██╗ ██╗██╗ ██╗██████╗ ██████╗ █████╗ ██████╗██████╗ ██║ ██║╚██╗ ██╔╝██╔══██╗██╔══██╗██╔══██╗ ██╔════╝╚════██╗ ███████║ ╚████╔╝ ██║ ██║██████╔╝███████║ ██║ █████╔╝ ██╔══██║ ╚██╔╝ ██║ ██║██╔══██╗██╔══██║ ██║ ██╔═══╝ ██║ ██║ ██║ ██████╔╝██║ ██║██║ ██║ ╚██████╗███████╗ ╚═╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚═╝ ╚═════╝╚══════╝
┌──────────────────────────────────────────────────────────────────┐ │ HYDRA-C2 // OSINT-DRIVEN BAYESIAN THREAT INTELLIGENCE │ │ Hybrid Universal Dynamic Reconnaissance Architecture │ │ CLASSIFICATION: UNCLASSIFIED // OPEN SOURCE │ └──────────────────────────────────────────────────────────────────┘
OSINT-driven Bayesian threat intelligence Common Operating Picture. Real-time GDELT/OpenSky fusion, causal DAG inference, MIL-STD-2525B symbology, and systems-theoretic assessment engine for multi-domain situational awareness across Land, Air, Sea, Subsurface, Space, and Cyber domains.
SYSTEM STATUS ──────────────────────────────────────────────────────
[●] COP DASHBOARD OPERATIONAL ████████████████████ OSINT COP
[●] FASTAPI BACKEND OPERATIONAL ████████████████████ 16 ROUTES
[●] GDELT v2 FEED CONNECTED ████████████████████ DOC API
[●] OPENSKY NETWORK CONNECTED ████████████████████ STATE-VEC
[●] BAYESIAN DAG OPERATIONAL ████████████████████ CAUSAL
[●] POSTGIS SPATIAL CONNECTED ████████████████████ GEOFENCE
[●] NEO4J GRAPH CONNECTED ████████████████████ LINK-ANAL
[●] HTTPS PROXY OPERATIONAL ████████████████████ CADDY/SSL
[●] L0 KRAKENSDR OPERATIONAL ████████████████████ DOA/TDOA
[●] L1 TAK CLIENT OPERATIONAL ████████████████████ TCP/UDP CoT
[●] L2 MESHTASTIC OPERATIONAL ████████████████████ LoRa MESH
[●] L5 ML ANALYTICS OPERATIONAL ████████████████████ THREAT AI
────────────────────────────────────────────────────────────────────
https://hugefisco94.github.io/hydra-c2/
Iran/Middle East OSINT theater with real-time multi-domain actors and Bayesian causal threat assessment fusing GDELT geopolitical events with OpenSky military flight tracking:
| Affiliation | Description |
|---|---|
| HOSTILE | Ballistic TELs, patrol boats, combat aircraft, EW platforms |
| FRIENDLY | Naval task groups, air patrol, ground QRF, cyber defense |
| NEUTRAL | Commercial aviation, maritime shipping, SATCOM relays |
| UNKNOWN | Unidentified UAS, submarine contacts, SIGINT signatures |
BAYESIAN CAUSAL DAG ── GDELT/OPENSKY FUSION
═══════════════════════════════════════════════════════════════
GDELT v2 DOC API OpenSky Network
┌─────────────────┐ ┌─────────────────┐
│ Geopolitical │ │ ADS-B State │
│ Event Monitoring │ │ Vector Tracking │
│ (tone analysis) │ │ (mil callsigns) │
└────────┬────────┘ └────────┬────────┘
│ │
▼ ▼
┌─────────────────┐ ┌─────────────────┐
│ GDELT_TONE_AVG │ │ AIRCRAFT_DENSITY │
│ (sentiment node) │ │ (posture node) │
└────────┬────────┘ └────────┬────────┘
│ 0.35 weight │ 0.25 weight
▼ ▼
┌─────────────────┐ ┌─────────────────┐
│ ESCALATION_PROB │ │ MIL_POSTURE_IDX │
│ P(escalation| │ │ P(posture| │
│ tone,history) │ │ density,type) │
└────────┬────────┘ └────────┬────────┘
│ │
└──────────────┬─────────────────────┘
▼ 0.40 weight
┌─────────────────┐
│ COMPOSITE_SCORE │
│ Bayesian fusion │
│ → THREAT_LEVEL │
└─────────────────┘
CRITICAL | HIGH | ELEVATED | LOW | MINIMAL
HYDRA-C2 // 7-LAYER CLEAN ARCHITECTURE
═══════════════════════════════════════════════════════════════
┌─────────────────────────────────────────────────────────────┐
│ L6 — VISUALIZATION │
│ │
│ React 19 COP Dashboard │
│ ├─ Leaflet Map (Dark Tactical / Esri Satellite) │
│ ├─ MIL-STD-2525B Symbology (milsymbol) │
│ ├─ Threat Range Rings (TEL 80km / AIR 50km / SEA 30km) │
│ ├─ Strategic Zones (Strait of Hormuz / Persian Gulf) │
│ ├─ Actor Movement Trails (domain-adaptive) │
│ └─ CRT Scanline Effect (toggle) │
│ │
│ Sidebar Panels │
│ ├─ Force Status (by affiliation + domain) │
│ ├─ Threat Assessment Board (CRITICAL / HIGH / MEDIUM) │
│ ├─ OSINT Intel Panel (Bayesian composite + causal factors)│
│ └─ OSINT Feed Activity (GDELT / OpenSky breakdown) │
└────────────────────────┬────────────────────────────────────┘
│ HTTPS / REST
┌────────────────────────▼────────────────────────────────────┐
│ L5 — ANALYTICS │
│ │
│ FastAPI Backend (16 endpoints) │
│ ├─ Threat Scoring Engine (proximity + capability + intent) │
│ ├─ Bayesian Causal DAG (GDELT tone → escalation prob) │
│ ├─ OSINT Feed Aggregator (GDELT v2 DOC + OpenSky REST) │
│ ├─ Military Posture Index (flight density analysis) │
│ ├─ Force Composition Analytics │
│ ├─ ADS-B State Model (8 DF17 msg types / 21 fields) │
│ ├─ AIS Vessel Model (8 msg types / 22 fields) │
│ └─ SDR Signal Processing Chain (8 stages / 30+ modes) │
└────────────────────────┬────────────────────────────────────┘
│
┌────────────────────────▼────────────────────────────────────┐
│ L4 — PERSISTENCE │
│ PostGIS 3.4 Neo4j 5.x Mosquitto MQTT │
│ (spatial queries) (graph analysis) (pub/sub events) │
└─────────┬──────────────────┬──────────────────┬────────────┘
│ │ │
┌─────────▼───────┐ ┌───────▼────────┐ ┌───────▼───────────┐
│ L0: RF / SDR │ │ L1: ATAK/CoT │ │ L2: Meshtastic │
│ KrakenSDR │ │ TAK Server │ │ LoRa Mesh │
└─────────────────┘ └────────────────┘ └───────────────────┘
| Endpoint | Method | Description |
|---|---|---|
/health |
GET | System health & infrastructure status |
/api/v1/actors |
GET | All actors with spatial positions |
/api/v1/actors/{id} |
GET | Single actor by ID |
/api/v1/actors/{id}/network |
GET | Neo4j network traversal for actor |
/api/v1/cot/ingest |
POST | Cursor-on-Target XML ingestion |
/api/v1/sdr/detections |
GET | SDR transmission detections |
/api/v1/geofences |
POST | Create geofence polygon |
/api/v1/geofences/check |
POST | Check geofence breach |
| Endpoint | Method | Description |
|---|---|---|
/api/v1/threat-assessment |
GET | Actor threat scoring (composite scores) |
/api/v1/analytics/overview |
GET | Force composition by affiliation/domain |
/api/v1/sdr/reference |
GET | URH-derived modulation reference |
| Endpoint | Method | Description |
|---|---|---|
/api/v1/osint/feeds |
GET | GDELT + OpenSky aggregated feed events |
/api/v1/osint/threat-assessment |
GET | Bayesian causal DAG threat level |
| Endpoint | Method | Description |
|---|---|---|
/api/v1/adsb/state-model |
GET | ADS-B DF17 model (8 types / 21 fields) |
/api/v1/ais/vessel-model |
GET | AIS vessel model (8 types / 22 fields) |
/api/v1/signals/processing-chain |
GET | 8-stage SDR pipeline (30+ modes) |
CAPABILITY MATRIX ──────────────────────────────────────────────
VISUALIZATION Leaflet COP · Dark/Satellite tiles · Layer toggles
SYMBOLOGY MIL-STD-2525B SIDC · Affiliation coloring
THREAT Range rings (TEL/AIR/SEA/LAND) · Scoring engine
OSINT GDELT v2 DOC feed · OpenSky state vectors · Fusion
BAYESIAN Causal DAG inference · Escalation probability
POSTURE Military posture index · Flight density analysis
STRATEGIC Strait of Hormuz zone · Persian Gulf monitoring
TRAILS Domain-adaptive movement trails (AIR/SEA/LAND)
SIGINT ADS-B decode model · AIS vessel model · SDR chain
ANALYTICS Force composition · Threat board · Feed breakdown
RESILIENCE Error boundary · Connection banner · Polling retry
────────────────────────────────────────────────────────────────
HYDRA-C2 now includes an integrated defense academic wargaming simulation engine that runs alongside the existing COP intelligence backend. The module provides a defense-only synthetic workflow: policy gate confirmation, demo authentication, scenario briefing, checklist-driven analyst review, note capture, and human escalation-focused reporting.
The simulator enforces explicit guardrails (no live control actions, no device or network changes, no external system connectivity) and keeps all exercise content within synthetic boundaries. This allows tabletop-style analyst training while preserving the clean separation between educational simulation and operational C2 execution paths.
Wargame endpoints are mounted with the same FastAPI application so briefing flows can coexist with C2 actor intelligence APIs. In standalone mode, enhanced briefing output can incorporate in-memory actor context from the C2 side to support unified academic scenario framing and reporting continuity with the COP dashboard.
Quick start:
1) Start HYDRA-C2 (standalone or full API mode)
2) Open /wargame/ in a browser
3) Authenticate with demo credentials and run the synthetic briefing workflow
HYDRA-C2 is grounded in systems-theoretic foundations:
THEORETICAL FRAMEWORK ─────────────────────────────────────────
CYBERNETICS Wiener (feedback) · Ashby (requisite variety)
2ND-ORDER von Foerster (observing systems) · autopoiesis
VIABLE SYSTEM Beer VSM mapping → 5-system architecture
SYSTEM DYNAMICS Forrester (stock-flow) · Sterman (feedback)
SOCIAL SYSTEMS Luhmann (functional differentiation · closure)
────────────────────────────────────────────────────────────────
See docs/DESIGN_PHILOSOPHY.md for the complete
design document with 24 academic references, VSM mapping, OODA phase mapping,
and MDO-NEXUS-OODA compatibility contract.
# Clone
git clone https://github.com/hugefisco94/hydra-c2.git
cd hydra-c2
# Deploy backend (PostGIS, Neo4j, MQTT, API)
docker compose -f deploy/docker/docker-compose.yml up -d
# Frontend dev
cd frontend && npm install && npm run dev
# Production build & deploy
npm run build && npx gh-pages -d dist --no-history DOMAIN │ Python 3.12 · FastAPI · Pydantic · structlog
OSINT │ GDELT v2 DOC API · OpenSky Network REST API
INFERENCE │ Bayesian Causal DAG · Weighted Fusion (0.35/0.25/0.40)
SPATIAL │ PostgreSQL 16 · PostGIS 3.4 · GeoAlchemy2
GRAPH │ Neo4j 5.x · Cypher · Bolt protocol
FRONTEND │ React 19 · TypeScript 5 · Vite 7 · Tailwind CSS 4
STATE │ Zustand 5 (immutable selectors · memoized filters)
MAPPING │ Leaflet · react-leaflet v5 · milsymbol v3
MESSAGING │ Mosquitto MQTT · WebSocket
PROXY │ Caddy (auto-HTTPS via sslip.io)
INFRA │ Docker Compose · AMD MI300X GPU · DO Cloud
CI/CD │ Harness.io · GitHub Pages · gh-pages deploy
HYDRA-C2 maintains modular compatibility with the MDO-NEXUS-OODA engine:
MQTT TOPIC CONTRACT ───────────────────────────────────────────
hydra/cot/{type} CoT position reports
hydra/sdr/rdf|adsb|ais Signal intelligence
hydra/graph/network Neo4j topology events
hydra/osint/gdelt GDELT event stream
hydra/osint/opensky OpenSky state vectors
────────────────────────────────────────────────────────────────
The OSINT intelligence layer maps directly to MDO OODA phases: OBSERVE (GDELT/OpenSky collection) / ORIENT (Bayesian DAG fusion) / DECIDE (threat classification) / ACT (COP visualization).
Patterns and protocols extracted from 16 reference repositories:
| Repository | Domain | Extracted Pattern |
|---|---|---|
| plane-alert-db | ADS-B | ICAO hex codes, aircraft type database |
| panopticon | AI/C2 | Multi-agent wargaming architecture |
| urh | SDR | Protocol analysis, modulation types |
| SDRPlusPlus | SDR | Multi-band receiver pipeline |
| AIS-catcher | Maritime | AIS message decoding (8 types) |
| openwebrx | SDR | WebSocket spectrum streaming |
| noaa-apt | SIGINT | NOAA APT satellite image decode |
| plane-notify | ADS-B | Real-time aircraft alerting |
| airplanejs | ADS-B | Mode-S/ADS-B DF17 state model |
| docker-shipfeeder | Maritime | AIS feeding architecture |
| palantir-* | Ontology | Entity resolution, link analysis |
| taipy | Dashboard | Pipeline-driven analytics UI |
| mage-ai | Pipeline | Data orchestration patterns |
| prisma | ORM | Type-safe database access patterns |
MIT
─────────────────────────────────────────────────────────────
UNCLASSIFIED // OPEN SOURCE // FOR AUTHORIZED USE ONLY
─────────────────────────────────────────────────────────────