Security

This document outlines the key security controls and recommendations for deploying and operating ContextMesh securely across all its components—Manifest Studio, Marketplace, connectors, and runtime servers.

1. Getting started

ContextMesh operates in a decentralized, multi-tenant environment combining on-chain authorization, browser-based editors, and server-side MCP runtimes. To maintain confidentiality, integrity, and availability, it is critical to implement rigorous security measures at every layer: user authentication, data transport, smart contracts, connectors, and infrastructure.

2. Authentication and Authorization

Wallet-Based Authentication

  • Phantom Wallet Sign-In All user actions in Manifest Studio and Marketplace require signing transactions or messages via Phantom. This ensures user identity is verified on-chain without passwords.

  • JWT for API Access Back-end APIs (e.g. CLI, integration endpoints) issue short-lived JWTs after wallet signature. Validate tokens on every request and enforce exp claim checks.

Role-Based Access Control (RBAC)

  • Least-Privilege Principles Define roles (e.g., author, reviewer, consumer) with minimal permissions:

    • Authors can publish and update manifests.

    • Reviewers can approve or reject listings.

    • Consumers can install and run workflows.

  • On-Chain Grants Use smart contracts to store role assignments. Clients fetch on-chain ACLs to enforce UI/CLI permission checks.

3. Data Encryption and Storage Security

Encryption in Transit

  • TLS Everywhere

    • Enforce HTTPS/TLS for all browser ↔ server, server ↔ connector, and client ↔ MCP server channels.

    • Use TLS 1.2+ with strong cipher suites.

Encryption at Rest

  • Database & Blob Storage

    • Enable AES-256 encryption for all persisted data (manifests, user metadata, logs).

    • Use managed services that enforce encryption by default (e.g., AWS RDS, GCP Cloud Storage).

Key Management

  • Hardware Security Modules (HSMs)

    • Store private keys for service accounts, CI/CD deployments, and signing operations in HSMs or cloud Key Management Services (KMS).

    • Rotate keys quarterly and revoke compromised keys immediately.

4. Blockchain and Smart Contract Security

Smart Contract Audits

  • Third-Party Reviews

    • Engage reputable audit firms for all registry and governance contracts that power the Marketplace.

    • Remediate findings before production deployment.

Wallet Security

  • Private Key Hygiene

    • Encourage users to use hardware wallets or secure enclaves for high-value transactions.

    • Never ask users to paste private keys or seed phrases into web UIs.

Secure Key Handling

  • Server-Side Signing

    • For automated publish scripts, limit server-side wallets to a single purpose and isolate their keys.

    • Use multi-sig or time-locked contracts for critical governance actions.

5. Connector & Runtime Security

Secure Communication

  • MCP Transports over TLS

    • All SSE, HTTP, and stdio transports must be encrypted and authenticated.

    • Reject plain-text or unverified connections.

Regular Updates

  • Dependency Management

    • Keep connector libraries, container images, and runtime agents up to date with the latest security patches.

    • Automate vulnerability scanning using tools like Snyk or Trivy.

Input Validation & Sandboxing

  • Schema Enforcement

    • Validate all incoming JSON-RPC messages against the MCP schema.

    • Reject or sanitize unexpected fields.

  • Sandbox Execution

    • Run untrusted tool commands and scripts in isolated containers or sandboxes with resource limits.

6. Network and Infrastructure Security

Network Segmentation

  • VPC & Firewalls

    • Deploy back-end services in private subnets.

    • Only expose necessary endpoints (API gateways, web front-ends) through bastion or proxy layers.

Kubernetes & Container Security

  • Network Policies

    • Use Kubernetes NetworkPolicies to restrict pod-to-pod traffic.

  • Pod Security Contexts

    • Enforce non-root containers, read-only file systems, and seccomp profiles.

Regular Patching

  • OS & Dependency Updates

    • Apply CVE patches to operating systems, container runtimes, and third-party libraries promptly.

    • Maintain a patch cadence aligned with security bulletins.

7. Logging, Monitoring, and Incident Response

Centralized Logging

  • Log Aggregation

    • Stream logs from Manifest Studio servers, connector agents, and Marketplace services to a centralized platform (e.g., ELK, Splunk).

  • Structured Logs

    • Include context metadata: user wallet, request ID, node IDs, and timestamps.

Continuous Monitoring

  • Metrics & Alerts

    • Monitor key indicators: authentication failures, transaction latencies, error rates, and retry counts.

    • Set up alerting thresholds in Prometheus/Grafana or cloud monitoring tools.

Audit Trails

  • Immutable Records

    • Archive critical events (publishes, installs, role changes) on-chain or in WORM-enabled storage.

    • Ensure logs are tamper-evident and retained per compliance requirements.

Incident Response Plan

  • Playbooks & Runbooks

    • Define clear procedures for threat detection, containment, eradication, and recovery.

  • Regular Drills

    • Conduct tabletop exercises quarterly to validate response readiness and update plans as needed.

By following these security best practices—spanning authentication, encryption, smart contract audits, runtime hardening, network isolation, and proactive monitoring—you can deploy and manage ContextMesh in production with confidence and resilience.

PreviousDeployment & ScalingNextVision & Path

Last updated