mirror of
https://github.com/cliffe/BreakEscape.git
synced 2026-02-20 13:50:46 +00:00
0cf9e0ba62
- Introduced `scenario-schema.json` to define the structure and requirements for scenario.json.erb files. - Implemented `validate_scenario.rb` to render ERB templates to JSON and validate against the schema. - Created a comprehensive `SCENARIO_JSON_FORMAT_GUIDE.md` to outline the correct format for scenario files, including required fields, room definitions, objectives, and common mistakes.
1 line
11 KiB
JSON
1 line
11 KiB
JSON
{"inkVersion":21,"root":[[["done",{"#n":"g-0"}],null],"done",{"start":["ev",{"VAR?":"met_kevin"},"!","/ev",[{"->":".^.b","c":true},{"b":["\n","ev",true,"/ev",{"VAR=":"met_kevin","re":true},"ev",{"VAR?":"influence"},2,"+",{"VAR=":"influence","re":true},"/ev","^Kevin: Oh, hey! You must be the security auditor. I'm Kevin—IT manager, sole IT department, and occasional coffee addict.","\n","^Kevin: Thank god you're here. I've been telling them we need a security review for months.","\n",{"->":"first_meeting"},{"->":"start.5"},null]}],"nop","\n","ev",{"VAR?":"met_kevin"},"/ev",[{"->":".^.b","c":true},{"b":["\n","^Kevin: What's up? Found any security nightmares yet?","\n",{"->":"hub"},{"->":"start.11"},null]}],"nop","\n",null],"first_meeting":[["ev","str","^Happy to help. What's the current security situation?","/str","/ev",{"*":".^.c-0","flg":4},"ev","str","^I'll need access to systems and the server room","/str","/ev",{"*":".^.c-1","flg":4},"ev","str","^Looks like you handle a lot solo","/str","/ev",{"*":".^.c-2","flg":4},{"c-0":["\n","ev",{"VAR?":"influence"},2,"+",{"VAR=":"influence","re":true},"/ev","ev",true,"/ev",{"VAR=":"discussed_audit","re":true},"#","^complete_task:meet_kevin","/#",{"->":"security_situation"},null],"c-1":["\n","ev",true,"/ev",{"VAR=":"discussed_audit","re":true},"#","^complete_task:meet_kevin","/#",{"->":"access_discussion"},null],"c-2":["\n","ev",{"VAR?":"influence"},1,"+",{"VAR=":"influence","re":true},"/ev","ev",true,"/ev",{"VAR=":"discussed_audit","re":true},"#","^complete_task:meet_kevin","/#",{"->":"commiseration"},null]}],null],"security_situation":[["^Kevin: Honestly? It's not terrible but it's not great.","\n","^Kevin: We have basic stuff—firewalls, access controls, encryption. But I'm one person managing everything.","\n","ev","str","^What worries you most?","/str","/ev",{"*":".^.c-0","flg":4},"ev","str","^I'll do a thorough assessment","/str","/ev",{"*":".^.c-1","flg":4},{"c-0":["\n","ev",{"VAR?":"influence"},1,"+",{"VAR=":"influence","re":true},"/ev",{"->":"security_concerns"},null],"c-1":["\n",{"->":"hub"},null]}],null],"security_concerns":[["^Kevin: Physical security, mainly. People write passwords on sticky notes, leave doors unlocked.","\n","^Kevin: I can lock down the network all day, but if someone can walk in and access a terminal...","\n","ev","str","^That's what I'm here to check","/str","/ev",{"*":".^.c-0","flg":4},"ev","str","^Social engineering is often the biggest vulnerability","/str","/ev",{"*":".^.c-1","flg":4},{"c-0":["\n","ev",{"VAR?":"influence"},2,"+",{"VAR=":"influence","re":true},"/ev","^Kevin: Exactly. Look, I've got something that might help you test physical security.","\n",{"->":"offer_lockpick"},null],"c-1":["\n","ev",{"VAR?":"influence"},1,"+",{"VAR=":"influence","re":true},"/ev","^Kevin: Right? Technology is only as secure as the people using it.","\n",{"->":"hub"},null]}],null],"access_discussion":["^Kevin: I can get you into most places. Server room, you'll need my RFID card or...","\n","^Kevin: Actually, you should test our physical security anyway.","\n",{"->":"offer_lockpick"},null],"commiseration":[["^Kevin: Yeah, it's just me. Budget constraints, you know?","\n","^Kevin: They'd rather spend on marketing than IT security. Classic mistake.","\n","ev","str","^That's unfortunately common","/str","/ev",{"*":".^.c-0","flg":4},"ev","str","^Well, I'm here to help now","/str","/ev",{"*":".^.c-1","flg":4},{"c-0":["\n","ev",{"VAR?":"influence"},2,"+",{"VAR=":"influence","re":true},"/ev","^Kevin: Tell me about it. Anyway, what can I help you with?","\n",{"->":"hub"},null],"c-1":["\n","ev",{"VAR?":"influence"},1,"+",{"VAR=":"influence","re":true},"/ev",{"->":"hub"},null]}],null],"offer_lockpick":["ev",{"VAR?":"given_lockpick"},"!","/ev",[{"->":".^.b","c":true},{"b":["\n","^Kevin: I've got a lockpick set in my desk. Bought it for when people lock themselves out.","\n","^Kevin: You should use it to test our physical locks. See how easy it is to bypass security.","\n","ev","str","^That would be very useful","/str","/ev",{"*":".^.c-0","flg":4},"ev","str","^I'll stick to my authorized access for now","/str","/ev",{"*":".^.c-1","flg":4},{"->":".^.^.^.5"},{"c-0":["\n","ev",true,"/ev",{"VAR=":"given_lockpick","re":true},"ev",{"VAR?":"influence"},3,"+",{"VAR=":"influence","re":true},"/ev","#","^give_item:lockpick","/#","#","^complete_task:receive_lockpick","/#","^Kevin: Here. Just... officially you're testing security. Unofficially, try not to break anything.","\n","^Kevin: Storage closet is a good place to practice. Simple lock, nothing valuable inside.","\n",{"->":"hub"},null],"c-1":["\n","ev",{"VAR?":"influence"},1,"-",{"VAR=":"influence","re":true},"/ev","^Kevin: Your call. Offer stands if you change your mind.","\n",{"->":"hub"},null]}]}],"nop","\n","ev",{"VAR?":"given_lockpick"},"/ev",[{"->":".^.b","c":true},{"b":["\n","^Kevin: You already have the lockpick. Go test those locks!","\n",{"->":"hub"},{"->":".^.^.^.11"},null]}],"nop","\n",null],"hub":[["ev","str","^Can you tell me about password policies here?","/str",{"VAR?":"asked_about_passwords"},"!",{"VAR?":"influence"},3,">=","&&","/ev",{"*":".^.c-0","flg":5},"ev","str","^Anyone using weak security I should know about?","/str",{"VAR?":"asked_about_derek"},"!",{"VAR?":"influence"},4,">=","&&","/ev",{"*":".^.c-1","flg":5},"ev","str","^Tell me about the server room setup","/str",{"VAR?":"discussed_server_room"},"!","/ev",{"*":".^.c-2","flg":5},"ev","str","^I'll need to test RFID security. Can I clone your card?","/str",{"VAR?":"influence"},6,">=",{"VAR?":"can_clone_card"},"!","&&","/ev",{"*":".^.c-3","flg":5},"ev","str","^About that lockpick...","/str",{"VAR?":"given_lockpick"},"!",{"VAR?":"discussed_audit"},"&&","/ev",{"*":".^.c-4","flg":5},"ev","str","^I'll keep working. Thanks for the help","/str","/ev",{"*":".^.c-5","flg":4},{"c-0":["\n",{"->":"ask_passwords"},null],"c-1":["\n",{"->":"ask_weak_security"},null],"c-2":["\n",{"->":"ask_server_room"},null],"c-3":["\n",{"->":"request_card_clone"},null],"c-4":["\n",{"->":"offer_lockpick"},null],"c-5":["\n","#","^exit_conversation","/#","^Kevin: No problem. Let me know if you find anything scary.","\n",{"->":"hub"},null]}],null],"ask_passwords":[["ev",true,"/ev",{"VAR=":"asked_about_passwords","re":true},"ev",{"VAR?":"influence"},1,"+",{"VAR=":"influence","re":true},"/ev","^Kevin: Official policy is 12 characters, mixed case, numbers, symbols. We enforce it on domain accounts.","\n","^Kevin: Reality? People use patterns to remember them.","\n","ev","str","^What kind of patterns?","/str","/ev",{"*":".^.c-0","flg":4},"ev","str","^That's pretty standard","/str","/ev",{"*":".^.c-1","flg":4},{"c-0":["\n","ev",true,"/ev",{"VAR=":"given_password_hints","re":true},"ev",{"VAR?":"influence"},1,"+",{"VAR=":"influence","re":true},"/ev","#","^complete_task:gather_password_hints","/#",{"->":"password_patterns"},null],"c-1":["\n",{"->":"hub"},null]}],null],"password_patterns":[["^Kevin: Company name plus numbers. Birth years. \"Marketing123\" type stuff.","\n","^Kevin: Derek uses his birthday in passwords. I've seen his sticky notes.","\n","^Kevin: Maya from accounting uses \"Campaign\" plus the year. Same password for everything.","\n","ev","str","^That's... not great security","/str","/ev",{"*":".^.c-0","flg":4},{"c-0":["\n","ev",{"VAR?":"influence"},1,"+",{"VAR=":"influence","re":true},"/ev","^Kevin: Tell me about it. That's why we need this audit.","\n","^Kevin: Maybe your report will convince them to take password security seriously.","\n",{"->":"hub"},null]}],null],"ask_weak_security":[["ev",true,"/ev",{"VAR=":"asked_about_derek","re":true},"ev",{"VAR?":"influence"},1,"+",{"VAR=":"influence","re":true},"/ev","^Kevin: Derek's the worst offender, honestly. Senior marketing guy.","\n","^Kevin: He requested \"enhanced privacy\" for his office systems. Made me set up separate network segments.","\n","ev","str","^That's unusual","/str","/ev",{"*":".^.c-0","flg":4},"ev","str","^Maybe he handles sensitive client data?","/str","/ev",{"*":".^.c-1","flg":4},{"c-0":["\n","ev",{"VAR?":"influence"},2,"+",{"VAR=":"influence","re":true},"/ev","^Kevin: Right? He says it's for client confidentiality, but the segmentation is weird.","\n","^Kevin: And I've caught him in the server room twice. Said he was \"checking campaign servers.\"","\n",{"->":"derek_server_access"},null],"c-1":["\n","^Kevin: Maybe. But it still seems excessive.","\n",{"->":"hub"},null]}],null],"derek_server_access":[["^Kevin: The thing is, there are no \"campaign servers\" in our server room.","\n","^Kevin: We use cloud hosting for everything client-facing.","\n","ev","str","^So what was he really doing?","/str","/ev",{"*":".^.c-0","flg":4},"ev","str","^I'll look into it","/str","/ev",{"*":".^.c-1","flg":4},{"c-0":["\n","ev",{"VAR?":"influence"},2,"+",{"VAR=":"influence","re":true},"/ev","^Kevin: I don't know. But you're auditing security—might want to check his systems.","\n","^Kevin: His office is usually locked when he's not there, though.","\n",{"->":"hub"},null],"c-1":["\n","ev",{"VAR?":"influence"},1,"+",{"VAR=":"influence","re":true},"/ev",{"->":"hub"},null]}],null],"ask_server_room":[["ev",true,"/ev",{"VAR=":"discussed_server_room","re":true},"ev",{"VAR?":"influence"},1,"+",{"VAR=":"influence","re":true},"/ev","^Kevin: Standard setup. Internal servers, network equipment, some legacy systems.","\n","^Kevin: Access is RFID controlled. I'm the only one with a card besides management.","\n","ev","str","^What about testing RFID security?","/str","/ev",{"*":".^.c-0","flg":4},"ev","str","^I'll need access for the audit","/str","/ev",{"*":".^.c-1","flg":4},{"c-0":["\n","ev",true,"/ev",{"VAR=":"can_clone_card","re":true},"^Kevin: Good point. You should probably test if our cards can be cloned.","\n",{"->":"hub"},null],"c-1":["\n","^Kevin: Yeah, about that... I can give you my card, or you could test our RFID security by cloning it?","\n","ev",true,"/ev",{"VAR=":"can_clone_card","re":true},{"->":"hub"},null]}],null],"request_card_clone":["ev",{"VAR?":"can_clone_card"},"/ev",[{"->":".^.b","c":true},{"b":["\n","^Kevin: Yeah, good idea to test that. RFID security is important.","\n","^Kevin: Here, you can use my card to clone onto a blank. Standard security test.","\n","ev",{"VAR?":"influence"},2,"+",{"VAR=":"influence","re":true},"/ev","#","^complete_task:clone_kevin_card","/#","#","^give_item:rfid_cloner","/#","^Kevin: Just make sure to document this in your report. We need to know if our access system is vulnerable.","\n",{"->":"hub"},{"->":".^.^.^.5"},null]}],[{"->":".^.b"},{"b":["\n","^Kevin: Hmm, I'm not sure about that. Let me think about it.","\n",{"->":"hub"},{"->":".^.^.^.5"},null]}],"nop","\n",null],"global decl":["ev",0,{"VAR=":"influence"},false,{"VAR=":"met_kevin"},false,{"VAR=":"discussed_audit"},false,{"VAR=":"asked_about_derek"},false,{"VAR=":"asked_about_passwords"},false,{"VAR=":"given_lockpick"},false,{"VAR=":"given_password_hints"},false,{"VAR=":"discussed_server_room"},false,{"VAR=":"can_clone_card"},"/ev","end",null]}],"listDefs":{}} |