Skip to content

Tokentoll

v0.5.2 Breaking

This release includes 1 breaking change for platform teams planning a safe upgrade.

Published 1mo Model Serving & MLOps
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

anthropic cost-optimization devtools github-action llm mlops
+3 more
openai python static-analysis

Affected surfaces

auth deps

Summary

AI summary

Updates Supply chain, Upgrading ```yaml, and uses across a mixed release.

Full changelog

Fixes

  • Drop loose source-string fallback in detectors (issue raised in xagent PR #338 review). Previously, OpenAI/Anthropic/Google detectors matched any file containing strings like completions.create or .messages.create, causing OpenAI-compatible SDKs (Zhipu, etc.) to be misidentified. Detectors now require an actual openai/anthropic/google import.
  • Skip AzureChatOpenAI without explicit model. AzureChatOpenAI(deployment_name=...) no longer applies a misleading gpt-4o default price. Pass model= explicitly to opt into pricing.

Supply chain

  • Pin pip install tokentoll==0.5.2 in action.yml. The action.yml SHA pin is now meaningful (an unpinned pip install would have bypassed it).

Upgrading

- uses: Jwrede/[email protected]

pip install --upgrade tokentoll

Breaking Changes

  • Detectors now require an actual `openai`/`anthropic`/`google` import; loose string matching is removed.
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Tokentoll

Get notified when new releases ship.

Sign up free

About Tokentoll

All releases →

Related context

Beta — feedback welcome: [email protected]