Roe Template

Round 2 — Boundaries & Escalation: 6. Additional prohibited actions beyond defaults 7. Special permitted actions (phishing, password spraying, etc.) 8. Escalation contacts (minimum 2: client + red team lead) — name, role, channel 9. Authorization reference (contract #, signed letter)

Step 2: Generate roe.json

Use the RoE schema from decepticon.core.schemas. Write to the engagement directory.

See references/roe-example.json for a complete example and ../references/schema-quick-reference.md for all required fields and valid values.

Step 3: Validate

Run through the checklist in references/validation-checklist.md before presenting to user.

Generation Rules

1. Always include default prohibited actions — DoS, unauthorized social engineering, unauthorized physical access, real data exfiltration, production data modification
2. Scope must be specific — CIDR notation for IPs, wildcard notation for domains
3. Testing window must include timezone
4. At least 2 escalation contacts required
5. Authorization reference must not be empty

Output

Write roe.json to the engagement directory, then present a human-readable summary to the user for confirmation.