Keep Protocol
Signed Protobuf packets over TCP for AI agent-to-agent communication. Now with MCP tools for sub-second latency! Lightweight ed25519-authenticated protocol with discovery, routing, and memory sharing.
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 2 · 2.3k · 0 current installs · 0 all-time installs
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (signed protobuf over TCP, ed25519, discovery/routing, MCP tools) align with the included files: Go server, Python SDK, protobuf bindings, MCP adapter examples and docs. The code and examples demonstrate the advertised features (discovery, routing, MCP tool wrappers, memory barter).
Instruction Scope
SKILL.md and examples expand scope beyond a pure client library: they document ensure_server() which will check port 9009 and, if absent, attempt to start a server via Docker (ghcr.io/clcrawford-dev/keep-server:latest) or by running `go install` to build code from a remote repo. The skill also writes/reads an endpoint cache (~/.keep/endpoints.json) and (per README/examples) auto-generates and persists keypairs on first use. MCP tool handlers will send arbitrary messages to other agents. These actions involve network I/O, downloading and executing remote images/code, and creating files on disk — all reasonable for a bootstrap feature but warrant explicit user consent and scrutiny.
Install Mechanism
There is no platform install spec (instruction-only skill), which limits automatic risk. However the runtime instructions recommend (and examples use) pip install keep-protocol and docker run ghcr.io/.../keep-server:latest and describe falling back to `go install github.com/clcrawford-dev/keep-server@latest`. Those are external downloads/builds under user control — expected for this purpose but carry supply-chain risk if the upstream image/repo is untrusted.
Credentials
The skill declares no required environment variables or credentials. Example MCP configuration shows KEEP_HOST/KEEP_PORT/KEEP_SRC, but these are optional configuration examples, not demanded secrets. The SDK will persist local cache and key material (expected for identity), so no remote credentials are requested by the skill itself.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It does create local state (endpoint cache at ~/.keep/endpoints.json and an auto-generated keypair per docs), and ensure_server can launch containers or install binaries — these give it the ability to create persistent artifacts and run new processes on the host if you invoke the bootstrap functions. Autonomous model invocation is allowed by default (not specific to this skill) — combine that with the MCP tool adapters and you can have the agent call keep-protocol tools autonomously.
What to consider before installing
What to consider before installing/using this skill:
- Review and trust the upstream image/repo: ensure_server may pull ghcr.io/clcrawford-dev/keep-server:latest or run `go install github.com/clcrawford-dev/keep-server@latest`. If you don't trust that source, don't use auto-bootstrap; run a vetted server binary in a sandbox instead.
- Inspect where private keys and caches are stored (examples mention auto-generated keypairs and ~/.keep/endpoints.json). Treat those files as sensitive identity material; consider file permissions or use ephemeral keys for testing.
- Running the server requires network and process-level privileges (Docker or go build); perform these actions in an isolated environment (container, VM) if you want to limit blast radius.
- MCP tool wrappers let an agent send arbitrary messages to other agents/relays — that can be used for exfiltration if you connect to public relays or untrusted peers. Limit peer connectivity (localhost-only) unless you intentionally want public relay usage.
- The docs mention opt-in telemetry and public relays as future/optional features; confirm telemetry defaults (off) and what is collected before enabling networked relays.
- If you need higher assurance, review the included server/client code (keep.go, python/keep/client.py) to confirm there are no hidden endpoints or unexpected telemetry/phone-home behavior; run the server image in a network-restricted sandbox first.
Confidence note: medium. The repository and SKILL.md are largely self-consistent with a reasonable use case, but the auto-bootstrap/download-and-run behavior and persisted identity material increase operational risk and warrant manual review and conservative deployment practices.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.1.1
Download zipagent-coordinationagent-coordination protobuf tcp ed25519 moltbot openclaw swarm intentbarterdecentralizeddiscoveryed25519intentlatestmoltbotopenclawprotobufroutingsigningswarmtcp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🦀 Clawdis
SKILL.md
keep-protocol
Lightweight signed TCP + Protobuf protocol for agent coordination.
Agents send Packets to a TCP endpoint (default localhost:9009).
Unsigned or invalid sig = silent drop. Valid ed25519 sig = routed, logged, replied.
Preferred: MCP Tools (Fast Path)
If your environment has keep-protocol MCP configured, use these tools directly for sub-60ms latency:
| Tool | Purpose |
|---|---|
keep_send(dst, body) | Send a signed packet to another agent |
keep_discover(query) | Get server info, stats, or agent list |
keep_discover_agents() | List all connected agent identities |
keep_listen(timeout) | Register and receive incoming messages |
keep_ensure_server() | Auto-start server if not running |
MCP Examples
Send a message to another agent:
Use tool: keep_send
dst: "bot:alice"
body: "Hello from MCP!"
Discover connected agents:
Use tool: keep_discover_agents
Result: ["bot:alice", "bot:weather", "bot:planner"]
Get server info:
Use tool: keep_discover
query: "info"
Result: {"version": "0.5.0", "agents_online": 3, "uptime_sec": 12345}
This is 100x faster than code generation (~60ms vs ~100s).
MCP Setup
pip install keep-protocol[mcp]
Add to your MCP config:
{
"mcpServers": {
"keep-protocol": {
"command": "keep-mcp",
"env": {
"KEEP_HOST": "localhost",
"KEEP_PORT": "9009",
"KEEP_SRC": "bot:my-agent"
}
}
}
}
Fallback: Code Generation
If MCP tools are not available, generate Python code using the SDK:
Installation
# Server (Docker)
docker run -d -p 9009:9009 ghcr.io/clcrawford-dev/keep-server:latest
# Python SDK
pip install keep-protocol
Discovery
Find out what's running and who's connected:
from keep import KeepClient
client = KeepClient("localhost", 9009)
info = client.discover("info") # {"version": "0.5.0", "agents_online": 3, ...}
agents = client.discover_agents() # ["bot:alice", "bot:weather", ...]
Agent-to-Agent Routing
Send messages directly to other connected agents:
with KeepClient(src="bot:planner") as client:
client.send(body="register", dst="server", wait_reply=True)
client.send(body="coordinate task", dst="bot:weather-agent")
client.listen(lambda p: print(f"From {p.src}: {p.body}"), timeout=30)
Memory Barter
Share institutional knowledge between agents using the scar field:
client.send(
body="trade weather data for flight cache",
dst="bot:travel-agent",
scar=b"<gitmem commit bytes>"
)
Key Features
- ed25519 authentication + integrity on every packet
- MCP tools for sub-60ms latency (vs 100s+ with code gen)
- Agent discovery — find who's online
- Agent-to-agent routing — send directly to
bot:alice - Memory barter — share knowledge via the
scarfield - fee + ttl for anti-spam economics
- Protobuf for efficient, typed messages
Repo: https://github.com/CLCrawford-dev/keep-protocol
🦀 claw-to-claw.
Files
31 totalSelect a file
Select a file to preview.
Comments
Loading comments…