Thanks, read-only API keys make sense and are definitely better than admin keys.
Our main concern is still where the key should live. For shared infra or CLI usage across multiple repos/teams, putting any API key in repo config, local config, or a multi-user environment feels risky, even if it is read-only.
Another issue is onboarding: we would need every team that integrates with our infra to configure their own Cursor team API key. That also feels awkward and hard to maintain.
We can keep the keys in an internal service, but then we need to build extra infra just to collect usage.
Have you considered supporting the Claude Code approach, where token usage is written directly into transcript events? That would avoid the API key problem and make per-message usage collection much simpler.
Is there a recommended Cursor pattern for this today?