diff --git a/README.md b/README.md
index 1289932..43b26a8 100644
--- a/README.md
+++ b/README.md
@@ -1,8 +1,8 @@
-
+
-AI Agent — Infrastructure & Security Engineer
+A-Team Security — Infrastructure & Security Agent Engineer
Oracle Cloud Infrastructure — CIS Foundations Benchmark 3.0 — AI-Powered Compliance Platform
@@ -13,40 +13,93 @@
+
---
## Overview
-AI Agent is a self-hosted web application that automates **CIS Oracle Cloud Infrastructure Foundations Benchmark 3.0** compliance checks, powered by **OCI Generative AI** for intelligent analysis and **MCP (Model Context Protocol)** for extensible task execution.
+A-Team Security Agent is a self-hosted web application that automates **CIS Oracle Cloud Infrastructure Foundations Benchmark 3.0** compliance checks, powered by **OCI Generative AI** for intelligent analysis and an **MCP (Model Context Protocol)** server architecture for extensible task execution.
-The platform runs as pre-built Docker containers — no source code required.
+The platform combines security compliance scanning, AI-powered chat with **RAG (Retrieval-Augmented Generation)**, infrastructure exploration, and vector-based knowledge storage into a single, containerized solution with a **React 19 SPA** (TypeScript, Vite), **Oracle Dark Premium** theme (light/dark modes), **KPI dashboard** with compliance gauge, **i18n** (pt/en/es), and **Recharts** visualizations.
+
+Distributed as pre-built Docker containers via **Oracle Container Registry (OCIR)** — no source code required.
---
## Features
-- **AI Chat Agent** with RAG (Retrieval-Augmented Generation) + MCP Tool Use
-- **Terraform Agent** for AI-powered IaC generation (plan/apply/destroy)
-- **OCI Account Explorer** — 36 resource types, KPI dashboard, start/stop actions
-- **OCI CLI Terminal** — web terminal with Tab autocomplete, OCID auto-lookup
-- **CIS Compliance Reports** — 48 CIS + 11 OBP checks, PDF/DOCX export
-- **Compliance Report** — professional Oracle-format assessment with RAG remediation
-- **OCI Services Status** — auto-detect security services + OCI Health (49 regions)
-- **Embeddings & Knowledge Base** — CIS PDF chunker, ADB vector store
-- **Oracle IAM OIDC** — SSO via Oracle Identity Domains
-- **Security** — JWT + TOTP MFA + RBAC (3 roles) + Fernet encryption + WAF
-- **i18n** — Portuguese, English, Spanish
+### AI Chat Agent with RAG + MCP Tool Use
+- **OCI Generative AI** integration via official SDK
+- **RAG (Retrieval-Augmented Generation)**: queries ADB vector store for relevant context before generating responses
+- **MCP Tool Use (Function Calling)**: GenAI models call tools from registered MCP servers during chat
+- **Chat Memory Compaction**: automatic summarization when conversation exceeds token limit
+- **Multimodal Chat**: upload images, PDFs, and text files for AI analysis
+- 16 chat models + 3 embedding models across 5 providers: **Meta** (Llama 4), **Google** (Gemini 2.5), **OpenAI** (GPT-5.2/5.1/4.1/4o, o3/o4-mini), **xAI** (Grok 4/3)
+
+### Terraform Agent (IaC)
+- **AI-powered Terraform code generation** for OCI infrastructure provisioning
+- **Workspace management**: create, plan, apply, destroy Terraform workspaces
+- **14-point validation checklist**: cross-references, CIDRs, security lists, HCL syntax
+- **Resource type validation**: ~937 OCI resource types with close-match suggestions
+- **Prompt Generator**: dedicated sub-menu for AI-powered prompt generation
+
+### OCI Account Explorer
+- **36 resource types** across 9 categories (Compute, Networking, Storage, Database, Containers, Serverless, Observability, Security, IAM)
+- **KPI stats bar**: real-time resource counts per category
+- **Start/Stop** Compute Instances, Autonomous Databases, DB Systems, MySQL, Container Instances
+- **Tree-view navigation** with resizable compartment panel
+- **Multi-region support** with checkbox selection
+
+### OCI CLI Terminal
+- **Linux-style web terminal** for OCI CLI interaction
+- **Tab autocomplete**, **OCID auto-lookup** (60+ resource types), **find by name/IP**
+- Per-user command history, state persists across navigation
+
+### OCI Services
+- **Service Status**: auto-detect 6 security services per tenancy via OCI API
+- **OCI Health**: real-time Oracle service health from 49 regions
+
+### CIS Compliance Reports
+- Oracle's official CIS engine (48 CIS + 11 OBP checks)
+- **Multiple formats**: HTML, CSV, JSON, XLSX
+- **Professional Compliance Report**: Oracle-format PDF/DOCX with RAG-powered remediation
+- Real-time progress tracking with phase-based progress bar
+
+### Built-in CIS MCP Server
+- **12 granular tools** for per-section scanning (IAM, Networking, Compute, Logging, Storage, Assets)
+- **Parallelized data collection** with session caching
+
+### Embeddings & Knowledge Base
+- **CIS PDF Chunker**: segments by recommendation, 7000-char chunks with overlap
+- **Auto-detect embedding dimension** and model selection
+- **Knowledge Base**: upload documents or import URLs
+- **Consult Embeddings**: chat-like interface for vector Q&A
+
+### Security
+- **JWT + TOTP MFA** (Google Authenticator / Authy compatible)
+- **Oracle IAM OIDC**: SSO via Oracle Identity Domains with JIT provisioning
+- **RBAC** with 3 roles: Admin, User, Viewer
+- **Fernet encryption** (AES) for credentials and sensitive settings
+- **User isolation**: ownership checks, private reports, per-user embeddings
+- **Force password change** on first login
+- Rate limiting, audit logging, non-root container execution
+
+### Theme & UI
+- **Light/Dark mode** with Oracle Dark Premium design
+- **KPI Dashboard**: compliance gauge, pass/fail cards, donut chart, bar chart
+- **i18n**: Portuguese, English, Spanish (850+ keys)
+- **20 pages**, code splitting, Zustand state persistence
---
-## Quick Start (Docker Compose)
+## Quick Start
### Prerequisites
-- Docker and Docker Compose
-- Access to the OCI Container Registry (OCIR) with pull credentials
+- Docker and Docker Compose v2
+- Access to the OCI Container Registry (OCIR)
### 1. Configure
@@ -67,8 +120,8 @@ APP_SECRET=
docker login ${OCIR_REGION}.ocir.io
```
-Username: `/` (or `/oracleidentitycloudservice/`)
-Password: Auth Token (generate in OCI Console > Profile > Auth Tokens)
+- **Username:** `/` or `/oracleidentitycloudservice/`
+- **Password:** Auth Token (generate in OCI Console > Profile > Auth Tokens)
### 3. Run
@@ -97,14 +150,24 @@ For production deployment on Oracle Cloud Infrastructure with Load Balancer, WAF
### Architecture
```
-Internet --> WAF --> Load Balancer (HTTPS 443)
- |
- Private Subnet
- |
- Compute Instance (ARM, Free Tier eligible)
- +-- Backend container (FastAPI)
- +-- Frontend container (nginx)
- +-- Block Volume (/data)
++--------------------------------------------------------------+
+| Oracle Cloud |
+| |
+| +-----------------+ +--------------------------------+ |
+| | | | | |
+| | WAF Policy | | Private Subnet | |
+| | (OWASP rules) | | | |
+| +-----------------+ | +---------------------------+ | |
+| | | | Compute Instance | | |
+| +-----------------+ | | (ARM, Free Tier eligible) | | |
+| | | | | | | |
+| | Load Balancer |---->| | Backend (FastAPI :8000) | | |
+| | (HTTPS / 443) | | | Frontend (nginx :80) | | |
+| | Public Subnet | | | Block Volume (/data) | | |
+| | | | +---------------------------+ | |
+| +-----------------+ +--------------------------------+ |
+| |
++--------------------------------------------------------------+
```
### Setup
@@ -128,22 +191,23 @@ terraform apply
| Resource | Description |
|----------|-------------|
-| VCN | Virtual Cloud Network with public/private subnets |
-| Compute | VM.Standard.A1.Flex (ARM, Free Tier eligible) |
-| Block Volume | 50GB persistent storage for /data |
-| Load Balancer | Flexible 10-100 Mbps with SSL |
-| WAF | OWASP protection (XSS, SQLi, path traversal) |
-| OCIR | 2 private container repositories |
-| DNS | Conditional — OCI DNS Zone + A record (when domain configured) |
+| VCN | 10.0.0.0/16 with public/private subnets, gateways, security lists |
+| Compute | VM.Standard.A1.Flex — 2 OCPU, 16GB RAM (ARM, Free Tier eligible) |
+| Block Volume | 50GB persistent storage for application data |
+| Load Balancer | Flexible 10-100 Mbps with SSL (self-signed or Let's Encrypt) |
+| WAF | OWASP protection — XSS, SQL injection, path traversal + rate limiting |
+| OCIR | 2 private container repositories (backend + frontend) |
+| DNS | OCI DNS Zone + A record (conditional — when domain is configured) |
### Outputs
After `terraform apply`:
```bash
-terraform output load_balancer_ip # Public IP
-terraform output app_url # https://
-terraform output ocir_backend_url # OCIR image URL
+terraform output load_balancer_ip # Public IP address
+terraform output app_url # Application URL
+terraform output ocir_backend_url # Backend image URL
+terraform output ocir_frontend_url # Frontend image URL
```
---
@@ -152,28 +216,44 @@ terraform output ocir_backend_url # OCIR image URL
### Step 1 — OCI Credentials
-Navigate to **OCI Credentials** and add your tenancy details:
+Navigate to **OCI Credentials** tab and add:
| Field | Description |
|-------|-------------|
-| Tenancy Name | Friendly name |
+| Tenancy Name | Friendly name (e.g., `my-company`) |
| OCID Tenancy | `ocid1.tenancy.oc1..xxxxx` |
| OCID User | `ocid1.user.oc1..xxxxx` |
-| Fingerprint | `aa:bb:cc:dd:...` |
-| Region | `us-ashburn-1` |
+| Fingerprint | `aa:bb:cc:dd:ee:ff:...` |
+| Region | `sa-saopaulo-1`, `us-ashburn-1`, etc. |
+| Compartment OCID | `ocid1.compartment.oc1..xxxxx` |
| Private Key | `.pem` file |
+Click **Test** to validate the connection.
+
### Step 2 — GenAI Model
-Select an OCI credential, choose a model from the catalog, and adjust parameters.
+1. Select the **OCI Credential** created in Step 1
+2. Choose a **model** from the catalog (16 models across 5 providers)
+3. Adjust parameters (temperature, max_tokens, etc.)
-### Step 3 — ADB Vector (Optional)
+### Step 3 — ADB Vector + RAG (Optional)
-For RAG-powered chat, configure an Autonomous Database with vector tables.
+For persistent vector storage and RAG-powered chat:
+
+1. Add DSN (from tnsnames.ora)
+2. Set credentials and upload Wallet ZIP
+3. Select an **Embedding Model**
+4. Register vector tables
### Step 4 — MCP Servers (Optional)
-Register MCP servers for extended tool use in the Chat Agent.
+Register MCP servers for extended AI task execution:
+
+| Type | Use Case |
+|------|----------|
+| `stdio` | Local Python scripts |
+| `SSE` | Remote HTTP servers |
+| `module` | Upload `.py` files directly |
---
@@ -196,10 +276,10 @@ Allow group to read buckets in compartment
| Variable | Required | Default | Description |
|----------|----------|---------|-------------|
-| `OCIR_REGION` | Yes | — | OCI region (e.g., `us-ashburn-1`) |
-| `OCIR_NAMESPACE` | Yes | — | OCIR namespace |
-| `APP_SECRET` | Yes | — | 64-byte hex key for JWT/encryption |
-| `JWT_EXPIRY_HOURS` | No | `12` | Token expiry |
+| `OCIR_REGION` | Yes | — | OCI region for container registry |
+| `OCIR_NAMESPACE` | Yes | — | OCIR tenancy namespace |
+| `APP_SECRET` | Yes | — | 64-byte hex key for JWT/encryption (`openssl rand -hex 64`) |
+| `JWT_EXPIRY_HOURS` | No | `12` | Token expiry in hours |
| `PORT` | No | `8080` | Frontend port |
| `CORS_ORIGINS` | No | — | Allowed origins (comma-separated) |
| `TZ` | No | `America/Sao_Paulo` | Timezone |
@@ -212,13 +292,13 @@ Allow group to read buckets in compartment
Verify your `docker login` credentials and that the OCIR repositories exist in your namespace.
**Backend health check fails:**
-Check logs: `docker compose logs backend`. Ensure `APP_SECRET` is set.
+Check logs: `docker compose logs backend`. Ensure `APP_SECRET` is set in `.env`.
-**ADB connection fails:**
-Ensure the wallet ZIP is uploaded and the DSN matches a service in `tnsnames.ora`.
+**ADB connection fails (`DPY-6005`):**
+Ensure the wallet ZIP contains `tnsnames.ora` and `ewallet.pem`. The DSN must match a service name in `tnsnames.ora`.
**GenAI returns 401/403:**
-Verify the IAM policy for `generative-ai-family` exists for your user/group.
+Verify the IAM policy `Allow group ... to use generative-ai-family in compartment ...` exists.
---
@@ -229,5 +309,5 @@ MIT
---
- Built for Oracle Cloud Infrastructure security compliance
+ Built for Oracle Cloud Infrastructure security compliance by LAD A-Team
diff --git a/logo.svg b/logo.svg
new file mode 100644
index 0000000..0b7b905
--- /dev/null
+++ b/logo.svg
@@ -0,0 +1,21 @@
+