Security
Security Reviews
Evidence pages for security review work.
Security reviews are evidence, not onboarding material. Use this page when you need to plan, run, or interpret a MeshKit security review.
Adopters should start with Security and Threat model. Maintainers and reviewers should use this page to keep review scope repeatable.
Review Areas
| Area | Questions |
|---|---|
| Envelope encryption | Are authenticated fields covered? Are algorithms and versions explicit? |
| CID verification | Are wrong bytes rejected before decryption? |
| Identity lifecycle | Are export, import, publish, resolve, recovery, and logs safe? |
| Sharing and revocation | Do expired/revoked/policy-denied shares fail closed? |
| Metadata leakage | Are sensitive relationships minimized and documented? |
| Provider boundaries | Are bytes, metadata, policy, persistence, and logs separated correctly? |
| Runtime key storage | Do mobile/web claims match real bridge capabilities? |
| Telemetry | Are secrets and plaintext redacted from events and support bundles? |
| Supply chain | Are release scripts, package names, and publishing tokens controlled? |
Evidence To Capture
- Test or validation command
- Environment summary with secret values redacted
- Provider configuration shape
MeshKitError.codefor expected failures- Proof summaries, not plaintext
- Capsule, policy, vault, or capability IDs when relevant
- Link to source commit or release version
What Not To Capture
- private keys
- bearer tokens
- provider response bodies containing secrets
- decrypted user content
- capability token secrets
- unredacted
.npmrcor CI secret output
Review Output Template
Scope:
Version:
Provider boundary:
Runtime:
Workflows reviewed:
Commands run:
Expected failures:
Findings:
Residual risks:
Follow-up owner: