Skip to content

Troubleshooting

Docker Or Lab Startup Fails

Check for port conflicts first. Lab L6 uses host ports in the 8460 to 8465 and 8660 to 8665 ranges by default.

lsof -iTCP -sTCP:LISTEN | rg '846|866'

If a previous lab was interrupted, stop the compose project:

docker compose -p ait_l6_full_agent_mesh -f lab/runtime/l6/full_agent_mesh/docker-compose.yml down -v

No Rule Matches

Check the transcript before checking the target. A rewrite run should show a rule_applied value.

python3 -m ait.cli run inspect --run .ait/runs/<run-id>

If rule match count is zero:

  • confirm you ran the intended scenario
  • confirm the proxy mode is active, not passive tap
  • confirm the rule path was loaded
  • confirm the message is complete and decoded
  • confirm the rule path matches the decoded field shape

Missing Report

ait report looks for lab/report/report.md or reports/report.md.

python3 -m ait.cli report --run .ait/runs/<run-id>

If no report exists, inspect logs/lab.log and confirm the Assay report render step completed.

Schema Or Hash Verification Fails

Use the shared schema path from the repo root:

agentic-redteam/seam/seam transcript verify \
  --schema agentic-redteam/schema/transcript.schema.json \
  --transcript out.json

Failures usually mean the file was truncated, edited by hand, written by an older schema version, or captured with a missing schema path.

Oracle Did Not Observe The Side Effect

Assay will not accept agent text as proof. Check:

  • the oracle file or callback endpoint was reset before each route
  • the target actually writes the tripwire on success
  • direct and laundered routes are reaching the same target surface
  • the expected string or JSON field matches what the target writes

HTTPS Or TLS Confusion

Seam is not a transparent TLS interception appliance. Route plaintext test traffic through Seam explicitly, or configure a target/client test mode where Seam receives HTTP, SSE, WebSocket, or stdio application traffic directly.

Remote Bind Or API Access Fails

Hardened defaults prefer loopback. Remote listeners, remote intercepts, redirects, and API tokens must be configured explicitly for authorized ranges. Profiles are convenience presets, not hidden permission systems; direct flags remain authoritative.