token-optimizer-mcp
mcp
Uyari
Health Gecti
- License — License: MIT
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Community trust — 148 GitHub stars
Code Uyari
- fs module — File system access in .github/workflows/ci.yml
Permissions Gecti
- Permissions — No dangerous permissions requested
Purpose
This is a Model Context Protocol (MCP) server that reduces context window usage for AI tools like Claude and Cursor. It uses Brotli compression and an external SQLite database to cache and optimize text, aiming to cut token consumption by up to 90%.
Security Assessment
Overall Risk: Medium. The server requires local file system access, which is normal for an SQLite caching tool. However, there are a few security considerations. First, the README explicitly promotes downloading and running remote shell scripts (`bash install-hooks.sh` and a PowerShell equivalent). Executing arbitrary scripts from the internet is inherently risky, even from npm postinstall hooks. Second, the `fs` module access flagged in the CI workflows suggests deeper local file interactions. The tool claims "zero external dependencies" and completely offline operation, which means it shouldn't make unauthorized network requests or leak data externally. No hardcoded secrets or dangerous broad permissions were found.
Quality Assessment
This is a highly active and trusted open-source project. It is licensed under the standard MIT license, providing clear usage rights. The repository received its last code push today, indicating active maintenance. With 148 GitHub stars, it has established a solid baseline of community validation and trust.
Verdict
Use with caution. While the core functionality is useful, offline, and well-maintained, you should carefully review the shell scripts before running the automated hooks installer.
This is a Model Context Protocol (MCP) server that reduces context window usage for AI tools like Claude and Cursor. It uses Brotli compression and an external SQLite database to cache and optimize text, aiming to cut token consumption by up to 90%.
Security Assessment
Overall Risk: Medium. The server requires local file system access, which is normal for an SQLite caching tool. However, there are a few security considerations. First, the README explicitly promotes downloading and running remote shell scripts (`bash install-hooks.sh` and a PowerShell equivalent). Executing arbitrary scripts from the internet is inherently risky, even from npm postinstall hooks. Second, the `fs` module access flagged in the CI workflows suggests deeper local file interactions. The tool claims "zero external dependencies" and completely offline operation, which means it shouldn't make unauthorized network requests or leak data externally. No hardcoded secrets or dangerous broad permissions were found.
Quality Assessment
This is a highly active and trusted open-source project. It is licensed under the standard MIT license, providing clear usage rights. The repository received its last code push today, indicating active maintenance. With 148 GitHub stars, it has established a solid baseline of community validation and trust.
Verdict
Use with caution. While the core functionality is useful, offline, and well-maintained, you should carefully review the shell scripts before running the automated hooks installer.
Intelligent token optimization for Claude Code - achieving 95%+ token reduction through caching, compression, and smart tool intelligence
README.md
GitHub Actions CI/CD Documentation
This repository uses GitHub Actions for automated CI/CD with comprehensive quality gates, automated releases, and dependency management.
Table of Contents
- Overview
- Workflows
- Setup Instructions
- Status Checks
- Release Process
- Secrets and Variables
- Troubleshooting
Overview
Our CI/CD pipeline includes:
- Continuous Integration: Automated testing, linting, and quality checks on every PR
- Quality Gates: Bundle size tracking, security audits, license compliance
- Automated Releases: Semantic versioning and npm publishing
- Dependency Management: Automated dependency updates via Dependabot
Workflows
1. CI Workflow (.github/workflows/ci.yml)
Triggers: Pull requests and pushes to master
Jobs:
lint-and-format
- Runs ESLint on TypeScript files
- Checks Prettier formatting
- Validates package.json
- Runtime: ~2-3 minutes
- Node Version: 20
build
- Compiles TypeScript to JavaScript
- Verifies build artifacts (dist/)
- Uploads build artifacts for use in other jobs
- Runtime: ~2-3 minutes
- Node Version: 20
test
- Runs unit tests across multiple Node versions (18, 20, 22)
- Generates code coverage reports
- Uploads coverage to Codecov
- Enforces 80% coverage threshold
- Runtime: ~5-8 minutes per Node version
- Matrix Strategy: Parallel execution across Node versions
performance-benchmarks
- Runs performance benchmark suite
- Compares results against baseline
- Fails if performance regression >10%
- Posts results as PR comment
- Runtime: ~3-5 minutes
- Node Version: 20
integration-test
- Starts MCP server
- Runs integration tests against live server
- Uploads logs on failure
- Runtime: ~3-5 minutes
- Node Version: 20
- Depends On:
buildjob
status-check
- Aggregates all job results
- Final gate before PR can be merged
- Runtime: <1 minute
- Depends On: All other jobs
Total CI Runtime: ~10-15 minutes (with parallelization)
2. Release Workflow (.github/workflows/release.yml)
Triggers: Push to master (after PR merge)
Jobs:
release
- Analyzes commits using conventional commit format
- Determines version bump (major/minor/patch)
- Generates CHANGELOG.md
- Creates Git tag
- Creates GitHub Release
- Runtime: ~3-5 minutes
- Node Version: 20
publish
- Publishes package to npm
- Verifies publication
- Only runs if new release was created
- Runtime: ~2-3 minutes
- Node Version: 20
- Depends On:
releasejob
notify
- Posts release announcement (Discord/Slack if configured)
- Comments on related issues
- Updates release summary
- Runtime: ~1-2 minutes
- Depends On:
release,publishjobs
Total Release Runtime: ~6-10 minutes
3. Quality Gates Workflow (.github/workflows/quality-gates.yml)
Triggers: Pull requests and pushes to master
Jobs:
bundle-size
- Analyzes compiled bundle size
- Compares against baseline
- Fails if size increases >5%
- Posts size comparison as PR comment
- Runtime: ~2-3 minutes
security-audit
- Runs
npm audit - Fails on critical vulnerabilities
- Warns on high vulnerabilities
- Posts audit results as PR comment
- Runtime: ~2-3 minutes
license-compliance
- Checks all dependency licenses
- Warns about copyleft licenses (GPL, AGPL, LGPL)
- Generates license report
- Runtime: ~2-3 minutes
dependency-vulnerabilities
- Runs Snyk scan (if configured)
- Checks for outdated dependencies
- Generates vulnerability report
- Runtime: ~2-3 minutes
code-quality
- Analyzes code complexity
- Counts lines of code
- Identifies TODO/FIXME comments
- Runtime: ~1-2 minutes
Total Quality Gates Runtime: ~9-14 minutes (parallel execution)
4. Commit Lint Workflow (.github/workflows/commitlint.yml)
Triggers: Pull requests
Jobs:
commitlint
- Validates all PR commits follow Conventional Commits format
- Posts format guide as PR comment on failure
- Runtime: ~1-2 minutes
5. Dependabot Configuration (.github/dependabot.yml)
Schedule: Weekly (Monday 9:00 AM UTC)
Features:
- Groups minor/patch updates for dev dependencies
- Groups patch updates for production dependencies
- Separate PRs for major version updates
- Auto-assigns to @ooples
- Labels:
dependencies,automated
Setup Instructions
1. Initial Setup
Clone the repository
git clone https://github.com/ooples/token-optimizer-mcp.git cd token-optimizer-mcpInstall dependencies
npm installInstall semantic-release and commitlint globally (optional)
npm install -g semantic-release @commitlint/cli
2. Configure GitHub Secrets
Navigate to: Settings > Secrets and variables > Actions > New repository secret
Add the following secrets:
Required Secrets
| Secret Name | Description | How to Get |
|---|---|---|
NPM_TOKEN |
npm authentication token | https://www.npmjs.com/settings/YOUR_USERNAME/tokens |
CODECOV_TOKEN |
Codecov upload token (optional) | https://codecov.io/ |
Optional Secrets
| Secret Name | Description | Use Case |
|---|---|---|
SNYK_TOKEN |
Snyk authentication token | Advanced security scanning |
3. Configure GitHub Variables (Optional)
Navigate to: Settings > Secrets and variables > Actions > Variables tab
| Variable Name | Description | Example |
|---|---|---|
DISCORD_WEBHOOK_URL |
Discord webhook for release notifications | https://discord.com/api/webhooks/... |
SLACK_WEBHOOK_URL |
Slack webhook for release notifications | https://hooks.slack.com/services/... |
4. Set Up Branch Protection
Follow instructions in BRANCH_PROTECTION.md
5. Initialize Performance Baseline
After first successful CI run:
- Download the benchmark results artifact
- Copy to
.github/performance-baseline.json - Commit and push:
git add .github/performance-baseline.json git commit -m "chore: add performance baseline" git push
6. Initialize Bundle Size Baseline
After first successful build:
- Run:
du -sb dist | cut -f1 > .github/bundle-size-baseline.txt - Commit and push:
git add .github/bundle-size-baseline.txt git commit -m "chore: add bundle size baseline" git push
Status Checks
All PRs must pass the following status checks before merging:
Critical Checks (Must Pass)
- ✅
lint-and-format- Code style and linting - ✅
build- TypeScript compilation - ✅
test (18)- Tests on Node 18 - ✅
test (20)- Tests on Node 20 - ✅
test (22)- Tests on Node 22 - ✅
commitlint- Commit message format
Quality Checks (Must Pass)
- ✅
bundle-size- Bundle size within limits - ✅
security-audit- No critical vulnerabilities - ✅
license-compliance- License compatibility
Optional Checks (Can Warn)
- ⚠️
performance-benchmarks- Performance metrics - ⚠️
integration-test- Integration test suite - ⚠️
code-quality- Code metrics and analysis
Release Process
Automated Release Flow
Developer creates PR with conventional commits
- Format:
type(scope): description - Examples:
feat(auth): add OAuth,fix(api): resolve race condition
- Format:
CI runs on PR
- All status checks must pass
- Code review required
- Conversations must be resolved
PR is merged to master
- Release workflow triggers automatically
- Semantic-release analyzes commits
Version determination
fix:commits → Patch version (0.0.X)feat:commits → Minor version (0.X.0)BREAKING CHANGE:→ Major version (X.0.0)
Automatic actions
- CHANGELOG.md updated
- Version bumped in package.json
- Git tag created (e.g., v0.2.1)
- GitHub Release created
- npm package published
- Related issues commented
Manual Release (Emergency)
If automated release fails:
# Ensure you're on master with latest changes
git checkout master
git pull
# Create version and tag
npm version patch -m "chore(release): %s" # or minor/major
# Push changes and tags
git push && git push --tags
# Publish to npm
npm publish
# Create GitHub release manually
gh release create v0.2.1 --generate-notes
Secrets and Variables
Getting NPM Token
- Log in to npm: https://www.npmjs.com/
- Click your profile → "Access Tokens"
- Click "Generate New Token" → "Classic Token"
- Select "Automation" type
- Copy token and add to GitHub Secrets as
NPM_TOKEN
Getting Codecov Token (Optional)
- Visit https://codecov.io/
- Sign in with GitHub
- Add your repository
- Copy the upload token
- Add to GitHub Secrets as
CODECOV_TOKEN
Setting Up Notifications
Discord
- Go to your Discord server settings
- Navigate to "Integrations" → "Webhooks"
- Create a new webhook
- Copy the webhook URL
- Add to GitHub Variables as
DISCORD_WEBHOOK_URL
Slack
- Go to https://api.slack.com/apps
- Create a new app or select existing
- Enable "Incoming Webhooks"
- Add webhook to workspace
- Copy the webhook URL
- Add to GitHub Variables as
SLACK_WEBHOOK_URL
Troubleshooting
CI Fails: "Coverage threshold not met"
Solution: Add more unit tests to reach 80% coverage
npm run test:coverage
# Check coverage/index.html for uncovered lines
CI Fails: "Bundle size increased by >5%"
Solution: Optimize bundle or update baseline
# Check what's causing size increase
npm run build
du -h dist/
# If increase is justified, update baseline:
du -sb dist | cut -f1 > .github/bundle-size-baseline.txt
git add .github/bundle-size-baseline.txt
git commit -m "chore: update bundle size baseline"
Release Fails: "No release published"
Cause: No conventional commits since last release
Solution: Ensure commits follow format:
feat:for featuresfix:for bug fixesBREAKING CHANGE:for breaking changes
NPM Publish Fails: "Authentication failed"
Solution: Verify NPM_TOKEN secret
- Check token is still valid: https://www.npmjs.com/settings/YOUR_USERNAME/tokens
- Regenerate token if needed
- Update GitHub secret
Dependabot PRs Failing
Solution: Review and fix issues
# Checkout Dependabot branch
git fetch origin
git checkout dependabot/npm_and_yarn/...
# Fix any breaking changes
npm install
npm test
# Commit fixes
git commit -am "fix: resolve dependency conflicts"
git push
Performance Benchmarks Failing
Solution: Investigate performance regression
- Download benchmark artifacts from failed run
- Compare with baseline
- Profile the code to find bottleneck
- Optimize or update baseline if acceptable
Best Practices
Commit Messages
✅ Good
feat(api): add token refresh endpoint
fix(cache): resolve memory leak in LRU cache
docs(readme): update installation instructions
refactor(core): simplify optimization logic
❌ Bad
Update code
Fix bug
WIP
changes
PR Workflow
- Create feature branch:
git checkout -b feat/my-feature - Make changes with conventional commits
- Push and create PR
- Wait for all checks to pass
- Get code review approval
- Squash and merge (if needed)
Testing Strategy
- Write unit tests for all new features
- Maintain 80%+ coverage
- Add integration tests for critical flows
- Update benchmarks for performance-sensitive code
Dependency Updates
- Review Dependabot PRs weekly
- Test major version updates thoroughly
- Group minor/patch updates when possible
- Keep dependencies up to date for security
Related Documentation
Support
For issues with CI/CD:
- Check GitHub Actions logs
- Review this documentation
- Open an issue: https://github.com/ooples/token-optimizer-mcp/issues
Yorumlar (0)
Yorum birakmak icin giris yap.
Yorum birakSonuc bulunamadi