Manifests

A manifest is the generated world — the graph of hosts, principals, credentials, groups, and the edges between them. Every trajectory you sample targets a manifest, so this is where the environment’s shape is fixed.

Manifest generation runs as an async job. The durable manifest record only exists once the job completes.

Generate a manifest

The minimum useful invocation picks a preset:

dn worlds manifest-create --preset small --seed 7 --name corp-ad

For explicit sizing — reproducible counts, custom domain names — skip --preset and pass the dimensions directly:

dn worlds manifest-create \
  --name corp-ad \
  --seed 7 \
  --num-users 50 \
  --num-hosts 10 \
  --domain corp.local \
  --json

--domain is repeatable. --num-users accepts 1–50,000; --num-hosts accepts 1–10,000.

The command returns a job record. Wait on the job, then fetch the manifest:

dn worlds job-wait <job-id>
dn worlds manifest-get <manifest-id>

Presets

small, medium, large, and enterprise are opaque preset names passed through to the Worlds backend — the topology they produce is backend-owned, not specified by the control plane. Use them when you want “a reasonable target of this scale” and don’t care about exact counts; use explicit --num-users / --num-hosts when you need a reproducible shape.

Seeds

--seed <int> makes generation deterministic. Same preset or dimensions plus the same seed produces the same graph. Different seed, different environment with the same parameters — useful for training diversity.

Projects

Manifests are workspace-scoped and belong to a project. Omit --project-id to land in the workspace default project. Trajectories sampled from the manifest must match its project; cross-project sampling is rejected at submission.

Inspect the graph

The fastest way to understand what was generated is the Graph Explorer in the web app (Worlds → Manifests → your manifest → Graph Explorer). It renders the full graph with edge-severity filters, node search, and a subgraph focus that centers on any selected node at depth 2.

From the CLI you have the same inspection surface in pieces:

dn worlds graph-nodes <manifest-id>
dn worlds graph-edges <manifest-id>
dn worlds subgraph <manifest-id> <node-id> --depth 2

graph-nodes and graph-edges paginate; subgraph returns a k-hop neighborhood around a node.

Principals and hosts

Principals are the identities in the graph — users, computers, service accounts, groups. Search and drill in:

dn worlds principals <manifest-id> --query alice
dn worlds principal <manifest-id> <principal-id>
dn worlds principal-details <manifest-id> <principal-id>

principal-details expands memberships, credentials, and the principal’s graph context.

Hosts work the same way:

dn worlds host <manifest-id> <host-id>
dn worlds host-details <manifest-id> <host-id>

host-details includes services, artifacts, and graph neighbors.

Command vocabulary

Every manifest carries a command catalog — the actions the sampler can take against the environment. The web UI shows this on the manifest Overview tab; from the CLI:

dn worlds commands <manifest-id>

The catalog is live: it reads from the Worlds backend sandbox that generated the manifest. Backend sandboxes are not permanent — when the sandbox has been reaped, commands returns empty and both the graph explorer and command catalog in the web UI surface “backend no longer available” warnings. The durable manifest record (stats, artifact refs, related trajectories) stays readable regardless.

Listing trajectories for a manifest

The manifest detail view in the web app shows related trajectories inline on the Overview tab — each with its goal, strategy, step count, and outcome. From the CLI:

dn worlds manifest-trajectories <manifest-id>

What’s next

• Sample paths: Trajectories
• Use your own agent against the environment: Agent-mode trajectories
• Field-by-field: Manifest reference