Scopes And Limits
Permission and size boundaries for MeshKit MCP tools.
MeshKit MCP scopes are descriptive permissions attached to tool definitions. They help hosts decide which tools to expose, but they are not an access-control system by themselves.
Treat scopes as inputs to your agent policy layer. The host must still allowlist tools, enforce schema rules, protect credentials, and require human approval for sensitive actions.
Scope Table
| Scope | Tool | Permission meaning |
|---|---|---|
files:write | meshkit.files.put | Agent can ask MeshKit to encrypt and store small string content. |
proofs:read | meshkit.inspect | Agent can inspect proof metadata for known CIDs. |
identity:write | meshkit.identity.create | Agent can create local recipient identities. |
share:write | meshkit.share.with | Agent can create share capsules for CIDs and recipients. |
The package does not include read-decrypt tools. That is intentional: letting an agent decrypt content is a different risk profile from letting it inspect proof metadata.
Size Limits
| Field | Limit |
|---|---|
meshkit.files.put.content | 1048576 UTF-8 bytes |
meshkit.files.put.name | 256 UTF-8 bytes |
meshkit.files.put.contentType | 128 UTF-8 bytes |
meshkit.inspect.cid | 256 UTF-8 bytes |
meshkit.identity.create.id | 128 UTF-8 bytes |
meshkit.share.with.cid | 256 UTF-8 bytes |
meshkit.share.with.recipient | 128 UTF-8 bytes |
meshkit.share.with.expiresIn | 16 UTF-8 bytes |
When an agent needs to work with larger data, do not push the data through MCP tool input. Store it through an application-controlled MeshKit workflow and pass only the CID or proof summary to the agent.
Recommended Allowlists
| Workflow | Allow tools |
|---|---|
| Proof lookup assistant | meshkit.inspect |
| Agent note capture | meshkit.files.put, meshkit.inspect |
| Admin-controlled recipient setup | meshkit.identity.create after admin approval |
| Human-approved sharing | meshkit.inspect, meshkit.share.with after recipient and expiry approval |
Start with read-only proof inspection where possible. Add write and share tools only when the workflow requires them.
Approval Boundaries
Require explicit user or admin approval before:
- Creating an identity for a recipient.
- Sharing a CID with a recipient.
- Setting or extending
expiresIn. - Storing user-provided content that may contain sensitive data.
- Switching the injected MeshKit client to a different provider, identity, or app ID.
The MCP package does not know who approved an action. The host must record approval evidence if the product needs auditability.
Provider And Identity Boundaries
The injected MeshKitClient defines the real authority behind the tool. If you pass a client with production provider credentials and a privileged identity, the agent can exercise that authority through any exposed tool.
For production hosts:
- Inject the least-privileged client needed for the agent workflow.
- Do not let the agent choose provider configuration or tokens.
- Keep metadata service and provider credentials server-side.
- Separate agent tool clients from user-facing application clients when their permissions differ.
What Scopes Do Not Do
Scopes do not:
- Enforce authorization at runtime.
- Confirm user intent.
- Validate that a recipient ID belongs to a real person.
- Prevent a host from exposing every tool.
- Protect plaintext after it is included in tool input or logs.
They are labels for host policy decisions.