MCP tools (27)
The complete typed API exposed by mcp/server.js. Every agent in every harness calls these tools to read or mutate state. All over stdio JSON-RPC, no dependencies.
HTTP
| Tool | Purpose |
|---|
mantis_http_scan | The only network-touching tool. Issues an HTTP request, auto-runs analyzeResponse (tech fingerprint, security headers, secret detection, endpoint extraction). Honors auth_profile for attacker/victim role injection. |
FSM lifecycle
| Tool | Purpose |
|---|
mantis_init_session | Creates ~/mantis-sessions/<domain>/state.json with phase=RECON. |
mantis_read_session_state | Reads full state (with arrays). Use only when you need the actual dead_ends / waf_blocked lists. |
mantis_read_state_summary | Compact (~500 token) state view. Use for routine wave decisions. |
mantis_transition_phase | Validates and applies a phase transition. Only legal edges allowed. |
Findings
| Tool | Purpose |
|---|
mantis_record_finding | Append a finding to findings.jsonl with a canonical ID (F-N). Validates schema, severity, wave/agent assignment. |
mantis_read_findings | Full read of all findings. |
mantis_list_findings | Compact list (id, severity, title, endpoint). |
Wave dispatch
| Tool | Purpose |
|---|
mantis_start_wave | Writes wave-N-assignments.json mapping agents to surface IDs. Sets pending_wave. |
mantis_apply_wave_merge | Deterministically reconciles a completed wave: explored / dead_ends / waf_blocked / lead_surface_ids. |
mantis_write_wave_handoff | Per-hunter authoritative handoff (JSON + markdown mirror). |
mantis_wave_handoff_status | Returns received / missing / unexpected agents for a wave. |
mantis_merge_wave_handoffs | Lower-level merge for cross-session reconciliation. |
mantis_wave_status | Coverage % + finding summary for wave decisions. |
mantis_read_hunter_brief | Single-call spawn briefing: assigned surface + bypass table + exclusions filtered to that surface. |
mantis_log_dead_ends | Live dead-end logging during a wave (survives maxTurns). |
Multi-Step Evidence
| Tool | Purpose |
|---|
mantis_write_verification_round | Write a round's results. Validates completeness (round 2/3 must cover all round 1 findings). |
mantis_read_verification_round | Read a specific round's results. |
Grade + report
| Tool | Purpose |
|---|
mantis_write_grade_verdict | 5-axis scores + SUBMIT/HOLD/SKIP. Drops proof_quality below threshold if Multi-Step Evidence is incomplete. |
mantis_read_grade_verdict | Read the grader's output. |
Cross-session handoff
| Tool | Purpose |
|---|
mantis_write_handoff | Write SESSION_HANDOFF.md for cross-session resume hints. |
mantis_read_handoff | Read the handoff. |
| Tool | Purpose |
|---|
mantis_auth_store | Store an auth profile (headers, cookies, localStorage) for a role. |
mantis_auth_manual | Legacy single-profile auth storage. |
mantis_signup_detect | Probe target for signup endpoints + CAPTCHA detection (parallel fetch). |
mantis_temp_email | Disposable email: create / poll / extract verification codes (mail.tm with guerrillamail fallback). |
mantis_auto_signup | Browser-based signup via patchright + CapSolver. |
Standard MCP over stdio. Discovery:
{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2024-11-05","capabilities":{},"clientInfo":{"name":"my-runner","version":"1"}}}
{"jsonrpc":"2.0","id":2,"method":"tools/list","params":{}}
Calling a tool:
{"jsonrpc":"2.0","id":3,"method":"tools/call","params":{"name":"mantis_init_session","arguments":{"target_domain":"example.com","target_url":"https://example.com"}}}
See adapters/raw-mcp.md for the full integration guide for custom runners.