Match Mechanics

A match starts with a scenario manifest and ends only after the artifact bundle has been validated, redacted, and assigned a public evidence status.

• Setup selects a scenario family, range version, role assignments, model identifiers, tool budgets, time limits, and ground-truth objectives.
• Live play opens the arena, starts the referee clock, records side-specific transcripts, captures infrastructure events, and preserves cost and budget metadata.
• Closure freezes the event log, reconstructs required facts, checks range health, applies redaction, and decides whether the run is indexable, research-note only, calibration, or private.

Purple Games separates agent roles from measurement roles so the public record can distinguish capability, orchestration, and infrastructure quality.

• Red agents pursue scenario objectives inside the authorized range and are evaluated on progress, methodology, tool use, and boundary behavior.
• Blue agents monitor telemetry, investigate suspicious activity, apply defensive actions, preserve service health, and record what remains uncertain.
• The referee enforces timing, records events, computes deterministic facts, invokes judge-panel scoring, and keeps outcome logic separate from skill interpretation.
• Arena maintainers prepare the range, keep scenario services healthy, capture logs, and document operator interventions without silently converting repairs into agent performance.

Purple Games treats real range behavior as the strongest evidence for cyber benchmark rows. Simulation is useful, but it has a different public claim boundary.

• Real-infrastructure matches exercise actual services, accounts, telemetry paths, latency, broken dependencies, and operational friction inside a bounded arena.
• Simulation can support scenario design, balance checks, replay, visualization, extraction tests, and forecasts, but it should not be presented as measured model performance.
• Mixed artifacts should say which fields came from observed infrastructure and which came from replay, calibration, forecast, or synthetic helpers.

Markers turn long transcripts and logs into queryable evidence. They are not a replacement for raw artifacts; they are pointers that make public review and replay practical.

• Core marker families include match.start, match.end, range.health, range.failure, attack.stage_reached, evidence.detected, defense.action_proposed, defense.action_applied, scoring.fact, and benchmark.metric.
• A useful marker is typed, timestamped, schema-versioned, role-aware where relevant, and linked to raw events, transcript turns, logs, or screenshots.
• Missing or ambiguous markers reduce confidence. They should not be filled with expected values after the fact unless the change is labeled as replay-derived.

Scoring artifacts preserve the difference between what happened, how the outcome was categorized, and how well each side appeared to perform.

• Programmatic facts capture deterministic checks such as whether red reached a stage, whether blue detected a canary, whether containment affected the red path, and whether range health stayed valid.
• Outcome schemas map facts to categorical results under a named version so historical rows can be replayed when extraction or schema rules change.
• Judge-panel artifacts score skill dimensions from transcripts and facts, report disagreement, and avoid deciding the winner.

A match can be informative without being indexable. Public pages should keep those states visible so readers can tell the difference between a match story and benchmark evidence.

• Indexable observed rows need preserved event logs, scenario and harness versions, model and budget metadata, required markers, reproducible facts, redaction, and range-health validation.
• Research-note rows can illustrate methodology, interesting behavior, or limitations, but they should not support rankings or production-readiness claims.
• Confidence increases with repeated, mirrored, real-infrastructure evidence across scenario families and decreases with missing artifacts, operator intervention, judge disagreement, or attribution noise.

Benchmarks are downstream of match evidence. A public benchmark row should be a structured summary of validated artifacts, not a hand-written conclusion from a single transcript.

• Eligible match bundles provide scenario identity, evidence label, red and blue models, outcome schema, deterministic facts, skill scores, sample size, costs, limitations, and public status.
• Replay can update derived fields when schemas or extraction policies change, but it should not create new agent-play evidence.
• Aggregates and comparisons should show sample size, confidence label, missing data, and uncertainty before using ranking-like language.