MCP access boundaries

Agent tools should exchange handoffs, not memorize secrets.

The Shhhs MCP adapter is a local stdio process for agent runtimes. It should help agents create encrypted links or request links while keeping plaintext out of prompts, memory, and transcripts whenever the workflow allows it.

01

Local stdio only

The MCP adapter is intended to run locally for the user or workspace automation. Do not expose it as an unauthenticated remote MCP server.

  • Local process
  • No authless remote MCP
  • User-controlled runtime

02

Plaintext access matrix

An agent can access plaintext only when the user or local source gives it access. Prefer source references and request links so the model does not need to see the secret value.

  • Local source references
  • Request links
  • No prompt plaintext by default

03

Account material

Do not give agents account tokens, recovery codes, Paddle details, OAuth connector tokens, passphrases, or full API keys in prompts. Use local config and scoped API keys.

  • Local config
  • Scoped API keys
  • No recovery material

04

Agent-to-agent exchange

The safer pattern is one agent creating a request link and another submitting through it. The owner reveals from Shhhs instead of sharing a permanent token or transcript.

  • Request intake
  • Owner-only reveal
  • TTL and burn

05

Logging boundary

Agent logs, memory, traces, and reports should store metadata and redacted links only. They should not store plaintext secrets, fragment keys, access codes, or recovery material.

  • Metadata-only reports
  • Redacted links
  • No secret memory

06

Enterprise boundary

Enterprise agent flows can ingest signed metadata events from customer systems, but those events should not carry plaintext secrets or automatic password captures.

  • Signed events
  • Metadata only
  • No automatic password capture

FAQ

Can this guide include private links?

No. Public guides never include secret identifiers, room ids, full private URLs, fragments, filenames, or payload-derived text.

Is this a certification or audit?

No. It is product documentation for deployed boundaries. External audits, DPAs, SLAs, and certifications require separate evidence and review.

Does Shhhs recover secrets?

No. Shhhs support can help with billing and metadata-only support, but cannot decrypt or recover secret content.