Virtual SCADA Simulator

Physics-based industrial facility simulation. Describe the plant in natural language; the LLM fabricator composes a validated scenario from a broad library of building blocks and sensor catalogs, and the engine emits deterministic telemetry, commands, alarms, and wire-level protocol captures across six live OT protocols.

What you get from one job

A single sdk.jobs.create(kind="simulate", engine="virtual_scada", ...) call produces a sealed evidence-carrying bundle with sensor telemetry, control-surface commands, alarm events, per-protocol wire traces, a pcapng capture loadable in Wireshark, and a signed sealed contract snapshot. Every byte passes the Validation Gate before delivery; blocked runs fail loudly.

Stage-2 physics realism ladder

Stage-2 ships six progressive realism mechanisms on top of the baseline AR(1) sensor simulator. Each layer is additive — pack authors opt in via declared fields; Stage-1 packs are unaffected.

Authorable regime scheduler — LogNormal / Weibull / Gamma / Deterministic dwell distributions on RegimeDuration.distributiondrive a Hidden Semi-Markov timeline. Empirical dwell matches authored mean within 3% over 10⁴ transitions.
Cross-signal coupling graph — pack authors msde_params.coupling_edges with target Pearson correlations; closed-form g = 2θρ / √(1 − 2ρ²) converts target ρ to drift gain (valid for |ρ| < 0.707).
Diffusion-form aware integrators — per-signal diffusion_form ∈ {additive, multiplicative, cir} picks Euler-Maruyama, log-Euler, or Milstein; Strang splitting fires on coupled blocks.
Adaptive dynamics calibration — auto_tune_sigmaplus newton_retune run a short pre-roll, measure observed utilisation, and correct σ in one Newton step. Resolved values stamp back into contract_k.sensor_catalog[i].msde_resolved for audit.
ISA-18.2 alarm engine — class-default bands (safety / quality / process / equipment), MI-optimal placer with percentile fallback, BLAKE3 hash-chained operator journal. See Bundle contents.
Unified live + batch integrator — the same integrator feeds an SSE transcript and the sealed batch bundle. Live endpoint: GET /v1/client/runs/{id}/stream.

Privacy-safe historian ingestion

Packs can author a dphe block that points at a customer historian (CSV / Parquet / OSIsoft PI JSON). The engine sanitises summary statistics under Gaussian mechanism with Rényi-DP accounting; the (ε, δ) budget and per-signal sensitivities travel with the run as privacy_evidence.json. Raw rows never leave the ingest boundary.

options = {
  "description": "WWTP aeration basin with 8 process signals",
  "dphe": {
    "enabled": True,
    "historian_source": "s3://tenant-uploads/plant_a/q1.parquet",
    "epsilon": 1.0,
    "delta": 1e-6,
    "signals": [
      {"signal_name": "flow_inlet_m3h", "sensitivity": 50.0},
      {"signal_name": "do_reactor_mgL", "sensitivity": 1.5},
      # ...
    ],
  },
}

Federated multi-site aggregation is available via kind="simulate", engine="federated_dphe". Each site runs under its own ε budget; Dwork-Roth post-processing keeps the federated ε = max(per-site ε), not the sum. Supported aggregation backends: mpc (three-server additive secret sharing), tee (SGX / SEV / Nitro), trusted.

Live streaming (SSE)

Subscribe to a running job via Server-Sent Events on /v1/client/runs/{run_id}/stream. Frame kinds: telemetry, command, alarm, attack_step, defense_alert, heartbeat, close.

curl -N \
  -H "Authorization: Bearer $RADMAH_API_KEY" \
  "https://api.radmah.ai/v1/client/runs/$RUN_ID/stream"

# Reconnect with ring-buffer replay:
curl -N -H "Authorization: Bearer $RADMAH_API_KEY" \
  "https://api.radmah.ai/v1/client/runs/$RUN_ID/stream?replay_history=true"

Deep-dive references

Engine architecture — three-tier dispatch, a broad library of building blocks, and the determinism guarantee.
Bundle contents — every artifact the customer receives, its format, and how to download it through the SDK.
Commands stream — row schema, the four write_source roles, baseline cadences, and a worked customer example.
Validation Gate — the four scoring dimensions (schedule, protocol, physics, label), their thresholds, and the structural checks that block degraded data from release.
Protocol reference — Modbus TCP, OPC-UA, BACnet/IP, MQTT, DNP3, and IEC 61850 stack details, default port map, and address conventions.
ICS Security overlay — how MITRE ATT&CK ICS techniques layer onto a Virtual-SCADA run to produce labelled attack evidence for SOC / IDS training.

Quickstart

from radmah_sdk import RadMah

sdk = RadMah(api_key="...", base_url="https://api.radmah.ai")

job = sdk.jobs.create(
    kind="simulate",
    engine="virtual_scada",
    seed=42,
    options={
        "description": (
            "11 kV distribution substation with two protective relays, "
            "one RTU, one breaker, and a metering panel"
        ),
        "total_seconds": 120,
        "protocols": ["iec61850", "dnp3", "modbus"],
    },
)

# Poll until job.state == "succeeded", then:
artifacts = sdk.list_artifacts(job.id)
for art in artifacts:
    body = sdk.download_artifact(job.id, art.id)
    open(art.name, "wb").write(body if isinstance(body, bytes) else body.encode())

Enterprise tier

Enterprise deployments get container-isolated Virtual PLC simulation with Docker isolation, real-time-capable Linux scheduling, and live OT protocol servers on deterministic ports — suitable for true hardware-in-the-loop IDS realism. See Deployment Models.