MeshKit
Providers

Lit Policy

Policy-backed sharing and authorization boundaries.

HttpLitPolicyProvider connects MeshKit sharing to a Lit-compatible HTTP policy service. MeshKit asks that service whether a policy-bound open should proceed.

This is an HTTP policy-provider boundary, not a full Lit JS client embedded in Core. The service behind the endpoint owns policy records, membership, expiry, audit events, and fail-closed authorization decisions.

Configure Policy

{
  "version": 1,
  "provider": {
    "type": "ipfs-http",
    "ipfsApiUrl": "https://ipfs-api.internal.example",
    "metadataApiUrl": "https://meshkit-metadata.internal.example",
    "tokenEnv": "MESHKIT_PROVIDER_TOKEN"
  },
  "policy": {
    "type": "lit-http",
    "endpoint": "https://policy.internal.example",
    "tokenEnv": "MESHKIT_POLICY_TOKEN"
  }
}

Create A Policy

import { createMeshkit, HttpLitPolicyProvider, LocalDevProvider } from "@meshkit/core";

const mesh = await createMeshkit({
  provider: new LocalDevProvider(),
  policy: new HttpLitPolicyProvider({
    endpoint: process.env.MESHKIT_POLICY_ENDPOINT!,
    token: process.env.MESHKIT_POLICY_TOKEN,
  }),
});

const policy = await mesh.policies.create({
  name: "finance-review",
  members: ["alice"],
  expiresIn: "7d",
});

console.log(policy.id);

Policy-bound shares require the same policy provider when opening:

const capsule = await mesh.share.file(file).with("alice", {
  policyId: policy.id,
});

const opened = await mesh.share.openCapsule(capsule, {
  as: "alice",
});

Fail-Closed Behavior

If a capsule requires policy authorization and the policy provider is missing, unavailable, or denies access, MeshKit does not decrypt.

Common errors:

  • policy_provider_required
  • policy_provider_error
  • policy_denied

Service Responsibilities

The policy service should own:

  • policy membership
  • policy expiry
  • policy audit events
  • authorization decisions
  • token validation
  • safe error responses

MeshKit sends the policy ID, identity, action, CID, capsule ID, vault ID, and capability context needed for the decision.

Production Caveats

  • Do not rely on cached allow decisions for policy-backed opens unless your product explicitly accepts that risk.
  • Use separate policy tokens from storage and metadata tokens.
  • Keep policy membership and recipient identity verification aligned.
  • Preserve audit logs for denied and allowed opens.

Next Steps

Filecoin

Filecoin persistence bridge behavior and launch boundaries.

Production Setup

Provider configuration, credentials, validation, and failure modes.

On this page

Configure PolicyCreate A PolicyFail-Closed BehaviorService ResponsibilitiesProduction CaveatsNext Steps