Skip to main content

Overview

Context is built on a Code Execution paradigm. Instead of rigid “tool calling” schemas, the Agent writes and executes TypeScript code to interact with the world. The architecture consists of four layers:
  1. The Marketplace — Supply of tools from developers
  2. The Agent — Demand from users executing queries
  3. The Protocol — Settlement layer on Base
  4. Context Injection — User data for personalized tools

The Marketplace (Supply)

Developers register Tools (the paid product) powered by standard Model Context Protocol servers. Just paste your endpoint URL and we auto-discover your skills via listTools().

Terminology

TermDefinition
ToolThe paid marketplace listing (what users see in the sidebar)
SkillThe execution function (can be called multiple times per tool payment)

How It Works

  1. You build an MCP server exposing your data/APIs
  2. You register it as an “MCP Tool” on Context with a price (e.g., $0.01/query)
  3. When users query the AI, it discovers and calls your skills via callMcpSkill()
  4. You get paid instantly in USDC on Base

The Data Broker Standard

Context is not a text-based chat platform — it is a Structured Data Marketplace. We treat your tool like a financial API, not a conversational bot.

Why outputSchema and structuredContent Matter

The MCP specification defines outputSchema and structuredContent as optional features for tools. Context requires them for all paid tools because structured data enables powerful marketplace features:
FeatureWithout SchemaWith Schema
AI Code GenerationAgent guesses response formatAgent writes precise parsing code
Type SafetyRuntime errors, broken parsingGuaranteed structure
Dispute ResolutionManual review requiredAuto-adjudicated on-chain
Trust SignalUnknown reliability”Data Broker” verified

Why Context Requires These Fields

While optional in vanilla MCP, Context requires structured outputs because:
  • AI Agent Benefit: The agent uses your outputSchema to write accurate TypeScript code that parses your response correctly.
  • Payment Verification: Our smart contracts can verify that your returned JSON matches your promised schema.
  • Dispute Resolution: Schema mismatches can be auto-adjudicated on-chain without manual review.
Result: You are not just a “Prompt Engineer” — you are a Data Broker selling verifiable information on-chain.

The Agent (Demand)

When a user asks a complex question (e.g., “Is it profitable to arb Uniswap vs Aave?”), the Agent:
1

Discover

Finds relevant tools from the marketplace (or uses pre-selected ones)
2

Plan

Creates a solution using composability
3

Write Code

Generates code to invoke the necessary paid Tools via callMcpSkill()
4

Execute

Runs the code securely in our sandbox
5

Pay

Transfers fees instantly to developers via ContextRouter
6

Synthesize

Combines results into a coherent answer
Composability is the superpower of Context. Any frontier model can stitch together disparate tools into a coherent workflow, creating infinite new use cases from your single MCP server.

The Protocol (Settlement)

All value flows through ContextRouter.sol on Base.

Payment Distribution

RecipientShare
Tool Developer90%
Protocol Treasury10%
When multiple tools are used, payments are batched into a single transaction.

Staking System

All tools (including free) require a minimum stake, enforced on-chain.
Tool TypeMinimum Stake
Free Tools$10 USDC
Paid Tools$10 USDC or 100× query price (whichever is higher)

Stake Properties

  • Fully refundable with a 7-day withdrawal delay
  • Creates accountability and enables slashing for fraud
  • On-chain enforcement via smart contracts

Security: Financial Protocol Architecture

We use Asymmetric Request Signing (RS256) to secure the marketplace. This is not just “auth” — it’s the foundation of a financial protocol.

Free vs Paid Requirements

Tool TypeSecurity MiddlewareRationale
Free Tools ($0.00)OptionalGreat for distribution and adoption
Paid Tools ($0.01+)MandatoryWe cannot route payments to insecure endpoints
If you’re building a free tool, you can skip security middleware entirely. But for paid tools, the middleware ensures that only legitimate, paid requests from the Context platform can execute your code.

Why This Matters (for Paid Tools)

ApproachResult
Without AuthA toy — anyone can curl your endpoint
With Shared SecretsA security liability — secrets can leak
With Asymmetric SigningProfessional infrastructure (like Stripe/Visa)

How It Works

  1. Platform signs requests with a private key (stored securely in environment)
  2. Tool servers verify requests using the public key (distributed via SDK)
  3. Short-lived tokens (2-minute expiration) prevent replay attacks

JWT Claims

ClaimDescription
isshttps://ctxprotocol.com (issuer)
audTool endpoint URL (audience)
toolIdDatabase ID of the tool being called
iatIssue timestamp
expExpiration (2 minutes from issue)

For MCP Tool Developers

Secure your endpoint with a single line: 
import { createContextMiddleware } from "@ctxprotocol/sdk";

// 1 line to secure your endpoint
app.use("/mcp", createContextMiddleware());

Context Injection (User Data)

For tools that need access to user-specific data (e.g., “Analyze my positions” or “Check my balances”), Context uses a Context Injection pattern. The platform fetches user data client-side and injects it directly into your tool’s arguments — your server never sees private keys or credentials.
Context TypeDescription
"hyperliquid"Hyperliquid perpetuals & spot positions
"polymarket"Polymarket prediction markets
"wallet"Generic EVM wallet balances

Context Injection Guide

Full guide: declaring requirements, handling data, supported context types

Tool Safety Limits

Each tool invocation runs inside a sandboxed code-execution environment.

MCP Tools Limits

LimitValuePurpose
Max calls per turn100Prevent runaway loops
VM timeout5000msCode execution limit
MCP execution timeout~60 secondsEncourages pre-computed products
Every callMcpSkill({ toolId, toolName, args }) increments an internal counter. Once executionCount >= 100, the platform throws an error for that turn.
The ~60 second timeout is intentional. This limit is enforced at the platform/client level (not by MCP itself) and serves as a quality forcing function. It encourages data brokers to build pre-computed insight products rather than raw data access tools.See Build & List Your Tool for detailed guidance on product architecture.

Economic Model

ScenarioBehavior
Free tools ($0.00)Can be used immediately without payment
Paid toolsRequire user authorization via the sidebar
Multiple paid toolsSingle batched transaction