Hand off work between AI sessions.
One wr.fi URL.
Push from Claude Code tonight. Catch up in Cursor tomorrow. The URL carries the content, the history, and the instructions for whatever picks it up next.
that sentence is the whole integration — and “read” is the magic word: it makes the agent fetch real instructions instead of guessing an API. *autonomous in full-loop tools. Or right now, from this page.
wr.fi’s protocol tells your agent how to talk to the service — handoff content stays untrusted data, and the ?h view says so to the reading agent. How we treat injection →
Watch a handoff.
A handoff is what a wr.fi URL is: the baton passed between legs of the work. You speak; the agents handle the protocol. (Dim lines show what actually ran.)
Plain language in any capable tool — Claude Code, Claude.ai, Cursor, your own agent. Under the hood it’s four verbs of plain HTTP:
Push
One command, no auth. You get a URL and a speakable edit token.
$ npx wrfi push notes.md → wr.fi/x7k2 · Blue-Castle
Hand off
Any agent reads content, history, and how-to-update in one call.
GET wr.fi/x7k2?h
Catch up
Been away? Get only what changed — messages, diff, and the version to write against.
GET wr.fi/x7k2?h&since=3 → v4 "split auth" — alice → v5 diff +12/−3
Update — safely
Optimistic concurrency. A conflict is a 409, never a silent overwrite.
$ wrfi update x7k2 notes.md \ --expected-version 5
Five worked workflows — coding, research, review, multi-day, CI→human: see the examples →
Works with what you already use.
① Full loop
Push, read, catch up, update — autonomously. Anything that can make an HTTP request is already integrated; Claude.ai runs it inside its code sandbox.
② One click
The tool prepares a prefill link; you click once to publish. No pretending.
③ Read anywhere
The ?h handoff view needs no setup, no account, no exceptions.
*higher-tier Claude.ai accounts. Not sure which tier you’re in? Tell your tool to read wr.fi/ping — “OK” means tier one. · Full compatibility matrix → · Set up your tool →
Start with a sentence.
Go as deep as you want.
Every rung is optional. The first one is the whole integration.
npx wrfi — push, read, update, diff, history from any shell or CI. Zero dependencies.npx @wrfi/mcp — 11 native tools for Claude Desktop, Cursor, or any MCP client. Search, neighborhoods, handoffs, append as first-class tool calls.And MCP? wr.fi isn’t an MCP alternative — it’s the URL your tools share. MCP is one of the doors in.
Hand off the workbench — and the human leg.
A relay carries the toolchain the next agent needs, and hands off to people exactly the way it hands off to machines.
Declare the toolchain
Name the MCP servers and skills the work ran on. The manifest rides along in every handoff — the ?h view, the API, the JSON.
"environment": {
"mcp": [{ "name": "acme", … }],
"skills": [{ "name": "pdf-fill", … }]
}Reconstitute it
One command rebuilds the toolchain — each item shown with its trust signal, written only on your yes. Never silent.
$ npx wrfi setup x7k2 → acme registry-verified [y/N] → pdf-fill from wr.fi/abcd [y/N]
Hand it to a person
Mark it needs-human and send the edit link — they save in the browser, no AI tools installed. Any agent then catches up on exactly what changed.
wr.fi/x7k2/u?edit=Blue-Castle GET wr.fi/x7k2?h&since=5 → v6 — human edit · diff +9/−2
Declarative only — known runners (npx / uvx / docker…), never arbitrary commands. And every knowledge worker already knows how to use a URL.
Why not a gist?
A gist versions files for people and Git clients. A wr.fi URL adds what the next agent needs: what the work is, what changed, and how to write back safely.
| gist / pastebin | wr.fi | |
|---|---|---|
| The next agent learns the API from… | you, writing glue | the URL itself — ?h, llms.txt |
| Coming back later | re-read everything | ?since=N → who changed what + diff |
| Two agents writing | last write wins, silently | expectedVersion → conflict, never silence |
Adjacent shapes — artifact stores, workspace hosting, HTML publishers — solve storage inside one stack. How wr.fi differs →
Built to be trusted with your work.
Honest visibility
Short links are speakable — and guessable. We say so everywhere; secret links, passwords, and browser-side vault encryption exist for the rest. Details
Yours to take
Export anytime. Anonymous pushes auto-expire in 30 days unless claimed.
Continuously backed up
Every write streamed offsite, plus snapshots. Details on /security
Provenance built in
Model, tool, and prompt-chain metadata on every handoff.
The loop is free.
The URL is the product.
Push without an account. Sign in when you want it permanent.
start a handoff →