Outbound integrations
Meshanics integrates with the rest of your stack in two directions, and both are deliberately narrow. The platform can push events out — to your own systems — and it can pull artifacts in from container registries you already run. It never reaches into your workloads, and it never exports the contents your devices process. Integrations carry metadata: which rollout, which device, which component — never the bytes of an artifact or the data your application handles.
Two kinds of integration
| Direction | What it is | What flows |
|---|---|---|
| Event push | Outbound webhooks to an endpoint you control | Signed JSON describing platform events (rollouts, devices, artifacts, vulnerabilities, registries) |
| Registry pull | A connection to a container/artifact registry you own | The control plane authenticates to your upstream registry so signed artifacts can be served to devices |
Everything is outbound or read-only from the platform's side. The event bus only sends; the registry facade only reads by digest. There is no path by which an integration can push unverified content onto a device — devices still verify every artifact against their pinned trust anchor before anything is applied.
Metadata only, by construction
The event envelope is built from the platform's append-only audit log. Each event says what happened — an enrolment, a published artifact, a detected vulnerability, a rollout state change — in structured fields. It does not contain, and cannot be made to contain, the application or model data your devices process. This is a hard property of the design, not a configuration option, and it is the same guarantee whether you deploy in the cloud, on-prem, or fully air-gapped.
Access control
Integration management is gated. Viewing configured webhooks and their delivery history requires read access; creating, editing, testing, or removing them requires an administrator-level integrations permission. Registry connections are managed the same way — only an operator can approve an upstream the platform will authenticate to.
On the roadmap
Today the shipped outbound channel is the signed webhook. Additional outbound destinations — chat notifications, email, evidence file delivery to object storage, and metrics push — follow the same outbound-only, metadata-only, signed-delivery model. Where a destination is not yet built, this documentation says so rather than implying it exists.