Reference MCP demo GIF by commit SHA for preview

- Hero description + stream.png first
- Get Started section
- AI-Powered Network Analysis with MCP demo GIF
- L7 API Dissection
- L4/L7 Workload Map
- Traffic Retention
- Features, Install, Contributing, License

README.md

@@ -9,7 +9,7 @@
     <a href="https://join.slack.com/t/kubeshark/shared_invite/zt-3jdcdgxdv-1qNkhBh9c6CFoE7bSPkpBQ"><img alt="Slack" src="https://img.shields.io/badge/slack-join_chat-green?logo=Slack&style=flat-square"></a>
 </p>
 
-<p align="center"><b>Network Intelligence for Kubernetes</b></p>
+<p align="center"><b>Network Observability for SREs & AI Agents</b></p>
 
 <p align="center">
   <a href="https://demo.kubeshark.com/">Live Demo</a> · <a href="https://docs.kubeshark.com">Docs</a>
@@ -17,9 +17,17 @@
 
 ---
 
-* **Cluster-wide, real-time visibility into every packet, API call, and service interaction.** 
-* Replay any moment in time. 
-* Resolve incidents at the speed of LLMs. 100% on-premises.
+Kubeshark captures cluster-wide network traffic at the speed and scale of Kubernetes, continuously, at the kernel level using eBPF. It consolidates a highly fragmented picture — dozens of nodes, thousands of workloads, millions of connections — into a single, queryable view with full Kubernetes and API context.
+
+Network data is available to **AI agents via [MCP](https://docs.kubeshark.com/en/mcp)** and to **human operators via a [dashboard](https://docs.kubeshark.com/en/v2)**.
+
+**What's captured, cluster-wide:**
+
+- **L4 Packets & TCP Metrics** — retransmissions, RTT, window saturation, connection lifecycle, packet loss across every node-to-node path ([TCP insights →](https://docs.kubeshark.com/en/mcp/tcp_insights))
+- **L7 API Calls** — real-time request/response matching with full payload parsing: HTTP, gRPC, GraphQL, Redis, Kafka, DNS ([API dissection →](https://docs.kubeshark.com/en/v2/l7_api_dissection))
+- **Decrypted TLS** — eBPF-based TLS decryption without key management
+- **Kubernetes Context** — every packet and API call resolved to pod, service, namespace, and node
+- **PCAP Retention** — point-in-time raw packet snapshots, exportable for Wireshark ([Snapshots →](https://docs.kubeshark.com/en/v2/traffic_snapshots))
 
 ![Kubeshark](https://github.com/kubeshark/assets/raw/master/png/stream.png)
 
@@ -34,33 +42,37 @@ helm install kubeshark kubeshark/kubeshark
 
 Dashboard opens automatically. You're capturing traffic.
 
-**With AI** — connect your assistant and debug with natural language:
+**Connect an AI agent** via MCP:
 
 ```bash
 brew install kubeshark
 claude mcp add kubeshark -- kubeshark mcp
 ```
 
+[MCP setup guide →](https://docs.kubeshark.com/en/mcp)
+
+---
+
+### AI-Powered Network Analysis
+
+Kubeshark exposes all cluster-wide network data via MCP (Model Context Protocol). AI agents can query L4 metrics, investigate L7 API calls, analyze traffic patterns, and run root cause analysis — through natural language. Use cases include incident response, root cause analysis, troubleshooting, debugging, and reliability workflows.
+
 > *"Why did checkout fail at 2:15 PM?"*
 > *"Which services have error rates above 1%?"*
+> *"Show TCP retransmission rates across all node-to-node paths"*
+> *"Trace request abc123 through all services"*
+
+Works with Claude Code, Cursor, and any MCP-compatible AI.
+
+![MCP Demo](https://github.com/kubeshark/assets/raw/8bb4bab5298e3ffdc3afba164c716cc45dd9f19d/gif/mcp-demo.gif)
 
 [MCP setup guide →](https://docs.kubeshark.com/en/mcp)
 
 ---
 
-## Why Kubeshark
+### L7 API Dissection
 
-- **Instant root cause** — trace requests across services, see exact errors
-- **Zero instrumentation** — no code changes, no SDKs, just deploy
-- **Full payload capture** — request/response bodies, headers, timing
-- **TLS decryption** — see encrypted traffic without managing keys
-- **AI-ready** — query traffic with natural language via MCP
-
----
-
-### Traffic Analysis and API Dissection
-
-Capture and inspect every API call across your cluster—HTTP, gRPC, Redis, Kafka, DNS, and more. Request/response matching with full payloads, parsed according to protocol specifications. Headers, timing, and complete context. Zero instrumentation required.
+Cluster-wide request/response matching with full payloads, parsed according to protocol specifications. HTTP, gRPC, Redis, Kafka, DNS, and more. Every API call resolved to source and destination pod, service, namespace, and node. No code instrumentation required.
 
 ![API context](https://github.com/kubeshark/assets/raw/master/png/api_context.png)
 
@@ -68,27 +80,15 @@ Capture and inspect every API call across your cluster—HTTP, gRPC, Redis, Kafk
 
 ### L4/L7 Workload Map
 
-Visualize how your services communicate. See dependencies, traffic flow, and identify anomalies at a glance.
+Cluster-wide view of service communication: dependencies, traffic flow, and anomalies across all nodes and namespaces.
 
 ![Service Map](https://github.com/kubeshark/assets/raw/master/png/servicemap.png)
 
 [Learn more →](https://docs.kubeshark.com/en/v2/service_map)
 
-### AI-Powered Root Cause Analysis
-
-Resolve production issues in minutes instead of hours. Connect your AI assistant and investigate incidents using natural language. Build network-aware AI agents for forensics, monitoring, compliance, and security.
-
-> *"Why did checkout fail at 2:15 PM?"*
-> *"Which services have error rates above 1%?"*
-> *"Trace request abc123 through all services"*
-
-Works with Claude Code, Cursor, and any MCP-compatible AI.
-
-[MCP setup guide →](https://docs.kubeshark.com/en/mcp)
-
 ### Traffic Retention
 
-Retain every packet. Take snapshots. Export PCAP files. Replay any moment in time.
+Continuous raw packet capture with point-in-time snapshots. Export PCAP files for offline analysis with Wireshark or other tools.
 
 ![Traffic Retention](https://github.com/kubeshark/assets/raw/master/png/snapshots.png)
 
@@ -105,7 +105,7 @@ Retain every packet. Take snapshots. Export PCAP files. Replay any moment in tim
 | [**L7 API Dissection**](https://docs.kubeshark.com/en/v2/l7_api_dissection) | Request/response matching with full payloads and protocol parsing |
 | [**Protocol Support**](https://docs.kubeshark.com/en/protocols) | HTTP, gRPC, GraphQL, Redis, Kafka, DNS, and more |
 | [**TLS Decryption**](https://docs.kubeshark.com/en/encrypted_traffic) | eBPF-based decryption without key management |
-| [**AI-Powered Analysis**](https://docs.kubeshark.com/en/v2/ai_powered_analysis) | Query traffic with Claude, Cursor, or any MCP-compatible AI |
+| [**AI-Powered Analysis**](https://docs.kubeshark.com/en/v2/ai_powered_analysis) | Query cluster-wide network data with Claude, Cursor, or any MCP-compatible AI |
 | [**Display Filters**](https://docs.kubeshark.com/en/v2/kfl2) | Wireshark-inspired display filters for precise traffic analysis |
 | [**100% On-Premises**](https://docs.kubeshark.com/en/air_gapped) | Air-gapped support, no external dependencies |