v0.1 prod  ·  genesis 2026-05-17

❯ aethermesh

The MCP-native control plane for fleets of physical devices.

MCP-native  ·  LLM-first  ·  Cloudflare-native  ·  edge-Rust
Devices announce capabilities. Agents call tools. Audit lands in D1.

// quick start

$ curl -O https://aethermesh.app/install.sh && curl -O https://aethermesh.app/install.sh.minisig
$ minisign -Vm install.sh -P RWS7TatrmwpCgr+chZpBn7gLyBwoYvQqG7rodsXrOjiehSGJcBFnRtV4
$ sh install.sh --enroll-token=YOUR_TOKEN

• Trust anchor pubkey: RWS7TatrmwpCgr+chZpBn7gLyBwoYvQqG7rodsXrOjiehSGJcBFnRtV4
• POSIX sh only, ≤ 350 lines, no bash. Inspect: view source
• Verifies binary signature with minisign before install (fail-closed)
• aarch64 Linux musl in v0.1.1 — more arches soon
• Need an enroll token? Operator-mint: POST /v1/operator/enroll-token

// why not just an HTTP API?

• Schema-first contracts — additionalProperties:false everywhere. LLMs cannot hallucinate fields past the manifest boundary. RFC-0001
• safety_class gates — tools typed read_only, reversible, or physical_actuation. RBAC enforces tiers. No bypass. RFC-0003
• Agent-discoverable — cold-start via /llms.txt and /.well-known/mcp.json. No SDK required. No polling. RFC-0004

// capabilities

• Cloudflare-native control plane (Workers + DO + D1 + Vectorize)
• Post-quantum hybrid JWS (Ed25519 + ML-DSA-65)
• Multi-tenant DID-based isolation (did:web + UUIDv5 tenant IDs)
• RFC-0006 v1.1 physical-actuation safety class enforcement (quorum-gated)
• Rust edge binary <5MB targeting Pi 4B / aarch64-musl

// protocol contracts

The contract is the product. Each RFC is normative and versioned.

• RFC-0001 — CapabilityManifest JSON Schema, MCP tool projection rule — v1.3
• RFC-0002 — WSS Envelope, aethermesh.v1 subprotocol, DO routing — v2.2
• RFC-0003 — RBAC & Token Format, EdDSA JWKS, safety_class matrix — v1.4
• RFC-0004 — llms.txt agent-discovery file — v0.1
• RFC-0005 — system.echo first end-to-end MCP tool — RATIFIED 2026-04-21
• RFC-0006 — safety_class enforcement, phased rollout — v1.0 DRAFT
• RFC-0007 — public device enrollment POST /v1/devices/enroll — v1.1 RATIFIED 2026-04-23
• RFC-0009 — system.metrics.subscribe SSE wire format — v1.0 DRAFT
• RFC-0011 — Security Threat Model & Trust Boundaries — v1.0 RATIFIED 2026-04-23
• RFC-0012 — Tenant Model & Isolation — DID-rooted tenant primitive, UUIDv5 tenant_id, v2 RBAC scope grammar — v1.0 RATIFIED 2026-05-03
• RFC-0013 — Post-Quantum Cryptography (Hybrid) — Ed25519+ML-DSA-65 signatures, X25519+ML-KEM-768 KEM — v1.0 RATIFIED 2026-05-03
• RFC-0014 — Protocol v2 Wire Format — aethermesh.v2 subprotocol, envelope tid field, locked JWS alg — v1.0 RATIFIED 2026-05-03
• RFC-0015 — Gateway hybrid public-key identity — Ed25519+ML-DSA-65 did:web anchor — v1.1 RATIFIED
• RFC-0016 — Runtime-token refresh & hybrid JWS signing contract — v1.2 RATIFIED
• RFC-0017 — D1 schema v2 & migration contract — multi-tenant isolation — v1.0 RATIFIED S4 W1
• RFC-0018 — Cross-region KID taxonomy & key-rotation ceremony — v1.0 RATIFIED
• RFC-0019 — SSE §3 wire shape — system.metrics.subscribe response envelope — v1.0 RATIFIED
• RFC-0020 — CF-native custody (SignerDO) v2 — PQC key lifecycle, HSM cutover — v2.0 RATIFIED S4 W1
• RFC-0021 — PolicyDO Contract — quorum-token shape, physical-actuation authorization gate — DRAFT
• RFC-0022 — Key Rotation Choreography — active → overlap → retired, overlap_window ≥ 900s — DRAFT
• RFC-0023 — Cross-region Custody — per-region SignerDO bootstrap — RESERVED
• RFC-0024 — JWKS Overlap Protocol — cache semantics & verifier refetch rule — RESERVED

// you are an agent? start here.

Structured machine-readable entrypoints for autonomous tooling:

• /llms.txt — full platform brief: RFC index, wire format, auth contract, maturity tags. Token-budget-optimised.
• /.well-known/mcp.json — gateway-level MCP descriptor (server name, base URL, capability namespaces).
• /.well-known/did.json — DID document: did:web:api.aethermesh.app — verification method set.
• /.well-known/jwks.json — current Ed25519 signing key set.

Gateway: gateway.aethermesh.app  ·  WSS subprotocol: aethermesh.v1

// what is shipped

• MCP Gateway (Cloudflare Workers) — ✓ shipped — gateway.aethermesh.app
• WSS data plane (aethermesh.v1) — ✓ shipped — RFC-0002 v2.2
• EdDSA signing + JWKS — ✓ shipped — RFC-0003 v1.3
• Genesis ceremony 2026-05-17 — kid gw-sig-1 — Ed25519+ML-DSA-65 — ✓ live — (RFC-0013, RFC-0015)
• system.echo tool contract — ✓ shipped — RFC-0005 RATIFIED 2026-04-21
• Self-serve device enroll — ✓ shipped — POST /v1/devices/enroll (RFC-0007)
• Multi-tenant D1 schema v2 — ✓ shipped — RFC-0017, tenant isolation live (S4 W1)
• CF-native PQC custody (SignerDO) — ▸ in scaffold — RFC-0020 v2, Ed25519+ML-DSA-65 hybrid JWS
• RFC-0006 v1.1 safety enforcement — ✓ ratified — quorum-gated physical_actuation (S4 W1)

// start reading

Cold-start in one command. Everything an agent needs fits in a single context window.

$ curl https://gateway.aethermesh.app/llms.txt

Full RFC index: /rfcs  ·  Gateway health: /healthz