Add MkDocs documentation site for wairz.ai

MkDocs Material theme with dark mode, GitHub Actions workflow for
GitHub Pages deployment, and docs seeded from README content covering
all features, MCP tools reference, configuration, and architecture.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: digitalandrew

.github/workflows/docs.yml

@@ -0,0 +1,40 @@
+name: Deploy Docs
+on:
+  push:
+    branches: [main]
+    paths:
+      - 'docs/**'
+      - 'mkdocs.yml'
+
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+concurrency:
+  group: "pages"
+  cancel-in-progress: false
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+      - run: pip install mkdocs-material
+      - run: mkdocs build --strict
+      - uses: actions/upload-pages-artifact@v3
+        with:
+          path: site/
+
+  deploy:
+    needs: build
+    runs-on: ubuntu-latest
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    steps:
+      - id: deployment
+        uses: actions/deploy-pages@v4

.gitignore

@@ -29,5 +29,8 @@ Thumbs.db
 node_modules/
 frontend/dist/
 
+# MkDocs
+site/
+
 # Docker
 docker-compose.override.yml

docs/CNAME

@@ -0,0 +1 @@
+wairz.ai

docs/architecture.md

@@ -0,0 +1,132 @@
+# Architecture
+
+## System Overview
+
+```
+Claude Code / Claude Desktop
+        |
+        | MCP (stdio)
+        v
++------------------+     +------------------------------------+
+|   wairz-mcp      |---->|         FastAPI Backend             |
+|  (MCP server)    |     |                                      |
+|  60+ tools       |     |  Services: firmware, analysis,       |
++------------------+     |  emulation, fuzzing, sbom, uart      |
+                         |                                      |
+                         |  Ghidra headless - QEMU - AFL++      |
+                         +-----------+--------------------------|
+                                     |
++--------------+    +----------------+----------------+
+|   React SPA  |--->|  PostgreSQL    |  Redis         |
+|  (Frontend)  |    |                |                |
++--------------+    +----------------+----------------+
+
+Optional:
+  wairz-uart-bridge.py (host) <-- TCP:9999 --> Docker backend
+```
+
+## Tech Stack
+
+| Layer | Technology |
+|-------|------------|
+| Frontend | React 19, Vite, TypeScript, Tailwind CSS, shadcn/ui |
+| Code Viewer | Monaco Editor |
+| Component Graph | ReactFlow + Dagre |
+| Terminal | xterm.js |
+| State Management | Zustand |
+| Backend | Python 3.12, FastAPI, SQLAlchemy 2.0 (async), Alembic |
+| Database | PostgreSQL 16 |
+| Cache | Redis 7 |
+| Firmware Extraction | binwalk, sasquatch, jefferson, ubi_reader, cramfs-tools |
+| Binary Analysis | radare2 (r2pipe), pyelftools |
+| Decompilation | Ghidra 11.3.1 (headless) with custom analysis scripts |
+| Emulation | QEMU user-mode + system-mode (ARM, MIPS, MIPSel, AArch64) |
+| Fuzzing | AFL++ with QEMU mode |
+| SBOM | CycloneDX, NVD API (nvdlib) |
+| UART | pyserial (host-side bridge) |
+| AI Integration | MCP (Model Context Protocol) |
+| Containers | Docker + Docker Compose |
+
+## Project Structure
+
+```
+wairz/
+├── backend/
+│   ├── app/
+│   │   ├── main.py              # FastAPI application
+│   │   ├── config.py            # Settings (pydantic-settings)
+│   │   ├── database.py          # Async SQLAlchemy engine/session
+│   │   ├── mcp_server.py        # MCP server with dynamic project switching
+│   │   ├── models/              # SQLAlchemy ORM models
+│   │   ├── schemas/             # Pydantic request/response schemas
+│   │   ├── routers/             # REST API endpoints
+│   │   ├── services/            # Business logic
+│   │   ├── ai/                  # MCP tool registry + 60+ tool implementations
+│   │   │   └── tools/           # Organized by category
+│   │   └── utils/               # Path sandboxing, output truncation
+│   ├── alembic/                 # Database migrations
+│   └── pyproject.toml
+├── frontend/
+│   ├── src/
+│   │   ├── pages/               # Route pages
+│   │   ├── components/          # UI components
+│   │   ├── api/                 # API client functions
+│   │   ├── stores/              # Zustand state management
+│   │   └── types/               # TypeScript types
+│   └── package.json
+├── ghidra/
+│   ├── Dockerfile               # Ghidra headless container
+│   └── scripts/                 # Custom Java analysis scripts
+├── emulation/
+│   ├── Dockerfile               # QEMU container
+│   └── scripts/                 # Emulation helper scripts
+├── fuzzing/
+│   └── Dockerfile               # AFL++ container with QEMU mode
+├── scripts/
+│   └── wairz-uart-bridge.py     # Host-side UART serial bridge
+├── docker-compose.yml
+├── launch.sh
+├── .env.example
+└── CLAUDE.md
+```
+
+## Key Design Decisions
+
+### MCP as the AI Interface
+
+Rather than embedding an LLM in the backend, Wairz exposes analysis tools through MCP. This means:
+
+- Users bring their own Claude subscription (no API keys stored server-side)
+- The AI assistant runs in the user's Claude Code or Claude Desktop
+- Tools are composable — Claude can chain them together for complex analysis workflows
+
+### Isolated Execution Environments
+
+Firmware binaries are never executed on the host. All execution happens in isolated Docker containers:
+
+- **Emulation** — QEMU runs inside a dedicated container with resource limits
+- **Fuzzing** — AFL++ runs in a separate container
+- Both are on an isolated Docker network
+
+### Async Everything
+
+The backend is fully async:
+
+- SQLAlchemy async sessions with asyncpg
+- `asyncio.create_subprocess_exec` for running Ghidra, binwalk, etc.
+- Background tasks for long-running operations (firmware unpacking)
+- Non-blocking API endpoints
+
+### Caching Strategy
+
+Analysis results are cached aggressively:
+
+- **Ghidra decompilation** — Cached by binary hash + function name in PostgreSQL
+- **SBOM data** — Cached after first generation
+- **Firmware metadata** — Extracted once during unpacking
+
+### Security Boundaries
+
+- **Path traversal prevention** — All file access validated against the extracted firmware root via `sandbox.py`
+- **Output truncation** — MCP tool outputs capped at 30KB to prevent client issues
+- **Resource limits** — Emulation and fuzzing containers have memory and CPU limits

docs/assets/wairz_logo.png

@@ -0,0 +1,82 @@
+# Configuration
+
+All Wairz settings are configured via environment variables or a `.env` file in the project root. Copy `.env.example` to `.env` to get started:
+
+```bash
+cp .env.example .env
+```
+
+## Environment Variables
+
+### Core
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `DATABASE_URL` | `postgresql+asyncpg://wairz:wairz@postgres:5432/wairz` | PostgreSQL connection string (asyncpg driver) |
+| `REDIS_URL` | `redis://redis:6379/0` | Redis connection string |
+| `STORAGE_ROOT` | `/data/firmware` | Directory where firmware files are stored on disk |
+| `LOG_LEVEL` | `INFO` | Logging level (DEBUG, INFO, WARNING, ERROR) |
+
+### Firmware
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `MAX_UPLOAD_SIZE_MB` | `500` | Maximum firmware upload size in megabytes |
+| `MAX_TOOL_OUTPUT_KB` | `30` | MCP tool output truncation limit in kilobytes |
+
+### Ghidra
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `GHIDRA_PATH` | `/opt/ghidra` | Ghidra headless installation path |
+| `GHIDRA_SCRIPTS_PATH` | `/opt/ghidra-scripts` | Custom Ghidra analysis scripts path |
+| `GHIDRA_TIMEOUT` | `120` | Decompilation timeout in seconds |
+
+### Emulation
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `EMULATION_IMAGE` | `wairz-emulation` | Docker image for QEMU containers |
+| `EMULATION_NETWORK` | `emulation_net` | Docker network for emulation containers |
+
+### Fuzzing
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `FUZZING_IMAGE` | `wairz-fuzzing` | Docker image for AFL++ containers |
+| `FUZZING_TIMEOUT_MINUTES` | `120` | Maximum fuzzing campaign duration in minutes |
+| `FUZZING_MAX_CAMPAIGNS` | `1` | Maximum concurrent fuzzing campaigns per project |
+
+### UART Bridge
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `UART_BRIDGE_HOST` | `host.docker.internal` | Hostname of the UART bridge on the host machine |
+| `UART_BRIDGE_PORT` | `9999` | TCP port the UART bridge listens on |
+
+### External APIs
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `NVD_API_KEY` | *(empty)* | Optional NVD API key for higher rate limits during CVE scanning |
+
+## Docker Compose
+
+The default `docker-compose.yml` starts all services. Key port mappings:
+
+| Service | Host Port | Container Port |
+|---------|-----------|----------------|
+| Frontend | 3000 | 3000 |
+| Backend API | 8000 | 8000 |
+| PostgreSQL | 5432 | 5432 |
+| Redis | 6379 | 6379 |
+
+## Local Development
+
+For local development without Docker, set the database and Redis URLs to point to your local instances:
+
+```env
+DATABASE_URL=postgresql+asyncpg://wairz:wairz@localhost:5432/wairz
+REDIS_URL=redis://localhost:6379/0
+STORAGE_ROOT=./data/firmware
+```

docs/configuration.md

@@ -0,0 +1,86 @@
+# Binary Analysis
+
+Wairz provides deep binary analysis using Ghidra headless for decompilation and custom analysis scripts for cross-references, dataflow tracing, and more.
+
+## Functions
+
+List all functions in an ELF binary, sorted by size (largest first). Large custom functions are typically the most interesting for security analysis.
+
+!!! note
+    The first analysis of a binary triggers Ghidra headless processing, which takes 1-3 minutes. Subsequent calls use cached results.
+
+## Decompilation
+
+View Ghidra pseudo-C decompilation of any function. The decompiled output is much easier to read than assembly and is the primary tool for understanding binary logic.
+
+Claude can also clean up decompiled code — renaming variables, adding comments — and save the result for viewing in the web UI's "AI Cleaned" toggle.
+
+## Disassembly
+
+View raw assembly instructions for any function. Useful for verifying decompilation accuracy or analyzing low-level behavior.
+
+## Cross-References
+
+- **Xrefs To** — Find all locations that call or reference a given function
+- **Xrefs From** — Find all functions called by a given function
+- **Find Callers** — Find all call sites of a function across the binary, including aliases
+
+## Dataflow Tracing
+
+Trace data from user-controlled sources to dangerous sinks:
+
+- **Sources:** `websGetVar`, `getenv`, `recv`, `read`, `nvram_get`, `fgets`
+- **Sinks:** `system`, `popen`, `exec*`, `sprintf`, `strcpy`
+
+This is the highest-impact tool for finding vulnerabilities in embedded web interfaces (e.g., router `httpd` binaries with `goform` handlers).
+
+## Cross-Binary Dataflow
+
+Trace data flows across multiple firmware binaries via IPC mechanisms:
+
+- **nvram** — `nvram_get`/`nvram_set` pairs
+- **config** — Config get/set operations
+- **file** — File I/O between binaries
+
+## String References
+
+Find all functions that reference strings matching a pattern. Useful for tracing interesting strings (URLs, format strings, parameter names) back to the code that uses them.
+
+## Stack & Global Layout
+
+- **Stack Layout** — View local variables, offsets, sizes, and buffer-to-return-address distances for overflow analysis
+- **Global Layout** — Map global variables around a target symbol to understand overflow impact
+
+## Binary Protections
+
+Check security protections (equivalent to `checksec`):
+
+| Protection | Description |
+|------------|-------------|
+| NX | No-execute (DEP) |
+| RELRO | Read-only relocations |
+| Canary | Stack canaries |
+| PIE | Position-independent executable |
+| Fortify | Fortify Source |
+| Stripped | Symbol table removed |
+
+Use `check_all_binary_protections` to scan all binaries and sort by protection score (least protected first).
+
+## MCP Tools
+
+| Tool | Description |
+|------|-------------|
+| `list_functions` | List functions sorted by size |
+| `decompile_function` | Ghidra pseudo-C decompilation |
+| `disassemble_function` | Assembly instructions |
+| `list_imports` / `list_exports` | Imported and exported symbols |
+| `xrefs_to` / `xrefs_from` | Cross-references |
+| `find_callers` | All call sites of a function |
+| `find_string_refs` | Functions referencing matching strings |
+| `trace_dataflow` | Source-to-sink dataflow analysis |
+| `cross_binary_dataflow` | Cross-binary IPC tracing |
+| `get_stack_layout` / `get_global_layout` | Memory layout analysis |
+| `check_binary_protections` | Security protections check |
+| `resolve_import` | Find and decompile imported functions |
+| `search_binary_content` | Search for byte/string/disasm patterns |
+| `get_binary_info` | ELF metadata and linked libraries |

docs/features/binary-analysis.md

@@ -0,0 +1,41 @@
+# Firmware Comparison
+
+Wairz can compare firmware versions to identify changes between releases — useful for patch analysis, understanding what a vendor fixed or modified.
+
+## Filesystem Diff
+
+Compare two firmware versions' filesystems to see:
+
+- **Added files** — New files in the newer version
+- **Removed files** — Files deleted in the newer version
+- **Modified files** — Files with changed content (compared by hash)
+- **Permission changes** — Files with changed permissions
+
+## Binary Diff
+
+Compare a specific binary between two firmware versions at the function level:
+
+- **Added functions** — New functions in the newer version
+- **Removed functions** — Functions deleted in the newer version
+- **Modified functions** — Functions with size changes
+
+## Decompilation Diff
+
+Side-by-side decompilation comparison — decompile the same function from two firmware versions and produce a unified diff. Shows exactly what changed in the pseudo-C code.
+
+This is the most detailed comparison level, useful for understanding precisely what a vendor patched.
+
+## Usage
+
+1. Upload multiple firmware versions to the same project
+2. Use `list_firmware_versions` to see available versions and their IDs
+3. Run comparison tools with the firmware IDs
+
+## MCP Tools
+
+| Tool | Description |
+|------|-------------|
+| `list_firmware_versions` | List uploaded firmware versions |
+| `diff_firmware` | Compare filesystem trees |
+| `diff_binary` | Compare binary functions |
+| `diff_decompilation` | Side-by-side decompilation diff |