GAX: An alternate tool execution protocol to fix MCP token bloat and secure agent executions
Hey everyone,
I wanted to share an open-source project I’ve been working on called GAX (Governed Agent eXecution).
The background: There's been a lot of discussion about how Model Context Protocol (MCP) servers go absolutely crazy on token usage because they inject massive, multi-kilobyte tool definitions into the prompt. On the flip side, people point to raw CLIs as the token-efficient alternative, but CLIs lack basic security features like scoped authentication, multi-tenant boundaries, and per-invoke audit logs.
GAX attempts to solve this by creating a command-line-shaped interface governed by a sidecar protocol called ACSP (Agent Capability Shell Protocol).
The architecture splits tool execution into three planes:
Invocation Plane (Visible to agent): Minimal command footprints like `gax gh.pr.list --repo org/api`.
Control Plane (Invisible to agent): Handles device OAuth flows, secrets vaulting, and OPA/Rego policy evaluation.
Data Plane (Filtered): Standardized response envelopes that strip out heavy payloads for the model (`surface=model`) while maintaining them for logging.
We set up an objective benchmarking harness using `tiktoken` to measure actual token counts on 18 different agent workflows. The results showed that while native MCP required thousands of tokens upfront, GAX settled right around 137 median tokens without sacrificing compliance or structured data parsing.
The repo includes a Python reference implementation (`gax` CLI + `gaxd` daemon), yaml-driven manifests, an evaluation engine, and a bridge adapter that wraps existing MCP servers so you can use them without paying the upfront prompt tax.
Check it out here: https://github.com/0sparsh2/GAX
TLDR: MCP too many tokens, CLI not safe and no structure, try GAX
Please lemme know if you all have any feedbacks! Happy to look into those