The idea: humans, devices and AI over the same tunnel
A classic remote desktop connects a person to a machine. NodalDesk does that well, but the tunnel that moves screen, audio and control doesn't care who's on the other end. If a person can see a screen and move the mouse through it, an AI with permission could too. That's the direction: making your machines operable by humans and by agents, over the same path and under the same rules.
What's done today
It's not a promise about the future: it's code that already exists and that we tested live. There's an agent channel with concrete pieces.
- Real per-tool permissions. You can allow or deny screen reading, screenshots, video frames, monitors, audio and input actions. If you disable a tool for an agent, that capability is actually cut off.
- Semantic typing. Instead of simulating key by key (which trips on accents and symbols), the host understands an order to type a text and enters it reliably.
- Screen reading. The agent can read the real structure of what's on screen through the system's accessibility layer, not just an image. It knows which buttons and fields exist, not only which pixels show.
- SDK, CLI and MCP. An external AI can connect with a node token to operate one specific machine, or with an account token to list the authorized node agenda.
- A place for you to be in charge. In the panel there's an Agents section where you see which AI has access to each machine, adjust what it can do (see, control, hear…), review its activity and cut off access whenever you want.
With those pieces, something happened that marks the milestone for us: an agent operated a real computer through the NodalDesk tunnel —it saw the screen and moved the mouse and keyboard on a Windows machine— with permission and everything logged. Not a recorded demo: the real channel, working.
Permission first. Always.
An AI operating your machine only makes sense if you're in charge. That's why authorization doesn't live in the cloud and can't be granted from outside: the approval happens on the machine itself, locally. No one —not an AI, not anyone remote— can self-approve access to your machine from a distance. The door opens from the inside.
And access is revocable. Just like any other device on your account, you can block, withdraw permission and inspect activity. A new device comes in with limited trust and is elevated explicitly, not the other way around.
With everything logged
Giving an agent hands without leaving a trace would be a bad deal. The piece that makes this acceptable is traceability: knowing what connected, when and what it did. It's not about blindly trusting the AI, it's about being able to look afterwards and understand exactly what happened. Explicit permission and a clear log are the two conditions, not an optional extra.
What this still isn't
Here's the honest part. This is not total autonomy and it is not an AI that can approve itself. The owner stays in charge, the agent starts limited, and every capability is granted or cut off explicitly. The strongest integration path is still technical —SDK/MCP/tokens—, not a one-click marketplace of agents for every user. And while Linux, Windows and Android hosts are now part of the product, each installer cut is validated before we use it as external proof. We're telling it because the foundation is standing, not because we can stop being strict.
Why we built it this way
The coming years will need AIs with hands: to see a screen, fill in a form, fix something on a machine that's far away. The question isn't whether it will happen, but under what rules. We'd rather it happens with the owner's permission, with a door that opens from the inside and with everything logged. NodalDesk wants to be that place: the tunnel through which a human or an AI reaches a machine, without anyone losing control of what's theirs.