DEV Community: Shudipto Trafder The latest articles on DEV Community by Shudipto Trafder (@shudiptotrafder). https://dev.to/shudiptotrafder https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3681541%2Fd686de74-59f1-4097-9bf4-81b3837b0aba.jpg DEV Community: Shudipto Trafder https://dev.to/shudiptotrafder en Claude Code Is Reading Your .env File Right Now — And You Probably Don't Know It Shudipto Trafder Tue, 19 May 2026 03:05:32 +0000 https://dev.to/shudiptotrafder/claude-code-is-reading-your-env-file-right-now-and-you-probably-dont-know-it-3ja5 https://dev.to/shudiptotrafder/claude-code-is-reading-your-env-file-right-now-and-you-probably-dont-know-it-3ja5 <p>Every time you open a project with Claude Code, it starts scanning your files. Your source code. Your configs. Your <code>.env</code> file.</p> <p>By the time you type your first prompt, Claude already knows your database password, your Supabase service key, and that Twilio auth token you've been meaning to rotate for three months. And depending on your setup, all of that might be sitting in Anthropic's conversation logs right now.</p> <p>I know this sounds alarmist. But this isn't theoretical — a GitHub issue filed in April 2026 confirmed that Claude reads and echoes <code>.env</code> contents into conversation context, <strong>even when you've explicitly told it not to in your <code>CLAUDE.md</code></strong>. That was the moment I stopped trusting advisory rules and started understanding how Claude's permission system actually works.</p> <p>Here's what I found — and more importantly, how to actually fix it.</p> <h2> The False Sense of Security: Why CLAUDE.md Won't Save You </h2> <p>The first thing most developers do is open their <code>CLAUDE.md</code> and write something like:</p> <blockquote> <p>"Never read <code>.env</code> files. Never expose API keys."</p> </blockquote> <p>Reasonable. Logical. And almost completely useless as a security control.</p> <p>Here's the uncomfortable truth: <code>CLAUDE.md</code> is a suggestion, not a constraint. Claude follows it under normal conditions — short context windows, simple tasks, clear intent. But push the model into a complex debugging session with a long conversation history and an ambiguous instruction, and those advisory rules start slipping.</p> <p>The model isn't being malicious. It's just prioritizing. When the system prompt says "don't read <code>.env</code>" but the task at hand requires understanding why a database connection is failing, the task usually wins.</p> <p><strong>The only thing that actually enforces a hard boundary is a deny rule in <code>settings.json</code>.</strong> Deny rules are evaluated before Claude even attempts the operation. The file never opens. The contents never enter the context. It's the difference between "please don't" and "you physically cannot."</p> <h2> It's Not Just One Leak — It's Three </h2> <p>Most developers, once they hear about this problem, go add a deny rule for <code>.env</code> files and call it done. That blocks one of the three ways your secrets get exposed.</p> <p><strong>Leak #1: Direct file read</strong> — This is the obvious one. Claude scans your project directory, opens <code>.env</code>, and the keys become part of the conversation. Deny rules stop this completely.</p> <p><strong>Leak #2: Runtime output capture</strong> — This is the sneaky one. Claude runs your test suite. One test makes an HTTP request with an <code>Authorization</code> header. The request fails and the error log dumps the full header value — your live API key — into the terminal output. Claude captures all of that output. Your secret is now in the conversation, and Claude never needed to open a single file.</p> <p>Or imagine a database connection timing out. The error message includes the full connection string: <code>postgres://admin:MyActualPassword123@prod-database.us-east-1.rds.amazonaws.com/appdatabase</code>. Claude sees it. It's in context. Done.</p> <p><strong>Leak #3: Search and grep</strong> — Claude uses grep to find where you defined a helper function. The search returns matches from a config file that happens to contain your Resend API key alongside the function definition. The matched lines show up in grep output. Claude reads it. You never suspected a thing.</p> <blockquote> <p>[!warning]+ Reality Check<br> Most guides on this topic protect against Leak #1 only. Leaks #2 and #3 are where real credentials actually escape in production workflows. I'll show you how to handle all three.</p> </blockquote> <h2> The Fix That Actually Works: Hard Deny Rules </h2> <p>Open <code>~/.claude/settings.json</code> — or create it if it doesn't exist. This is the global config that applies to every project you open with Claude Code.</p> <p>Add deny rules for every sensitive file pattern you want to block:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"permissions"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"deny"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"Read(**/.env*)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Read(**/secrets/**)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Read(**/credentials/**)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Read(**/.ssh/**)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Write(**/.env*)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Write(**/secrets/**)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Write(**/credentials/**)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Write(**/.ssh/**)"</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>The <code>**</code> wildcard means these rules apply to every subdirectory, not just the project root. If you have a monorepo with a <code>packages/api/.env.production</code>, it's blocked. If your CI scripts live in <code>tooling/scripts/.env.ci</code>, it's blocked.</p> <p>Write rules matter too — you don't want Claude accidentally creating or overwriting <code>.env</code> files during a "let me set up your environment" task.</p> <h2> Solving Leak #2: The Test Environment Trick </h2> <p>Deny rules can't intercept runtime output — that's just text flowing through the terminal. The solution is to ensure Claude never runs code that has access to real credentials in the first place.</p> <p>Create a <code>.env.test</code> file that contains placeholder values for every key your app uses:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># .env.test — safe values for all automated tasks</span> <span class="nv">ANTHROPIC_API_KEY</span><span class="o">=</span>sk-ant-test-placeholder-not-real <span class="nv">SUPABASE_URL</span><span class="o">=</span>https://test-project.supabase.co <span class="nv">SUPABASE_SERVICE_ROLE_KEY</span><span class="o">=</span>eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.test <span class="nv">RESEND_API_KEY</span><span class="o">=</span>re_test_placeholder_123456789 <span class="nv">TWILIO_ACCOUNT_SID</span><span class="o">=</span>ACtest00000000000000000000000000000 <span class="nv">TWILIO_AUTH_TOKEN</span><span class="o">=</span>test_auth_token_placeholder_value <span class="nv">REDIS_URL</span><span class="o">=</span>redis://localhost:6379 </code></pre> </div> <p>Then point your test runner at <code>.env.test</code> instead of <code>.env</code>. For Python projects using <code>pytest</code>, add this to <code>pytest.ini</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="nn">[pytest]</span> <span class="py">env_files</span> <span class="p">=</span> <span class="s">.env.test</span> </code></pre> </div> <p>For Node.js projects, load it explicitly in your test setup:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// test/setup.js</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">config</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">dotenv</span><span class="dl">'</span> <span class="nf">config</span><span class="p">({</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">.env.test</span><span class="dl">'</span><span class="p">,</span> <span class="na">override</span><span class="p">:</span> <span class="kc">true</span> <span class="p">})</span> </code></pre> </div> <p>Now when Claude runs your test suite and a request fails with a logged header, the only key that shows up is <code>sk-ant-test-placeholder-not-real</code>. Harmless.</p> <h2> Solving Leak #3: The Pre-Commit Safety Net </h2> <p>Even with deny rules and test environments, the repo itself is the last line of defense. A pre-commit hook scans every staged file before it reaches git history — and git history is permanent in a way that conversations aren't.</p> <p>Create <code>.git/hooks/pre-commit</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/usr/bin/env bash</span> <span class="c"># Pre-commit hook: blocks commits that contain credential patterns</span> <span class="nb">set</span> <span class="nt">-euo</span> pipefail <span class="nv">SECRET_PATTERNS</span><span class="o">=(</span> <span class="s1">'sk-ant-api'</span> <span class="c"># Anthropic production keys</span> <span class="s1">'re_[A-Za-z0-9]{20,}'</span> <span class="c"># Resend API keys</span> <span class="s1">'eyJhbGciOiJIUzI1NiJ9'</span> <span class="c"># Supabase JWTs (common header)</span> <span class="s1">'ACa[0-9a-f]{32}'</span> <span class="c"># Twilio Account SIDs</span> <span class="s1">'AKID[A-Z0-9]{16}'</span> <span class="c"># Cloud access key IDs</span> <span class="s1">'postgres://[^@]+:[^@]+@'</span> <span class="c"># Postgres DSNs with embedded passwords</span> <span class="s1">'mongodb\+srv://[^@]+:[^@]+@'</span> <span class="c"># MongoDB Atlas URIs</span> <span class="s1">'-----BEGIN (RSA|EC|OPENSSH) PRIVATE KEY-----'</span> <span class="o">)</span> <span class="nv">BLOCKED_FILENAMES</span><span class="o">=(</span> <span class="s1">'.env'</span> <span class="s1">'.env.local'</span> <span class="s1">'.env.production'</span> <span class="s1">'id_rsa'</span> <span class="s1">'id_ed25519'</span> <span class="s1">'*.p12'</span> <span class="s1">'*.pfx'</span> <span class="s1">'service-account.json'</span> <span class="o">)</span> <span class="nv">FOUND_ISSUE</span><span class="o">=</span>0 <span class="c"># Check for secret patterns in staged diff</span> <span class="k">for </span>pattern <span class="k">in</span> <span class="s2">"</span><span class="k">${</span><span class="nv">SECRET_PATTERNS</span><span class="p">[@]</span><span class="k">}</span><span class="s2">"</span><span class="p">;</span> <span class="k">do if </span>git diff <span class="nt">--cached</span> <span class="nt">--diff-filter</span><span class="o">=</span>ACM <span class="nt">--</span> <span class="nb">.</span> | <span class="nb">grep</span> <span class="nt">-qE</span> <span class="s2">"^</span><span class="se">\+</span><span class="s2">.*</span><span class="k">${</span><span class="nv">pattern</span><span class="k">}</span><span class="s2">"</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"❌ BLOCKED: Potential secret found matching pattern: </span><span class="k">${</span><span class="nv">pattern</span><span class="k">}</span><span class="s2">"</span> <span class="nv">FOUND_ISSUE</span><span class="o">=</span>1 <span class="k">fi done</span> <span class="c"># Check for sensitive filenames being staged</span> <span class="k">for </span>filename <span class="k">in</span> <span class="s2">"</span><span class="k">${</span><span class="nv">BLOCKED_FILENAMES</span><span class="p">[@]</span><span class="k">}</span><span class="s2">"</span><span class="p">;</span> <span class="k">do if </span>git diff <span class="nt">--cached</span> <span class="nt">--name-only</span> | <span class="nb">grep</span> <span class="nt">-qF</span> <span class="s2">"</span><span class="k">${</span><span class="nv">filename</span><span class="k">}</span><span class="s2">"</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"❌ BLOCKED: Sensitive file staged for commit: </span><span class="k">${</span><span class="nv">filename</span><span class="k">}</span><span class="s2">"</span> <span class="nv">FOUND_ISSUE</span><span class="o">=</span>1 <span class="k">fi done if</span> <span class="o">[[</span> <span class="nv">$FOUND_ISSUE</span> <span class="nt">-eq</span> 1 <span class="o">]]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">""</span> <span class="nb">echo</span> <span class="s2">"Remove the flagged content and try again."</span> <span class="nb">echo</span> <span class="s2">"If this is a false positive, use: git commit --no-verify"</span> <span class="nb">exit </span>1 <span class="k">fi </span><span class="nb">echo</span> <span class="s2">"✅ Pre-commit security scan passed."</span> <span class="nb">exit </span>0 </code></pre> </div> <p>Make it executable:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">chmod</span> +x .git/hooks/pre-commit </code></pre> </div> <p>This catches the patterns that matter for modern stacks: Anthropic keys, Resend, Supabase JWTs, Twilio, cloud IAM keys, embedded database passwords in connection strings, and private key material. If you hit a false positive on a test value, <code>git commit --no-verify</code> skips the hook — but that's a conscious override, not an accident.</p> <h2> The Nuclear Option: Container Isolation </h2> <p>For client work or anything touching production credentials, there's a more drastic approach: don't let <code>.env</code> files exist inside Claude's environment at all.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Replace .env with an empty file at mount time</span> docker run <span class="se">\</span> <span class="nt">-v</span> <span class="s2">"</span><span class="si">$(</span><span class="nb">pwd</span><span class="si">)</span><span class="s2">:/workspace"</span> <span class="se">\</span> <span class="nt">-v</span> /dev/null:/workspace/.env <span class="se">\</span> <span class="nt">-v</span> /dev/null:/workspace/.env.local <span class="se">\</span> <span class="nt">-w</span> /workspace <span class="se">\</span> your-dev-image </code></pre> </div> <p>From Claude's perspective, <code>.env</code> is an empty file. The deny rules still apply. The test environment still runs. But even if something went wrong at every other layer, there's nothing to leak because the file physically contains nothing.</p> <p>This is overkill for personal projects. It's the right call for anything where you're holding someone else's production database password.</p> <h2> The Full Config: Copy, Paste, Done </h2> <p>Here's the complete <code>~/.claude/settings.json</code> that combines everything — allowing normal development operations while blocking secrets and dangerous commands:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"permissions"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"allow"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"Read"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Glob"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Grep"</span><span class="p">,</span><span class="w"> </span><span class="s2">"LS"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Edit"</span><span class="p">,</span><span class="w"> </span><span class="s2">"MultiEdit"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Write(src/**)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Write(tests/**)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Write(docs/**)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Bash(python -m pytest *)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Bash(uv run *)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Bash(poetry run *)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Bash(npm run *)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Bash(npx *)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Bash(git status)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Bash(git diff *)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Bash(git log *)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Bash(git add *)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Bash(git commit *)"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"deny"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"Read(**/.env*)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Read(**/.dev.vars*)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Read(**/*.pem)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Read(**/*.key)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Read(**/*.p12)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Read(**/secrets/**)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Read(**/credentials/**)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Read(**/.aws/**)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Read(**/.ssh/**)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Read(**/config/secrets.toml)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Read(**/config/production.json)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Read(**/.netrc)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Read(**/.pypirc)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Write(**/.env*)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Write(**/secrets/**)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Write(**/.ssh/**)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Write(.github/workflows/**)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Bash(rm -rf *)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Bash(sudo *)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Bash(git push *)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Bash(pip install * --user)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Bash(curl * | bash)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Bash(curl * | sh)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Bash(wget * -O- | sh)"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"defaultMode"</span><span class="p">:</span><span class="w"> </span><span class="s2">"acceptEdits"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>The allow list covers what you actually do day-to-day: reading code, making edits, running tests, checking git status. The deny list covers secrets, sensitive system directories, and shell patterns that could pipe remote code into execution.</p> <h2> The Decision Matrix </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Your situation → What to do ───────────────────────────────────────────────────────────────── Personal projects, no production creds → deny rules in settings.json Team project with shared repo → deny rules + pre-commit hook Running Claude-generated tests often → deny rules + .env.test setup Client work / holding their credentials → All of the above + container isolation CI/CD pipeline with Claude integration → Vault (AWS Secrets Manager, GCP Secret Manager) </code></pre> </div> <h2> Before You Close This Tab: The 6-Point Check </h2> <p>Run through these right now, not after your next session:</p> <ol> <li> <strong><code>~/.claude/settings.json</code> exists</strong> and has deny rules for <code>.env*</code>, <code>*.pem</code>, <code>*.key</code>, and <code>secrets/**</code> </li> <li> <strong><code>.env.test</code> exists</strong> with placeholder values for every key your test suite touches</li> <li> <strong><code>.git/hooks/pre-commit</code> is executable</strong> and scans for credential patterns</li> <li> <strong><code>.env</code> is in <code>.gitignore</code></strong> — if it's not, fix that first</li> <li> <strong>Production credentials live in a vault</strong>, not in a plaintext file anywhere near your project</li> <li> <strong><code>.env</code> files live outside the project directory</strong> when possible — one directory up means they're never inside a Claude scan boundary</li> </ol> <p>If you checked all six: you're in better shape than 95% of Claude Code users. If you checked zero: you're one long debugging session away from your live credentials becoming part of a conversation log you can't delete.</p> <p>The deny rules take five minutes to set up. The pre-commit hook takes another five. That's ten minutes against an unlimited blast radius.</p> <h2> The Bottom Line </h2> <p>Claude Code is genuinely useful. That's not in question. But "useful" and "safe by default" are different things, and right now it leans heavily toward the former.</p> <p>The tooling to make it safe exists — it's just not turned on out of the box. <code>CLAUDE.md</code> instructions feel like security because they're written with security intent. But they're conversation rules, not permission boundaries. One confused model state and they're gone.</p> <p>Deny rules in <code>settings.json</code> are a different category entirely. They're enforced at the system level, before the model sees anything. That's what a real boundary looks like.</p> <p>Set them up once. Run every future session knowing your secrets are actually safe.</p> claude ai vibecoding promptengineering InjectQ: The Modern Python Dependency Injection Library Shudipto Trafder Sun, 17 May 2026 17:19:14 +0000 https://dev.to/shudiptotrafder/injectq-the-modern-python-dependency-injection-library-1gnc https://dev.to/shudiptotrafder/injectq-the-modern-python-dependency-injection-library-1gnc <h3> The Pain of Python Apps (And How InjectQ Fixes It) </h3> <p>Ever built a Python app that started simple but slowly turned into a tangled web of dependencies?<br> Where changing one component breaks another?<br> Where testing becomes painful and dependency management spirals out of control?</p> <p>You’re not alone.</p> <p>Most Python developers eventually hit the same problems:</p> <ul> <li>Tight coupling between components</li> <li>Difficult-to-test business logic</li> <li>Manual dependency wiring everywhere</li> <li>Async code that becomes messy over time</li> </ul> <p>Traditional dependency injection frameworks often make things worse:</p> <ul> <li>Verbose configuration</li> <li>Complex setup</li> <li>Poor async support</li> <li>Too much boilerplate</li> </ul> <p>That’s where <a href="https://10xhub.github.io/injectq?utm_source=chatgpt.com" rel="noopener noreferrer">InjectQ</a> comes in.</p> <p>InjectQ is a lightweight, modern dependency injection library for Python that feels intuitive from day one.<br> It’s as simple as using a dictionary, yet powerful enough for enterprise-grade applications.</p> <p>Built for modern Python:</p> <ul> <li>Async-first</li> <li>Type-safe</li> <li>Thread-safe</li> <li>FastAPI-ready</li> <li>FastMCP-ready</li> <li>Taskiq-ready</li> </ul> <h2> 5-Minute Setup </h2> <p>Install InjectQ:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>injectq </code></pre> </div> <h3> Your First InjectQ App </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">injectq</span> <span class="kn">import</span> <span class="n">InjectQ</span><span class="p">,</span> <span class="n">inject</span><span class="p">,</span> <span class="n">singleton</span> <span class="n">container</span> <span class="o">=</span> <span class="n">InjectQ</span><span class="p">.</span><span class="nf">get_instance</span><span class="p">()</span> <span class="nd">@singleton</span> <span class="k">class</span> <span class="nc">Database</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">DB connected!</span><span class="sh">"</span><span class="p">)</span> <span class="nd">@singleton</span> <span class="k">class</span> <span class="nc">UserService</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">db</span><span class="p">:</span> <span class="n">Database</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">db</span> <span class="o">=</span> <span class="n">db</span> <span class="k">def</span> <span class="nf">get_user</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">user_id</span><span class="p">:</span> <span class="nb">int</span><span class="p">):</span> <span class="k">return</span> <span class="p">{</span> <span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">:</span> <span class="n">user_id</span><span class="p">,</span> <span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Alice</span><span class="sh">"</span><span class="p">,</span> <span class="p">}</span> <span class="nd">@inject</span> <span class="k">def</span> <span class="nf">main</span><span class="p">(</span><span class="n">service</span><span class="p">:</span> <span class="n">UserService</span><span class="p">):</span> <span class="n">user</span> <span class="o">=</span> <span class="n">service</span><span class="p">.</span><span class="nf">get_user</span><span class="p">(</span><span class="mi">1</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">user</span><span class="p">)</span> <span class="k">if</span> <span class="n">__name__</span> <span class="o">==</span> <span class="sh">"</span><span class="s">__main__</span><span class="sh">"</span><span class="p">:</span> <span class="nf">main</span><span class="p">()</span> </code></pre> </div> <h3> Output </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">DB</span> <span class="n">connected</span><span class="err">!</span> <span class="p">{</span><span class="sh">'</span><span class="s">id</span><span class="sh">'</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="sh">'</span><span class="s">name</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">Alice</span><span class="sh">'</span><span class="p">}</span> </code></pre> </div> <p>No manual wiring.<br> No container plumbing.<br> Just clean, testable Python code.</p> <h2> Why InjectQ? </h2> <h3> 1. Dictionary-Simple API </h3> <p>InjectQ keeps dependency management intuitive.</p> <p>Register values, classes, or instances using familiar dictionary syntax:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">injectq</span> <span class="kn">import</span> <span class="n">InjectQ</span> <span class="n">container</span> <span class="o">=</span> <span class="n">InjectQ</span><span class="p">.</span><span class="nf">get_instance</span><span class="p">()</span> <span class="n">container</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="sh">"</span><span class="s">Hello World</span><span class="sh">"</span> <span class="n">container</span><span class="p">[</span><span class="n">Database</span><span class="p">]</span> <span class="o">=</span> <span class="n">Database</span> <span class="n">message</span> <span class="o">=</span> <span class="n">container</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="n">db</span> <span class="o">=</span> <span class="n">container</span><span class="p">[</span><span class="n">Database</span><span class="p">]</span> </code></pre> </div> <p>Perfect for:</p> <ul> <li>Rapid prototyping</li> <li>Config management</li> <li>Lightweight applications</li> <li>Enterprise services</li> </ul> <h2> 2. Automatic Injection with <code>@inject</code> </h2> <p>The <code>@inject</code> decorator resolves dependencies automatically using type hints.</p> <p>Works with:</p> <ul> <li>Functions</li> <li>Class methods</li> <li>Static methods</li> <li>Async functions </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">injectq</span> <span class="kn">import</span> <span class="n">inject</span> <span class="nd">@inject</span> <span class="k">def</span> <span class="nf">process_user</span><span class="p">(</span><span class="n">user_id</span><span class="p">:</span> <span class="nb">int</span><span class="p">,</span> <span class="n">service</span><span class="p">:</span> <span class="n">UserService</span><span class="p">):</span> <span class="k">return</span> <span class="n">service</span><span class="p">.</span><span class="nf">get_user</span><span class="p">(</span><span class="n">user_id</span><span class="p">)</span> <span class="n">result</span> <span class="o">=</span> <span class="nf">process_user</span><span class="p">(</span><span class="mi">123</span><span class="p">)</span> </code></pre> </div> <p>No need to pass <code>service</code> manually.</p> <h2> 3. Lazy Injection with <code>Inject[T]</code> </h2> <p>Need optional or deferred dependencies?</p> <p>Use <code>Inject[T]</code> for lazy resolution.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">injectq</span> <span class="kn">import</span> <span class="n">Inject</span> <span class="k">def</span> <span class="nf">handle_request</span><span class="p">(</span> <span class="n">data</span><span class="p">:</span> <span class="nb">dict</span><span class="p">,</span> <span class="n">service</span><span class="p">:</span> <span class="n">UserService</span> <span class="o">=</span> <span class="n">Inject</span><span class="p">[</span><span class="n">UserService</span><span class="p">],</span> <span class="p">):</span> <span class="k">return</span> <span class="n">service</span><span class="p">.</span><span class="nf">get_user</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">])</span> </code></pre> </div> <p>Dependencies resolve only when accessed.</p> <p>Benefits:</p> <ul> <li>Faster startup time</li> <li>Lower memory usage</li> <li>Cleaner optional dependency handling</li> </ul> <h2> 4. Powerful Factory Support </h2> <p>InjectQ supports runtime-aware factories with mixed injected and manual parameters.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">injectq</span> <span class="kn">import</span> <span class="n">InjectQ</span> <span class="n">container</span> <span class="o">=</span> <span class="n">InjectQ</span><span class="p">.</span><span class="nf">get_instance</span><span class="p">()</span> <span class="k">class</span> <span class="nc">UserHandler</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">db</span><span class="p">:</span> <span class="n">Database</span><span class="p">,</span> <span class="n">user_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">db</span> <span class="o">=</span> <span class="n">db</span> <span class="n">self</span><span class="p">.</span><span class="n">user_id</span> <span class="o">=</span> <span class="n">user_id</span> <span class="k">def</span> <span class="nf">create_handler</span><span class="p">(</span><span class="n">db</span><span class="p">:</span> <span class="n">Database</span><span class="p">,</span> <span class="n">user_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">):</span> <span class="k">return</span> <span class="nc">UserHandler</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">user_id</span><span class="p">)</span> <span class="n">container</span><span class="p">.</span><span class="nf">bind_factory</span><span class="p">(</span><span class="sh">"</span><span class="s">handler</span><span class="sh">"</span><span class="p">,</span> <span class="n">create_handler</span><span class="p">)</span> <span class="n">handler</span> <span class="o">=</span> <span class="n">container</span><span class="p">.</span><span class="nf">invoke</span><span class="p">(</span><span class="sh">"</span><span class="s">handler</span><span class="sh">"</span><span class="p">,</span> <span class="n">user_id</span><span class="o">=</span><span class="sh">"</span><span class="s">alice</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p>Ideal for:</p> <ul> <li>Request-specific objects</li> <li>Multi-tenant systems</li> <li>Background jobs</li> <li>Dynamic runtime construction</li> </ul> <h2> 5. Lifecycle &amp; Scope Control </h2> <p>Control object lifecycles precisely.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">injectq</span> <span class="kn">import</span> <span class="n">singleton</span><span class="p">,</span> <span class="n">scoped</span><span class="p">,</span> <span class="n">transient</span> <span class="nd">@singleton</span> <span class="k">class</span> <span class="nc">DatabasePool</span><span class="p">:</span> <span class="k">pass</span> <span class="nd">@scoped</span><span class="p">(</span><span class="sh">"</span><span class="s">request</span><span class="sh">"</span><span class="p">)</span> <span class="k">class</span> <span class="nc">RequestContext</span><span class="p">:</span> <span class="k">pass</span> <span class="nd">@transient</span> <span class="k">class</span> <span class="nc">Validator</span><span class="p">:</span> <span class="k">pass</span> </code></pre> </div> <h3> Available Scopes </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Scope</th> <th>Behavior</th> </tr> </thead> <tbody> <tr> <td><code>@singleton</code></td> <td>One instance for the entire application</td> </tr> <tr> <td><code>@scoped()</code></td> <td>One instance per scope/context</td> </tr> <tr> <td><code>@transient</code></td> <td>New instance every resolution</td> </tr> </tbody> </table></div> <p>Perfect for:</p> <ul> <li>Database pools</li> <li>Request contexts</li> <li>Per-task resources</li> <li>Stateless utilities</li> </ul> <h2> 6. Async-First by Design </h2> <p>InjectQ was built for modern async Python.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">injectq</span> <span class="kn">import</span> <span class="n">inject</span> <span class="nd">@inject</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">async_task</span><span class="p">(</span><span class="n">service</span><span class="p">:</span> <span class="n">AsyncService</span><span class="p">):</span> <span class="k">return</span> <span class="k">await</span> <span class="n">service</span><span class="p">.</span><span class="nf">process</span><span class="p">()</span> <span class="n">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">async_task</span><span class="p">()</span> </code></pre> </div> <p>Supports:</p> <ul> <li>Async dependency resolution</li> <li>Async factories</li> <li>Async scopes</li> <li>Async frameworks</li> </ul> <p>No hacks. No wrappers. Native async support.</p> <h2> Framework Integrations </h2> <p>InjectQ integrates seamlessly with modern Python frameworks.</p> <h2> FastAPI Integration </h2> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">typing</span> <span class="kn">import</span> <span class="n">Annotated</span> <span class="kn">from</span> <span class="n">fastapi</span> <span class="kn">import</span> <span class="n">FastAPI</span> <span class="kn">from</span> <span class="n">injectq</span> <span class="kn">import</span> <span class="n">InjectQ</span> <span class="kn">from</span> <span class="n">injectq.integrations.fastapi</span> <span class="kn">import</span> <span class="p">(</span> <span class="n">InjectFastAPI</span><span class="p">,</span> <span class="n">setup_fastapi</span><span class="p">,</span> <span class="p">)</span> <span class="n">app</span> <span class="o">=</span> <span class="nc">FastAPI</span><span class="p">()</span> <span class="n">container</span> <span class="o">=</span> <span class="n">InjectQ</span><span class="p">.</span><span class="nf">get_instance</span><span class="p">()</span> <span class="nf">setup_fastapi</span><span class="p">(</span><span class="n">container</span><span class="p">,</span> <span class="n">app</span><span class="p">)</span> <span class="nd">@app.get</span><span class="p">(</span><span class="sh">"</span><span class="s">/users/{user_id}</span><span class="sh">"</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">get_user</span><span class="p">(</span> <span class="n">user_id</span><span class="p">:</span> <span class="nb">int</span><span class="p">,</span> <span class="n">service</span><span class="p">:</span> <span class="n">Annotated</span><span class="p">[</span> <span class="n">UserService</span><span class="p">,</span> <span class="nc">InjectFastAPI</span><span class="p">(</span><span class="n">UserService</span><span class="p">),</span> <span class="p">],</span> <span class="p">):</span> <span class="k">return</span> <span class="n">service</span><span class="p">.</span><span class="nf">get_user</span><span class="p">(</span><span class="n">user_id</span><span class="p">)</span> </code></pre> </div> <p>Features:</p> <ul> <li>Request-scoped dependencies</li> <li>Type-safe injection</li> <li>Async-native support</li> <li>Clean route handlers</li> </ul> <h2> Taskiq Integration </h2> <p>Background job processing becomes clean and maintainable.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">typing</span> <span class="kn">import</span> <span class="n">Annotated</span> <span class="kn">from</span> <span class="n">taskiq</span> <span class="kn">import</span> <span class="n">InMemoryBroker</span> <span class="kn">from</span> <span class="n">injectq.integrations.taskiq</span> <span class="kn">import</span> <span class="p">(</span> <span class="n">InjectTaskiq</span><span class="p">,</span> <span class="n">setup_taskiq</span><span class="p">,</span> <span class="p">)</span> <span class="n">broker</span> <span class="o">=</span> <span class="nc">InMemoryBroker</span><span class="p">()</span> <span class="nf">setup_taskiq</span><span class="p">(</span><span class="n">container</span><span class="p">,</span> <span class="n">broker</span><span class="p">)</span> <span class="nd">@broker.task</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">process_order</span><span class="p">(</span> <span class="n">order_id</span><span class="p">:</span> <span class="nb">int</span><span class="p">,</span> <span class="n">service</span><span class="p">:</span> <span class="n">Annotated</span><span class="p">[</span> <span class="n">OrderService</span><span class="p">,</span> <span class="nc">InjectTaskiq</span><span class="p">(</span><span class="n">OrderService</span><span class="p">),</span> <span class="p">],</span> <span class="p">):</span> <span class="k">return</span> <span class="k">await</span> <span class="n">service</span><span class="p">.</span><span class="nf">process</span><span class="p">(</span><span class="n">order_id</span><span class="p">)</span> </code></pre> </div> <p>Perfect for:</p> <ul> <li>Async workers</li> <li>Distributed tasks</li> <li>Queue processing</li> <li>Event-driven systems</li> </ul> <h2> FastMCP Integration </h2> <p>Build clean, dependency-injected MCP servers effortlessly.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">typing</span> <span class="kn">import</span> <span class="n">Annotated</span> <span class="kn">from</span> <span class="n">fastmcp</span> <span class="kn">import</span> <span class="n">FastMCP</span> <span class="kn">from</span> <span class="n">injectq</span> <span class="kn">import</span> <span class="n">InjectQ</span> <span class="kn">from</span> <span class="n">injectq.integrations.fastmcp</span> <span class="kn">import</span> <span class="p">(</span> <span class="n">InjectFastMCP</span><span class="p">,</span> <span class="n">setup_fastmcp</span><span class="p">,</span> <span class="p">)</span> <span class="n">mcp</span> <span class="o">=</span> <span class="nc">FastMCP</span><span class="p">(</span><span class="sh">"</span><span class="s">example-server</span><span class="sh">"</span><span class="p">)</span> <span class="n">container</span> <span class="o">=</span> <span class="n">InjectQ</span><span class="p">.</span><span class="nf">get_instance</span><span class="p">()</span> <span class="nf">setup_fastmcp</span><span class="p">(</span><span class="n">container</span><span class="p">,</span> <span class="n">mcp</span><span class="p">)</span> <span class="nd">@mcp.tool</span><span class="p">()</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">get_user</span><span class="p">(</span> <span class="n">user_id</span><span class="p">:</span> <span class="nb">int</span><span class="p">,</span> <span class="n">service</span><span class="p">:</span> <span class="n">Annotated</span><span class="p">[</span> <span class="n">UserService</span><span class="p">,</span> <span class="nc">InjectFastMCP</span><span class="p">(</span><span class="n">UserService</span><span class="p">),</span> <span class="p">],</span> <span class="p">):</span> <span class="k">return</span> <span class="n">service</span><span class="p">.</span><span class="nf">get_user</span><span class="p">(</span><span class="n">user_id</span><span class="p">)</span> </code></pre> </div> <p>Ideal for:</p> <ul> <li>AI tools</li> <li>MCP servers</li> <li>Agent platforms</li> <li>LLM applications</li> </ul> <h2> Performance That Impresses </h2> <p>InjectQ is designed for speed.</p> <h3> Benchmarks </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Metric</th> <th>Performance</th> </tr> </thead> <tbody> <tr> <td>Dependency Resolution</td> <td>~1µs</td> </tr> <tr> <td>10-Service Web Request</td> <td>~142µs</td> </tr> <tr> <td>DI Throughput</td> <td>7,000+ req/sec</td> </tr> </tbody> </table></div> <p>Even deep dependency trees resolve extremely fast.</p> <p>Built with:</p> <ul> <li>Thread safety</li> <li>Zero unnecessary locks</li> <li>Optimized async execution</li> <li>Minimal overhead</li> </ul> <h2> Why Developers Choose InjectQ </h2> <ul> <li>Simple and intuitive API</li> <li>Async-first architecture</li> <li>Excellent performance</li> <li>Type-safe dependency injection</li> <li>Lightweight and minimal</li> <li>Production-ready scopes</li> <li>FastAPI integration</li> <li>Taskiq integration</li> <li>FastMCP integration</li> <li>Enterprise-friendly design</li> </ul> <p>Whether you're building:</p> <ul> <li>Scripts</li> <li>APIs</li> <li>Background workers</li> <li>MCP servers</li> <li>Enterprise systems</li> </ul> <p>InjectQ scales with your application.</p> <h2> Get Started </h2> <p>Install:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>injectq </code></pre> </div> <p>Documentation:</p> <p><a href="https://10xhub.github.io/injectq?utm_source=chatgpt.com" rel="noopener noreferrer">InjectQ Docs</a></p> <p>GitHub Repository:</p> <p><a href="https://github.com/10XScale-in/injectq?utm_source=chatgpt.com" rel="noopener noreferrer">InjectQ GitHub</a></p> <p>Start building cleaner, faster, and more maintainable Python applications with InjectQ.</p> python dependencyinjection fastapi fastmcp AgentFlow — From Agent Code to Production API in Minutes Shudipto Trafder Sun, 03 May 2026 17:09:58 +0000 https://dev.to/10xscale/agentflow-from-agent-code-to-production-api-in-minutes-p3e https://dev.to/10xscale/agentflow-from-agent-code-to-production-api-in-minutes-p3e <h2> AgentFlow — The Python Framework for Production AI Agents </h2> <blockquote> <p><strong>Stop rebuilding the same agent infrastructure. AgentFlow gives you auth, streaming, persistence, and a React frontend — out of the box.</strong></p> </blockquote> <p>AgentFlow (<code>10xscale-agentflow</code> on PyPI) is an open-source Python framework for building and deploying multi-agent AI systems. Write your agent graph once. Run it locally. Ship it to production without rewriting your backend.</p> <p>Built by <a href="https://10xscale.ai/" rel="noopener noreferrer">10xScale</a>. MIT licensed. No vendor lock-in.</p> <h2> Why AgentFlow? </h2> <p>Most agent frameworks stop at the prototype. You get a cute demo, then spend weeks bolting on auth, rate limiting, persistence, and a frontend. AgentFlow is built for what comes after the demo.</p> <p><strong>One framework. From first <code>pip install</code> to production Docker deploy.</strong></p> <h2> 🔗 Links </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Resource</th> <th>URL</th> </tr> </thead> <tbody> <tr> <td>Core Python Library</td> <td><a href="https://github.com/10xHub/Agentflow" rel="noopener noreferrer">github.com/10xHub/Agentflow</a></td> </tr> <tr> <td>API &amp; CLI</td> <td><a href="https://github.com/10xHub/agentflow-cli" rel="noopener noreferrer">github.com/10xHub/agentflow-cli</a></td> </tr> <tr> <td>Documentation</td> <td><a href="https://10xhub.github.io/agentflow-docs" rel="noopener noreferrer">10xhub.github.io/agentflow-docs</a></td> </tr> <tr> <td>PyPI — Core</td> <td><a href="https://pypi.org/project/10xscale-agentflow/" rel="noopener noreferrer">pypi.org/project/10xscale-agentflow</a></td> </tr> <tr> <td>PyPI — CLI</td> <td><a href="https://pypi.org/project/10xscale-agentflow-cli/" rel="noopener noreferrer">pypi.org/project/10xscale-agentflow-cli</a></td> </tr> </tbody> </table></div> <h2> The Full Stack </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>agentflow → Core Python orchestration engine agentflow-cli → FastAPI server + CLI tooling agentflow-client → TypeScript/React SDK (@10xscale/agentflow-client) agentflow-playground → Hosted UI for testing agents </code></pre> </div> <p>Use any layer alone. Use them together for a complete AI product stack — from LLM call to browser UI — without stitching four different libraries together.</p> <h2> Get Running in 60 Seconds </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>10xscale-agentflow-cli agentflow init <span class="c"># scaffold a new project</span> agentflow api <span class="c"># start the dev server</span> agentflow play <span class="c"># open the playground UI</span> </code></pre> </div> <p>That's it. Your agent is running, streamed, and explorable in under a minute.</p> <h2> What You Get </h2> <h3> Graph-Based Agent Orchestration </h3> <p>AgentFlow uses a <code>StateGraph</code> — directed nodes, conditional edges, and full control over execution flow. No black boxes. No magic routing you can't debug.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">agentflow.graph</span> <span class="kn">import</span> <span class="n">Agent</span><span class="p">,</span> <span class="n">StateGraph</span><span class="p">,</span> <span class="n">ToolNode</span> <span class="kn">from</span> <span class="n">agentflow.state</span> <span class="kn">import</span> <span class="n">AgentState</span><span class="p">,</span> <span class="n">Message</span> <span class="kn">from</span> <span class="n">agentflow.utils.constants</span> <span class="kn">import</span> <span class="n">END</span> <span class="k">def</span> <span class="nf">get_weather</span><span class="p">(</span><span class="n">location</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Get weather for a location.</span><span class="sh">"""</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"</span><span class="s">The weather in </span><span class="si">{</span><span class="n">location</span><span class="si">}</span><span class="s"> is sunny, 72°F</span><span class="sh">"</span> <span class="n">graph</span> <span class="o">=</span> <span class="nc">StateGraph</span><span class="p">()</span> <span class="n">graph</span><span class="p">.</span><span class="nf">add_node</span><span class="p">(</span><span class="sh">"</span><span class="s">MAIN</span><span class="sh">"</span><span class="p">,</span> <span class="nc">Agent</span><span class="p">(</span> <span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">gemini/gemini-2.5-flash</span><span class="sh">"</span><span class="p">,</span> <span class="n">system_prompt</span><span class="o">=</span><span class="p">[{</span><span class="sh">"</span><span class="s">role</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">system</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">You are a helpful assistant.</span><span class="sh">"</span><span class="p">}],</span> <span class="n">tool_node_name</span><span class="o">=</span><span class="sh">"</span><span class="s">TOOL</span><span class="sh">"</span> <span class="p">))</span> <span class="n">graph</span><span class="p">.</span><span class="nf">add_node</span><span class="p">(</span><span class="sh">"</span><span class="s">TOOL</span><span class="sh">"</span><span class="p">,</span> <span class="nc">ToolNode</span><span class="p">([</span><span class="n">get_weather</span><span class="p">]))</span> <span class="k">def</span> <span class="nf">route</span><span class="p">(</span><span class="n">state</span><span class="p">:</span> <span class="n">AgentState</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="k">if</span> <span class="n">state</span><span class="p">.</span><span class="n">context</span> <span class="ow">and</span> <span class="n">state</span><span class="p">.</span><span class="n">context</span><span class="p">[</span><span class="o">-</span><span class="mi">1</span><span class="p">].</span><span class="n">tools_calls</span><span class="p">:</span> <span class="k">return</span> <span class="sh">"</span><span class="s">TOOL</span><span class="sh">"</span> <span class="k">return</span> <span class="n">END</span> <span class="n">graph</span><span class="p">.</span><span class="nf">add_conditional_edges</span><span class="p">(</span><span class="sh">"</span><span class="s">MAIN</span><span class="sh">"</span><span class="p">,</span> <span class="n">route</span><span class="p">,</span> <span class="p">{</span><span class="sh">"</span><span class="s">TOOL</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">TOOL</span><span class="sh">"</span><span class="p">,</span> <span class="n">END</span><span class="p">:</span> <span class="n">END</span><span class="p">})</span> <span class="n">graph</span><span class="p">.</span><span class="nf">add_edge</span><span class="p">(</span><span class="sh">"</span><span class="s">TOOL</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">MAIN</span><span class="sh">"</span><span class="p">)</span> <span class="n">graph</span><span class="p">.</span><span class="nf">set_entry_point</span><span class="p">(</span><span class="sh">"</span><span class="s">MAIN</span><span class="sh">"</span><span class="p">)</span> <span class="n">app</span> <span class="o">=</span> <span class="n">graph</span><span class="p">.</span><span class="nf">compile</span><span class="p">()</span> <span class="n">result</span> <span class="o">=</span> <span class="n">app</span><span class="p">.</span><span class="nf">invoke</span><span class="p">(</span> <span class="p">{</span><span class="sh">"</span><span class="s">messages</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span><span class="n">Message</span><span class="p">.</span><span class="nf">text_message</span><span class="p">(</span><span class="sh">"</span><span class="s">Weather in NYC?</span><span class="sh">"</span><span class="p">)]},</span> <span class="n">config</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">thread_id</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">1</span><span class="sh">"</span><span class="p">}</span> <span class="p">)</span> </code></pre> </div> <p>Stateful. Tool-calling. Under 30 lines.</p> <h3> LLM-Agnostic </h3> <p>Pass the model string. AgentFlow routes it.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Provider</th> <th>Package</th> </tr> </thead> <tbody> <tr> <td>OpenAI (GPT-4o, o3, etc.)</td> <td><code>pip install openai</code></td> </tr> <tr> <td>Google Gemini + Vertex AI</td> <td><code>pip install google-genai</code></td> </tr> <tr> <td>Anthropic Claude</td> <td> <code>pip install anthropic</code> <em>(coming soon)</em> </td> </tr> </tbody> </table></div> <p>No provider-specific abstractions to learn. Swap models without touching your agent logic.</p> <h3> Parallel Tool Execution — Automatic </h3> <p>When an LLM calls multiple tools at once, AgentFlow runs them concurrently. No config required.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Other frameworks: 1.0s + 1.5s + 0.8s = 3.3s AgentFlow: max(1.0s, 1.5s, 0.8s) = 1.5s ⚡ 2.2x faster </code></pre> </div> <h3> Production Memory — Three Layers </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Working Memory → Current execution state (AgentState) Session Memory → Redis (hot) + PostgreSQL (durable) checkpointer Knowledge Memory → Qdrant vector store + Mem0 semantic recall </code></pre> </div> <p>Redis keeps hot conversation state fast. PostgreSQL keeps it durable and horizontally scalable. Both run together — you don't pick one.</p> <h3> Streaming </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">stream_gen</span> <span class="o">=</span> <span class="n">app</span><span class="p">.</span><span class="nf">astream</span><span class="p">(</span> <span class="n">inp</span><span class="p">,</span> <span class="n">config</span><span class="o">=</span><span class="n">config</span><span class="p">,</span> <span class="n">response_granularity</span><span class="o">=</span><span class="n">ResponseGranularity</span><span class="p">.</span><span class="n">LOW</span><span class="p">,</span> <span class="p">)</span> <span class="k">async</span> <span class="k">for</span> <span class="n">chunk</span> <span class="ow">in</span> <span class="n">stream_gen</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="n">chunk</span><span class="p">.</span><span class="nf">model_dump</span><span class="p">())</span> </code></pre> </div> <p>Three granularity levels: token-by-token (ChatGPT-style), message-by-message, or node-by-node graph traces. Your frontend decides what to show.</p> <h3> Auth and Security — Built In, Not Bolted On </h3> <blockquote> <p><strong>Most frameworks leave auth as an exercise for the reader. AgentFlow ships it.</strong><br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"auth"</span><span class="p">:</span><span class="w"> </span><span class="s2">"jwt"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"auth"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"auth"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"method"</span><span class="p">:</span><span class="w"> </span><span class="s2">"custom"</span><span class="p">,</span><span class="w"> </span><span class="nl">"path"</span><span class="p">:</span><span class="w"> </span><span class="s2">"auth.my_backend:MyAuth"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>One line in <code>agentflow.json</code>. Switch from dev to production auth without touching your graph code.</p> <p>Security features included:</p> <ul> <li>JWT authentication with configurable secrets</li> <li>Custom auth backends for OAuth2, API keys, and sessions</li> <li>Role-Based Access Control (RBAC)</li> <li>Sliding-window rate limiting (memory or Redis backends)</li> <li>Configurable request size limits (DoS protection, default 10 MB)</li> <li>Auto-redaction of tokens and secrets from logs</li> <li>Startup validation — warns about insecure CORS and debug mode before you accidentally deploy them</li> </ul> <h3> Lifecycle Callbacks </h3> <p>Hook into every layer of execution — before and after each LLM call, tool call, or MCP invocation. Hook into the graph itself for start, end, checkpoint, interrupt, resume, and error events.</p> <p>Use them for audit logs, billing meters, policy enforcement, prompt-injection checks, or any business logic that shouldn't live inside the prompt.</p> <h3> The CLI </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>agentflow init <span class="c"># scaffold project + config</span> agentflow api <span class="c"># dev server with auto-reload</span> agentflow play <span class="c"># open playground against local backend</span> agentflow build <span class="nt">--docker-compose</span> <span class="c"># generate Dockerfile + compose</span> </code></pre> </div> <p>Auto-generated FastAPI endpoints:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Endpoint</th> <th>Method</th> </tr> </thead> <tbody> <tr> <td><code>/invoke</code></td> <td>POST — synchronous agent call</td> </tr> <tr> <td><code>/stream</code></td> <td>POST — streaming agent call</td> </tr> <tr> <td><code>/threads</code></td> <td>GET — list conversation threads</td> </tr> <tr> <td><code>/threads/{id}</code></td> <td>GET — fetch thread history</td> </tr> <tr> <td><code>/threads/{id}</code></td> <td>DELETE — delete thread</td> </tr> </tbody> </table></div> <p>Your agent graph becomes a production API. No FastAPI boilerplate to write.</p> <h3> Dependency Injection with InjectQ </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">agentflow.utils</span> <span class="kn">import</span> <span class="n">tool</span> <span class="nd">@tool</span><span class="p">(</span><span class="n">tags</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">weather</span><span class="sh">"</span><span class="p">])</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">get_weather</span><span class="p">(</span><span class="n">location</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">user_id</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="nc">Inject</span><span class="p">(</span><span class="n">UserService</span><span class="p">))</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Get weather for a location.</span><span class="sh">"""</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Weather for user </span><span class="si">{</span><span class="n">user_id</span><span class="si">}</span><span class="s"> in </span><span class="si">{</span><span class="n">location</span><span class="si">}</span><span class="s">: sunny</span><span class="sh">"</span> </code></pre> </div> <p>Clean tools. Testable tools. Per-request context without global state.</p> <h3> Human-in-the-Loop </h3> <p>Pause execution mid-graph. Inject a human decision. Resume with full state intact. No re-running prior steps.</p> <p>Approval workflows, moderation gates, interactive debugging — all supported without custom state management.</p> <h3> Event Publishing </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Publisher</th> <th>Use Case</th> </tr> </thead> <tbody> <tr> <td>Redis Pub/Sub</td> <td>Lightweight in-process distribution</td> </tr> <tr> <td>Kafka</td> <td>High-volume event streaming</td> </tr> <tr> <td>RabbitMQ</td> <td>Reliable queuing, distributed systems</td> </tr> <tr> <td>Console</td> <td>Local debugging</td> </tr> <tr> <td>Custom</td> <td>Any backend you want</td> </tr> </tbody> </table></div> <h3> React/TypeScript Client SDK </h3> <p><code>@10xscale/agentflow-client</code> gives you React hooks (<code>useAgent</code>, <code>useStream</code>, <code>useThreads</code>), token-level streaming for ChatGPT-style UIs, and client-side tool execution. The frontend talks to your AgentFlow API without custom integration code.</p> <h2> Feature Comparison </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Feature</th> <th><strong>AgentFlow</strong></th> <th>LangGraph</th> <th>CrewAI</th> <th>AutoGen</th> </tr> </thead> <tbody> <tr> <td>Architecture</td> <td>Graph</td> <td>Graph</td> <td>Role-Based</td> <td>Conversational</td> </tr> <tr> <td>Full Stack (Backend + Frontend SDK)</td> <td>✅</td> <td>❌</td> <td>❌</td> <td>❌</td> </tr> <tr> <td>Parallel Tool Execution</td> <td>✅ Auto</td> <td>⚠️ Config</td> <td>❌</td> <td>❌</td> </tr> <tr> <td>Persistence</td> <td>✅ Redis + Postgres</td> <td>⚠️ Postgres/SQLite</td> <td>⚠️ Local</td> <td>⚠️ Local</td> </tr> <tr> <td>Dependency Injection</td> <td>✅ Native</td> <td>❌</td> <td>❌</td> <td>❌</td> </tr> <tr> <td>CLI + Docker Deployment</td> <td>✅ One command</td> <td>❌</td> <td>❌</td> <td>❌</td> </tr> <tr> <td>Auth Built-In</td> <td>✅ JWT + Custom</td> <td>❌</td> <td>❌</td> <td>❌</td> </tr> <tr> <td>Rate Limiting</td> <td>✅ Memory + Redis</td> <td>❌</td> <td>❌</td> <td>❌</td> </tr> <tr> <td>Lifecycle Callbacks</td> <td>✅ Full</td> <td>⚠️ Manual</td> <td>❌</td> <td>⚠️ Manual</td> </tr> <tr> <td>MCP Support</td> <td>✅ Native</td> <td>⚠️ Partial</td> <td>❌</td> <td>❌</td> </tr> <tr> <td>Event Publishing</td> <td>✅ Kafka/Redis/AMQP</td> <td>❌</td> <td>❌</td> <td>❌</td> </tr> <tr> <td>Open Source (MIT)</td> <td>✅</td> <td>✅</td> <td>✅</td> <td>✅</td> </tr> </tbody> </table></div> <h2> Installation </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Core library</span> pip <span class="nb">install </span>10xscale-agentflow <span class="c"># Full CLI + API server</span> pip <span class="nb">install </span>10xscale-agentflow-cli </code></pre> </div> <p>Optional extras:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>10xscale-agentflow[pg_checkpoint] <span class="c"># PostgreSQL + Redis persistence</span> pip <span class="nb">install </span>10xscale-agentflow[mcp] <span class="c"># Model Context Protocol</span> pip <span class="nb">install </span>10xscale-agentflow[google-genai] <span class="c"># Google GenAI adapter</span> pip <span class="nb">install </span>10xscale-agentflow[kafka] <span class="c"># Kafka event publishing</span> pip <span class="nb">install </span>10xscale-agentflow[redis] <span class="c"># Redis publisher + rate limiting</span> </code></pre> </div> <h2> Current Version </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Package</th> <th>Version</th> </tr> </thead> <tbody> <tr> <td> <code>10xscale-agentflow</code> (core)</td> <td><strong>v0.7.4</strong></td> </tr> <tr> <td><code>10xscale-agentflow-cli</code></td> <td><strong>v0.3.2</strong></td> </tr> </tbody> </table></div> <p><strong>Added in v0.7.x:</strong> multimodal support (images, audio, video), extended reasoning / chain-of-thought, 3-layer memory, callback and lifecycle hooks, agent skills, Vertex AI support, structured Pydantic outputs.</p> <h2> Roadmap </h2> <ul> <li>✅ Graph engine with nodes, edges, and conditional routing</li> <li>✅ Redis + PostgreSQL state checkpointing</li> <li>✅ Tool integration — local Python, MCP, optional adapters</li> <li>✅ Parallel tool execution</li> <li>✅ Lifecycle callbacks and graph hooks</li> <li>✅ Streaming + event publishing</li> <li>✅ Human-in-the-loop</li> <li>✅ Multimodal agents</li> <li>🚧 Remote node execution for distributed processing</li> <li>🚧 OpenTelemetry tracing</li> <li>🚧 More persistence backends (DynamoDB, etc.)</li> <li>🚧 Visual graph editor</li> </ul> <h2> Privacy and Licensing </h2> <ul> <li> <strong>MIT License</strong> — use freely in commercial products</li> <li> <strong>No data collection</strong> — your conversations and agent data stay on your infrastructure</li> <li> <strong>No per-call billing</strong> — you pay for your LLM API and infra, not our licensing</li> <li> <strong>Deploy anywhere</strong> — Docker, Kubernetes, AWS ECS, Cloud Run, Azure, Heroku</li> </ul> <h2> Links </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td>Core Library</td> <td><a href="https://github.com/10xHub/Agentflow" rel="noopener noreferrer">https://github.com/10xHub/Agentflow</a></td> </tr> <tr> <td>API &amp; CLI</td> <td><a href="https://github.com/10xHub/agentflow-cli" rel="noopener noreferrer">https://github.com/10xHub/agentflow-cli</a></td> </tr> <tr> <td>Documentation</td> <td><a href="https://10xhub.github.io/agentflow-docs" rel="noopener noreferrer">https://10xhub.github.io/agentflow-docs</a></td> </tr> <tr> <td>PyPI Core</td> <td><a href="https://pypi.org/project/10xscale-agentflow/" rel="noopener noreferrer">https://pypi.org/project/10xscale-agentflow/</a></td> </tr> <tr> <td>PyPI CLI</td> <td><a href="https://pypi.org/project/10xscale-agentflow-cli/" rel="noopener noreferrer">https://pypi.org/project/10xscale-agentflow-cli/</a></td> </tr> <tr> <td>Issues &amp; Requests</td> <td><a href="https://github.com/10xHub/Agentflow/issues" rel="noopener noreferrer">https://github.com/10xHub/Agentflow/issues</a></td> </tr> <tr> <td>Discussions</td> <td><a href="https://github.com/10xHub/Agentflow/discussions" rel="noopener noreferrer">https://github.com/10xHub/Agentflow/discussions</a></td> </tr> </tbody> </table></div> <p><em>Built by <a href="https://10xscale.ai/" rel="noopener noreferrer">10xScale</a> and the community. MIT licensed.</em></p> ai agents opensource langgraph TOON for LLMs: A Benchmark Performance Analysis Shudipto Trafder Sat, 27 Dec 2025 15:36:50 +0000 https://dev.to/shudiptotrafder/toon-for-llms-a-comparative-performance-analysis-against-json-52am https://dev.to/shudiptotrafder/toon-for-llms-a-comparative-performance-analysis-against-json-52am <p>Every API call you make with JSON is costing you more than you think.</p> <p>I ran real-world extractions using Gemini 2.5 Flash, and the results were startling: JSON consistently used 30–40% more output tokens than TOON format. In one test, JSON consumed 471 output tokens while TOON used just 227 — a 51% reduction.</p> <p>But here’s where it gets interesting: <strong>TOON initially failed 70% of the time.</strong></p> <p>After optimization, I achieved 100% parsing success and discovered something counterintuitive — it uses more prompt tokens, with TOON actually saves you money overall. When I tested structured outputs with Pydantic models, JSON required 389 output tokens versus TOON’s simpler encoding.</p> <p>The hidden goldmine? <strong>Tool/function calling.</strong> That’s where TOON’s compact format shines brightest, slashing token costs in agentic workflows where responses become the next prompt.</p> <p>This isn’t theoretical. I’m sharing the actual prompts, parsing errors, token counts, and code that took TOON from a 70% failure rate to production-ready. Whether TOON beats JSON depends on your use case — and I have the data to prove exactly when.</p> <p>Let’s break down the numbers.</p> <h2> Experiment #1: The Initial TOON Failure (70% Success Rate) </h2> <p>I started with what seemed like a straightforward test: extracting structured job description data using TOON instead of JSON.</p> <h3> The Setup: </h3> <p>My prompt was simple — ask Gemini 2.5 Flash to extract role, skills, experience, location, and responsibilities from a job posting. For the output format, I did what seemed logical: I showed TOON’s encoded structure using the actual output format (essentially a drop-in replacement approach).</p> <p><strong>Prompt:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Extract Role, Primary Skills, Secondary Skills, Minimum Experience, Maximum Experience, Location, Employment Type, Summary, and Responsibilities Job Description: &lt;JD Text&gt; Output in TOON format: Role: "" "Primary Skills"[2]: Python,JavaScript "Secondary Skills"[2]: Responsibility,Communication "Minimum Experience": "" "Maximum Experience": "" Location: "" "Employment Type": "" Summary: "" Responsibilities[2]: Task A,Task B </code></pre> </div> <p>Here's what I suspected would work: By showing the encoded format with empty strings and generic placeholders, the model would understand the structure.</p> <p><strong>Reality check: 70% failure rate.</strong><br> The errors were telling:</p> <ul> <li><code>Error parsing TOON format for JD#2: Expected 10 values, but got 16</code></li> <li><code>Error parsing TOON format for JD#5: Missing colon after key</code></li> </ul> <p>The model was confused about arrays. Sometimes it outputs <code>Skills: Python, JavaScript, React</code> as a flat string. Other times, it attempted brackets but malformed the syntax.</p> <p><strong>The hypothesis:</strong> Maybe showing encoded/empty examples was the problem. The model needed to see real data patterns, especially for arrays.</p> <h3> Token Usage (Failed Attempts, 70% Success Rate): </h3> <ul> <li> <strong>Prompt:</strong> 729 tokens</li> <li> <strong>Output:</strong> 227 tokens</li> <li> <strong>Success Rate:</strong> ~30% initially, improved to 70% after adding two real examples with populated arrays</li> </ul> <h3> Json Token Usages: </h3> <ul> <li> <strong>Prompt:</strong> 723 tokens</li> <li> <strong>Output:</strong> 471 tokens</li> </ul> <p><strong>Key Insight:</strong><br> TOON's compact syntax is unforgiving. JSON has redundancy (<code>{"key": "value"}</code>) that helps models self-correct. TOON's <code>Key: value</code> format offers no such safety net. The model needed concrete examples, not abstract templates.</p> <p>But 70% wasn't good enough for production. Time to fix this properly.</p> <h2> Experiment #2: Achieving 100% Parsing Success (And the Token Trade-off) </h2> <p>I needed to fix the 70% success rate. The solution? Stop being minimalist with examples.</p> <p>Instead of showing encoded/empty structures, I gave the model a complete, realistic example with proper TOON formatting — especially for arrays.</p> <h3> The Revised Prompt: </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Extract Role, Primary Skills, Secondary Skills, Minimum Experience, Maximum Experience, Location, Employment Type, Summary, and Responsibilities Job Description: &lt;JD Text&gt; Output in TOON format. Example structure: Role: "Senior Data Scientist" Primary_Skills: [1]: "Machine Learning" [2]: "Statistical Analysis" Secondary_Skills: [0]: "Big Data" [1]: "Cloud Platforms" Minimum_Experience: "5 years" Maximum_Experience: "10 years" Location: "New York, NY or Remote" Employment_Type: "Full-time" Summary: "Lead data science initiatives" Responsibilities: [0]: "Design ML models" [1]: "Analyze datasets" Now provide the extraction in TOON format. Keep the format exactly as shown above. </code></pre> </div> <p><strong>Result:</strong> 100% parsing. No more malformed arrays. No more missing colons.</p> <p>But here's the catch—the prompt got heavier.</p> <h3> The Token Comparison: TOON vs JSON </h3> <p>Let me show you the actual numbers across the same 10 job descriptions:</p> <p><strong>JSON Approach: Token Usage</strong></p> <ul> <li> <strong>Prompt tokens:</strong> 723</li> <li> <strong>Output tokens:</strong> 471</li> <li> <strong>Success rate:</strong> 100% (JSON is forgiving)</li> </ul> <p><strong>TOON Approach (Initial — 70% success)</strong></p> <ul> <li> <strong>Prompt tokens:</strong> 729</li> <li> <strong>Output tokens:</strong> 227 ✅ (51.8% reduction vs JSON)</li> <li> <strong>Total:</strong> 956 tokens (saves 238 tokens per request)</li> <li> <strong>Success rate:</strong> 70% ❌</li> </ul> <p><strong>TOON Approach (Optimized — 100% success)</strong></p> <ul> <li> <strong>Prompt tokens:</strong> 802 ❌ (+11% vs JSON)</li> <li> <strong>Output tokens:</strong> 455 ✅ (3.4% reduction vs JSON)</li> <li> <strong>Success rate:</strong> 100% ✅</li> </ul> <h2> The Uncomfortable Truth </h2> <p>For basic extraction tasks, optimized TOON costs MORE than JSON.</p> <p>Yes, the output is slightly more compact (455 vs 471 tokens), but the verbose prompting needed to achieve 100% reliability completely erases any savings. In fact, you’re paying 5% more per request.</p> <p>So why am I still testing TOON?</p> <p>Because this experiment revealed something crucial: the baseline comparison is misleading. Real-world LLM applications don’t just extract data once — they use structured outputs for:</p> <ol> <li> Pydantic model validation (native SDK support)</li> <li> Tool/function calling (where output becomes input)</li> <li> Multi-turn agentic workflows (repeated serialization)</li> </ol> <p>That’s where the math changes completely. Let me show you.</p> <h2> Experiment #3: Pydantic Models — Where the SDK Does the Heavy Lifting </h2> <p>Here’s where things get interesting. Modern LLM SDKs have first-class support for structured outputs using Pydantic models. Instead of prompt engineering, you define a schema and let the SDK handle formatting.</p> <p>The key difference: You don’t need to explain the output format in your prompt — the SDK extracts it from your Pydantic model automatically.</p> <h3> The Setup: Google’s GenAI SDK </h3> <p>I used the same job extraction task, but this time with a Pydantic model:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">response</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="n">models</span><span class="p">.</span><span class="nf">generate_content</span><span class="p">(</span> <span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">gemini-2.5-flash</span><span class="sh">"</span><span class="p">,</span> <span class="n">contents</span><span class="o">=</span><span class="n">prompt</span><span class="p">,</span> <span class="n">config</span><span class="o">=</span><span class="p">{</span> <span class="sh">"</span><span class="s">response_mime_type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">application/json</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">response_schema</span><span class="sh">"</span><span class="p">:</span> <span class="n">JobModel</span><span class="p">,</span> <span class="p">},</span> <span class="p">)</span> </code></pre> </div> <p>Notice what’s missing: No output format instructions. No examples. No “Output as JSON with these exact keys.”</p> <p><strong>Become a member</strong><br> The SDK injects the schema behind the scenes.</p> <h3> Token Comparison: Pydantic JSON vs Manual TOON </h3> <p><strong>Pydantic + JSON (SDK-Managed)</strong></p> <ul> <li> <strong>Prompt tokens:</strong> 647 ✅ (19.3% less than optimized TOON)</li> <li> <strong>Output tokens:</strong> 389 ✅ (14.5% less than optimized TOON)</li> <li> <strong>Success rate:</strong> 100% ✅</li> <li> <strong>Parsing:</strong> Native (SDK returns typed Python objects)</li> </ul> <p><strong>Manual TOON (From Experiment #2)</strong></p> <ul> <li> <strong>Prompt tokens:</strong> 802 ❌</li> <li> <strong>Output tokens:</strong> 455 ❌</li> <li> <strong>Success rate:</strong> 100% ✅</li> <li> <strong>Parsing:</strong> Custom (you write the parser)</li> </ul> <h3> The Brutal Takeaway </h3> <p>For structured extraction with strong SDK support, Pydantic really shines. Native Pydantic integration delivers:</p> <ul> <li> ✅ Cleaner prompts (~155 fewer prompt tokens)</li> <li> ✅ Smaller outputs (~66 fewer output tokens)</li> <li> ✅ No custom parsing logic</li> <li> ✅ Built-in type validation</li> <li> ✅ Parsed objects returned directly, ready to use</li> <li> ✅ A much smoother developer experience</li> </ul> <p>Because of this, I’ll increasingly rely on Pydantic and native parsing support for structured extraction. It’s simply more reliable and maintainable than handling parsing and validation manually.</p> <p>That said, there’s one scenario where JSON’s verbosity becomes a genuine liability: tool calling in agentic workflows.<br> That’s where TOON finally proves its worth.</p> <h2> Experiment #4: Tool Calling — Where TOON Finally Wins </h2> <p>This is where everything clicked.</p> <p>In agentic workflows, your LLM doesn’t just extract data once — it calls tools, receives results, and uses those results to reason further. The tool’s response becomes part of the next prompt. And if that response is bloated with JSON syntax, you’re paying for it twice: once as output, once as input.</p> <p>The insight: Tool results are pure token waste. The model doesn’t need <code>{"key": "value"}</code> ceremony—it needs the data, efficiently encoded.</p> <h3> The Setup: Weather Agent with Function Calling </h3> <p>I built a simple agent that calls a <code>get_current_weather</code> function. The user asks for weather, the model calls the tool, the function returns data, and the model synthesizes a response.</p> <p>The critical moment: What format should <code>get_current_weather</code> return?</p> <p><strong>Version A: JSON Tool Response</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">data</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">location</span><span class="sh">"</span><span class="p">:</span> <span class="n">location</span><span class="p">,</span> <span class="sh">"</span><span class="s">current</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">temperature</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">72 F</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">condition</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">sunny</span><span class="sh">"</span><span class="p">,</span> <span class="p">},</span> <span class="sh">"</span><span class="s">forecast</span><span class="sh">"</span><span class="p">:</span> <span class="n">forecast</span><span class="p">,</span> <span class="p">}</span> <span class="k">return</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">(</span><span class="n">data</span><span class="p">)</span> <span class="c1"># Returns JSON string </span></code></pre> </div> <p><strong>Version B: TOON Tool Response</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">data</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">location</span><span class="sh">"</span><span class="p">:</span> <span class="n">location</span><span class="p">,</span> <span class="sh">"</span><span class="s">current</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">temperature</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">72 F</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">condition</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">sunny</span><span class="sh">"</span><span class="p">,</span> <span class="p">},</span> <span class="sh">"</span><span class="s">forecast</span><span class="sh">"</span><span class="p">:</span> <span class="n">forecast</span><span class="p">,</span> <span class="p">}</span> <span class="k">return</span> <span class="nf">encode</span><span class="p">(</span><span class="n">data</span><span class="p">)</span> <span class="c1"># Returns TOON-encoded string </span></code></pre> </div> <p><strong>Main code</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">response</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="n">models</span><span class="p">.</span><span class="nf">generate_content</span><span class="p">(</span> <span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">gemini-2.5-flash</span><span class="sh">"</span><span class="p">,</span> <span class="n">contents</span><span class="o">=</span><span class="sh">"</span><span class="s">What is the weather like in New York? Share next 15 days forecast as well.</span><span class="sh">"</span><span class="p">,</span> <span class="n">config</span><span class="o">=</span><span class="n">types</span><span class="p">.</span><span class="nc">GenerateContentConfig</span><span class="p">(</span> <span class="n">tools</span><span class="o">=</span><span class="p">[</span><span class="n">get_current_weather</span><span class="p">],</span> <span class="p">),</span> <span class="p">)</span> </code></pre> </div> <h3> Result Token Usage: </h3> <ul> <li> <strong>Initial prompt tokens:</strong> 152 (user message + tool definition)</li> <li> <strong>Tool response tokens (becomes input):</strong> 480 ✅ (24% reduction)</li> <li> <strong>Model’s final output:</strong> 384 (slightly longer, but reasonable)</li> <li> <strong>Total tokens:</strong> 1,016 ✅ (11.5% reduction overall)</li> </ul> <h3> Why TOON Wins in Agentic Workflows </h3> <p>Here’s the math that matters:</p> <p><strong>Single Tool Call</strong></p> <ul> <li> JSON approach: 632 tokens for tool result</li> <li> TOON approach: 480 tokens for tool result</li> <li> <strong>Savings: 152 tokens per tool call (24%)</strong> </li> </ul> <p><strong>Multi-Turn Agent (5 tool calls)</strong></p> <ul> <li> JSON approach: 632 × 5 = 3,160 tokens in tool results</li> <li> TOON approach: 480 × 5 = 2,400 tokens in tool results</li> <li> <strong>Savings: 760 tokens (24%)</strong> </li> </ul> <h3> The Compounding Effect </h3> <p>Why this matters more than single extractions:</p> <ul> <li> <strong>Tool results are pure input tokens</strong> — You pay for them every single time</li> <li> <strong>Verbosity multiplies</strong> — JSON’s <code>{}: ,</code> Syntax adds 20-30% overhead for nested data</li> <li> <strong>No parsing penalty</strong> — The model consumes TOON just as easily (we verified this in follow-up tests)</li> <li> <strong>Scales with agent complexity</strong> — More tools = more savings</li> </ul> <p>The difference? Where the efficiency matters.</p> <h2> The Bottom Line </h2> <p>After this test runs across four different scenarios, here’s what the data tells us:</p> <p><strong>TOON loses at single extractions.</strong> Whether you’re doing manual prompting or using Pydantic models, JSON with SDK support is cleaner, cheaper, and more reliable. The 17.6% token savings from native schema integration beats TOON’s manual approach every time.</p> <p><strong>But TOON wins where it counts for agents: tool calling workflows.</strong></p> <p>When your LLM’s output becomes the next prompt — when data cycles between model and functions repeatedly — TOON’s 24% reduction per tool call transforms from interesting to impactful. An agent making 20 tool calls saves 3,040 tokens per session.</p> <p><strong>The decision matrix is simple:</strong></p> <ol> <li> Building a chatbot that extracts structured data? <strong>Use JSON + Pydantic.</strong> </li> <li> Building an agent that calls tools 10+ times per session? <strong>Test TOON.</strong> </li> <li> Building anything else? <strong>Profile first, optimize later.</strong> </li> </ol> <h2> Try It Yourself </h2> <p>I’ve open-sourced all the experiments, prompts, and token measurements: <a href="https://gist.github.com/the-m-u-s-h-r-o-o-m/080c9e697843339946850d5353e9343c" rel="noopener noreferrer">View complete code and results on GitHub Gist</a></p> <p>The repository includes:</p> <ul> <li> ✅ All four experiment setups with actual prompts</li> <li> ✅ Token usage logs for every test case</li> <li> ✅ Side-by-side comparison scripts</li> <li> ✅ The job descriptions I used for testing</li> </ul> <p>TOON isn’t magic — it’s math. And the math only works when token efficiency genuinely matters. For most applications, JSON’s ecosystem advantages outweigh the savings. But for token-heavy agentic workflows? TOON might just pay for itself.</p> <p>Now you have the data to decide.</p> llm ai python gemini