Enterprise Compliance Readiness
Makes Token Optimizer ready for enterprise infosec questionnaires without a formal SOC2 audit. Zero behavioral change for existing non-enterprise users.
New Commands
measure.py security-report/--json— Self-assessment report for vendor security questionnairesmeasure.py purge/--confirm— Delete all Token Optimizer data (double confirmation required)measure.py consent --show/--reset/--grant— Manage data collection consent
Security Documentation
- SECURITY.md — Comprehensive security whitepaper (12 sections matching vendor questionnaire categories)
- HOOKS.md — Hook architecture document for pen testers (full hook inventory, data flow, attack surface analysis)
- PRIVACY.md — Expanded privacy notice with all data stores, retention schedules, and deletion procedures
Credential Protection
- Shared
credential_patterns.pymodule with 22 credential types (AWS, OpenAI, GitHub, Stripe, Slack, etc.) - Credential redaction in read cache and tool archive before disk write
- Checkpoint credential redaction (user messages, decisions, error context)
Data Lifecycle
- First-run consent gate (hooks skip data collection until acknowledged)
- Configurable retention for all data stores via environment variables
- Quality cache, checkpoint events, and trends.db retention enforcement
- Cross-platform support (Claude Code, Codex, OpenCode, Hermes)
Hardening (from adversarial review)
- Consent gate: symlink check + path confinement to user home
- Purge: double confirmation (--confirm flag + interactive PURGE typing, blocks AI agents)
- Daemon guard: process name verification before SIGTERM (PID recycling protection)
- Bootstrap commands (ensure-health, consent) exempt from consent gate to prevent deadlock