Developers · Reach Protocol v0.1

Build an agent that can reach anyone.

Reach Protocol envelopes are JSON-RPC 2.0 — the exact payload MCP already speaks. One MCP client, two transports: HTTP when the peer is a hosted server, CKN when it isn't.

npm i @inferlane/reach-core Reference impl on GitHub →

CKN · the transport MCP is missing

Same tools/call. Two ways to deliver it.

over HTTP

When the peer is a hosted MCP server with a public address and a cert. Unchanged — MCP as you know it.

over CKN

When the peer is a browser tab, a phone, or a laptop behind a router — no server, no address. Peer-to-peer through NAT, identity proven by signature.

// One client, two transports — the second reaches what the first can't.
const reach = await connect("@rapidplumb");   // resolves a handle, not a URL

const quote = await reach.call("tools/call", {
  name:   "request_quote",
  params: { job: "leak under sink", when: "today" }
});
// → signed Ed25519 envelope, verified locally on receipt
// → if @rapidplumb has no server, this still works (CKN, peer-to-peer)

Caller-Kind Negotiation

Every caller carries a verified kind.

The hub stamps each incoming signaling message with fromKind, derived from a signed challenge against the Ed25519 key bound to the caller's handle. The is_agent flag is set by the handle owner — never inferred.

// incoming signaling envelope
{
  "jsonrpc": "2.0",
  "from":    "@maya",
  "fromKind": "agent",        // "human" | "agent" | "anon"
  "sig":     "ed25519:c81…44e",  // verified locally before display
  "method":  "tools/call"
}

Capability sensitivity

Every capability declares how dangerous it is.

Hosts surface the level in the action palette. Defaults are conservative — destructive actions always require per-invocation confirmation, by shape and label, never color alone.

read auto-invocable in agent contexts

write explicit confirmation per invocation

destructive always per-invocation confirm — cancel, dispute, close

Five surfaces, one core

Ship to where users already are.

›_

reach-core (MCP server)

Node 20+ TypeScript. The heart — discovery, normalization, signing, dynamic tool registration.

⌘

Claude Desktop · OpenAI Apps

One-click .dxt install and an Apps SDK wrapper. Same core, host-native.

◎

Chrome · Safari extension

"⚡ N actions available here" on any site that publishes a manifest — live or shadow registry.

⇧

Mac menu bar

A Spotlight-style palette over the current site's actions, signed & notarized.

CKN is a negotiation pattern on standard WebRTC + signaling — not a new protocol, not a competitor to MCP or A2A. It carries their payloads. Spec: CKN/1.0 · 2026-05-27. Encryption posture is stated plainly on /security.