diff --git a/fuzzforge-mcp/src/fuzzforge_mcp/application.py b/fuzzforge-mcp/src/fuzzforge_mcp/application.py
index 57dcf0c..bd49a55 100644
--- a/fuzzforge-mcp/src/fuzzforge_mcp/application.py
+++ b/fuzzforge-mcp/src/fuzzforge_mcp/application.py
@@ -47,15 +47,46 @@ FuzzForge is a security research orchestration platform. Use these tools to:
 
 Typical workflow:
 1. Initialize a project with `init_project`
-2. Set project assets with `set_project_assets` (optional, only needed once for the source directory)
+2. Set project assets with `set_project_assets` — path to the directory containing
+   target files (firmware images, binaries, source code, etc.)
 3. List available hub servers with `list_hub_servers`
 4. Discover tools from servers with `discover_hub_tools`
 5. Execute hub tools with `execute_hub_tool`
 
-Hub workflow:
-1. List available hub servers with `list_hub_servers`
-2. Discover tools from servers with `discover_hub_tools`
-3. Execute hub tools with `execute_hub_tool`
+Agent context convention:
+When you call `discover_hub_tools`, some servers return an `agent_context` field
+with usage tips, known issues, rule templates, and workflow guidance. Always read
+this context before using the server's tools.
+
+File access in containers:
+- Assets set via `set_project_assets` are mounted read-only at `/app/uploads/` and `/app/samples/`
+- A writable output directory is mounted at `/app/output/` — use it for extraction results, reports, etc.
+- Always use container paths (e.g. `/app/uploads/file`) when passing file arguments to hub tools
+
+Stateful tools:
+- Some tools (e.g. radare2-mcp) require multi-step sessions. Use `start_hub_server` to launch
+  a persistent container, then `execute_hub_tool` calls reuse that container. Stop with `stop_hub_server`.
+
+Firmware analysis pipeline (when analyzing firmware images):
+1. **binwalk-mcp** (`binwalk_scan` + `binwalk_extract`) — identify and extract filesystem from firmware
+2. **yara-mcp** (`yara_scan_with_rules`) — scan extracted files with vulnerability rules to prioritize targets
+3. **radare2-mcp** (persistent session) — confirm dangerous code paths
+4. **searchsploit-mcp** (`search_exploitdb`) — query version strings from radare2 against ExploitDB
+   Run steps 3 and 4 outputs feed into a final triage summary.
+
+radare2-mcp agent context (upstream tool — no embedded context):
+- Start a persistent session with `start_hub_server("radare2-mcp")` before any calls.
+- IMPORTANT: the `open_file` tool requires the parameter name `file_path` (with underscore),
+  not `filepath`. Example: `execute_hub_tool("hub:radare2-mcp:open_file", {"file_path": "/app/output/..."})`
+- Workflow: `open_file` → `analyze` → `list_imports` → `xrefs_to` → `run_command` with `pdf @ <addr>`.
+- Static binary fallback: firmware binaries are often statically linked. When `list_imports`
+  returns an empty result, fall back to `list_symbols` and search for dangerous function names
+  (system, strcpy, gets, popen, sprintf) in the output. Then use `xrefs_to` on their addresses.
+- For string extraction, use `run_command` with `iz` (data section strings).
+  The `list_all_strings` tool may return garbled output for large binaries.
+- For decompilation, use `run_command` with `pdc @ <addr>` (pseudo-C) or `pdf @ <addr>`
+  (annotated disassembly). The `decompile` tool may fail with "not available in current mode".
+- Stop the session with `stop_hub_server("radare2-mcp")` when done.
 """,
     lifespan=lifespan,
 )
diff --git a/hub-config.json b/hub-config.json
index 1bc90ec..f922a66 100644
--- a/hub-config.json
+++ b/hub-config.json
@@ -1 +1,513 @@
-{"servers": []}
+{
+  "servers": [
+    {
+      "name": "bloodhound-mcp",
+      "description": "bloodhound-mcp \u2014 active-directory",
+      "type": "docker",
+      "image": "bloodhound-mcp:latest",
+      "category": "active-directory",
+      "capabilities": [],
+      "volumes": [
+        "/home/afredefon/.fuzzforge/hub/workspace:/data"
+      ],
+      "enabled": true,
+      "source_hub": "mcp-security-hub"
+    },
+    {
+      "name": "binwalk-mcp",
+      "description": "binwalk-mcp \u2014 binary-analysis",
+      "type": "docker",
+      "image": "binwalk-mcp:latest",
+      "category": "binary-analysis",
+      "capabilities": [],
+      "volumes": [
+        "/home/afredefon/.fuzzforge/hub/workspace:/data"
+      ],
+      "enabled": true,
+      "source_hub": "mcp-security-hub"
+    },
+    {
+      "name": "capa-mcp",
+      "description": "capa-mcp \u2014 binary-analysis",
+      "type": "docker",
+      "image": "capa-mcp:latest",
+      "category": "binary-analysis",
+      "capabilities": [],
+      "volumes": [
+        "/home/afredefon/.fuzzforge/hub/workspace:/data"
+      ],
+      "enabled": true,
+      "source_hub": "mcp-security-hub"
+    },
+    {
+      "name": "ghidra-mcp",
+      "description": "ghidra-mcp \u2014 binary-analysis",
+      "type": "docker",
+      "image": "ghidra-mcp:latest",
+      "category": "binary-analysis",
+      "capabilities": [],
+      "volumes": [
+        "/home/afredefon/.fuzzforge/hub/workspace:/data"
+      ],
+      "enabled": true,
+      "source_hub": "mcp-security-hub"
+    },
+    {
+      "name": "ida-mcp",
+      "description": "ida-mcp \u2014 binary-analysis",
+      "type": "docker",
+      "image": "ida-mcp:latest",
+      "category": "binary-analysis",
+      "capabilities": [],
+      "volumes": [
+        "/home/afredefon/.fuzzforge/hub/workspace:/data"
+      ],
+      "enabled": true,
+      "source_hub": "mcp-security-hub"
+    },
+    {
+      "name": "radare2-mcp",
+      "description": "radare2-mcp \u2014 binary-analysis",
+      "type": "docker",
+      "image": "radare2-mcp:latest",
+      "category": "binary-analysis",
+      "capabilities": [],
+      "volumes": [
+        "/home/afredefon/.fuzzforge/hub/workspace:/data"
+      ],
+      "enabled": true,
+      "source_hub": "mcp-security-hub"
+    },
+    {
+      "name": "yara-mcp",
+      "description": "yara-mcp \u2014 binary-analysis",
+      "type": "docker",
+      "image": "yara-mcp:latest",
+      "category": "binary-analysis",
+      "capabilities": [],
+      "volumes": [
+        "/home/afredefon/.fuzzforge/hub/workspace:/data"
+      ],
+      "enabled": true,
+      "source_hub": "mcp-security-hub"
+    },
+    {
+      "name": "daml-viewer-mcp",
+      "description": "daml-viewer-mcp \u2014 blockchain",
+      "type": "docker",
+      "image": "daml-viewer-mcp:latest",
+      "category": "blockchain",
+      "capabilities": [],
+      "volumes": [
+        "/home/afredefon/.fuzzforge/hub/workspace:/data"
+      ],
+      "enabled": true,
+      "source_hub": "mcp-security-hub"
+    },
+    {
+      "name": "medusa-mcp",
+      "description": "medusa-mcp \u2014 blockchain",
+      "type": "docker",
+      "image": "medusa-mcp:latest",
+      "category": "blockchain",
+      "capabilities": [],
+      "volumes": [
+        "/home/afredefon/.fuzzforge/hub/workspace:/data"
+      ],
+      "enabled": true,
+      "source_hub": "mcp-security-hub"
+    },
+    {
+      "name": "solazy-mcp",
+      "description": "solazy-mcp \u2014 blockchain",
+      "type": "docker",
+      "image": "solazy-mcp:latest",
+      "category": "blockchain",
+      "capabilities": [],
+      "volumes": [
+        "/home/afredefon/.fuzzforge/hub/workspace:/data"
+      ],
+      "enabled": true,
+      "source_hub": "mcp-security-hub"
+    },
+    {
+      "name": "prowler-mcp",
+      "description": "prowler-mcp \u2014 cloud-security",
+      "type": "docker",
+      "image": "prowler-mcp:latest",
+      "category": "cloud-security",
+      "capabilities": [],
+      "volumes": [
+        "/home/afredefon/.fuzzforge/hub/workspace:/data"
+      ],
+      "enabled": true,
+      "source_hub": "mcp-security-hub"
+    },
+    {
+      "name": "roadrecon-mcp",
+      "description": "roadrecon-mcp \u2014 cloud-security",
+      "type": "docker",
+      "image": "roadrecon-mcp:latest",
+      "category": "cloud-security",
+      "capabilities": [],
+      "volumes": [
+        "/home/afredefon/.fuzzforge/hub/workspace:/data"
+      ],
+      "enabled": true,
+      "source_hub": "mcp-security-hub"
+    },
+    {
+      "name": "trivy-mcp",
+      "description": "trivy-mcp \u2014 cloud-security",
+      "type": "docker",
+      "image": "trivy-mcp:latest",
+      "category": "cloud-security",
+      "capabilities": [],
+      "volumes": [
+        "/home/afredefon/.fuzzforge/hub/workspace:/data"
+      ],
+      "enabled": true,
+      "source_hub": "mcp-security-hub"
+    },
+    {
+      "name": "semgrep-mcp",
+      "description": "semgrep-mcp \u2014 code-security",
+      "type": "docker",
+      "image": "semgrep-mcp:latest",
+      "category": "code-security",
+      "capabilities": [],
+      "volumes": [
+        "/home/afredefon/.fuzzforge/hub/workspace:/data"
+      ],
+      "enabled": true,
+      "source_hub": "mcp-security-hub"
+    },
+    {
+      "name": "searchsploit-mcp",
+      "description": "searchsploit-mcp \u2014 exploitation",
+      "type": "docker",
+      "image": "searchsploit-mcp:latest",
+      "category": "exploitation",
+      "capabilities": [],
+      "volumes": [
+        "/home/afredefon/.fuzzforge/hub/workspace:/data"
+      ],
+      "enabled": true,
+      "source_hub": "mcp-security-hub"
+    },
+    {
+      "name": "boofuzz-mcp",
+      "description": "boofuzz-mcp \u2014 fuzzing",
+      "type": "docker",
+      "image": "boofuzz-mcp:latest",
+      "category": "fuzzing",
+      "capabilities": [],
+      "volumes": [
+        "/home/afredefon/.fuzzforge/hub/workspace:/data"
+      ],
+      "enabled": true,
+      "source_hub": "mcp-security-hub"
+    },
+    {
+      "name": "dharma-mcp",
+      "description": "dharma-mcp \u2014 fuzzing",
+      "type": "docker",
+      "image": "dharma-mcp:latest",
+      "category": "fuzzing",
+      "capabilities": [],
+      "volumes": [
+        "/home/afredefon/.fuzzforge/hub/workspace:/data"
+      ],
+      "enabled": true,
+      "source_hub": "mcp-security-hub"
+    },
+    {
+      "name": "dnstwist-mcp",
+      "description": "dnstwist-mcp \u2014 osint",
+      "type": "docker",
+      "image": "dnstwist-mcp:latest",
+      "category": "osint",
+      "capabilities": [],
+      "volumes": [
+        "/home/afredefon/.fuzzforge/hub/workspace:/data"
+      ],
+      "enabled": true,
+      "source_hub": "mcp-security-hub"
+    },
+    {
+      "name": "maigret-mcp",
+      "description": "maigret-mcp \u2014 osint",
+      "type": "docker",
+      "image": "maigret-mcp:latest",
+      "category": "osint",
+      "capabilities": [],
+      "volumes": [
+        "/home/afredefon/.fuzzforge/hub/workspace:/data"
+      ],
+      "enabled": true,
+      "source_hub": "mcp-security-hub"
+    },
+    {
+      "name": "hashcat-mcp",
+      "description": "hashcat-mcp \u2014 password-cracking",
+      "type": "docker",
+      "image": "hashcat-mcp:latest",
+      "category": "password-cracking",
+      "capabilities": [],
+      "volumes": [
+        "/home/afredefon/.fuzzforge/hub/workspace:/data"
+      ],
+      "enabled": true,
+      "source_hub": "mcp-security-hub"
+    },
+    {
+      "name": "externalattacker-mcp",
+      "description": "externalattacker-mcp \u2014 reconnaissance",
+      "type": "docker",
+      "image": "externalattacker-mcp:latest",
+      "category": "reconnaissance",
+      "capabilities": [
+        "NET_RAW"
+      ],
+      "volumes": [
+        "/home/afredefon/.fuzzforge/hub/workspace:/data"
+      ],
+      "enabled": true,
+      "source_hub": "mcp-security-hub"
+    },
+    {
+      "name": "masscan-mcp",
+      "description": "masscan-mcp \u2014 reconnaissance",
+      "type": "docker",
+      "image": "masscan-mcp:latest",
+      "category": "reconnaissance",
+      "capabilities": [
+        "NET_RAW"
+      ],
+      "volumes": [
+        "/home/afredefon/.fuzzforge/hub/workspace:/data"
+      ],
+      "enabled": true,
+      "source_hub": "mcp-security-hub"
+    },
+    {
+      "name": "networksdb-mcp",
+      "description": "networksdb-mcp \u2014 reconnaissance",
+      "type": "docker",
+      "image": "networksdb-mcp:latest",
+      "category": "reconnaissance",
+      "capabilities": [
+        "NET_RAW"
+      ],
+      "volumes": [
+        "/home/afredefon/.fuzzforge/hub/workspace:/data"
+      ],
+      "enabled": true,
+      "source_hub": "mcp-security-hub"
+    },
+    {
+      "name": "nmap-mcp",
+      "description": "nmap-mcp \u2014 reconnaissance",
+      "type": "docker",
+      "image": "nmap-mcp:latest",
+      "category": "reconnaissance",
+      "capabilities": [
+        "NET_RAW"
+      ],
+      "volumes": [
+        "/home/afredefon/.fuzzforge/hub/workspace:/data"
+      ],
+      "enabled": true,
+      "source_hub": "mcp-security-hub"
+    },
+    {
+      "name": "pd-tools-mcp",
+      "description": "pd-tools-mcp \u2014 reconnaissance",
+      "type": "docker",
+      "image": "pd-tools-mcp:latest",
+      "category": "reconnaissance",
+      "capabilities": [
+        "NET_RAW"
+      ],
+      "volumes": [
+        "/home/afredefon/.fuzzforge/hub/workspace:/data"
+      ],
+      "enabled": true,
+      "source_hub": "mcp-security-hub"
+    },
+    {
+      "name": "shodan-mcp",
+      "description": "shodan-mcp \u2014 reconnaissance",
+      "type": "docker",
+      "image": "shodan-mcp:latest",
+      "category": "reconnaissance",
+      "capabilities": [
+        "NET_RAW"
+      ],
+      "volumes": [
+        "/home/afredefon/.fuzzforge/hub/workspace:/data"
+      ],
+      "enabled": true,
+      "source_hub": "mcp-security-hub"
+    },
+    {
+      "name": "whatweb-mcp",
+      "description": "whatweb-mcp \u2014 reconnaissance",
+      "type": "docker",
+      "image": "whatweb-mcp:latest",
+      "category": "reconnaissance",
+      "capabilities": [
+        "NET_RAW"
+      ],
+      "volumes": [
+        "/home/afredefon/.fuzzforge/hub/workspace:/data"
+      ],
+      "enabled": true,
+      "source_hub": "mcp-security-hub"
+    },
+    {
+      "name": "zoomeye-mcp",
+      "description": "zoomeye-mcp \u2014 reconnaissance",
+      "type": "docker",
+      "image": "zoomeye-mcp:latest",
+      "category": "reconnaissance",
+      "capabilities": [
+        "NET_RAW"
+      ],
+      "volumes": [
+        "/home/afredefon/.fuzzforge/hub/workspace:/data"
+      ],
+      "enabled": true,
+      "source_hub": "mcp-security-hub"
+    },
+    {
+      "name": "gitleaks-mcp",
+      "description": "gitleaks-mcp \u2014 secrets",
+      "type": "docker",
+      "image": "gitleaks-mcp:latest",
+      "category": "secrets",
+      "capabilities": [],
+      "volumes": [
+        "/home/afredefon/.fuzzforge/hub/workspace:/data"
+      ],
+      "enabled": true,
+      "source_hub": "mcp-security-hub"
+    },
+    {
+      "name": "otx-mcp",
+      "description": "otx-mcp \u2014 threat-intel",
+      "type": "docker",
+      "image": "otx-mcp:latest",
+      "category": "threat-intel",
+      "capabilities": [],
+      "volumes": [
+        "/home/afredefon/.fuzzforge/hub/workspace:/data"
+      ],
+      "enabled": true,
+      "source_hub": "mcp-security-hub"
+    },
+    {
+      "name": "virustotal-mcp",
+      "description": "virustotal-mcp \u2014 threat-intel",
+      "type": "docker",
+      "image": "virustotal-mcp:latest",
+      "category": "threat-intel",
+      "capabilities": [],
+      "volumes": [
+        "/home/afredefon/.fuzzforge/hub/workspace:/data"
+      ],
+      "enabled": true,
+      "source_hub": "mcp-security-hub"
+    },
+    {
+      "name": "burp-mcp",
+      "description": "burp-mcp \u2014 web-security",
+      "type": "docker",
+      "image": "burp-mcp:latest",
+      "category": "web-security",
+      "capabilities": [
+        "NET_RAW"
+      ],
+      "volumes": [
+        "/home/afredefon/.fuzzforge/hub/workspace:/data"
+      ],
+      "enabled": true,
+      "source_hub": "mcp-security-hub"
+    },
+    {
+      "name": "ffuf-mcp",
+      "description": "ffuf-mcp \u2014 web-security",
+      "type": "docker",
+      "image": "ffuf-mcp:latest",
+      "category": "web-security",
+      "capabilities": [
+        "NET_RAW"
+      ],
+      "volumes": [
+        "/home/afredefon/.fuzzforge/hub/workspace:/data"
+      ],
+      "enabled": true,
+      "source_hub": "mcp-security-hub"
+    },
+    {
+      "name": "nikto-mcp",
+      "description": "nikto-mcp \u2014 web-security",
+      "type": "docker",
+      "image": "nikto-mcp:latest",
+      "category": "web-security",
+      "capabilities": [
+        "NET_RAW"
+      ],
+      "volumes": [
+        "/home/afredefon/.fuzzforge/hub/workspace:/data"
+      ],
+      "enabled": true,
+      "source_hub": "mcp-security-hub"
+    },
+    {
+      "name": "nuclei-mcp",
+      "description": "nuclei-mcp \u2014 web-security",
+      "type": "docker",
+      "image": "nuclei-mcp:latest",
+      "category": "web-security",
+      "capabilities": [
+        "NET_RAW"
+      ],
+      "volumes": [
+        "/home/afredefon/.fuzzforge/hub/workspace:/data"
+      ],
+      "enabled": true,
+      "source_hub": "mcp-security-hub"
+    },
+    {
+      "name": "sqlmap-mcp",
+      "description": "sqlmap-mcp \u2014 web-security",
+      "type": "docker",
+      "image": "sqlmap-mcp:latest",
+      "category": "web-security",
+      "capabilities": [
+        "NET_RAW"
+      ],
+      "volumes": [
+        "/home/afredefon/.fuzzforge/hub/workspace:/data"
+      ],
+      "enabled": true,
+      "source_hub": "mcp-security-hub"
+    },
+    {
+      "name": "waybackurls-mcp",
+      "description": "waybackurls-mcp \u2014 web-security",
+      "type": "docker",
+      "image": "waybackurls-mcp:latest",
+      "category": "web-security",
+      "capabilities": [
+        "NET_RAW"
+      ],
+      "volumes": [
+        "/home/afredefon/.fuzzforge/hub/workspace:/data"
+      ],
+      "enabled": true,
+      "source_hub": "mcp-security-hub"
+    }
+  ]
+}
\ No newline at end of file