docs(wiki): add Unit 18 project-meta pages

Sponsors, Support-the-Project, Security-and-Stealth,
Roadmap-and-Known-Debt, Troubleshooting.

Roadmap-and-Known-Debt.md

@@ -0,0 +1,29 @@
+# Roadmap and Known Debt
+
+DECNET keeps its forward-looking and backward-looking planning docs inside the main repo under `development/`. This page is an index — no duplication.
+
+## Roadmap and Future Work
+
+- `development/FUTURE.md` — planned features and direction.
+- `development/ICS_SCADA.md` — ICS/SCADA decoy work.
+- `development/IMAP_BAIT.md` — IMAP bait service design.
+- `development/SMTP_RELAY.md` — SMTP relay decoy work.
+
+## Known Debt and Bugs
+
+- `development/DEBT.md` — accepted tech debt.
+- `development/BUGS.md` — known open bugs.
+- `development/BUG_FIXES.md` — recently fixed, for history.
+- `development/HARDENING.md` — hardening backlog.
+
+## Audits and Coverage
+
+- `development/REALISM_AUDIT.md` — decoy realism audit notes.
+- `development/COVERAGE.md` — test coverage state.
+- `development/EVENTS.md` — event pipeline and schema notes.
+
+Each of these files lives in the DECNET repo, not this wiki. Follow the links above from a working checkout.
+
+---
+
+See also: [[Home]] · [[Developer-Guide]] · [[Troubleshooting]]

Security-and-Stealth.md

@@ -0,0 +1,56 @@
+# Security and Stealth
+
+DECNET sits on the attacker-facing edge of a network, so its own posture matters as much as the decoys it deploys.
+
+## Authentication
+
+### JWT
+
+- Algorithm: **HS256** (see `decnet/web/auth.py`).
+- Secret: `DECNET_JWT_SECRET` — must be **≥ 32 characters**. Anything shorter is rejected at startup with an explicit error referencing RFC 7518 §3.2 (see `decnet/env.py`).
+- No fallback: the env var is required, not optional.
+
+### Admin Credentials
+
+- `DECNET_ADMIN_USER` / `DECNET_ADMIN_PASSWORD` seed the initial admin on first boot (`decnet/web/db/sqlmodel_repo.py`).
+- The combination `admin/admin` is rejected at startup. Deployments must pick a real password.
+- Passwords are hashed with **bcrypt** — plaintext is never persisted.
+
+### RBAC
+
+- All admin endpoints are gated server-side via `require_admin` / `require_role("admin")` dependencies (`decnet/web/dependencies.py`).
+- **Contributor rule (ANTI)**: the admin UI must be server-gated, never client-side only. A hidden button is not access control.
+
+## Stealth in Active Probes
+
+**Contributor rule (ANTI)**: active probes and health checks must never reveal DECNET's identity.
+
+- No `User-Agent: DECNET/...`.
+- No banners, headers, or log lines that leak the framework name to a decoy or an external target.
+- Probe traffic should be indistinguishable from ordinary tooling (curl, nmap, python-requests). If you're adding a probe and unsure, ask before merging.
+
+## Network Architecture
+
+- Decoy network is attacker-facing by design.
+- Logging / aggregation network (Logstash → ELK → SIEM) is **isolated** from the decoy network.
+- A publicly accessible real server bridges the two; deckies never talk to the SIEM directly.
+
+See the top-level `README.md` for the full diagram.
+
+## OS Fingerprint Spoofing
+
+Deckies rotate service banners, TTLs, TCP options, and OS hints to look heterogeneous. Mutation is time-based and randomized per decky.
+
+- Details: [[Mutation-and-Randomization]]
+
+## Responsible Disclosure
+
+Found a security issue in DECNET itself (not a decoy)? Email:
+
+- `TODO: add security@ disclosure address`
+
+Please do not file public issues for exploitable bugs.
+
+---
+
+See also: [[Troubleshooting]] · [[Environment-Variables]] · [[Web-Dashboard]]

Sponsors.md

@@ -0,0 +1,30 @@
+# Sponsors
+
+DECNET is built and maintained with the help of a small number of generous sponsors. Without their backing the project would not exist in its current form.
+
+## Current Sponsors
+
+### SecureJump
+
+- Website: https://securejump.cl
+- Offensive-security and adversary-simulation outfit based in Chile. SecureJump's red-team crew has contributed threat-model input that shaped DECNET's decoy-service realism and fingerprint spoofing.
+
+### Xmartlab
+
+- Website: https://xmartlab.com
+- Engineering lab sponsoring infrastructure, test hardware, and maintainer time. Xmartlab hosts the build and integration environment used for DECNET's swarm-mode testing.
+
+## Logos
+
+> Note: logo images must be uploaded to the wiki repo separately; the paths below are placeholders.
+
+- ![SecureJump](sponsor-logos/securejump.png)
+- ![Xmartlab](sponsor-logos/xmartlab.png)
+
+## Thank You
+
+To SecureJump and Xmartlab — thank you for keeping the lights on, the containers running, and the decoys convincing.
+
+---
+
+See also: [[Support-the-Project]] · [[Home]]

Support-the-Project.md

@@ -0,0 +1,49 @@
+# Support the Project
+
+DECNET is open-source, maintained in the open, and not cheap to keep running. If your team benefits from decoy-network research, please consider sponsoring.
+
+## Why Sponsor DECNET
+
+- **Maintenance**: keeping decoy services realistic means chasing CVEs, banner drift, and fingerprint tells on a rolling basis.
+- **Infrastructure**: multi-host swarm testing, SIEM/ELK rigs, and realistic NIC hardware cost money.
+- **Time**: the maintainer's hours are finite. Sponsorship buys focused, dedicated effort on roadmap items.
+
+## Tiers
+
+### Bronze
+
+- Small logo on the [[Sponsors]] page.
+- Mention in release notes.
+
+### Silver
+
+- Medium logo on the [[Sponsors]] page.
+- Feature-request priority in the issue tracker.
+- Quarterly office-hours call with the maintainer.
+
+### Gold
+
+- Large logo on the [[Sponsors]] page.
+- Roadmap co-design input.
+- Advisory access to the maintainer.
+- Private-channel support.
+
+## How to Sponsor
+
+Corporate sponsorships, invoicing, and tier selection:
+
+- **Contact**: samuel.paschuan@xmartlab.com
+
+Payment channels:
+
+- Stripe: `TODO: add Stripe link`
+- BTC: `TODO: add BTC address`
+- ETH: `TODO: add ETH address`
+
+## Individual Donors
+
+Not a company? No problem. If DECNET saved you a weekend of honeypot plumbing, drop a coffee's worth into the tip jar — small donations genuinely keep the project moving, and they accumulate. Use the Stripe link above (once live) or reach out by email for a one-off transfer. No tier, no logo, just appreciation.
+
+---
+
+See also: [[Sponsors]] · [[Security-and-Stealth]] · [[Roadmap-and-Known-Debt]]

Troubleshooting.md

@@ -0,0 +1,63 @@
+# Troubleshooting
+
+Common gotchas when deploying and running DECNET.
+
+## Networking
+
+### MACVLAN fails on WSL
+
+WSL does not play nicely with MACVLAN drivers. Options:
+
+- Run DECNET on bare metal or inside a proper VM (preferred).
+- Fall back to IPVLAN by passing `--ipvlan` on the deploy command.
+
+See [[Home]] for supported environments.
+
+### NIC not in promiscuous mode
+
+Deckies and the sniffer need the host NIC in promiscuous mode to see decoy-directed traffic. If captures look empty:
+
+```bash
+sudo ip link set <iface> promisc on
+```
+
+## Auth and Startup
+
+### `admin/admin` rejected at startup
+
+Intentional. DECNET refuses to boot with the trivial default. Set `DECNET_ADMIN_USER` and `DECNET_ADMIN_PASSWORD` to real values.
+
+### JWT secret too short
+
+`DECNET_JWT_SECRET` must be at least **32 bytes** for HS256 (RFC 7518 §3.2). Shorter secrets are rejected at startup with an explicit error. See `decnet/env.py`.
+
+## Embedded vs Standalone Workers
+
+Running both the embedded profiler/sniffer **and** a standalone instance causes duplicate or skipped events.
+
+Fix: pick one. Unset the embed flags when running standalone workers:
+
+```bash
+unset DECNET_EMBED_PROFILER
+unset DECNET_EMBED_SNIFFER
+```
+
+See [[Environment-Variables]].
+
+## Python Runtime
+
+### Python 3.14 GC instability under load
+
+The 3.14 GC has surfaced crashes under DECNET's load profile. Pin to **Python 3.11 – 3.13** until upstream stabilizes.
+
+## Database
+
+### SQLite write contention
+
+Under heavy concurrent event ingestion, SQLite can hit writer-lock contention. Switch the backend to MySQL.
+
+See [[Database-Drivers]].
+
+---
+
+See also: [[Security-and-Stealth]] · [[Environment-Variables]] · [[Roadmap-and-Known-Debt]]