MCP Quickstart
Register MeshKit MCP tools with a constrained tool surface.
Use this quickstart to create the MeshKit MCP tool list, run a local encrypted write through meshkit.files.put, and inspect what the agent-facing boundary returns.
This example calls the tool directly. Your MCP server or agent host is responsible for adapting the returned tool definitions to its transport.
Prerequisites
- Node.js 20.11 or newer.
@meshkit/mcpand@meshkit/meshkitinstalled.- A MeshKit client configured for the provider and identity the agent is allowed to use.
npm install @meshkit/mcp @meshkit/meshkitCreate The Tool List
import { meshkit } from "@meshkit/meshkit";
import { createMeshkitMcpTools } from "@meshkit/mcp";
const mesh = await meshkit();
const tools = await createMeshkitMcpTools(mesh);
console.log(tools.map((tool) => tool.name));Expected tool names:
[
"meshkit.files.put",
"meshkit.inspect",
"meshkit.identity.create",
"meshkit.share.with",
]Run A Local Encrypted Put
const put = tools.find((tool) => tool.name === "meshkit.files.put");
if (!put) {
throw new Error("meshkit.files.put is not registered");
}
const result = await put.run({
name: "agent-note.txt",
content: "Store this as encrypted MeshKit content.",
contentType: "text/plain",
});
console.log(result);The result is a MeshKit file object. Save its CID when the agent needs to inspect proof metadata or share the encrypted object later.
Inspect The CID
const inspect = tools.find((tool) => tool.name === "meshkit.inspect");
if (!inspect) {
throw new Error("meshkit.inspect is not registered");
}
const proof = await inspect.run({
cid: result.cid,
});
console.log(proof);The CID identifies encrypted MeshKit envelope bytes, not plaintext. Proof inspection depends on the same provider and metadata environment that created the object.
What This Proves
This quickstart proves:
- The tool factory can create the MeshKit MCP tool list.
meshkit.files.putvalidates basic input before calling MeshKit.- MeshKit encrypts content before provider storage.
- A returned CID can be inspected through the MCP tool surface.
It does not prove:
- Your MCP transport is wired correctly.
- A human approval workflow exists.
- Unknown fields are rejected by your host.
- Production provider, policy, sharing, or identity recovery behavior is ready.
First Safety Filter
Start by exposing only the tool needed by the workflow:
const exposedTools = tools.filter((tool) =>
["meshkit.files.put", "meshkit.inspect"].includes(tool.name)
);Add meshkit.identity.create and meshkit.share.with only after you have a clear approval path for recipient and expiry decisions.
Common Fixes
| Symptom | Fix |
|---|---|
invalid_tool_input | Pass a JSON object and include required string fields. |
input_too_large | Store larger data through an application workflow and pass the resulting CID to the agent. |
| Proof inspection fails | Use the same MeshKit provider and metadata service that created the CID. |
| Agent logs plaintext | Redact or suppress raw tool input before it reaches logs or transcripts. |
Next Steps
- Use Tools to decide which tools to expose.
- Use Schemas to implement host-side validation.
- Use Agent safety before enabling identity or share tools.