diff --git a/docs/_docs/user-guide/eldritch.md b/docs/_docs/user-guide/eldritch.md
index 3f2984b7b..2199f3acd 100644
--- a/docs/_docs/user-guide/eldritch.md
+++ b/docs/_docs/user-guide/eldritch.md
@@ -250,6 +250,38 @@ The <b>crypto.aes_encrypt_file</b> method encrypts the given src file, encrypts
 
 Key must be 16 Bytes (Characters)
 
+### crypto.aes_decrypt
+
+`crypto.aes_decrypt(key: List<int>, iv: List<int>, data: List<int>) -> List<int>`
+
+The <b>crypto.aes_decrypt</b> method decrypts the given data using AES-CBC mode.
+Key must be 16, 24, or 32 bytes. IV must be 16 bytes.
+
+### crypto.aes_encrypt
+
+`crypto.aes_encrypt(key: List<int>, iv: List<int>, data: List<int>) -> List<int>`
+
+The <b>crypto.aes_encrypt</b> method encrypts the given data using AES-CBC mode.
+Key must be 16, 24, or 32 bytes. IV must be 16 bytes.
+
+### crypto.md5
+
+`crypto.md5(data: List<int>) -> str`
+
+The <b>crypto.md5</b> method calculates the MD5 hash of the provided bytes.
+
+### crypto.sha1
+
+`crypto.sha1(data: List<int>) -> str`
+
+The <b>crypto.sha1</b> method calculates the SHA1 hash of the provided bytes.
+
+### crypto.sha256
+
+`crypto.sha256(data: List<int>) -> str`
+
+The <b>crypto.sha256</b> method calculates the SHA256 hash of the provided bytes.
+
 ### crypto.encode_b64
 
 `crypto.encode_b64(content: str, encode_type: Optional<str>) -> str`
@@ -443,11 +475,11 @@ Here is an example of the Dict layout:
 
 The <b>file.mkdir</b> method will make a new directory at `path`. If the parent directory does not exist or the directory cannot be created, it will error; unless the `parent` parameter is passed as `True`.
 
-### file.moveto
+### file.move
 
-`file.moveto(src: str, dst: str) -> None`
+`file.move(src: str, dst: str) -> None`
 
-The <b>file.moveto</b> method moves a file or directory from `src` to `dst`. If the `dst` directory or file exists it will be deleted before being replaced to ensure consistency across systems.
+The <b>file.move</b> method moves a file or directory from `src` to `dst`. If the `dst` directory or file exists it will be deleted before being replaced to ensure consistency across systems.
 
 ### file.parent_dir
 
@@ -604,12 +636,6 @@ $> pivot.arp_scan(["192.168.1.1/32"])
 []
 ```
 
-### pivot.bind_proxy
-
-`pivot.bind_proxy(listen_address: str, listen_port: int, username: str, password: str ) -> None`
-
-The <b>pivot.bind_proxy</b> method is being proposed to provide users another option when trying to connect and pivot within an environment. This function will start a SOCKS5 proxy on the specified port and interface, with the specified username and password (if provided).
-
 ### pivot.ncat
 
 `pivot.ncat(address: str, port: int, data: str, protocol: str ) -> str`
@@ -618,12 +644,6 @@ The <b>pivot.ncat</b> method allows a user to send arbitrary data over TCP/UDP t
 
 `protocol` must be `tcp`, or `udp` anything else will return an error `Protocol not supported please use: udp or tcp.`.
 
-### pivot.port_forward
-
-`pivot.port_forward(listen_address: str, listen_port: int, forward_address: str, forward_port:  int, str: protocol  ) -> None`
-
-The <b>pivot.port_forward</b> method is being proposed to provide socat like functionality by forwarding traffic from a port on a local machine to a port on a different machine allowing traffic to be relayed.
-
 ### pivot.port_scan
 
 `pivot.port_scan(target_cidrs: List<str>, ports: List<int>, protocol: str, timeout: int) -> List<str>`
@@ -667,11 +687,17 @@ NOTE: Windows scans against `localhost`/`127.0.0.1` can behave unexpectedly or e
 
 The **pivot.reverse_shell_pty** method spawns the provided command in a cross-platform PTY and opens a reverse shell over the agent's current transport (e.g. gRPC). If no command is provided, Windows will use `cmd.exe`. On other platforms, `/bin/bash` is used as a default, but if it does not exist then `/bin/sh` is used.
 
-### pivot.smb_exec
+### pivot.reverse_shell_repl
+
+`pivot.reverse_shell_repl() -> None`
+
+The <b>pivot.reverse_shell_repl</b> method spawns a basic REPL-style reverse shell with an Eldritch interpreter. This is useful if a PTY is not available.
 
-`pivot.smb_exec(target: str, port: int, username: str, password: str, hash: str, command: str) -> str`
+### pivot.create_portal
 
-The <b>pivot.smb_exec</b> method is being proposed to allow users a way to move between hosts running smb.
+`pivot.create_portal() -> None`
+
+The <b>pivot.create_portal</b> method opens a bi-directional stream (portal) for traffic tunneling.
 
 ### pivot.ssh_copy
 
@@ -820,11 +846,23 @@ The <b>random.bool</b> method returns a randomly sourced boolean value.
 
 The <b>random.int</b> method returns randomly generated integer value between a specified range. The range is inclusive on the minimum and exclusive on the maximum.
 
+### random.bytes
+
+`random.bytes(len: int) -> List<int>`
+
+The <b>random.bytes</b> method returns a list of randomly generated bytes of the specified length.
+
 ### random.string
 
 `random.string(length: uint, charset: Optional<str>) -> str`
 The <b>random.string</b> method returns a randomly generated string of the specified length. If `charset` is not provided defaults to [Alphanumeric](https://docs.rs/rand_distr/latest/rand_distr/struct.Alphanumeric.html). Warning, the string is stored entirely in memory so exceptionally large files (multiple megabytes) can lead to performance issues.
 
+### random.uuid
+
+`random.uuid() -> str`
+
+The <b>random.uuid</b> method returns a randomly generated UUID (v4).
+
 ---
 
 ## Regex
diff --git a/docs/_docs/user-guide/tavern.md b/docs/_docs/user-guide/tavern.md
index e0a75a58e..626401b43 100644
--- a/docs/_docs/user-guide/tavern.md
+++ b/docs/_docs/user-guide/tavern.md
@@ -25,3 +25,66 @@ The `TAVERN_API_TOKEN` is a separate token used for authenticating CLI tools and
 You typically need to use the `TAVERN_API_TOKEN` in scenarios where you are running tools on a remote machine (like a Kali VM via SSH) and cannot perform the standard local browser-based authentication flow due to networking restrictions (e.g., you cannot define the auth redirection port for SSH port forwarding).
 
 In a standard local setup, CLI tools might pop open a browser window to authenticate. However, when you are SSH'd into a remote box, this isn't possible. The `TAVERN_API_TOKEN` provides a way to bypass this limitation.
+
+## Configuration
+
+Tavern is configured via environment variables.
+
+| Variable | Description | Default |
+| :--- | :--- | :--- |
+| `ENABLE_TEST_DATA` | If set, populates the database with test data. | `false` |
+| `ENABLE_TEST_RUN_AND_EXIT` | Starts the application but exits immediately after (for testing). | `false` |
+| `DISABLE_DEFAULT_TOMES` | Prevents default tomes from being imported on startup. | `false` |
+| `ENABLE_DEBUG_LOGGING` | Emits verbose debug logs. | `false` |
+| `ENABLE_JSON_LOGGING` | Emits logs in JSON format. | `false` |
+| `ENABLE_INSTANCE_ID_LOGGING` | Includes the tavern instance ID in log messages. | `false` |
+| `ENABLE_GRAPHQL_RAW_QUERY_LOGGING` | Includes raw GraphQL queries in logs. | `false` |
+| `HTTP_LISTEN_ADDR` | Address for Tavern's HTTP server to bind to. | `0.0.0.0:8000` |
+| `HTTP_METRICS_LISTEN_ADDR` | Address for the HTTP metrics server. | `127.0.0.1:8080` |
+| `OAUTH_CLIENT_ID` | OAuth Client ID. | `""` |
+| `OAUTH_CLIENT_SECRET` | OAuth Client Secret. | `""` |
+| `OAUTH_DOMAIN` | OAuth domain for consent flow. | `""` |
+| `MYSQL_ADDR` | MySQL address to connect to. If unset, SQLite is used. | `""` |
+| `MYSQL_NET` | Network used to connect to MySQL (e.g. tcp). | `tcp` |
+| `MYSQL_USER` | MySQL user. | `root` |
+| `MYSQL_PASSWD` | MySQL password. | `""` |
+| `MYSQL_DB` | MySQL database name. | `tavern` |
+| `DB_MAX_IDLE_CONNS` | Max idle DB connections. | `10` |
+| `DB_MAX_OPEN_CONNS` | Max open DB connections. | `100` |
+| `DB_MAX_CONN_LIFETIME` | Max lifetime of a DB connection (seconds). | `3600` |
+| `GCP_PROJECT_ID` | GCP Project ID for Google Cloud Platform deployments. | `""` |
+| `GCP_PUBSUB_KEEP_ALIVE_INTERVAL_MS` | Interval to publish no-op pubsub messages (ms). | `1000` |
+| `PUBSUB_TOPIC_SHELL_INPUT` | PubSub topic for shell input. | `mem://shell_input` |
+| `PUBSUB_SUBSCRIPTION_SHELL_INPUT` | PubSub subscription for shell input. | `mem://shell_input` |
+| `PUBSUB_TOPIC_SHELL_OUTPUT` | PubSub topic for shell output. | `mem://shell_output` |
+| `PUBSUB_SUBSCRIPTION_SHELL_OUTPUT` | PubSub subscription for shell output. | `mem://shell_output` |
+| `ENABLE_PPROF` | Enables performance profiling. | `false` |
+| `ENABLE_METRICS` | Enables the /metrics endpoint. | `false` |
+| `SECRETS_FILE_PATH` | Path to secrets file (if not using GCP Secrets Manager). | `""` |
+
+## CLI
+
+Tavern includes a built-in CLI for managing redirectors.
+
+### Redirectors
+
+To run a redirector:
+
+```bash
+tavern redirector [flags] <upstream_address>
+```
+
+**Flags:**
+- `--listen`: Address to listen on (default: `:8080`)
+- `--transport`: Transport protocol to use (default: `grpc`)
+
+**Example:**
+```bash
+tavern redirector --listen :8080 --transport grpc 127.0.0.1:8000
+```
+
+To list available redirector types:
+
+```bash
+tavern redirector list
+```