MeshKit
Reference

Errors

MeshKitError categories and fixes.

MeshKit throws MeshKitError when it can classify a failure. Handle errors by reading code, message, suggestion, and sanitized details.

import { MeshKitError, createMeshkit } from "@meshkit/core";

const mesh = await createMeshkit();

try {
  await mesh.share.openCapsule("missing-capsule");
} catch (error) {
  if (error instanceof MeshKitError) {
    console.error(error.code);
    console.error(error.suggestion);
  }
}

Error Categories

CategoryCodesFirst action
Configurationinvalid_config, invalid_cli_configValidate config shape and environment variables
Providerprovider_http_error, provider_request_failedCheck endpoint, token, network, timeout, and sanitized response
Integrityinvalid_envelope, CID mismatch failuresConfirm bytes and metadata come from the same provider boundary
Identityidentity_not_found, recipient_not_authorized, key_unwrap_failedCheck local identity, recipient public key, and capsule wraps
Sharingcapsule_not_found, share_expired, share_revokedConfirm capsule metadata, expiry, and revocation state
Policypolicy_provider_required, policy_provider_error, policy_deniedConfigure policy provider or update membership
Capabilitiescapability_required, capability_deniedPass or reissue the required capability token
Streaminginvalid_chunk_size, invalid_stream_resume_token, operation_abortedCheck stream options and resume token provenance
Persistencepersistence_not_configuredConfigure a persistence provider
MCP inputinvalid_tool_input, input_too_largeFix schema input or reduce payload size

Safe Logging

Safe:

  • error.code
  • error.suggestion
  • CID
  • provider name
  • capsule ID
  • proof summary

Unsafe:

  • decrypted content
  • private keys
  • provider tokens
  • bearer headers
  • capability token secrets
  • unredacted provider response bodies

Troubleshooting Flow

  1. Identify the error code.
  2. Identify the boundary: config, provider, metadata, identity, policy, runtime, or input.
  3. Run mesh.doctor.run() or CLI meshkit doctor --json.
  4. Confirm the CID, capsule, mailbox, or sync record exists in the same provider boundary.
  5. Fix the boundary before changing encryption logic.

Next Steps

Types

Important MeshKit public types and interfaces.

Configuration

MeshKit provider and runtime configuration reference.

On this page

Error CategoriesSafe LoggingTroubleshooting FlowNext Steps