Skip to main content
The NmpClient class is the orchestrator for Agent Nodes. It connects your Node.js or edge application to the Kademlia DHT Mesh, validates cryptographic identities, and dispatches WebAssembly logic payloads directly to remote Data Nodes (Servers). Unlike traditional REST clients that just <fetch> static JSON endpoints, an NmpClient literally pushes its logic functions across the internet to be executed natively at the server.

Initialization and Configuration

Connecting to the Mesh requires instantiating the client with identification metadata and security properties. 
import { NmpClient } from "@nekzus/neural-mesh";

const client = new NmpClient(
  {
    name: "ForensicLogAgent",
    version: "1.0.0",
  },
  {
    // Enable Post-Quantum Handshakes and core routing
    capabilities: {
      roots: { listChanged: true },
      quantumResistant: true 
    },
  }
);

Configuration Options

When creating an NmpClient, the second argument configures its network footprint:
  • capabilities.roots: Declares if this agent supports specific protocol standards (like root hierarchy changes notifications).
  • capabilities.quantumResistant: Forces the client to enforce Post-Quantum Handshakes (Kyber768) and symmetric encryption (AES-256-GCM) when dispatching WASM binaries to remote Data Nodes, guaranteeing maximum security against quantum decryption algorithms.

Connecting to the Mesh

Unlike MCP which requires a direct stdio pipe or a hardcoded SSE URL, NMP uses decentralized peer-to-peer routing. You provide a Peer ID (the unique Ed25519 identity of the Server you want to reach), and libp2p handles NAT traversal automatically. 
// Connect to the Mesh network backbone
await client.connect();

console.log(`Agent Mesh ID: ${client.peerId}`);

Calling a Server Capability (Tool)

Once connected, you can invoke capabilities exposed by any Data Node you trust. Under the hood, the SDK will bundle your intent into WASM and inject it over gRPC. 
try {
  // Querying a 'remote-database' peer for an intensive SQL task
  // The server executes the logic natively taking 0 network bandwidth
  const result = await client.callTool(
    "PeerID_of_Database_Node_123",
    "execute_complex_sql",
    { 
      query: "SELECT * FROM petabytes_table WHERE anomaly_detected = true" 
    },
    { requireZkReceipt: true } // Mathematically verify the execution!
  );

  console.log("Mathematical Result returned:");
  console.log(result.content[0].text);
} catch (error) {
  console.error("Capability Injection rejected or failed:", error);
}

Creating Watchdogs (Push Subscriptions)

The true power of Logic-on-Origin is the ability to spawn Watchdogs. Instead of manually polling client.callTool() every 5 seconds, you upload a persistent watcher module. 
// Deploy a persistent watcher module to a server
await client.deployWatchdog(
  "PeerID_Server_999",
  "cpu_surge_monitor",
  (event) => {
    // This callback will only fire when the server pushes an event 
    // asynchronously over the multiplexed QUIC channel.
    console.log("🚨 SURGE DETECTED ON REMOTE:", event);
  }
);

Cryptographic Validation (The ZK Shield)

While the network layer is encrypted using symmetric AES-256-GCM, the NmpClient fundamentally doubts the execution origin. When callTool returns from the remote Data Node, the payload might contain an image_id hash or a zk_receipt (if the server is running inside a TEE). To mathematically prove the server executed the exact WASM binary you originally sent (and not a tampered one), you must invoke the cryptographic verifier: 
const isAuthentic = await client.verifyZkReceipt(
  wasmPayload, 
  remoteResult.image_id, 
  remoteResult.zk_receipt
);

if (!isAuthentic) {
  throw new Error("🚨 FATAL: Mathematical Proof Mismatch (Hack Detected)");
}
Note: The NmpMcpBridge automatically runs this capability natively on behalf of legacy MCP clients, intercepting any hallucinated JSONs automatically.

Error Handling & Zero-Trust Rejections

Because the Server enforces a strict WASI sandbox and uses the Zero-Time Guardian to inspect your .wasm payload BEFORE execution, your client must be prepared to handle sandbox rejections. 
import { NmpError, ErrorCode } from "@nekzus/neural-mesh";

try {
  await client.callTool("PeerID", "read_file", { path: "/etc/passwd" });
} catch (error) {
  if (error instanceof NmpError) {
    if (error.code === ErrorCode.CapabilityViolation) {
      console.error("🚨 Sandbox Execution Halted: Unauthorized file system access attempted.");
    }
  }
}