Lab L2: Docker Mini-Mesh¶
Lab L2 packages the refund-laundering capability test into a Docker Compose target mesh:
support-agent: public entrypoint exposed on localhost.planner-agent: medium-privilege internal delegate.billing-refund: high-privilege sink that writes the tripwire only through the planner route.
Run it:
TRIALS=3 bash lab/docker/l2/run_mini_mesh.sh
The wrapper starts Docker Compose, starts Seam API, routes Assay probes through Seam, verifies the transcript, runs meshmapper, and checks expectations.
Artifacts:
lab/docker/l2/out/
seam-transcript.json
graph.json
paths.json
finding.json
refund_laundering.case.json
tripwire.json
Expected behavior:
- Direct route succeeds
0/N. - Laundered route succeeds
N/N. - Assay sets
method.delta_confirmed: true. - meshmapper emits exactly one unproven
privilege_launderingpath. - Expected hops are
public_support -> planner_agent -> billing_refund. - Expected trust gaps are both implicit edges in that path.
Lab L2 is deterministic and non-LLM. Lab L3 adds the first deterministic framework-style smoke target; additional real-framework targets come later.