download

Get the ltk agent

One small binary. It filters your coding agent's terminal output locally, redacts secrets before they reach the model, and — only if you enroll it — reports numbers-only savings metrics to a dashboard.

Signed installers are coming. We won't ship an unsigned binary of a security product — until code-signing lands, build the agent from source below (2 commands), or contact us for an enterprise pilot with a managed rollout.

build from source

Build the agent from source (2 commands)

The engine is open-source, so the agent builds in a few minutes with a standard Rust toolchain — on macOS (Apple Silicon or Intel), Linux, and Windows.

terminal build + install ltk from source
# Prereq: Rust toolchain — https://rustup.rs
cargo build --release            # inside the agent/ directory of the source tree
mkdir -p ~/.local/bin && cp target/release/ltk ~/.local/bin/
export PATH="$HOME/.local/bin:$PATH"     # add to your shell profile too

ltk --version                             # -> ltk 0.43.0
Why no direct download yet? We won't ship an unsigned binary of a security product. Developer ID signing + Apple notarization and Windows EV signing are the next release-engineering step — when they land, signed one-click installers appear here (and enterprise fleets get MSI/pkg/deb via MDM). Until then: build from source, or start with the cloud dashboard at app.lazytoken.org.
platform availability

Every platform builds from source today

Honest status: signed installers for every platform ship with the release pipeline; until then the agent builds from source in a few minutes.

Signed build coming

macOS · Apple Silicon

arm64

Build from source today · signed & notarized installer next.

Build from source

macOS · Intel

x86_64

See instructions below · prebuilt + notarized builds are on the roadmap.

Build from source

Linux

x86_64 / aarch64

See instructions below · deb/rpm packaging scripts exist for enterprise fleets.

Build from source

Windows

x86_64

See instructions below · MSI packaging scripts exist; EV-signed installers are on the roadmap.

Build from source

The agent is a standard Rust project (the toolchain is pinned in the repo). Any platform Rust supports:

terminal build ltk from source
git clone <the-lazytoken-repo>
cd <repo>/agent
cargo build --release

# binary lands at:
./target/release/ltk --version           # -> ltk 0.43.0
# put it on your PATH, e.g.:
cp target/release/ltk ~/.local/bin/
quick start

Quick start after install

Three steps: hook ltk into your coding agent, watch a command get filtered, and (optionally) connect a dashboard.

01 / hook in

ltk init

Wires LazyToken into your AI coding agent's command path:

ltk init              # Claude Code
ltk init --copilot    # GitHub Copilot
ltk init --gemini     # Gemini CLI
ltk init --codex      # Codex CLI

For Cursor and other agents, run ltk init --show to see configuration options. --dry-run previews every change before writing.

02 / see it work

Try a filtered command

Run a command through ltk and compare with the raw output:

ltk git status

Same information, a fraction of the tokens. From now on your coding agent's git, test, docker, and 100+ other commands are filtered automatically.

03 / connect (optional)

Enroll for a dashboard

Enterprise — your org's self-hosted server:

ltk enroll \
  --server https://lt.company.internal \
  --token ORG-XXXXXXXXXXXX
ltk status

Free (individual) — the hosted personal dashboard, once you have a sign-in token:

ltk enroll --cloud

Without enrollment, ltk filters locally and sends nothing anywhere.

enterprise

Enterprise fleet install

Rolling out to dozens or hundreds of machines? Don't hand out tarballs — use the packaging + MDM scaffolding that ships with the product.

Installer packages

The repo's deploy/packaging/ tree builds native installers from a released binary:

  • Windows — WiX MSI (LazyToken-<v>.msi), silent install with SERVERURL / ENROLLTOKEN properties
  • macOS.pkg with a post-install that enrolls as the console user
  • Linux.deb and .rpm (lazytoken-agent)

Production signing (EV cert, notarization, GPG) is a release step documented in the packaging README — required before a regulated rollout.

MDM rollout

Ready-made scripts and runbooks under deploy/mdm/, covered step-by-step in the Admin Guide:

  • Microsoft Intune — Win32 app wrapper script with logging and proper exit codes
  • Jamf Pro — pkg install + console-user enrollment, server/token as Jamf parameters
  • Active Directory GPO — MSI assignment with an .mst transform for parameters

Pre-seed the server URL and an org enrollment token, push through your MDM, and manage the fleet from the dashboard.

After the fleet is enrolled, updates never come from the internet. ltk update pulls from your own server's release channel and verifies sha256 + an Ed25519 signature before an atomic self-replace. You control the pace.

Next: stand up the dashboard

The 15-minute Quick Start takes you from zero to a live dashboard with demo data — Docker Compose or local Node, your choice.