diff --git a/.claude/settings.local.json b/.claude/settings.local.json
new file mode 100644
index 0000000..fe3512b
--- /dev/null
+++ b/.claude/settings.local.json
@@ -0,0 +1,9 @@
+{
+ "permissions": {
+ "allow": [
+ "Bash(cp \"/Users/adarsh/Desktop/Screenshot 2026-04-19 at 12.35.53 PM.heic\" /tmp/ss1.heic)",
+ "Bash(cp \"/Users/adarsh/Desktop/Screenshot 2026-04-19 at 12.36.53 PM.heic\" /tmp/ss2.heic)",
+ "Bash(cp \"/Users/adarsh/Desktop/Screenshot 2026-04-19 at 12.47.26 PM.heic\" /tmp/ss3.heic)"
+ ]
+ }
+}
diff --git a/docs/browser-agent/_category_.json b/docs/browser-agent/_category_.json
new file mode 100644
index 0000000..e959501
--- /dev/null
+++ b/docs/browser-agent/_category_.json
@@ -0,0 +1,11 @@
+{
+ "label": "Browser Agent",
+ "position": 5,
+ "link": {
+ "type": "generated-index",
+ "description": "Browser extension capabilities for DLP policy enforcement, clipboard monitoring, file indexing configuration, and agent lifecycle control."
+ },
+ "customProps": {
+ "icon": "Globe"
+ }
+}
diff --git a/docs/browser-agent/agent-kill-switch/architecture.md b/docs/browser-agent/agent-kill-switch/architecture.md
new file mode 100644
index 0000000..e3793e4
--- /dev/null
+++ b/docs/browser-agent/agent-kill-switch/architecture.md
@@ -0,0 +1,81 @@
+---
+sidebar_position: 2
+sidebar_custom_props:
+ icon: Layers
+---
+
+# Architecture
+
+How the browser extension disables and re-enables the Sentinel endpoint agent at runtime — without a process restart, with state persisted across reboots.
+
+
+
+## Pipeline Stages
+
+Every kill switch transition flows through these stages in order.
+
+| Stage | Description |
+|-------|-------------|
+| **Native Messaging** | The extension sends `{ "disable_agent": true }` or `{ "disable_agent": false }` over the Native Messaging pipe to the Sentinel agent. |
+| **State Storage** | The agent persists the flag to its local database immediately. The state is restored on every subsequent startup — no re-disable needed after a reboot. |
+| **Kill** | All DLP event chains are removed from the event broker and all services (clipboard monitor, file indexer) are stopped. The re-enable chain remains active. |
+| **Revive** | All DLP event chains are restored and all services are restarted. The agent resumes full operation without a process restart. |
+
+## Always-On Re-enable
+
+One channel is never removed, even when the agent is fully disabled:
+
+> `AgentUpdate:Configuration:Disable` — accepts re-enable signals from the extension at all times.
+
+This guarantees the extension can always reach the agent to restore it, even after a managed disable pushed via MDM or GPO.
+
+## Startup Enforcement
+
+When the Sentinel agent starts with the disabled flag set:
+
+| Flag | Startup Behaviour |
+|------|------------------|
+| **Enabled** | All services and DLP chains registered normally |
+| **Disabled** | All service and chain registration skipped; only the re-enable channel is active |
+
+Nothing is created and torn down — services and chains simply never come into existence in the disabled startup path.
+
+## Observability
+
+Every kill and revive transition is logged with timestamp and trigger source. Check **Agent Status** in the dashboard to verify the current state.
diff --git a/docs/browser-agent/agent-kill-switch/quick-start.md b/docs/browser-agent/agent-kill-switch/quick-start.md
new file mode 100644
index 0000000..c9fd922
--- /dev/null
+++ b/docs/browser-agent/agent-kill-switch/quick-start.md
@@ -0,0 +1,80 @@
+---
+sidebar_position: 1
+sidebar_custom_props:
+ icon: Rocket
+---
+
+# Quick Start
+
+Disable and re-enable the Sentinel endpoint agent from the browser extension in 4 steps.
+
+
+
+## 1. Disable the Agent
+
+Open the browser extension, navigate to **Agent Settings**, and toggle **Disable Agent**. The extension sends the disable signal to the Sentinel agent over the Native Messaging pipe.
+
+The agent responds immediately — no process restart is required.
+
+## 2. What Happens on the Endpoint
+
+| Step | Result |
+|------|--------|
+| **Flag persisted** | Disabled state written to local database — survives reboots |
+| **Services stopped** | Clipboard monitoring and file indexing pause immediately |
+| **DLP chains removed** | No clipboard, file, or network DLP events are processed |
+| **Confirmed** | Extension receives confirmation; **Agent Status** updates to Disabled |
+
+## 3. Re-enable Channel
+
+While disabled, the agent ignores all events except re-enable signals. The re-enable channel is permanently preserved and cannot be removed — the extension can always reach the agent to restore it.
+
+If the endpoint reboots while disabled, the agent starts in the disabled state automatically. No action is required to maintain the disabled state across restarts.
+
+## 4. Re-enable the Agent
+
+Toggle **Enable Agent** in the extension. All services and DLP chains are restored without a process restart.
+
+| Step | Result |
+|------|--------|
+| **Flag cleared** | Enabled state written to local database |
+| **Services restarted** | Clipboard monitoring and file indexing resume |
+| **DLP chains restored** | Full event processing resumes immediately |
+| **Confirmed** | Extension receives confirmation; **Agent Status** updates to Active |
+
+---
+
+**Next step:** See the [Architecture](./architecture) for the full disable and startup enforcement details.
diff --git a/docs/browser-agent/clipboard/_category_.json b/docs/browser-agent/clipboard/_category_.json
new file mode 100644
index 0000000..7b54051
--- /dev/null
+++ b/docs/browser-agent/clipboard/_category_.json
@@ -0,0 +1,11 @@
+{
+ "label": "Clipboard Monitor",
+ "position": 1,
+ "link": {
+ "type": "generated-index",
+ "description": "Intercept OS clipboard copy events, forward content metadata to the browser extension policy engine, and enforce allow, block, or prompt decisions in real time."
+ },
+ "customProps": {
+ "icon": "Clipboard"
+ }
+}
diff --git a/docs/browser-agent/clipboard/architecture.md b/docs/browser-agent/clipboard/architecture.md
new file mode 100644
index 0000000..3fa2c5c
--- /dev/null
+++ b/docs/browser-agent/clipboard/architecture.md
@@ -0,0 +1,82 @@
+---
+sidebar_position: 2
+sidebar_custom_props:
+ icon: Layers
+---
+
+# Architecture
+
+How the QuilrAI Clipboard Monitor intercepts clipboard events on the endpoint, enforces DLP policies from the browser extension, and takes action without interrupting the user.
+
+
+
+## Pipeline Stages
+
+Every clipboard event flows through these stages in order. Each stage is independently configurable from the dashboard.
+
+| Stage | Description |
+|-------|-------------|
+| **OS Hook** | Intercepts native clipboard-change notifications on Windows and macOS. |
+| **Filter** | Suppresses events within the debounce window and applies content-type gates and payload size cap. |
+| **Forward to Extension** | Sends content metadata to the browser extension over the Native Messaging pipe for policy evaluation. |
+| **Policy Evaluation** | The extension evaluates DLP rules against the clipboard payload and returns Allow, Block, or Prompt. |
+| **Enforce** | The endpoint executes the decision — clears clipboard on block, shows a native dialog on prompt. |
+
+## Response Path
+
+Policy decisions from the browser extension flow back through the **enforcement layer** before any action is taken. The same DLP rule set applies to all content types (text, files, images).
+
+## Platform Support
+
+| Platform | Hook Mechanism | Justification UI |
+|----------|---------------|-----------------|
+| **macOS** | NSPasteboard change-count polling | Native Cocoa dialog |
+| **Windows** | WinAPI clipboard-change notification | Windows message-based dialog |
+
+macOS requires **Accessibility permission** for the Sentinel process.
+
+## Observability
+
+Every clipboard event is logged with content type, policy decision, and enforcement outcome. Check **Logs under Clipboard Monitor** to review activity.
diff --git a/docs/browser-agent/clipboard/quick-start.md b/docs/browser-agent/clipboard/quick-start.md
new file mode 100644
index 0000000..ab6da83
--- /dev/null
+++ b/docs/browser-agent/clipboard/quick-start.md
@@ -0,0 +1,92 @@
+---
+sidebar_position: 1
+sidebar_custom_props:
+ icon: Rocket
+---
+
+# Quick Start
+
+Get up and running with Clipboard Monitoring in 4 steps.
+
+
+
+## 1. Enable the Monitor
+
+The clipboard monitor runs as part of the Sentinel endpoint agent and starts automatically on deployment.
+
+| Platform | Requirement |
+|----------|------------|
+| **macOS** | Grant **Accessibility permission** to the Sentinel process in System Settings → Privacy & Security |
+| **Windows** | No additional permissions required |
+
+Deploy the Sentinel agent via MDM or GPO. The clipboard monitor activates immediately.
+
+## 2. Choose Content Types
+
+Navigate to **Clipboard Monitor → Settings** in the dashboard to configure which clipboard operations to intercept.
+
+| Setting | Default | Description |
+|---------|---------|-------------|
+| **Monitor text** | On | Captures plain text and rich-text clipboard copies |
+| **Monitor files** | Off | Captures file-path clipboard events |
+| **Monitor images** | Off | Captures image clipboard events |
+| **Debounce window** | 100 ms | Suppresses repeated events within this window |
+| **Max payload size** | 10 KB | Payload forwarded to the extension is capped at this size |
+
+Changes are pushed to the endpoint agent and take effect on the next agent restart.
+
+## 3. Set DLP Policies
+
+Define rules in the browser extension under **DLP Policies → Clipboard**. Rules match on content category, size, or custom regex patterns.
+
+| Action | What Happens |
+|--------|-------------|
+| **Allow** | Clipboard operation completes silently; event is logged |
+| **Block** | Endpoint clears the clipboard; user is notified |
+| **Prompt** | Native OS dialog asks the user for a justification before continuing |
+
+## 4. Monitor Events
+
+Check **Logs under Clipboard Monitor** to verify events are flowing and policies are being enforced.
+
+- **Event volume**: clipboard events detected and forwarded per hour
+- **Policy decisions**: allow, block, and prompt counts by content type
+- **Justification text**: user responses to prompted events
+- **Enforcement outcomes**: confirmation of block and clear actions on the endpoint
+
+---
+
+**Next step:** See the [Architecture](./architecture) for the full detection and enforcement pipeline.
diff --git a/docs/browser-agent/indexing/_category_.json b/docs/browser-agent/indexing/_category_.json
new file mode 100644
index 0000000..f47d86e
--- /dev/null
+++ b/docs/browser-agent/indexing/_category_.json
@@ -0,0 +1,11 @@
+{
+ "label": "File Indexing",
+ "position": 2,
+ "link": {
+ "type": "generated-index",
+ "description": "Configure and manage the endpoint file index from the browser extension. Drives DLP file-path resolution for upload and download scanning."
+ },
+ "customProps": {
+ "icon": "Database"
+ }
+}
diff --git a/docs/browser-agent/indexing/architecture.md b/docs/browser-agent/indexing/architecture.md
new file mode 100644
index 0000000..58985a4
--- /dev/null
+++ b/docs/browser-agent/indexing/architecture.md
@@ -0,0 +1,94 @@
+---
+sidebar_position: 2
+sidebar_custom_props:
+ icon: Layers
+---
+
+# Architecture
+
+How the QuilrAI File Indexer builds and maintains a local filesystem index on the endpoint, driven by configuration from the dashboard, to resolve file paths for DLP scanning.
+
+
+
+## Pipeline Stages
+
+Every index operation flows through these stages. Each stage is independently configurable from the dashboard.
+
+| Stage | Description |
+|-------|-------------|
+| **Config Push** | Dashboard pushes root paths, ignore rules, and scan interval to the endpoint agent. Triggers an immediate re-scan on receipt. |
+| **Mount Policy** | Evaluates each root path before scanning. Excludes network shares, Windows UNC paths, and macOS mounted disk images automatically. |
+| **Full Scan** | A parallel directory walker traverses configured paths at reduced OS thread priority. Results are batch-written to a local SQLite index. |
+| **Safety Guards** | Three-level protection: soft limit reduces scan depth near the file ceiling; hard limit prunes the deepest paths after a scan; a 30-minute timeout prevents data loss on partial scans. |
+| **Real-time Watcher** | Listens for filesystem changes using OS-native APIs and applies incremental updates in 300 ms batched transactions. |
+| **File Search** | Resolves file paths for DLP in two phases: fast index lookup by filename, followed by disk verification of size and modification time. |
+
+## Scheduling
+
+| Trigger | Default | Description |
+|---------|---------|-------------|
+| **Config push** | Immediate | Fires on every dashboard configuration update |
+| **Scheduled scan** | Every 60 min | Periodic full re-scan to catch changes missed by the watcher |
+| **Agent start** | On startup | Ensures the index is current on every (re-)start |
+
+## Platform Support
+
+| Platform | Directory Scan | File Watcher |
+|----------|---------------|-------------|
+| **macOS** | Parallel walker at background priority | FSEvents |
+| **Windows** | Parallel walker at below-normal thread priority | ReadDirectoryChangesW |
+
+## Observability
+
+Index state and scan history are available from the dashboard under **File Index Status**.
+
+- **Scan status**: Idle / Running / Failed with last-run timestamp and duration
+- **File count**: total indexed files and any paths pruned by safety limits
+- **Watcher activity**: create, modify, and delete event counts
+- **Search performance**: index hit rate vs. disk-verification fallback rate
diff --git a/docs/browser-agent/indexing/quick-start.md b/docs/browser-agent/indexing/quick-start.md
new file mode 100644
index 0000000..9666b6f
--- /dev/null
+++ b/docs/browser-agent/indexing/quick-start.md
@@ -0,0 +1,89 @@
+---
+sidebar_position: 1
+sidebar_custom_props:
+ icon: Rocket
+---
+
+# Quick Start
+
+Get up and running with File Indexing in 4 steps.
+
+
+
+## 1. Configure Index Paths
+
+Go to **File Indexing → Settings** in the dashboard and set the paths and rules for the endpoint.
+
+| Setting | Description |
+|---------|-------------|
+| **Root paths** | Directories to index. Supports macOS and Windows paths. |
+| **Ignore patterns** | gitignore-style globs for paths to exclude (e.g. `**/node_modules/**`, `**/.git/**`, `*.tmp`). |
+| **Scan interval** | How often a full re-scan runs. Default is 60 minutes. |
+| **Max files** | Ceiling for total indexed files. Safety limits apply automatically when approached. |
+
+Network shares, UNC paths, and macOS disk images are excluded automatically — no configuration needed.
+
+## 2. Trigger the Initial Scan
+
+A scan is triggered automatically when:
+- A configuration update is pushed from the dashboard
+- The Sentinel agent starts or restarts
+
+The scan runs at reduced OS priority so it does not affect endpoint performance. Navigate to **File Index Status** to track progress.
+
+## 3. Enable Real-time Watching
+
+The file watcher runs continuously alongside scheduled scans, keeping the index current between full sweeps.
+
+| Platform | OS API |
+|----------|--------|
+| **macOS** | FSEvents |
+| **Windows** | ReadDirectoryChangesW |
+
+Filesystem changes are collected in 300 ms windows and written to the index in a single atomic operation. No additional configuration is required — the watcher starts automatically with the indexing service.
+
+## 4. Monitor Index Health
+
+Check **File Index Status** in the dashboard to confirm the index is healthy and up to date.
+
+- **Scan status**: Idle / Running / Failed with last-run timestamp
+- **File count**: total indexed paths and any pruned by safety limits
+- **Watcher events**: create, modify, and delete counts per hour
+- **Search hit rate**: how often DLP file resolution hits the index vs. falls back to disk
+
+---
+
+**Next step:** See the [Architecture](./architecture) for full scan, watch, and search pipeline details.
diff --git a/docs/endpoint-agent/_category_.json b/docs/endpoint-agent/_category_.json
index a102cde..4e5feda 100644
--- a/docs/endpoint-agent/_category_.json
+++ b/docs/endpoint-agent/_category_.json
@@ -8,4 +8,4 @@
"customProps": {
"icon": "Bot"
}
-}
+}
\ No newline at end of file
diff --git a/docs/endpoint-agent/agent-kill-switch/architecture.md b/docs/endpoint-agent/agent-kill-switch/architecture.md
new file mode 100644
index 0000000..b0781de
--- /dev/null
+++ b/docs/endpoint-agent/agent-kill-switch/architecture.md
@@ -0,0 +1,110 @@
+---
+sidebar_position: 2
+sidebar_custom_props:
+ icon: Layers
+---
+
+# Architecture
+
+How the Sentinel endpoint agent enforces the kill switch — persisting state, stopping all DLP services, and restoring them on demand, without a process restart.
+
+
+
+## Pipeline Stages
+
+| Stage | Description |
+|-------|-------------|
+| **Kill Switch Handler** | Accepts disable signals from three sources: backend API (polled every ~30 min), browser extension (Native Messaging), and IT via `launchctl`. Persists the flag to the local database, then applies kill or revive synchronously. |
+| **Flag Hierarchy** | Tenant-level flag (`tenantEndpointAgentEnabled`) takes priority over device-level flag (`endpointAgentEnabled`). If the tenant flag is `false`, device flags are ignored. |
+| **Local Database** | Stores `disable_agent` as a boolean in a single-row configuration table. WAL mode ensures concurrent reads are never blocked. The flag persists across process restarts and reboots. |
+| **Startup Enforcement** | On every agent start, the flag is read before any service or chain is registered. If disabled, all registration is skipped — nothing is created and torn down, services and chains simply never come into existence. |
+| **Event Broker — Kill** | Removes all DLP process chains at runtime. Only the re-enable chain (`AgentUpdate:Configuration:Disable`) remains registered. |
+| **Service Manager — Kill** | Calls stop on every running service. Clipboard monitor and file indexer reach `Stopped` state immediately. |
+| **Event Broker — Revive** | Re-registers all DLP chains from the compiled chain configuration. Full event routing is restored. |
+| **Service Manager — Revive** | Restarts all configured services from `Stopped` state. Full DLP coverage resumes. |
+
+## Preserved Chain
+
+One chain is never removed during a kill:
+
+| Chain | Purpose |
+|-------|---------|
+| `AgentUpdate:Configuration:Disable` | Accepts re-enable signals from the extension at all times |
+
+This guarantees the extension can always reach the agent to restore it — even after a managed disable deployed via MDM or GPO.
+
+## Sub-feature Flags
+
+Individual capabilities can be disabled independently of the top-level kill switch, but require a code change (not remotely toggleable today).
+
+| Sub-feature | What it does | Config flag |
+|-------------|--------------|-------------|
+| Enforcement | Kills non-compliant processes | `enforcement.enabled` |
+| Enforcement dry-run | Logs violations but does NOT kill processes | `enforcement.dry_run` |
+| File scanning | Scans for sensitive files (`.claude`, `.cursor`, etc.) | `scan.enabled` |
+| Hook integrity | Verifies Claude/Cursor hook files aren't tampered | `hook_manager.enabled` |
+| Package scanning (npm/cargo/go) | Scans installed packages | `pkg_scanner.enabled` |
+
+If a sub-feature must be stopped before engineering can deploy, use the tenant or device-level kill switch to disable the entire agent.
+
+## State Machine
+
+| Event | From | To | What Happens |
+|-------|------|----|-------------|
+| Backend poll: `endpointAgentEnabled = false` | Enabled | Disabled | Flag persisted; chains removed; services stopped |
+| Backend poll: `tenantEndpointAgentEnabled = false` | Enabled | Disabled | Tenant flag overrides; all devices in tenant disabled |
+| `disable_agent: true` received (extension) | Enabled | Disabled | Flag persisted; chains removed; services stopped |
+| `disable_agent: false` received (extension) | Disabled | Enabled | Flag cleared; chains restored; services started |
+| `launchctl bootout` (IT) | Enabled | Stopped | Process terminated immediately; restarts on bootstrap |
+| Agent starts, flag = disabled | — | Disabled | Registration skipped; only re-enable chain active |
+| Agent starts, flag = enabled | — | Enabled | All chains and services registered normally |
+
+## Observability
+
+Kill and revive transitions are logged at warning level with the full list of affected chains and services. Check **Agent Status** in the dashboard to verify the current state of each endpoint.
diff --git a/docs/endpoint-agent/be/_category_.json b/docs/endpoint-agent/be/_category_.json
new file mode 100644
index 0000000..7adfa1f
--- /dev/null
+++ b/docs/endpoint-agent/be/_category_.json
@@ -0,0 +1,11 @@
+{
+ "label": "Backend Integration",
+ "position": 3,
+ "link": {
+ "type": "generated-index",
+ "description": "How the Sentinel endpoint agent connects to the Quilr backend: discovery sync, governance pull, and enforcement reporting."
+ },
+ "customProps": {
+ "icon": "Link"
+ }
+}
diff --git a/docs/endpoint-agent/be/architecture.md b/docs/endpoint-agent/be/architecture.md
new file mode 100644
index 0000000..537eaa1
--- /dev/null
+++ b/docs/endpoint-agent/be/architecture.md
@@ -0,0 +1,100 @@
+---
+sidebar_position: 2
+sidebar_custom_props:
+ icon: Layers
+---
+
+# Architecture
+
+How the Sentinel agent communicates with the Quilr backend: what it sends, what it receives, and when.
+
+
+
+## API Endpoints
+
+| Direction | Method | Description |
+|-----------|--------|-------------|
+| Agent → Backend | POST | Batch push discovered entities |
+| Agent → Backend | POST | Per-decision enforcement audit log |
+| Agent → Backend | POST | Block and quarantine alert notifications |
+| Backend → Agent | GET | Governance overrides: approval status, execution policy |
+| Backend → Agent | GET | Name-to-app mappings used by the Correlator |
+
+## Sync Cadence
+
+| Operation | Trigger | Frequency |
+|-----------|---------|-----------|
+| App ingest | New entities discovered | On discovery (startup + every 30 min) |
+| Delta pull | Scheduled timer | Every 60 seconds |
+| Activity report | Enforcement event | Immediate, fire-and-forget |
+| Alert | Block / quarantine action | Immediate, fire-and-forget |
+
+## Authentication
+
+All requests include the following tenant-scoped headers:
+
+| Header | Value |
+|--------|-------|
+| `X-Tenant-ID` | Tenant UUID from the dashboard |
+| `X-Subscriber-ID` | Subscriber identifier from the dashboard |
+
+These headers are set on every outbound request and are used by the backend for multi-tenant routing and isolation.
+
+## Local Persistence
+
+The agent maintains local state to ensure reliability across restarts and network outages.
+
+| Component | Format | Purpose |
+|-----------|--------|---------|
+| **Alert Queue** | SQLite | Buffers enforcement alerts when backend is offline. |
+| **Entity Store** | JSON | Periodic snapshot of discovered apps and AI entities. |
+| **Sync Cursor** | JSON | Persists the last-seen delta timestamp for incremental sync. |
+
+## Reliability
+
+| Feature | Behavior |
+|---------|----------|
+| **Ingest retries** | Retries on network failure; batches are idempotent. |
+| **Offline Buffering** | Alerts are queued in the local SQLite DB and synced when connectivity returns. |
+| **Delta cursor** | Persisted to disk before applying overrides; replays safely on restart. |
+| **Activity / alerts** | Critical alerts are buffered; non-critical activity logs are fire-and-forget. |
+| **Gzip compression** | All ingest payloads compressed to reduce bandwidth. |
diff --git a/docs/endpoint-agent/be/quick-start.md b/docs/endpoint-agent/be/quick-start.md
new file mode 100644
index 0000000..f6e2f61
--- /dev/null
+++ b/docs/endpoint-agent/be/quick-start.md
@@ -0,0 +1,90 @@
+---
+sidebar_position: 1
+sidebar_custom_props:
+ icon: Rocket
+---
+
+# Quick Start
+
+Get the Sentinel agent connected to the Quilr backend in 4 steps.
+
+
+
+## 1. Configure Backend Connection
+
+The agent reads its connection settings from the local configuration file in the data directory. Set these values before starting the agent:
+
+```toml
+[backend]
+base_url = "https://api.quilr.ai"
+tenant_id = ""
+subscriber_id = ""
+```
+
+| Field | Description |
+|-------|-------------|
+| `base_url` | Quilr backend API root |
+| `tenant_id` | Your organization's tenant UUID |
+| `subscriber_id` | Subscriber identifier from the Quilr dashboard |
+
+Replace the placeholder values with your credentials from the **Quilr dashboard**.
+
+## 2. Verify Discovery Sync
+
+Once the agent starts, it pushes discovered apps to the backend automatically. Check the backend received them:
+
+- Go to **Applications** in the Quilr dashboard
+- Discovered apps appear within the first polling cycle (startup + every 30 min)
+- Each entity includes device ID, user, OS type, and canonical identity
+
+The agent batches up to 50 entities per request, compresses with gzip, and retries on failure.
+
+## 3. Confirm Governance Pull
+
+The agent polls for governance overrides every 60 seconds via [delta sync](./architecture#api-endpoints). After setting a policy in the dashboard:
+
+- Policy changes reach the agent within the next poll cycle
+- No agent restart needed
+- The agent applies the override immediately to its in-memory EntityStore
+
+## 4. Check Activity Reporting
+
+Enforcement events (block, quarantine, justify) are reported to the backend as they happen:
+
+- **Activity sync** : enforcement audit log per decision
+- **Alert sync** : block and quarantine alerts for dashboard notifications
+
+Both are fire-and-forget. Critical alerts are buffered in a local SQLite database if the backend is unreachable and retried automatically.
diff --git a/docs/endpoint-agent/requisites/_category_.json b/docs/endpoint-agent/requisites/_category_.json
new file mode 100644
index 0000000..7d88970
--- /dev/null
+++ b/docs/endpoint-agent/requisites/_category_.json
@@ -0,0 +1,11 @@
+{
+ "label": "Requisites",
+ "position": 4,
+ "link": {
+ "type": "generated-index",
+ "description": "System requirements and prerequisites for deploying the Sentinel endpoint agent."
+ },
+ "customProps": {
+ "icon": "ShieldCheck"
+ }
+}
diff --git a/docs/endpoint-agent/requisites/architecture.md b/docs/endpoint-agent/requisites/architecture.md
new file mode 100644
index 0000000..c4bdf10
--- /dev/null
+++ b/docs/endpoint-agent/requisites/architecture.md
@@ -0,0 +1,100 @@
+---
+sidebar_position: 2
+sidebar_custom_props:
+ icon: Layers
+---
+
+# Architecture
+
+How system requirements map to agent components, and what each platform dependency is used for.
+
+
+
+## Component Dependency Map
+
+| Agent Component | macOS Requirement | Windows Requirement |
+|----------------|-------------------|---------------------|
+| **sentinel** (main agent) | root, signed binary | SYSTEM, Authenticode signed |
+| **bootstrap** | root, signed binary | SYSTEM, Authenticode signed |
+| **sentinel-proxy** | Network Extension entitlement, signed | WinDivert driver, signed |
+| **SentinelProxyExtension** | System Extension approval | n/a |
+| **ipc-light-broker** | Unix socket access | Named pipe access |
+| **sentinel-diagnostics** | No special requirements | No special requirements |
+
+## Security Model
+
+The agent enforces a chain-of-trust before starting:
+
+1. **Bootstrap** verifies its own code signature using OS APIs
+2. **Bootstrap** verifies the `sentinel` agent binary against the manifest
+3. **Bootstrap** spawns `sentinel` with `--spawned-by-bootstrap` and passes its PID via `SENTINEL_BOOTSTRAP_PID`
+4. **sentinel** rejects startup if not spawned by bootstrap (exits with code 1)
+
+This prevents the agent from running if tampered with or launched directly.
+
+## Installation Paths
+
+| Platform | Path | Contents |
+|----------|------|----------|
+| **macOS app bundle** | `/Applications/SentinelProxy.app/Contents/MacOS/` | All binaries |
+| **macOS support dir** | `/Library/Application Support/Sentinel/` | Configs, certs, templates, logs |
+| **macOS daemon** | `/Library/LaunchDaemons/com.sentinel.agent` | Service definition |
+| **Windows binaries** | `C:\Program Files\Sentinel\` | All binaries |
+| **Windows cert** | `C:\Program Files\Sentinel\cert` | Root CA |
+| **Windows service** | `SentinelAgent` | Registered Windows Service |
+
+## Update Flow
+
+The agent self-updates via `sentinel-updater`, which the installer registers as a scheduled task or LaunchDaemon:
+
+1. Checks the CDN for a new version every 30 minutes
+2. Downloads and verifies the package (RSA-PSS + SHA-256)
+3. Validates signatures in staging before stopping the running agent
+4. Deploys from staging, starts the agent, runs a 30-second health check
+5. Rolls back automatically on failure
+
+The agent is never stopped until the staged package passes all verification checks.
diff --git a/docs/endpoint-agent/requisites/quick-start.md b/docs/endpoint-agent/requisites/quick-start.md
new file mode 100644
index 0000000..56fe7fe
--- /dev/null
+++ b/docs/endpoint-agent/requisites/quick-start.md
@@ -0,0 +1,100 @@
+---
+sidebar_position: 1
+sidebar_custom_props:
+ icon: Rocket
+---
+
+# Quick Start
+
+Verify your endpoints meet the requirements before deploying the Sentinel agent.
+
+
+
+## OS Requirements
+
+| Platform | Minimum Version | Notes |
+|----------|----------------|-------|
+| **macOS** | 13.0 (Ventura) | Network Extension requires Ventura+ |
+| **Windows** | 10 (1903+) or Server 2019 | WinDivert driver requires 64-bit |
+
+## Access Requirements
+
+| Platform | Required Access | Used For |
+|----------|----------------|----------|
+| **macOS** | `root` | LaunchDaemon, system extension install, keychain write |
+| **Windows** | `SYSTEM` / Administrator | Windows Service, WinDivert driver, cert store write |
+
+The agent is deployed via MDM (Jamf, Intune, Kandji) or GPO. The installer handles service registration and cert trust automatically when run with `--trust-cert --register-as-service`.
+
+## Network Requirements
+
+The agent only makes outbound connections. No inbound ports are required.
+
+| Destination | Port | Purpose |
+|-------------|------|---------|
+| `api.quilr.ai` | 443 (HTTPS) | Backend sync: discovery, governance, activity |
+| CDN (version check) | 443 (HTTPS) | Auto-updater version manifest and package download |
+
+If the endpoint routes through a corporate proxy, configure the proxy to pass through these destinations without TLS inspection of the agent's own traffic.
+
+## Platform-Specific Requirements
+
+### macOS
+
+| Requirement | Details |
+|-------------|---------|
+| **System Extension** | User must approve in System Settings > Privacy & Security after first install |
+| **Network Extension entitlement** | Bundled in `sentinel-proxy` via provisioning profile |
+| **Keychain write** | Required to trust the MITM root CA (`security add-trusted-cert`) |
+| **File Descriptor limit** | Raised to 10,240 by installer (`ulimit -n`) |
+
+### Windows
+
+| Requirement | Details |
+|-------------|---------|
+| **WinDivert driver** | Bundled with the agent package |
+| **Cert store write** | Required to trust the MITM root CA in the local machine store |
+| **Windows Service** | Registered as `SentinelAgent`; runs as SYSTEM |
+| **UAC** | Required for initial install; subsequent updates run as SYSTEM |
+
+## Disk Space
+
+| Component | Approximate Size |
+|-----------|----------------|
+| Agent binaries | ~50 MB |
+| Dynamic cert + key | < 1 KB |
+| Config and templates | < 5 MB |
+| Logs (rolling) | Configurable; defaults to 100 MB cap |
diff --git a/docs/sop/_category_.json b/docs/sop/_category_.json
new file mode 100644
index 0000000..040afdc
--- /dev/null
+++ b/docs/sop/_category_.json
@@ -0,0 +1,11 @@
+{
+ "label": "Std Operating Procedure",
+ "position": 6,
+ "link": {
+ "type": "generated-index",
+ "description": "Standard operating procedures for incident handling: disable, rollback, and restore Quilr agents without a code deploy or engineering intervention."
+ },
+ "customProps": {
+ "icon": "BookOpen"
+ }
+}
diff --git a/docs/sop/browser-extension/_category_.json b/docs/sop/browser-extension/_category_.json
new file mode 100644
index 0000000..6630cc9
--- /dev/null
+++ b/docs/sop/browser-extension/_category_.json
@@ -0,0 +1,11 @@
+{
+ "label": "Browser Extension",
+ "position": 2,
+ "link": {
+ "type": "generated-index",
+ "description": "Incident procedures for the Quilr Browser Extension: kill switch, rollback, and escalation playbooks."
+ },
+ "customProps": {
+ "icon": "Plug"
+ }
+}
diff --git a/docs/sop/browser-extension/agent-kill-switch/_category_.json b/docs/sop/browser-extension/agent-kill-switch/_category_.json
new file mode 100644
index 0000000..9de7cd0
--- /dev/null
+++ b/docs/sop/browser-extension/agent-kill-switch/_category_.json
@@ -0,0 +1,11 @@
+{
+ "label": "Agent Kill Switch",
+ "position": 1,
+ "link": {
+ "type": "generated-index",
+ "description": "Disable or re-enable the Sentinel endpoint agent from the browser extension without a process restart, with state persisted across reboots."
+ },
+ "customProps": {
+ "icon": "ShieldCheck"
+ }
+}
diff --git a/docs/sop/browser-extension/agent-kill-switch/instructions.md b/docs/sop/browser-extension/agent-kill-switch/instructions.md
new file mode 100644
index 0000000..7dd5b12
--- /dev/null
+++ b/docs/sop/browser-extension/agent-kill-switch/instructions.md
@@ -0,0 +1,76 @@
+---
+sidebar_position: 1
+sidebar_custom_props:
+ icon: ClipboardList
+---
+
+Go to https://github.com/quilrbusiness/ConstantsConfigsSync
+
+Make changes in the tenant specific json file in `constants/defaults/abc-...json`
+
+Raise a PR to quilr-preprod, get approval and merged then quilr-preprod to main
+
+Contact Kashi or Thiru for PR approval and merge.
+
+Note: We can find tenant ID in browser extension API calls.
+
+
+Details:
+
+## Step 1 – Create a branch from quilr-preprod
+
+Pull the latest quilr-preprod, then create a new branch named like:
+
+```
+feat/disable-agent-kill-switch
+```
+
+## Step 2 – Add your constant
+
+If the constant is for all tenants, add it to `default.json`.
+
+`default.json`
+
+```json
+{
+ "disable_agent": true
+}
+```
+
+If the constant is tenant-specific, add or override it inside:
+
+`constants/tenants/.json`
+
+Example: `442e052d-4c60-4cdc-961e-bc9db74a40ca.json`
+
+```json
+{
+ "disable_agent": true
+}
+```
+
+- Tenant value overrides the global value for that tenant only
+- Other tenants continue using `default.json`
+- If the tenant file doesn't exist, create it using the tenant UUID
+
+
+## Step 3 – Commit & push
+
+Stage only the files under `constants` that you changed.
+
+Example commit messages:
+
+```
+feat: add disable_agent constant globally
+feat: override disable_agent for tenant 442e052d
+```
+
+Push your branch.
+
+## Step 4 – Raise a PR
+
+Create a Pull Request to quilr-preprod and then to main. In the PR description include:
+
+- What `disable_agent` does
+- Whether it's global or tenant-specific
+- Tenant UUID (if applicable)
diff --git a/docs/sop/endpoint-agent/_category_.json b/docs/sop/endpoint-agent/_category_.json
new file mode 100644
index 0000000..9cdd7c7
--- /dev/null
+++ b/docs/sop/endpoint-agent/_category_.json
@@ -0,0 +1,11 @@
+{
+ "label": "Endpoint Agent",
+ "position": 1,
+ "link": {
+ "type": "generated-index",
+ "description": "Incident procedures for the Quilr Endpoint Agent — kill switch, rollback, and escalation playbooks."
+ },
+ "customProps": {
+ "icon": "Bot"
+ }
+}
diff --git a/docs/sop/endpoint-agent/agent-kill-switch/_category_.json b/docs/sop/endpoint-agent/agent-kill-switch/_category_.json
new file mode 100644
index 0000000..12339af
--- /dev/null
+++ b/docs/sop/endpoint-agent/agent-kill-switch/_category_.json
@@ -0,0 +1,11 @@
+{
+ "label": "Agent Kill Switch",
+ "position": 1,
+ "link": {
+ "type": "generated-index",
+ "description": "Disable or restore the Sentinel endpoint agent on a single device or entire tenant — without a code deploy or engineering intervention."
+ },
+ "customProps": {
+ "icon": "ShieldCheck"
+ }
+}
diff --git a/docs/sop/endpoint-agent/agent-kill-switch/quick-start.md b/docs/sop/endpoint-agent/agent-kill-switch/quick-start.md
new file mode 100644
index 0000000..33e8b19
--- /dev/null
+++ b/docs/sop/endpoint-agent/agent-kill-switch/quick-start.md
@@ -0,0 +1,229 @@
+---
+sidebar_position: 1
+sidebar_custom_props:
+ icon: Rocket
+---
+
+# Quick Start
+
+Disable or restore the Sentinel endpoint agent without a code deploy. Pick the action that matches your scenario.
+
+
+
+## Quick Reference
+
+| Situation | Action | Time to Effect |
+|-----------|--------|----------------|
+| Disable agent for **one device** | Backend: set `endpointAgentEnabled = false` | Next poll cycle (~30 min) |
+| Disable agent for **entire tenant** | Backend: set `tenantEndpointAgentEnabled = false` | Next poll cycle (~30 min) |
+| Disable agent **right now** on one machine | IT: `launchctl bootout` (see below) | Immediate |
+| Roll back to a previous version | IT: re-run installer script (see below) | ~5 minutes |
+| Disable a specific sub-feature | Engineering required — see [Sub-feature Flags](#sub-feature-flags) | Requires deploy |
+
+---
+
+## 1. Disable for a Single Device
+
+> **Who**: Anyone with access to the Quilr admin dashboard or backend API.
+
+The agent goes dormant but stays installed. It re-checks every ~30 minutes and resumes if the flag is turned back on.
+
+| Step | Action |
+|------|--------|
+| **1** | Log in to the Quilr admin backend (BFF) |
+| **2** | Find the device record by device ID or user email |
+| **3** | Set `endpointAgentEnabled = false` and save |
+| **4** | Confirm: agent status endpoint returns `enabled: false` within one poll cycle |
+
+To re-enable, set `endpointAgentEnabled = true` and save.
+
+---
+
+## 2. Disable for an Entire Tenant
+
+> **Who**: Anyone with tenant-level admin access.
+
+Disables the agent across all devices for that tenant. The tenant-level flag takes priority over device-level flags.
+
+| Step | Action |
+|------|--------|
+| **1** | Log in to the Quilr admin backend |
+| **2** | Find the tenant record |
+| **3** | Set `tenantEndpointAgentEnabled = false` and save |
+| **4** | Confirm: spot-check one or two devices — agents should stop within the next poll cycle |
+
+To re-enable, set `tenantEndpointAgentEnabled = true` and save.
+
+:::note
+If the tenant flag is `false`, individual device flags are ignored — the tenant flag always wins.
+:::
+
+---
+
+## 3. Immediate Stop on a Specific Machine
+
+> **Who**: IT / helpdesk with sudo access to the macOS machine.
+
+Use this when you cannot wait for the next backend poll cycle.
+
+### Stop the agent
+
+```bash
+sudo launchctl bootout "system/com.sentinel.agent"
+```
+
+All monitoring and proxy interception ceases immediately.
+
+### Verify the agent is stopped
+
+```bash
+sudo launchctl list | grep sentinel
+```
+
+Returns nothing if the agent is stopped.
+
+### Restart the agent
+
+```bash
+sudo launchctl bootstrap system "/Library/LaunchDaemons/com.sentinel.agent.plist"
+```
+
+### Prevent restart on reboot (persistent stop)
+
+```bash
+sudo launchctl disable "system/com.sentinel.agent"
+sudo launchctl bootout "system/com.sentinel.agent"
+```
+
+To re-enable after a persistent stop:
+
+```bash
+sudo launchctl enable "system/com.sentinel.agent"
+sudo launchctl bootstrap system "/Library/LaunchDaemons/com.sentinel.agent.plist"
+```
+
+:::warning
+Stopping via `launchctl` is temporary by default. The agent restarts on reboot unless you also run the `disable` command above.
+:::
+
+---
+
+## 4. Roll Back to a Previous Version
+
+> **Who**: IT with sudo access, or engineering via MDM.
+
+### Option A — Re-run the installer
+
+```bash
+sudo /usr/local/sentinel/scripts/sentinel-endpoint.sh --env --force
+```
+
+Replace `` with `quartz`, `preprod`, or `secure`. The installer pulls the latest stable release and overwrites the broken version.
+
+### Option B — Clear a stuck auto-rollback
+
+If the agent auto-rolled back after a failed upgrade but the device is still having issues:
+
+```bash
+# Check what version was rejected
+cat ~/.sentinel/.quarantined_version
+
+# Remove the quarantine file to let the agent retry
+rm ~/.sentinel/.quarantined_version
+```
+
+Then restart the agent (see Section 3).
+
+### Confirm the active version
+
+```bash
+cat /usr/local/sentinel/VERSION
+```
+
+---
+
+## Sub-feature Flags
+
+The following sub-features have their own `enabled` flags but are **not yet remotely toggleable** without a code change. Open an incident ticket and tag the on-call engineer.
+
+| Sub-feature | What it does | Config flag |
+|-------------|--------------|-------------|
+| Enforcement | Kills non-compliant processes | `enforcement.enabled` |
+| Enforcement dry-run | Logs violations but does NOT kill processes | `enforcement.dry_run` |
+| File scanning | Scans for sensitive files (`.claude`, `.cursor`, etc.) | `scan.enabled` |
+| Hook integrity | Verifies Claude/Cursor hook files aren't tampered | `hook_manager.enabled` |
+| Package scanning (npm/cargo/go) | Scans installed packages | `pkg_scanner.enabled` |
+
+**Workaround while waiting for engineering**: Use the tenant or device-level kill switch (Sections 1–2) to stop the entire agent.
+
+---
+
+## Severity & Escalation
+
+| Severity | Symptoms | First action | Escalate if |
+|----------|----------|--------------|-------------|
+| **P0 – Critical** | Agent breaking user workflows, blocking logins, data loss risk | Immediate stop via launchctl + tenant flag off | Not resolved in 15 min |
+| **P1 – High** | Feature misbehaving for a group of users | Device-level flag off | Affecting >5 devices |
+| **P2 – Medium** | Unexpected behavior, no immediate harm | Backend toggle + monitor | Persists after toggle |
+| **P3 – Low** | Cosmetic, minor annoyance | Log ticket | — |
+
+Tag `#sentinel-oncall` in Slack with the device ID, tenant ID, and what you observed.
+
+---
+
+## Verification Checklist
+
+After any kill switch action:
+
+- [ ] Agent status endpoint returns `enabled: false` for the affected device(s)
+- [ ] `launchctl list | grep sentinel` shows not running (if stopped via IT)
+- [ ] User confirms monitoring and proxy interception has stopped
+- [ ] No new alerts or logs from the device for 5 minutes post-action
+- [ ] If tenant-wide: spot-check at least 3 devices from the tenant
+
+---
+
+## Re-enabling After an Incident
+
+1. Confirm the root cause has been identified.
+2. Confirm a fix is in place (code deploy, config change, or false alarm).
+3. Re-enable at the device level first (one test device) and monitor for 10 minutes.
+4. If clean, re-enable for the full tenant.
+5. Post a brief incident summary in `#sentinel-oncall` with what was toggled and when.
+
+---
+
+**Next step:** See the [Architecture](../../../endpoint-agent/agent-kill-switch/architecture) for the full enforcement pipeline and state machine.
diff --git a/static/llms.txt b/static/llms.txt
index 441a65b..8b672dc 100644
--- a/static/llms.txt
+++ b/static/llms.txt
@@ -55,3 +55,7 @@ Connect to any LLM provider — OpenAI, Anthropic, Azure, Bedrock, Vertex AI —
- [Network Monitoring Architecture](https://docs.quilrai.dev/endpoint-agent/network-monitoring/architecture.md): Request processing pipeline - Intercept, Inspect, Scan, Enforce - with TLS MITM, DLP engine, and health monitoring.
- [Process Mapping Quick Start](https://docs.quilrai.dev/endpoint-agent/process-mapping/quick-start.md): Set up Process Mapping in 4 steps - deploy the System Monitor, review discovered applications, configure policies, and monitor activity.
- [Process Mapping Architecture](https://docs.quilrai.dev/endpoint-agent/process-mapping/architecture.md): Discovery and enforcement pipeline - Discover, Correlate, Sync, Enforce - covering process monitoring, Lua-based AI agent scanning, and governance.
+- [Backend Integration Quick Start](https://docs.quilrai.dev/endpoint-agent/be/quick-start.md): Set up backend sync in 4 steps - configure connection, verify discovery, confirm governance pull, and check activity reporting.
+- [Backend Integration Architecture](https://docs.quilrai.dev/endpoint-agent/be/architecture.md): Synchronization architecture - how the agent communicates with the Quilr backend via polling and event-driven reports, with local persistence and reliability layers.
+- [Requisites Quick Start](https://docs.quilrai.dev/endpoint-agent/requisites/quick-start.md): Verify endpoint readiness in 4 steps - check OS support, access rights, network requirements, and platform-specific drivers.
+- [Requisites Architecture](https://docs.quilrai.dev/endpoint-agent/requisites/architecture.md): Platform dependency map - how the agent's core, network monitor, and certificate management interact with macOS and Windows system internals.