💊 The Information Capsule Concept
Universal Application Sources
Export feeds transform any information into structured capsules that LLMs can understand:
Desktop App → Export Feed → LLM understands context
Database Query → Export Feed → Agent processes results
User Conversation → Export Feed → Transfer to another agent
System Logs → Export Feed → AI analyzes patternsWhat Makes a Good Information Capsule
- Context: Not just data, but where it came from and why
- Structure: Organized for machine processing
- Metadata: Creation time, origin, purpose, tags
- Trust Information: Signature status, verification hints
- Usage Hints: How the LLM should interpret or use the data
Beyond Web Exports
While export buttons on websites are common, the format works for any application:
- Electron apps can export user projects as
.llmfeed.json - Mobile apps can share user data with proper consent
- CLI tools can output structured reports for agent analysis
- Desktop software can create portable context for AI assistants
- IoT devices can export sensor data with metadata
The key is packaging information with intent so any LLM receiving the capsule understands its purpose and provenance.
🔏 Signature and Trust
Why Sign Export Feeds?
Signatures provide three critical guarantees:
- Ownership: Proves who created the export
- Integrity: Ensures content hasn't been tampered with
- Trust: Allows LLMs and agents to assess reliability
When to Sign
| Data Type | Signature | Reason |
|---|---|---|
| **Public documentation** | Optional | For authenticity and discoverability |
| **Personal exports** | Recommended | For integrity and provenance |
| **Sensitive data** | Required | For trust and compliance |
| **Enterprise exports** | Required | For audit and governance |
| **API credentials** | Always | For security and verification |
Trust Levels
{
"trust": {
"trust_level": "self-declared", // or "certified"
"scope": "partial", // or "complete"
"signed_blocks": ["metadata", "content"],
"certifier": "https://example.com/.well-known/public.pem"
}
}Note: Unsigned exports are still valid but may be treated with lower trust by security-conscious agents and enterprise systems.
📄 Basic metadata
title: "Feed Type: export.llmfeed.json"
description: "MCP documentation on Feed Type: export.llmfeed.json - Universal information capsules for LLM consumption"
date: "2025-06-17T10:00:00.000Z"
lang: "en"
🏷️ Tags and classification
tags:
- "mcp"
- "ai-agents"
- "security"
- "data-classification"
- "information-capsules"
format: "documentation"
category: "technical"
contentType: "documentation"
🧠 Intent and audience
intent: "inform"
llmIntent: "browse-spec"
llmTopic: "specification"
audience:
- "llm"
- "developer"
- "security-engineer"
- "enterprise-architect"
📊 Page properties
pageType: "documentation"
interactionComplexity: "simple"
priority: "normal"
riskLevel: "low"
updateFrequency: "static"
🔗 URLs
slug: "llmfeed_feedtype_export"
canonical_url: "https://wellknownmcp.org/spec/02_llmfeed_feedtype/llmfeed_feedtype_export "
githubUrl: "https://github.com/wellknownmcp/llmfeed-spec/blob/main/02_llmfeed_feedtype/llmfeed_feedtype_export.md "
mcpFeedUrl: "/.well-known/mcp.llmfeed.json"
🤖 Agent optimization
autoDiscoverFeeds: true
agentReadiness: true
llmBehaviorHints: "suggest-only"
📋 Capabilities
capabilities: - "verification" - "export" - "feed-generation" - "security-classification" - "information-capsules"
Feed Type: `export.llmfeed.json`
Purpose
This feed creates information capsules from any application or data source — ready for LLM consumption, agent processing, or secure transfer.
Export feeds can originate from:
- Web applications: dashboards, documentation, user interfaces
- Desktop software: documents, databases, project files
- Mobile apps: user data, settings, conversations
- Command-line tools: logs, reports, system information
- APIs and services: structured data, responses, metadata
The core concept is packaging information with context so LLMs can understand not just the data, but its origin, purpose, and trustworthiness.
Security Extension: Supports automatic data classification and secure export workflows for enterprise environments.
Location
Typical path:
/exports/faq.llmfeed.jsonCan be linked from:
llm-index.llmfeed.json- buttons on site (
ExportToLLM) - internal agent menus
Basic Structure
{
"feed_type": "export",
"metadata": {
"title": "FAQ",
"origin": "https://example.org",
"description": "Frequently asked questions",
"generated_at": "2025-06-17T10:30:00Z"
},
"summary": "This FAQ explains the trust system and how to verify signed feeds.",
"tags": ["faq", "documentation", "trust"],
"trust": { ... }
}🔐 Security-Enhanced Export Structure
For exports containing potentially sensitive data, the format extends with security metadata:
{
"feed_type": "export",
"metadata": {
"title": "Page Export with Security",
"origin": "https://example.com/secure-page",
"generated_at": "2025-06-17T10:30:00Z"
},
"data_classification": {
"security_scan_performed": true,
"sensitive_data_handling": "user_consented",
"redacted_fields": ["api_keys", "internal_urls"],
"warning_shown": true,
"user_consent": {
"timestamp": "2025-06-17T10:29:45Z",
"items_approved": ["email_addresses", "user_preferences"],
"items_rejected": ["internal_system_ids"]
}
},
"content": {
"processed_html": "...",
"metadata_extracted": "...",
"sensitive_placeholders": {
"[API_KEY_REDACTED]": "Original contained an API key",
"[INTERNAL_URL_REDACTED]": "Internal URL masked for security"
}
},
"trust": {
"data_integrity": "verified",
"sanitization_performed": true,
"risk_level": "low"
}
}Data Classification Levels
| Level | Pattern Examples | Handling |
|---|---|---|
| **🔴 CRITICAL** | `sk_`, `password`, `-----BEGIN PRIVATE KEY-----` | Automatically redacted |
| **🟡 SENSITIVE** | Email addresses, phone numbers, internal URLs | User consent required |
| **🟢 PUBLIC** | Documentation, marketing content, public APIs | Normal export |
Security Workflow
- Automatic Scan: Content is scanned for sensitive patterns
- Classification: Data is categorized by sensitivity level
- User Consent: For sensitive data, user chooses what to include
- Secure Export: Generate feed with appropriate redaction and metadata
Modes of Generation
| Mode | Description | Security Features | Source Examples |
|---|---|---|---|
| Static | Pre-generated file stored anywhere | Pre-screened content | Documentation, manuals, templates |
| Dynamic | Generated on-demand via API or application | Real-time classification | User dashboards, personalized exports |
| Live | Extracted in real-time from running application | Interactive consent | Web pages, active documents, live data |
Universal Application: These modes work for any type of application — web, desktop, mobile, or command-line. The export mechanism adapts to the platform while maintaining the same feed structure.
⚠️ Security Note: Signature is recommended for static exports, and required for dynamic exports containing sensitive data.
🧳 Structured Bundles (`data.files[]`)
An export feed may describe the contents of an archive (ZIP) via a data.files[] block.
Minimal example (structure only):
{
"feed_type": "export",
"metadata": { "title": "Bundle Index" },
"data": {
"files": [
{ "path": "README.md" },
{ "path": "src/index.js" },
{ "path": "images/logo.png" }
]
}
}Security-enhanced bundle:
{
"data": {
"files": [
{
"path": "src/config.js",
"tags": ["code", "configuration"],
"description": "Application configuration",
"security_classification": "sensitive",
"redaction_applied": "credentials_masked"
},
{
"path": "README.md",
"tags": ["documentation", "public"],
"description": "Project documentation",
"security_classification": "public"
}
],
"security_summary": {
"total_files": 2,
"public_files": 1,
"sensitive_files": 1,
"critical_files": 0
}
}
}🎯 Export Use Cases
Simple Documentation Export
{
"feed_type": "export",
"metadata": {
"title": "API Documentation",
"origin": "https://api.example.com/docs"
},
"content": {
"documentation": "Complete API reference...",
"endpoints": [...],
"examples": [...]
}
}Secure Credential Export
{
"feed_type": "export",
"metadata": {
"title": "API Access Package",
"origin": "https://dashboard.example.com"
},
"data_classification": {
"security_scan_performed": true,
"sensitive_data_handling": "admin_approved",
"classification_level": "restricted"
},
"content": {
"api_endpoint": "https://api.example.com",
"key_hint": "sk_live_abc***",
"permissions": ["read", "write"],
"rate_limits": "1000/hour"
},
"trust": {
"signed_blocks": ["content", "metadata"],
"certifier": "https://example.com/.well-known/public.pem"
}
}Page Context Export with Privacy
{
"feed_type": "export",
"metadata": {
"title": "Dashboard Export",
"origin": "https://app.example.com/dashboard"
},
"data_classification": {
"security_scan_performed": true,
"sensitive_data_handling": "user_consented",
"user_consent": {
"email_addresses": true,
"user_preferences": true,
"internal_ids": false
}
},
"content": {
"dashboard_data": "User preferences and settings...",
"user_email": "user@example.com",
"internal_user_id": "[USER_ID_REDACTED]"
}
}🛡️ Enterprise Security Features
Automatic Pattern Detection
const CRITICAL_PATTERNS = {
api_keys: /^(sk_|pk_|key_|token_|secret_)/i,
passwords: /password|pwd|pass/i,
private_keys: /-----BEGIN.*PRIVATE KEY-----/,
session_tokens: /sess_|session_/i
};
const SENSITIVE_PATTERNS = {
emails: /\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b/g,
phone_numbers: /\b\d{3}[-.]?\d{3}[-.]?\d{4}\b/g,
internal_urls: /https?:\/\/internal\.|localhost/g
};Compliance Integration
- GDPR: Automatic consent management for PII
- SOX: Audit trail for financial data exports
- HIPAA: PHI detection and handling
- Corporate Policies: Custom pattern detection
Best Practices
Security
- ✅ Always scan for sensitive data before export
- ✅ Implement user consent for personal information
- ✅ Use placeholders for redacted content
- ✅ Sign exports containing any sensitive data
- ✅ Log all export activities for audit
Performance
- ✅ Use
tagsto describe content type - ✅ Inline small content, reference large files
- ✅ Include file metadata for bundles
- ✅ Reference via
llm-indexfor discoverability
User Experience
- ✅ Clear consent interfaces for sensitive data
- ✅ Preview what will be exported
- ✅ Explain why data is being redacted
- ✅ Provide export without sensitive data option
🚀 Future: Progressive Integration Levels
Export feeds are the foundation of a progressive integration strategy:
- Level 1-2: Inline + file exports with security (✅ implemented)
- Level 3: Universal export buttons with consent UX
- Level 4-5: Browser & OS integration (See Vision →)
For enterprise security considerations, see our Enterprise Roadmap.
Related
Ready to Implement? Get AI-Powered Guidance
Reading docs manually takes time. Your AI can digest the complete LLMFeed specification and provide implementation guidance tailored to your needs.
Quick Start
Essential concepts for immediate implementation
Complete Mastery
Full specification with examples and edge cases