Skip to content

Generate enterprise-scale worlds #212

Open
Open
Generate enterprise-scale worlds#212
Labels
design-neededNeeds a design pass before codehelp wantedExtra attention is neededpack-cyberCyber pack workresearchExploratory / no near-term planroadmapTracked on the public roadmap
@larstalian

Description

@larstalian
larstalian
opened on May 4, 2026

What's there today

cyber.webapp.offense.v1 generates 2-5 services, 1-3 accounts, 1-3 vulns,
one bridge network, two zones, one flag, two NPCs. Priors comment says
"deliberately small — 5, not 50." Ontology says "business scale (3-10
services)."

What enterprise means

Thousands of employees, hundreds to thousands of services, multi-site
networks, AD-shaped identity, departments, M&A debris, shadow IT. Roughly
100-1000x today's scale, and not just in entity count — different
generative shape. Turning up the priors does not get there.

Where today's design breaks at that scale

  • Flat sampler. No org chart, no team ownership. Need company →
    division → department → team hierarchy.
  • role: admin | user | service. Real identity is AD-shaped: users,
    groups, OUs, GPOs, service accounts, joiner/mover/leaver.
  • 7 service kinds. Real estates have CI/CD, vaults, CRM, HRIS,
    helpdesk, VPN, IDS, cloud control planes — dozens.
  • One bridge net, two zones. Need multi-site, VLANs, VPN, ZTNA, cloud
    VPCs, subsidiary networks.
  • 2 individual NPCs. Can't hand-code 1000. Need population models plus
    a few named characters.
  • One app.py per build. Can't run 1000 services in a process or as
    containers. Need tiered realization: hot (real), warm (synthetic), cold
    (graph-only).
  • Admission verifies one oracle path. At scale, "is the world
    interesting?" is a graph-search question.
  • Per-task LLM enrichment. Can't ask the LLM to name 5000 services.
    Need hierarchical: LLM seeds anchors, procedural fans out.
  • Monolithic JSON snapshot. 100k+ entities don't fit. Need
    paged/columnar.
  • All-nodes dashboard. Need clustering, search, focus+context.
  • One HTTP surface. Need email, supply chain, endpoint, SaaS surfaces.

Open questions

  1. One pack or a sibling pack?
  2. Org chart: manifest input or generated?
  3. Identity: cyber-pack ontology or shared sub-ontology?
  4. Tiered realization: pack concern or core concern?
  5. Where does the LLM live in the hierarchy?
  6. Smallest world that's still "enterprise"? 50 services? 200? 1000?

Where to start

  • src/openrange/packs/cyber_webapp_offense_v1/ontology.py — explicitly
    scopes enterprise primitives out
  • src/openrange/packs/cyber_webapp_offense_v1/sampling.py and
    priors.py — flat sampler, tiny ranges
  • src/openrange/packs/cyber_webapp_offense_v1/codegen/ — single-app.py
    realization
  • src/openrange/core/npc.py — individual-NPC primitive

Related: #189 (Kind backing), #191 (defense-cyber), #192 (LLM names), #193
(MCTS sampler), #74 (richer NPCs), #205 (snapshotting). Closed phase-3
sketches: #3, #13, #24, #25.

Acceptance

A written shape — ontology, sampler, realization, NPCs, surfaces — at
enough specificity that follow-up issues don't re-litigate it. Doc PR or
ADR series plus an issue tree.

Discussion. No deadline. Map the space; don't prescribe.

Metadata

Metadata

Assignees

No one assigned

    Labels

    design-neededNeeds a design pass before codehelp wantedExtra attention is neededpack-cyberCyber pack workresearchExploratory / no near-term planroadmapTracked on the public roadmap

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions