concepts
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseContextVM Concepts
ContextVM核心概念
Core concepts, architectural decisions, and common questions about ContextVM.
关于ContextVM的核心概念、架构决策及常见问题。
What is ContextVM?
什么是ContextVM?
ContextVM is a protocol that liberates the Model Context Protocol (MCP) by running it over Nostr—a simple, open communication network built on cryptographic, censorship-resistant, and permissionless foundations.
Rather than relying on centralized infrastructure like domains, OAuth, or cloud hosting, ContextVM allows anyone to run or access services using only Nostr and an internet-connected device.
Key Insight: ContextVM operates at the transport layer, meaning existing MCP servers and clients can be used without code changes through the Gateway and Proxy tools.
ContextVM是一种协议,它通过在Nostr(一个基于密码学、抗审查且无需许可的简单开放通信网络)上运行,将模型上下文协议(MCP)从中心化限制中解放出来。
无需依赖域名、OAuth或云托管等中心化基础设施,ContextVM允许任何人仅通过Nostr和联网设备即可运行或访问服务。
核心要点:ContextVM运行在传输层,这意味着现有的MCP服务器和客户端无需修改代码,即可通过Gateway和Proxy工具直接使用。
Why Run MCP Over Nostr?
为何在Nostr上运行MCP?
Running MCP over Nostr eliminates traditional infrastructure barriers:
| Traditional Requirement | Nostr Solution |
|---|---|
| Domain name + DNS | Not needed |
| Static IP address | Not needed |
| OAuth/API keys | Built-in public key cryptography |
| Public hosting | Any device with internet |
| Port forwarding | Outbound-only relay connections |
Nostr provides:
- Identity via public/private key cryptography
- Discovery through service announcements on relays
- Transport via signed and encrypted events
- Payments (optional) using Bitcoin and Lightning Network
在Nostr上运行MCP可消除传统基础设施的诸多障碍:
| 传统需求 | Nostr解决方案 |
|---|---|
| 域名 + DNS | 无需 |
| 静态IP地址 | 无需 |
| OAuth/API密钥 | 内置公钥密码学 |
| 公共托管服务 | 任何联网设备均可 |
| 端口转发 | 仅需出站中继连接 |
Nostr提供以下能力:
- 通过公钥/私钥密码学实现的身份认证
- 通过中继上的服务公告实现的服务发现
- 通过签名和加密事件实现的数据传输
- (可选)使用Bitcoin和Lightning Network实现的支付功能
Decentralization Model
去中心化模型
ContextVM uses Nostr relays as a distributed message bus:
Client ⇄ Nostr Relay(s) ⇄ Server- No central directory or gatekeeper
- Anyone can run a server and announce it (or keep it private)
- Servers can connect to multiple relays for redundancy
- Services can go offline and come back online without breaking references
ContextVM将Nostr中继作为分布式消息总线:
客户端 ⇄ Nostr 中继(多个) ⇄ 服务器- 无中心目录或网关
- 任何人都可以运行服务器并发布服务公告(或保持私有)
- 服务器可连接多个中继以实现冗余
- 服务可以离线后重新上线,不会破坏引用关系
The Dual API Advantage
双API优势
ContextVM presents a unique dual API that lets you write your server once and make it accessible to both humans and machines:
For Developers: Build web apps, desktop applications, or CLI tools that interact with ContextVM servers directly using standard MCP patterns.
For AI Agents: LLMs operate the same service naturally through MCP's self-documenting capabilities (tools/list, schemas, etc.).
Build Once, Deploy Everywhere: Your service becomes a reusable component accessible through code, web interfaces, or AI agents.
ContextVM提供独特的双API,让你只需编写一次服务器代码,即可同时向人类和机器开放访问:
面向开发者:构建Web应用、桌面应用或CLI工具,使用标准MCP模式直接与ContextVM服务器交互。
面向AI Agents:大语言模型(LLM)可通过MCP的自文档能力(tools/list、schemas等)自然地使用同一服务。
一次构建,随处部署:你的服务将成为可复用组件,支持通过代码、Web界面或AI Agents访问。
Public vs Private Servers
公共服务器 vs 私有服务器
| Feature | Public Server | Private Server |
|---|---|---|
| Announcements | Published to relays | Not published |
| Discovery | Via relay queries | Known public key only |
| Access Control | Open or whitelisted | Whitelisted |
| Encryption | E2E encrypted | E2E encrypted |
| Payments | Optional | Optional |
Use Private Servers For: Personal tools, team infrastructure, sensitive operations, development/testing.
| 特性 | 公共服务器 | 私有服务器 |
|---|---|---|
| 服务公告 | 发布到中继 | 不发布 |
| 服务发现 | 通过中继查询 | 仅需已知公钥 |
| 访问控制 | 开放或白名单制 | 白名单制 |
| 加密 | 端到端加密 | 端到端加密 |
| 支付 | 可选 | 可选 |
私有服务器适用场景:个人工具、团队基础设施、敏感操作、开发/测试环境。
Network Topology
网络拓扑结构
Communication flows through three actors:
- Client: MCP client using ContextVM Proxy or SDK
- Relay(s): WebSocket servers routing encrypted events
- Server: Service using ContextVM Gateway or SDK
Flow:
- Server optionally publishes announcement to relays
- Client discovers service (public) or uses known pubkey (private)
- Client sends encrypted request via relays
- Server receives, decrypts, processes, responds
All messages are signed and end-to-end encrypted (NIP-44).
通信通过三类角色进行:
- 客户端:使用ContextVM Proxy或SDK的MCP客户端
- 中继(多个):路由加密事件的WebSocket服务器
- 服务器:使用ContextVM Gateway或SDK的服务
通信流程:
- 服务器(可选)向中继发布服务公告
- 客户端发现服务(公共服务器)或使用已知公钥访问(私有服务器)
- 客户端通过中继发送加密请求
- 服务器接收、解密、处理并响应请求
所有消息均经过签名并采用NIP-44协议进行端到端加密。
ContextVM vs Traditional Remote MCP
ContextVM vs 传统远程MCP
| Requirement | Traditional MCP (HTTP/SSE) | ContextVM |
|---|---|---|
| Domain name | Required | Not needed |
| DNS configuration | Required | Not needed |
| Static IP | Required | Not needed |
| Port forwarding | Required | Not needed |
| TLS certificate | Required | Implicit via encryption |
| Authentication | OAuth/API keys | Built-in pubkey crypto |
| Hosting | Cloud VM/VPS | Any device |
| Discovery | Centralized directories | Decentralized relays |
| Censorship resistance | Low | High |
| 需求 | 传统MCP(HTTP/SSE) | ContextVM |
|---|---|---|
| 域名 | 必需 | 无需 |
| DNS配置 | 必需 | 无需 |
| 静态IP | 必需 | 无需 |
| 端口转发 | 必需 | 无需 |
| TLS证书 | 必需 | 通过加密隐式实现 |
| 身份认证 | OAuth/API密钥 | 内置公钥密码学 |
| 托管 | 云虚拟机/虚拟专用服务器 | 任何设备 |
| 服务发现 | 中心化目录 | 去中心化中继 |
| 抗审查能力 | 低 | 高 |
Authentication
身份认证
Authentication is built into Nostr's public key cryptography:
- Every request is signed by the client's private key
- Servers verify signatures to confirm identity
- Server operators can:
- Allow all signed requests (open access)
- Whitelist specific public keys (private access)
- Require payment before processing
No OAuth, passwords, or API keys needed.
身份认证内置在Nostr的公钥密码学体系中:
- 每个请求均由客户端的私钥签名
- 服务器通过验证签名确认身份
- 服务器管理员可:
- 允许所有已签名的请求(开放访问)
- 仅允许特定公钥访问(私有访问)
- 要求先完成支付再处理请求
无需OAuth、密码或API密钥。
Security
安全性
All client-server communication is end-to-end encrypted using NIP-44:
- Messages encrypted to recipient's public key
- Only intended party can decrypt
- Compromised relays cannot read content or impersonate parties
- Ensures confidentiality, integrity, and non-repudiation
所有客户端-服务器通信均采用NIP-44协议进行端到端加密:
- 消息加密为接收方的公钥
- 仅目标接收方可解密
- 中继被攻破也无法读取内容或冒充任何一方
- 确保机密性、完整性和不可否认性
MCP Possibilities Beyond AI
MCP的非AI场景应用
MCP is a protocol for invoking remote functions—any computational task, not just AI:
- SSH Access Portal: Secure remote machine access
- Encryption as a Service: GPG operations in sandboxed environment
- Data Processing: Validate, transform, analyze data on demand
- Code Sandbox: Execute untrusted code safely
- IoT Command Hub: Trigger physical actions remotely
- Math & Simulation: Complex calculations or symbolic math
MCP是一种调用远程函数的协议——适用于任何计算任务,不仅限于AI:
- SSH访问门户:安全的远程机器访问
- 加密即服务:在沙箱环境中执行GPG操作
- 数据处理:按需验证、转换和分析数据
- 代码沙箱:安全执行不受信任的代码
- IoT命令中心:远程触发物理动作
- 数学与仿真:复杂计算或符号数学运算
Getting Started
快速开始
Deploy a Server (Gateway)
部署服务器(Gateway)
bash
gateway-cli --private-key "your-key" \
--relays "wss://relay.nostr.org" \
--server "python my-mcp-server.py" \
--public # omit for private serverbash
gateway-cli --private-key "your-key" \
--relays "wss://relay.nostr.org" \
--server "python my-mcp-server.py" \
--public # 私有服务器可省略此参数Connect a Client (Proxy)
连接客户端(Proxy)
bash
proxy-cli --private-key "your-key" \
--relays "wss://relay.nostr.org" \
--server-pubkey "npub1..."bash
proxy-cli --private-key "your-key" \
--relays "wss://relay.nostr.org" \
--server-pubkey "npub1..."Build Native (SDK)
原生开发(SDK)
Use for TypeScript applications with and .
@contextvm/sdkNostrServerTransportNostrClientTransport在TypeScript应用中使用,搭配和。
@contextvm/sdkNostrServerTransportNostrClientTransportReferences
参考资料
- — Protocol overview
../overview/SKILL.md - — Gateway usage
../server-dev/references/gateway-pattern.md - ContextVM Docs
- GitHub
- — 协议概述
../overview/SKILL.md - — Gateway使用指南
../server-dev/references/gateway-pattern.md - ContextVM Docs
- GitHub