Back to DocsBack to Author Labs

Authoring Guide

Operational guide for authors creating and maintaining labs and challenges from the frontend workspace.

Author Access

Author tools are available to accounts with role author or admin.

Use the /author menu in the navbar to open labs and challenges management pages.

  • /author/labs
  • /author/labs/new
  • /author/labs/[content_id]/edit
  • /author/challenges
  • /author/challenges/new
  • /author/challenges/[slug]/edit

Labs Workflow

Lab creation uses structured service rows and explicit flag mode fields.

Use per_instance flag mode for runtime-generated flags and static only when intentionally fixed.

  • Set a stable content_id and immutable image tag.
  • Keep services aligned with actual exposed ports/protocols.
  • If startup writes to root-owned paths, coordinate writable-rootfs tags with ops.

Challenges Workflow

Challenge forms support nested attachments and hints in create and edit flows.

Publishing a challenge prompts for confirmation to reduce accidental release.

  • attachments fields: filename, url, sha256, size_bytes, order
  • hints fields: title, content, cost_points, order, is_published
  • flag is required when flag_mode is static_hash

Validation and Errors

Frontend maps backend field errors inline, including indexed nested fields.

Fix field-scoped errors first, then re-submit.

  • Example paths: services[0].port, attachments[1].url, hints[0].title
  • Attachment upload errors appear before final create/update submit.

Pre-Publish Quality Checks

Run a quick exploit-path sanity test before publishing.

The flag should only be retrievable through the intended path for the challenge objective.

  • Verify player account cannot bypass intended vulnerability path.
  • Start an instance and test VPN/service reachability.
  • Confirm attachments and hints render correctly on detail pages.

FAQ

Challenge nested collections use replace-on-present semantics. If attachments/hints are included in PATCH, the submitted list replaces existing items.