diff --git a/mission-control-chart b/mission-control-chart
index 3710fad5..482220c7 160000
--- a/mission-control-chart
+++ b/mission-control-chart
@@ -1 +1 @@
-Subproject commit 3710fad5bb8408aaf37129f0272d7aa4da1f3c77
+Subproject commit 482220c75fb5e3ddbd52c9820c10159577b8030f
diff --git a/mission-control/docs/guide/mcp/client-setup.mdx b/mission-control/docs/guide/mcp/client-setup.mdx
index bff6e556..e615423d 100644
--- a/mission-control/docs/guide/mcp/client-setup.mdx
+++ b/mission-control/docs/guide/mcp/client-setup.mdx
@@ -13,7 +13,7 @@ This guide provides step-by-step instructions for connecting popular MCP clients
 
 ## Prerequisites
 
-Before connecting any client, you'll need:
+Before connecting any client, you need:
 
 1. **MCP Server URL**
    - SaaS users: `https://mc.<org-id>.workload-prod-eu-02.flanksource.com/mcp`
@@ -79,42 +79,33 @@ Claude Desktop supports MCP connections through its configuration file.
 ```
 
 4. Restart Claude Desktop
-5. The Mission Control tools will appear in the tools menu
+5. The Mission Control tools appear in the tools menu
 
 </TabItem>
 <TabItem value="claude-code" label="Claude Code">
 
-Claude Code (claude.ai) supports MCP through browser-based configuration.
+Claude Code CLI supports MCP through the `.mcp.json` configuration file.
 
 ### Setup Steps
 
-1. Visit [claude.ai](https://claude.ai)
-2. Click on your profile icon → Settings
-3. Navigate to Developer → MCP Settings
-4. Click "Add Server" and configure:
-
-```json
-{
-  "name": "mission-control",
-  "type": "http",
-  "url": "https://mc.<org-id>.workload-prod-eu-02.flanksource.com/mcp",
-  "headers": {
-    "Authorization": "Basic YOUR_TOKEN_HERE"
+1. Create or edit the `.mcp.json` file in your project root or home directory
+2. Add the Mission Control MCP server configuration:
+  ```json title=".mcp.json"
+  {
+    "mcpServers": {
+      "mission-control": {
+        "name": "mission-control",
+        "type": "http",
+        "url": "https://mc.<org-id>.workload-prod-eu-02.flanksource.com/mcp",
+        "headers": {
+          "Authorization": "Bearer YOUR_TOKEN_HERE"
+        }
+      }
+    }
   }
-}
-```
-
-5. Click "Save" and refresh the page
-6. Mission Control tools will be available in new conversations
-
-### Alternative Setup (via URL)
-
-You can also connect by visiting:
-```
-https://claude.ai/settings/mcp?server=mission-control&url=https://mc.<org-id>.workload-prod-eu-02.flanksource.com/mcp
-```
-
-Then add your authorization token in the settings.
+  ```
+3. Save the file and restart Claude Code
+4. Mission Control tools are available in your sessions
 
 </TabItem>
 <TabItem value="vscode-copilot" label="VS Code Copilot">
@@ -191,7 +182,7 @@ Cline supports MCP through its settings configuration.
 ```
 
 5. Reload VS Code window
-6. Mission Control tools will be available in Cline chat
+6. Mission Control tools are available in Cline chat
 
 </TabItem>
 <TabItem value="continue" label="Continue.dev">
@@ -226,7 +217,7 @@ Continue.dev supports MCP servers through its configuration file.
 ```
 
 3. Restart Continue
-4. Mission Control tools will be available in chat
+4. Mission Control tools are available in chat
 
 </TabItem>
 <TabItem value="zed" label="Zed Editor">
@@ -262,7 +253,7 @@ Zed supports MCP through its assistant configuration.
 ```
 
 4. Restart Zed
-5. Mission Control tools will be available in the assistant
+5. Mission Control tools are available in the assistant
 
 </TabItem>
 <TabItem value="direct" label="Direct HTTP">
@@ -336,44 +327,7 @@ ws.on('open', () => {
 3. **Tools Not Appearing**
    - Restart the client application
    - Check client logs for errors
-   - Verify MCP server is properly configured
-
-### Testing Connection
-
-You can test your MCP connection using the MCP CLI:
-
-```bash
-npx @modelcontextprotocol/cli connect \
-  --transport http \
-  --url https://mc.<org-id>.workload-prod-eu-02.flanksource.com/mcp \
-  --header "Authorization: Basic YOUR_TOKEN_HERE"
-```
-
-## Next Steps
-
-Once connected, explore the available tools:
-- [Catalog Tools](./tools/catalog_tools.mdx) - Query and manage configuration items
-- [Connection Tools](./tools/connection_tools.mdx) - Manage connections and integrations
-- [Playbook Tools](./tools/playbook_tools.mdx) - Execute and manage playbooks
-
-## Troubleshooting
-
-### Common Issues
-
-1. **Connection Refused**
-   - Verify the server URL is correct
-   - Check if you're behind a firewall or proxy
-   - Ensure the token has proper permissions
-
-2. **Authentication Failed**
-   - Verify token is valid and not expired
-   - Ensure token has `mcp.*` permissions
-   - Check if Basic prefix is included
-
-3. **Tools Not Appearing**
-   - Restart the client application
-   - Check client logs for errors
-   - Verify MCP server is properly configured
+   - Verify MCP server is configured correctly
 
 ### Testing Connection
 
@@ -389,6 +343,6 @@ npx @modelcontextprotocol/cli connect \
 ## Next Steps
 
 Once connected, explore the available tools:
-- [Catalog Tools](./tools/catalog_tools.mdx) - Query and manage configuration items
+- [Catalog Tools](./tools/catalog_tools.mdx) - Query and manage config items
 - [Connection Tools](./tools/connection_tools.mdx) - Manage connections and integrations
 - [Playbook Tools](./tools/playbook_tools.mdx) - Execute and manage playbooks
diff --git a/mission-control/docs/guide/mcp/index.mdx b/mission-control/docs/guide/mcp/index.mdx
index 741a97e6..21756302 100644
--- a/mission-control/docs/guide/mcp/index.mdx
+++ b/mission-control/docs/guide/mcp/index.mdx
@@ -24,6 +24,6 @@ For detailed setup instructions for popular MCP clients, see [Client Setup](./cl
 
 ## Permissions
 
-To access the mcp server, `Authorization` header can be used with a token. The token must have `mcp.*` permission.
+To access the MCP server, `Authorization` header can be used with a token. The token must have `mcp.*` permission.
 
 <DocCardList />
diff --git a/mission-control/docs/guide/mcp/resources/connection.mdx b/mission-control/docs/guide/mcp/resources/connection.mdx
index d932923f..623f8fb5 100644
--- a/mission-control/docs/guide/mcp/resources/connection.mdx
+++ b/mission-control/docs/guide/mcp/resources/connection.mdx
@@ -66,7 +66,7 @@ This resource allows you to access detailed information about a specific connect
 
 ## Use Cases
 
-- **Connection Testing**: Verify if a connection is properly configured and healthy
+- **Connection Testing**: Verify if a connection is correctly configured and healthy
 - **Troubleshooting**: Investigate connection issues and configuration problems
 - **Integration Management**: Review connection settings and credentials
 - **Configuration Auditing**: Ensure connections follow security and compliance policies
diff --git a/mission-control/docs/guide/mcp/tools/catalog_tools.mdx b/mission-control/docs/guide/mcp/tools/catalog_tools.mdx
index 32a4402a..34902fd5 100644
--- a/mission-control/docs/guide/mcp/tools/catalog_tools.mdx
+++ b/mission-control/docs/guide/mcp/tools/catalog_tools.mdx
@@ -4,9 +4,9 @@ title: Catalog Tools
 
 # Catalog Tools
 
-Tools for searching and exploring configuration items in the catalog.
+Tools for searching and exploring config items in the catalog.
 
-## list_catalog_types
+## `list_catalog_types`
 
 List all available configuration types in the system
 
@@ -14,11 +14,11 @@ List all available configuration types in the system
 
 **Prompt:** "What configuration types are available?"
 
-**AI Response:** "I'll list all the available configuration types for you."
+**AI Response:** "Here are all the available configuration types."
 
 **Result:** Returns a list of all configuration types like `AWS::EC2::Instance`, `Kubernetes::Pod`, `Azure::VM::Instance`, etc.
 
-## catalog_search
+## `catalog_search`
 
 Search across the entire configuration catalog
 
@@ -35,7 +35,7 @@ Search across the entire configuration catalog
 
 **Prompt:** "Find all unhealthy AWS EC2 instances"
 
-**AI Response:** "I'll search for unhealthy AWS EC2 instances in your configuration catalog."
+**AI Response:** "Searching for unhealthy AWS EC2 instances in your configuration catalog."
 
 **Query Used:** `type=AWS::EC2::Instance health=unhealthy`
 
@@ -43,15 +43,15 @@ Search across the entire configuration catalog
 
 ---
 
-**Prompt:** "Show me all Kubernetes pods in the production namespace created in the last 24 hours"
+**Prompt:** "Show all Kubernetes pods in the production namespace created in the last 24 hours"
 
-**AI Response:** "I'll find all Kubernetes pods in the production namespace that were created in the last 24 hours."
+**AI Response:** "Finding all Kubernetes pods in the production namespace that were created in the last 24 hours."
 
 **Query Used:** `type=Kubernetes::Pod namespace=production created_at>now-24h`
 
 **Result:** Returns recent pods with full resource data
 
-## catalog_changes_search
+## `catalog_changes_search`
 
 Search for configuration changes across the catalog
 
@@ -62,13 +62,13 @@ Search for configuration changes across the catalog
 
 **Features:**
 - Search by change-specific fields like severity, change type, and summary
-- Same query syntax as catalog_search with additional change-related fields
+- Same query syntax as `catalog_search` with additional change-related fields
 
 ### Example Usage
 
-**Prompt:** "Show me critical changes from the last week"
+**Prompt:** "Show critical changes from the last week"
 
-**AI Response:** "I'll search for critical severity changes that occurred in the last week."
+**AI Response:** "Searching for critical severity changes that occurred in the last week."
 
 **Query Used:** `severity=critical first_observed>now-7d`
 
@@ -78,13 +78,13 @@ Search for configuration changes across the catalog
 
 **Prompt:** "Find the last 10 changes to AWS resources"
 
-**AI Response:** "I'll find the most recent 10 changes made to AWS resources."
+**AI Response:** "Finding the most recent 10 changes made to AWS resources."
 
 **Query Used:** `type=AWS::*` with `limit=10`
 
 **Result:** Returns the 10 most recent changes to any AWS resources including the change type, summary, and affected resources.
 
-## related_configs
+## `related_configs`
 
 Find configurations related to a specific config item
 
@@ -96,6 +96,6 @@ Find configurations related to a specific config item
 
 **Prompt:** "What resources are related to this EC2 instance?" (with config ID: `550e8400-e29b-41d4-a716-446655440000`)
 
-**AI Response:** "I'll find all configurations related to this EC2 instance."
+**AI Response:** "Finding all configurations related to this EC2 instance."
 
-**Result:** Returns related resources like security groups, VPC, subnets, load balancers, and other dependent or associated AWS resources with their relationships explained.
+**Result:** Returns related resources like security groups, VPC, `subnets`, load balancers, and other dependent or associated AWS resources with their relationships explained.
diff --git a/mission-control/docs/guide/mcp/tools/connection_tools.mdx b/mission-control/docs/guide/mcp/tools/connection_tools.mdx
index d81303b7..9fa10242 100644
--- a/mission-control/docs/guide/mcp/tools/connection_tools.mdx
+++ b/mission-control/docs/guide/mcp/tools/connection_tools.mdx
@@ -6,7 +6,7 @@ title: Connection Tools
 
 Tools for managing connections in Mission Control.
 
-## list_connections
+## `list_connections`
 
 List all available connections in the system
 
@@ -14,7 +14,7 @@ List all available connections in the system
 
 **Prompt:** "What connections are configured in the system?"
 
-**AI Response:** "I'll list all the available connections configured in your Mission Control system."
+**AI Response:** "Here are all the available connections configured in your Mission Control system."
 
 **Result:** Returns a list of all connections with details like:
 - Connection names and namespaces
diff --git a/mission-control/docs/guide/mcp/tools/playbook_tools.mdx b/mission-control/docs/guide/mcp/tools/playbook_tools.mdx
index 2dd5a77e..e2ac8b24 100644
--- a/mission-control/docs/guide/mcp/tools/playbook_tools.mdx
+++ b/mission-control/docs/guide/mcp/tools/playbook_tools.mdx
@@ -6,7 +6,7 @@ title: Playbook Tools
 
 Tools for working with playbooks in Mission Control.
 
-## playbook_list_all
+## `playbook_list_all`
 
 List all available playbooks
 
@@ -14,7 +14,7 @@ List all available playbooks
 
 **Prompt:** "What playbooks are available in the system?"
 
-**AI Response:** "I'll list all the available playbooks in your Mission Control system."
+**AI Response:** "Here are all the available playbooks in your Mission Control system."
 
 **Result:** Returns a list of all playbooks with their metadata, parameters, and descriptions.
 
@@ -58,7 +58,7 @@ List all available playbooks
 ]
 ```
 
-## playbook_recent_runs
+## `playbook_recent_runs`
 
 Get recent playbook execution runs
 
@@ -68,9 +68,9 @@ Get recent playbook execution runs
 
 ### Example Usage
 
-**Prompt:** "Show me the last 5 playbook runs"
+**Prompt:** "Show the last 5 playbook runs"
 
-**AI Response:** "I'll get the 5 most recent playbook execution runs for you."
+**AI Response:** "Getting the 5 most recent playbook execution runs."
 
 **Result:** Returns recent playbook runs with execution details, status, and results.
 
@@ -95,7 +95,7 @@ Get recent playbook execution runs
 ]
 ```
 
-## playbook_failed_runs
+## `playbook_failed_runs`
 
 Get recent failed playbook execution runs
 
@@ -105,9 +105,9 @@ Get recent failed playbook execution runs
 
 ### Example Usage
 
-**Prompt:** "Show me recent playbook failures so I can investigate what went wrong"
+**Prompt:** "Show recent playbook failures for investigation"
 
-**AI Response:** "I'll get the recent failed playbook runs to help you identify issues."
+**AI Response:** "Getting the recent failed playbook runs to help identify issues."
 
 **Result:** Returns failed playbook runs with error details and failure reasons.
 
@@ -129,7 +129,7 @@ Get recent failed playbook execution runs
 ]
 ```
 
-## playbook_exec_run
+## `playbook_exec_run`
 
 Execute a playbook with specified parameters
 
@@ -138,13 +138,13 @@ Execute a playbook with specified parameters
   {field: "params", scheme: "object", description: "Parameters required for playbook execution", required: true}
 ]} />
 
-**Note:** This is a destructive operation that will modify system state. Parameters are playbook-specific and can be found using the playbook_list_all tool.
+**Note:** This is a destructive operation that modifies system state. Parameters are playbook-specific and can be found using the `playbook_list_all` tool.
 
 ### Example Usage
 
 **Prompt:** "Restart the nginx pod in the production namespace"
 
-**AI Response:** "I'll execute the restart pod playbook for the nginx pod in the production namespace. This will cause a brief service interruption."
+**AI Response:** "Executing the restart pod playbook for the nginx pod in the production namespace. This causes a brief service interruption."
 
 **Parameters Used:**
 ```json
@@ -163,7 +163,7 @@ Execute a playbook with specified parameters
 
 **Prompt:** "Scale the web-app deployment to 3 replicas in the staging environment"
 
-**AI Response:** "I'll scale the web-app deployment to 3 replicas in the staging namespace."
+**AI Response:** "Scaling the web-app deployment to 3 replicas in the staging namespace."
 
 **Parameters Used:**
 ```json
diff --git a/mission-control/docs/guide/permissions/concepts/multi-tenancy.md b/mission-control/docs/guide/permissions/concepts/multi-tenancy.md
index 722c6486..38f3a2d4 100644
--- a/mission-control/docs/guide/permissions/concepts/multi-tenancy.md
+++ b/mission-control/docs/guide/permissions/concepts/multi-tenancy.md
@@ -16,7 +16,7 @@ For example, you might have:
 - Regional teams that should only see resources from agents in their geographic location
 - Client-specific teams that should only interact with agents deployed in their infrastructure
 
-```yaml title="agent-based-permission.yaml" file=<rootDir>/modules/mission-control/fixtures/permissions/agent-based-permission.yaml
+```yaml title="agent-based-permission.yaml" file=<rootDir>/modules/mission-control/fixtures/permissions/scope.yaml
 
 ```
 
@@ -32,7 +32,7 @@ Tags can represent various attributes such as:
 - Client identifier (client-a, client-b)
 - Clusters
 
-```yaml title="tag-based-permission.yaml" file=<rootDir>/modules/mission-control/fixtures/permissions/tag-based-permission.yaml
+```yaml title="tag-based-permission.yaml" file=<rootDir>/modules/mission-control/fixtures/permissions/scope.yaml
 
 ```
 
diff --git a/mission-control/docs/guide/permissions/index.mdx b/mission-control/docs/guide/permissions/index.mdx
index 7c69ba01..58f3f080 100644
--- a/mission-control/docs/guide/permissions/index.mdx
+++ b/mission-control/docs/guide/permissions/index.mdx
@@ -19,7 +19,7 @@ detailed ABAC rules let you define exactly which playbooks specific users or tea
 
 You can manage Permissions through the UI and using CRDs.
 
-```yaml title="permission.yaml" file=<rootDir>/modules/mission-control/fixtures/permissions/allow-person-playbook.yaml
+```yaml title="permission.yaml" file=<rootDir>/modules/mission-control/fixtures/permissions/deny-person-playbook.yaml
 ```
 
 A Permission has 4 parts:
@@ -194,7 +194,7 @@ A permission can target multiple objects, while a subject can only target one.
 If you define multiple objects, Mission Control grants the permission only if the request matches all defined objects.
 In other words, Mission Control applies an AND condition to the objects.
 
-```yaml file=<rootDir>/modules/mission-control/fixtures/permissions/allow-person-playbook.yaml {14-20}
+```yaml file=<rootDir>/modules/mission-control/fixtures/permissions/deny-person-playbook.yaml {14-16}
 ```
 
 This permission object allows running all playbooks but **only on configs in the "mission-control" namespace**.
diff --git a/mission-control/docs/guide/playbooks/actions/ai.mdx b/mission-control/docs/guide/playbooks/actions/ai.mdx
index 1ffaf034..f15b6d0e 100644
--- a/mission-control/docs/guide/playbooks/actions/ai.mdx
+++ b/mission-control/docs/guide/playbooks/actions/ai.mdx
@@ -20,7 +20,7 @@ AI Action allows you to integrate AI capabilities into your playbooks by leverag
 This comprehensive context enables AI models to provide more informed analysis and insights about your infrastructure state and relationships.
 For example, when a Kubernetes pod fails, it examines the pod spec, ConfigMap changes, service logs together, revealing patterns that single-component analysis might overlook.
 
-```yaml title="context-provider-playbook.yaml" file=<rootDir>/modules/generated/playbooks/recommend-playbook.yaml
+```yaml title="context-provider-playbook.yaml" file=<rootDir>/modules/mission-control-registry/charts/playbooks-ai/templates/recommend-playbooks.yaml
 ```
 
 <Action rows={[
diff --git a/mission-control/docs/guide/playbooks/actions/gitops.mdx b/mission-control/docs/guide/playbooks/actions/gitops.mdx
index a15b5382..f6bf6c8a 100644
--- a/mission-control/docs/guide/playbooks/actions/gitops.mdx
+++ b/mission-control/docs/guide/playbooks/actions/gitops.mdx
@@ -19,7 +19,7 @@ Common use cases:
 * Implement guardrail-driven access for developers to make infrastructure changes
 * Use native support for Flux and Kustomization to automatically identify git repositories and files using `originAnnotations`
 
-```yaml title="edit-kubernetes-manifests-gitops.yaml" file=<rootDir>/modules/generated/playbooks/kustomize-edit.yaml
+```yaml title="edit-kubernetes-manifests-gitops.yaml" file=<rootDir>/modules/mission-control-registry/charts/playbooks-flux/templates/edit.yaml
 ```
 
 <Action rows={[
diff --git a/mission-control/docs/guide/playbooks/index.mdx b/mission-control/docs/guide/playbooks/index.mdx
index 94b5d112..ddb9b1a8 100644
--- a/mission-control/docs/guide/playbooks/index.mdx
+++ b/mission-control/docs/guide/playbooks/index.mdx
@@ -105,7 +105,7 @@ spec:
 
 Playbook permissions control who can perform various actions on playbooks.
 
-```yaml title="playbook-permissions.yaml" file=<rootDir>/modules/mission-control/fixtures/permissions/allow-person-playbook.yaml
+```yaml title="playbook-permissions.yaml" file=<rootDir>/modules/mission-control/fixtures/permissions/deny-person-playbook.yaml
 ```
 
 ### Required Permissions
diff --git a/modules/canary-checker b/modules/canary-checker
index bff5cca8..5f22a56e 160000
--- a/modules/canary-checker
+++ b/modules/canary-checker
@@ -1 +1 @@
-Subproject commit bff5cca8f2fec464eed099c01f0b15f3602c802f
+Subproject commit 5f22a56e4910bb77bba6444c40b2592e92794083
diff --git a/modules/config-db b/modules/config-db
index 81e26eb1..ffab2b4b 160000
--- a/modules/config-db
+++ b/modules/config-db
@@ -1 +1 @@
-Subproject commit 81e26eb1be71ea84a5b22261980eae58e82d9080
+Subproject commit ffab2b4b2e20dce6bed933df740c78be0180273f
diff --git a/modules/duty b/modules/duty
index 4a1e4765..a436e0d1 160000
--- a/modules/duty
+++ b/modules/duty
@@ -1 +1 @@
-Subproject commit 4a1e4765072ce2ea1bea21298d85571fd3d91224
+Subproject commit a436e0d1495e8b5c0ed1dbcc9ca4a559eb260128
diff --git a/modules/mission-control b/modules/mission-control
index 60cfeb20..a8b84299 160000
--- a/modules/mission-control
+++ b/modules/mission-control
@@ -1 +1 @@
-Subproject commit 60cfeb200bec5b6d3be4e6598654f79c326d966e
+Subproject commit a8b842997f070c8a1c4df581fe06d12dc118fe36
diff --git a/modules/mission-control-chart b/modules/mission-control-chart
index 6ed80b8a..f8777465 160000
--- a/modules/mission-control-chart
+++ b/modules/mission-control-chart
@@ -1 +1 @@
-Subproject commit 6ed80b8a9bf48cec7bb7bf720186cfa94cffaa89
+Subproject commit f87774658cb9795e1c357581742d72b1a077b69d
diff --git a/modules/mission-control-registry b/modules/mission-control-registry
index 9586d3b9..cc4abe6e 160000
--- a/modules/mission-control-registry
+++ b/modules/mission-control-registry
@@ -1 +1 @@
-Subproject commit 9586d3b94e8e6ea38e8dc11fa245cf339d113fb4
+Subproject commit cc4abe6e39bf326b9453b9c9b380f9f04358d812