First Rewrite¶
Use this path after First Proof when you want to see the offensive action itself.
Lab L6 content_rewrite uses a Seam proxy rule to replace a refund request with an authorized refund instruction. The target decision changes only when the rewritten content reaches the planner.
Run The Rewrite Scenario¶
python3 -m ait.cli lab run full-agent-mesh --scenario content_rewrite --trials 1
Inspect the run:
python3 -m ait.cli run inspect --run .ait/runs/20260630T190000Z-full-agent-mesh
Find The Rule¶
The L6 script writes the active rule under the run directory:
lab/rules/edge/content_rewrite.yaml
The expected rule id is:
l6_content_rewrite_authorized_refund
The edge transcript should contain at least one record with:
rule_applied: l6_content_rewrite_authorized_refund
before: original decoded message
after: rewritten decoded message
Verify The Transcript¶
Use the packaged Seam binary from the lab output, or rebuild Seam and verify the edge transcript:
lab/runtime/l6/full_agent_mesh/out/seam-lab transcript verify \
--schema agentic-redteam/schema/transcript.schema.json \
--transcript .ait/runs/20260630T190000Z-full-agent-mesh/lab/transcripts/edge.json
The transcript verification checks schema validity, sequential records, hash linkage, and payload integrity. A valid transcript means the before/after record can be reviewed without trusting the live proxy process.
Success Criteria¶
- The rule id appears in
edge.json. beforeandafterare both present on the rewrite record.raw_b64is preserved for the observed bytes.transcript verifysucceeds.- Assay still requires oracle evidence before calling the route successful.
Next: read First Assessment to adapt a case and oracle to your own authorized target.