Range Topology¶
The professional range mirrors Lab L6 but separates services into VMs according
to the selected profile. standard is the default; it groups low-risk services
while keeping the privileged sink separate. full-split expands each role into
its own VM.
Standard Profile¶
flowchart LR
O[operator VM] -->|AIT cockpit / Seam / Assay| SP[support-planner VM]
SP --> SV[services VM: memory + MCP + ticket]
SP --> BR[billing-refund VM]
SV --> SP
BR --> TW[(tripwire/oracle)]
Full-Split Profile¶
flowchart LR
O[operator VM] -->|AIT cockpit / Assay| S0[Seam edge intercept]
S0 --> SA[support-agent VM]
SA --> S1[Seam support-planner]
S1 --> PA[planner-supervisor VM]
PA --> S2[Seam planner-memory]
S2 --> MB[memory-blackboard VM]
PA --> S3[Seam planner-MCP]
S3 --> MCP[mcp-tool-broker VM]
PA --> S4[Seam planner-billing]
S4 --> BR[billing-refund VM]
TS[ticket-source VM] --> PA
BR --> TW[(tripwire/oracle)]
VM Roles¶
| VM | Purpose | Primary Evidence |
|---|---|---|
| operator | runs ait, Assay, meshmapper, reports, and cockpit |
run manifest, reports |
| seam-intercept | optional central intercept point, included in full-split |
transcript files, rule summaries |
| support-planner | standard-profile combined support and planner host | edge A2A records, planner decisions |
| range-services | standard-profile memory, MCP, and untrusted ticket services | memory/MCP/source records |
| support-agent | exposed A2A entrypoint | edge A2A records |
| planner-supervisor | delegation and decision logic | A2A, MCP, memory records |
| memory-blackboard | shared memory/context store | reads/writes and trust edges |
| mcp-tool-broker | MCP JSON-RPC tools and results | tools/list, tools/call, tool results |
| billing-refund | privileged sink | tripwire writes |
| ticket-source | untrusted external data | injection propagation source |
What Good Looks Like¶
- Seam records every routed A2A/MCP/HTTP flow.
- meshmapper separates observed edges from lab metadata and static config.
- Assay proves impact only through a side-effect oracle.
- The cockpit shows host/flow boundaries, rule rewrites, graph paths, and proof status.