MeshanicsDocs
Platform

How it works

Meshanics separates two things that are usually tangled together: the base layer the platform manages, and your payload that rides on it. You keep ownership of your application and model code; the platform owns delivery, verification and recovery.

The signed base

Each device runs a small agent. The agent holds a pinned trust anchor and an identity certificate, and it does four things on every update, in order:

  1. Fetch the update it has been assigned, by content address.
  2. Verify it — both the signed metadata describing the update and the bytes themselves — against the pinned anchor. Verification failure stops here; nothing is written.
  3. Apply it atomically: stage the new artifact, then switch to it in a single step so there is never a half-applied state visible to your workload.
  4. Probe it with a health check, and roll back to the previous version automatically if the probe fails.

Because verification happens on the device against a pinned anchor, a compromise of the delivery infrastructure cannot push code to your fleet. The infrastructure moves bytes; it does not hold the authority to make a device trust them.

Your payload rides on top

Your application and model code ship as ordinary artifacts:

  • Containers run on the device's container runtime, pinned by digest.
  • Models (ONNX, TensorRT, TFLite and friends) are delivered as artifacts with a manifest describing framework, input spec, evaluation metrics and target hardware.
  • Configuration is placed atomically and a declared reload is run.

You do not modify your code to adopt the platform. If your app already runs in a container, it already runs here. That is the "zero-integration" promise — and it is about your code, not the operating system, where a real agent does the work.

From artifact to fleet

A single signed artifact becomes a fleet-wide change through a rollout: a target selector (which devices), a strategy (canary first, then widening waves), health-based halt rules, and a rollback policy. You watch it land in real time, and if a wave goes wrong the fleet pauses itself before the blast radius grows.

Next