MeshKit

MCP

Scoped MeshKit tools for agent runtimes.

@meshkit/mcp exposes a small MeshKit tool set for agent runtimes. It is a tool factory, not an MCP transport, approval system, or general storage permission.

Use it when an agent should perform a constrained MeshKit action through explicit schemas: store a small encrypted text payload, inspect proof metadata, create a local recipient identity, or create a share capsule.

What It Provides

createMeshkitMcpTools(client?) returns tool definitions with:

  • name
  • description
  • scopes
  • inputSchema
  • run(input)

If you do not pass a MeshKitClient, the factory creates one with meshkit(), which uses MeshKit defaults. Production agent integrations should inject a client with the provider, identity, and policy boundary the agent is allowed to use.

Tool Surface

ToolScopePurpose
meshkit.files.putfiles:writeStore small encrypted string content and return the MeshKit file result.
meshkit.inspectproofs:readInspect proof metadata for a CID.
meshkit.identity.createidentity:writeCreate a local MeshKit recipient identity.
meshkit.share.withshare:writeCreate a share capsule for a CID and recipient.

This is intentionally not the full SDK. Agents should get narrow actions with narrow inputs.

Where It Fits

The host is responsible for:

  • Registering the tools with the MCP transport.
  • Deciding which tools are exposed.
  • Enforcing user confirmation and approval policies.
  • Protecting provider credentials and identity material.
  • Redacting logs and tool transcripts.

The tool package is responsible for:

  • Returning a fixed tool list.
  • Declaring schemas and scopes.
  • Validating required object fields, string types, and byte limits before calling MeshKit.
  • Returning MeshKit results or MeshKit error codes.

Install

npm install @meshkit/mcp @meshkit/meshkit

Use @meshkit/meshkit to create the client you inject into the tool factory.

Minimal Example

import { meshkit } from "@meshkit/meshkit";
import { createMeshkitMcpTools } from "@meshkit/mcp";

const mesh = await meshkit();
const tools = await createMeshkitMcpTools(mesh);

console.log(tools.map((tool) => tool.name));

Production Boundary

Do not expose every tool by default. A safe agent integration starts with the smallest allowlist that satisfies the workflow, then adds host-level approval for actions that create identities, share content, or write data.

The MCP package encrypts through MeshKit before storage, but it cannot protect plaintext after an agent or host logs it. Do not log raw tool input when it may contain user content.

Next Steps

  • Use MCP quickstart to run the first local tool call.
  • Use Tools for the tool catalog.
  • Use Schemas for exact input shapes and validation boundaries.
  • Use Agent safety before exposing write or share tools to a real agent.

MCP Quickstart

Register MeshKit MCP tools with a constrained tool surface.

On this page

What It ProvidesTool SurfaceWhere It FitsInstallMinimal ExampleProduction BoundaryNext Steps