Skip to main content

Backend-agnostic cyber range scenario description language and runtime.

Project description

Agentic Cyber Environment System

Agentic Cyber Environment System (ACES) is a backend-agnostic scenario description language, Python reference implementation, and contract surface for cyber range scenarios and experiments.

The repository separates authored scenario meaning from processors, backends, participant implementations, runtime state, and archived evidence. In the current implementation, an SDL document can be parsed, validated, instantiated, compiled into runtime models, and checked against published backend contracts without binding the authored scenario to one cloud, range implementation, or execution harness.

This is an academic and engineering project. The repository is intended to be read, tested, and used as reference implementation code, not treated as a product surface.

The repository is not a managed cyber range and does not include a production backend. Backend contracts, stubs, conformance checks, and examples are present; real deployment backends remain separate implementations.

A worked example of ACES SDL driving a concrete range is APTL (Advanced Purple Team Lab), a separate project that specifies its scenarios as ACES SDL documents and realizes the selected topology on a Docker Compose backend.

Contents

What ACES SDL Describes

An SDL file is a declarative scenario document. It can describe topology, hosts, services, identities, content, relationships, agents, objectives, workflows, variables, and evaluation material without directly describing a specific backend's infrastructure primitives.

name: hospital-ransomware-surgery-day
description: Surgery-day ransomware exercise for a regional hospital.

variables:
  surgery_day_speed:
    type: number
    default: 1.0

nodes:
  internet-edge:
    type: Switch
    description: Public ingress for email, VPN, and external access

  mail-gateway:
    type: VM
    os: linux
    source: secure-mail-gateway
    resources: {ram: 2 gib, cpu: 1}
    services:
      - {port: 25, name: smtp-inbound}
    roles: {mail-admin: postfix}

Complete examples live in examples/scenarios/. Reusable non-normative templates and patterns are indexed by examples/library/catalog.yaml.

Getting Started

Prerequisites:

  • Python 3.11 or newer
  • uv
  • nox for the repository verification graph, or uvx nox without a separate install

Set up the Python reference implementation:

git clone https://github.com/Brad-Edwards/aces.git
cd aces/implementations/python
uv sync --all-extras
uv run aces --help

Using the Python Reference Implementation

Parse and validate a scenario from Python:

from pathlib import Path

from aces_sdl import parse_sdl_file

scenario = parse_sdl_file(
    Path("../../examples/scenarios/hospital-ransomware-surgery-day.sdl.yaml")
)

for advisory in scenario.advisories:
    print(advisory)

Run the CLI from implementations/python:

uv run aces sdl resolve ../../examples/scenarios/hospital-ransomware-surgery-day.sdl.yaml
uv run aces sdl verify-imports ../../examples/scenarios/hospital-ransomware-surgery-day.sdl.yaml
uv run aces sdl publish ../../examples/scenarios/hospital-ransomware-surgery-day.sdl.yaml
uv run aces processor --help
uv run aces conformance --help
uv run aces-mcp

Repository Layout

  • specs/ - normative prose and formal specification material
  • contracts/ - published schemas, fixtures, manifests, and profiles
  • implementations/ - reference implementations and their local tooling
  • examples/ - worked SDL scenario examples plus reusable authoring templates and patterns
  • docs/ - explanatory documentation, API docs, and architecture decisions
  • research/ - supporting literature and reference ecosystem material
  • tools/ - repository maintenance, policy, and publication tooling
  • changelog.d/ - towncrier release note fragments

Lineage

For a dimension-by-dimension comparison against these systems — what ACES expresses that they do not, and where they still lead ACES — see Related-Work Comparison.

Documentation

The documentation source is under docs/. Important entry points:

Verification

nox is the canonical verification graph. From the repository root:

uvx nox -s verify
uvx nox -s tests
uvx nox -l

The full verify session runs the project checks expected for pull requests, including repository policy, generated artifact checks, tests, and docs.

Contributing

Contributions are welcome where they improve the language, reference implementation, contracts, tests, examples, or documentation. Start with CONTRIBUTING.md.

Language and contract changes should be discussed before implementation because small SDL changes can affect validation, generated schemas, backend conformance, and existing scenario examples.

Versioning

The Python package currently declares its version in implementations/python/pyproject.toml. Release notes are collated from towncrier fragments in changelog.d/. Do not hand-edit CHANGELOG.md.

Published JSON Schemas use versioned contract identifiers such as sdl-authoring-input-v1, but the suffix is not the same as a stability promise. The authoritative schema publication manifest records each schema's draft or stable stability class and canonical content hash. Current checked-in schemas are draft until a maintainer explicitly promotes them; stable breaking changes must mint a new schema version as described in ADR-061.

Maintainers

Citation

If you use ACES SDL in academic work, cite the repository:

@software{aces_sdl,
  author       = {Edwards, Brad},
  title        = {ACES SDL: Backend-Agnostic Scenario Description Language for Cyber Range Experiments},
  year         = {2026},
  license      = {MIT},
  url          = {https://github.com/Brad-Edwards/aces}
}

License

Released under the MIT License. See LICENSE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

aces_sdl-0.19.1.tar.gz (1.3 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

aces_sdl-0.19.1-py3-none-any.whl (1.1 MB view details)

Uploaded Python 3

File details

Details for the file aces_sdl-0.19.1.tar.gz.

File metadata

  • Download URL: aces_sdl-0.19.1.tar.gz
  • Upload date:
  • Size: 1.3 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for aces_sdl-0.19.1.tar.gz
Algorithm Hash digest
SHA256 8a8d1a3e0b0717cddf2d342fef70eeeb6d123cbddff592cfa72e421cb8011fa7
MD5 a46ce92cdf8a60c2b0253e27b48d09d1
BLAKE2b-256 0c22d289c7667d271732af8783f4b7d24e47e6506d94e2581ae47804b686fb04

See more details on using hashes here.

Provenance

The following attestation bundles were made for aces_sdl-0.19.1.tar.gz:

Publisher: release-please.yml on Brad-Edwards/aces

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file aces_sdl-0.19.1-py3-none-any.whl.

File metadata

  • Download URL: aces_sdl-0.19.1-py3-none-any.whl
  • Upload date:
  • Size: 1.1 MB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for aces_sdl-0.19.1-py3-none-any.whl
Algorithm Hash digest
SHA256 727e10a5eb83cfa3fe8b4bb9abcbabe2b24e6497427d5943decc1d2a4ec1e1cf
MD5 32dbfa80dbea42bb6d241690d1be3cc2
BLAKE2b-256 af75f94651cc43cf4696c7cd7bceb2f3c7042ab672a04fb209b29a3ccea0a6f3

See more details on using hashes here.

Provenance

The following attestation bundles were made for aces_sdl-0.19.1-py3-none-any.whl:

Publisher: release-please.yml on Brad-Edwards/aces

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page