ShipSecAI · krishna9358 · Jan 30, 2026 · Feb 9, 2026 · Feb 9, 2026
diff --git a/docs/aws-credentials.md b/docs/aws-credentials.md
@@ -118,46 +118,46 @@ spec:
 
 ```json
 {
-    "Version": "2012-10-17",
-    "Statement": [
-        {
-            "Effect": "Allow",
-            "Action": [
-                "cloudtrail:GetTrail",
-                "cloudtrail:GetTrailStatus",
-                "cloudtrail:LookupEvents",
-                "cloudwatch:GetMetricData",
-                "cloudwatch:ListMetrics",
-                "cloudwatch:GetMetricStatistics",
-                "logs:DescribeLogGroups",
-                "logs:DescribeLogStreams",
-                "logs:GetLogEvents"
-            ],
-            "Resource": "*"
-        }
-    ]
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "cloudtrail:GetTrail",
+        "cloudtrail:GetTrailStatus",
+        "cloudtrail:LookupEvents",
+        "cloudwatch:GetMetricData",
+        "cloudwatch:ListMetrics",
+        "cloudwatch:GetMetricStatistics",
+        "logs:DescribeLogGroups",
+        "logs:DescribeLogStreams",
+        "logs:GetLogEvents"
+      ],
+      "Resource": "*"
+    }
+  ]
 }
 ```
 
 #### ECS Task Definition with IAM Roles
 
 ```json
 {
-    "family": "shipsec-studio",
-    "taskRoleArn": "arn:aws:iam::123456789012:role/ShipSecTaskRole",
-    "executionRoleArn": "arn:aws:iam::123456789012:role/ShipSecExecutionRole",
-    "containerDefinitions": [
+  "family": "shipsec-studio",
+  "taskRoleArn": "arn:aws:iam::123456789012:role/ShipSecTaskRole",
+  "executionRoleArn": "arn:aws:iam::123456789012:role/ShipSecExecutionRole",
+  "containerDefinitions": [
+    {
+      "name": "backend",
+      "image": "shipsec/studio-backend:latest",
+      "environment": [
         {
-            "name": "backend",
-            "image": "shipsec/studio-backend:latest",
-            "environment": [
-                {
-                    "name": "AWS_ROLE_ARN",
-                    "value": "arn:aws:iam::123456789012:role/ShipSecTaskRole"
-                }
-            ]
+          "name": "AWS_ROLE_ARN",
+          "value": "arn:aws:iam::123456789012:role/ShipSecTaskRole"
         }
-    ]
+      ]
+    }
+  ]
 }
 ```
 
@@ -208,17 +208,14 @@ aws ssm put-parameter --name "/shipsec/region" --value "us-east-1" --type "Strin
 
 ```json
 {
-    "Version": "2012-10-17",
-    "Statement": [
-        {
-            "Effect": "Allow",
-            "Action": [
-                "ssm:GetParameters",
-                "ssm:GetParameter"
-            ],
-            "Resource": "arn:aws:ssm:us-east-1:123456789012:parameter/shipsec/*"
-        }
-    ]
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": ["ssm:GetParameters", "ssm:GetParameter"],
+      "Resource": "arn:aws:ssm:us-east-1:123456789012:parameter/shipsec/*"
+    }
+  ]
 }
 ```
 
@@ -232,37 +229,33 @@ Create granular IAM policies with only required permissions.
 
 ```json
 {
-    "Version": "2012-10-17",
-    "Statement": [
-        {
-            "Effect": "Allow",
-            "Action": [
-                "cloudtrail:GetTrail",
-                "cloudtrail:GetTrailStatus",
-                "cloudtrail:LookupEvents"
-            ],
-            "Resource": "*"
-        }
-    ]
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": ["cloudtrail:GetTrail", "cloudtrail:GetTrailStatus", "cloudtrail:LookupEvents"],
+      "Resource": "*"
+    }
+  ]
 }
 ```
 
 #### CloudWatch Only Policy
 
 ```json
 {
-    "Version": "2012-10-17",
-    "Statement": [
-        {
-            "Effect": "Allow",
-            "Action": [
-                "cloudwatch:GetMetricData",
-                "cloudwatch:ListMetrics",
-                "cloudwatch:GetMetricStatistics"
-            ],
-            "Resource": "*"
-        }
-    ]
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "cloudwatch:GetMetricData",
+        "cloudwatch:ListMetrics",
+        "cloudwatch:GetMetricStatistics"
+      ],
+      "Resource": "*"
+    }
+  ]
 }
 ```
 
@@ -293,19 +286,19 @@ Implement automated credential rotation.
 
 ```json
 {
-    "Version": "2012-10-17",
-    "Statement": [
-        {
-            "Effect": "Allow",
-            "Action": [
-                "iam:CreateAccessKey",
-                "iam:DeleteAccessKey",
-                "iam:CreateAccessKey",
-                "iam:UpdateAccessKey"
-            ],
-            "Resource": "arn:aws:iam::123456789012:user/ShipSecUser"
-        }
-    ]
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "iam:CreateAccessKey",
+        "iam:DeleteAccessKey",
+        "iam:CreateAccessKey",
+        "iam:UpdateAccessKey"
+      ],
+      "Resource": "arn:aws:iam::123456789012:user/ShipSecUser"
+    }
+  ]
 }
 ```
 
@@ -331,15 +324,11 @@ Enable CloudTrail for all API calls made by ShipSec Studio.
 
 ```json
 {
-    "Name": "ShipSecStudioTrail",
-    "S3BucketName": "shipsec-cloudtrail-logs-123456789012",
-    "IncludeServiceNames": [
-        "cloudtrail",
-        "cloudwatch",
-        "logs"
-    ],
-    "IsMultiRegionTrail": true,
-    "IsLogging": true
+  "Name": "ShipSecStudioTrail",
+  "S3BucketName": "shipsec-cloudtrail-logs-123456789012",
+  "IncludeServiceNames": ["cloudtrail", "cloudwatch", "logs"],
+  "IsMultiRegionTrail": true,
+  "IsLogging": true
 }
 ```
 
@@ -351,20 +340,20 @@ Monitor credential usage and API calls.
 
 ```json
 {
-    "AlarmName": "ShipSecAPIErrorRate",
-    "MetricName": "Sum",
-    "Namespace": "AWS/CloudTrail",
-    "Statistic": "Sum",
-    "Period": 300,
-    "EvaluationPeriods": 2,
-    "Threshold": 10,
-    "ComparisonOperator": "GreaterThanThreshold",
-    "Dimensions": [
-        {
-            "Name": "TrailName",
-            "Value": "ShipSecStudioTrail"
-        }
-    ]
+  "AlarmName": "ShipSecAPIErrorRate",
+  "MetricName": "Sum",
+  "Namespace": "AWS/CloudTrail",
+  "Statistic": "Sum",
+  "Period": 300,
+  "EvaluationPeriods": 2,
+  "Threshold": 10,
+  "ComparisonOperator": "GreaterThanThreshold",
+  "Dimensions": [
+    {
+      "Name": "TrailName",
+      "Value": "ShipSecStudioTrail"
+    }
+  ]
 }
 ```
 
@@ -373,6 +362,7 @@ Monitor credential usage and API calls.
 ### Common Issues
 
 **Credential Denied**
+
 ```bash
 # Check credentials
 aws sts get-caller-identity
@@ -382,6 +372,7 @@ aws iam get-user --user-name ShipSecUser
 ```
 
 **Region Mismatch**
+
 ```bash
 # Check current region
 aws configure get region
@@ -391,6 +382,7 @@ aws configure set region us-east-1
 ```
 
 **Network Connectivity**
+
 ```bash
 # Test AWS connectivity
 aws s3 ls s3://test-bucket
@@ -465,4 +457,4 @@ steps:
 - [AWS IAM Documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/)
 - [AWS Security Best Practices](https://docs.aws.amazon.com/security-guide/latest/)
 - [ShipSec Studio MCP Documentation](./mcp-library.md)
-- [ShipSec Studio Architecture](https://docs.shipsec.ai)
+- [ShipSec Studio Architecture](https://docs.shipsec.ai)
diff --git a/docs/mcp-library.md b/docs/mcp-library.md
@@ -17,6 +17,7 @@ The MCP Library component provides a centralized way to select and enable multip
 ## Ports
 
 **Outputs:**
+
 - `tools` (contract: `mcp.tool`) - Anchor port for tool registration. Connect this to AI Agent's tools input.
 
 ## Parameters
@@ -71,6 +72,7 @@ graph TD
 ```
 
 **Steps:**
+
 1. Add MCP Library node and select AWS CloudTrail + CloudWatch servers
 2. Add AI Agent node and connect MCP Library tools to AI Agent tools
 3. Add a Report Generator node to format the results
@@ -156,6 +158,7 @@ services:
 ### Filesystem Server
 
 The filesystem server provides access to:
+
 - Temporary directories for each workflow run
 - Shared volumes between containers
 - Host file system (when explicitly configured)
@@ -166,11 +169,11 @@ The filesystem server provides access to:
 
 ### Choosing the Right Servers
 
-| Server | Best For | Tools Available |
-|--------|----------|-----------------|
-| AWS CloudTrail | API activity monitoring, security auditing, compliance | 15 tools |
-| AWS CloudWatch | Metrics, logs, alarms, real-time monitoring | 8 tools |
-| Filesystem | File operations, data processing, temp files | 6 tools |
+| Server         | Best For                                               | Tools Available |
+| -------------- | ------------------------------------------------------ | --------------- |
+| AWS CloudTrail | API activity monitoring, security auditing, compliance | 15 tools        |
+| AWS CloudWatch | Metrics, logs, alarms, real-time monitoring            | 8 tools         |
+| Filesystem     | File operations, data processing, temp files           | 6 tools         |
 
 ### Health Status Indicators
 
@@ -183,16 +186,19 @@ The filesystem server provides access to:
 ### Common Issues
 
 **Servers Not Loading**
+
 - Check backend API: `curl http://localhost:3000/api/v1/mcp-servers`
 - Verify backend service is running
 - Check network connectivity
 
 **Tools Not Available to AI Agent**
+
 - Ensure MCP Library is connected to AI Agent tools port
 - Check Tool Registry for registered tools
 - Verify MCP Gateway is running
 
 **Container Spawning Failed**
+
 - Check Docker is running and accessible
 - Verify image exists: `shipsec/mcp-stdio-proxy:latest`
 - Check container resource limits
@@ -236,4 +242,4 @@ curl http://localhost:3000/mcp/gateway/health
 - [MCP Architecture Documentation](/docs/architecture.mdx)
 - [AI Agent Component Documentation](/docs/ai-agent.md)
 - [Component Development Guide](/docs/components.md)
-- [ShipSec Studio Architecture](https://docs.shipsec.ai)
+- [ShipSec Studio Architecture](https://docs.shipsec.ai)