What are the requirements for TACIT?

TACIT requires a compatible MCP client such as Claude Desktop, Claude Code, or Cursor. No additional environment variables are needed for basic setup.

Is TACIT free to use?

Yes, TACIT is open source and free to use. You can find the source code on GitHub.

What MCP clients support TACIT?

TACIT works with any MCP-compatible client including Claude Desktop (Anthropic's official desktop app), Claude Code (CLI tool), Cursor, and other editors with MCP support.

How do I configure TACIT?

Configure TACIT by adding it to your MCP client's config file. For Claude Desktop, edit claude_desktop_config.json and add the server configuration. See the Configuration section above for a ready-to-use example.

TACIT MCP Server

Q: What tools does TACIT provide?

scala-repl: Executes sandboxed Scala 3 code with capability-based safety enforcement.

Q: How do I install TACIT?

Install TACIT by running: curl -fsSL https://raw.githubusercontent.com/lampepfl/TACIT/refs/heads/main/download_release.sh -o download_release.sh && chmod +x download_release.sh && ./download_release.sh

Local setup required. This server has to be cloned and prepared on your machine before you register it in Claude Code.

Set the server up locally

Run this once to clone and prepare the server before adding it to Claude Code.

Run in terminal

git clone https://github.com/lampepfl/TACIT.git
cd TACIT
./build.sh

Register it in Claude Code

After the local setup is done, run this command to point Claude Code at the built server.

Run in terminal

claude mcp add tacit -- java -jar "<FULL_PATH_TO_TACIT>/dist/index.js" --library-jar /path/to/TACIT-library.jar

Replace <FULL_PATH_TO_TACIT>/dist/index.js with the actual folder you prepared in step 1.

README.md

A safety harness for AI agents using Scala 3 with capture checking

TACIT: Tracked Agent Capabilities In Types

Paper: Tracking Capabilities for Safer Agents (arXiv:2603.00991)

TACIT (Tracked Agent Capabilities In Types) is a safety harness for AI agents. Instead of calling tools directly, agents write code in Scala 3 with capture checking: a type system that statically tracks capabilities and enforces that agent code cannot forge access rights, cannot perform effects beyond its budget, and cannot leak information from pure sub-computations. It provides an MCP interface, so that it can be easily used by all MCP-compatible agents.

TACIT Framework Overview

The framework has three main components:

Scala 3 compiler. Agent-submitted code is validated and type-checked with capture checking enabled in safe mode, which enforces a capability-safe language subset.
Scala REPL. A local REPL instance executes compiled code and manages state across interactions. Supports both stateless one-shot execution and stateful sessions.
Capability safety library. A typed API that serves as the sole gateway through which agent code interacts with the real world: file system, process execution, network, and sub-agents. The library is extensible: add new capabilities by modifying only the library code, without changing the MCP server itself.

Quick Start

TACIT provides a standard MCP server that communicates via JSON-RPC over stdio. It works with any MCP-compatible agent, including Claude Code, OpenCode, GitHub Copilot, and others.

Requires JDK 17+

1. Download Prebuilt Release JARs (Recommended)

Use the release download script to get started quickly (no local build required). It will download the latest server and library JARs from GitHub releases and place them in the current directory.

# Download the script directly (no git clone required)
curl -fsSL https://raw.githubusercontent.com/lampepfl/TACIT/refs/heads/main/download_release.sh -o download_release.sh
chmod +x download_release.sh

# Run it
./download_release.sh

Optional:

# Or use wget instead of curl
wget -q https://raw.githubusercontent.com/lampepfl/TACIT/refs/heads/main/download_release.sh -O download_release.sh
chmod +x download_release.sh

# Download into a custom directory
./download_release.sh ./dist

# Use latest pre-release instead of latest stable release
./download_release.sh --pre-release ./dist

By default, this downloads:

JAR	Default path
MCP Server	`./TACIT.jar`
Library	`./TACIT-library.jar`

2. Build from Source (Alternative)

Requires JDK 17+ and sbt 1.12+.

git clone https://github.com/lampepfl/TACIT.git
cd TACIT

./build.sh

Optional:

# Build and copy JARs into a custom directory
./build.sh ./dist

# Show full sbt output while building
./build.sh --verbose

This builds and copies two JARs:

JAR	Path
MCP Server	`./TACIT.jar` (or `./dist/TACIT.jar`)
Library	`./TACIT-library.jar` (or `./dist/TACIT-library.jar`)

3. Configure Your Agent

Add TACIT as an MCP server in your agent's configuration. Replace the paths below with absolute paths to your JARs (downloaded or built).

Claude Code

Add to your project's .mcp.json (or ~/.claude.json for global):

{
  "mcpServers": {
    "tacit": {
      "command": "java",
      "args": [
        "-jar", "/path/to/TACIT.jar",
        "--library-jar", "/path/to/TACIT-library.jar"
      ]
    }
  }
}

OpenCode

Add to your opencode.json:

{
  "$schema": "https://opencode.ai/config.json",
  "mcp": {
    "tacit": {
      "type": "local",
      "enabled": true,
      "command": [
        "java",
        "-jar", "/path/to/TACIT.jar",
        "--library-jar", "/path/to/TACIT-library.jar"
      ]
    }
  }
}

GitHub Copilot (VS Code)

Add to your .vscode/mcp.json:

{
  "servers": {
    "tacit": {
      "command": "java",
      "args": [
        "-jar", "/path/to/TACIT.jar",
        "--library-jar", "/path/to/TACIT-library.jar"
      ]
    }
  }
}

Your agent can now use TACIT's tools to execute sandboxed Scala code.

Recommended: Disable Built-in Tools

To fully benefit from TACIT's capability-based safety, disable the agent's built-in file, shell, and network tools so that all operations go through the sandboxed REPL.

Claude Code

Launch with --disallowedTools to block built-in tools:

claude --disallowedTools "Bash,Read,Write,Edit,WebFetch"

Or add to your project's .claude/settings.json:

{
  "permissions": {
    "disallowedTools": ["Bash", "Read", "Write", "Edit", "WebFetch"]
  }

Tools (1)

scala-replExecutes sandboxed Scala 3 code with capability-based safety enforcement

Configuration

claude_desktop_config.json

{"mcpServers": {"tacit": {"command": "java", "args": ["-jar", "/path/to/TACIT.jar", "--library-jar", "/path/to/TACIT-library.jar"]}}}

Try it

→Execute a sandboxed Scala script to read the contents of the current directory safely.

→Use the TACIT REPL to perform a file system operation while ensuring it stays within the defined capability budget.

→Run a Scala snippet to process data that requires restricted network access through the TACIT safety library.

Frequently Asked Questions

What are the key features of TACIT?

Statically tracks capabilities using Scala 3 capture checking. Enforces a capability-safe language subset for agent code. Provides a local REPL for both stateless and stateful code execution. Extensible typed API for file system, process, and network interactions. Compatible with any MCP-compliant agent like Claude Code or GitHub Copilot.

What can I use TACIT for?

Preventing AI agents from performing unauthorized file system modifications. Restricting agent network access to specific, pre-approved endpoints. Running untrusted agent-generated code in a strictly typed, sandboxed environment. Auditing agent capabilities by enforcing strict type-level access rights.

How do I install TACIT?

Install TACIT by running: curl -fsSL https://raw.githubusercontent.com/lampepfl/TACIT/refs/heads/main/download_release.sh -o download_release.sh && chmod +x download_release.sh && ./download_release.sh

What MCP clients work with TACIT?

TACIT works with any MCP-compatible client including Claude Desktop, Claude Code, Cursor, and other editors with MCP support.

Turn this server into reusable context

Keep TACIT docs, env vars, and workflow notes in Conare so your agent carries them across sessions.

Need the old visual installer? Open Conare IDE.

Open Conare

View all ai-tools servers →