docs: Fix workflow references and module paths for v0.7.0

Updated all documentation to reflect actual v0.7.0 workflow implementation:

Workflow name changes:
- Removed all references to non-existent workflows (static_analysis_scan,
  secret_detection_scan, infrastructure_scan, penetration_testing_scan)
- Updated examples to use actual workflows (security_assessment, gitleaks_detection,
  trufflehog_detection, llm_secret_detection)
- Deleted docs/docs/reference/workflows/static-analysis.md (described non-existent workflow)

Content corrections:
- Fixed workflow tool descriptions (removed incorrect Semgrep/Bandit references,
  documented actual SecurityAnalyzer and FileScanner modules)
- Updated all workflow lists to show production-ready vs development status
- Fixed all example configurations to match actual workflow parameters

Module creation guide fixes:
- Fixed 4 path references: backend/src/toolbox → backend/toolbox
- Updated import statements in example code

Files updated:
- docs/index.md - workflow list, CLI example, broken tutorial links
- docs/docs/tutorial/getting-started.md - workflow list, example output, tool descriptions
- docs/docs/how-to/create-module.md - module paths and imports
- docs/docs/how-to/mcp-integration.md - workflow examples and list
- docs/docs/ai/prompts.md - workflow example
- docs/docs/reference/cli-ai.md - 3 workflow references

Author: tduhamel42

docs/docs/ai/prompts.md

@@ -20,7 +20,7 @@ Use the `fuzzforge ai agent` shell to mix structured slash commands with natural
 You> list available fuzzforge workflows
 Assistant> [returns workflow names, descriptions, and required parameters]
 
-You> run fuzzforge workflow static_analysis_scan on ./backend with target_branch=main
+You> run fuzzforge workflow security_assessment on ./backend
 Assistant> Submits the run, emits TaskStatusUpdateEvent entries, and links the SARIF artifact when complete.
 
 You> show findings for that run once it finishes

docs/docs/how-to/create-module.md

@@ -25,7 +25,7 @@ All FuzzForge modules inherit from a common `BaseModule` interface and use Pydan
 - `ModuleResult`: Standardized result format for module execution
 - `ModuleMetadata`: Describes module capabilities and requirements
 
-Modules are located in `backend/src/toolbox/modules/`.
+Modules are located in `backend/toolbox/modules/`.
 
 ---
 
@@ -34,7 +34,7 @@ Modules are located in `backend/src/toolbox/modules/`.
 Let’s create a simple example: a **License Scanner** module that detects license files and extracts license information.
 
 Create a new file:
-`backend/src/toolbox/modules/license_scanner.py`
+`backend/toolbox/modules/license_scanner.py`
 
 ```python
 import re
@@ -98,7 +98,7 @@ class LicenseScanner(BaseModule):
 
 ## Step 3: Register Your Module
 
-Add your module to `backend/src/toolbox/modules/__init__.py`:
+Add your module to `backend/toolbox/modules/__init__.py`:
 
 ```python
 from .license_scanner import LicenseScanner
@@ -115,7 +115,7 @@ Create a test file (e.g., `test_license_scanner.py`) and run your module against
 ```python
 import asyncio
 from pathlib import Path
-from backend.src.toolbox.modules.license_scanner import LicenseScanner
+from toolbox.modules.license_scanner import LicenseScanner
 
 async def main():
     workspace = Path("/path/to/your/test/project")

docs/docs/how-to/mcp-integration.md

@@ -81,14 +81,17 @@ You should see status responses and endpoint listings.
 {
   "tool": "submit_security_scan_mcp",
   "parameters": {
-    "workflow_name": "infrastructure_scan",
+    "workflow_name": "security_assessment",
     "target_path": "/path/to/your/project",
     "parameters": {
-      "checkov_config": {
-        "severity": ["HIGH", "MEDIUM", "LOW"]
+      "scanner_config": {
+        "patterns": ["*"],
+        "check_sensitive": true
       },
-      "hadolint_config": {
-        "severity": ["error", "warning", "info", "style"]
+      "analyzer_config": {
+        "file_extensions": [".py", ".js", ".java"],
+        "check_secrets": true,
+        "check_sql": true
       }
     }
   }
@@ -110,13 +113,17 @@ You should see status responses and endpoint listings.
 
 ## 6. Available Workflows
 
-You can trigger these workflows via MCP:
+You can trigger these production-ready workflows via MCP:
 
-1. **infrastructure_scan** — Docker/Kubernetes/Terraform security analysis
-2. **static_analysis_scan** — Code vulnerability detection
-3. **secret_detection_scan** — Credential and secret scanning
-4. **penetration_testing_scan** — Network and web app testing
-5. **security_assessment** — Comprehensive security evaluation
+1. **security_assessment** — Comprehensive security analysis (secrets, SQL, dangerous functions)
+2. **gitleaks_detection** — Pattern-based secret scanning
+3. **trufflehog_detection** — Pattern-based secret scanning
+4. **llm_secret_detection** — AI-powered secret detection (requires API key)
+
+Development workflows (early stages):
+- **atheris_fuzzing** — Python fuzzing
+- **cargo_fuzzing** — Rust fuzzing
+- **ossfuzz_campaign** — OSS-Fuzz integration
 
 List all workflows:
 

docs/docs/reference/cli-ai.md

@@ -134,14 +134,16 @@ FuzzForge supports the Model Context Protocol (MCP), allowing LLM clients and AI
 {
   "tool": "submit_security_scan_mcp",
   "parameters": {
-    "workflow_name": "infrastructure_scan",
+    "workflow_name": "security_assessment",
     "target_path": "/path/to/your/project",
     "parameters": {
-      "checkov_config": {
-        "severity": ["HIGH", "MEDIUM", "LOW"]
+      "scanner_config": {
+        "patterns": ["*"],
+        "check_sensitive": true
       },
-      "hadolint_config": {
-        "severity": ["error", "warning", "info", "style"]
+      "analyzer_config": {
+        "file_extensions": [".py", ".js"],
+        "check_secrets": true
       }
     }
   }
@@ -161,11 +163,16 @@ FuzzForge supports the Model Context Protocol (MCP), allowing LLM clients and AI
 
 ### Available Workflows
 
-1. **infrastructure_scan** — Docker/Kubernetes/Terraform security analysis
-2. **static_analysis_scan** — Code vulnerability detection
-3. **secret_detection_scan** — Credential and secret scanning
-4. **penetration_testing_scan** — Network and web app testing
-5. **security_assessment** — Comprehensive security evaluation
+**Production-ready:**
+1. **security_assessment** — Comprehensive security analysis (secrets, SQL, dangerous functions)
+2. **gitleaks_detection** — Pattern-based secret scanning
+3. **trufflehog_detection** — Pattern-based secret scanning
+4. **llm_secret_detection** — AI-powered secret detection (requires API key)
+
+**In development:**
+- **atheris_fuzzing** — Python fuzzing
+- **cargo_fuzzing** — Rust fuzzing
+- **ossfuzz_campaign** — OSS-Fuzz integration
 
 ### MCP Client Configuration Example
 
@@ -192,7 +199,7 @@ FuzzForge supports the Model Context Protocol (MCP), allowing LLM clients and AI
   `curl http://localhost:8000/workflows/`
 
 - **Scan Submission Errors:**
-  `curl -X POST http://localhost:8000/workflows/infrastructure_scan/submit -H "Content-Type: application/json" -d '{"target_path": "/your/path"}'`
+  `curl -X POST http://localhost:8000/workflows/security_assessment/submit -H "Content-Type: application/json" -d '{"target_path": "/your/path"}'`
 
 - **General Support:**
   - Check Docker Compose logs: `docker compose logs fuzzforge-backend`