Skip to content

Getting Started

Start with live operation, then add mapping and validation when they help. AIT is easiest to understand when you see Seam traffic first, then inspect how meshmapper turns artifacts into targeting paths, then use Assay only when you need oracle-backed impact evidence.

Recommended path:

  1. Install local dependencies.
  2. Use First Live Tap to watch a transcript as traffic crosses Seam.
  3. Read First Rewrite to see the Seam before/after record.
  4. Read Operate / Map / Validate to understand the three tool roles.
  5. Run First Proof when you want the full optional validation chain with Lab L6 content_rewrite.
  6. Read First Assessment to adapt a case and oracle to an authorized local target.
  7. Use Artifact Map and Reading Evidence to understand the files.
  8. Keep Troubleshooting nearby for ports, Docker, schema paths, zero rule matches, and oracle failures.

The older First Capture path is still useful when you only want passive observation. It does not validate an impact claim by itself.

No transparent TLS interception

Seam sees traffic that is explicitly routed to it. It is not a transparent TLS interception appliance. For HTTPS systems, use an authorized test mode or local fixture where Seam receives plaintext application traffic.