meshmapper¶
meshmapper is the graph analyst and targeting layer. It ingests Seam transcripts, builds a typed trust-boundary graph, and emits unvalidated path hypotheses that help operators choose what to attack or validate next.
M5 is implemented: transcript-to-graph ingestion, deterministic graph serialization, stable graph_ref, multi-source ingestion from endpoint inventories, Agent Cards, MCP tools/list, and static configs, four unvalidated hypothesis classes, plus topology robustness scenarios.
Current classes:
privilege_laundering: low-trust entry can reach a high-privilege sink through implicit trust.injection_propagation: untrusted content can reach a privileged action path without a sanitizer marker.confused_deputy: an intermediary invokes a privileged sink with its own authority for a lower-trust caller.trust_spoof: unsigned or unauthenticated Agent Card trust can steer a host toward a privileged advertised capability.
cd agentic-redteam/meshmapper
meshmapper \
--transcript ../seam/transcript.json \
--aipostex endpoints.json \
--agent-card billing-card.json \
--mcp-tools-list tools.json \
--config mesh.yaml \
--graph graph.json \
--out paths.json \
--schema ../schema
meshmapper does not validate findings. Every emitted path keeps proven: false; Seam owns live operation, and Assay owns optional impact validation with an out-of-band oracle.
Read Next¶
- CLI: repeatable command flags and outputs.
- Ingestion: transcripts, discovery artifacts, Agent Cards, MCP tools, and configs.
- Graph: node types, edge types, trust basis, and
graph_ref. - Rules: M4 hypothesis classes and taxonomy mappings.
- Hypotheses: output schema and proof boundary.