Meta-Harness Architecture for Offensive Operations
Routing between specialized offensive harnesses. The Alias Robotics CSI model.
A single monolithic offensive harness is the wrong architecture when work spans multiple domains. It fails for the same three reasons a single CTF agent fails — context pollution, reasoning drift, token waste — at the union of every domain. The cure is the meta-harness plus specialized sub-harnesses.
The local proxy is the load-bearing design decision. Every sub-harness talks to the same endpoint. The proxy owns the security primitives, scope enforcement, evidence logging, and rate limiting. A sub-harness cannot bypass it — the proxy is the only thing it can reach.
The five security primitives MUST live at the meta-harness level — scope enforcement, evidence collection, kill chain state, signal/noise filtering, RoE enforcement — applied regardless of which sub-harness is executing. You do not control the sub-harnesses; the proxy is the wrap.
InjecAgent is a pass/fail gate, not a performance metric. A single executed injected command is a fail, regardless of detection rate. Fix injection resistance before benchmarking anything else — the failure mode is catastrophic.