meerkat-governance

# Meerkat Governance

Scope: This skill provides two API endpoints your agent can call. It does not auto-activate, does not run in the background, and does not access content unless explicitly called by the agent. The developer controls what content is sent to Meerkat.

Privacy and data handling: https://meerkatplatform.com/privacy
Meerkat processes content in memory and discards it after the response. Only trust scores and metadata are stored. No raw content is retained. No data is shared with third parties. All processing stays in Canada.

Security: Your API key authenticates requests to Meerkat's API. Rotate keys via the dashboard if compromised. All communication is TLS 1.2+ encrypted. Meerkat endpoints are hosted on Azure Container Apps with managed SSL certificates. Verify the endpoint hostname (api.meerkatplatform.com) matches the TLS certificate before sending data.

## Ingress Shield

The `/v1/shield` endpoint scans content for prompt injection, jailbreaks, data exfiltration, and social engineering. The agent can call this before processing content the developer designates as untrusted. Common examples include external emails, web-scraped content, and user-uploaded documents. Developers can optionally configure their agent to shield skill descriptions before installation.

```bash
curl -s -X POST https://api.meerkatplatform.com/v1/shield \
  -H "Authorization: Bearer $MEERKAT_API_KEY" \
  -H "Content-Type: application/json" \
  -d "{\"input\": \"<THE_CONTENT>\"}"
```

**Response fields:**
- `safe` (boolean): Whether the content passed scanning
- `threat_level`: `NONE`, `LOW`, `MEDIUM`, `HIGH`, or `CRITICAL`
- `attack_type`: Category of detected threat (if any)
- `detail`: Human-readable description
- `sanitized_input`: Content with threats removed (when available)
- `audit_id`: Unique identifier for the audit record

The agent can use the response to decide how to proceed. For example, content flagged `HIGH` or `CRITICAL` could be blocked, while `MEDIUM` co...