Skip to main content
NMP Architecture Diagram NMP operates on a fundamentally different paradigm than traditional REST APIs or the Model Context Protocol (MCP). It abandons the client-server hub-and-spoke JSON-RPC model in favor of a decentralized, binary push model. By orchestrating Logic-on-Origin, NMP eliminates data gravity constraints, allowing Agent logic to travel to the dataset rather than forcing the dataset to travel to the Agent.

Protocol Scope

NMP comprises several foundational pillars:
  • NMP Specification: The standardized implementation of Protobuf messages, libp2p routing, and WASI binary execution constraints.
  • NMP SDKs: Official TypeScript and Rust libraries to seamlessly integrate the mesh into existing applications.
  • NMP Runtimes: The core engine (usually wasmtime) that performs the mathematical sandboxing.
Similar to MCP, NMP is agnostic to the LLM model used beneath the hood. It strictly standardizes how the context and logical execution are securely exchanged.

Mesh Participants

In the Neural Mesh, every node is a Peer, but they assume distinct roles based on their computational purpose:
  • Host System: The underlying operating system, database, or device that holds the proprietary raw data.
  • Data Node (Server): A specialized NMP peer running adjacent to the Host System. It initializes the WASI sandbox and awaits remote modules. It protects the Host from malicious execution.
  • Agent Node (Client): Typically an Autonomous AI. It generates dynamic WebAssembly bytes (.wasm) mapped to an intent, and pushes these bytes into the Mesh to find corresponding Data Nodes.

System Layers

To ensure ultra-low latency and maximum security, NMP is strictly divided into two technical layers, orchestrated through mathematically verifiable pipelines.
NMP Topology Architecture

1. Transport Layer (libp2p & QUIC)

The transport layer handles discovering peers and establishing unbreakable connections.
  • Network Protocol: Uses QUIC, which natively supports multiplexing without UDP head-of-line blocking, and TCP/WebSockets for Edge/Browser compatibility.
  • Cryptography: Initial handshakes utilize the Noise Protocol (Ed25519) combined with Symmetric Authenticated Envelopes (AES-256-GCM), deeply rooted in Post-Quantum Cryptography (ML-KEM-768 / Kyber).
  • Routing: Utilizes a highly optimized Kademlia Distributed Hash Table (DHT). Agent nodes do not need hardcoded IP addresses or centralized DNS; they merely ask the Mesh “Who can fulfill this request?”, and Kademlia routes the binary payload autonomously.

2. Data Layer (Protobuf & Tonic)

Once the transport layer connects the Agent and Data nodes, the Data Layer dictates the structure of the execution request.
  • Encoding: Abandons bulky JSON representations. All messages are tightly packed binary Protocol Buffers (.proto).
  • RPC Framework: Uses Tonic (gRPC) for lightning-fast bidirectional streaming.
  • Payload Structure: The Data Layer defines the LogicRequest and LogicResponse primitives, transmitting the WASM AST, capability identifiers, and cryptographic proofs (ZK-Receipts).

3. Verification & Isolation Layer (Execution)

The final boundary before touching bare metal.
  • Guardian AST Validation: Scans WebAssembly import trees looking for Host-Escape vulnerabilities before sandbox initialization.
  • Hardware Enclaves (TEEs): Optionally bootstraps the entire wasmtime engine inside an Intel SGX or AWS Nitro enclave, shielding the RAM from server administrators.
  • Zero-Knowledge Evidence: Optionally leverages zkVMs (like RISC Zero) so the server returns the requested insight mathematically sealed, guaranteeing the compute wasn’t tampered with.

The Logic-on-Origin Journey

Animated Logic-on-Origin Flow
Here is the exact lifecycle of an NMP execution, reflecting a 1:1 parity between our Architectural Models, Rust Backend, and Node.js SDK:

1. The Client Emitter (TypeScript Client)

  • WebAssembly Compilation: The LLM’s dynamic logic is evaluated and transformed into a .wasm binary stream.
  • Client AST Sentinel (GuardianTS): Before network emission, a pre-flight heuristic inspection blocks illegal bounds or malicious footprints from polluting the protocol.
  • Post-Quantum Key Exchange: The SDK generates a Kyber768 secret, mathematically defeating Harvest Now, Decrypt Later attacks.
  • Payload Encryption: The .wasm intent is hermetically sealed within an AES-256-GCM envelope using random generation nonces.

2. The Kademlia Transit (Zero-Trust Mesh)

  • Libp2p Transport: Packets traverse the decentralized mesh using ultra-low latency TCP/QUIC bounds.
  • Multiplexed Secure Streams: Yamux orchestrates thousands of parallel requests simultaneously, while raw connection traffic is armored via Noise protocol handshakes.

3. The Origin Ingestion (Rust Server)

  • Transport Terminator: The Data Node unwraps the Kyber secret and applies AES-256-GCM decryption natively, extracting the core payload.
  • AST Guardian (Zero-Time Sentinel): The Rust wasmparser dissects the incoming Abstract Syntax Tree. Any illegal Host imports trap the logic instantly in zero-time.
  • Wasmtime / WASI Sandboxing: Bytecode Alliance’s engine boots a hyper-constrained memory boundary. The logic loops safely over Gigabytes of Host Data with absolute zero network overhead.

4. Mathematical Return (ZK-Receipt)

  • Mathematical Proof: Optionally, RISC Zero a zkVM generates a cryptographic Journal and cryptographically proven Seal (ZK-Receipt) of the execution.
  • Result Streaming: The microscopic findings return through the gRPC Yamux Multiplex, empowering the Agent with final mathematical certainty.
This E2E architecture embodies the exact code in production, providing theoretical maximum speeds for Autonomous AI Agents along with Enterprise-grade Zero-Trust privacy that is fully auditable.