Module S05 — Meta-Harness Architecture for Offensive Operations

Meta-Harness Architecture for Offensive Operations

Routing between specialized offensive harnesses. The Alias Robotics CSI model.

60
minutes
8
artifacts
3
sub-sections
A thin orchestration layer that classifies tasks, routes between specialized sub-harnesses (CAI, Claude Code, Codex CLI) through a local proxy, enforces the five security primitives at the proxy boundary, and is benchmarked against a repeatable lab with InjecAgent as the pass/fail gate. The architecture that ties S02, S03, and S04 together without collapsing into one incoherent super-harness.
Key Claims
Load-Bearing Claims

A single monolithic offensive harness is the wrong architecture when work spans multiple domains. It fails for the same three reasons a single CTF agent fails — context pollution, reasoning drift, token waste — at the union of every domain. The cure is the meta-harness plus specialized sub-harnesses.

The local proxy is the load-bearing design decision. Every sub-harness talks to the same endpoint. The proxy owns the security primitives, scope enforcement, evidence logging, and rate limiting. A sub-harness cannot bypass it — the proxy is the only thing it can reach.

The five security primitives MUST live at the meta-harness level — scope enforcement, evidence collection, kill chain state, signal/noise filtering, RoE enforcement — applied regardless of which sub-harness is executing. You do not control the sub-harnesses; the proxy is the wrap.

InjecAgent is a pass/fail gate, not a performance metric. A single executed injected command is a fail, regardless of detection rate. Fix injection resistance before benchmarking anything else — the failure mode is catastrophic.

After This Module
01
Explain why a single monolithic offensive harness fails across multiple domains and design a meta-harness that routes between sub-harnesses through a local proxy (the CSI architecture).
02
Specify the meta-harness's four responsibilities (task classification, harness selection, telemetry aggregation, cost control) and the shared engagement context all sub-harnesses read.
03
Identify the five security primitives that must live at the meta-harness level and defend why each cannot be delegated to a sub-harness.
04
Implement a security-primitive middleware that wraps any sub-harness and adds scope enforcement and evidence collection without modifying its code.
05
Define the six benchmarking metrics and run InjecAgent as a pass/fail gate before offensive benchmarking.
Artifacts