Reach Capabilities (rcaps) Explained
- Reach capabilities (rcaps) are controlled accessibility mechanisms that name hidden capture sets in Scala and guarantee unique projections in geometric models.
- In geometry, reach quantifies the scale for unique nearest‐point projections, critical for robust manifold estimation and trustworthy latent representation.
- In programming and AI safety, rcaps enable precise capture tracking and safe resource access while requiring minimal code changes in complex systems.
Searching arXiv for the cited papers to ground the article in published work. Reach capabilities, commonly abbreviated rcaps, is a polysemous research term whose meaning depends on disciplinary context. In recent work, it most prominently denotes a mechanism in Scala capture checking for naming the capabilities hidden inside generic “box” types, thereby making capture tracking over generic data structures precise enough for standard collections and asynchronous libraries (Xu et al., 9 Sep 2025). In a distinct but related programming-languages application, tracked capabilities are used as a safety harness for AI agents, where the “reach” of a computation is the set of effects and resources it is statically allowed to access through typed Scala 3 code (Odersky et al., 1 Mar 2026). In geometry and representation learning, “reach” retains Federer’s classical meaning as the scale on which nearest-point projection onto a set remains unique, and recent work interprets the trustworthiness of latent representations in terms of whether a decoder manifold has sufficient local reach to support unique projections (Hauschultz et al., 2022). Across these usages, rcaps functions as a term for controlled accessibility: either accessibility of hidden captures in type systems, accessibility of effects and resources in agent programs, or accessibility of unique nearest-point projections in geometric models.
1. Terminological scope and major lines of usage
The term reach originates in geometric measure theory, where it denotes the largest radius such that every point within that distance of a set has a unique nearest point on the set (Aamari et al., 2017). This geometric notion controls both curvature and self-approach, and it has become central in manifold estimation, reconstruction, topology inference, and related algorithms (Cholaquidis et al., 2021). A recent autoencoder paper uses this exact geometric machinery to ask whether a learned decoder manifold supports unique nearest-point projections and therefore trustworthy latent encodings, introducing a local notion called pointwise normal reach for that purpose (Hauschultz et al., 2022).
In programming-languages research, rcaps is used as the explicit name of a different construct. “What’s in the Box: Ergonomic and Expressive Capture Tracking over Generic Data Structures” introduces reach capabilities as a mechanism for naming “what’s in the box,” meaning the hidden capture sets inside boxed generic values (Xu et al., 9 Sep 2025). The same line of work is then applied to AI-agent safety, where capabilities are tracked statically in Scala 3 and the effective reach of a computation is the set of resources and effects authorized by its capture set (Odersky et al., 1 Mar 2026).
A broader family of papers uses “reach” in yet other technical senses. Hamilton–Jacobi reachability work studies reach-avoid and reach-avoid-stabilize sets for dynamical systems (Gong et al., 14 May 2025), while collider phenomenology uses “mass reach” to describe the scale of new physics accessible to precision Higgs measurements (Peskin, 2022). These usages are terminologically adjacent but conceptually separate from programming-language rcaps.
2. Geometric reach and latent-representation trustworthiness
For a closed set , the reach is the largest radius such that every point within that distance of has a unique nearest point on ; equivalently, it is the distance from to its medial axis (Aamari et al., 2017). In the manifold setting, reach simultaneously bounds local curvature and global bottleneck geometry, and it is therefore a regularity parameter rather than a purely local smoothness constant (Aamari et al., 2017). Positive reach implies strong regularity properties, and for smooth manifolds it is also known as the condition number (Cholaquidis et al., 2021).
In autoencoder geometry, the decoder image
is treated as a learned -dimensional manifold in observation space, and the “best” encoder for a fixed decoder is viewed as nearest-point projection onto that manifold (Hauschultz et al., 2022). The key concern is that an encoder network always returns a single latent vector, whereas the underlying nearest-point projection may be non-unique. This creates the possibility that a latent code is numerically well-defined by the network but geometrically ambiguous with respect to the decoder manifold (Hauschultz et al., 2022).
To formalize this issue, the paper introduces the set of points with unique nearest point,
and uses Federer’s reach to characterize when projection is unique (Hauschultz et al., 2022). Because global reach is controlled by the worst bottleneck anywhere on the manifold, the paper develops a local refinement, the pointwise normal reach
with
and 0 when 1 (Hauschultz et al., 2022). The resulting guarantee is
2
so the local quantity acts as a certificate of uniqueness along the normal direction (Hauschultz et al., 2022).
This leads to what the supplied data describes as reach capabilities in the geometric sense: the ability of the learned manifold to support unique nearest-point projections, and thus reliable latent representations. A plausible implication is that reconstruction error alone is insufficient as a criterion for representation quality; what matters is whether observations lie inside a local unique-projection region. The paper also proposes a differentiable estimator 3 and uses it as a regularizer, reporting learned manifolds for which projections are more often unique than without regularization (Hauschultz et al., 2022).
3. Reach estimation, smoothing, and explicit geometric formulas
The statistical problem of estimating reach was first investigated systematically in “Estimating the Reach of a Manifold” (Aamari et al., 2017). For a compact connected 4-dimensional submanifold 5 without boundary, the paper uses Federer’s formula
6
This shows that reach is governed either by a bottleneck pair or by maximal curvature, yielding a local-global decomposition of how the infimum is attained (Aamari et al., 2017). In the oracle setting where tangent spaces are known, the plug-in estimator
7
always overestimates the true reach, and the paper derives risk bounds for both the global bottleneck case and the local curvature case (Aamari et al., 2017).
A later paper gives a universally consistent estimate of the reach under the sole geometric assumption that the reach is positive (Cholaquidis et al., 2021). Its estimator is graph-based rather than tangent-based: 8 Under compactness, geodesic convexity, and Hausdorff-dense sampling, the estimator eventually brackets the true reach from below and above with relative error tending to zero (Cholaquidis et al., 2021). The same paper also proves an impossibility result: one cannot consistently decide from finite-sample data whether the support of a density has zero reach or positive reach (Cholaquidis et al., 2021).
Recent work on smoothing positive-reach manifolds further enlarges the scope of reach-based reasoning. “A free lunch: manifolds of positive reach can be smoothed without decreasing the reach” proves that any compact manifold of positive reach 9 can be approximated arbitrarily well in the 0 sense by a 1 manifold 2 with
3
for any 4 (Kouřimská et al., 2024). The proof uses local graph representations, convolution kernels, and partitions of unity, and the density statement implies that many theorems established for 5 manifolds with a given reach extend to 6 manifolds of the same reach (Kouřimská et al., 2024). This suggests that positive reach, rather than higher smoothness, is often the essential invariant.
An explicit closed-form reach formula is available for spherical Segre–Veronese manifolds. The reach of 7 is
8
where 9 (Breiding et al., 2023). The reach is the minimum of a curvature obstruction and a bottleneck obstruction, and in this case depends only on the total degree 0, not on the individual dimensions 1 or the partition of 2 (Breiding et al., 2023).
4. Reach capabilities in Scala capture checking
In the programming-languages literature, reach capabilities is a technical term introduced to solve a specific expressiveness problem in Scala capture checking. Earlier systems could track that values captured capabilities, but they could not precisely name the capabilities hidden inside generic containers. As a result, once values were boxed to preserve scope safety in generic APIs, their internal captures became inaccessible and unnamed (Xu et al., 9 Sep 2025).
The central idea of rcaps is to provide names for the deep capture sets hidden inside boxed generic values. If a variable ops has a type such as List[() => T], the elements of the list may themselves capture capabilities. Rcaps gives a stable handle like ops* for the deep capture set reachable through the boxed elements of ops, permitting types such as:
2
This means that the returned iterator captures whatever is reachable through the boxed elements of ops (Xu et al., 9 Sep 2025).
The theoretical foundation for rcaps is System Capless, which replaces the old universal capability notion with explicit existential and universal capture-set quantification (Xu et al., 9 Sep 2025). The syntax includes
3
and typing is written as
4
where 5 is the use set of capabilities employed during evaluation (Xu et al., 9 Sep 2025). The crucial interpretation is that a boxed value previously described using a universal cap is better understood as carrying an existentially hidden capture set, and an rcap is the surface-language witness for that hidden set when the box is reached through a variable (Xu et al., 9 Sep 2025).
The formal account distinguishes shallow from deep captures. The deep capture set is defined recursively, including the clause
6
which expresses that boxed contents still contribute to the deep capture set (Xu et al., 9 Sep 2025). The variable rule in Reacap refines a variable’s type by replacing selected occurrences of CAP with an rcap such as 7, thereby making hidden captures trackable across uses of the container (Xu et al., 9 Sep 2025). The @use annotation is essential because it causes a function application to capture the deep capture set of an argument rather than only its shallow capture set (Xu et al., 9 Sep 2025).
The paper also proves a type-preserving translation from the surface language with lightweight capture notation plus rcaps into the core language with explicit capture quantifiers (Xu et al., 9 Sep 2025). The translation explains how cap in parameter position corresponds to universal quantification, how cap in result position corresponds to existential quantification, and how rcaps are translated through witness mappings. The metatheory is fully mechanized in Lean 4, including proofs of type soundness and scope safety (Xu et al., 9 Sep 2025).
5. Rcapped agent programs and capability-safe harnesses
The same capture-checking machinery is used in work on AI-agent safety, but here the emphasis is on tracked capabilities for safer agents rather than on generic containers alone. In this setting, the agent does not call tools directly. Instead, it expresses its intentions as typed Scala 3 code, and the compiler statically checks which capabilities that code can access (Odersky et al., 1 Mar 2026). A capability is a program value that grants access to an effect or resource of interest, such as a filesystem subtree, a network host set, a process-execution permission, or a classified document token (Odersky et al., 1 Mar 2026).
The basic capture notation is
8
meaning a value of underlying shape 9 that may access capabilities 0 (Odersky et al., 1 Mar 2026). A value with an empty capture set is pure, while function types such as
1
record the capabilities captured by the function (Odersky et al., 1 Mar 2026). This turns capture checking into a form of effect tracking: any effect a computation can perform must be mediated by some capability it captures.
A central construct is Classified[T], whose map method accepts only a pure function T -> U, not a general effectful function. Because a pure function cannot capture capabilities, it cannot write to a file, send a network request, print to stdout, or otherwise exfiltrate classified data (Odersky et al., 1 Mar 2026). The paper uses this to enforce local purity, meaning that a subcomputation can be guaranteed side-effect-free even when the surrounding program is not (Odersky et al., 1 Mar 2026).
The same type discipline enforces scoped capabilities and lifetime control. A typical API is
3
which creates a FileSystem capability for a lexical scope and prevents the result type T from mentioning that local capability (Odersky et al., 1 Mar 2026). This blocks capability escape by return, storage in global variables, or concealment inside closures. The paper introduces a safe mode
4
that disables unchecked casts, unsafe module features, runtime reflection, and other routes by which capability information could be erased (Odersky et al., 1 Mar 2026).
The implementation, TACIT, is an MCP server exposing a Scala 3 REPL with capture checking and a capability-safe library (Odersky et al., 1 Mar 2026). The library mediates access to files, processes, networks, and classified data through scoped APIs, while the type system prevents unsafe combinations. In the reported experiments, classified mode yields 100% security for the evaluated models on the benchmark used in the paper, with utility of 99.2% for Claude Sonnet 4.6 and 90.0% for MiniMax M2.5 on benign tasks (Odersky et al., 1 Mar 2026). The paper also evaluates the setup on 2-bench and SWE-bench Lite, reporting task performance comparable to standard tool calling (Odersky et al., 1 Mar 2026).
6. Related capability and reachability formalisms
Although not using the term rcaps in the same way, several neighboring literatures illuminate the broader idea of controlled reachability.
A cloud-systems paper on code capabilities defines a capability 3 where 4 is a heritage, a chain of certificates,
5
and 6 is the private key of the final principal (Renesse et al., 2012). Authority flows along the certificate chain, and each request is checked against every delegated rights function 7 (Renesse et al., 2012). The paper explicitly describes a directory graph in which “all objects reachable from that directory, subject to the restrictions specified in the rights functions, are accessible to the user,” making reachability an authority notion rather than a geometric one (Renesse et al., 2012). This is not the same as Scala rcaps, but it is a closely related use of capabilities to delimit what can be reached and exercised.
In mixed-language systems, CapsLock uses hardware capabilities plus revoke-on-use to enforce Rust ownership, borrowing, and AXM at machine-code level (Yu et al., 4 Jul 2025). A capability is represented as
8
combining a memory range, permissions, and a parent link in a borrow tree (Yu et al., 4 Jul 2025). On a load or store, overlapping non-ancestor capabilities are implicitly revoked through descendant closure, providing temporal memory safety without explicit software-managed invalidation (Yu et al., 4 Jul 2025). The paper does not introduce rcaps as a separate formal term, but it shows another setting in which capability propagation and restricted accessibility are tracked as a dynamic invariant.
Control theory provides a different branch of the “reach” vocabulary. In Hamilton–Jacobi reachability, the reach-avoid-stabilize problem asks for the set of initial states from which a system can reach a sequence of targets, avoid obstacles over specified time windows, avoid a final obstacle for all future time, and converge to a point of interest (Gong et al., 14 May 2025). The cited work proposes a method based on admissible control sets, yielding an under-approximation of the RAS set and guaranteeing safety (Gong et al., 14 May 2025). This is a reachability notion over state-time trajectories rather than over hidden captures or geometric projections, but it shares the structural idea that a system’s effective capability is a constrained reachable region.
7. Conceptual distinctions and recurring misconceptions
A common source of confusion is treating all uses of “reach” or “capability” as instances of a single formalism. The cited literature does not support that interpretation. In geometry, reach is the distance to loss of uniqueness of nearest-point projection (Aamari et al., 2017). In Scala capture checking, rcaps are names for existentially hidden capture sets inside boxes (Xu et al., 9 Sep 2025). In safer-agent work, tracked capabilities are first-class resources whose accessibility is constrained by capture types (Odersky et al., 1 Mar 2026). In cloud security, capabilities are certificate chains with embedded policy code (Renesse et al., 2012). These traditions overlap in vocabulary and in the broad notion of controlled accessibility, but they are not interchangeable theories.
Another misconception is that uniqueness of representation follows from determinism of an encoder. The autoencoder work explicitly rejects this: the encoder always outputs a single vector, but the corresponding nearest-point projection on the decoder manifold may still be non-unique (Hauschultz et al., 2022). The existence of a single output therefore does not imply a trustworthy latent representation. The relevant geometric property is whether the observation lies in a unique-projection region certified by reach or local reach (Hauschultz et al., 2022).
In the programming-languages setting, it is likewise incorrect to view rcaps as granting new authority. The rcaps paper states that rcaps are names for “what’s in the box,” and the mechanism tracks authority already present in boxed contents rather than inventing additional permissions (Xu et al., 9 Sep 2025). Similarly, the safer-agents paper treats capabilities as explicit program values whose use must already be authorized; the type system prevents unauthorized access, capability escape, and information leakage, but it does not synthesize privileges that were not supplied by the harness (Odersky et al., 1 Mar 2026).
A further misconception is that positive reach requires high smoothness as an independent assumption. The smoothing result shows that any compact manifold of positive reach can be approximated arbitrarily well by a 9 manifold without decreasing the reach by more than an arbitrary 0 (Kouřimská et al., 2024). This suggests that, for many algorithmic purposes, positive reach is the decisive hypothesis and 1 smoothness may be dispensable.
8. Research significance and prospective directions
The significance of rcaps differs by domain. In representation learning, reach-based reasoning reframes autoencoder quality from mere reconstruction performance to uniqueness and trustworthiness of latent codes (Hauschultz et al., 2022). In manifold inference, explicit reach estimation, universal consistency results, and smoothing theorems expand the range of settings in which reach can be used as a robust geometric regularity parameter (Aamari et al., 2017, Cholaquidis et al., 2021, Kouřimská et al., 2024). In cases such as Segre–Veronese manifolds, reach is computable in closed form, giving precise validity thresholds for unique nearest-point approximation and tubular neighborhood formulas (Breiding et al., 2023).
In programming languages, rcaps resolves a bottleneck that had prevented capture checking from scaling to generic collections. The migration reported in the Scala paper is correspondingly notable: the entire Scala collections library was ported, only about 3% of lines changed overall, almost 90% of function signatures stayed the same, and the collections library required less than 5% LoC changes (Xu et al., 9 Sep 2025). This suggests that reach capabilities make precise capture tracking compatible with large production libraries rather than only with toy calculi.
In agent safety, tracked capabilities provide a static alternative to purely behavioral guardrails. The safer-agents work argues that capability safety, capability completeness, and local purity form the core organizing principles for a safety harness that blocks information leakage and malicious side effects at compile time (Odersky et al., 1 Mar 2026). A plausible implication is that rcaps-style tracking may become a foundational technique for typed tool-use substrates, especially where prompt injection and least-privilege enforcement must be handled compositionally rather than heuristically.
Taken together, the literature presents rcaps not as a single cross-disciplinary formal object, but as a recurrent answer to a common technical problem: how to represent, estimate, or constrain the domain within which some operation remains well-defined and trustworthy. In geometry that domain is the unique-projection neighborhood of a set; in capture typing it is the hidden capture structure reachable through boxes; in safer-agent programming it is the statically authorized effect and resource footprint of code.