Scenario A — current web
►SECTION► · HTML · paywall + checkout + second pass <!DOCTYPE html>… paywall → manual card → reload → table → JSON ▶ Play — full Scenario A (slower than EEP column)
Three layers. Use one or all.
EEP layers are independent. Implement only what your use case needs.
Stateless entity discovery. GET /u/acme-corp returns the entity profile, DID document, gate config, and subscribe link. Cacheable. Universally accessible. The /.well-known/eep.json manifest is the machine-readable protocol surface for agents (see the discovery guide); EEP does not replace SEO sitemaps or guarantee answer-engine placement.
http
GET /u/acme-corpAccept: application/json← 200 OKEEP-Version: 0.1EEP-Entity-DID: did:web:example.com:u:acme-corpLink: <.../subscribe>; rel="subscribe"
Unidirectional, persistent event delivery. Entities push CloudEvents the moment state changes. Last-Event-ID replay (24h minimum). HMAC-SHA256 signed.
json
{"specversion": "1.0","type": "com.example.entity.updated","source": "did:web:example.com:u:acme","id": "01HN3QK7GX-1708123456000","data": { "field": "bio" }}
Bidirectional, stateful sessions for live negotiation and autonomous commerce. Per-entity sequence tracking, gap detection, JWT re-auth.
json
{"v": 1,"type": "commerce","action": "offer","seq": 42,"data": {"service": "consulting","pricing": { "model": "fixed","amount": 75, "currency": "usd" }}}
Access control that agents can read.
Machine-readable HTTP 402 responses tell agents exactly what proof they need to provide. No human in the loop.
Six gate types
Commerce state machine
offer→counter→accept→invoice→paid→complete
Strict fail-closed semantic verification by default. Three pricing modes (fixed · negotiated · auction). WebSocket negotiation. No human required.
json
// HTTP 402 — machine-readable gate challenge{"gate_id": "premium_dataset_v1","missing_requirements": [{"type": "payment","amount": "10.00","currency": "USD","networks": ["solana", "base"],"receiver": "did:web:api.example.com"}]}
Runnable in the repo
Same publisher. Two agent paths.
The realworld simulation runs side-by-side in your terminal: a bloated Next.js page scraped with Playwright versus the same data behind @eep-dev/gates — manifest, 402, proofs, then raw JSON. Deterministic. No LLM calls. Like the repo, the HTML path stays busy (viewports, gates, Playwright, exports) while the EEP path finishes in seconds.
Fetch HTML → login & paywall narrative → Playwright extracts
#report-data.vs
GET /.well-known/eep.json → negotiate 402 → sign agreement → payment proof → structured receipt.Bytes on the wireHTML + assets→JSON payloads
Human in the loopSimulated steps→Machine proofs
OutcomeScraped DOM + hidden JSON→Gate-verified resource
Libraries, middleware, bridge, and setup CLI.
TypeScript packages use @eep-dev/*; Python uses eep-*. Core stacks are framework-agnostic; @eep-dev/middleware and eep-middleware-python adapt EEP to Express, Fastify, Hono, Koa, FastAPI, Flask, and Django. @eep-dev/setup-cli (eep-setup) generates manifests, contract tests, and verification reports. Node.js >= 18 for core libraries, Node.js >= 22 for compliance CLI.
| Package | TypeScript | Python | What it does |
|---|---|---|---|
gates | @eep-dev/gates | eep-gates | Access control, commerce state machine, service marketplace, proof validation |
discovery | @eep-dev/discovery | eep-discovery | Manifest validation, HTTP Link header parsing, DNS TXT record parsing |
signer | @eep-dev/signer | eep-signer | HMAC-SHA256 webhook signing and verification (Standard Webhooks spec) |
validator | @eep-dev/validator | eep-validator | SSRF prevention, URL safety checks, event type pattern matching |
compliance-cli | @eep-dev/compliance-cli | eep-compliance-cli | End-to-end conformance test runner — point it at any EEP platform |
mcp-bridge | @eep-dev/mcp-bridge | eep-mcp-bridge-python | Translate MCP tool surfaces into EEP manifests and DID-aware gates |
middleware | @eep-dev/middleware | eep-middleware-python | Mount generated subscribe/stream/gate routes on your existing HTTP server |
setup-cli | @eep-dev/setup-cli | — | eep-setup: init, inject, apply, verify — presets, CI --answers, --production guardrails |
From zero to a verified manifest.
Run the dual-runtime Docker reference, or wire eep-setup and middleware into your own repo. The five-minute proof paths cover Compose, CLI-only flows, and a minimal Express example — then add CI checks for EEP-ready artifacts and full compliance tiers.
Three conformance tiers. Start at Core.
Each tier is a strict superset of the previous. Run npx @eep-dev/compliance-cli --target https://your-api.com --report-json ./eep-audit.json --report-md ./eep-audit.md to see where you stand.
| Tier | Requirements | Signal |
|---|---|---|
| Core | Layer 1 (REST state) + Layer 2 SSE, CloudEvents v1.0.2, DID identity | "conformanceTier": "Core" |
| Standard | Core + Webhooks + HMAC-SHA256 + credential & payment gates + version negotiation | "conformanceTier": "Standard" |
| Full | Standard + Layer 3 WebSockets + commerce state machine + agreement & data_request gates + session persistence + W3C DPV privacy | "conformanceTier": "Full" |
Compliance output includes a machine-readable score_100 and actionable recommendations, so teams and coding agents can automate remediation loops.
Adopt EEP with a clear path.
Whether you are a startup, enterprise team, public institution, solo builder, or coding agent, EEP provides a concrete rollout path with runnable scripts and audit outputs.
Protocol-first interoperability across MCP, A2A, and ANP.
EEP remains a full protocol standard for agent-to-entity engagement. It complements MCP/A2A/ANP by covering realtime entity signals, policy gates, and payment-aware access.
MCP
Vertical (agent ↔ tool)
Native MCP server. Any agent retrieves entity information via semantic search. Tool-level integration out of the box.
+
A2A
Horizontal (agent ↔ agent)
EEP profiles host Agent Cards. Cross-platform discovery and task delegation. Google's A2A spec natively compatible.
+
EEP
Agent ↔ entity protocol
Discovery, trust, realtime eventing, gates, and commerce for digital entities. Deploy standalone or compose with other protocols.
Subscribe in seconds.
javascript
import { createHmac } from 'crypto';// Subscribe via SSE — no webhook server neededconst stream = new EventSource('https://api.example.com/eep/stream?source=acme-corp',{ headers: { Authorization: `Bearer ${API_KEY}` } });stream.addEventListener('com.example.entity.updated', (e) => {const event = JSON.parse(e.data);console.log('Entity changed:', event.data.field);});
Open source. No committee. No waiting.
Apache 2.0. Implement it today. File an EEIP if you need to change it.