Open Source Context Engineering

Your AI needs the right evidence.
Prove it locally first.

Entroly is an auditable context engineering control plane for AI agents: evidence selection, recoverable compression, receipts, memory, gateway controls, and local verification.

$ pip install -U entroly && entroly verify-claims && entroly simulate Click to copy
Works with Claude Code · Codex · OpenClaw · GitHub Copilot · Cursor · other MCP clients
The Cache Aligner keeps eligible prompt prefixes byte-stable. Whether a request receives a cache hit or discount is determined by the provider; verify it from provider-reported usage.
Entroly context-selection and receipt demo
Watch Demo

See Entroly select and compress context under budget with committed benchmark artifacts and local verification reports.

GitHub stars GitHub forks Discord PyPI version npm version License: Apache-2.0
128/128
Context Replays
768/768
Tamper Trials Detected
20,000
Faithful HaluEval Decisions
3 paths
Python · Optional Rust · WASM

Integrity counts: Context Commit conformance JSON. WITNESS count: faithful HaluEval-QA JSON. These results are protocol-scoped, not production guarantees.

The Problem

Selection needs an audit trail.

Uncontrolled Context

BudgetImplicit or absent
OmissionsOften unexplained
RecoveryIntegration-dependent
MeasurementProvider usage required
Trust questionWhat evidence was used?

Entroly-Controlled Context

BudgetExplicit
OmissionsRecorded in receipts
RecoveryAvailable while recovery state is retained
MeasurementLocal estimate + provider pilot
Trust answerInspect and replay the receipt
Features

Context Engineering, Automated.

📦

Proof-First Install

Run local verification and simulation before wiring a paid model. Then choose MCP, proxy, SDK, npm, or Docker.

🦀

Rust Performance

A high-performance Rust core (via PyO3) accelerates ranking, selection, verification, cache, and memory primitives when the native engine is installed.

🧠

PRISM Optimizer

Recorded outcomes can adjust local context weights. Candidate changes remain subject to promotion and rollback policy; adaptation is not an accuracy guarantee.

🔒

Built-in Security

Local SAST and prompt-injection checks can flag configured patterns before context is selected. Review findings; these checks are not a substitute for a security audit.

📊

Health Scoring

Get an A-F grade for your codebase health. Detect god files, dead code, and cross-module clones automatically.

🤖

Agent Native

First-class support for Multi-Agent systems. Nash bargaining for token budgets between sub-agents.

Inspectable controls

19 mechanisms. Source-linked.

Most context tools optimize a single lever — input compression. Entroly ships 19 distinct mechanisms across input, inference, output, verification, and learning. Their effects must be measured separately and end to end; each source file can be opened and audited.

The under-advertised win

Cache Aligner

Compressors re-rank context on every call, which busts the provider's KV cache. The aligner hashes the injected context and holds the prefix stable so cache hits actually land.

Byte-stable prefix
Confirm hits from provider usage · entroly/cache_aligner.py
Local grounding-risk signal

WITNESS

Deterministic verifier with no second model call. The committed faithful HaluEval-QA run reports scope, sample size, held-out accuracy, and uncertainty; it does not establish general hallucination prevention.

AUROC 0.7976
20,000 decisions · raw result
Pay for the model you need

RAVS Model Routing

A Bayesian per-task router sends easy work to cheap models and escalates only when verifier risk says so. Fail-closed: when uncertain, it routes to the strongest model.

Haiku → Opus
entroly/ravs/router.py
01

Context compression

Knapsack DP + 9 specialized compressors + a dep-graph pick the most information-dense fragments that fit your budget.

proxy_transform.py
02

WITNESS + STAVE

Local grounding-risk signals with separately documented evaluation protocols.

witness.py · stave.py
03

Cache Aligner

Holds eligible prefix bytes stable; provider-reported usage determines whether a cache hit occurred.

cache_aligner.py
04

Escalation cascade

Cheap model first; escalate only when verifier risk demands it. Bounded regret via split-conformal coverage.

escalation.py
05

Conformal cascade

Two-verifier cascade with a measured Pareto frontier vs. either verifier alone.

conformal_cascade.py
06

RAVS Bayesian router

Per-task model routing — cheap when capable, strong when needed. Fail-closed.

ravs/router.py
07

Fast-path skills

Queries that match an accepted cache key can reuse the recorded result under the configured policy.

fast_path.py
08

Adaptive Compression Budget

Learns the right token budget per query so easy questions don't overspend.

adaptive_budget.py
09

Entropic Conversation Pruning

Compresses chat history each turn so long conversations don't bloat the input.

proxy_transform.py
10

Shell-output compression

Targeted fast paths for git, builds, logs, JSON, and test output — 60–95% smaller.

proxy_transform.py
11

Response distillation

Compresses the model's response before downstream chains consume it.

proxy_transform.py
12

Local DeBERTa NLI

Runs faithfulness NLI fully offline — ~$0.002/claim drops to $0.

witness.py
13

EICV suppressor

Drops hallucinated content from responses before it propagates downstream.

eicv_suppressor.py
14

PRISM 5D weights

Learns which fragment features matter, with a spectral natural-gradient optimizer.

online_learner.py · prism.rs
15

Federation

Anonymized weight + skill sync across instances amortizes cold-start across the user base.

federation.py
16

Entropic Shell Codec

Universal entropy + SimHash compressor for any tool output — even ones it has never seen.

shell_codec.py
17

Semantic Resolution Protocol

Budget-driven file reads — full, signature-only, or diff-only, chosen per block.

semantic_resolution.py
18

Adversarial Context Firewall

Blocks prompt-injection and context poisoning that bypass regex-only scanners.

context_firewall.py
19

Witness-Verified Handoff

Scans agent output for hallucination before passing it to the next agent.

verified_handoff.py
How they compose. A chatty agent benefits from input compression (#1) and the cache aligner (#3, on whatever survives) and model routing (#6) and response distillation (#11) and universal tool-output compression (#16). Because the wins multiply, the product can leave well under 1% of the original input-token spend on the bill — and every figure is backed by a committed JSON artifact, not a slide.
1
Typical context tool — input compression only
vs
19
Entroly levers across input · inference · output · verification · learning
Reproducible

Numbers you can re-run.

Every figure links to a committed JSON with sample counts, 95% confidence intervals, and model provenance. Clone the repo and reproduce them — or run the packaged smoke verifier on your own code in seconds.

Benchmark Token savings Accuracy retained Samples Artifact
Needle-in-a-haystack 99.5% 100% 20 needle_accuracy.json
LongBench 85.3% 103% (↑) 50 longbench_accuracy.json
BFCL (function calling) 79.3% 100% 50 bfcl_accuracy.json
SQuAD 43.8% 90% 50 squad_accuracy.json
WITNESS grounding-risk benchmark (HaluEval-QA) AUROC 0.7976 84.92% held-out accuracy 20,000 decisions halueval_qa_faithful.json

SQuAD is shown unfiltered — it's the one benchmark here where a tighter budget trades a little accuracy (0.80 → 0.72) for savings. We include it because cherry-picking benchmarks is how marketing claims get caught. Numbers measured with gpt-4o-mini; see each JSON for the full confidence intervals.

$ entroly verify-claims → runs locally, no API key required. On Entroly's own 92-file repo: 326,361 tokens → 7,969 (97.6% reduction), 9/9 checks pass — written to .entroly_verification.json so you can diff it yourself.

Measure it before you trust it.

Run the local package, recovery, and workload-estimate checks first.

View on GitHub
pip install -U entroly && entroly verify-claims && entroly simulate