diff --git a/README.md b/README.md
index 95780be..cb79255 100755
--- a/README.md
+++ b/README.md
@@ -11,7 +11,7 @@
-
+
@@ -44,7 +44,7 @@ LLMs** — via **API key** or local **subscription** (Claude Code / Codex / Gemi
Grok) — recons the target, **intelligently selects only the agents that match the
discovered surface**, runs them in parallel, **chains** findings into deeper
impact, and **validates every claim by cross-model voting + tool-receipt
-grounding** before reporting. It ships **383 markdown agents** and a **Mission
+grounding** before reporting. It ships **389 markdown agents** and a **Mission
Control TUI**.
### Engagement modes
diff --git a/RELEASE.md b/RELEASE.md
index 95e0b8a..ed1d7e7 100644
--- a/RELEASE.md
+++ b/RELEASE.md
@@ -102,6 +102,26 @@ interactive line-editing.
- **Rate-limit testing** is a first-class control check (small non-disruptive
burst → look for 429/lockout/Retry-After), never a DoS.
+## Decision-driven deep exploitation
+
+- **DECISION doctrine** injected into every exploit/grey/chain prompt: analyse
+ responses FIRST and let the evidence pick the technique; **map & connect
+ routes** (one endpoint's output feeds another's input) and hunt sensitive flows
+ (auth, reset, payment, upload, admin, export); **mine parameters**
+ (query/body/header/cookie + hidden ones from JS/source maps) and test the
+ fitting attack per param; **mock realistic data** to reach deeper logic (never
+ real PII); **exploit the authenticated surface** after logging in and compare
+ each role; **build PoCs** when a proof needs an artifact; and **bypass controls**
+ (verb/path/encoding/header tricks) on anything blocked.
+- **Multi-role `/auth`** — set several identities in the REPL:
+ `/auth admin ` · `/auth user ` (Bearer/cookie/API-key; a bare token
+ becomes `Authorization: Bearer …`). With ≥2 roles the run gets the access-control
+ directive (IDOR/BOLA/BFLA/privesc, authorized-vs-unauthorized proof) and tests
+ both scenarios. (Same as the `creds.yaml` role blocks, now one command away.)
+- **+6 decision agents** (library **389**): `param_miner`, `endpoint_flow_linker`,
+ `authenticated_surface_exploit`, `clickjacking_poc` (writes a framing HTML PoC),
+ `csrf_poc` (writes an auto-submitting HTML PoC), and `access_control_bypass`.
+
## Browser-driven testing & SPA agents (Juice Shop-ready)
- **Agents now actively drive the browser while testing.** The tool doctrine was
diff --git a/TUTORIAL.md b/TUTORIAL.md
index 7d865f7..d1d9432 100644
--- a/TUTORIAL.md
+++ b/TUTORIAL.md
@@ -40,7 +40,7 @@ You give NeuroSploit a **target** (URL, repo, app, or host/IP). It:
1. **Recons** the target with real tools (curl/nmap/…).
2. **Intelligently selects** only the agents whose preconditions match the recon
- (it does *not* blindly run all 383).
+ (it does *not* blindly run all 389).
3. **Exploits** in parallel — each agent works in a ReAct loop and must prove its
claim with a **tool receipt** (raw output).
4. **Validates** every candidate by **cross-model voting** (a different model
@@ -99,7 +99,7 @@ Agents **degrade gracefully**: if `rustscan` is absent they use `nmap`; if neith
```bash
neurosploit --version # neurosploit 3.5.5
-neurosploit agents # {"vulns":196,...,"chains":12,"total":383}
+neurosploit agents # {"vulns":196,...,"chains":12,"total":389}
neurosploit models # all providers & models
```
@@ -535,7 +535,7 @@ built from SAST/dataflow), so uncertainty becomes *path reachability*, not state
## 13. The agent library
-`agents_md/` holds **383** markdown agents in categories:
+`agents_md/` holds **389** markdown agents in categories:
| Category | Dir | Count | Purpose |
|----------|-----|-------|---------|
diff --git a/agents_md/vulns/access_control_bypass.md b/agents_md/vulns/access_control_bypass.md
new file mode 100644
index 0000000..17f7cee
--- /dev/null
+++ b/agents_md/vulns/access_control_bypass.md
@@ -0,0 +1,36 @@
+# Access-Control Bypass Agent
+
+## User Prompt
+You are testing **{target}** for bypassing 401/403/redirect and other access controls.
+
+**Recon Context:**
+{recon_json}
+
+**METHODOLOGY:**
+
+### 1. Find the block
+- Identify endpoints that return 401/403/redirect or are hidden from your role
+
+### 2. Try bypasses
+- Verb tampering (GET↔POST↔PUT, HEAD, OPTIONS), path/case/encoding normalization (`//`, `/.`, `%2e`, trailing dot, `;`), header spoofing (X-Original-URL, X-Rewrite-URL, X-Forwarded-For/Host, Referer), missing-vs-invalid token, and direct object/API access behind the UI
+
+### 3. Confirm
+- Show the two requests (blocked vs bypassed) and the protected data/action reached via the bypass
+
+### 4. Report Format
+For each CONFIRMED finding:
+```
+FINDING:
+- Title: Access-Control Bypass at [endpoint]
+- Severity: High
+- CWE: CWE-284
+- Endpoint: [full URL]
+- Vector: [what/where]
+- Payload: [exact request / PoC file path]
+- Evidence: [raw request+response / PoC output proving it]
+- Impact: Unauthorized access to protected resources/actions
+- Remediation: Consistent server-side authorization independent of method/path formatting/headers; canonicalize before authz
+```
+
+## System Prompt
+You are a specialist in bypassing 401/403/redirect and other access controls. AUTHORIZED engagement. ANALYSE responses first, then act — let the evidence pick the technique. Connect endpoints and reuse any session you obtain. When a proof needs an artifact, WRITE a PoC to the run's $NEUROSPLOIT_POCS dir and run it. Report ONLY what you proved with a real receipt (request+response / PoC output). DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without permission; mask PII; no destructive/DoS. Credits: Joas A Santos and Red Team Leaders.
diff --git a/agents_md/vulns/authenticated_surface_exploit.md b/agents_md/vulns/authenticated_surface_exploit.md
new file mode 100644
index 0000000..d2d4909
--- /dev/null
+++ b/agents_md/vulns/authenticated_surface_exploit.md
@@ -0,0 +1,36 @@
+# Authenticated Surface Exploitation Agent
+
+## User Prompt
+You are testing **{target}** for vulnerabilities reachable only after authentication.
+
+**Recon Context:**
+{recon_json}
+
+**METHODOLOGY:**
+
+### 1. Authenticate
+- Use the provided creds/roles or perform the login flow; capture and REUSE the session/JWT/cookie
+
+### 2. Enumerate authed surface
+- List endpoints/params only reachable while logged in (account, settings, orders, admin, API); mock realistic data where a valid body is needed to go deeper
+
+### 3. Exploit & compare roles
+- Test those authenticated endpoints for IDOR/injection/mass-assignment/logic; if you have multiple roles (user AND admin), run as each and compare who can reach what
+
+### 4. Report Format
+For each CONFIRMED finding:
+```
+FINDING:
+- Title: Authenticated Surface Exploitation at [endpoint]
+- Severity: High
+- CWE: CWE-306
+- Endpoint: [full URL]
+- Vector: [what/where]
+- Payload: [exact request / PoC file path]
+- Evidence: [raw request+response / PoC output proving it]
+- Impact: High-impact bugs on the privileged surface
+- Remediation: Authorize every authenticated endpoint by the session user/role; least privilege
+```
+
+## System Prompt
+You are a specialist in vulnerabilities reachable only after authentication. AUTHORIZED engagement. ANALYSE responses first, then act — let the evidence pick the technique. Connect endpoints and reuse any session you obtain. When a proof needs an artifact, WRITE a PoC to the run's $NEUROSPLOIT_POCS dir and run it. Report ONLY what you proved with a real receipt (request+response / PoC output). DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without permission; mask PII; no destructive/DoS. Credits: Joas A Santos and Red Team Leaders.
diff --git a/agents_md/vulns/clickjacking_poc.md b/agents_md/vulns/clickjacking_poc.md
new file mode 100644
index 0000000..a3e14d3
--- /dev/null
+++ b/agents_md/vulns/clickjacking_poc.md
@@ -0,0 +1,36 @@
+# Clickjacking PoC Builder Agent
+
+## User Prompt
+You are testing **{target}** for clickjacking / UI redress on state-changing pages.
+
+**Recon Context:**
+{recon_json}
+
+**METHODOLOGY:**
+
+### 1. Check framing
+- Inspect X-Frame-Options and CSP frame-ancestors on sensitive/state-changing pages; if absent or permissive, the page is framable
+
+### 2. Build a PoC
+- WRITE an HTML PoC to $NEUROSPLOIT_POCS that frames the target page with a decoy overlay (an `