Skip to content

meshmapper Ingestion

meshmapper builds one graph from observed traffic, discovery artifacts, and saved configuration. Sources are fused deterministically, and each observation keeps a source_ref back to the input file.

Seam Transcripts

Seam transcripts provide observed edges: who called whom, what protocol was used, what message kind was seen, and whether a rewrite happened.

meshmapper reads both before and rewritten after messages. It also honors optional decoded metadata under meshmapper or mesh keys when a lab or fixture wants to declare logical nodes and edges explicitly.

Discovery Artifacts

Endpoint inventories from aipostex can describe public or authenticated endpoints. New aipostex.attack_surface artifacts add Agent Cards, A2A registries, MCP servers/tools/schemas/prompts/resources, memory/session surfaces, delegation surfaces, credential-flow candidates, and candidate technique tags.

These sources are useful because many agent systems publish trust and capability hints before any attack traffic is observed.

meshmapper currently maps those discovery facts into node types such as agent, tool, schema, resource, prompt, registry, session, and credential, and edge types such as advertises, registered_in, shadows, uses_schema, exposes_resource, exposes_prompt, shares_session, and carries_credential.

Config Artifacts

--config accepts YAML or JSON. The current adapters are conservative:

  • Explicit nodes and edges are ingested directly.
  • tools and agents lists create agent-to-tool edges.
  • Obvious graph-shaped and CrewAI-shaped configs are harvested where the ownership is plain.

Secrets are scrubbed from config-derived metadata when keys look like tokens, passwords, credentials, or API keys.

Metadata Hints

For explicit nodes, useful fields include:

  • id or name
  • type
  • privilege
  • input_trust
  • data_classification
  • auth_required
  • signed
  • sanitizes

For explicit edges, useful fields include:

  • src or source
  • dst or target
  • type or etype
  • trust_basis
  • input_trust
  • data_classification
  • uses_intermediary_authority
  • sanitizes or sanitized

Unknown node types, edge types, or trust bases are downgraded to conservative defaults. See the graph model for the canonical values.