Token analytics & cost control

Monitor LLM token usage, cut costs with smart compression, and build habits that keep your bill predictable.

Difficulty: Intermediate Duration: 25 minutes What you’ll build: A full picture of your token spend by provider, command, and skill — plus a working compression strategy that reduces CI debug costs by up to 95%

What you’ll learn

Read per-provider, per-command, and per-skill token breakdowns
Export usage data as JSON for dashboards or billing pipelines
Understand why raw CI logs waste 90% of your LLM budget
Use smart compression and log deduplication to cut costs automatically
Get structured JSON from scanners for cheaper, more reliable analysis
Combine model selection and compression for the lowest possible cost per task

Prerequisites

DojOps 1.1.6 installed (npm i -g @dojops/cli)
A configured LLM provider (any of the 7 supported providers)
A project with at least a few prior generate, scan, or debug-ci runs

If you haven’t run anything yet, run two or three quick commands first:


dojops "Create a .gitignore for a Node.js project"
dojops scan

Workshop steps

Step 1: View your token summary

The dojops tokens command reads all recorded usage from your .dojops/ history and presents a summary.


dojops tokens


┌  Token Usage
│
│  Total tokens:   284,521
│  Total cost:     $1.42
│
│  By provider:
│    openai       198,340 tokens  $0.99
│    deepseek      86,181 tokens  $0.43
│
│  By command:
│    generate     142,000 tokens  (49.9%)
│    scan --fix    85,200 tokens  (29.9%)
│    debug-ci      42,100 tokens  (14.8%)
│    plan          15,221 tokens  ( 5.3%)
│
└  Since 2026-01-15

The “By command” breakdown is the most actionable column. If scan --fix is eating 30% of your budget, look at compression and JSON output (covered in Steps 6 and 9). If generate dominates, model selection is where you’ll find the biggest savings.

Step 2: Break down usage by skill

Not all skills cost the same. Terraform configs are verbose. Dockerfiles are short. The --by-skill flag shows which skill generates the most tokens.


dojops tokens --by-skill


┌  Token Usage by Skill
│
│  terraform           89,400 tokens  $0.45
│  github-actions       52,100 tokens  $0.26
│  kubernetes           41,200 tokens  $0.21
│  dockerfile           28,300 tokens  $0.14
│  nginx                18,500 tokens  $0.09
│  (other)              55,021 tokens  $0.28
│
└  6 skills used  |  284,521 tokens total

Terraform and Kubernetes configurations are long by nature — they require many resource blocks, and models tend to include comments and examples. If those are your biggest cost drivers, consider using a cheaper model (--model fast) for straightforward infrastructure and reserving the expensive model for complex multi-resource plans.

Step 3: Visualize daily trends

Raw totals hide whether costs are spiking or steady. The --graph flag renders a 14-day ASCII histogram.


dojops tokens --graph


┌  Token Usage (last 14 days)
│
│  Mar 06  ████████████░░░░░░░░  23,400
│  Mar 07  ██████░░░░░░░░░░░░░░  12,100
│  Mar 08  ████████████████░░░░  31,200
│  Mar 09  ██░░░░░░░░░░░░░░░░░░   4,800
│  Mar 10  ████████████████████  42,500
│  Mar 11  ████████░░░░░░░░░░░░  18,900
│  Mar 12  ████████████░░░░░░░░  24,100
│  Mar 13  ██████████░░░░░░░░░░  21,300
│  Mar 14  ████████████████░░░░  33,700
│  Mar 15  ████░░░░░░░░░░░░░░░░   9,200
│  ...
│
└  Average: 20,321 tokens/day ($0.10/day)

The Mar 10 spike is easy to spot. That’s typically a day where someone ran a large scan --fix or sent multi-file CI logs to debug-ci. Correlate the spike with your audit log to find the command.

Step 4: Export usage data as JSON

The terminal view is useful for spot checks, but if you want to feed usage data into a Grafana dashboard, cost-alerting script, or billing system, you need structured output.


dojops tokens --output json


{
  "summary": {
    "totalTokens": 284521,
    "totalCostUsd": 1.42,
    "since": "2026-01-15"
  },
  "byProvider": [
    { "provider": "openai", "tokens": 198340, "costUsd": 0.99 },
    { "provider": "deepseek", "tokens": 86181, "costUsd": 0.43 }
  ],
  "byCommand": [
    { "command": "generate", "tokens": 142000, "pct": 49.9 },
    { "command": "scan --fix", "tokens": 85200, "pct": 29.9 },
    { "command": "debug-ci", "tokens": 42100, "pct": 14.8 },
    { "command": "plan", "tokens": 15221, "pct": 5.3 }
  ],
  "bySkill": [
    { "skill": "terraform", "tokens": 89400, "costUsd": 0.45 },
    { "skill": "github-actions", "tokens": 52100, "costUsd": 0.26 }
  ],
  "daily": [
    { "date": "2026-03-06", "tokens": 23400 },
    { "date": "2026-03-07", "tokens": 12100 }
  ]
}

Pipe it to a file or directly to a monitoring tool:


dojops tokens --output json > usage-$(date +%Y-%m-%d).json

Step 5: Understand why raw CI logs are expensive

Before you see the compression features in action, it helps to understand the problem they solve.

A typical GitHub Actions log for a failed Node.js build contains hundreds of lines that start with ✓ passed or ok — the LLM doesn’t need any of these. It also has ANSI color codes embedded in every line, the same deprecation warning repeated 47 times because npm prints it once per package, and long stack traces where only the first few frames are relevant.

Sending this raw to the LLM wastes 70–90% of your token budget on noise. The model spends its context window reading PASS UserService.findOne 200 times before reaching the actual error.

Step 6: Watch compression in action

Smart compression activates automatically in debug-ci, scan --fix, and the verification step of autonomous tasks. You don’t enable it — it’s always on.

Run a CI debug command and watch the compression stats:


dojops --debug-ci "$(gh run view 99887766 --log-failed)"


┌  CI Debug Analysis
│
│  Output compression:
│    Raw:        12,847 lines  (45,200 tokens)
│    Compressed:    234 lines   (1,890 tokens)
│    Savings: 95.8%
│
│  Log deduplication:
│    Collapsed 47 duplicate "npm WARN deprecated" lines
│    Collapsed 12 repeated "npm WARN" peer dependency lines
│    Collapsed 8 identical test timeout messages
│
│  Root cause: Jest test "UserService.create" times out
│  waiting for a database connection. The test environment
│  is missing DATABASE_URL configuration.
│
│  Suggested fix:
│    Add DATABASE_URL to your CI environment variables
│    in .github/workflows/ci.yml under `env:`
│
└  1 root cause identified  ·  1,890 tokens used

The compression pipeline runs in four stages: strip ANSI codes, filter out success lines, collapse duplicate messages, truncate to the most relevant sections. The LLM receives 234 lines instead of 12,847 — and the diagnosis is sharper because it isn’t drowning in noise.

Step 7: Manually compare compressed vs raw

If you want to see what the LLM actually receives, pipe a log file through compression without sending it to an LLM:


dojops compress-log ci-output.txt


┌  Log Compression Preview
│
│  Input:    8,421 lines  (31,400 tokens)
│  Output:     189 lines   (1,240 tokens)
│  Reduction: 96.1%
│
│  Removed:
│    4,200 success/pass lines
│    2,100 ANSI escape sequences (chars)
│    47 duplicate warning groups
│
└  Compressed log written to ci-output.compressed.txt

Open ci-output.compressed.txt to inspect exactly what the LLM sees. This is useful when a debug-ci diagnosis seems off — you can check whether the relevant error survived compression.

Step 8: Enable JSON output from scanners

The 10 built-in scanners (trivy, checkov, npm-audit, gitleaks, hadolint, and others) all support machine-readable JSON output. When DojOps requests JSON instead of human-readable text, parsing is more reliable and the output compresses better because there’s no formatting overhead.


dojops scan --json


┌  Security Scan (JSON mode)
│
│  Scanner output format:
│    trivy         → --format json  ✓
│    checkov       → -o json        ✓
│    npm-audit     → --json         ✓
│    gitleaks      → --report-format json  ✓
│    hadolint      → -f json        ✓
│    semgrep       → --json         ✓
│
│  Findings: 3 HIGH, 5 MEDIUM, 12 LOW
│
└  6 scanners used JSON output

Human-readable scanner output has sentence structure the model has to interpret. JSON is unambiguous, so --fix suggestions tend to be more accurate.

Step 9: Combine JSON output with auto-fix

With JSON output enabled, pass --fix to let the LLM generate targeted remediation for each finding:


dojops scan --json --fix


┌  Security Scan + Auto-Fix
│
│  Scan complete:
│    3 HIGH, 5 MEDIUM, 12 LOW findings
│
│  Remediating...
│    [1/3] CVE-2024-48949 in elliptic@6.5.3  →  upgrade to 6.6.1
│    [2/3] DL3008 apt packages unpinned       →  pin versions in Dockerfile
│    [3/3] Terraform S3 bucket public ACL     →  set acl = "private"
│
│  Tokens used: 4,200 (JSON mode saves ~38% vs text mode)
│
└  3 HIGH findings remediated

Compared to sending human-readable scanner output, JSON mode saves roughly 20–40% in tokens for the same fix quality.

Try it yourself

Challenge 1: Find your most expensive command from the last 7 days and identify one specific change that would reduce its token cost by at least 30%.

Challenge 2: Take a real CI failure log from your project and run it through dojops compress-log. Check whether the root cause error survived compression, and if not, figure out what pattern caused it to be filtered.

Challenge 3: Set up a daily JSON export cron job that appends usage data to a running log file, then write a one-liner that shows your total spend for the current calendar month.

Troubleshooting

dojops tokens shows zero usage

The token tracker reads from .dojops/history/. If you initialized DojOps but haven’t run any commands yet, run two or three generate commands first. If you’ve run commands but see zeros, check that .dojops/ exists in your current directory.

Compression isn’t reducing tokens as much as expected

Compression works best on CI logs with lots of repetition. A short, clean error message won’t compress much — that’s expected. If your specific log has low compression, inspect the output of dojops compress-log to see which lines survived and why.

--json flag causes a scanner to fail

Some older versions of system-installed tools don’t support JSON output flags. Run dojops doctor to check scanner versions. DojOps gracefully falls back to text parsing if a scanner doesn’t support --json, and logs a warning.

Token costs in the output don’t match my provider’s billing

DojOps tracks tokens reported by the provider API, but pricing calculations use fixed per-token rates that may not reflect your exact tier or discounts. Use the JSON export to cross-reference against your provider’s billing dashboard.

What you learned

Token costs fall into two categories: tokens you control through model selection, and tokens you can eliminate through compression. dojops tokens gives you the breakdown to know which category matters most for your workflow. Smart compression is automatic — it activates on debug-ci and scan --fix without any configuration — and it routinely cuts 70–95% of tokens on noisy CI logs. Requesting JSON from scanners adds another 20–40% reduction on top of that. Combined, a typical debug-ci run on a large log file costs less than a fraction of a cent instead of several cents.

Next steps

Model Aliases & Thinking Levels — Route simple tasks to cheaper models automatically
CI Debugging & Analysis — Deep dive into CI failure diagnosis
Security Audit & Remediation — Full scanning walkthrough with all 10 scanners