Skip to content

Full Agent Mesh Scenarios

Lab L6 is the canonical multi-service demo and research fixture. It runs deterministic services for support, planner, memory, MCP tools, billing, and untrusted ticket data.

content_rewrite

Threat model: an in-path Seam proxy rewrites a complete A2A message so the planner sees an authorized refund instruction.

python3 -m ait.cli demo full-agent-mesh --scenario content_rewrite --trials 1

Expected result:

  • baseline direct and laundered routes refuse before the rewrite
  • edge transcript contains l6_content_rewrite_authorized_refund
  • billing writes the tripwire after the rewritten route
  • Assay reports delta_confirmed=True

Inspect next:

lab/transcripts/edge.json
lab/finding.json
lab/report/report.md
ait workbench serve --run .ait/runs/<run-id>

tool_result_injection

Threat model: the planner calls an MCP tool broker, and an internal Seam WebSocket proxy rewrites a complete MCP tool result.

python3 -m ait.cli lab run full-agent-mesh --scenario tool_result_injection --trials 1

Expected result:

  • planner-MCP transcript contains l6_mcp_tool_result_policy_injection
  • planner accepts the rewritten tool result
  • billing writes the tripwire
  • Assay confirms the side effect through the file oracle
  • ait workbench serve --run <run> shows the planner-MCP transcript, rule rewrite count, and robustness summary

Inspect next:

lab/transcripts/planner-mcp.json
lab/finding.json
lab/robustness/tool_result_injection/summary.json

memory_context

Threat model: untrusted ticket context reaches blackboard memory and influences a later privileged decision.

python3 -m ait.cli lab run full-agent-mesh --scenario memory_context --trials 1

Expected result:

  • planner-memory transcript records memory reads or writes
  • sanitized negative control refuses
  • unsanitized laundered path reaches billing
  • meshmapper emits injection_propagation

Inspect next:

lab/transcripts/planner-memory.json
lab/safe-negative.json
lab/paths.json

all

Threat model: run the three L6 scenarios in one lab invocation and keep per-scenario findings.

python3 -m ait.cli lab run full-agent-mesh --scenario all --trials 1

Expected result:

  • lab/findings/content_rewrite.json
  • lab/findings/tool_result_injection.json
  • lab/findings/memory_context.json
  • lab/finding.json copied from the primary scenario for report rendering

Use all for demo preparation and broad local regression. Use a single scenario while debugging.

Cross-Run Comparison

After running L6 alongside L5/L7/L8, compare the completed run folders:

python3 -m ait.cli compare \
  --runs .ait/runs/l6-content .ait/runs/l7-crewai .ait/runs/l8-autogen \
  --out .ait/runs/lab-comparison.json

The comparison keeps graph refs, hypothesis classes, rewrite counts, findings, robustness summaries, and report links in one JSON artifact.