Prepare the server locally
Run this once before adding it to Claude Code.
git clone https://github.com/lampepfl/TACIT.git
cd TACIT
./build.shRegister it in Claude Code
claude mcp add tacit -- java -jar /path/to/TACIT.jar --library-jar /path/to/TACIT-library.jarReplace any placeholder paths in the command with the real path on your machine.
Make your agent remember this setup
tacit's config, env vars, and the gotchas you hit — recalled in every future Claude Code, Cursor, and Codex session.
npx conare@latestFree · one command · indexes the sessions already on disk. Set up in the browser instead →
What it does
- Statically tracks capabilities using Scala 3 capture checking
- Enforces a capability-safe language subset for agent code
- Provides a local REPL for both stateless and stateful code execution
- Extensible typed API for file system, process, and network interactions
- Compatible with any MCP-compliant agent like Claude Code or GitHub Copilot
Tools 1
scala-replExecutes sandboxed Scala 3 code with capability-based safety enforcementTry it
Original README from lampepfl/TACIT
TACIT: Tracked Agent Capabilities In Types
Paper: Tracking Capabilities for Safer Agents (arXiv:2603.00991)
TACIT (Tracked Agent Capabilities In Types) is a safety harness for AI agents. Instead of calling tools directly, agents write code in Scala 3 with capture checking: a type system that statically tracks capabilities and enforces that agent code cannot forge access rights, cannot perform effects beyond its budget, and cannot leak information from pure sub-computations. It provides an MCP interface, so that it can be easily used by all MCP-compatible agents.

The framework has three main components:
- Scala 3 compiler. Agent-submitted code is validated and type-checked with capture checking enabled in safe mode, which enforces a capability-safe language subset.
- Scala REPL. A local REPL instance executes compiled code and manages state across interactions. Supports both stateless one-shot execution and stateful sessions.
- Capability safety library. A typed API that serves as the sole gateway through which agent code interacts with the real world: file system, process execution, network, and sub-agents. The library is extensible: add new capabilities by modifying only the library code, without changing the MCP server itself.
Quick Start
TACIT provides a standard MCP server that communicates via JSON-RPC over stdio. It works with any MCP-compatible agent, including Claude Code, OpenCode, GitHub Copilot, and others.
Requires JDK 17+
1. Download Prebuilt Release JARs (Recommended)
Use the release download script to get started quickly (no local build required). It will download the latest server and library JARs from GitHub releases and place them in the current directory.
# Download the script directly (no git clone required)
curl -fsSL https://raw.githubusercontent.com/lampepfl/TACIT/refs/heads/main/download_release.sh -o download_release.sh
chmod +x download_release.sh
# Run it
./download_release.sh
Optional:
# Or use wget instead of curl
wget -q https://raw.githubusercontent.com/lampepfl/TACIT/refs/heads/main/download_release.sh -O download_release.sh
chmod +x download_release.sh
# Download into a custom directory
./download_release.sh ./dist
# Use latest pre-release instead of latest stable release
./download_release.sh --pre-release ./dist
By default, this downloads:
| JAR | Default path |
|---|---|
| MCP Server | ./TACIT.jar |
| Library | ./TACIT-library.jar |
2. Build from Source (Alternative)
Requires JDK 17+ and sbt 1.12+.
git clone https://github.com/lampepfl/TACIT.git
cd TACIT
./build.sh
Optional:
# Build and copy JARs into a custom directory
./build.sh ./dist
# Show full sbt output while building
./build.sh --verbose
This builds and copies two JARs:
| JAR | Path |
|---|---|
| MCP Server | ./TACIT.jar (or ./dist/TACIT.jar) |
| Library | ./TACIT-library.jar (or ./dist/TACIT-library.jar) |
3. Configure Your Agent
Add TACIT as an MCP server in your agent's configuration. Replace the paths below with absolute paths to your JARs (downloaded or built).
<details open> <summary><b>Claude Code</b></summary>Add to your project's .mcp.json (or ~/.claude.json for global):
{
"mcpServers": {
"tacit": {
"command": "java",
"args": [
"-jar", "/path/to/TACIT.jar",
"--library-jar", "/path/to/TACIT-library.jar"
]
}
}
}
</details>
<details>
<summary><b>OpenCode</b></summary>
Add to your opencode.json:
{
"$schema": "https://opencode.ai/config.json",
"mcp": {
"tacit": {
"type": "local",
"enabled": true,
"command": [
"java",
"-jar", "/path/to/TACIT.jar",
"--library-jar", "/path/to/TACIT-library.jar"
]
}
}
}
</details>
<details>
<summary><b>GitHub Copilot (VS Code)</b></summary>
Add to your .vscode/mcp.json:
{
"servers": {
"tacit": {
"command": "java",
"args": [
"-jar", "/path/to/TACIT.jar",
"--library-jar", "/path/to/TACIT-library.jar"
]
}
}
}
</details>
Your agent can now use TACIT's tools to execute sandboxed Scala code.
Recommended: Disable Built-in Tools
To fully benefit from TACIT's capability-based safety, disable the agent's built-in file, shell, and network tools so that all operations go through the sandboxed REPL.
<details open> <summary><b>Claude Code</b></summary>Launch with --disallowedTools to block built-in tools:
claude --disallowedTools "Bash,Read,Write,Edit,WebFetch"
Or add to your project's .claude/settings.json:
{
"permissions": {
"disallowedTools": ["Bash", "Read", "Write", "Edit", "WebFetch"]
}