Rename ExploitIQ/Agent morpheus to Exploit Intelligence

.gitignore

@@ -2,6 +2,8 @@
 
 kustomize/components/oidc-ca/*.crt
 
+CLAUDE.md
+
 # Ignore anything in the ./.tmp directory
 .tmp/
 

.tekton/on-cm-runner.yaml

@@ -26,7 +26,7 @@ spec:
       value: "{{ trigger_comment }}"
     # Point to the image ALREADY built by the PR pipeline
     - name: target-image
-      value: quay.io/ecosystem-appeng/agent-morpheus-rh:on-pr-{{revision}}
+      value: quay.io/ecosystem-appeng/exploit-iq-agent:on-pr-{{revision}}
 
   pipelineSpec:
     params:

.tekton/on-pull-request.yaml

@@ -33,7 +33,7 @@ spec:
     - name: image-expires-after
       value: 5d
     - name: output-image
-      value: quay.io/ecosystem-appeng/agent-morpheus-rh:on-pr-{{revision}}
+      value: quay.io/ecosystem-appeng/exploit-iq-agent:on-pr-{{revision}}
     - name: path-context
       value: .
     - name: dockerfile

.tekton/on-push.yaml

@@ -26,7 +26,7 @@ spec:
     - name: revision
       value: "{{ revision }}"
     - name: output-image
-      value: quay.io/ecosystem-appeng/agent-morpheus-rh:latest
+      value: quay.io/ecosystem-appeng/exploit-iq-agent:latest
     - name: path-context
       value: .
     - name: dockerfile

.tekton/on-tag.yaml

@@ -26,7 +26,7 @@ spec:
     - name: revision
       value: "{{ revision }}"
     - name: output-image
-      value: 'quay.io/ecosystem-appeng/agent-morpheus-rh'
+      value: 'quay.io/ecosystem-appeng/exploit-iq-agent'
     - name: tag-name
       value: "{{ target_branch }}"
     - name: path-context

ci/scripts/copyright.py

@@ -285,7 +285,7 @@ def _main():
     repo, this script will just look for uncommitted files and in case of CI
     it compares between branches "$PR_TARGET_BRANCH" and "current-pr-branch"
     """
-    log_level = logging.getLevelName(os.environ.get("MORPHEUS_LOG_LEVEL", "INFO"))
+    log_level = logging.getLevelName(os.environ.get("EXPLOIT_IQ_LOG_LEVEL", "INFO"))
     logging.basicConfig(format="%(levelname)s:%(message)s", level=log_level)
 
     ret_val = 0

ci/scripts/gitutils.py

@@ -632,7 +632,7 @@ def _parse_args():
 
 
 def _main():
-    log_level = logging.getLevelName(os.environ.get("MORPHEUS_LOG_LEVEL", "INFO"))
+    log_level = logging.getLevelName(os.environ.get("EXPLOIT_IQ_LOG_LEVEL", "INFO"))
     logging.basicConfig(format="%(levelname)s:%(message)s", level=log_level)
 
     args = _parse_args()

kustomize/README.md

@@ -16,7 +16,7 @@ limitations under the License.
 -->
 
 
-# Deploying Exploit Intelligence on OpenShift Container Platform
+# Deploying ExploitIQ on OpenShift Container Platform
 
 ## Prerequisites
 
@@ -118,15 +118,14 @@ EOF
 ```
 
 ### Step 5. Configure OAuth Credentials
-
-Exploit Intelligence uses OpenShift OAuth for user authentication. The OAuth client secret must be at least 32 bytes (256 bits) because Exploit Intelligence uses it to sign internal session tokens with HS256, which requires a minimum key length of 256 bits.
+ExploitIQ uses OpenShift OAuth for user authentication. The OAuth client secret must be at least 32 bytes (256 bits) because ExploitIQ uses it to sign internal session tokens with HS256, which requires a minimum key length of 256 bits.
 
 > [!IMPORTANT]
 > Save the value of `$OAUTH_CLIENT_SECRET` after running the commands below. You need it after deployment to create or update the `OAuthClient` resource.
 
 #### First-Time Deployment
 
-Use this procedure only if no `OAuthClient` named `exploit-iq-client` exists on the cluster. If another Exploit Intelligence installation already uses that `OAuthClient`, you must use the [Reusing an Existing OAuthClient](#reusing-an-existing-oauthclient) procedure instead — generating a new secret overwrites the existing one and breaks authentication for all users of that installation.
+Use this procedure only if no `OAuthClient` named `exploit-iq-client` exists on the cluster. If another ExploitIQ installation already uses that `OAuthClient`, you must use the [Reusing an Existing OAuthClient](#reusing-an-existing-oauthclient) procedure instead — generating a new secret overwrites the existing one and breaks authentication for all users of that installation.
 
 Verify that the `OAuthClient` does not exist before proceeding:
 
@@ -186,7 +185,7 @@ find . -type f -name 'exploit-iq-config.yml' -exec sed -i "s|CALLBACK_URL_PLACEH
 
 ## Selecting a Deployment Variant
 
-Exploit Intelligence supports the following deployment variants. Run only one deployment command in the next section.
+ExploitIQ supports the following deployment variants. Run only one deployment command in the next section.
 
 | Variant | Overlay | LLM | Use When |
 | --- | --- | --- | --- |
@@ -196,7 +195,7 @@ Exploit Intelligence supports the following deployment variants. Run only one de
 
 ---
 
-## Deploying Exploit Intelligence
+## Deploying ExploitIQ
 
 ### Deploy with a Self-Hosted LLM
 
@@ -215,7 +214,7 @@ sed -i "s/REPLACE_NAMESPACE/$YOUR_NAMESPACE_NAME/" overlays/mlops/grafana/kustom
 sed -i "s/REPLACE_NAMESPACE/$YOUR_NAMESPACE_NAME/" overlays/mlops/tempo/kustomization.yaml
 ```
 
-Create the Grafana token secret. Retrieve the token value from the Bitwarden vault entry **Exploit Intelligence Grafana SA Token**:
+Create the Grafana token secret. Retrieve the token value from the Bitwarden vault entry **ExploitIQ Grafana SA Token**:
 
 ```shell
 oc create secret generic grafana-bearer-token \
@@ -256,7 +255,7 @@ oc kustomize overlays/remote-nim-all | oc apply -f - -n $YOUR_NAMESPACE_NAME
 ### Configure OpenShift OAuth
 
 > [!WARNING]
-> Complete this step before attempting to log in to the Exploit Intelligence UI. Authentication fails if the `OAuthClient` resource is not configured correctly.
+> Complete this step before attempting to log in to the ExploitIQ UI. Authentication fails if the `OAuthClient` resource is not configured correctly.
 
 After the deployment completes and the `exploit-iq-client` route is available, configure the OpenShift OAuth client. Select the procedure that matches your situation.
 
@@ -291,9 +290,9 @@ oc patch oauthclient exploit-iq-client \
   -p '{"redirectURIs":["http://exploit-iq-client:8080","'$HTTP_ROUTE'","'$HTTPS_ROUTE'"]}'
 ```
 
-### Grant Users Access to the Exploit Intelligence UI
+### Grant Users Access to the ExploitIQ UI
 
-Access to the Exploit Intelligence UI is controlled by OpenShift group membership. Add users to the `exploit-iq-view` group to grant UI access. Create the group if it does not exist:
+Access to the ExploitIQ UI is controlled by OpenShift group membership. Add users to the `exploit-iq-view` group to grant UI access. Create the group if it does not exist:
 
 ```shell
 oc adm groups new exploit-iq-view
@@ -458,7 +457,7 @@ oc kustomize overlays/<your-variant> | oc apply -f - -n $YOUR_NAMESPACE_NAME
 
 ---
 
-## Uninstalling Exploit Intelligence
+## Uninstalling ExploitIQ
 
 Set your deployment variant and run one of the following commands:
 
@@ -482,9 +481,9 @@ kustomize build overlays/$DEPLOYMENT_VARIANT_NAME/ | oc delete -f -
 
 ---
 
-## Running Exploit Intelligence Locally
+## Running ExploitIQ Locally
 
-You can run Exploit Intelligence on a local machine without GPU hardware, for development, debugging, and troubleshooting.
+You can run ExploitIQ on a local machine without GPU hardware, for development, debugging, and troubleshooting.
 
 Before you begin, install the following tools and verify that all binaries are available on your system path:
 
@@ -567,7 +566,7 @@ The test variant uses encrypted secret files. To decrypt them, you need the foll
 
 - [GnuPG](https://www.gnupg.org/download/)
 - [SOPS](https://github.com/getsops/sops/releases)
-- The private decryption key from the Bitwarden vault entry **Exploit Intelligence Tests Deployment Variant Private Key for Decryption**
+- The private decryption key from the Bitwarden vault entry **ExploitIQ Tests Deployment Variant Private Key for Decryption**
 
 ### Deploying the Test Overlay
 
@@ -717,7 +716,7 @@ helm upgrade --install \
   --set llama3_1_70b_instruct_4bit.readinessProbe.periodSeconds=10 \
   --set global.tolerationsKey=p4d-gpu \
   --set nim-embed.ngcSecret.apiKey=<your_nvidia_ngc_api_key> \
-  exploit-iq-tests ../../../exploit-iq-models/agent-morpheus-models
+  exploit-iq-tests ../exploit-iq-models/exploit-iq-models
 ```
 
 **11.** Remove the decrypted secret files:
@@ -737,4 +736,4 @@ oc delete project $(oc project --short -q)
 
 If you need to install the OpenShift Pipelines Operator on a new cluster, refer to the [OpenShift Pipelines installation documentation](https://docs.redhat.com/en/documentation/red_hat_openshift_pipelines/1.19/html/installing_and_configuring/installing-pipelines).
 
-To configure the [Exploit Intelligence PAC GitHub application](https://github.com/apps/exploit-iq-pac/) on a new cluster, follow the [PAC GitHub application configuration guide](https://pipelinesascode.com/docs/install/github_apps/#configure-pipelines-as-code-on-your-cluster-to-access-the-github-app). You need the GitHub application private key and the webhook secret from the application settings.
+To configure the [ExploitIQ PAC GitHub application](https://github.com/apps/exploit-iq-pac/) on a new cluster, follow the [PAC GitHub application configuration guide](https://pipelinesascode.com/docs/install/github_apps/#configure-pipelines-as-code-on-your-cluster-to-access-the-github-app). You need the GitHub application private key and the webhook secret from the application settings.

kustomize/base/argilla/argilla-service.yaml

@@ -6,7 +6,7 @@ metadata:
     app: argilla
 spec:
   selector:
-    app: morpheus-feedback-api
+    app: exploit-iq-feedback-api
   ports:
     - protocol: TCP
       port: 6900

kustomize/base/argilla/argilla-user-feedback-pvc.yaml

@@ -4,7 +4,7 @@ kind: PersistentVolumeClaim
 metadata:
   name: argilla-user-feedback-pvc
   labels:
-    app: morpheus-feedback-api
+    app: exploit-iq-feedback-api
 spec:
   accessModes:
     - ReadWriteOnce 

kustomize/base/argilla/deployment.yaml

@@ -1,20 +1,20 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: morpheus-feedback-api
+  name: exploit-iq-feedback-api
   labels:
-    app: morpheus-feedback-api
+    app: exploit-iq-feedback-api
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app: morpheus-feedback-api
+      app: exploit-iq-feedback-api
   strategy:
     type: Recreate
   template:
     metadata:
       labels:
-        app: morpheus-feedback-api
+        app: exploit-iq-feedback-api
     spec:
       restartPolicy: Always
       serviceAccountName: argilla

kustomize/base/argilla/service.yaml

@@ -1,12 +1,12 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: morpheus-feedback-api
+  name: exploit-iq-feedback-api
   labels:
-    app: morpheus-feedback-api
+    app: exploit-iq-feedback-api
 spec:
   selector:
-    app: morpheus-feedback-api
+    app: exploit-iq-feedback-api
   ports:
     - protocol: TCP
       port: 5001

kustomize/base/exploit_iq_client.yaml

@@ -26,15 +26,15 @@ spec:
           args:
             - ./application
             - -Dquarkus.http.host=0.0.0.0
-            - -Dquarkus.log.category."com.redhat.ecosystemappeng.morpheus".level=DEBUG
-          image: quay.io/ecosystem-appeng/agent-morpheus-client:latest
+            - -Dquarkus.log.category."com.redhat.ecosystemappeng.exploitiq".level=DEBUG
+          image: quay.io/ecosystem-appeng/exploit-iq-client:latest
           imagePullPolicy: Always
           ports:
             - name: http
               protocol: TCP
               containerPort: 8080
           env:
-            - name: QUARKUS_REST-CLIENT_MORPHEUS_URL
+            - name: QUARKUS_REST-CLIENT_EXPLOIT_IQ_URL
               value: http://nginx-cache:8080/generate
             - name: QUARKUS_MONGODB_HOSTS
               value: exploit-iq-client-db:27017
@@ -78,9 +78,9 @@ spec:
               value: disabled
             - name: QUARKUS_HTTP_SSL_CERTIFICATE_RELOAD-PERIOD
               value: 30m
-            - name: MORPHEUS_UI_INCLUDES_PATH
+            - name: EXPLOIT_IQ_UI_INCLUDES_PATH
               value: /config/includes.json
-            - name: MORPHEUS_UI_EXCLUDES_PATH
+            - name: EXPLOIT_IQ_UI_EXCLUDES_PATH
               value: /config/excludes.json
             - name: DOCKER_CONFIG
               value: /tmp/.docker

kustomize/base/exploit_iq_service.yaml

@@ -25,7 +25,7 @@ spec:
       serviceAccountName: exploit-iq-sa
       containers:
         - name: exploit-iq-phoenix-tracing
-          image: quay.io/ecosystem-appeng/agent-morpheus-rh:nat
+          image: quay.io/ecosystem-appeng/exploit-iq-agent:latest
           imagePullPolicy: Always
           workingDir: /workspace/
           args:
@@ -45,7 +45,7 @@ spec:
               memory: "1Gi"
               cpu: "100m"
         - name: exploit-iq
-          image: quay.io/ecosystem-appeng/agent-morpheus-rh:nat
+          image: quay.io/ecosystem-appeng/exploit-iq-agent:latest
           imagePullPolicy: Always
           workingDir: /workspace/
           args:

kustomize/base/kustomization.yaml

@@ -80,10 +80,10 @@ configMapGenerator:
     options:
       disableNameSuffixHash: true
 images:
-  - name: quay.io/ecosystem-appeng/agent-morpheus-rh
+  - name: quay.io/ecosystem-appeng/exploit-iq-agent
     newTag: latest
 
-  - name: quay.io/ecosystem-appeng/agent-morpheus-client
+  - name: quay.io/ecosystem-appeng/exploit-iq-client
     newTag: latest
 
   - name: quay.io/ecosystem-appeng/exploitiq-mcp-server

kustomize/deployer-rbac.yaml

@@ -1,7 +1,7 @@
 # deployer-rbac.yaml
 #
 # Grants a non-cluster-admin user the minimum permissions required to
-# deploy Exploit Intelligence on OpenShift Container Platform.
+# deploy ExploitIQ on OpenShift Container Platform.
 #
 # Please replace the following placeholders:
 #   <deployer-username>  — the OpenShift username of the deployer (e.g. jdoe)
@@ -12,7 +12,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: exploit-intelligence-oauthclient-deploy
+  name: exploit-iq-oauthclient-deploy
 rules:
   # get and patch scoped to the two project OAuthClients only.
   - apiGroups:
@@ -36,19 +36,19 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: exploit-intelligence-oauthclient-deploy
+  name: exploit-iq-oauthclient-deploy
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: exploit-intelligence-oauthclient-deploy
+  name: exploit-iq-oauthclient-deploy
 subjects:
   - kind: User
     name: <deployer-username>
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  name: exploit-intelligence-rbac-deploy
+  name: exploit-iq-rbac-deploy
   namespace: <namespace>
 rules:
   - apiGroups:
@@ -90,12 +90,12 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: exploit-intelligence-rbac-deploy
+  name: exploit-iq-rbac-deploy
   namespace: <namespace>
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: exploit-intelligence-rbac-deploy
+  name: exploit-iq-rbac-deploy
 subjects:
   - kind: User
     name: <deployer-username>

kustomize/network-policy.yaml

@@ -3,14 +3,14 @@ kind: NetworkPolicy
 metadata:
   labels:
     networking.knative.dev/ingress-provider: istio
-  name: allow-from-agent-morpheus-namespaces
-  namespace: morpheus-cn-models-nim
+  name: allow-from-exploit-iq-namespaces
+  namespace: exploit-iq-cn-models-nim
 spec:
   ingress:
   - from:
     - namespaceSelector:
         matchLabels:
-          application: agent-morpheus
+          application: exploit-iq
   podSelector: {}
   policyTypes:
   - Ingress

kustomize/overlays/batch-processing/exploit-iq-client-batch-patch.yaml

@@ -25,7 +25,7 @@ spec:
         - name: exploit-iq-client
           imagePullPolicy: Always
           env:
-            - name: MORPHEUS_QUEUE_TIMEOUT
+            - name: EXPLOIT_IQ_QUEUE_TIMEOUT
               value: 60m
-            - name: MORPHEUS_QUEUE_MAX_ACTIVE
+            - name: EXPLOIT_IQ_QUEUE_MAX_ACTIVE
               value: "5"