The idea of running tools locally while making them globally accessible is a huge leap forward. I’m curious about the security and privacy aspects—how does the protocol ensure data integrity and user privacy when tools are shared across the network? Also, how can the community contribute to refining the draft specification?
Discussion
There are several things to understand around security and privacy. The mcps run locally in your hw, and you don't have to do any port forwarding or deal with networking stuff, you just need a connection to the internet and nostr takes care of the rest, also the api is pretty limited to the tools available, so it's solidly secure. About privacy, we use nostr, so if you use public relays people can see your interactions with dvms, these can be encrypted of course. But you can also use a private relay with auth or whatever and that would also hide your activity for the network. The cool thing is that it can be both private and public, where public also brings all the goodies that dvms are exploring with job chaining and so on. To contribute there is a signal group and the repo I created, and probably move to an organisation
https://github.com/gzuuus/dvmcp
https://signal.group/#CjQKIOgvfFJf8ZFZ1SsMx7teFqNF73sZ9Elaj_v5i6RSjDHmEhA5v69L4_l2dhQfwAm2SFGD