RHEcosystemAppEng · TamarW0 · Jun 21, 2026 · Jun 21, 2026 · Jun 22, 2026 · Jun 23, 2026
diff --git a/.gitignore b/.gitignore
@@ -1,5 +1,7 @@
 ###### Place new entries directly below this line! ######
 
+CLAUDE.md
+
 # Ignore anything in the ./.tmp directory
 .tmp/
 

diff --git a/.tekton/on-cm-runner.yaml b/.tekton/on-cm-runner.yaml
@@ -26,7 +26,7 @@ spec:
       value: "{{ trigger_comment }}"
     # Point to the image ALREADY built by the PR pipeline
     - name: target-image
-      value: quay.io/ecosystem-appeng/agent-morpheus-rh:on-pr-{{revision}}
+      value: quay.io/ecosystem-appeng/rhtpa-exploit-intelligence-agent:on-pr-{{revision}}
 
   pipelineSpec:
     params:

diff --git a/kustomize/README.md b/kustomize/README.md
@@ -19,7 +19,7 @@ limitations under the License.
 
 ## Install and Run Locally
 
-One can run ExploitIQ on his local machine ( No GPU dependency is required!), for the purpose of testing, debugging and troubleshooting problems:
+One can run the RHTPA exploit intelligence workflow on his local machine ( No GPU dependency is required!), for the purpose of testing, debugging and troubleshooting problems:
 
 1. Install the lightweight [uv package manager](https://docs.astral.sh/uv/getting-started/installation).
 2. Ensure Python 3.12 is installed for your operating system.
@@ -98,7 +98,7 @@ export USE_CONTAINER_SOURCES=true
 
 ## Deploy And Run On OCP
 
-1. Create a `base/secrets.env` file containing the API keys for external services `ExploitIQ` might use. Not all keys are mandatory. Refer to the main [README](../README.md#obtain-api-keys) for details on how to create the Red Hat credentials and other API keys.
+1. Create a `base/secrets.env` file containing the API keys for external services `RHTPA exploit intelligence` might use. Not all keys are mandatory. Refer to the main [README](../README.md#obtain-api-keys) for details on how to create the Red Hat credentials and other API keys.
 
 ```shell
 cat > base/secrets.env << EOF
@@ -128,7 +128,7 @@ argilla_api_key=your_argilla_api_key
 
 EOF
 ```
-4. Create an image pull secret to authorize pulling the `ExploitIQ` and `Argilla` container images:
+4. Create an image pull secret to authorize pulling the `exploit-intelligence` and `Argilla` container images:
 
 ```shell
 oc create secret generic exploit-iq-pull-secret --from-file=.dockerconfigjson=<path/to/.docker/config.json> --type=kubernetes.io/dockerconfigjson
@@ -152,7 +152,7 @@ EOF
 >[!IMPORTANT]
 >This secret is essential for product scanning to authenticate and pull component images. If you skip this step, kustomize will still deploy, but authenticated pulls will not work until you provide real credentials.
 
-6. Create the `oauth-secret.env` file containing the `client-secret` and `openshift-domain` values required by the [ExploitIQ Client](./base/exploit_iq_client.yaml) configuration.
+6. Create the `oauth-secret.env` file containing the `client-secret` and `openshift-domain` values required by the [exploit-intelligence-client](./base/exploit_iq_client.yaml) configuration.
 
 If openshift resource of kind `OAuthClient` named `exploit-iq-client` exists, just get the secret from there:
 ```shell
@@ -187,7 +187,7 @@ exploit-iq-password=$(openssl rand -base64 24 | tr -d '/+=' | head -c 32)
 EOF
 ```
 
-8. Update `ExploitIQ` configuration file with the correct callback URL for the client service.
+8. Update exploit intelligence configuration file with the correct callback URL for the client service.
 
 ```shell
 export CALLBACK_URL="https://exploit-iq-client.$(oc project -q).svc:8443"
@@ -196,7 +196,7 @@ find . -type f -name 'exploit-iq-config.yml' -exec sed -i "s|CALLBACK_URL_PLACEH
 
 ### Configuring Git SSL Certificate Authority for Custom CAs
 
-If your Git server uses a certificate that is signed by a custom Certificate Authority (CA), you must provide the CA certificate bundle to enable ExploitIQ to verify the Git server identity.
+If your Git server uses a certificate that is signed by a custom Certificate Authority (CA), you must provide the CA certificate bundle to enable the exploit intelligence workflow to verify the Git server identity.
 
 > [!IMPORTANT]
 > If you need to access Red Hat internal Git repositories such as `gitlab.cee.redhat.com`, you must complete this procedure.
@@ -245,15 +245,15 @@ openssl crl2pkcs7 -nocrl -certfile kustomize/base/ca-certs/ca-bundle.crt | \
 
 >[!IMPORTANT]
 You should only run one of the steps 9,10 or 11, depending on if you want to run the service with a self hosted LLM, self hosted LLM with MLOps or Nvidia remote NIM.
-9. To deploy `ExploitIQ` with a self-hosted LLM , run:
+9. To deploy the exploit intelligence service with a self-hosted LLM , run:
 
 ```shell
-# Deploy ExploitIQ with self hosted llama3.1-70b-4bit LLM 
+# Deploy exploit intelligence with self hosted llama3.1-70b-4bit LLM 
 oc kustomize overlays/self-hosted-llama3.1-70b-4bit |  oc apply -f - -n $YOUR_NAMESPACE_NAME
 
 ```
 
-10. To deploy `ExploitIQ` with a self-hosted LLM and MLOps, run:
+10. To deploy the exploit intelligence service with a self-hosted LLM and MLOps, run:
 
 ```shell
 # Patch overlay kustomization yaml with deployment namespace value (Grafana and Tempo)
@@ -262,12 +262,12 @@ sed -i "s/REPLACE_NAMESPACE/$YOUR_NAMESPACE_NAME/" overlays/mlops/tempo/kustomiz
 ```
 
 ```shell
-# replace EXPLOIT_IQ_GRAFANA_SA_TOKEN with ExploitIQ Grafana SA Token from bitwarden vault (1 year expiration date)
+# replace EXPLOIT_IQ_GRAFANA_SA_TOKEN with exploit intelligence Grafana SA Token from bitwarden vault (1 year expiration date)
 oc create secret generic grafana-bearer-token --from-literal=token='EXPLOIT_IQ_GRAFANA_SA_TOKEN'
 ```
 
 ```shell
-# Deploy ExploitIQ with self hosted llama3.1-70b-4bit LLM and MLOps
+# Deploy exploit intelligence with self hosted llama3.1-70b-4bit LLM and MLOps
 oc kustomize overlays/mlops |  oc apply -f - -n $YOUR_NAMESPACE_NAME
 
 ```
@@ -299,9 +299,9 @@ oc kustomize overlays/mlops \
 ```
 
 
-10. Alternatively, to deploy `ExploitIQ` with a fully remote nim LLM, run:
+10. Alternatively, to deploy the exploit intelligence service with a fully remote nim LLM, run:
 ```shell
-# Deploy ExploitIQ with remote nim llama-3.1-70b-16bit LLM
+# Deploy exploit intelligence with remote nim llama-3.1-70b-16bit LLM
 oc kustomize overlays/remote-nim-all |  oc apply -f - -n $YOUR_NAMESPACE_NAME
 ```
 >[!WARNING]
@@ -335,7 +335,7 @@ openshift-domain=$(oc get dns cluster -o jsonpath='{.spec.baseDomain}')
 EOF
 ```
 
-12. **(Optional) Enable OAuth for the ExploitIQ MCP Server.** If you want MCP clients (Claude Code, Cursor, etc.) to authenticate via OpenShift OAuth, create an `OAuthClient` CR for the MCP server:
+12. **(Optional) Enable OAuth for the exploit intelligence MCP Server.** If you want MCP clients (Claude Code, Cursor, etc.) to authenticate via OpenShift OAuth, create an `OAuthClient` CR for the MCP server:
 
 ```bash
 oc create -f - <<EOF
@@ -374,7 +374,7 @@ that way:
 oc set env deployment -l component=exploit-iq-client QUARKUS_SMALLRYE_OPENAPI_SERVERS=https://$(oc get route exploit-iq-client -o=jsonpath='{..spec.host}')
 ```
 
-14. To Uninstall the ExploitIQ System, kindly run the following command, after setting the Deployment variant environment variable, depending on your deployment variant of choice:
+14. To Uninstall the exploit intelligence system, kindly run the following command, after setting the Deployment variant environment variable, depending on your deployment variant of choice:
 
 ```shell
 DEPLOYMENT_VARIANT_NAME=remote-nim-all
@@ -391,7 +391,7 @@ kustomize build overlays/$DEPLOYMENT_VARIANT_NAME/  | oc delete -f -
 export PROJECT_NAME=exploit-test
 oc new-project $PROJECT_NAME
 ```
-3. Take private key from vault ( `ExploitIQ Tests Deployment Variant Private Key for Decryption.`) and import it to GPG:
+3. Take private key from vault ( `Exploit Intelligence Tests Deployment Variant Private Key for Decryption.`) and import it to GPG:
 ```shell
 gpg --import /path/to/sec-decryption.key
 ```
@@ -436,15 +436,15 @@ openshift-domain=$(oc get dns cluster -o jsonpath='{.spec.baseDomain}')
 EOF
 ```
 
-7. Update `ExploitIQ` configuration file with the correct callback URL for the client service
+7. Update exploit intelligence configuration file with the correct callback URL for the client service
 ```shell
 cd $(git rev-parse --show-toplevel)/kustomize
 export CALLBACK_URL="https://exploit-iq-client.$(oc project -q).svc:8443"
 find . -type f -name 'exploit-iq-config.yml' -exec sed -i "s|CALLBACK_URL_PLACEHOLDER|$CALLBACK_URL|g" {} +
 cd $(git rev-parse --show-toplevel)/kustomize/overlays/tests
 ```
 
-8. Now deploy to the cluster the exploitIQ system ( minus agent) with all resources:
+8. Now deploy to the cluster the exploit intelligence system ( minus agent) with all resources:
 ```shell
 kustomize build . | oc apply -f -
 ```
@@ -473,7 +473,7 @@ export HTTP_ROUTE=http://$(oc get route exploit-iq-client -o jsonpath='{.spec.ho
 oc patch oauthclient exploit-iq-client -p '{"redirectURIs":["'$HTTP_ROUTE'","'$HTTPS_ROUTE'"]}'
 ```
 
-10. **(Optional) Enable OAuth for the ExploitIQ MCP Server.** Create an `OAuthClient` CR for the MCP server:
+10. **(Optional) Enable OAuth for the exploit intelligence MCP Server.** Create an `OAuthClient` CR for the MCP server:
 
 ```bash
 oc create -f - <<EOF

diff --git a/kustomize/base/argilla/argilla-service.yaml b/kustomize/base/argilla/argilla-service.yaml
@@ -6,7 +6,7 @@ metadata:
     app: argilla
 spec:
   selector:
-    app: morpheus-feedback-api
+    app: exploit-intelligence-feedback-api
   ports:
     - protocol: TCP
       port: 6900

diff --git a/kustomize/base/argilla/argilla-user-feedback-pvc.yaml b/kustomize/base/argilla/argilla-user-feedback-pvc.yaml
@@ -4,7 +4,7 @@ kind: PersistentVolumeClaim
 metadata:
   name: argilla-user-feedback-pvc
   labels:
-    app: morpheus-feedback-api
+    app: exploit-intelligence-feedback-api
 spec:
   accessModes:
     - ReadWriteOnce 

diff --git a/kustomize/base/argilla/deployment.yaml b/kustomize/base/argilla/deployment.yaml
@@ -1,20 +1,20 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: morpheus-feedback-api
+  name: exploit-intelligence-feedback-api
   labels:
-    app: morpheus-feedback-api
+    app: exploit-intelligence-feedback-api
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app: morpheus-feedback-api
+      app: exploit-intelligence-feedback-api
   strategy:
     type: Recreate
   template:
     metadata:
       labels:
-        app: morpheus-feedback-api
+        app: exploit-intelligence-feedback-api
     spec:
       restartPolicy: Always
       imagePullSecrets:

diff --git a/kustomize/base/argilla/service.yaml b/kustomize/base/argilla/service.yaml
@@ -1,12 +1,12 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: morpheus-feedback-api
+  name: exploit-intelligence-feedback-api
   labels:
-    app: morpheus-feedback-api
+    app: exploit-intelligence-feedback-api
 spec:
   selector:
-    app: morpheus-feedback-api
+    app: exploit-intelligence-feedback-api
   ports:
     - protocol: TCP
       port: 5001

diff --git a/kustomize/base/exploit_iq_client.yaml b/kustomize/base/exploit_iq_client.yaml
@@ -26,15 +26,15 @@ spec:
           args:
             - ./application
             - -Dquarkus.http.host=0.0.0.0
-            - -Dquarkus.log.category."com.redhat.ecosystemappeng.morpheus".level=DEBUG
-          image: quay.io/ecosystem-appeng/agent-morpheus-client:latest
+            - -Dquarkus.log.category."com.redhat.ecosystemappeng.exploitintelligence".level=DEBUG
+          image: quay.io/ecosystem-appeng/exploit-intelligence-client:latest
           imagePullPolicy: Always
           ports:
             - name: http
               protocol: TCP
               containerPort: 8080
           env:
-            - name: QUARKUS_REST-CLIENT_MORPHEUS_URL
+            - name: QUARKUS_REST-CLIENT_EXPLOIT_INTELLIGENCE_URL
               value: http://nginx-cache:8080/generate
             - name: QUARKUS_MONGODB_HOSTS
               value: exploit-iq-client-db:27017
@@ -78,9 +78,9 @@ spec:
               value: disabled
             - name: QUARKUS_HTTP_SSL_CERTIFICATE_RELOAD-PERIOD
               value: 30m
-            - name: MORPHEUS_UI_INCLUDES_PATH
+            - name: EXPLOIT_INTELLIGENCE_UI_INCLUDES_PATH
               value: /config/includes.json
-            - name: MORPHEUS_UI_EXCLUDES_PATH
+            - name: EXPLOIT_INTELLIGENCE_UI_EXCLUDES_PATH
               value: /config/excludes.json
             - name: DOCKER_CONFIG
               value: /tmp/.docker

diff --git a/kustomize/base/kustomization.yaml b/kustomize/base/kustomization.yaml
@@ -97,7 +97,7 @@ images:
   - name: quay.io/ecosystem-appeng/agent-morpheus-rh
     newTag: latest
 
-  - name: quay.io/ecosystem-appeng/agent-morpheus-client
+  - name: quay.io/ecosystem-appeng/agent-morpheus-rh
     newTag: latest
 
   - name: quay.io/ecosystem-appeng/exploitiq-mcp-server

diff --git a/kustomize/network-policy.yaml b/kustomize/network-policy.yaml
@@ -3,14 +3,14 @@ kind: NetworkPolicy
 metadata:
   labels:
     networking.knative.dev/ingress-provider: istio
-  name: allow-from-agent-morpheus-namespaces
-  namespace: morpheus-cn-models-nim
+  name: allow-from-agent-exploit-intelligence-namespaces
+  namespace: exploit-intelligence-cn-models-nim
 spec:
   ingress:
   - from:
     - namespaceSelector:
         matchLabels:
-          application: agent-morpheus
+          application: agent-exploit-intelligence
   podSelector: {}
   policyTypes:
   - Ingress

diff --git a/kustomize/overlays/batch-processing/kustomization.yaml b/kustomize/overlays/batch-processing/kustomization.yaml
@@ -69,9 +69,9 @@ patchesStrategicMerge:
             - name: exploit-iq-client
               imagePullPolicy: Always
               env:
-                - name: MORPHEUS_QUEUE_TIMEOUT
+                - name: EXPLOIT_INTELLIGENCE_QUEUE_TIMEOUT
                   value: 60m
-                - name: MORPHEUS_QUEUE_MAX_ACTIVE
+                - name: EXPLOIT_INTELLIGENCE_QUEUE_MAX_ACTIVE
                   value: "5"
 
 configMapGenerator:

diff --git a/kustomize/overlays/tests/kustomization.yaml b/kustomize/overlays/tests/kustomization.yaml
@@ -19,7 +19,7 @@ secretGenerator:
       - .dockerconfigjson=secrets/exploit-iq-ips.json
     type: kubernetes.io/dockerconfigjson
 
-  - name: ecosystem-appeng-morpheus-quay
+  - name: ecosystem-appeng-exploit-intelligence-quay
     files:
       - .dockerconfigjson=secrets/exploit-iq-ips.json
     type: kubernetes.io/dockerconfigjson

diff --git a/src/exploit_iq_commons/utils/chain_of_calls_retriever.py b/src/exploit_iq_commons/utils/chain_of_calls_retriever.py
@@ -31,7 +31,7 @@
 )
 from exploit_iq_commons.utils.standard_library_cache import StandardLibraryCache
 
-logger = LoggingFactory.get_agent_logger(f"morpheus.{__name__}")
+logger = LoggingFactory.get_agent_logger(f"exploit-intelligence.{__name__}")
 
 
 @dataclass

diff --git a/src/exploit_iq_commons/utils/chain_of_calls_retriever_base.py b/src/exploit_iq_commons/utils/chain_of_calls_retriever_base.py
@@ -30,7 +30,7 @@
 
 from exploit_iq_commons.logging.loggers_factory import LoggingFactory
 
-logger = LoggingFactory.get_agent_logger(f"morpheus.{__name__}")
+logger = LoggingFactory.get_agent_logger(f"exploit-intelligence.{__name__}")
 
 def calculate_hashable_string_for_function(function_file_name: str, function_name_to_search: str) -> str:
     return f"{function_file_name};{function_name_to_search}"

diff --git a/src/exploit_iq_commons/utils/dep_tree.py b/src/exploit_iq_commons/utils/dep_tree.py
@@ -75,7 +75,7 @@ def _get_go_repo_lock(manifest_path) -> threading.Lock:
         return _go_repo_locks[key]
 
 
-ROOT_LEVEL_SENTINEL = 'root-top-level-agent-morpheus'
+ROOT_LEVEL_SENTINEL = 'root-top-level-exploit-intelligence'
 
 TRANSITIVE_ENV_NAME = 'transitive_env'
 INSTALLED_PACKAGES_FILE = 'installed_packages.txt'

diff --git a/src/exploit_iq_commons/utils/functions_parsers/java_functions_parsers.py b/src/exploit_iq_commons/utils/functions_parsers/java_functions_parsers.py
@@ -28,7 +28,7 @@
     strip_java_generics, JAVA_ANNOTATION_SYMBOL, extract_fqcn
 from exploit_iq_commons.logging.loggers_factory import LoggingFactory
 
-logger = LoggingFactory.get_agent_logger(f"morpheus.{__name__}")
+logger = LoggingFactory.get_agent_logger(f"exploit-intelligence.{__name__}")
 
 PARAMETER = "parameter"
 

diff --git a/src/exploit_iq_commons/utils/java_chain_of_calls_retriever.py b/src/exploit_iq_commons/utils/java_chain_of_calls_retriever.py
@@ -36,7 +36,7 @@
     create_inheritance_map, get_target_class_names, dummy_package_name
 from exploit_iq_commons.data_models.input import SourceDocumentsInfo
 
-logger = LoggingFactory.get_agent_logger(f"morpheus.{__name__}")
+logger = LoggingFactory.get_agent_logger(f"exploit-intelligence.{__name__}")
 
 # Lowercase package segments; class segments start with uppercase; allow dots or $ for inners
 _FQCN_STRICT_RE = re.compile(

diff --git a/src/exploit_iq_commons/utils/transitive_code_searcher_tool.py b/src/exploit_iq_commons/utils/transitive_code_searcher_tool.py
@@ -25,7 +25,7 @@
 
 from exploit_iq_commons.logging.loggers_factory import LoggingFactory, MULTI_LINE_MESSAGE_TRUE
 
-logger = LoggingFactory.get_agent_logger(f"morpheus.{__name__}")
+logger = LoggingFactory.get_agent_logger(f"exploit-intelligence.{__name__}")
 
 
 class TransitiveCodeSearcher: