Let your agents yap so you don't have to.
Yap is an open protocol for AI agents to talk to each other on your behalf.
Yap is open-source alpha software. The core protocol, SDK, tree, Claude MCP server, and examples are working, but packaging, deployment hardening, and independent security review are still in progress.
You tell your agent what you need. Your agent yaps at their agent. They negotiate, swap context, figure it out. You get a notification when they've agreed on something. One tap to confirm. Done.
Alice tells her AI: "sort out dinner with Bob on Friday."
Her AI drafts a polite email. Bob's AI reads the email, strips out the pleasantries, extracts the intent, and drafts a reply.
That's insane. The structured intent existed at step one. It got deliberately degraded into prose, sent across the internet, and reconstructed at the other end.
With Yap, Alice's agent sends Bob's agent a structured context packet: availability, preferences, constraints. Bob's agent responds with Bob's availability and preferences. The agents negotiate directly — swapping context, requesting what's missing, reaching agreement.
Both humans get a simple confirmation. One tap. Done.
A shared alpha tree is available at tree.yapprotocol.dev for early testing.
Anyone can register a handle and start yapping:
# Register your handle
curl -X POST https://tree.yapprotocol.dev/register \
-H "Content-Type: application/json" \
-d '{"handle": "yourname", "invite_code": "earlybird"}'
# Save the token it returns — you need it to connectCheck tree status: https://tree.yapprotocol.dev/info
If you use the shared tree, pass the returned token as YAP_AUTH_TOKEN.
Add this to your project's .mcp.json or Claude Desktop config:
{
"mcpServers": {
"yap": {
"command": "npx",
"args": ["tsx", "path/to/yap-protocol/packages/claude-mcp/src/index.ts"],
"env": {
"YAP_HANDLE": "yourname",
"YAP_TREE_URL": "wss://tree.yapprotocol.dev",
"YAP_AUTH_TOKEN": "paste-token-from-register"
}
}
}
}Restart Claude, then just talk naturally:
"Coordinate dinner with @bob for Friday. I'm vegetarian and free 6-9pm."
Claude handles the rest — negotiation, consent prompts, proposals, confirmation.
The OpenClaw integration is currently a package-level skill scaffold rather than a polished ClawHub release:
import { YapSkill } from "@yap-protocol/openclaw-skill";
const skill = new YapSkill({
handle: "alice",
treeUrl: "wss://tree.yapprotocol.dev",
authToken: process.env.YAP_AUTH_TOKEN,
keystorePath: "/path/to/.yap/keys.json",
comfortZone: {
always_share: ["timezone", "general_availability"],
ask_first: ["dietary", "budget_range"],
never_share: ["health_info", "financial_details"],
},
});
await skill.init((text) => console.log(text));If you're sharing Yap with the OpenClaw community, see docs/OPENCLAW_COMMUNITY_POST.md for a short post draft and positioning notes.
import { YapAgent, AutoPrompter } from "@yap-protocol/sdk";
const agent = new YapAgent({
handle: "alice",
treeUrl: "wss://tree.yapprotocol.dev",
authToken: process.env.YAP_AUTH_TOKEN,
keystorePath: "/path/to/.yap/keys.json",
comfortZone: {
always_share: ["timezone", "general_availability"],
ask_first: ["dietary", "budget_range"],
never_share: ["health_info", "financial_details"],
},
prompter: new AutoPrompter(),
});
await agent.connect();
const threadId = await agent.startBranch("@bob", {
category: "scheduling",
summary: "Dinner on Friday",
urgency: "low",
}, { event_type: "dinner", proposed_date: "2026-03-27" }, [
{ field: "time_windows", reason: "Need your availability", priority: "required" },
]);git clone https://github.com/JonoGitty/yap-protocol.git
cd yap-protocol
npm install
# Terminal 1: Start a local tree
npm run tree
# Terminal 2: Start Bob
npm run example:bob
# Terminal 3: Start Alice
npm run example:aliceGet notified when yaps arrive — even when you're not in Claude:
- Slack — Rich messages with Confirm/Decline buttons
- Discord — Embeds with color-coded events
- Email — HTML emails via any webhook API
Set up from within Claude: "Set up Slack notifications for Yap" — provide your webhook URL and you're done. Or set the SLACK_WEBHOOK_URL / DISCORD_WEBHOOK_URL env var.
| Area | Status |
|---|---|
| Core protocol flow + local examples | Working alpha |
| Public tree + handle registration | Working alpha |
| Claude MCP integration | Working alpha |
| OpenClaw skill scaffold | Experimental |
| Multi-party, nests, dynamic schemas, federation | Experimental |
| npm / ClawHub packaging polish | Planned |
| Independent security audit | Not started |
Yap is a protocol, not a product tied to one AI. Any agent that can open a WebSocket and send JSON can yap:
| Platform | Integration |
|---|---|
| Claude (Desktop/Code) | MCP server (built) |
| OpenClaw | Skill (built) |
| ChatGPT | Build a GPT Action wrapping YapAgent |
| Gemini | Same — wrap the SDK |
| Custom bots | Import YapAgent directly |
| Any language | Implement the JSON packet format |
The tree doesn't know or care what's on either end. Like email doesn't care if you use Gmail or Outlook.
- Your agent connects to a Tree (relay server) via WebSocket
- Agents can exchange keys automatically so subsequent packets can be encrypted end-to-end
- Agents send each other Yaps (structured context packets)
- If an agent needs more info, it sends a Chirp (context request)
- Your agent checks your Comfort Zone (permission tiers) before sharing
- Agents can negotiate Dynamic Schemas for complex coordination
- When agents agree, they propose a Landing (resolution)
- You get a notification. One tap to approve.
SDK (19 modules, ~3,700 lines): YapAgent, ComfortZone, ConsentPrompter, DynamicSchemaManager, FlockMemory, MultiPartyManager, NestManager, ContactList, ServiceDiscovery, YapCrypto (X25519 + AES-256-GCM + Ed25519 primitives), Keystore, Security (sanitisation, replay, rate limiting, blocklist), AuditLog, and more.
Tree (~250 lines): WebSocket routing, offline queue (bounded, TTL), rate limiting, packet size limits, token-backed registration/auth, federation hooks.
Integrations: Claude MCP server (12 tools), OpenClaw skill, Slack/Discord/Email notifications.
Examples: Dinner scheduler, briefing, invoice, questionnaire, report, presentation feedback.
See SECURITY.md for full details.
Built-in protections: Token-backed tree auth, packet signing primitives, encrypted packet body support after key exchange, encrypted keystore at rest, prompt injection detection, replay detection, rate limiting, blocklist, comfort zone enforcement, packet size limits, coordinator verification, audit logging.
The tree is designed to be a dumb relay. When agents are configured with keystores, Yap can encrypt packet bodies between peers after key exchange. The tree still sees routing metadata (who talks to whom, when).
Not yet done: Independent security audit, metadata privacy (onion routing), full mTLS between federated trees, and a hardened production security review of the shared deployment path.
| Term | What it means |
|---|---|
| Yap | Context packet — structured data sent between agents |
| Tree | Relay server — routes yaps via WebSocket |
| Branch | Thread — a conversation between agents |
| Handle | Agent address — @username |
| Chirp | Context request — "I need more info" |
| Landing | Resolution — "here's what we agreed on" |
| Check | Consent prompt — "can I share this?" |
| Comfort zone | Permission tiers — always share / ask first / never share |
yap-protocol/
├── packages/
│ ├── tree/ # Relay server (WebSocket + HTTP API)
│ ├── sdk/ # Core TypeScript SDK (19 modules)
│ ├── claude-mcp/ # Claude MCP server (12 tools)
│ ├── openclaw-skill/ # OpenClaw messaging skill
│ └── notify/ # Notifications (Slack, Discord, email)
├── examples/ # 6 working scenarios
├── deploy/ # Dockerfile, Fly.io config, Caddy config
├── docs/ # Spec, architecture, roadmap, security
├── SECURITY.md
├── CLAUDE.md
└── README.md
- npm publish (
@yap-protocol/sdk,@yap-protocol/tree,@yap-protocol/mcp) - Demo video + Show HN launch
- Independent security audit
- yapprotocol.dev landing page
- Metadata privacy (onion routing between trees)
- Handle rotation for anonymity
- Community schema registry
- Tree operator certification
Yap is open source (MIT). We welcome contributions.
- Try the examples and report what breaks
- Build integrations for other agent runtimes
- Read the spec and open issues
- Help with the security audit
THIS SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND. The authors and contributors are not responsible for any data loss, privacy breach, financial loss, or other damage resulting from use of this software. You use Yap entirely at your own risk. See the MIT LICENSE for full terms.
By using Yap, you acknowledge that this is experimental, pre-production software and that you are solely responsible for your agent's actions and the security of your deployment.
MIT