Trust and safety

Token Optimizer touches your live work, so it is built to fail safe. Every hook is non-blocking, every change to your setup is backed up first, and nothing it does invalidates your prompt cache. This page is the honest account of where the risk is and where it is not.

It cannot break your session

All hooks run non-blocking with fail-open design. If a Token Optimizer script ever errors, your command runs normally. The script failing means you lose an optimization, never a turn.

• Compression is toggleable. Every active-compression feature can be turned off with a single command or environment variable. See Active compression overview.
• Checkpoints are additive. They add session state to disk. They never edit or remove anything in your context.
• Quality scoring is read-only. It measures the transcript and reports a number. It changes nothing.

It does not break the prompt cache

The prompt cache depends on a stable prefix. Any tool that edits or removes blocks already in your conversation invalidates the cache and costs you more on the next turns, not less.

Token Optimizer never touches content already in your context. It works on new content entering your window through compression, and on the compaction boundary through checkpoints and restore. Your cache prefix stays intact, which saves you twice: less input per turn, and a smaller cache-read bill on every subsequent turn. See Prompt cache economics.

Caution

Be careful with tools that claim to clean up your context mid-session. If they modify or remove existing conversation blocks, they break your cache. Re-sending a full prefix at uncached rates on the next 50 messages can wipe out whatever they saved.

It does not degrade your context quality

Structural optimization removes only genuinely unused components: skills you never invoke, duplicate configs, orphaned memory entries. It never removes the conversation. The quality score actively tracks degradation, so if anything ever hurt quality, the number would show it. Most users see scores improve after optimization because the model has more room for real work.

When the audit does change a file, it shows a before-and-after diff, backs up the original, and waits for your approval. It never deletes files; skills and configs are archived outside the skills directory so you can restore them. It also checks dependencies before archiving, because a skill, MCP server, or deny rule can be load-bearing for something else.

Your data stays on your machine

No analytics, no telemetry endpoint, no product data leaves your machine. Every measurement is a local SQLite row you own. You can inspect it, export it, or delete all of it.

Network use is limited to install and update checks against GitHub or your package registry for the install method you chose. The script installer verifies every file against checksums fetched out-of-band from the release, so a compromised commit cannot swap both the code and the checksums. To skip release verification when you are offline or behind a proxy, set TOKEN_OPTIMIZER_SKIP_VERIFY=1 deliberately.

To delete everything Token Optimizer has stored, or to see exactly what it keeps, see Your data and privacy.

Zero runtime dependencies

Pure Python standard library on Claude Code and Codex. TypeScript with zero runtime dependencies on OpenCode and OpenClaw. There is nothing to pip install and no dependency that can conflict with your environment.

Next steps

• Prompt cache economics: why cache-safety is the whole game.
• Your data and privacy: the commands to inspect or delete your data.
• How it works: the model behind the safety guarantees.