v5.7.12

Security fix: redact credentials in MCP replacement output (PR #43 by @danikdanik)

• MCP tool responses containing API keys, tokens, or credentials were redacted on disk but leaked into the live model context via updatedMCPToolOutput. Now both paths use the redacted version.
• Fixed pre-existing test date-rot bug in test_cache_ttl_mix

Thanks @danikdanik for the sharp catch!

v5.7.11

Install self-healing + CE security fixes:

• Self-healing sparse checkout: existing users with broken installs (v5.7.5-5.7.9 sparse-checkout bug) are automatically repaired on next install.sh run. Detects missing skills/ or hooks/, re-runs sparse-checkout, falls back to disabling sparse if repair fails
• Subshell fail() fix: fail() inside a ( subshell ) only exits the subshell, not the parent. Integrity check failures now correctly abort the installer via (...) || fail pattern (CE review catch)
• Removed insecure checksum fallback: v5.7.10 introduced a fallback to in-repo checksums when the release asset was missing. CE security review flagged this as defeating the out-of-band verification model (a single compromised commit could swap both code and checksums). Removed — missing release asset now warns and skips verification, doesn't pretend to verify with same-channel checksums
• CHECKSUMS.sha256 asset attached for out-of-band integrity verification

v5.7.10

Fix install.sh breaking on fresh installs (Issue #42 by @jeanchastel):

• Sparse-checkout cone mode: removed file args that caused skills/ and hooks/ to be pruned. Cone mode only accepts directories; root files are included automatically
• Checksum fallback: installer now falls back to in-repo CHECKSUMS.sha256 when the release asset is missing, instead of hard-failing
• CHECKSUMS.sha256 asset: now attached to releases for out-of-band integrity verification
• bash_compress.py: added missing from __future__ import annotations (caught by new regression eval)

Thanks @jeanchastel for the thorough bug report!

v5.7.9

Security + correctness fix for archive cleanup:

• Symlink guards: archive_root, session dirs, and listing paths all skip symlinks to prevent symlink-swap deletion attacks
• shutil.rmtree: replaces manual unlink loop so nested subdirectories are properly cleaned (bug reported by @danikdanik in #39)
• Python 3.9 safe: uses os.lstat() instead of stat(follow_symlinks=False) which requires 3.10+
• Pre-existing fix: hardened the same pattern in measure.py's archive_cleanup() which already had unguarded rmtree

Thanks @danikdanik for reporting the nested directory cleanup bug!

v5.7.8

Fix Python 3.9 compatibility regression: added from __future__ import annotations to measure.py so PEP 604 union syntax works on macOS system Python 3.9.6.

Thanks @eligrumman for the clean fix! (PR #41, closes #40)

v5.7.5

Dashboard Security Hardening + Bug Fixes

Security

• Path disclosure eliminated: All dashboard-facing paths use ~ instead of /Users/xxx/.... Commands use shlex.quote on absolute paths
• CSP headers: Content-Security-Policy + Referrer-Policy added to both HTTP servers
• CSP meta tag: Added to all HTML dashboards (Claude Code, OpenClaw, fleet-demo) for file:// mode protection
• Shell injection: shlex.quote() added to 6 unquoted command generation sites (skill archive/restore, MCP disable/enable)
• CORS fix: X-TO-Token added to OPTIONS preflight headers
• Port disclosure: Removed window.location.origin from dashboard UI

Bug Fixes

• Manage tab checkbox reversal now correctly restores original state
• Date picker respects active range button instead of hardcoding to 7
• safeRender split into per-section calls (blank tabs now show proper error cards)
• Coach prompt click handler properly bound after DOM insertion
• Standalone dashboard per-turn preloading works with tilde-prefixed paths
• startswith(home) uses trailing separator guard to prevent prefix collisions
• pyenv shims filtered out for launchd plist python3 resolution
• quality_cache stores filename-only (no full filesystem path)

Quality

Reviewed by 8 specialized agents across 3 rounds: security-engineer, ce-correctness-reviewer, /simplify 7-angle scan. All CRITICAL, HIGH, and MEDIUM findings resolved.

v5.7.4

Fixes

• Python launcher: direct-probe fallback for stripped PATH hook environments. Fixes 'no usable Python 3 interpreter found' errors on Stop/PostToolUse hooks (macOS Homebrew, Linuxbrew)
• Interpreter allowlist: hardened against circular trust (dynamic brew --prefix replaced with static paths)
• Archive cleanup: moved after early-exit checks (no longer runs on every PostToolUse)
• SQLite preview: credential redaction applied to compressed_preview
• Safe root: TOKEN_OPTIMIZER_SAFE_ROOT validated against ~/.claude
• Python 3.9+: minimum bumped from 3.8 (is_relative_to requires 3.9)
• Security hardening (PR #35, @GalitGal): path cross-check, glob boundaries, interpreter allowlist, credential redaction, sensitive path filter, session UUID isolation, proc.poll guard

v5.7.2

Security: Out-of-Band Checksum Integrity

install.sh now fetches CHECKSUMS.sha256 from the GitHub Release assets (out-of-band) instead of the repo tree. A single compromised commit can no longer swap both code and checksums simultaneously.

Changes

• Checksums fetched from GitHub release API, not repo tree
• Hard fail on verification failure (no silent fallback)
• TOKEN_OPTIMIZER_SKIP_VERIFY=1 escape hatch for air-gapped installs
• New scripts/sign-release.sh for release signing workflow
• Checksum scope expanded to cover install.sh and hooks/hooks.json
• CLA GitHub Action pinned to commit SHA + Node 24 compatibility
• Python JSON parser replaces fragile grep+sed pipeline
• EXIT trap for temp file cleanup on interrupts

Version Alignment

All manifests synced: Claude Code, Codex, OpenClaw (2.4.1), OpenCode (1.0.0).

Closes #36.

v5.7.1

fix(dashboard): use subprocess JSON output for v5 toggle read-back

The daemon's toggle endpoint was reading config.json from a hardcoded legacy path that doesn't exist on plugin installs, causing the Structure Map checkbox to snap back to OFF. Replaced inline config read with --json subprocess output using _get_v5_feature_status() as single source of truth. Also fixed dashboard JS to fall back to optimistic toggle when the response has an empty v5_features map.

Closes #34

v5.7.0 - OpenCode Plugin

OpenCode Plugin - Full Claude Code Parity

Token Optimizer now runs natively on OpenCode (163K stars). One command to install:

opencode plugin add token-optimizer-opencode

What's included

Every Claude Code capability, ported ground-up to TypeScript for OpenCode's plugin API:

• 7-signal dual-score quality engine with ResourceHealth (monotonic) + SessionEfficiency (rolling window)
• MRCR quality curves calibrated for Anthropic, OpenAI GPT-5/5.5/4.1, and Gemini model families
• Smart compaction with mode-aware PRESERVE/DROP guidance (code/debug/review/infra/general)
• Session continuity restoring context from prior sessions via keyword-matched checkpoints
• Quality nudges on score drops, fill warnings at 75%/85%, tool call fatigue with superlinear scaling
• Loop detection via Jaccard similarity (catches retry loops before they burn context)
• token_status tool for on-demand quality reports inside OpenCode
• token_dashboard tool generating a standalone HTML dashboard with quality trends, session history, and daily stats
• Full configuration via plugin options + environment variable overrides + per-feature toggles

Quality assurance

12-agent torture room gauntlet covering security, correctness, parity, TypeScript type safety, reliability, performance, architecture, maintainability, testing, dashboard security, and repo-forensics. 30+ bugs caught and fixed before shipping.

Stats

• 21 source files, 2,537 lines of TypeScript
• 42.6 KB npm package (zero runtime dependencies beyond OpenCode's plugin SDK)
• Supports 30+ models across Anthropic, OpenAI, Google, DeepSeek, Qwen, Mistral, xAI, and local models

Also in this release

• README updated with OpenCode badge, install section, and platform mentions
• Version bumped to 5.7.0 across all manifests (plugin.json, marketplace.json, codex manifest)

Docs

• opencode/README.md for full OpenCode docs
• Main README for install quickstart