If your security policy forbids piping curl into bash, or you need to ship the literal config file contents through a change management process, you can configure token tracking with no script at all. Each CLI is configured by editing one file.
This article documents exactly what to add for each tool, on each OS. After editing, restart the CLI (or open a new terminal) and the next session will report to Torii.
What you need
- The endpoint URL from your AI Telemetry page (
https://ai-events.toriihq.comby default). - The ingest token from your AI Telemetry page (click the Copy button on the token row to copy the unmasked value).
- Write access to the per-tool config file (or system-wide override file) on each workstation.
Claude Code - settings.json
File to edit (per-user, all OSes):
- macOS / Linux:
~/.claude/settings.json - Windows:
%USERPROFILE%\.claude\settings.json
Or system-wide (overrides per-user; highest precedence):
- macOS:
/Library/Application Support/ClaudeCode/managed-settings.d/10-torii-otel.json(managed-settings.d/ is Anthropic's drop-in directory; the basemanaged-settings.jsonis left alone) - Linux:
/etc/claude-code/managed-settings.d/10-torii-otel.json(Anthropic's drop-in directory; same pattern as macOS)
Merge this block into the file (replace <ENDPOINT> with your endpoint URL, no trailing slash, and <TOKEN> with your token):
{
"env": {
"CLAUDE_CODE_ENABLE_TELEMETRY": "1",
"OTEL_METRICS_EXPORTER": "otlp",
"OTEL_LOGS_EXPORTER": "otlp",
"OTEL_EXPORTER_OTLP_PROTOCOL": "http/json",
"OTEL_EXPORTER_OTLP_ENDPOINT": "<ENDPOINT>",
"OTEL_EXPORTER_OTLP_HEADERS": "Authorization=Bearer <TOKEN>",
"OTEL_METRIC_EXPORT_TEMPORALITY_PREFERENCE": "delta"
}
}
If settings.json already has an env key, merge into it rather than overwriting - leave any existing keys you don't recognize untouched, and add the seven keys above.
Difference vs the install script: the Torii install script writes three additional env keys on top of the seven above:
-
OTEL_LOG_USER_PROMPTSset to"0"- explicit privacy default so prompt content is never captured. -
OTEL_RESOURCE_ATTRIBUTESset to a string likehost.name=…,host.id=…,enduser.id=…- lets Torii attribute events to specific workstations and users. -
OTEL_LOG_TOOL_DETAILSset to"1"- enriches tool events with the tool name and truncated input arguments (Bash command lines, file paths, MCP server and tool names, skill names). Add it if you want MCP and tool-usage visibility in Torii.
Ingest works either way - the seven keys above are sufficient. Add the extra three if you want per-workstation attribution, an explicit prompt-disable line for your security review, and MCP/tool visibility. See What the LLM token tracking install scripts do for the full reference.
OpenTelemetry exporter conflict: If OTEL_EXPORTER_OTLP_ENDPOINT is already set in the file (and not pointing at toriihq.com), Claude Code is already configured to send telemetry to a different OpenTelemetry collector. Do not overwrite it. Use the existing collector path instead - add Torii as a second exporter on your collector.
Gemini CLI - settings.json
File to edit (all OSes):
- macOS / Linux:
~/.gemini/settings.json - Windows:
%USERPROFILE%\.gemini\settings.json
Merge this block (Gemini owns the entire .telemetry key - replace any existing telemetry object with this one):
{
"telemetry": {
"enabled": true,
"target": "local",
"otlpEndpoint": "<ENDPOINT>/t/<TOKEN>",
"otlpProtocol": "http",
"logPrompts": false
}
}
Note - token in the URL, not a header. Gemini CLI does not currently support per-exporter custom headers, so the token is embedded in the endpoint path (/t/<TOKEN>) and Torii's ingest extracts it from there. The token is still treated as an authenticated bearer credential - handle it the same way you'd handle a header-based one.
Identity model: Gemini emits user.email only for OAuth-authenticated users. Sessions using a Vertex AI service account or an API key appear as anonymous (Torii receives an installation ID but no user email). If you want per-user attribution for Gemini, get your engineers signed in via OAuth.
Codex CLI - config.toml
File to edit (all OSes):
- macOS / Linux:
~/.codex/config.toml - Windows:
%USERPROFILE%\.codex\config.toml
Append this block to the file (replace <ENDPOINT> and <TOKEN>):
# BEGIN AI_OTEL_MANAGED
[otel]
environment = "prod"
log_user_prompt = false
exporter = { otlp-http = { endpoint = "<ENDPOINT>/v1/logs", protocol = "json", headers = { Authorization = "Bearer <TOKEN>" } } }
trace_exporter = { otlp-http = { endpoint = "<ENDPOINT>/v1/traces", protocol = "json", headers = { Authorization = "Bearer <TOKEN>" } } }
metrics_exporter = { otlp-http = { endpoint = "<ENDPOINT>/v1/metrics", protocol = "json", headers = { Authorization = "Bearer <TOKEN>" } } }
# END AI_OTEL_MANAGED
The # BEGIN AI_OTEL_MANAGED / # END AI_OTEL_MANAGED comment markers are how the uninstall script later identifies the block to remove. Keep them in place if you want a clean uninstall path.
OpenTelemetry exporter conflict: If ~/.codex/config.toml already contains an [otel] table that you set up for a different collector, do not add the block above. Codex only supports one OTEL exporter. Use the existing collector path instead, and add Torii as a second exporter on your collector.
After editing
- Save the file.
- Close any open CLI sessions. The CLIs read this config at startup; existing sessions won't pick up the change.
- Open a new terminal and run a test event (see Verifying LLM token tracking).
- Watch the AI Telemetry page in Torii - the event tail should update within a few seconds.
For fleet rollouts via configuration management
These same JSON / TOML blocks are valid inputs for Ansible's copy / template modules, Puppet's file resource, Chef's file / cookbook_file, Salt's file.managed, etc. If you're using a configuration-management tool rather than an MDM, hand it the contents above as a template - substitute <ENDPOINT> and <TOKEN> with your variables. Don't forget to make a backup of the existing file the same way the Torii install script would.