Open Source

A command-line tool for breaking agent infrastructure on purpose. It points real attack traffic at A2A and MCP servers, the protocols agents use to reach their tools and each other, and tells you what actually broke.

It looks at the things specific to these protocols and easy to get wrong. OAuth scope and audience binding. Signed agent cards. Push-notification callbacks that turn into SSRF. Task and session IDs that bleed across tenants.

$ go install github.com/calbebop/batesian/cmd/batesian@latest
$ batesian scan --target https://agent.example.com --output sarif

25 rules so far (14 A2A, 11 MCP), each tied to a CWE and a fix. Go, Apache 2.0. It sends real attacks, so only run it against targets you're authorized to test.

→ github.com/calbebop/batesian

Rule-pack updates and release notes land in ~/transmissions tagged oss.