MeshKit

Agent Safety

Safe operating rules for MeshKit agent integrations.

Agent integrations need a stricter boundary than ordinary SDK code because tool inputs and outputs can become part of prompts, transcripts, logs, traces, or model context.

Use this page before exposing MeshKit write, identity, or sharing tools to an agent runtime.

Safety Principles

PrinciplePractice
Least privilegeRegister only the tools required by the workflow.
Explicit approvalRequire human approval for identity creation and sharing.
No secret routingNever let the agent see provider tokens, private keys, or capability secrets.
No raw transcript leaksDo not log plaintext tool input unless the log store is approved for that data.
Provider separationInject a client scoped to the agent workflow, not a broad production admin client.
Recoverable evidenceSave redacted tool name, scope, CID, recipient, expiry, and approval metadata when audit matters.

Do not put approval logic inside prompts only. Implement it in host code around the tool call.

Sharing Approval

Before running meshkit.share.with, show the approver:

  • CID.
  • Recipient ID.
  • Expiry value or lack of expiry.
  • Provider or app environment.
  • Why the agent is requesting the share.

Then record:

  • Tool name.
  • Approved recipient.
  • Approved expiry.
  • Resulting capsule ID or share result summary.
  • Approval actor and timestamp if your product requires auditability.

Sharing blocks or enables future MeshKit opens. It cannot erase plaintext already decrypted, copied, or exported by a recipient.

Identity Creation Approval

Before running meshkit.identity.create, confirm what the id represents in your product.

MeshKit recipient IDs are application-level encryption identities. They are not automatically verified emails, DIDs, wallets, passkeys, or accounts. Your app owns that mapping.

Logging Rules

Safe to log:

  • Tool name.
  • Scope.
  • Error code and suggestion.
  • CID, proof summary, recipient ID, and expiry when approved by your product policy.
  • Redacted provider profile name.

Do not log:

  • Raw content for meshkit.files.put.
  • Provider, Filecoin, or policy bearer tokens.
  • Private keys, exported identity secrets, or capability token secrets.
  • Decrypted user content.
  • Full retrieved bytes or external artifacts linked to sensitive payloads.

Client Injection

Prefer injecting a client explicitly:

import { meshkit } from "@meshkit/meshkit";
import { createMeshkitMcpTools } from "@meshkit/mcp";

const mesh = await meshkit({
  appId: "agent_assistant",
  provider,
});

const tools = await createMeshkitMcpTools(mesh);

Do not let the agent build this configuration. Provider URLs, tokens, metadata endpoints, and identity material belong in trusted host code.

Red Flags

Stop and redesign the integration if:

  • The agent can call every MeshKit tool without an allowlist.
  • Tool input is copied into general logs.
  • A production admin client is injected for convenience.
  • Sharing decisions happen without recipient confirmation.
  • The agent can change provider configuration.
  • The docs or UI imply revocation erases already decrypted plaintext.

Scopes And Limits

Permission and size boundaries for MeshKit MCP tools.

MCP Troubleshooting

Fix common MeshKit MCP tool integration issues.

On this page

Safety PrinciplesRecommended Host FlowSharing ApprovalIdentity Creation ApprovalLogging RulesClient InjectionRed FlagsRelated Docs