0point9bar / EAP · MIT · zero dependencies

Justify every token —
in, through, and out.

EAP — Efficient Agent Protocol compresses an AI coding agent's token usage at all three points of the token lifecycle — input (Context), working (Runtime), output (Signal) — plus the code it writes (Lean). One installer, one hook dispatcher, four disciplines. Local, deterministic, no LLM, no network.

curl -fsSL https://raw.githubusercontent.com/0point9bar/EAP/main/install.sh | bash
01 · The four disciplines

One product. Four membranes.

Every crossing is a cost to justify. Each layer sits at one boundary, is independently opt-out, and keeps a lossless escape hatch — open the real file, return the full blob, disable Signal. Full design: docs/ARCHITECTURE.md.

EAP-Signal

output · proseshipping

Verdict-first response style. Cuts filler, preamble, and hedging while keeping code, commands, errors, paths, and safety text byte-exact.

  • Six intensity levels — lite / full / ultra + three Classical-Chinese wenyan tiers
  • Auto-Clarity — security warnings and irreversible actions get full sentences
  • Prompt-only; applies to any agent — the perfected TLDR prompt

EAP-Lean

output · codeshipping

Minimal-code craft: understand first, then walk a 7-rung ladder and stop at the first rung that holds.

  • YAGNI → reuse → stdlib → native → installed dep → one line → minimum
  • Hard safety carve-outs — validation, data-loss handling, security, accessibility, one runnable check per non-trivial path
  • Ships eap-lean-review / -audit / -debt skills

EAP-Context

input · retrievalbuilt · opt-in

A local code-symbol graph. The agent queries for the relevant subgraph and gets file:line pointers instead of dumping whole files.

  • 10 languages — Python via stdlib ast; bounded regex extractors for JS/TS, Go, Rust, Java, C/C++, C#, Ruby, PHP
  • Graph algorithms — shortest path, communities, centrality; fuzzy seeding; incremental per-file index
  • 8 MCP tools · 52 Python tests · stdlib-only

EAP-Runtime

working · tool outputbuilt · opt-in

"Think in code": run a script in a subprocess against raw data; only its printed summary re-enters context.

  • 12 execution languages when host runtimes are present; 13 MCP tools
  • Auto-offload — oversized output lands in a dual-tokenizer FTS index (RRF-fused) behind a searchable pointer
  • State snapshots survive compaction; the only network egress is the SSRF-hardened eap_fetch
local & deterministic no LLM no network SessionStart / PreToolUse / PostToolUse / PreCompact zero third-party code
02 · Honest numbers

Reproducible or unpublished.

EAP reprints none of its sources' 99%-class headlines — those are measured against strawman "dump every byte" baselines. Below is the committed bench: 6 fixed tasks over an 82 KB committed corpus, EAP (B2) vs a competent grep-and-read agent (B1). Rerun it yourself: python3 bench/run.py.

−37.3%
aggregate input tokens, B2 vs B1 (honest baseline)
6/6
task success — every arm, every task
100%
lossless retrieval — exact chunks + pointer, never summaries
0
numbers published without a committed harness
taskkindB0 strawman*B1 grepB2 EAPB2 vs B1success
log-500-sourceruntime-offload20,5686,0441,066−82.4%
log-scraper-uaruntime-offload20,5683,7861,580−58.3%
log-slowest-flaggedruntime-offload20,5681581,580grep wins ×10
issues-security-assigneeruntime-offload20,5681,1581,581grep wins +36%
issues-open-regressionruntime-offload20,5681,2431,581grep wins +27%
code-fee-bpscontext-retrieval20,56853409grep wins ×7.7
AGGREGATE6 tasks123,40812,4427,797−37.3%6/6

* B0 (every corpus byte in context) is printed for context only and is never the denominator for any claim. Negative rows — where a rare-token grep beats EAP — are reported, not hidden. Tokens ≈ ceil(chars/4), applied identically to all arms. Input membrane only: these figures are never multiplied with other layers' savings. Rules: docs/EFFICIENCY.md.

rule 01

Realistic baseline.

The honest baseline is a competent grep-and-read agent — never the dump-everything strawman.

rule 02

Never multiplied.

Per-layer savings are reported separately. No compounded headline exists anywhere in this repo.

rule 03

Task success is first-class.

A configuration that saves tokens but lowers success is a regression, not a win.

rule 04

Lossy ≠ lossless.

Summary retrieval and exact-chunk retrieval are never blended into one number; recall is reported.

rule 05

Full distribution.

Every task row is printed — including the ones where grep beats EAP.

rule 06

Reproducible or unpublished.

If make bench doesn't reproduce it, it doesn't appear anywhere.

03 · Install

One line. Interactive TUI.

The bootstrap checks git + Node ≥ 22, clones the repo, and launches a TUI that detects your installed agents and lets you pick which agents and which layers to wire — even through curl | bash. Zero third-party dependencies: Node built-ins only.

curl -fsSL https://raw.githubusercontent.com/0point9bar/EAP/main/install.sh | bash

Automation: append flags — … | bash -s -- --only claude --non-interactive. Uninstall cleanly with node bin/eap-install.mjs --uninstall.

irm https://raw.githubusercontent.com/0point9bar/EAP/main/install.ps1 | iex

Same bootstrap: checks git + Node ≥ 22, clones, launches the TUI.

git clone https://github.com/0point9bar/EAP.git && cd EAP
node bin/eap-install.mjs                          # interactive TUI
node bin/eap-install.mjs --list                   # provider matrix: end-to-end vs planned
node bin/eap-install.mjs --dry-run --only claude  # print the full plan, write nothing
node bin/eap-install.mjs --uninstall              # remove rules + MCP entries + hooks

Works on private clones. --no-lean, --no-runtime, --no-context skip individual layers.

End-to-end

rules + both MCP servers + hooks

Signal + Lean rules as managed fenced blocks, eap-runtime and eap-context MCP servers, and the hook dispatcher wired into settings.

claude code

Native

rules + both MCP servers

Signal + Lean rules and both EAP MCP servers registered via each agent's own CLI or config file. Pi gets rules only — it ships npm extensions, not MCP.

codexgrokhermescursorantigravityopencodepi*

Planned — honestly

detected + manual plan

Every other detected agent gets a printed per-agent manual plan. The installer never claims to have wired an agent it hasn't implemented. --list is the authoritative matrix.

geminiwindsurfcline
04 · Security posture

A policy layer — not a sandbox.

Labeled honestly, built to fail closed.

The Runtime executor is a subprocess with a policy deny-list — it blocks curl/wget/inline network fetches and redirects them to an indexed fetch. It is not OS-level isolation and inherits the host's credentials by design; real isolation (bwrap / landlock / containers) is an explicit later layer, not an implied guarantee. Within that policy layer:

  • eap_execute_file refuses to run any file it cannot scan (policy-scan-failed) rather than running it unscanned
  • eap_fetch egress is scheme-allowlisted (http/https) and port-allowlisted (80/443 only)
  • URL credentials are stripped — no Authorization: Basic header is derived or leaked
  • Every rule re-applies on each redirect hop, alongside the SSRF IP guard
  • The clean-room contamination gate treats a scan error as a hard failure, never a silent pass
  • Every layer is opt-out; small outputs pass through verbatim