@reclaimprotocol/agent
v0.1.11
Published
Reclaim Protocol's tools for agents — Reclaim Protocol lets your app verify **data points** about its users — a follower count, an account balance, an order history. This package gives your AI coding agent the tools to **find, build, test and fix the _dat
Downloads
2,090
Readme
@reclaimprotocol/agent
Reclaim Protocol lets your app verify data points about its users — a follower count, an account balance, an order history. This package gives your AI coding agent the tools to find, build, test and fix the data verification providers (the recipes that verify a data point) by inspecting and replaying captured requests, checking sessions, evaluate proofs, publishing updates, and much more.
Under the hood it's Chrome-CDP + zkTLS provider-authoring tooling: it captures network traffic from a browser, synthesizes provider definitions from it (contains matchers + jsonPath / xPath / regex redactions), runs a local replay diagnostic, and produces a verified attestor proof via @reclaimprotocol/attestor-core.
This package is the Reclaim MCP server (bin: reclaim-mcp-server). It depends on @reclaimprotocol/client for the typed HTTP client and registers the provider-authoring tools below alongside the backend-facing tools (credentials, publishing) in a single MCP surface. A standalone entry (src/index.ts) re-exports the client SDK plus buildAgentTools for embedding.
Install
Prerequisites: Node ≥ 20 — works best on a current LTS release (22 or 24) — and a local Chrome / Chromium / Edge (used for capture and the dashboard login). The first time you call run_proof, the agent downloads the ZK circuit files it needs (~280 MB) — so allow a moment for that first proof. The download is deferred to first proof on purpose (not an install step), so the MCP server itself starts immediately.
Any Node ≥ 20 works, including non-LTS lines like 25 however an LTS line (22 or 24) is recommended.
It runs as a stdio MCP server. Point any MCP-capable agent at this command:
npx -y --package=@reclaimprotocol/agent reclaim-mcp-serverThe
--package=(short form-p) flag selects thereclaim-mcp-serverbinary from the package. We use the long--package=form throughout because the short-pcollides with the-p/claude mcp add), which silently swallows the command. Prefer a global install? Runnpm i -g @reclaimprotocol/agentand usereclaim-mcp-serverdirectly as thecommand(drop thenpxwrapper and itsargs).
Installing into your coding agent
Copy-paste setup for Claude Code (plugin marketplace), Claude Desktop, Cursor, opencode, Codex, Windsurf, VS Code, Cline and other MCP clients lives in the public reclaimprotocol/developer-tools repo — that's where the Claude Code plugin/marketplace is published.
The quickest path, in Claude Code:
/plugin marketplace add reclaimprotocol/developer-tools
/plugin install reclaim@reclaimFor any other client, point it at the stdio command above (npx -y --package=@reclaimprotocol/agent reclaim-mcp-server) — see the developer-tools README for per-client config and the Claude Desktop / GUI-app notes.
Optional environment
Defaults target the production old-devtools backend, so no env is needed for the common case. To override, add an env block (or environment in opencode) to the config above:
"env": {
"USE_OLD_DEVTOOLS": "true",
"RECLAIM_OLD_API_URL": "https://devapi.reclaimprotocol.org"
}See Backends for builder mode (USE_OLD_DEVTOOLS=false) and the full env-var list.
Provider-authoring guide
The MCP server is all you need — it ships a how_it_works tool that returns the full capture → prove → publish guide (login detection, choosing auth-bound endpoints, OPRF decisions, troubleshooting). Any MCP client can call it on demand; there's nothing extra to install.
Using it from your agent
Tip: have your agent call the how_it_works tool first so it follows the full authoring flow.
Then just ask in plain language, e.g.:
"Use Reclaim to create a provider that proves my GitHub follower count."
or you can even ask it like:
"I want to verify Github follow count"
The agent orchestrates the tools for you:
reclaim_authenticate— a Chrome window opens the Reclaim dashboard; you sign in. The token is captured automatically and the tab closes. (Or it reuses a still-valid cached identity.)attach_chrome+navigate— opens the target site (e.g.github.com);wait_for_pagewaits while you log in there.start_capture→find_requests_containing→get_request— records network traffic and locates the request carrying your value.propose_provider— drafts the provider (acontainsmatch +jsonPath/xPath/regexredaction), keeping any secret headers server-side.replay_request→run_proof— pre-flights the draft, then produces a verified zkTLS proof via the attestor.create_provider_version_from_capture— publishes it.get_me_providerslists what you own; pass a returnedproviderIdback to publish a new version of an existing provider.
Your only manual steps are signing in when the browser windows open and confirming the value you want to prove.
How it works (guide tool)
The full, mode-aware authoring guide (skill/SKILL.builder.md / skill/SKILL.old.md, one per backend) is served on demand by the how_it_works MCP tool — call it from any MCP client (Claude Code, Cursor, opencode, Antigravity, …) to get the deep capture → prove → publish workflow, decision frameworks, and troubleshooting. The server's always-on instructions cover the essentials; how_it_works is the in-depth version, with nothing to install.
Provider-authoring tools
These capture/synthesis/proof tools are backend-independent and registered in both modes (see Backends):
| Tool | Purpose |
| ------------------------------------------- | -------------------------------------------------------------------------------------------------------------- |
| attach_chrome | Connect to Chrome via CDP — dedicated profile or attach to running instance |
| list_tabs | List open Chrome tabs |
| navigate, wait_for_page, eval_in_page | Drive the tab; poll for login completion |
| start_capture, stop_capture | Network capture lifecycle |
| list_requests, get_request | Inspect captured traffic |
| find_requests_containing | Deterministic search for a target value across captured responses |
| analyze_request_constraints | Flag concerns (signed, csrf, graphql, etc.) |
| propose_provider | Synthesize a provider — contains match + jsonPath/xPath/regex redaction |
| replay_request | Pre-flight replay via Node fetch (no attestor); also used for auth-bound check by omitting secretParamsRef |
| run_proof | End-to-end zkTLS proof through the attestor SDK |
| create_provider_version_from_capture | Publish a drafted provider to the backend |
| get_session, reset_session | Session state |
Backends
The MCP server targets one of two backends, selected by USE_OLD_DEVTOOLS:
- Old devtools (default). The legacy devtools backend is still in production while the new "builder" backend is built, so this is the default — opt into builder with
USE_OLD_DEVTOOLS=false. In old mode all auto-generated HTTP-API tools are disabled and a small client (src/old/) serves:reclaim_authenticate— by default opens the dashboard in Chrome via CDP, waits for sign-in, reads the Firebase token from page storage, and closes the tab (or pass atoken/ethAddressto skip the browser).create_provider_version_from_capture— registers a new provider, or adds a version to an existing one when given aproviderId.get_me_providers— list the providers you own (the only provider-listing tool in this mode).
- Builder (
USE_OLD_DEVTOOLS=false). Registers the auto-generated HTTP-API tools plus the authentication/credential tools (authenticatedevice-pairing login,issue_credentials/import_credentialsto set up the local eth proof-owner key,resolve_owner_key) and a verification-result helper (get_verification_result).
Relevant env vars: RECLAIM_OLD_API_URL (default https://devapi.reclaimprotocol.org), RECLAIM_OLD_API_TOKEN / RECLAIM_OLD_ETH_UID (headless identity), RECLAIM_OLD_LOGIN_URL (default https://dev.reclaimprotocol.org); builder mode uses RECLAIM_API_URL / RECLAIM_API_TOKEN.
Local development (from source)
For working on the package inside the monorepo (consumers should use Install instead). A workspace install just fetches dependencies:
npm installThe ZK circuit resources needed by @reclaimprotocol/attestor-core are not fetched at install time — run_proof downloads them on the first proof (see the first-run note). To pre-fetch them instead of paying the cost on that first proof, run:
npm run download:zk-files --workspace=packages/agentPlatform notes
- Node >=20 is required to run the published package (declared in
engines) — it ships compiledlib/*.js, so no TypeScript type-stripping is needed at runtime. Any line ≥ 20 works, including non-LTS like 25: the one native addon that used to break this,re2, is an optional dependency as of@reclaimprotocol/attestor-core5.0.8 and degrades to nativeRegExpwhen its binary is absent. (The other native dep,koffi, is N-API — ABI-independent, all-platform prebuilts — so it was never version-sensitive.) An LTS line (22/24) is recommended sore2is present for faster, ReDoS-safe matching. Working on the package from a checkout additionally needs Node >=22.18, because the test suite and dev workflow run bare.tsfiles directly and unflagged TypeScript type-stripping landed in 22.18. - Chrome 136+ silently disables
--remote-debugging-portwhen launched against the default user profile.dedicatedmode (the default) sidesteps this by always passing--user-data-dir=~/.reclaim/chrome-profile.
Tests
npm test runs the unit + integration suite (no Chrome needed).
The Chrome CDP end-to-end test at tests/e2e-chrome.test.ts is gated behind an env var. It launches headless Chrome with a dedicated temp profile, captures a navigation against a local fixture server, and asserts the synthesiser finds the right request. To run it:
# bash / macOS / Linux
RECLAIM_AGENT_E2E=1 npm test --workspace=packages/agent
# Windows PowerShell
$env:RECLAIM_AGENT_E2E=1; npm test --workspace=packages/agentRequires Chrome / Chromium / Edge installed somewhere findChromeBinary can locate (or RECLAIM_AGENT_CHROME_PATH set). The test self-skips if no binary is found.
Disabling
The MCP server registers the provider-authoring (Chrome/CDP) tools by default in both modes. To disable them (e.g. in hosted deployments where no local Chrome is available):
RECLAIM_AGENT_DISABLED=1For contributors — wiring a local build into Claude Code / opencode
This section is for working on this package from a checkout. Consumers should use the published package via Install instead.
First build so lib/mcp-bin.js exists, then point your agent at that file by absolute path (not npx):
npm install # once, from the repo root
npm run build --workspace=packages/agent # rebuild after changes (or `npm run dev` to watch)MCP server
Claude Code — register the local binary:
# from the repo root; -s user for a global install (omit for project scope → .mcp.json)
claude mcp add reclaim -- node "$(pwd)/packages/agent/lib/mcp-bin.js"…or add it to .mcp.json yourself, using an absolute path:
{
"mcpServers": {
"reclaim": {
"command": "node",
"args": ["/abs/path/to/builder/packages/agent/lib/mcp-bin.js"]
}
}
}opencode — add to opencode.json (project) or ~/.config/opencode/opencode.json (global), again with an absolute path:
{
"$schema": "https://opencode.ai/config.json",
"mcp": {
"reclaim": {
"type": "local",
"command": ["node", "/absolute/path/to/builder/packages/agent/lib/mcp-bin.js"],
"enabled": true
}
}
}To target a specific backend while developing, add an env block (Claude Code / .mcp.json) or environment (opencode) — e.g. "USE_OLD_DEVTOOLS": "false" for builder mode. See Backends.
Authoring guide
skill/SKILL.builder.md and skill/SKILL.old.md are the sources the how_it_works tool serves — one per backend, so an agent is never shown tools its mode doesn't have. The server picks by USE_OLD_DEVTOOLS. Edit the relevant file and rebuild (npm run build) to update what the tool returns.
