function AboutPage() { return (

What this is

SOC Incident Response OpenEnv

This project models a real security operations workflow: an analyst receives SIEM alerts, inspects hosts and constraints, applies containment actions, and closes the episode with a graded outcome.

The environment is the simulator. The model is the decision policy. The grader is the benchmark. That separation is what makes the repository usable for OpenEnv evaluation, HF Space deployment, and reproducible baseline runs.

What the agent sees

Structured observations and typed actions

Each step exposes alerts, hosts, business constraints, recent notes, and timing data. The agent can submit one JSON action per turn, such as enriching alerts, correlating incidents, isolating endpoints, collecting forensics, escalating, or creating a ticket.

The backend enforces the rules. For example, hard-block constraints prevent unsafe isolation, and the observation returned to the agent never includes hidden ground-truth fields.

How scoring works

Dense rewards plus deterministic graders

Step rewards give partial credit for useful actions and penalties for wasteful or unsafe ones. At the end of the episode, deterministic graders score the final state in the 0.0–1.0 range for easy, medium, and hard tasks.

This gives the environment both learning signal and evaluation signal, which is exactly what the hackathon rubric asks for.

How to demo it

Backend, frontend, and baseline

The FastAPI backend exposes /reset, /step, /state, /grade, and /api/tasks. The React frontend is a judge-facing console that visualizes the live episode. The inference script uses the OpenAI client against a Hugging Face-compatible endpoint, reading API_BASE_URL, MODEL_NAME, and HF_TOKEN from the environment.

That setup keeps secrets out of the browser and makes the baseline reproducible across local runs, Docker, and HF Spaces.

); } export default AboutPage;