Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.decepticon.red/llms.txt

Use this file to discover all available pages before exploring further.

Overview

Decepticon is CLI-first. Security work belongs in the terminal — no browser tabs, no dashboards required, no context switching. The interface is a real-time streaming CLI built with Ink that shows you what the agent sees, as it happens. The CLI is delivered as a single Go-based launcher (decepticon) that orchestrates the underlying Docker stack and opens the React/Ink interactive UI.

Top-Level Commands

decepticon

Start all services and open the interactive CLI. 
decepticon
Starts the full stack — agent API server, LiteLLM proxy, Kali sandbox, PostgreSQL, Neo4j, optional Sliver C2 — and opens the streaming CLI. This is the primary entry point for creating and running engagements.

decepticon onboard

Run the interactive setup wizard. 
decepticon onboard
decepticon onboard --reset    # Reconfigure from scratch
Configures:
  • LLM provider and API key (Anthropic, OpenAI, Google, MiniMax, Anthropic OAuth via Claude subscription)
  • Authentication priority order
  • Model profile (eco, max, test)
  • LangSmith tracing toggle and key
The wizard writes .env and persists provider order. Use --reset to throw away existing configuration.

decepticon demo

Run the guided demonstration. 
decepticon demo
Launches Metasploitable 2 as a target, loads a pre-built engagement (RoE, ConOps, OPPLAN), and executes the full kill chain autonomously — port scan, vsftpd exploitation, Sliver C2 implant deployment, credential harvesting, internal reconnaissance.
The demo is the fastest way to see Decepticon in action. No additional configuration needed beyond your API key.

decepticon status

Show service status. 
decepticon status
Lists each Docker service in the stack with its current state — running, stopped, restarting — and exposed ports. Useful for verifying that the stack came up cleanly before launching the CLI.

decepticon logs [service]

Tail service logs. 
decepticon logs                  # Tail all services
decepticon logs langgraph        # Tail just the LangGraph platform
decepticon logs litellm          # Tail the LLM proxy
decepticon logs sandbox          # Tail the Kali sandbox
decepticon logs postgres         # Tail the database
decepticon logs neo4j            # Tail the knowledge graph
decepticon logs web              # Tail the Next.js dashboard
Streams logs in docker compose logs -f style. The most common debugging entry point — if Decepticon is misbehaving, this is where to look first.

decepticon kg-health

Diagnose the knowledge graph. 
decepticon kg-health
Runs Neo4j connectivity and schema checks. Reports orphaned nodes, missing relationships, and any constraint violations. Useful after a long engagement before exporting the deliverable.

decepticon stop

Stop all services. 
decepticon stop
Gracefully stops all Docker containers — agent API, LiteLLM proxy, sandbox, C2 server, database, knowledge graph, and web dashboard.

decepticon update

Check for and apply updates. 
decepticon update
Checks GHCR for newer pre-built images and updates the local installation. The launcher itself is updated separately via the install script.

decepticon remove

Uninstall Decepticon. 
decepticon remove
Tears down all containers, removes images, and deletes the engagement workspace. Use with care — engagement data is purged unless explicitly exported first.

decepticon --version

Show the launcher version. 
decepticon --version

C2 Profiles

Enable C2 frameworks via Docker Compose profiles. The default install enables c2-sliver. 
# Start with Sliver C2 (default)
COMPOSE_PROFILES=c2-sliver decepticon

# Start with Sliver C2 plus the demo target stack
COMPOSE_PROFILES=c2-sliver,demo decepticon

CLI Keybindings

The interactive CLI exposes the following key shortcuts:
KeyAction
Ctrl+OToggle Prompt ↔ Transcript view
Ctrl+GCycle the graph sidebar (Overview / Nodes / Flows)
Ctrl+BToggle the sidebar visibility
Ctrl+CCancel the current action / exit if at top level
EscExit transcript view

Slash Commands

Inside the CLI prompt, you can invoke:
CommandAction
/helpShow inline help
/clearClear the current conversation
/resume [msg]Resume the last engagement; optional message appended
/quitQuit the CLI (services keep running; use decepticon stop to halt them)

Developer Commands

For contributors working on Decepticon itself: 
make dev          # Build + start with hot-reload (docker compose watch)
make cli          # Open interactive CLI (separate terminal)
make start        # Start in background (production-like, no hot-reload)
make stop         # Stop all services
make test         # Run pytest inside the container
make lint         # Lint + typecheck locally (requires: uv sync --dev)
make help         # Show all available Makefile targets

Developer Setup

Full development environment setup guide for contributors.