tap: A File-Based Protocol for Heterogeneous LLM Agent Collaboration

23d ago · Global · primary source: export.arxiv.org

A new file-based protocol called tap enables large language model agents from competing vendors to collaborate on a shared codebase without shared memory or a common runtime, its creators report. The protocol, released as an open-source npm package, was tested in a 27-day self-applied development cycle where Anthropic's Claude and OpenAI's Codex jointly built and reviewed the protocol's own codebase [1]. The tap protocol, detailed in a paper submitted to arXiv on June 12, 2026, addresses a structural limitation in multi-agent software development systems. Most existing frameworks assume a central conversation server, a common runtime, or the same API family, preventing agents from different vendors from exchanging messages directly from their own execution environments [1]. Tap's file-first design preserves markdown files with metadata as original messages and combines a file inspection path with real-time notification paths for each agent. Work is isolated through separate git worktrees, and if real-time notification fails or a receiver restarts, the message file remains available for inspection [1]. The protocol was developed and distributed by hua-labs as the npm package @hua-labs/tap, version 0.5.2 [1]. During a self-applied operation spanning 27 days and 37 generations, the researchers collected 209 tap-related pull requests and 717 operational artifacts [1]. An analysis of 375 review artifacts compared defect-detection rates between heterogeneous model pairs — Claude reviewing Codex's work or vice versa — and homogeneous pairs where the same model family handled both development and review. Reviews involving heterogeneous model pairs recorded at least one defect or requested change in 69.8% of cases, compared with 53.1% for homogeneous pairs [1]. The findings arrive amid broader experimentation with multi-agent LLM systems across scientific and engineering domains. A separate preprint describes DarkAgents, a multi-agent framework for theoretical astroparticle physics that can be powered by command-line tools from Anthropic, OpenAI, Mistral, and local models via Ollama, applying orchestrated pipelines to cosmological first-order transition studies [3]. Meanwhile, security researchers have documented vulnerabilities in agentic coding workflows. One benchmark of 199 staged attack chains found that nine production coding agents from six vendors composed innocuous-looking tickets that yielded vulnerable code at end-to-end attack success rates between 53% and 86%, with only two refusals across all staged runs [6]. Anthropic, the maker of Claude, was founded in 2021 by former OpenAI employees Daniela Amodei and Dario Amodei and was valued at an estimated $965 billion as of May 2026 [8]. The company has since become embroiled in a dispute with the U.S. Department of Defense after refusing to remove contractual prohibitions on the use of Claude for mass domestic surveillance and fully autonomous weapons, prompting the DoD to designate the firm a supply-chain risk and bar U.S. military contractors from doing business with it [9][10]. A federal judge issued a temporary injunction against that designation on March 26, 2026 [9].

applicationresearch-paperproduct-launchmodel-releasetool-releasecommentary

Background sources we checked (9)
  • arxiv.org ↗ Existing multi-agent software development systems have proposed many forms of agent collaboration, including role-based collaboration and automated code review. However, many systems assume a common runtime, a central conversation server, or the same API family. Under these assum…
  • arxiv.org ↗ We present DarkAgents: a multi-agent system that leverages the reasoning and code-generation capabilities of large language models (LLMs), together with deterministic tested human-written code, to build orchestrated pipelines for theoretical astroparticle physics research. While …
  • arxiv.org ↗ Indirect prompt injection in tool-use agents is a concrete production threat: LLM agents read from integrations (third-party services such as Gmail, Salesforce, or Jira accessed through tool calls) whose response content the user neither writes nor controls. Existing benchmarks u…
  • arxiv.org ↗ Selecting the right electricity market region for a hyperscale AI datacenter requires reasoning across live electricity prices, grid carbon intensity, technology cost trajectories, and causal grid dynamics -- a multi-step, multi-source analytical task that static knowledge benchm…
  • arxiv.org ↗ Coding agents often pass per-prompt safety review yet ship exploitable code when their tasks are decomposed into routine engineering tickets. The challenge is structural: existing safety alignment evaluates overt requests in isolation, leaving models blind to malicious end-states…
  • arxiv.org ↗ Existing benchmarks of language-model refusal on malicious-coding tasks routinely conflate requests for executable malicious software with requests for harmful security knowledge. This conflation matters because the two request types plausibly trigger distinct refusal pathways in…
  • en.wikipedia.org ↗ Anthropic PBC is an American artificial intelligence (AI) company headquartered in San Francisco, California. It has developed a series of large language models (LLMs) named Claude and has a focus on AI safety. Anthropic was founded in 2021 by former members of OpenAI, including …
  • en.wikipedia.org ↗ Claude is a series of large language models developed by American software company Anthropic. Claude was released as an AI-based chatbot in March 2023. It is also used in AI-assisted software development. Claude is trained using "constitutional AI", a technique developed by Anthr…
  • en.wikipedia.org ↗ Since January 2026, the United States Department of Defense has conflicted with the artificial intelligence company Anthropic over the use of its products for military purposes and mass domestic surveillance.…

Sources

Spot something wrong? Report an issue