meshmapper Targeting¶
meshmapper answers: what should I try next? It consumes captured artifacts and ranks unproven attack paths by privilege, trust gaps, observed traffic, source confidence, rewrite exposure, and proximity to high-impact sinks.
Rank Paths¶
python3 -m ait.cli map suggest --run .ait/runs/<run> --limit 5
Filters are useful once a run has many paths.
python3 -m ait.cli map suggest \
--run .ait/runs/<run> \
--class injection_propagation \
--target billing \
--json
Each suggestion includes:
- priority score and reasons;
- entry, target, and hops;
- related Seam traffic rows;
- candidate Seam rule families to try next;
- proof status if Assay has already validated related transcript refs.
Candidate Rule Families¶
meshmapper does not attack by itself. It points the operator at likely Seam families:
a2a-content-rewritefor delegated A2A message content;mcp-tool-result-injectionfor planner decisions based on tool results;memory-context-propagationfor blackboard/context-mediated paths;a2a-agent-card-spooffor unsigned or implicit identity trust;negative-controlto prove the rule pack is not matching everything.
Launch A Seam Operation From A Path¶
Use ait map launch when a path looks worth trying and you want a concrete
Seam command instead of manually stitching listener, upstream, rules, and
expectations together.
python3 -m ait.cli map launch \
--run .ait/runs/<run> \
--hypothesis-id <hypothesis-id> \
--rule-family a2a-content-rewrite
The command writes a launch artifact under workbench/map-launches/ with the
selected hypothesis, rule family, expected rule, decoded fields, missing network
fields, and exact ait operate proxy command.
Launch artifacts are lifecycle records, not just one-off notes. They carry a
stable launch_id, state, attempts, logs, recovery hints, linked operate run,
transcript paths, and timestamps. Use the lifecycle commands when a launch needs
to be reviewed or retried.
python3 -m ait.cli map launch list --run .ait/runs/<run>
python3 -m ait.cli map launch status --run .ait/runs/<run> --launch-id <launch-id>
Retry a failed or incomplete launch with missing listener/upstream values filled
in. --execute turns the recovered plan into an ait operate proxy run.
python3 -m ait.cli map launch retry \
--run .ait/runs/<run> \
--launch-id <launch-id> \
--listen 127.0.0.1:8460 \
--upstream http://127.0.0.1:8660 \
--execute \
--serve
Run an already-planned launch explicitly when the plan is complete. This is the same action the cockpit Map tab uses when you click execute.
python3 -m ait.cli map launch execute \
--run .ait/runs/<run> \
--launch-id <launch-id> \
--serve
Execute immediately only when the target listener/upstream are known.
python3 -m ait.cli map launch \
--run .ait/runs/<run> \
--hypothesis-id <hypothesis-id> \
--rule-family mcp-tool-result-injection \
--upstream http://127.0.0.1:8500 \
--execute \
--serve
Cockpit Use¶
Open Map, select a hypothesis, then inspect:
- priority score and reasons;
- observed/inferred/cooperative source badges;
- graph path highlight;
- related traffic rows;
- candidate Seam rules;
- saved launch plans and launch action history;
- execute/retry controls that create linked operate runs;
- optional binding scaffold if you decide to validate impact with Assay.
The graph is targeting intelligence. It becomes proof only when Assay observes a side effect through an oracle.