Token Optimizer is designed as a local-first context hygiene tool. The default commands inspect explicit local project inputs and do not start daemons, install global hooks, capture raw transcripts, persist raw file contents, persist raw tool output, or make network requests.
Project scans, mutating commands, and Token Optimizer-owned output paths are
constrained to the selected project. Read-only explicit-input commands such as
outline and summarize may read absolute local file paths outside the project
when the user names those files directly; those commands print a warning when an
explicit input resolves outside the current or selected project root.
doctor,audit,outline,summarize,handoff, dashboard dry-runs, config dry-runs, purge dry-runs, hook dry-runs, and provider-neutral benchmark runs are local-only.- Mutating CLI commands require an explicit
--yesflag, and hook installation also requires--experimental. - The Codex plugin package does not install hooks by default. It ships a local MCP hook-control server that can open an interactive MCP control for the experimental Stop-hook entry, with a native approval form as the fallback. Both controls show the dry-run plan and write only after explicit approval; the installed entry invokes an intentionally no-op command in 0.1.0.
- The Codex plugin package does not ship global hooks, daemons, services, background processes, or networked control surfaces.
- The Claude Code plugin package is skill-only in 0.1.0. It does not bundle the Python CLI, install hooks, start an MCP server, start a daemon, or add background behavior.
- Managed project state is constrained to
.codex/token-optimizer.json,.codex/token-optimizer/, and managed Token Optimizer hook blocks.
Live provider benchmarks are separate opt-in commands:
benchmark anthropic-count --fixture ... --model ...readsANTHROPIC_API_KEYfrom the environment and sends only the explicit fixture text to Anthropic count-tokens behavior.benchmark openai-usage --fixture ... --model ...readsOPENAI_API_KEYfrom the environment and sends only the explicit fixture text to the OpenAI Responses API withstore=false.benchmark openai-tiktoken --fixture ... --model ...is an offline tokenizer estimate. It uses optional localtiktokensupport and does not call OpenAI or read an API key.
Provider benchmark reports are printed to stdout and are not persisted by Token Optimizer.
The release surface is checked so public artifacts exclude private/internal
project records. The Python wheel should contain only the installable package,
distribution metadata, entry point metadata, and license. The source
distribution should contain source, tests, package metadata, and public docs. The
Codex plugin package should remain focused: .codex-plugin/, .mcp.json,
mcp/, skills/, and assets/ only. The Claude Code plugin package should
remain skill-only: .claude-plugin/, skills/, and its package README only.
Run this before tagging or publishing:
python3 scripts/check_release_artifacts.pyFor private security reports, contact the maintainer directly before public disclosure. Include the affected command, the exact version or commit, the local artifact involved, and a minimal reproduction that avoids sharing sensitive project data.