PLAYGROUND

Policy simulator and live challenge in one workspace.

Switch between tabs without losing state. Deep-link directly to either tool via ?tab=simulator or ?tab=challenge.

Model->TripWire->Supervisor->Dispatcher

Green: allowAmber: supervisor approval gateRed: block

Flow: Waiting for event

Outcome: No active event

Static mode enabled because WebGL is unavailable.

Active Event

Select a scenario to start the simulation.

Green: allowAmber: supervisor approval gateRed: block

Scenarios

Rendered Policy Preview

id: tripwire.simulator.smoke
version: 1
mode: enforce
defaults:
  action: allow
  severity: low
  confidence: 0.8
tags:
  - simulator
  - smoke

Simulator Smoke Policy

id: network.review
category: external_side_effect
severity: med
action: require_approval
why: Outbound network actions can exfiltrate data.
suggestion: Validate destination and payload.
match:
  tool:
    - exec
  text:
    regex: "\\b(curl|wget|scp|rsync)\\b"

id: secrets.block
category: secrets
severity: high
action: block
why: Secret-like material must be blocked before tool execution.
suggestion: Remove or redact credentials.
match:
  text:
    regex: "(api[_-]?key|token|private key|seed phrase|secret)"

id: destructive.block
category: irreversible
severity: high
action: block
why: Destructive shell commands are not allowed in simulator smoke scenarios.
suggestion: Use dry-run alternatives and narrow scope.
match:
  tool:
    - exec
  text:
    regex: "\\b(rm -rf|mkfs|wipefs|dd if=)\\b"

id: burst.guard
metric: burst
threshold: 4
windowMs: 20000
action: require_approval
weight: 0.25
why: Rapid command burst indicates possible runaway automation.

Policy Markdown Source

---
id: tripwire.simulator.smoke
version: 1
mode: enforce
defaults:
  action: allow
  severity: low
  confidence: 0.8
tags:
  - simulator
  - smoke
---

# Simulator Smoke Policy

```rule
id: network.review
category: external_side_effect
severity: med
action: require_approval
why: Outbound network actions can exfiltrate data.
suggestion: Validate destination and payload.
match:
  tool:
    - exec
  text:
    regex: "\\b(curl|wget|scp|rsync)\\b"
```

```rule
id: secrets.block
category: secrets
severity: high
action: block
why: Secret-like material must be blocked before tool execution.
suggestion: Remove or redact credentials.
match:
  text:
    regex: "(api[_-]?key|token|private key|seed phrase|secret)"
```

```rule
id: destructive.block
category: irreversible
severity: high
action: block
why: Destructive shell commands are not allowed in simulator smoke scenarios.
suggestion: Use dry-run alternatives and narrow scope.
match:
  tool:
    - exec
  text:
    regex: "\\b(rm -rf|mkfs|wipefs|dd if=)\\b"
```

```anomaly
id: burst.guard
metric: burst
threshold: 4
windowMs: 20000
action: require_approval
weight: 0.25
why: Rapid command burst indicates possible runaway automation.
```

Event Stream (JSONL)

Replay tool-call events and inspect deterministic findings plus anomaly-driven escalations.

Policy Designer

Build and adjust rules visually. Changes sync with the markdown policy above.

Policy IDVersionModeTags (comma-separated)Default actionDefault severityDefault confidence

Rules

Rule IDTitle (optional)CategorySeverityActionConfidence (optional)Tool matcher (comma-separated)Regex flags (optional)Text regexWhySuggestion

Anomaly Rules

Rule IDMetricThresholdWindow msActionWeightWhy (optional)

Live Log: What Was Tested

Run simulation to stream event-by-event evaluation logs.

Run a simulation to see per-event decisions and findings here.