Assay Operator Guide¶
Assay is the optional impact-validation runner. It sends direct and laundered probes through Seam only when you need oracle-observed evidence that a technique caused a side effect.
Core Workflow¶
- Operate with Seam until the traffic path and rule behavior are understood.
- Choose or write a case only if the claim needs validation.
- Run trials with a file, callback, or privileged-read oracle.
- Inspect
finding.json. - Render a report when the finding needs to be shared.
python3 -m assay.cli run \
--case cases/refund_tripwire.yaml \
--seam http://127.0.0.1:8401 \
--out finding.json \
--trials 3
Case Authoring¶
A case defines:
- direct baseline route
- one or more laundered framings
- oracle configuration
- optional variables and hypothesis binding metadata
Direct should fail for the claim being tested. Laundered should succeed only when the side effect is real.
Framings And Craft¶
Use framed cases for delegated subtask, tool response, authority spoof, prompt laundering, indirect instruction, and value-echo patterns. Use assay craft when you want a reproducible case family from saved technique corpora.
python3 -m assay.cli craft \
--intent refund \
--techniques techniques/agentic.yaml \
--vars vars/refund.yaml \
--out cases/refund_family.yaml
Before running a generated family, inspect it:
python3 -m assay.cli craft inspect --case-family cases/refund_family.yaml
python3 -m assay.cli craft list-techniques --techniques techniques/agentic.yaml
See the craft guide for the saved artifact shape, technique and mutation matrix, and negative-control reporting.
Verdicts¶
The main differential signal is:
direct successes = 0
laundered successes > 0
method.delta_confirmed = true
Agent claims never count as evidence. The oracle observation is the evidence. If you only need to capture or rewrite traffic, stay in Seam.
Robustness¶
Use robustness sweeps when you need to show a finding survives route order, repetitions, variables, case variants, runtime labels, or model-profile labels supplied by labs.