Justify every token —
in, through, and out.
EAP — Efficient Agent Protocol compresses an AI coding agent's token usage at all three points of the token lifecycle — input (Context), working (Runtime), output (Signal) — plus the code it writes (Lean). One installer, one hook dispatcher, four disciplines. Local, deterministic, no LLM, no network.
curl -fsSL https://raw.githubusercontent.com/0point9bar/EAP/main/install.sh | bash
Interactive TUI — picks up your installed agents. Windows & flags: install · protocol: EAP.md
.eap/ project root
one hook dispatcher
EAP-Lean shrinks the code the agent writes
One product. Four membranes.
Every crossing is a cost to justify. Each layer sits at one boundary, is independently opt-out, and keeps a lossless escape hatch — open the real file, return the full blob, disable Signal. Full design: docs/ARCHITECTURE.md.
EAP-Signal
output · proseshippingVerdict-first response style. Cuts filler, preamble, and hedging while keeping code, commands, errors, paths, and safety text byte-exact.
- Six intensity levels — lite / full / ultra + three Classical-Chinese wenyan tiers
- Auto-Clarity — security warnings and irreversible actions get full sentences
- Prompt-only; applies to any agent — the perfected TLDR prompt
EAP-Lean
output · codeshippingMinimal-code craft: understand first, then walk a 7-rung ladder and stop at the first rung that holds.
- YAGNI → reuse → stdlib → native → installed dep → one line → minimum
- Hard safety carve-outs — validation, data-loss handling, security, accessibility, one runnable check per non-trivial path
- Ships
eap-lean-review/-audit/-debtskills
EAP-Context
input · retrievalbuilt · opt-inA local code-symbol graph. The agent queries for the relevant subgraph and gets file:line pointers instead of dumping whole files.
- 10 languages — Python via stdlib
ast; bounded regex extractors for JS/TS, Go, Rust, Java, C/C++, C#, Ruby, PHP - Graph algorithms — shortest path, communities, centrality; fuzzy seeding; incremental per-file index
- 8 MCP tools · 52 Python tests · stdlib-only
EAP-Runtime
working · tool outputbuilt · opt-in"Think in code": run a script in a subprocess against raw data; only its printed summary re-enters context.
- 12 execution languages when host runtimes are present; 13 MCP tools
- Auto-offload — oversized output lands in a dual-tokenizer FTS index (RRF-fused) behind a searchable pointer
- State snapshots survive compaction; the only network egress is the SSRF-hardened
eap_fetch
Reproducible or unpublished.
EAP reprints none of its sources' 99%-class headlines — those are measured against strawman "dump every byte" baselines. Below is the committed bench: 6 fixed tasks over an 82 KB committed corpus, EAP (B2) vs a competent grep-and-read agent (B1). Rerun it yourself: python3 bench/run.py.
| task | kind | B0 strawman* | B1 grep | B2 EAP | B2 vs B1 | success |
|---|---|---|---|---|---|---|
| log-500-source | runtime-offload | 20,568 | 6,044 | 1,066 | −82.4% | ✓ |
| log-scraper-ua | runtime-offload | 20,568 | 3,786 | 1,580 | −58.3% | ✓ |
| log-slowest-flagged | runtime-offload | 20,568 | 158 | 1,580 | grep wins ×10 | ✓ |
| issues-security-assignee | runtime-offload | 20,568 | 1,158 | 1,581 | grep wins +36% | ✓ |
| issues-open-regression | runtime-offload | 20,568 | 1,243 | 1,581 | grep wins +27% | ✓ |
| code-fee-bps | context-retrieval | 20,568 | 53 | 409 | grep wins ×7.7 | ✓ |
| AGGREGATE | 6 tasks | 123,408 | 12,442 | 7,797 | −37.3% | 6/6 |
* B0 (every corpus byte in context) is printed for context only and is never the denominator for any claim. Negative rows — where a rare-token grep beats EAP — are reported, not hidden. Tokens ≈ ceil(chars/4), applied identically to all arms. Input membrane only: these figures are never multiplied with other layers' savings. Rules: docs/EFFICIENCY.md.
Realistic baseline.
The honest baseline is a competent grep-and-read agent — never the dump-everything strawman.
Never multiplied.
Per-layer savings are reported separately. No compounded headline exists anywhere in this repo.
Task success is first-class.
A configuration that saves tokens but lowers success is a regression, not a win.
Lossy ≠ lossless.
Summary retrieval and exact-chunk retrieval are never blended into one number; recall is reported.
Full distribution.
Every task row is printed — including the ones where grep beats EAP.
Reproducible or unpublished.
If make bench doesn't reproduce it, it doesn't appear anywhere.
One line. Interactive TUI.
The bootstrap checks git + Node ≥ 22, clones the repo, and launches a TUI that detects your installed agents and lets you pick which agents and which layers to wire — even through curl | bash. Zero third-party dependencies: Node built-ins only.
curl -fsSL https://raw.githubusercontent.com/0point9bar/EAP/main/install.sh | bashAutomation: append flags — … | bash -s -- --only claude --non-interactive. Uninstall cleanly with node bin/eap-install.mjs --uninstall.
irm https://raw.githubusercontent.com/0point9bar/EAP/main/install.ps1 | iexSame bootstrap: checks git + Node ≥ 22, clones, launches the TUI.
git clone https://github.com/0point9bar/EAP.git && cd EAP node bin/eap-install.mjs # interactive TUI node bin/eap-install.mjs --list # provider matrix: end-to-end vs planned node bin/eap-install.mjs --dry-run --only claude # print the full plan, write nothing node bin/eap-install.mjs --uninstall # remove rules + MCP entries + hooks
Works on private clones. --no-lean, --no-runtime, --no-context skip individual layers.
End-to-end
rules + both MCP servers + hooksSignal + Lean rules as managed fenced blocks, eap-runtime and eap-context MCP servers, and the hook dispatcher wired into settings.
Native
rules + both MCP serversSignal + Lean rules and both EAP MCP servers registered via each agent's own CLI or config file. Pi gets rules only — it ships npm extensions, not MCP.
Planned — honestly
detected + manual planEvery other detected agent gets a printed per-agent manual plan. The installer never claims to have wired an agent it hasn't implemented. --list is the authoritative matrix.
A policy layer — not a sandbox.
Labeled honestly, built to fail closed.
The Runtime executor is a subprocess with a policy deny-list — it blocks curl/wget/inline network fetches and redirects them to an indexed fetch. It is not OS-level isolation and inherits the host's credentials by design; real isolation (bwrap / landlock / containers) is an explicit later layer, not an implied guarantee. Within that policy layer:
eap_execute_filerefuses to run any file it cannot scan (policy-scan-failed) rather than running it unscannedeap_fetchegress is scheme-allowlisted (http/https) and port-allowlisted (80/443 only)- URL credentials are stripped — no
Authorization: Basicheader is derived or leaked - Every rule re-applies on each redirect hop, alongside the SSRF IP guard
- The clean-room contamination gate treats a scan error as a hard failure, never a silent pass
- Every layer is opt-out; small outputs pass through verbatim