Skip to content

meshmapper Targeting

meshmapper answers: what should I try next? It consumes captured artifacts and ranks unproven attack paths by privilege, trust gaps, observed traffic, source confidence, rewrite exposure, and proximity to high-impact sinks.

Rank Paths

python3 -m ait.cli map suggest --run .ait/runs/<run> --limit 5

Filters are useful once a run has many paths.

python3 -m ait.cli map suggest \
  --run .ait/runs/<run> \
  --class injection_propagation \
  --target billing \
  --json

Each suggestion includes:

  • priority score and reasons;
  • entry, target, and hops;
  • related Seam traffic rows;
  • candidate Seam rule families to try next;
  • proof status if Assay has already validated related transcript refs.

Candidate Rule Families

meshmapper does not attack by itself. It points the operator at likely Seam families:

  • a2a-content-rewrite for delegated A2A message content;
  • mcp-tool-result-injection for planner decisions based on tool results;
  • memory-context-propagation for blackboard/context-mediated paths;
  • a2a-agent-card-spoof for unsigned or implicit identity trust;
  • negative-control to prove the rule pack is not matching everything.

Launch A Seam Operation From A Path

Use ait map launch when a path looks worth trying and you want a concrete Seam command instead of manually stitching listener, upstream, rules, and expectations together.

python3 -m ait.cli map launch \
  --run .ait/runs/<run> \
  --hypothesis-id <hypothesis-id> \
  --rule-family a2a-content-rewrite

The command writes a launch artifact under workbench/map-launches/ with the selected hypothesis, rule family, expected rule, decoded fields, missing network fields, and exact ait operate proxy command.

Launch artifacts are lifecycle records, not just one-off notes. They carry a stable launch_id, state, attempts, logs, recovery hints, linked operate run, transcript paths, and timestamps. Use the lifecycle commands when a launch needs to be reviewed or retried.

python3 -m ait.cli map launch list --run .ait/runs/<run>
python3 -m ait.cli map launch status --run .ait/runs/<run> --launch-id <launch-id>

Retry a failed or incomplete launch with missing listener/upstream values filled in. --execute turns the recovered plan into an ait operate proxy run.

python3 -m ait.cli map launch retry \
  --run .ait/runs/<run> \
  --launch-id <launch-id> \
  --listen 127.0.0.1:8460 \
  --upstream http://127.0.0.1:8660 \
  --execute \
  --serve

Run an already-planned launch explicitly when the plan is complete. This is the same action the cockpit Map tab uses when you click execute.

python3 -m ait.cli map launch execute \
  --run .ait/runs/<run> \
  --launch-id <launch-id> \
  --serve

Execute immediately only when the target listener/upstream are known.

python3 -m ait.cli map launch \
  --run .ait/runs/<run> \
  --hypothesis-id <hypothesis-id> \
  --rule-family mcp-tool-result-injection \
  --upstream http://127.0.0.1:8500 \
  --execute \
  --serve

Cockpit Use

Open Map, select a hypothesis, then inspect:

  • priority score and reasons;
  • observed/inferred/cooperative source badges;
  • graph path highlight;
  • related traffic rows;
  • candidate Seam rules;
  • saved launch plans and launch action history;
  • execute/retry controls that create linked operate runs;
  • optional binding scaffold if you decide to validate impact with Assay.

The graph is targeting intelligence. It becomes proof only when Assay observes a side effect through an oracle.