Chore/docs update

.gitignore

@@ -10,6 +10,10 @@ output
 graph
 logs
 .vscode
+docs/official-docs/
+
+# Codex
+.codex
 
 # Byte-compiled / optimized / DLL files
 __pycache__/

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "docs/og-docs-automation"]
+	path = docs/og-docs-automation
+	url = https://github.com/SpecterOps/og-docs-automation

descriptions/edges/Okta_AddMember.md

@@ -1,5 +1,13 @@
 ## General Information
 
-The traversable `Okta_AddMember` edges represent custom role permissions that allow a principal (user, group, or application)
-to add or remove members in scoped Okta groups. These edges are created when a custom role includes
-the `okta.groups.members.manage` or `okta.groups.manage` permissions.
+The traversable Okta_AddMember edges represent custom role permissions that allow a principal (user, group, or application) to add or remove members in scoped Okta groups. These edges are created when a custom role includes the `okta.groups.members.manage` or `okta.groups.manage` permissions.
+
+```mermaid
+graph LR
+    u1("Okta_User john\@contoso.com")
+    g1("Okta_Group Finance")
+    g2("Okta_Group Tier 0 Admins")
+    app1("Okta_Application Automation")
+    u1 -- Okta_AddMember --> g1
+    app1 -- Okta_AddMember --> g2
+```

descriptions/edges/Okta_AgentMemberOf.md

@@ -1,10 +1,20 @@
 ## General Information
 
-`Okta_AgentMemberOf` edges represent membership of an `Okta_Agent` in an `Okta_AgentPool`.
+Okta_AgentMemberOf edges represent membership of an Okta_Agent in an Okta_AgentPool.
 
 Active Directory Agent Pools and their agents can be visualized in BloodHound as follows:
 
+```mermaid
+graph LR
+    ap1("Okta_AgentPool contoso.com")
+    ap2("Okta_AgentPool adatum.com")
+    a1("Okta_Agent CONTOSO-SRV1")
+    a2("Okta_Agent CONTOSO-SRV2")
+    a3("Okta_Agent ADATUM-SRV1")
+    a1 -- Okta_AgentMemberOf --> ap1
+    a2 -- Okta_AgentMemberOf --> ap1
+    a3 -- Okta_AgentMemberOf --> ap2
+```
 
-> [!WARNING]
-> Traversable edges between the `Okta_AgentPool` and AD `Domain` nodes are not created in the current version of `OktaHound`.
-> This functionality is planned for a future release.
+> [!NOTE]
+> Traversable edges between Okta_AgentPool and AD Domain nodes are not modeled in the current version of the Okta BloodHound extension. Support for this is planned for a future release.

descriptions/edges/Okta_AgentPoolFor.md

@@ -1,3 +1,26 @@
 ## General Information
 
-`Okta_AgentPoolFor` edges connect an AD `Okta_AgentPool` to the backing `Okta_Application` used for directory integration.
+Okta_AgentPoolFor edges connect an AD Okta_AgentPool to the backing Okta_Application used for directory integration.
+```mermaid
+graph TB
+    subgraph Active Directory
+        d1("Domain contoso.com")
+        c1("Computer CONTOSO-SRV1$")
+        c2("Computer CONTOSO-SRV2$")
+        d1 -- Contains --> c1
+        d1 -- Contains --> c2
+    end
+
+    subgraph Okta
+        ap1("Okta_AgentPool contoso.com")
+        a1("Okta_Agent CONTOSO-SRV1")
+        a2("Okta_Agent CONTOSO-SRV2")
+        app1("Okta_Application AD contoso.com")
+        a1 -- Okta_AgentMemberOf --> ap1
+        a2 -- Okta_AgentMemberOf --> ap1
+        ap1 -- Okta_AgentPoolFor --> app1
+    end
+
+    c1 -- Okta_HostsAgent --> a1
+    c2 -- Okta_HostsAgent --> a2
+```

descriptions/edges/Okta_ApiTokenFor.md

@@ -1,6 +1,6 @@
 ## General Information
 
-The traversable `Okta_ApiTokenFor` edges represent the API token assignments for users in Okta, represented by the [Okta_User](../Nodes/Okta_User.md) nodes:
+The traversable Okta_ApiTokenFor edges represent the API token assignments for users in Okta, represented by the Okta_User nodes:
 
 ```mermaid
 graph LR

descriptions/edges/Okta_AppAdmin.md

@@ -1,7 +1,6 @@
 ## General Information
 
-The traversable `Okta_AppAdmin` edges represent Application Administrator role assignments.
-Application Administrators can manage application configurations, user assignments, and provisioning settings for their assigned applications.
+The traversable Okta_AppAdmin edges represent Application Administrator role assignments. Application Administrators can manage application configurations, user assignments, and provisioning settings for their assigned applications.
 
 ```mermaid
 graph LR

descriptions/edges/Okta_AppAssignment.md

@@ -2,7 +2,7 @@
 
 Only users that are assigned to applications can access them. Users can be assigned to applications directly or indirectly through group memberships.
 
-The non-traversable `Okta_AppAssignment` edges represent the application assignments for users and groups in Okta:
+The non-traversable Okta_AppAssignment edges represent the application assignments for users and groups in Okta:
 
 ```mermaid
 graph LR
@@ -16,14 +16,14 @@ graph LR
     a1("Okta_Application SalesForce")
     a2("Okta_Application GitHub")
     a3("Okta_Application VPN")
-    e -- Okta_AppAssignment --> a1
+    e -. Okta_AppAssignment .-> a1
     u1 -- Okta_MemberOf --> e
     u2 -- Okta_MemberOf --> e
     u3 -- Okta_MemberOf --> e
     u4 -- Okta_MemberOf --> e
     u3 -- Okta_MemberOf --> g1
     u4 -- Okta_MemberOf --> g1
-    g1 -- Okta_AppAssignment --> a2
-    u4 -- Okta_AppAssignment --> a3
-    u5 -- Okta_AppAssignment --> a3
+    g1 -. Okta_AppAssignment .-> a2
+    u4 -. Okta_AppAssignment .-> a3
+    u5 -. Okta_AppAssignment .-> a3
 ```

descriptions/edges/Okta_Contains.md

@@ -1,6 +1,6 @@
 ## General Information
 
-The traversable `Okta_Contains` edges represent the containment relationships between the organization and other entities in Okta. The organization node will have `Okta_Contains` edges to all other nodes in the graph, with some exceptions.
+The traversable Okta_Contains edges represent the containment relationships between the organization and other entities in Okta. The organization node will have Okta_Contains edges to all other nodes in the graph, with some exceptions.
 
 ```mermaid
 graph LR

descriptions/edges/Okta_CreatorOf.md

@@ -1,6 +1,6 @@
 ## General Information
 
-The non-traversable `Okta_CreatorOf` edges represent the creator relationships between API Service Integration instances and users in Okta:
+The non-traversable Okta_CreatorOf edges represent the creator relationships between API Service Integration instances and users in Okta:
 
 ```mermaid
 graph LR

descriptions/edges/Okta_DeviceOf.md

@@ -1,6 +1,6 @@
 ## General Information
 
-The non-traversable `Okta_DeviceOf` edges represent the ownership relationships between users and devices in Okta:
+The non-traversable Okta_DeviceOf edges represent the ownership relationships between users and devices in Okta:
 
 ```mermaid
 graph LR

descriptions/edges/Okta_GroupAdmin.md

@@ -1,7 +1,6 @@
 ## General Information
 
-The traversable `Okta_GroupAdmin` edges represent Group Administrator (also known as User Administrator) role assignments.
-Group Administrators can manage users and groups within their assigned scope.
+The traversable Okta_GroupAdmin edges represent Group Administrator (also known as User Administrator) role assignments. Group Administrators can manage users and groups within their assigned scope.
 
 ```mermaid
 graph LR
@@ -10,7 +9,7 @@ graph LR
     g1("Okta_Group Marketing")
     u1 -- Okta_GroupAdmin --> u2
     u1 -- Okta_GroupAdmin --> g1
-    u2-. Okta_MemberOf .-> g1
+    u2 -- Okta_MemberOf --> g1
 ```
 
 Target group memberships are flattened when the assignment is evaluated.

descriptions/edges/Okta_GroupMembershipAdmin.md

@@ -1,7 +1,6 @@
 ## General Information
 
-The traversable `Okta_GroupMembershipAdmin` edges represent Group Membership Administrator role assignments.
-Group Membership Administrators can add and remove members from groups within their assigned scope but cannot modify the groups themselves.
+The traversable Okta_GroupMembershipAdmin edges represent Group Membership Administrator role assignments. Group Membership Administrators can add and remove members from groups within their assigned scope but cannot modify the groups themselves.
 
 ```mermaid
 graph LR

descriptions/edges/Okta_GroupPull.md

@@ -1,6 +1,6 @@
 ## General Information
 
-The traversable `Okta_GroupPull` edges represent the group synchronization relationships from applications to Okta:
+The traversable Okta_GroupPull edges represent the group synchronization relationships from applications to Okta:
 
 ```mermaid
 graph LR

descriptions/edges/Okta_GroupPush.md

@@ -1,11 +1,10 @@
 ## General Information
 
-The non-traversable `Okta_GroupPush` edges represent the group push assignments to applications.
-This indicates group provisioning and membership synchronization from Okta to external applications.
+The non-traversable Okta_GroupPush edges represent the group push assignments to applications. This indicates group provisioning and membership synchronization from Okta to external applications.
 
 ```mermaid
 graph LR
     g1("Okta_Group Engineering")
     app1("Okta_Application contoso.com")
-    g1 -- Okta_GroupPush --> app1
+    g1 -. Okta_GroupPush .-> app1
 ```

descriptions/edges/Okta_HasRole.md

@@ -1,6 +1,6 @@
 ## General Information
 
-The non-traversable `Okta_HasRole` edges represent the role assignments for users in Okta:
+The non-traversable Okta_HasRole edges represent the role assignments for users in Okta:
 
 ```mermaid
 graph LR
@@ -14,5 +14,5 @@ graph LR
     g1 -. Okta_HasRole .-> r1
     g1 -. Okta_HasRole .-> r2
     a1 -. Okta_HasRole .-> r2
-    u2 -. Okta_MemberOf .-> g1
+    u2 -- Okta_MemberOf --> g1
 ```

descriptions/edges/Okta_HasRoleAssignment.md

@@ -1,7 +1,6 @@
 ## General Information
 
-The `Okta_HasRoleAssignment` edges connect users, groups, and applications to their respective `Okta_RoleAssignment` nodes.
-The `Okta_ScopedTo` edges connect the `Okta_RoleAssignment` nodes to the resources they are scoped to, such as the organization or specific groups or applications.
+The Okta_HasRoleAssignment edges connect users, groups, and applications to their respective Okta_RoleAssignment nodes. The Okta_ScopedTo edges connect the Okta_RoleAssignment nodes to the resources they are scoped to, such as the organization or specific groups or applications.
 
 ```mermaid
 graph TB
@@ -21,7 +20,7 @@ graph TB
     g1 -. Okta_HasRole .-> r1
     g1 -- Okta_HelpDeskAdmin --> u3
     u3 -- Okta_MemberOf --> g2
-    ra1 -- Okta_ScopedTo --> g2
+    ra1 -. Okta_ScopedTo .-> g2
     u2 -. Okta_HasRoleAssignment .-> ra2
     ra2 -. Okta_ScopedTo .-> org
     u2 -- Okta_SuperAdmin --> org

descriptions/edges/Okta_HelpDeskAdmin.md

@@ -1,7 +1,6 @@
 ## General Information
 
-The traversable `Okta_HelpDeskAdmin` edges represent Help Desk Administrator role assignments.
-Help Desk Administrators can perform password resets, unlock accounts, and reset MFA factors for users within their assigned scope.
+The traversable Okta_HelpDeskAdmin edges represent Help Desk Administrator role assignments. Help Desk Administrators can perform password resets, unlock accounts, and reset MFA factors for users within their assigned scope.
 
 ```mermaid
 graph LR

descriptions/edges/Okta_HostsAgent.md

@@ -1,6 +1,6 @@
 ## General Information
 
-Hybrid `Okta_HostsAgent` edges connect an AD `Computer` node to the `Okta_Agent` running on that host.
+Hybrid Okta_HostsAgent edges connect an AD Computer node to the Okta_Agent running on that host.
 
 ```mermaid
 graph LR

descriptions/edges/Okta_IdentityProviderFor.md

@@ -1,6 +1,6 @@
 ## General Information
 
-The traversable `Okta_IdentityProviderFor` edges represent the relationships between identity providers and the users who authenticate through them:
+The traversable Okta_IdentityProviderFor edges represent the relationships between identity providers and the users who authenticate through them:
 
 ```mermaid
 graph LR

descriptions/edges/Okta_IdpGroupAssignment.md

@@ -1,14 +1,14 @@
 ## General Information
 
-The non-traversable `Okta_IdpGroupAssignment` edges represent groups automatically assigned to users based on identity provider attributes or user claims:
+The non-traversable Okta_IdpGroupAssignment edges represent groups automatically assigned to users based on identity provider attributes or user claims:
 
 ```mermaid
 graph LR
     idp1("Okta_IdentityProvider Microsoft Login")
     g1("Okta_Group Contractors")
     g2("Okta_Group Employees")
     g3("Okta_Group Entra ID Users")
-    idp1 -- Okta_IdpGroupAssignment --> g1
-    idp1 -- Okta_IdpGroupAssignment --> g2
-    idp1 -- Okta_IdpGroupAssignment --> g3
+    idp1 -. Okta_IdpGroupAssignment .-> g1
+    idp1 -. Okta_IdpGroupAssignment .-> g2
+    idp1 -. Okta_IdpGroupAssignment .-> g3
 ```

descriptions/edges/Okta_InboundOrgSSO.md

@@ -1,6 +1,6 @@
 ## General Information
 
-The `Okta_InboundOrgSSO` and `Okta_InboundSSO` hybrid edges connect external tenants and users to Okta entities:
+The Okta_InboundOrgSSO and Okta_InboundSSO hybrid edges connect external tenants and users to Okta entities:
 
 ```mermaid
 graph LR

descriptions/edges/Okta_InboundSSO.md

@@ -1,6 +1,6 @@
 ## General Information
 
-The `Okta_InboundOrgSSO` and `Okta_InboundSSO` hybrid edges connect external tenants and users to Okta entities:
+The Okta_InboundOrgSSO and Okta_InboundSSO hybrid edges connect external tenants and users to Okta entities:
 
 ```mermaid
 graph LR

descriptions/edges/Okta_KerberosSSO.md

@@ -1,6 +1,6 @@
 ## General Information
 
-Hybrid traversable `Okta_KerberosSSO` edges represent [agentless desktop SSO](https://help.okta.com/en-us/content/topics/directory/ad-dsso-about-workflow.htm) trust from an on-prem AD `User` account to an AD-backed `Okta_Application`.
+Hybrid traversable Okta_KerberosSSO edges represent [agentless desktop SSO](https://help.okta.com/en-us/content/topics/directory/ad-dsso-about-workflow.htm) trust from an on-prem AD User account to an AD-backed Okta_Application.
 
 ```mermaid
 graph LR

descriptions/edges/Okta_KeyOf.md

@@ -1,10 +1,10 @@
 ## General Information
 
-The traversable `Okta_KeyOf` edges represent the relationships between applications ([Okta_Application](../Nodes/Okta_Application.md)) and their JWKs:
+The traversable Okta_KeyOf edges represent the relationships between applications Okta_Application and their JWKs:
 
 ```mermaid
 graph LR
-    app1("Okta_Application OktaHound Collector")
+    app1("Okta_Application OpenHound Okta Collector")
     app2("Okta_Application Security Scanner")
     key1("Okta_JWK ABC123")
     key2("Okta_JWK DEF456")
@@ -14,5 +14,4 @@ graph LR
     key3 -- Okta_KeyOf --> app2
 ```
 
-Possession of the private key corresponding to a JWK allows an attacker to authenticate as the application.
-The `Okta_KeyOf` edge can be used in BloodHound to understand which applications use JWK-based authentication and trace potential attack paths involving compromised private keys.
+Possession of the private key corresponding to a JWK allows an attacker to authenticate as the application. The Okta_KeyOf edge can be used in BloodHound to understand which applications use JWK-based authentication and trace potential attack paths involving compromised private keys.

descriptions/edges/Okta_ManageApp.md

@@ -1,7 +1,6 @@
 ## General Information
 
-The traversable `Okta_ManageApp` edges correspond to the `okta.apps.manage` custom role permissions
-that allow a principal (user, group, or application) to fully manage Okta applications and their members.
+The traversable Okta_ManageApp edges correspond to the `okta.apps.manage` custom role permissions that allow a principal (user, group, or application) to fully manage Okta applications and their members.
 
 ```mermaid
 graph LR

descriptions/edges/Okta_ManagerOf.md

@@ -2,10 +2,9 @@
 
 Okta uses the `Manager` and `ManagerId` user profile attributes to represent managerial relationships. Unfortunately, these attributes can have any arbitrary value and their referential integrity is not enforced by Okta. They are not even synchronized from external directories by default.
 
-Our recommendation is to map the `ManagerId` attribute to the login of the manager in Okta. When synchronizing users from Active Directory,
-the `getManagerUser("active_directory").login` mapping expression can be used to achieve this. Such values are automatically recognized by `OktaHound`.
+Our recommendation is to map the `ManagerId` attribute to the login of the manager in Okta. When synchronizing users from Active Directory, the `getManagerUser("active_directory").login` mapping expression can be used to achieve this. Such values are automatically recognized by the OpenHound Okta collector.
 
-The **non-traversable** `Okta_ManagerOf` edges represent the organizational structure in BloodHound:
+The **non-traversable** Okta_ManagerOf edges represent the organizational structure in BloodHound:
 
 ```mermaid
 graph LR

descriptions/edges/Okta_MemberOf.md

@@ -1,6 +1,6 @@
 ## General Information
 
-The traversable `Okta_MemberOf` edges represent the membership relationships between users and groups in Okta:
+The traversable Okta_MemberOf edges represent the membership relationships between users and groups in Okta:
 
 ```mermaid
 graph LR

descriptions/edges/Okta_MembershipSync.md

@@ -1,6 +1,6 @@
 ## General Information
 
-The traversable hybrid `Okta_MembershipSync` edges represent the synchronization relationships between groups in external directories and their corresponding groups in Okta:
+The traversable hybrid Okta_MembershipSync edges represent the synchronization relationships between groups in external directories and their corresponding groups in Okta:
 
 ```mermaid
 graph TB

descriptions/edges/Okta_MobileAdmin.md

@@ -1,7 +1,6 @@
 ## General Information
 
-The traversable `Okta_MobileAdmin` edges represent Mobile Administrator role assignments.
-Mobile Administrators can manage mobile device settings and configurations within their assigned scope.
+The traversable Okta_MobileAdmin edges represent Mobile Administrator role assignments. Mobile Administrators can manage mobile device settings and configurations within their assigned scope.
 
 ```mermaid
 graph LR

descriptions/edges/Okta_OrgAdmin.md

@@ -1,7 +1,6 @@
 ## General Information
 
-The traversable `Okta_OrgAdmin` edges represent Organization Administrator role assignments.
-Organization Administrators can manage most organizational settings except for administrative role assignments and some security settings.
+The traversable Okta_OrgAdmin edges represent Organization Administrator role assignments. Organization Administrators can manage most organizational settings except for administrative role assignments and some security settings.
 
 ```mermaid
 graph LR