${CLAUDE_PLUGIN_ROOT}/scripts/credo-config.sh" get budget.nine_oclock_guard_reserve_percent
Size the next chunk to the remaining 5h budget. Thresholds are in
budget.task_sizing (large_below_percent default 60, medium_below_percent default 80),
expressed as percent USED of the 5h window:
large_below_percent (default < 60) -> take large chunks first.medium_below_percent (default >= 80) -> take only small tasks, and
check the limit more frequently (smaller overshoot / abort risk).This is a RECOMMENDATION only. It must NEVER cause a standstill - never leave work unstarted because a task looks "too big". If budget is tight, go piecemeal: break the work down and make incremental progress. In doubt, prefer stopping a subagent with a saved intermediate result over a hard stop that loses work. This complements the 5h guard below.
The 5h guard is pure skill behavior; there is deliberately no hook enforcing it.
Treat the cap as a range, not a single hard line:
There is no fixed percent of overshoot beyond the ceiling; do not plan to exceed it.
When the weekly axis reaches 99 percent (seven_day.utilization >= 99), move to rest /
hibernate as soon as possible. The absolute weekly fail-safe is also 99 (below). The
hibernate mechanics (veto window, double-hibernate protection, the "never auto-hibernate
unless autonomous" rule) live in the autonomous session skill; this skill only sets the
weekly trigger.
When you pause for a limit to reset, schedule the wake-up for the configured offset after
the reset. Take resets_at from the limit cache (five_hour_resets_at or
seven_day_resets_at). Offsets are in the config:
"${CLAUDE_PLUGIN_ROOT}/scripts/credo-config.sh" get wakeup.reset_offset_minutes # default 5
"${CLAUDE_PLUGIN_ROOT}/scripts/credo-config.sh" get wakeup.fallback_offset_minutes # default 1
Default: wake 5 minutes after the reset; fall back to 1 minute if the preferred offset cannot be used. ScheduleWakeup clamps a single delay to at most one hour, so for a longer wait chain several wake-ups. (The keep-alive/wake mechanics themselves belong to the autonomous session skill.)
Whether to relax or ignore budgets is decided purely by the user's prompt - there is no persisted "ignore budgets" flag. If a compact drops an explicit user order, the schedule (B1) plus the absolute fail-safe caps act as a safety net so nothing runs away:
"${CLAUDE_PLUGIN_ROOT}/scripts/credo-config.sh" get budget_failsafe.five_hour_percent # default 98
"${CLAUDE_PLUGIN_ROOT}/scripts/credo-config.sh" get budget_failsafe.weekly_percent # default 99
Even with no other rule in effect, never exceed 5h 98 percent or weekly 99 percent.
credo is a verify gate before any commit. Before committing, confirm the local identity that would author the commit matches the identity already used in this repository - mismatched identities pushed to a shared repo invite force-push damage and history rewrites.
Procedure:
git -C <repo> log --format='%an <%ae>' | sort -u (recent history is enough on large
repos).git -C <repo> config user.name and git -C <repo> config user.email.Rules for this gate:
No hardcoded name or email anywhere in this skill. Identity provisioning stays dogma-first: rely on dogma, the git config, and the gh logins already in place. Inspect dogma first; credo is only the gate, not the provisioner.
The git log comparison against the repo's own history is ALWAYS the primary source
and is run for every repo at commit time - never skip it, and never let a hint stand in
for it. On a mismatch, do NOT commit; warn.
An optional expected-identity hint may live in the config
(personal.commit_identity_hint); when set, use it only as an additional cross-check on
top of the git log comparison, never as a replacement. It is runtime-decidable and
cascades global < project: a global hint is a default identity that a per-project value
overrides, so a work repo vs a private repo each get the right identity. Empty means
rely on git/dogma.
"${CLAUDE_PLUGIN_ROOT}/scripts/credo-config.sh" get personal.commit_identity_hint
If commit or push is forbidden by permissions, that is itself a showstopper for autonomous work (the work cannot be secured) - surface it, do not silently continue.
budget.schedule - the daily cap rows (day, window, five_hour_cap, weekly_cap).budget.work_hours.start / budget.work_hours.end - work-hours boundaries (Mon-Fri).budget.five_hour.soft_percent / budget.five_hour.hard_percent - off-hours 5h band.budget.nine_oclock_guard_reserve_percent - reserve that must remain at 09:00.budget.task_sizing.large_below_percent / budget.task_sizing.medium_below_percent.budget_failsafe.five_hour_percent / budget_failsafe.weekly_percent - absolute caps.wakeup.reset_offset_minutes / wakeup.fallback_offset_minutes.personal.commit_identity_hint - optional identity cross-check.All of these are read through scripts/credo-config.sh get <key> so global and per-project
overrides apply automatically. Personal values live in the git-excluded config, never in
this skill.
npx claudepluginhub marcel-bich/marcel-bich-claude-marketplace --plugin credoChecks Claude Code OAuth usage limits for session (5-hour) and weekly (7-day) windows with smart caching, progress bars, and JSON output.
Enforces cost-safety discipline for paid AI/inference APIs by requiring written per-run and per-day dollar caps, max-iterations bounds, and provider-dashboard hard caps before writing any call site.
Monitors, caps, and recovers from context accumulation in agentic systems with per-cycle cost tracking, budget enforcement, and emergency pruning. Use for long-lived agent loops, rising API costs, or post-mortem analysis.