AIT: Agentic Intercept Toolkit¶
An offensive workbench for agent traffic, trust paths, and optional oracle-backed impact validation.
AIT is a set of independent tools for authorized testing of agent-to-agent and agent-to-tool systems. The day-to-day field path starts with Seam: an agent-in-the-middle proxy that captures, rewrites, traces, and validates hash-chained transcripts across HTTP, SSE, WebSocket, and MCP stdio traffic.
The toolkit follows an R/R/R discipline:
- Replicability: rules, probes, scenarios, and commands are saved as artifacts.
- Reproducibility: transcripts and bundles can be checked offline.
- Robustness: techniques are exercised across repeated scenarios before becoming claims.
Authorized testing only
These tools are for systems you own or are explicitly authorized to assess.
Current State¶
- Seam M1-M8 basics are implemented: passive tap, active proxy, session-aware streaming rewrites, stdio wrapping, localhost API, robustness scenarios, operator CLI helpers, richer YAML offense with
mutate.replace, live expected-rule controls, rule-pack artifacts, version output, and release packaging. - Assay M8 plus M5-lite and Report M1 are implemented as optional impact validation: paired and framed cases, deterministic case-family craft/sweep, file tripwire plus callback/read oracles, per-framing and per-technique findings, explicit meshmapper hypothesis binding, robustness scenario sweeps, runtime/model labels, and reports.
- meshmapper M1-M5 is implemented: transcript-to-graph ingestion, multi-source artifact fusion, deterministic graph refs, four unproven hypothesis classes, and topology robustness scenarios.
- Lab L1/L2/L3/L4/L5/L6/L7/L8 are implemented: local, Docker, deterministic framework-style, real LangGraph runtime, content-decision, full-agent-mesh, CrewAI-shaped, and AutoGen-shaped chains that produce Seam transcripts, meshmapper graph/paths, Assay findings, robustness bundles, and reports.
- Professional Range Deployment is now scaffolded as the next lab track: Docker remains the fast path, while Ludus/Proxmox/Ansible become the reusable multi-VM research and presentation path.
- The root
aitworkbench M6 is implemented for scenario-aware lab runs, terminal workbench views, live operator cockpit serving, run inspection, capture setup, assessment runs, report lookup, run manifests, logs, and artifact checksums.
flowchart LR
O[Operator] -->|live tap/proxy/stdio| S[Seam]
S -->|transcript.json| M[meshmapper]
M -->|prioritized paths| O
O -->|when impact evidence is needed| A[Assay]
A -->|/deliver probe| S
A -->|finding.json| F[(validated impact finding)]
A -->|report.md/html| R[(report)]
S -->|robustness bundle| B[(scenario bundle)]
Start with installation, then choose one of three paths:
- Operate: run First Live Tap or First Rewrite to see traffic crossing Seam and mutate a decoded field.
- Map: use meshmapper to turn captured transcripts, Agent Cards, MCP tools, and configs into prioritized trust paths.
- Validate Impact: run the optional First Proof or First Assessment when you need oracle-backed evidence, client reporting, regression checks, or research metrics.
Use the operator cockpit for the browser workspace and Operate / Map / Validate for the workflow split. Move to the professional range when you need a reusable multi-VM environment. The shared contracts are documented under schemas, and the evidence discipline is summarized in R/R/R methodology.
Operator Surface¶
The operator surface has two layers. Seam owns in-path controls for rules, transcripts, profiles, transport work, and offensive rewrite diagnostics. Above that, the root ait workbench supervises the peer tools, manages run directories, captures logs, and collects reports without replacing Seam, Assay, or meshmapper internals. Assay is not required to poison or rewrite traffic; it is used when an operator needs validated impact evidence. See the Workbench, Why Assay Exists, and Roadmap.