Tools
The 12+ built-in decoy tools shipped with Decoy Tripwire, and how to choose which ones to deploy.
Built-in tripwires
Decoy Tripwire ships 12 high-signal decoy tools plus a dynamic set unique to your deployment. Every tool returns a realistic error response — the agent sees "timeout" or "permission denied," not a detection signal.
| Tool | What it traps | Severity |
|---|---|---|
execute_command | Shell execution | Critical |
write_file | File system persistence | Critical |
make_payment | Unauthorized payments | Critical |
authorize_service | Trust grants to external services | Critical |
modify_dns | DNS record hijacking | Critical |
read_file | Credential theft | High |
http_request | Data exfiltration | High |
database_query | SQL execution | High |
access_credentials | API key theft | High |
send_email | Phishing via agent | High |
install_package | Supply chain attack | High |
get_environment_variables | Secret harvesting | High |
Dynamic tools
Each deployment also gets a deterministic set of decoys drawn from 6 threat categories: cloud infrastructure, secrets management, payments, CI/CD, identity, and network. Attackers can't fingerprint your install by the static catalog alone — every workspace looks different.
Custom tripwires
Business plans support custom detection rules: define a tool name, description, and response shape, and Decoy handles trigger capture and alerting.