m5c CLI
m5c is the Mach5 developer CLI for building AI-native data applications as source-controlled packages. Use it to define semantic data interfaces, map raw sources into those interfaces, author detection content, validate fixtures, lower packages into deployable bundles, and apply or export resources from a Mach5 namespace.
What m5c manages
m5c works with these package concepts:
| Concept | Purpose |
|---|---|
| Workspaces and packages | Organize source, shared contracts, modules, tests, and app resources. |
| Data contracts | Define stable app-facing schemas, grain, keys, time semantics, quality, lineage, and sensitivity. |
| Data modules | Describe providers and source modules that can satisfy one or more contracts. |
| Contract mappings | Convert raw source fields into contract-shaped records and test the conversion. |
| Detection families | Define reusable detector shapes and lowering templates. |
| Detections | Author detection rules with requirements, matchers, output, ATT&CK labels, lifecycle, and promotion metadata. |
| Detection imports | Import foreign rule formats, including Sigma, into Mach5 Detection IR previews. |
| App bundles | Validate, install, upgrade, list, inspect, export, and delete declarative app bundles. |
| MCP server | Expose local package authoring tools to MCP-compatible agents. |
| Smoke tests | Run runtime smoke scenarios against lowered bundles. |
| Command reference | Quick reference for the m5c command set. |
Development loop
A typical local loop is:
m5c validate apps/security-analytics --workspace --offline
m5c test apps/security-analytics --workspace
m5c build apps/security-analytics --out dist
m5c lower apps/security-analytics --dev --out lowered
m5c bundle validate lowered/security-detections --namespace dev
m5c bundle apply lowered/security-detections --namespace dev --dry-run
Use validate and test before lowering. Use bundle validate and --dry-run before applying to a live namespace.
Local source, deployable output
Package source is the authoring source of truth. Lowered output is deployable output.
- Keep contracts, modules, mappings, detections, imports, resources, and fixtures in source control.
- Treat generated bundles and reports as build artifacts unless your team explicitly promotes them.
- Use app bundles as the deployment unit for Mach5 resources.
Remote command configuration
Remote commands such as apply, bundle, export, and managed smoke use Mach5 connection settings.
m5c --endpoint https://mach5.example.com --token "$MACH5_TOKEN" bundle list --namespace prod
You can also use:
--configorMACH5_CONFIGfor a config file path.--endpointorMACH5_ENDPOINTfor the Mach5 API endpoint.--tokenorMACH5_TOKENfor the authorization token payload.