Agentic Cyber Environment System (ACES) is a backend-agnostic scenario description language, Python reference implementation, and contract surface for cyber range scenarios and experiments.
The repository separates authored scenario meaning from processors, backends, participant implementations, runtime state, and archived evidence. In the current implementation, an SDL document can be parsed, validated, instantiated, compiled into runtime models, and checked against published backend contracts without binding the authored scenario to one cloud, range implementation, or execution harness.
This is an academic and engineering project. The repository is intended to be read, tested, and used as reference implementation code, not treated as a product surface.
The repository is not a managed cyber range and does not include a production backend. Backend contracts, stubs, conformance checks, and examples are present; real deployment backends remain separate implementations.
- What ACES SDL Describes
- Getting Started
- Using the Python Reference Implementation
- Repository Layout
- Lineage
- Documentation
- Verification
- Contributing
- Versioning
- Citation
- License
- Maintainer
An SDL file is a declarative scenario document. It can describe topology, hosts, services, identities, content, relationships, agents, objectives, workflows, variables, and evaluation material without directly describing a specific backend's infrastructure primitives.
name: hospital-ransomware-surgery-day
description: Surgery-day ransomware exercise for a regional hospital.
variables:
surgery_day_speed:
type: number
default: 1.0
nodes:
internet-edge:
type: Switch
description: Public ingress for email, VPN, and external access
mail-gateway:
type: VM
os: linux
source: secure-mail-gateway
resources: {ram: 2 gib, cpu: 1}
services:
- {port: 25, name: smtp-inbound}
roles: {mail-admin: postfix}Complete examples live in examples/scenarios/.
Reusable non-normative templates and patterns are indexed by
examples/library/catalog.yaml.
Prerequisites:
- Python 3.11 or newer
- uv
- nox for the repository verification graph, or
uvx noxwithout a separate install
Set up the Python reference implementation:
git clone https://github.com/Brad-Edwards/aces.git
cd aces/implementations/python
uv sync --all-extras
uv run aces --helpParse and validate a scenario from Python:
from pathlib import Path
from aces_sdl import parse_sdl_file
scenario = parse_sdl_file(
Path("../../examples/scenarios/hospital-ransomware-surgery-day.sdl.yaml")
)
for advisory in scenario.advisories:
print(advisory)Run the CLI from implementations/python:
uv run aces sdl resolve ../../examples/scenarios/hospital-ransomware-surgery-day.sdl.yaml
uv run aces sdl verify-imports ../../examples/scenarios/hospital-ransomware-surgery-day.sdl.yaml
uv run aces sdl publish ../../examples/scenarios/hospital-ransomware-surgery-day.sdl.yaml
uv run aces processor --help
uv run aces conformance --help
uv run aces-mcpspecs/- normative prose and formal specification materialcontracts/- published schemas, fixtures, manifests, and profilesimplementations/- reference implementations and their local toolingexamples/- worked SDL scenario examples plus reusable authoring templates and patternsdocs/- explanatory documentation, API docs, and architecture decisionsresearch/- supporting literature and reference ecosystem materialtools/- repository maintenance, policy, and publication toolingchangelog.d/- towncrier release note fragments
- Open Cyber Range SDL
- Open Cybersecurity Schema Framework
- CACAO Security Playbooks v2.0
- STIX 2.1
- CybORG
- TENA
- IEEE High Level Architecture
- SISO Cyber DEM
- SISO Cyber FOM
- MITRE CALDERA
- Atomic Red Team
The documentation source is under docs/. Important entry points:
docs/index.md- documentation indexdocs/explain/getting-started.md- use-case and rigor-level entrypointexamples/README.md- current worked example inventoryexamples/library/catalog.yaml- template and pattern library catalogdocs/explain/reference/canonical-reference-map.md- current reference mapdocs/explain/reference/documentation-style-guide.md- documentation style and citation rulesdocs/explain/reference/glossary.md- current terminologydocs/explain/sdl/index.md- SDL guidedocs/explain/sdl/runtime-architecture.md- runtime architecturedocs/explain/reference/backend-conformance.md- backend conformance modeldocs/decisions/adrs/README.md- architecture decisionscontracts/README.md- contract publication surface
nox is the canonical verification graph. From the repository root:
uvx nox -s verify
uvx nox -s tests
uvx nox -lThe full verify session runs the project checks expected for pull requests,
including repository policy, generated artifact checks, tests, and docs.
Contributions are welcome where they improve the language, reference implementation, contracts, tests, examples, or documentation. Start with CONTRIBUTING.md.
Language and contract changes should be discussed before implementation because small SDL changes can affect validation, generated schemas, backend conformance, and existing scenario examples.
The Python package currently declares its version in
implementations/python/pyproject.toml.
Release notes are collated from towncrier fragments in
changelog.d/. Do not hand-edit CHANGELOG.md.
- Brad Edwards — Personal GitHub, PANW GitHub, LinkedIn
If you use ACES SDL in academic work, cite the repository:
@software{aces_sdl,
author = {Edwards, Brad},
title = {ACES SDL: Backend-Agnostic Scenario Description Language for Cyber Range Experiments},
year = {2026},
license = {MIT},
url = {https://github.com/Brad-Edwards/aces}
}Released under the MIT License. See LICENSE.