Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.decepticon.red/llms.txt

Use this file to discover all available pages before exploring further.

Network Isolation

Decepticon’s architecture is built on a fundamental principle: the management infrastructure and operational infrastructure share zero network access. Two isolated Docker networks enforce this separation: 
┌─────────────────────────────────────┐     ┌──────────────────────────────────────┐
│        decepticon-net (mgmt)        │     │        sandbox-net (operational)      │
│                                     │     │                                      │
│  ┌─────────────┐ ┌──────────────┐  │     │  ┌──────────┐ ┌──────────────────┐  │
│  │  Agent API  │ │ LiteLLM Proxy│  │     │  │   Kali   │ │ Target Infra     │  │
│  │   Server    │ │              │  │     │  │ Sandbox  │ │ (Metasploitable, │  │
│  └─────────────┘ └──────────────┘  │     │  │          │ │  custom targets) │  │
│                                     │     │  └──────────┘ └──────────────────┘  │
│  ┌─────────────┐                   │     │                                      │
│  │  Database   │                   │     │  ┌──────────────────┐               │
│  └─────────────┘                   │     │  │ Sliver C2 Server │               │
│                                     │     │  │   (optional)     │               │
└─────────────────────────────────────┘     └──────────────────────────────────────┘
         │                                              ↑
         │         Docker Socket (not network)           │
         └──────────────────────────────────────────────┘
The LangGraph orchestrator reaches the sandbox exclusively via Docker socket — not the network. No management traffic flows into the operational network. No operational traffic flows back.

Management Network (decepticon-net)

Houses the control plane:
ComponentRole
LangGraph PlatformAgent orchestration, SSE streaming, lifecycle management
LiteLLM ProxyModel routing, provider fallback, API key management
PostgreSQLEngagement state, findings, objective tracking, OPPLAN persistence
Web DashboardNext.js operator interface (Soundwave interview, attack-graph canvas, OPPLAN tracker)
Neo4jKnowledge graph — bridges both networks so agents in the sandbox can write findings while the dashboard reads them from management

Operational Network (sandbox-net)

Houses everything that touches targets:
ComponentRole
Kali Linux SandboxFull offensive toolkit — nmap, Sliver client, sqlmap, Impacket, and more
Sliver C2 Team ServerCommand and control infrastructure (profile-based activation)
Target InfrastructureVictim machines — Metasploitable, custom targets, or VPN access to real environments

Why This Matters

This separation mirrors real Red Team infrastructure design:
  • No credential leakage — API keys and LLM tokens never exist on the operational network
  • No cross-contamination — A compromised sandbox cannot reach the management plane
  • Auditable boundaries — Clear network separation makes activity attribution straightforward
  • Production-grade isolation — The same architecture you’d use for a real engagement

Docker Compose Architecture

All components are defined in Docker Compose with explicit network assignments: 
services:
  langgraph:
    networks: [decepticon-net]

  litellm:
    networks: [decepticon-net]

  postgres:
    networks: [decepticon-net]

  web:
    networks: [decepticon-net]

  neo4j:
    networks: [decepticon-net, sandbox-net]   # bridges both for graph access

  sandbox:
    networks: [sandbox-net]

  sliver:
    profiles: [c2-sliver]
    networks: [sandbox-net]

networks:
  decepticon-net:
    driver: bridge
  sandbox-net:
    driver: bridge
Cross-network access is governed by service-level network membership — Neo4j is the only service that holds membership in both, and the LangGraph platform reaches the sandbox exclusively through the Docker socket (not the network).

Agents

Learn about the seventeen specialist agents that operate within this infrastructure.