Backend-agnostic cyber range scenario description language and runtime.
Project description
Agentic Cyber Environment System
Agentic Cyber Environment System (ACES) is a backend-agnostic scenario description language, Python reference implementation, and contract surface for cyber range scenarios and experiments.
The repository separates authored scenario meaning from processors, backends, participant implementations, runtime state, and archived evidence. In the current implementation, an SDL document can be parsed, validated, instantiated, compiled into runtime models, and checked against published backend contracts without binding the authored scenario to one cloud, range implementation, or execution harness.
This is an academic and engineering project. The repository is intended to be read, tested, and used as reference implementation code, not treated as a product surface.
The repository is not a managed cyber range and does not include a production backend. Backend contracts, stubs, conformance checks, and examples are present; real deployment backends remain separate implementations.
A worked example of ACES SDL driving a concrete range is APTL (Advanced Purple Team Lab), a separate project that specifies its scenarios as ACES SDL documents and realizes the selected topology on a Docker Compose backend.
Contents
- What ACES SDL Describes
- Getting Started
- Using the Python Reference Implementation
- Repository Layout
- Lineage
- Documentation
- Verification
- Contributing
- Versioning
- Citation
- License
- Maintainer
What ACES SDL Describes
An SDL file is a declarative scenario document. It can describe topology, hosts, services, identities, content, relationships, agents, objectives, workflows, variables, and evaluation material without directly describing a specific backend's infrastructure primitives.
name: hospital-ransomware-surgery-day
description: Surgery-day ransomware exercise for a regional hospital.
variables:
surgery_day_speed:
type: number
default: 1.0
nodes:
internet-edge:
type: Switch
description: Public ingress for email, VPN, and external access
mail-gateway:
type: VM
os: linux
source: secure-mail-gateway
resources: {ram: 2 gib, cpu: 1}
services:
- {port: 25, name: smtp-inbound}
roles: {mail-admin: postfix}
Complete examples live in examples/scenarios/.
Reusable non-normative templates and patterns are indexed by
examples/library/catalog.yaml.
Getting Started
Prerequisites:
- Python 3.11 or newer
- uv
- nox for the repository verification graph, or
uvx noxwithout a separate install
Set up the Python reference implementation:
git clone https://github.com/Brad-Edwards/aces.git
cd aces/implementations/python
uv sync --all-extras
uv run aces --help
Using the Python Reference Implementation
Parse and validate a scenario from Python:
from pathlib import Path
from aces_sdl import parse_sdl_file
scenario = parse_sdl_file(
Path("../../examples/scenarios/hospital-ransomware-surgery-day.sdl.yaml")
)
for advisory in scenario.advisories:
print(advisory)
Run the CLI from implementations/python:
uv run aces sdl resolve ../../examples/scenarios/hospital-ransomware-surgery-day.sdl.yaml
uv run aces sdl verify-imports ../../examples/scenarios/hospital-ransomware-surgery-day.sdl.yaml
uv run aces sdl publish ../../examples/scenarios/hospital-ransomware-surgery-day.sdl.yaml
uv run aces processor --help
uv run aces conformance --help
uv run aces-mcp
Repository Layout
specs/- normative prose and formal specification materialcontracts/- published schemas, fixtures, manifests, and profilesimplementations/- reference implementations and their local toolingexamples/- worked SDL scenario examples plus reusable authoring templates and patternsdocs/- explanatory documentation, API docs, and architecture decisionsresearch/- supporting literature and reference ecosystem materialtools/- repository maintenance, policy, and publication toolingchangelog.d/- towncrier release note fragments
Lineage
- Open Cyber Range SDL
- Open Cybersecurity Schema Framework
- CACAO Security Playbooks v2.0
- STIX 2.1
- CybORG
- TENA
- IEEE High Level Architecture
- SISO Cyber DEM
- SISO Cyber FOM
- MITRE CALDERA
- Atomic Red Team
For a dimension-by-dimension comparison against these systems — what ACES expresses that they do not, and where they still lead ACES — see Related-Work Comparison.
Documentation
The documentation source is under docs/. Important entry points:
docs/index.md- documentation indexdocs/explain/getting-started.md- use-case and rigor-level entrypointexamples/README.md- current worked example inventoryexamples/library/catalog.yaml- template and pattern library catalogdocs/explain/reference/canonical-reference-map.md- current reference mapdocs/explain/reference/documentation-style-guide.md- documentation style and citation rulesdocs/explain/reference/glossary.md- current terminologydocs/explain/sdl/index.md- SDL guidedocs/explain/sdl/runtime-architecture.md- runtime architecturedocs/explain/reference/backend-conformance.md- backend conformance modeldocs/decisions/adrs/README.md- architecture decisionscontracts/README.md- contract publication surface
Verification
nox is the canonical verification graph. From the repository root:
uvx nox -s verify
uvx nox -s tests
uvx nox -l
The full verify session runs the project checks expected for pull requests,
including repository policy, generated artifact checks, tests, and docs.
Contributing
Contributions are welcome where they improve the language, reference implementation, contracts, tests, examples, or documentation. Start with CONTRIBUTING.md.
Language and contract changes should be discussed before implementation because small SDL changes can affect validation, generated schemas, backend conformance, and existing scenario examples.
Versioning
The Python package currently declares its version in
implementations/python/pyproject.toml.
Release notes are collated from towncrier fragments in
changelog.d/. Do not hand-edit CHANGELOG.md.
Published JSON Schemas use versioned contract identifiers such as
sdl-authoring-input-v1, but the suffix is not the same as a stability promise.
The authoritative schema publication manifest records each schema's draft or
stable stability class and canonical content hash. Current checked-in schemas
are draft until a maintainer explicitly promotes them; stable breaking changes
must mint a new schema version as described in
ADR-061.
Maintainers
- Brad Edwards — Personal GitHub, PANW GitHub, LinkedIn
Citation
If you use ACES SDL in academic work, cite the repository:
@software{aces_sdl,
author = {Edwards, Brad},
title = {ACES SDL: Backend-Agnostic Scenario Description Language for Cyber Range Experiments},
year = {2026},
license = {MIT},
url = {https://github.com/Brad-Edwards/aces}
}
License
Released under the MIT License. See LICENSE.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file aces_sdl-0.19.1.tar.gz.
File metadata
- Download URL: aces_sdl-0.19.1.tar.gz
- Upload date:
- Size: 1.3 MB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8a8d1a3e0b0717cddf2d342fef70eeeb6d123cbddff592cfa72e421cb8011fa7
|
|
| MD5 |
a46ce92cdf8a60c2b0253e27b48d09d1
|
|
| BLAKE2b-256 |
0c22d289c7667d271732af8783f4b7d24e47e6506d94e2581ae47804b686fb04
|
Provenance
The following attestation bundles were made for aces_sdl-0.19.1.tar.gz:
Publisher:
release-please.yml on Brad-Edwards/aces
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
aces_sdl-0.19.1.tar.gz -
Subject digest:
8a8d1a3e0b0717cddf2d342fef70eeeb6d123cbddff592cfa72e421cb8011fa7 - Sigstore transparency entry: 2083883913
- Sigstore integration time:
-
Permalink:
Brad-Edwards/aces@4b74def4bda004e0062ca47f88e09e4c1ff324d3 -
Branch / Tag:
refs/heads/main - Owner: https://github.com/Brad-Edwards
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release-please.yml@4b74def4bda004e0062ca47f88e09e4c1ff324d3 -
Trigger Event:
push
-
Statement type:
File details
Details for the file aces_sdl-0.19.1-py3-none-any.whl.
File metadata
- Download URL: aces_sdl-0.19.1-py3-none-any.whl
- Upload date:
- Size: 1.1 MB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
727e10a5eb83cfa3fe8b4bb9abcbabe2b24e6497427d5943decc1d2a4ec1e1cf
|
|
| MD5 |
32dbfa80dbea42bb6d241690d1be3cc2
|
|
| BLAKE2b-256 |
af75f94651cc43cf4696c7cd7bceb2f3c7042ab672a04fb209b29a3ccea0a6f3
|
Provenance
The following attestation bundles were made for aces_sdl-0.19.1-py3-none-any.whl:
Publisher:
release-please.yml on Brad-Edwards/aces
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
aces_sdl-0.19.1-py3-none-any.whl -
Subject digest:
727e10a5eb83cfa3fe8b4bb9abcbabe2b24e6497427d5943decc1d2a4ec1e1cf - Sigstore transparency entry: 2083883939
- Sigstore integration time:
-
Permalink:
Brad-Edwards/aces@4b74def4bda004e0062ca47f88e09e4c1ff324d3 -
Branch / Tag:
refs/heads/main - Owner: https://github.com/Brad-Edwards
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release-please.yml@4b74def4bda004e0062ca47f88e09e4c1ff324d3 -
Trigger Event:
push
-
Statement type: