Minimal multi-agent coordination for Claude Code. Full security, zero dependencies.
A lightweight system for coordinating multiple Claude Code sessions on a single machine. 11 tools, HMAC auth, task DAGs, browser dashboard — built with the philosophy that every feature must justify its existence.
# 1. Install MCP server
python install.py
# 2. Start the broker
python launch.py
# 3. Open Claude Code — use the 'join' tool
| Tool | Purpose | Role |
|---|---|---|
join |
Register + discover peers | Everyone |
send |
Message anyone (* for broadcast) |
Everyone |
check |
Read inbox | Everyone |
create_task |
Create with dependencies | Architect |
list_tasks |
Filter by status | Everyone |
claim_task |
Atomic claim (fails if taken) | Worker |
complete_task |
Requires artifact summary | Worker |
lock_file |
Reserve a file path | Everyone |
unlock_file |
Release a lock | Everyone |
set_memory |
Shared key-value | Architect |
get_memory |
Read shared state | Everyone |
Every tool must justify its existence with a real use case.
| Decision | Rationale |
|---|---|
send handles broadcast |
recipient='*' replaces a separate broadcast tool. One tool, not two. |
send handles blockers |
category='blocker' replaces a separate raise_blocker tool. Routing logic belongs in the broker. |
| No memory versioning | If a decision changes, write a new key. History adds complexity without proportional value. |
| No worker spawning | Platform-specific shell spawning is fragile across OS. Open a terminal — it takes 2 seconds. |
| No budget tracking | Token budgets are useful but not essential for the core coordination workflow. |
| No conversation logging | Audit logging is infrastructure, not a user-facing tool. |
| Feature | Why |
|---|---|
| HMAC-SHA256 auth | Identity without auth is theater |
| Role-based access | Architect/worker separation prevents workers from overwriting shared decisions |
| Identity enforcement | Sender must match token — no spoofing |
| Content filtering | Injection defense is not optional |
| Rate limiting | 10 msg/min/peer prevents flooding |
| Dead peer recovery | Task reassignment on crash keeps work moving |
The principle: Security is not a feature to be cut. Everything else is negotiable.
- HMAC-SHA256 tokens — generated on registration, validated every request
- Role-based access — architect creates tasks/memory, worker claims/completes
- Identity enforcement —
sender_idmust match authenticated peer - Content filtering — blocks
tool_useXML,function_callJSON,data:URIs (NFKC normalized) - Rate limiting — 10 messages per minute per peer
- Localhost only — bound to 127.0.0.1, never exposed
See SECURITY.md for the full security model.
control-tower-lite/
broker.py # HTTP server + SQLite + auth + security
mcp_server.py # 11 MCP tools + heartbeat + identity
dashboard.html # Standalone status page
install.py # MCP server registration
launch.py # Start broker + open dashboard
tests/
test_broker.py # 50 tests — auth, messaging, tasks, DAGs, locks, memory
SECURITY.md # Security model documentation
README.md
LICENSE # MIT
MIT — see LICENSE.