Session Optimization¶
After this page you can take a runtime session that burned more tokens than it should have, get concrete recommendations for it, apply one with a single click, and verify the saving with a measured replay — all on the open-source stack, using your own model keys.
Session optimization shipped in the open-source core in 0.12.0. The session_optimization feature is always advertised by GET /api/v1/features, and the Optimize tab is visible in every console.
The loop¶
Optimization is a three-step loop on one runtime session:
1. Analyze POST /api/v1/billing/cost/runtime-sessions/{id}/optimizations
2. Apply POST /api/v1/billing/cost/runtime-sessions/{id}/optimizations/apply
3. Verify POST /api/v1/billing/cost/runtime-sessions/{id}/replay
In the console, open Audit → Sessions, pick a session, and switch to the Optimize tab — it drives the same three endpoints.
1. Analyze¶
POST /api/v1/billing/cost/runtime-sessions/{runtime_session_id}/optimizations (requires the view_cost permission) inspects the session's captured gateway traffic and produces a context profile — cache behavior, retry waste, oversized tool outputs, tools that were advertised but never invoked — plus actionable suggestions.
Two analysis modes, chosen automatically:
- Deterministic — always available. Pure analysis of the recorded events; the response reports
"generated_by": "local". Costs nothing, needs no model. - LLM-assisted — when your account has a default active AI model configured (your own key), the service additionally runs an evidence-grounded model pass. That internal call goes through your own gateway with
purpose="session_optimization", so it is budgeted and attributed like any other spend — charged to the account, not to the session being analyzed. You can pin a specific model by passingmodel_id.
If no model is configured, analysis does not fail — you get the deterministic result. If the model call errors out or hits the daily cap, the response falls back to deterministic and tells you why in llm_skipped_reason.
2. Apply¶
POST .../optimizations/apply (requires edit_ai_models) applies a recommended action in one click. Applying writes governance and budget configuration only — it never spends model budget itself. Applied actions are listed at GET .../optimizations/actions.
3. Replay-verify¶
POST .../replay (requires edit_ai_models) re-runs the session's recorded requests with a candidate optimization — for example, with specific tools removed or tool-output fields filtered — and measures the difference instead of estimating it:
{
"consented": true,
"n_runs": 3,
"candidate": {
"removed_tool_names": ["search"],
"filtered_output_fields": {}
}
}
consented: trueis required — a replay spends real model budget to measure real savings, so the API refuses to run without explicit consent (HTTP 400 otherwise).n_runsis 1–10 (default 3); more runs tighten the confidence band.- The response reports
input_delta_tokens,input_pct_saved, a banded end-to-end delta (median/low/high), thecost_spenton the replay itself, and aninconclusiveflag when the band straddles zero.
BYOK vs hosted analysis — the honest version¶
The split is simple:
| Analysis | Who pays for the model | Availability |
|---|---|---|
| Deterministic | Nobody — no model call | Always, every edition |
| LLM-assisted on your own model (BYOK) | You, through your own gateway budget | Always, every edition |
| LLM-assisted on a hosted built-in model | The operator (Preloop Cloud) | Metered on Cloud |
Self-hosted open source never gates anything: there is no hosted model to meter. On Preloop Cloud, hosted-model analysis is compute the operator pays for, so it can be metered — the server exposes an authorizer hook (optimization_gating) that a billing plugin can register; a denial comes back as HTTP 402 at request time. The UI is never hidden and BYOK analysis is never touched by that hook.
What optimization cannot do: subscription OAuth traffic¶
If you route Claude Code Pro/Max subscription traffic through the gateway (see AI Model Gateway), that traffic is proxied byte-faithfully — Anthropic requires the exact Claude Code request shape, so Preloop forwards it untouched apart from governance tool-stripping.
Consequences for optimization, stated plainly:
- Message-level context optimizations are not applied to subscription-OAuth requests. Rewriting blocks would break byte-fidelity and destroy the prompt-cache prefix, so the gateway deliberately leaves them alone.
- Analysis still works — the traffic is recorded, attributed, and budgeted, so the Optimize tab can still profile it and recommend changes you make on the agent side.
- Replay-verify candidates that rewrite message content do not apply to this traffic either.
Try it¶
TOKEN=... # a console user's bearer token
SESSION=... # a runtime session id from GET /api/v1/runtime-sessions
curl -X POST \
-H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
http://localhost:8000/api/v1/billing/cost/runtime-sessions/$SESSION/optimizations \
-d '{}'
On a fresh install with no AI model configured you will get a "generated_by": "local" deterministic result — that is the expected baseline, not an error.
Related¶
- Cost Analytics & Budgets — where the numbers come from
- Runtime Sessions — the unit optimization operates on
- AI Model Gateway — how traffic gets recorded in the first place
- Enterprise Billing & FinOps — what Cloud/Enterprise add on top