fix: out-of-band checksum integrity for install.sh (closes #36)

install.sh now fetches CHECKSUMS.sha256 from the GitHub release API
instead of the repo tree, preventing a single compromised commit from
swapping both code and checksums. Hard fail on verification failure
with TOKEN_OPTIMIZER_SKIP_VERIFY=1 escape hatch for air-gapped installs.

Also: pin CLA action to SHA, add Node 24 compat, expand checksum
scope to cover install.sh and hooks/hooks.json, bump to v5.7.2.

Author: alexgreensh

.claude-plugin/marketplace.json

@@ -13,7 +13,7 @@
       "name": "token-optimizer",
       "source": "./",
       "description": "Audit, fix, and monitor Claude Code context window usage. Find the ghost tokens.",
-      "version": "5.7.1",
+      "version": "5.7.2",
       "author": {
         "name": "Alex Greenshpun",
         "url": "https://linkedin.com/in/alexgreensh"

.claude-plugin/plugin.json

@@ -7,7 +7,7 @@
   },
   "homepage": "https://github.com/alexgreensh/token-optimizer",
   "repository": "https://github.com/alexgreensh/token-optimizer",
-  "version": "5.7.1",
+  "version": "5.7.2",
   "license": "PolyForm-Noncommercial-1.0.0",
   "keywords": ["token", "optimization", "context", "audit", "cost", "coach"]
 }

.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "token-optimizer",
-  "version": "5.7.1",
+  "version": "5.7.2",
   "description": "Audit, monitor, and reduce Codex context waste with continuity helpers and explicit outline tools.",
   "skills": "./skills/",
   "interface": {

.github/workflows/cla.yml

@@ -14,10 +14,13 @@ permissions:
 jobs:
   CLAAssistant:
     runs-on: ubuntu-latest
+    env:
+      FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
     steps:
       - name: "CLA Assistant"
         if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
-        uses: contributor-assistant/github-action@v2.6.1
+        # Pinned to v2.6.1 SHA for supply-chain safety
+        uses: contributor-assistant/github-action@ca4a40a7d1004f18d9960b404b97e5f30a505a08
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:

CHECKSUMS.sha256

@@ -1,12 +1,14 @@
+20255099ff8c12467d4e88e038431f9ff59071fef90c59c51c7bee777066a488  hooks/hooks.json
+2f53504a8f493112c8b318f50cf192e94f358a96d6e3b0fb76cbd258d13d02fc  install.sh
 b1ccc6e69e2632966bc474db62027579966bba36e9fd33aed75233b71c921bcf  skills/token-optimizer/scripts/activity_tracker.py
 552d55795c86875618509db9cb1b075fcbaff7fcb6b174ab99550d858371b5d5  skills/token-optimizer/scripts/archive_result.py
 92fd8040bef69da2846b3622976afab408c7dc4b5f40d35b09f0d294d2d35b72  skills/token-optimizer/scripts/bash_compress.py
 de4efe4d7fb810fa7ad5caad9daf65fe8241a27df241df138cde0600185c5a61  skills/token-optimizer/scripts/bash_hook.py
 e70da0fe35a36cdc657889419eac2f0aed48dd167f5085ce1b29b7c774090488  skills/token-optimizer/scripts/benchmark.py
 507e97f069736d49a20e77052916d19ca512a747cdf63827ca5bfdeffe45deb1  skills/token-optimizer/scripts/codex_compact_prompt.py
-959bf75853003d7c5615a287dad5aec5b1e67f7cc9ac943057cd83f1465b19d1  skills/token-optimizer/scripts/codex_doctor.py
+a1c9c14604e6c8a0e86eb64de61de67862283f1d8dc7f7e43c9b2a3b2d907efd  skills/token-optimizer/scripts/codex_doctor.py
 b113cc3a01527d6aeb1c259e5a293481c53cda1f4ffe612df7f2933b6c777d8c  skills/token-optimizer/scripts/codex_hook_bridge.py
-2dd9eab1b7333409edb0ffaca7e70762f32412be7c0e2614d2e4f2992572069b  skills/token-optimizer/scripts/codex_install.py
+33dfb5ca621d0a874f9869c4d51cca7bc2d3a44934ab4159be08203ef6244c53  skills/token-optimizer/scripts/codex_install.py
 a137b8bf14ee275ae3988df9e00ae7feee39313046a75ac5d743eb8f06e9fabf  skills/token-optimizer/scripts/codex_io.py
 7e7163df683e6cf96d4db9a7359c4f737206f0f9f5b2a79687a018090b46bbc5  skills/token-optimizer/scripts/codex_session.py
 d67d6a53f65485127c458d60804550763e305769a0a3e842f9a5370864692252  skills/token-optimizer/scripts/codex_statusline.py
@@ -27,7 +29,7 @@ b8345d767a48f40d275480973681baf56dc76329d8f3eaa6260966d6d6b787cd  skills/token-o
 fef4a2385caf3c9495987007d16edf73a022cddbd0aecf2293025e3d9599996d  skills/token-optimizer/scripts/detectors/websearch_routing.py
 6f023687c905db9be267aafcf2a85f08739bee8c0aae42b58eeae4b8889690b1  skills/token-optimizer/scripts/hook_io.py
 f647eabc7067499b74f72c4ba5c55738fdc18c6539a7a5b99c65d03126016d8d  skills/token-optimizer/scripts/injection.py
-e72fad8482a67442a0a874be8950a4c47cfd317f56e1978226c3350451c6100d  skills/token-optimizer/scripts/measure.py
+b6e8ccaf090a6c1205c4a6552f2ebc01caa20c58053cb41a1d8cae070326c0b7  skills/token-optimizer/scripts/measure.py
 bd27835f85c5fd45c9cf67cb8b969038489249c56182ec2638a4f1223799b98f  skills/token-optimizer/scripts/outline.py
 7e996f6c5d3c36ea0f0d70b8eec18080d0582c0155790637ac34abbd0b3e5057  skills/token-optimizer/scripts/plugin_env.py
 8f4b3675f890f0fbd2412faa76f61c048fc59cd152de521236e982a21fdceade  skills/token-optimizer/scripts/read_cache.py

README.md

@@ -3,7 +3,7 @@
 </p>
 
 <p align="center">
-  <a href="https://github.com/alexgreensh/token-optimizer/releases"><img src="https://img.shields.io/badge/version-5.7.0-green" alt="Version 5.6.13"></a>
+  <a href="https://github.com/alexgreensh/token-optimizer/releases"><img src="https://img.shields.io/badge/version-5.7.2-green" alt="Version 5.7.2"></a>
   <a href="https://github.com/alexgreensh/token-optimizer/releases"><img src="https://img.shields.io/github/release-date/alexgreensh/token-optimizer?label=last%20release&color=blue" alt="Last Release"></a>
   <a href="https://github.com/alexgreensh/token-optimizer"><img src="https://img.shields.io/badge/Claude_Code-Plugin-blueviolet" alt="Claude Code Plugin"></a>
   <a href="https://github.com/alexgreensh/token-optimizer/tree/main/openclaw"><img src="https://img.shields.io/badge/OpenClaw-v2.4.1-brightgreen" alt="OpenClaw v2.4.1"></a>
@@ -94,6 +94,8 @@ git clone https://github.com/alexgreensh/token-optimizer.git ~/.claude/token-opt
 bash ~/.claude/token-optimizer/install.sh
 ```
 
+The installer verifies file integrity against checksums from the latest GitHub release. If you're offline or behind a restrictive proxy, set `TOKEN_OPTIMIZER_SKIP_VERIFY=1` before running.
+
 Works on Claude Code, [OpenCode](#opencode), and [OpenClaw](#openclaw). Each platform has its own native plugin (Python for Claude Code, TypeScript for OpenCode and OpenClaw). No bridging, no shared runtime, zero cross-platform dependencies.
 
 </details>
@@ -293,6 +295,20 @@ Claude Code and OpenClaw today, with native plugins for each. Codex support is i
 Windsurf and Cursor are next on the roadmap. Full Codex parity is waiting on upstream hook/cache surfaces for invisible read substitution, structure-map substitution, and compact lifecycle hooks.
 </details>
 
+<details>
+<summary>🔐 <strong>How does install.sh verify file integrity?</strong></summary>
+
+The installer fetches `CHECKSUMS.sha256` from the latest GitHub Release (not from the repo tree), then verifies every script file against those checksums. This out-of-band verification means a compromised commit cannot swap both the code and the checksums simultaneously. If the checksum fetch fails or any file fails verification, the installer exits with a non-zero status and does not continue. You can also verify manually:
+
+```bash
+# Download checksums from the latest release
+curl -sL $(gh release view --json assets -q '.assets[] | select(.name=="CHECKSUMS.sha256") | .url') -o /tmp/checksums.sha256
+
+# Verify your install
+cd ~/.claude/token-optimizer && shasum -a 256 -c /tmp/checksums.sha256
+```
+</details>
+
 ---
 
 ## Why install this first

install.sh

@@ -18,8 +18,9 @@
 
 set -euo pipefail
 
-REPO_HTTPS="https://github.com/alexgreensh/token-optimizer.git"
-REPO_SSH="git@github.com:alexgreensh/token-optimizer.git"
+GITHUB_REPO="alexgreensh/token-optimizer"
+REPO_HTTPS="https://github.com/${GITHUB_REPO}.git"
+REPO_SSH="git@github.com:${GITHUB_REPO}.git"
 INSTALL_DIR="${HOME}/.claude/token-optimizer"
 SKILL_DIR="${HOME}/.claude/skills"
 
@@ -63,6 +64,11 @@ if ! command -v git &>/dev/null; then
 fi
 info "git OK"
 
+# curl (needed for out-of-band checksum verification)
+if ! command -v curl &>/dev/null; then
+    fail "curl not found. Install curl first."
+fi
+
 # Claude Code directory
 if [ ! -d "${HOME}/.claude" ]; then
     fail "~/.claude/ not found. Install Claude Code first: https://claude.ai/download"
@@ -152,29 +158,56 @@ else
 fi
 
 # ── Integrity Verification ────────────────────────────────────
-# Checksums verify file integrity post-clone/pull.
-# For full supply-chain security, pin to a specific commit SHA in your
-# deployment pipeline instead of relying on HEAD.
-# This check is advisory: it warns but does not block, because the
-# CHECKSUMS.sha256 file itself is updated with each code change.
-
-CHECKSUM_FILE="${INSTALL_DIR}/CHECKSUMS.sha256"
-if [ -f "$CHECKSUM_FILE" ]; then
-    info "Verifying file integrity..."
-    (
-        cd "$INSTALL_DIR" || exit 1
-        if sha256sum -c "$CHECKSUM_FILE" --quiet 2>/dev/null || \
-           shasum -a 256 -c "$CHECKSUM_FILE" --quiet 2>/dev/null; then
-            printf "${GREEN}>${NC} Integrity check passed\n"
-        else
-            printf "${YELLOW}!${NC} WARNING: Integrity check failed or checksums are outdated.\n"
-            printf "${YELLOW}!${NC} This is expected immediately after a code update (checksums\n"
-            printf "${YELLOW}!${NC} are regenerated with each release). If you did not just\n"
-            printf "${YELLOW}!${NC} update, verify your clone manually: cd ${INSTALL_DIR} && git log --oneline -5\n"
-        fi
-    )
+# Checksums are fetched from the GitHub release (out-of-band), NOT from
+# the repo tree. This prevents a single compromised commit from swapping
+# both code and checksums simultaneously.
+# Set TOKEN_OPTIMIZER_SKIP_VERIFY=1 to bypass (air-gapped installs).
+
+CHECKSUM_FILE="/tmp/token-optimizer-checksums-$$.sha256"
+trap 'rm -f "$CHECKSUM_FILE"' EXIT
+
+fetch_release_checksums() {
+    local asset_url
+    asset_url=$(curl -fsSL \
+        "https://api.github.com/repos/${GITHUB_REPO}/releases/latest" \
+        2>/dev/null \
+        | python3 -c '
+import json, sys
+try:
+    data = json.load(sys.stdin)
+    for a in data.get("assets", []):
+        if a["name"] == "CHECKSUMS.sha256":
+            print(a["browser_download_url"])
+            break
+except Exception:
+    pass
+' 2>/dev/null)
+
+    if [ -z "$asset_url" ]; then
+        return 1
+    fi
+
+    curl -fsSL -o "$CHECKSUM_FILE" "$asset_url" 2>/dev/null && [ -s "$CHECKSUM_FILE" ]
+}
+
+if [ "${TOKEN_OPTIMIZER_SKIP_VERIFY:-}" = "1" ]; then
+    warn "Skipping integrity verification (TOKEN_OPTIMIZER_SKIP_VERIFY=1)"
 else
-    warn "CHECKSUMS.sha256 not found, skipping integrity check."
+    info "Fetching checksums from GitHub release..."
+    if fetch_release_checksums; then
+        info "Verifying file integrity (out-of-band checksums)..."
+        (
+            cd "$INSTALL_DIR" || exit 1
+            if sha256sum -c "$CHECKSUM_FILE" --quiet 2>/dev/null || \
+               shasum -a 256 -c "$CHECKSUM_FILE" --quiet 2>/dev/null; then
+                printf "${GREEN}>${NC} Integrity check passed\n"
+            else
+                fail "Integrity check FAILED. Files do not match release checksums. Your install may be compromised. Re-clone from: https://github.com/${GITHUB_REPO}"
+            fi
+        )
+    else
+        fail "Could not fetch checksums from GitHub release. Cannot verify file integrity. Check network connectivity or install manually from: https://github.com/${GITHUB_REPO}/releases"
+    fi
 fi
 
 # Log the current commit SHA so users can audit which version is installed.

scripts/sign-release.sh

@@ -0,0 +1,66 @@
+#!/bin/bash
+# Generates CHECKSUMS.sha256 and attaches it to a GitHub release.
+#
+# Usage:
+#   scripts/sign-release.sh v5.7.2
+#
+# Prerequisites: gh CLI authenticated, tag already pushed.
+#
+# Copyright (C) 2026 Alex Greenshpun
+# SPDX-License-Identifier: PolyForm-Noncommercial-1.0.0
+
+set -euo pipefail
+
+TAG="${1:-}"
+
+if [ -z "$TAG" ]; then
+    echo "Usage: scripts/sign-release.sh <tag>"
+    echo "Example: scripts/sign-release.sh v5.7.2"
+    exit 1
+fi
+
+if ! command -v gh &>/dev/null; then
+    echo "Error: gh CLI not found. Install: https://cli.github.com"
+    exit 1
+fi
+
+if ! gh release view "$TAG" &>/dev/null; then
+    echo "Error: release $TAG not found. Create it first:"
+    echo "  git tag $TAG && git push origin $TAG"
+    echo "  gh release create $TAG --title \"$TAG\" --generate-notes"
+    exit 1
+fi
+
+REPO_ROOT="$(git rev-parse --show-toplevel)"
+CHECKSUM_FILE="${REPO_ROOT}/CHECKSUMS.sha256"
+
+echo "Generating checksums for tracked scripts..."
+
+HASH_CMD="sha256sum"
+if [ "$(uname)" = "Darwin" ]; then
+    HASH_CMD="shasum -a 256"
+fi
+
+{
+    echo "${REPO_ROOT}/install.sh"
+    echo "${REPO_ROOT}/hooks/hooks.json"
+    find "${REPO_ROOT}/skills/token-optimizer/scripts" -type f -name "*.py"
+} | sort | while read -r f; do
+    [ -f "$f" ] || continue
+    $HASH_CMD "$f" | sed "s|${REPO_ROOT}/||"
+done > "$CHECKSUM_FILE"
+
+CHECKSUM_COUNT=$(wc -l < "$CHECKSUM_FILE" | tr -d ' ')
+echo "Generated ${CHECKSUM_COUNT} checksums"
+
+if [ "$CHECKSUM_COUNT" -eq 0 ]; then
+    echo "Error: no files found to checksum. Aborting upload."
+    exit 1
+fi
+
+echo "Uploading CHECKSUMS.sha256 to release $TAG..."
+gh release upload "$TAG" "$CHECKSUM_FILE" --clobber
+
+echo ""
+echo "Done. Verify with:"
+echo "  gh release view $TAG"

skills/token-optimizer/scripts/measure.py

@@ -9366,7 +9366,7 @@ def setup_hook(dry_run=False):
 
 # ========== Persistent Dashboard Daemon ==========
 
-TOKEN_OPTIMIZER_VERSION = "5.7.1"  # Keep in sync with plugin.json + marketplace.json
+TOKEN_OPTIMIZER_VERSION = "5.7.2"  # Keep in sync with plugin.json + marketplace.json
 _DAEMON_RUNTIME = detect_runtime()
 _DAEMON_RUNTIME_SUFFIX = "codex" if _DAEMON_RUNTIME == "codex" else "claude"
 DAEMON_LABEL = "com.token-optimizer.codex-dashboard" if _DAEMON_RUNTIME == "codex" else "com.token-optimizer.dashboard"