Full Agent Mesh Scenarios¶
Lab L6 is the canonical multi-service demo and research fixture. It runs deterministic services for support, planner, memory, MCP tools, billing, and untrusted ticket data.
content_rewrite¶
Threat model: an in-path Seam proxy rewrites a complete A2A message so the planner sees an authorized refund instruction.
python3 -m ait.cli demo full-agent-mesh --scenario content_rewrite --trials 1
Expected result:
- baseline direct and laundered routes refuse before the rewrite
- edge transcript contains
l6_content_rewrite_authorized_refund - billing writes the tripwire after the rewritten route
- Assay reports
delta_confirmed=True
Inspect next:
lab/transcripts/edge.json
lab/finding.json
lab/report/report.md
ait workbench serve --run .ait/runs/<run-id>
tool_result_injection¶
Threat model: the planner calls an MCP tool broker, and an internal Seam WebSocket proxy rewrites a complete MCP tool result.
python3 -m ait.cli lab run full-agent-mesh --scenario tool_result_injection --trials 1
Expected result:
- planner-MCP transcript contains
l6_mcp_tool_result_policy_injection - planner accepts the rewritten tool result
- billing writes the tripwire
- Assay confirms the side effect through the file oracle
ait workbench serve --run <run>shows the planner-MCP transcript, rule rewrite count, and robustness summary
Inspect next:
lab/transcripts/planner-mcp.json
lab/finding.json
lab/robustness/tool_result_injection/summary.json
memory_context¶
Threat model: untrusted ticket context reaches blackboard memory and influences a later privileged decision.
python3 -m ait.cli lab run full-agent-mesh --scenario memory_context --trials 1
Expected result:
- planner-memory transcript records memory reads or writes
- sanitized negative control refuses
- unsanitized laundered path reaches billing
- meshmapper emits
injection_propagation
Inspect next:
lab/transcripts/planner-memory.json
lab/safe-negative.json
lab/paths.json
all¶
Threat model: run the three L6 scenarios in one lab invocation and keep per-scenario findings.
python3 -m ait.cli lab run full-agent-mesh --scenario all --trials 1
Expected result:
lab/findings/content_rewrite.jsonlab/findings/tool_result_injection.jsonlab/findings/memory_context.jsonlab/finding.jsoncopied from the primary scenario for report rendering
Use all for demo preparation and broad local regression. Use a single scenario while debugging.
Cross-Run Comparison¶
After running L6 alongside L5/L7/L8, compare the completed run folders:
python3 -m ait.cli compare \
--runs .ait/runs/l6-content .ait/runs/l7-crewai .ait/runs/l8-autogen \
--out .ait/runs/lab-comparison.json
The comparison keeps graph refs, hypothesis classes, rewrite counts, findings, robustness summaries, and report links in one JSON artifact.