meshmapper Ingestion¶
meshmapper builds one graph from observed traffic, discovery artifacts, and saved configuration. Sources are fused deterministically, and each observation keeps a source_ref back to the input file.
Seam Transcripts¶
Seam transcripts provide observed edges: who called whom, what protocol was used, what message kind was seen, and whether a rewrite happened.
meshmapper reads both before and rewritten after messages. It also honors optional decoded metadata under meshmapper or mesh keys when a lab or fixture wants to declare logical nodes and edges explicitly.
Discovery Artifacts¶
Endpoint inventories from aipostex can describe public or authenticated endpoints. New aipostex.attack_surface artifacts add Agent Cards, A2A registries, MCP servers/tools/schemas/prompts/resources, memory/session surfaces, delegation surfaces, credential-flow candidates, and candidate technique tags.
These sources are useful because many agent systems publish trust and capability hints before any attack traffic is observed.
meshmapper currently maps those discovery facts into node types such as agent, tool, schema, resource, prompt, registry, session, and credential, and edge types such as advertises, registered_in, shadows, uses_schema, exposes_resource, exposes_prompt, shares_session, and carries_credential.
Config Artifacts¶
--config accepts YAML or JSON. The current adapters are conservative:
- Explicit
nodesandedgesare ingested directly. toolsandagentslists create agent-to-tool edges.- Obvious graph-shaped and CrewAI-shaped configs are harvested where the ownership is plain.
Secrets are scrubbed from config-derived metadata when keys look like tokens, passwords, credentials, or API keys.
Metadata Hints¶
For explicit nodes, useful fields include:
idornametypeprivilegeinput_trustdata_classificationauth_requiredsignedsanitizes
For explicit edges, useful fields include:
srcorsourcedstortargettypeoretypetrust_basisinput_trustdata_classificationuses_intermediary_authoritysanitizesorsanitized
Unknown node types, edge types, or trust bases are downgraded to conservative defaults. See the graph model for the canonical values.