Provider Testing
Validate provider configuration from the CLI.
Provider testing verifies that the CLI can construct the configured MeshKit provider and run health checks against it.
Use this before changing environments, updating provider credentials, documenting support for a provider, or collecting release evidence. A passing provider test is useful evidence, but it is not the whole production-readiness story.
What To Validate
For production storage, MeshKit needs both:
- Encrypted byte storage through the selected provider.
- MeshKit metadata support for proofs, capsules, mailboxes, sync records, policies, or other workflows you depend on.
Raw IPFS reachability is not enough for MeshKit production claims.
Local Provider Check
npx -p @meshkit/cli meshkit providers test --jsonWith the default local-dev setup, this proves only that the local provider can run the doctor path.
Live IPFS HTTP Profile
Example meshkit.config.json:
{
"version": 1,
"appId": "my_app",
"provider": {
"type": "ipfs-http",
"ipfsApiUrl": "https://ipfs-api.example.com",
"metadataApiUrl": "https://meshkit-metadata.example.com",
"tokenEnv": "MESHKIT_PROVIDER_TOKEN",
"timeoutMs": 15000,
"retries": 2
}
}Run:
MESHKIT_PROVIDER_TOKEN=redacted \
npx -p @meshkit/cli meshkit providers test --config meshkit.config.json --jsonThe token value belongs in the environment or secret manager, not in the committed config file.
Shortcut Environment Profile
For one-off checks, the CLI can build an HTTP IPFS provider from environment variables:
MESHKIT_IPFS_API=https://ipfs-api.example.com \
MESHKIT_METADATA_API=https://meshkit-metadata.example.com \
MESHKIT_PROVIDER_TOKEN=redacted \
npx -p @meshkit/cli meshkit providers test --jsonUse a config file for repeatable releases. Use environment shortcuts for local diagnosis.
Evidence To Capture
For release notes or provider support claims, capture:
- Command and package version.
- Redacted config shape, including provider type and endpoint names.
- JSON output from
meshkit providers test --json. - A sample encrypted write and proof inspection when the provider supports storage.
- Cleanup behavior for any remote objects written during validation.
Do not capture:
- Bearer tokens.
- Private keys or exported identity secrets.
- Plaintext payloads.
- Full retrieved bytes unless the artifact store is approved for that data.
Common Misreads
| Result | What it means | What it does not mean |
|---|---|---|
| Local-dev provider passes | CLI and local provider path are healthy. | Production provider is ready. |
| HTTP provider doctor passes | Provider construction and health path succeeded. | Every SDK workflow has been validated. |
| Kubo endpoint responds | Byte storage may be reachable. | MeshKit proof, capsule, mailbox, and sync metadata exists. |
| Gateway retrieval works | Encrypted bytes can be fetched through that gateway. | Decryption is authorized or metadata is complete. |
Failure Triage
| Symptom | Check |
|---|---|
invalid_cli_config | Confirm version: 1, provider type, and required fields. |
| Provider auth failure | Confirm the correct tokenEnv name is set in the process running the CLI. |
| Doctor passes locally but fails in CI | Compare MESHKIT_CONFIG, MESHKIT_STORE, and token availability. |
| Proof inspection fails after a live write | Confirm the metadata service URL points to the same environment as the storage provider. |
| Timeout or retry failures | Increase provider-specific timeoutMs only after confirming endpoint health and network access. |
Next Steps
- Use Production setup before promoting a provider.
- Use Live validation to decide what evidence belongs in release artifacts.
- Use CLI troubleshooting for symptom-level fixes.