%%{init: {'flowchart': {'curve': 'monotoneY'}}}%%
flowchart TD
classDef gnat fill:#242424,stroke:#E0E0E0,color:#E0E0E0
classDef sensegnat fill:#7C3AED,stroke:#5B21B6,color:#fff
classDef sandgnat fill:#D4A017,stroke:#A67C00,color:#fff
classDef redgnat fill:#C0392B,stroke:#922B21,color:#fff
classDef output fill:#242424,stroke:#9E9E9E,color:#E0E0E0
n1["External Telemetry & Sources"]:::gnat
n2["GNAT Ingestion & Connectors"]:::gnat
n3["Kafka Telemetry Plane<br/>(gnat.telemetry)"]:::gnat
n4["SenseGNAT<br/>Behavioral Profiling & Anomaly Detection"]:::sensegnat
n5["GNAT STIX Conversion & Correlation"]:::gnat
n6["SandGNAT<br/>Detonation & Artifact Enrichment"]:::sandgnat
n7["RedGNAT<br/>Adversary Emulation & Validation"]:::redgnat
n8["Unified Investigation Graph"]:::gnat
n9["Reporting, Export,<br/>Operator Action"]:::output
n1 -->|ingest| n2
n2 -->|"route telemetry"| n3
n3 -->|"consume raw flow data"| n4
n2 -->|"normalize / convert"| n5
n4 -->|"publish findings"| n5
n5 -->|"submit suspicious artifacts"| n6
n5 -->|"trigger validation"| n7
n6 -->|"detonation findings"| n8
n7 -->|"validation results"| n8
n5 -->|"intel & evidence"| n8
n8 -->|"case output"| n9