Labsco
agenciabakucl-coder logo

UsageWall

from agenciabakucl-coder

Live LLM pricing as an MCP server โ€” six read-only tools to list, compare, estimate cost, and find the cheapest model across OpenAI, Anthropic, Google, DeepSeek, Mistral, xAI and Meta.

๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅโœ“ VerifiedAccount requiredNeeds API keys

UsageWall

Live LLM pricing as an MCP server. Ask Claude (or any MCP client) "how much does this prompt cost?" and get real numbers from a hand-checked pricing table for every major LLM. Free, read-only, no auth.

TL;DR

Quick test:

curl -s https://usagewall.vercel.app/api/mcp \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}'

Install in Claude.ai:

Settings โ†’ Connectors โ†’ Add custom connector โ†’ paste https://usagewall.vercel.app/api/mcp

Install in Claude Desktop / Cursor / Windsurf / Zed / Cline: see /mcp.


The MCP server

Six read-only tools, two raw-JSON resources, JSON-RPC 2.0 over Streamable HTTP. Zero dependencies; ~280 LOC; auditable in one sitting.

Tools โ€” list_models, get_model, compare_models, estimate_cost, cheapest_for, list_providers.

Resources โ€” usagewall://pricing/full, usagewall://pricing/<provider>.

Source โ€” api/mcp.js. Tests โ€” tests/mcp.test.js (18 cases). Smithery descriptor โ€” smithery.yaml.


What else is in this repo

Production-grade waitlist landing for usagewall.dev, plus the local proxy prototype. Static HTML + 5 Vercel serverless functions. No build step. No framework.


Stack (100% free tier)

LayerServiceFree tier
Frontend hostingVercel Hobby100GB/mo bandwidth
DatabaseSupabase500MB DB + 50k MAU
Email confirmationResend3k emails/mo, 100/day
Anti-bot (optional)Cloudflare Turnstile1M challenges/mo
CIGitHub Actions2k min/mo (private) / unlimited (public)
DomainPorkbun / Cloudflare$10โ€“15 / year (only paid item)

Layout

usagewall/
โ”œโ”€โ”€ public/
โ”‚   โ”œโ”€โ”€ index.html       # Landing โ€” hero, problem, how, why, pricing, waitlist, footer
โ”‚   โ”œโ”€โ”€ privacy.html     # Plain-English privacy page
โ”‚   โ”œโ”€โ”€ styles.css       # Brand: Fraunces + Switzer + JetBrains Mono, dark warm
โ”‚   โ”œโ”€โ”€ app.js           # Vanilla form-binding, fetch to /api/waitlist
โ”‚   โ”œโ”€โ”€ favicon.svg
โ”‚   โ”œโ”€โ”€ og.svg / og.png  # 1200x630 social preview
โ”œโ”€โ”€ api/
โ”‚   โ”œโ”€โ”€ waitlist.js      # POST signup endpoint
โ”‚   โ””โ”€โ”€ unsubscribe.js   # GET unsubscribe with HMAC token
โ”œโ”€โ”€ lib/
โ”‚   โ”œโ”€โ”€ email.js         # RFC-aware email validation + throwaway block
โ”‚   โ””โ”€โ”€ security.js      # rate limit, IP hash, HMAC tokens, safe JSON parse
โ”œโ”€โ”€ tests/
โ”‚   โ”œโ”€โ”€ email.test.js    # 12 unit tests
โ”‚   โ”œโ”€โ”€ security.test.js # 23 unit tests
โ”‚   โ””โ”€โ”€ api.e2e.test.js  # 13 end-to-end tests with mocked req/res
โ”œโ”€โ”€ scripts/
โ”‚   โ”œโ”€โ”€ validate-html.js # CSP-friendly HTML linter (no inline handlers, alt, lang, etc.)
โ”‚   โ””โ”€โ”€ smoke-api.js     # Live HTTP smoke against waitlist handler
โ”œโ”€โ”€ supabase/
โ”‚   โ””โ”€โ”€ schema.sql       # waitlist table + RLS deny-all + stats view
โ”œโ”€โ”€ launch/
โ”‚   โ””โ”€โ”€ COPY.md          # Twitter thread, Show HN, Reddit, IndieHackers, dev.to
โ”œโ”€โ”€ .github/workflows/
โ”‚   โ””โ”€โ”€ test.yml         # CI: tests + HTML validation + secret-leak grep
โ”œโ”€โ”€ vercel.json          # Security headers, CSP, cache rules
โ”œโ”€โ”€ package.json         # `npm test`, `npm run smoke`, `npm run ci`
โ”œโ”€โ”€ .env.example
โ””โ”€โ”€ README.md

Local dev

cp .env.example .env.local
# Fill in at least: SUPABASE_URL, SUPABASE_SERVICE_ROLE_KEY,
#                   IP_HASH_SALT, UNSUBSCRIBE_SECRET
npx vercel dev
# โ†’ http://localhost:3000

To test without Vercel CLI, use the smoke server:

npm run smoke
# Hits the handler with stubbed Supabase, prints pass/fail per case.

Tests

npm test                # unit + E2E (48 + 13 = 61 cases, no network)
npm run validate:html   # HTML structure + CSP + a11y checks
npm run smoke           # live HTTP smoke vs handler with stubbed Supabase
npm run ci              # all of the above

CI runs on every push that touches usagewall/** (see .github/workflows/test.yml).


Security & privacy

  • No raw IPs stored. Only HMAC-SHA256(ip, IP_HASH_SALT) first 64 bits.
  • No PII in production logs. Email addresses are redacted to email_domain only.
  • CSP at meta + headers. default-src 'self', scripts only from self.
  • HSTS preload. All TLS, no opt-out.
  • HMAC-signed unsubscribe tokens. No DB lookup needed to verify.
  • Honeypot field on every form โ€” invisible to humans, irresistible to bots.
  • Rate limit 5 req/min per IP-hash (in-memory; Turnstile handles the rest).
  • Body cap 8KB on the API. safeJsonParse never throws.
  • GitHub Actions pin actions to commit SHA + grep for leaked secrets.

Read public/privacy.html for the user-facing policy.


Validation goals (5 days)

DayActionChannel
0Buy domain + deployโ€”
1Twitter thread (see launch/COPY.md)X / Twitter
2Show HN + Reddit (ร—3 subs)HN, r/SaaS, r/SideProject, r/IndieHackers
3IndieHackers postIndieHackers
4dev.to long-form articledev.to
5Measureโ€”

GO if โ‰ฅ100 emails and โ‰ฅ1 reply asking "when can I pay?" NO-GO if <30 emails after the launch thread.


Brand notes

This is not the Baku brand โ€” it's UsageWall, a product by Baku. Inherits the design DNA (dark warm, editorial serifs, no flashy gradients, generous spacing) but lives independently with its own identity. Footer credits Baku.

Palette:

  • bg #0A0A0B (warm near-black)
  • text #F5F4F0 (cream off-white)
  • accent #E8DFC7 (warm cream โ€” highlights only)
  • code bg #0E0E10

Type:

  • Display: Fraunces 400/500, often italic
  • Body: Switzer 400/500
  • Mono: JetBrains Mono 400/500/600

Files NOT to commit

The .gitignore covers it, but be paranoid about:

  • .env, .env.local, .env.*.local
  • .vercel/ (project link)
  • node_modules/

The CI grep checks for accidental commits of sk_live_โ€ฆ, re_โ€ฆ, sbp_โ€ฆ.