diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000000000000000000000000000000000000..40be386b981d8564ef04539edebb44dc6a389d39
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,40 @@
+include:
+  - project: osl/code/org.etsi.osl.main
+    ref: main
+    file: 
+      - ci-templates/default.yml
+      - ci-templates/build.yml
+    rules:
+      - if: '$CI_COMMIT_REF_NAME == "main"'
+  
+  - project: osl/code/org.etsi.osl.main
+    ref: develop
+    file: 
+      - ci-templates/default.yml
+      - ci-templates/build.yml
+    rules:
+      - if: '$CI_COMMIT_REF_NAME == "develop"'
+
+  - project: osl/code/org.etsi.osl.main
+    ref: $CI_COMMIT_REF_NAME
+    file: 
+      - ci-templates/default.yml
+      - ci-templates/build.yml
+    rules:
+      - if: '$CI_COMMIT_REF_PROTECTED == "true" && $CI_COMMIT_REF_NAME != "main" && $CI_COMMIT_REF_NAME != "develop"'
+
+  - project: osl/code/org.etsi.osl.main
+    ref: develop
+    file: 
+      - ci-templates/default.yml
+      - ci-templates/build_unprotected.yml
+    rules:
+      - if: '$CI_COMMIT_REF_NAME != "main" && $CI_COMMIT_REF_NAME != "develop" && $CI_COMMIT_REF_PROTECTED == "false"'
+
+maven_build:
+  extends: .maven_build
+
+docker_build:
+  extends: .docker_build
+  needs:
+    - maven_build
diff --git a/Dockerfile b/Dockerfile
index aa6f29869aefce72c3e546d0e1082405ff3c6c3a..440fed70533ede2745cd23d2cdc88deff3c3dbfb 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,32 +1,32 @@
-# Build stage
+# ---------- Stage 1: Build ----------
 FROM maven:3.9-eclipse-temurin-17 AS builder
+WORKDIR /app
 
-WORKDIR /build
-
-# Copy pom.xml and download dependencies
+# Copy pom.xml and download dependencies first (cache layer)
 COPY pom.xml .
-RUN mvn dependency:go-offline
+RUN mvn dependency:go-offline -B
 
-# Copy source code
+# Copy the rest of the source code
 COPY src ./src
 
-# Build application
+# Build the Spring Boot executable JAR
 RUN mvn clean package -DskipTests
 
-# Runtime stage
+# ---------- Stage 2: Runtime ----------
 FROM eclipse-temurin:17-jre-alpine
 
-WORKDIR /app
+# Create application directory
+RUN mkdir -p /opt/openslice/lib/
 
-# Copy built JAR from builder stage
-COPY --from=builder /build/target/org.etsi.osl.mcp.backend-0.0.1-SNAPSHOT.jar app.jar
+# Copy the built JAR from the builder stage
+COPY --from=builder /app/target/org.etsi.osl.mcp.backend-0.0.1-SNAPSHOT.jar /opt/openslice/lib/app.jar
 
 # Expose port
 EXPOSE 11880
 
 # Health check
-HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
+HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
     CMD wget --no-verbose --tries=1 --spider http://localhost:11880/actuator/health || exit 1
 
 # Run application
-ENTRYPOINT ["java", "-jar", "app.jar"]
+CMD ["java", "-jar", "/opt/openslice/lib/app.jar"]
diff --git a/ci_settings.xml b/ci_settings.xml
new file mode 100644
index 0000000000000000000000000000000000000000..69ad06ed6c63795d191555afde6ea2d1da4e133d
--- /dev/null
+++ b/ci_settings.xml
@@ -0,0 +1,16 @@
+<settings xmlns="http://maven.apache.org/SETTINGS/1.1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.1.0 http://maven.apache.org/xsd/settings-1.1.0.xsd">
+  <servers>
+    <server>
+      <id>gitlab-maven</id>
+      <configuration>
+        <httpHeaders>
+          <property>
+            <name>Job-Token</name>
+            <value>${CI_JOB_TOKEN}</value>
+          </property>
+        </httpHeaders>
+      </configuration>
+    </server>
+  </servers>
+</settings>
diff --git a/docker-compose.yml b/docker-compose.yml
index 58bcfa1f1ee4905df2aad31496d0542964fe05ff..cf9c10a60534c3f03c9e2b06a08eb317693e5c75 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -29,17 +29,46 @@ services:
     ports:
       - "11880:11880"
     environment:
+      # Server Configuration
+      SERVER_PORT: 11880
+      SPRING_APPLICATION_NAME: osl-mcp-backend
+      
+      # AI Configuration
       SPRING_AI_OLLAMA_BASE_URL: http://ollama:11434
-      SPRING_AI_MCP_CLIENT_STREAMABLE_HTTP_CONNECTIONS_OPENSLICE_SERVER_URL: http://mcp-server:13015
-      SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_AUTHSERVER_ISSUER_URI: http://keycloak:8080/auth/realms/openslice
-      SPRING_ACTIVEMQ_BROKERURL: tcp://activemq:61616
+      SPRING_AI_OLLAMA_CHAT_MODEL:  gpt-oss:20b
+      SPRING_AI_OLLAMA_CHAT_TEMPERATURE: 0.7
+      
+      # MCP Client Configuration
+      SPRING_AI_MCP_CLIENT_TYPE: SYNC
+      SPRING_AI_MCP_CLIENT_STREAMABLE_HTTP_CONNECTIONS_OPENSLICE_SERVER_URL: http://openslice-mcp:13015/sse
+      
+      # OAuth2/Keycloak Configuration
+      SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: http://keycloak:8080/auth/realms/openslice
+      SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_KEYCLOAK_ISSUER_URI: http://keycloak:8080/auth/realms/openslice
+      SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_KEYCLOAK_CLIENT_ID: osapiWebClientId
+      
+      # ActiveMQ Configuration
+      SPRING_ACTIVEMQ_BROKER_URL: tcp://anartemis:61616?jms.watchTopicAdvisories=false
       SPRING_ACTIVEMQ_USER: artemis
       SPRING_ACTIVEMQ_PASSWORD: artemis
+      
+      # Logging Configuration
+      LOGGING_LEVEL_ROOT: INFO
+      LOGGING_LEVEL_OSL: DEBUG
+      LOGGING_LEVEL_SPRING_AI: DEBUG
+    depends_on:
+      - ollama
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:11880/actuator/health"]
       interval: 30s
       timeout: 10s
       retries: 3
+      start_period: 60s
 
 volumes:
   ollama_data:
+
+networks:
+  default:
+    name: compose_back
+    external: true
diff --git a/pom.xml b/pom.xml
index 49ba05b5c5a10f0a11e045e806cd4bf58f6ac58c..e392e4f94411193c8774260483b1798fcb38ae47 100644
--- a/pom.xml
+++ b/pom.xml
@@ -51,6 +51,14 @@
 	
 	
 	<dependencies>
+		<dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-oauth2-client</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
+        </dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-web</artifactId>
@@ -73,6 +81,10 @@
 			<artifactId>spring-boot-starter-test</artifactId>
 			<scope>test</scope>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-actuator</artifactId>
+		</dependency>
 		
 		<!-- security -->
 		<dependency>
diff --git a/src/main/java/org/etsi/osl/mcp/backend/AuthController.java b/src/main/java/org/etsi/osl/mcp/backend/AuthController.java
new file mode 100644
index 0000000000000000000000000000000000000000..1905527891f258e1fdcdf2d23e2e3c9983ab535f
--- /dev/null
+++ b/src/main/java/org/etsi/osl/mcp/backend/AuthController.java
@@ -0,0 +1,115 @@
+package org.etsi.osl.mcp.backend;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
+import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
+import org.springframework.security.oauth2.core.oidc.user.OidcUser;
+import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.util.UriComponentsBuilder;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+@RestController
+public class AuthController {
+
+    @Value("${spring.security.oauth2.client.provider.keycloak.issuer-uri:}")
+    private String issuerUri;
+
+    @GetMapping("/api/user")
+    public Map<String, Object> getUserInfo(Authentication authentication,
+            @RegisteredOAuth2AuthorizedClient("keycloak") OAuth2AuthorizedClient authorizedClient) {
+        Map<String, Object> userInfo = new HashMap<>();
+        
+        if (authentication != null && authentication.isAuthenticated()) {
+            userInfo.put("authenticated", true);
+            userInfo.put("name", authentication.getName());
+            
+            String username = authentication.getName();
+            if (authentication.getPrincipal() instanceof OidcUser oidcUser) {
+                userInfo.put("email", oidcUser.getEmail());
+                if (oidcUser.getPreferredUsername() != null) {
+                    username = oidcUser.getPreferredUsername();
+                    userInfo.put("preferredUsername", oidcUser.getPreferredUsername());
+                }
+            }
+            userInfo.put("username", username);
+            
+            if (authorizedClient != null && authorizedClient.getAccessToken() != null) {
+                userInfo.put("access_token", authorizedClient.getAccessToken().getTokenValue());
+                userInfo.put("token", authorizedClient.getAccessToken().getTokenValue());
+            }
+        } else {
+            userInfo.put("authenticated", false);
+        }
+        
+        return userInfo;
+    }
+
+    @PostMapping("/api/logout")
+    public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {
+        performLogout(request, response, authentication);
+    }
+    
+    @GetMapping("/api/logout")
+    public void logoutGet(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {
+        performLogout(request, response, authentication);
+    }
+    
+    private void performLogout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {
+        if (authentication != null) {
+            new SecurityContextLogoutHandler().logout(request, null, authentication);
+        }
+        
+        if (request.getSession(false) != null) {
+            request.getSession().invalidate();
+        }
+        
+        String logoutUrl = buildKeycloakLogoutUrl(request, authentication);
+        response.sendRedirect(logoutUrl);
+    }
+    
+    private String buildKeycloakLogoutUrl(HttpServletRequest request, Authentication authentication) {
+        String keycloakIssuer = issuerUri;
+        
+        if (authentication != null && authentication.getPrincipal() instanceof OidcUser oidcUser) {
+            if (oidcUser.getIssuer() != null) {
+                keycloakIssuer = oidcUser.getIssuer().toString();
+            }
+        }
+        
+        if (keycloakIssuer == null || keycloakIssuer.isEmpty()) {
+            return "/welcome.html";
+        }
+        
+        String baseUrl = request.getScheme() + "://" + request.getServerName();
+        if ((request.getScheme().equals("http") && request.getServerPort() != 80) ||
+            (request.getScheme().equals("https") && request.getServerPort() != 443)) {
+            baseUrl += ":" + request.getServerPort();
+        }
+        
+        String postLogoutRedirectUri = baseUrl + "/welcome.html";
+        
+        String keycloakLogoutUrl = keycloakIssuer + "/protocol/openid-connect/logout";
+        
+        return UriComponentsBuilder
+            .fromUriString(keycloakLogoutUrl)
+            .queryParam("post_logout_redirect_uri", postLogoutRedirectUri)
+            .build()
+            .toUriString();
+    }
+
+    @GetMapping("/api/health")
+    public Map<String, String> health() {
+        Map<String, String> response = new HashMap<>();
+        response.put("status", "UP");
+        return response;
+    }
+}
diff --git a/src/main/java/org/etsi/osl/mcp/backend/WebSecurityConfigKeycloak.java b/src/main/java/org/etsi/osl/mcp/backend/WebSecurityConfigKeycloak.java
index eb92b78a910a5f4c3abd30b81eb2d7e1cf163c5f..744cd3618d1d547aa5bf6338c85129930467b1f0 100644
--- a/src/main/java/org/etsi/osl/mcp/backend/WebSecurityConfigKeycloak.java
+++ b/src/main/java/org/etsi/osl/mcp/backend/WebSecurityConfigKeycloak.java
@@ -7,19 +7,70 @@ import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
+import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.HttpStatusEntryPoint;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.security.web.util.matcher.RequestMatcher;
+import org.springframework.http.HttpStatus;
 
 @Configuration
 @EnableWebSecurity
 @Profile("!testing")
 public class WebSecurityConfigKeycloak {
 
-
   @Bean
   SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-      return http.authorizeHttpRequests(auth -> auth.anyRequest().permitAll())
+      return http
+          .authorizeHttpRequests(auth -> auth
+              // Public static resources
+              .requestMatchers("/", "/index.html", "/styles.css", "/robot.svg", "/favicon.ico").permitAll()
+              .requestMatchers("/api/health").permitAll()
+              .requestMatchers("/api/user").permitAll()
+              .requestMatchers("/api/logout").permitAll()
+              .requestMatchers("/logout").permitAll()
+              .requestMatchers("/ask", "/api/**").authenticated()
+              .anyRequest().permitAll()
+          )
+          // OAuth2 Login for browser-based authentication
+          .oauth2Login(oauth2 -> oauth2
+              .defaultSuccessUrl("/", true)
+          )
+          // Logout configuration
+          .logout(logout -> logout
+              .logoutUrl("/logout")
+              .logoutSuccessUrl("/")
+              .invalidateHttpSession(true)
+              .deleteCookies("JSESSIONID")
+          )
           .oauth2Client(Customizer.withDefaults())
+          .oauth2ResourceServer(oauth2 -> oauth2
+              .jwt(jwt -> jwt.jwtAuthenticationConverter(jwtAuthenticationConverter()))
+              .authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED))
+          )
+          .exceptionHandling(exception -> exception
+              .defaultAuthenticationEntryPointFor(
+                  new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED),
+                  new AntPathRequestMatcher("/ask")
+              )
+          )
+          .sessionManagement(session -> session
+              .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
+          )
           .csrf(CsrfConfigurer::disable)
           .build();
   }
+
+  @Bean
+  public JwtAuthenticationConverter jwtAuthenticationConverter() {
+      JwtGrantedAuthoritiesConverter grantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
+      grantedAuthoritiesConverter.setAuthoritiesClaimName("roles");
+      grantedAuthoritiesConverter.setAuthorityPrefix("ROLE_");
+
+      JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
+      jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(grantedAuthoritiesConverter);
+      return jwtAuthenticationConverter;
+  }
 }
diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml
index d2d75f41f25c2358010fabc36cf60710eab6cc75..83819de6ff53a1adecd2858ac086e459b8d3250a 100644
--- a/src/main/resources/application.yaml
+++ b/src/main/resources/application.yaml
@@ -1,49 +1,53 @@
   
 server:
-  port: 11880
+  port: ${SERVER_PORT:11880}
  
 spring:
   application:
-    name: osl-mcp-backend
+    name: ${SPRING_APPLICATION_NAME:osl-mcp-backend}
   ai:
     ollama:
-      base-url: http://localhost:11434
+      base-url: ${SPRING_AI_OLLAMA_BASE_URL:http://localhost:11434}
       chat:
         options:
-          model: gpt-oss:20b
-          xmodel: qwen3:8b
-          temperature: 0.7
+          model: ${SPRING_AI_OLLAMA_CHAT_MODEL:gpt-oss:20b}
+          temperature: ${SPRING_AI_OLLAMA_CHAT_TEMPERATURE:0.7}
     mcp:
       client:
-        type: SYNC  # or ASYNC
+        type: ${SPRING_AI_MCP_CLIENT_TYPE:SYNC}  # or ASYNC
         streamable-http:
           connections:
             openslice-server:
-              url: http://localhost:13015
+              url: ${SPRING_AI_MCP_CLIENT_STREAMABLE_HTTP_CONNECTIONS_OPENSLICE_SERVER_URL:http://localhost:13015}
   security:
     oauth2:
+      resourceserver:
+        jwt:
+          issuer-uri: ${SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI:http://keycloak:8080/auth/realms/openslice}
       client:
         registration:
-          authserver:
-            client-id: osapiWebClientId
-            client-secret: secret
-            authorization-grant-type: authorization_code
-            provider: authserver
+          keycloak:
+            client-id: ${SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_KEYCLOAK_CLIENT_ID:osapiWebClientId}
+            scope:
+              - openid
+              - profile
+            provider: keycloak
         provider:
-          authserver:
-            issuer-uri: http://keycloak:8080/auth/realms/openslice
+          keycloak:
+            issuer-uri: ${SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_KEYCLOAK_ISSUER_URI:http://keycloak:8080/auth/realms/openslice}
 
   activemq:
-    brokerUrl: tcp://localhost:61616?jms.watchTopicAdvisories=false
-    user: artemis
-    password: artemis
+    brokerUrl: ${SPRING_ACTIVEMQ_BROKER_URL:tcp://localhost:61616?jms.watchTopicAdvisories=false}
+    user: ${SPRING_ACTIVEMQ_USER:artemis}
+    password: ${SPRING_ACTIVEMQ_PASSWORD:artemis}
     pool:
-      enabled: true
-      max-connections: 100
+      enabled: ${SPRING_ACTIVEMQ_POOL_ENABLED:true}
+      max-connections: ${SPRING_ACTIVEMQ_POOL_MAX_CONNECTIONS:100}
     packages:
-      trust-all: true
+      trust-all: ${SPRING_ACTIVEMQ_PACKAGES_TRUST_ALL:true}
+      
 logging:
   level:
-    root: INFO
-    org.etsi.osl.*: DEBUG
-    org.springframework.ai.chat.client.advisor: DEBUG
\ No newline at end of file
+    root: ${LOGGING_LEVEL_ROOT:INFO}
+    org.etsi.osl.*: ${LOGGING_LEVEL_OSL:DEBUG}
+    org.springframework.ai.chat.client.advisor: ${LOGGING_LEVEL_SPRING_AI:DEBUG}
\ No newline at end of file
diff --git a/src/main/resources/public/chat.html b/src/main/resources/public/chat.html
new file mode 100644
index 0000000000000000000000000000000000000000..944c0fd38d98728af4262c2bf4a17e7c5c0e639c
--- /dev/null
+++ b/src/main/resources/public/chat.html
@@ -0,0 +1,60 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>OpenSlice Chat Assistant</title>
+    <link href="https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700" rel="stylesheet">
+    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
+    <link rel="stylesheet" href="css/chat.css">
+    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js"></script>
+    <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
+</head>
+<body>
+    <nav class="navbar navbar-default navbar-fixed-top" role="navigation">
+        <div class="container-fluid">
+            <div class="navbar-header">
+                <button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#navbar-collapse">
+                    <span class="sr-only">Toggle navigation</span>
+                    <span class="icon-bar"></span>
+                    <span class="icon-bar"></span>
+                    <span class="icon-bar"></span>
+                </button>
+                <a class="navbar-brand" href="/">
+                    <img src="images/logo_clear.png" alt="OpenSlice">
+                </a>
+            </div>
+            <div class="collapse navbar-collapse" id="navbar-collapse">
+                <ul class="nav navbar-nav navbar-right">
+                    <li><span class="navbar-text" id="userName"></span></li>
+                    <li><a href="#" id="logoutBtn">Logout</a></li>
+                </ul>
+            </div>
+        </div>
+    </nav>
+    <div class="container">
+        <div class="chat-container">
+            <div class="chat-header">
+                <h4><span class="online-indicator"></span>OpenSlice AI Assistant</h4>
+                <small>Ask me anything about your OpenSlice platform</small>
+            </div>
+            <div class="chat-messages" id="chatMessages">
+                <div class="message incoming">
+                    <div class="avatar">AI</div>
+                    <div class="message-wrapper">
+                        <div class="message-content">Hi there! How can I help you today?</div>
+                        <div class="message-time" id="initialTime"></div>
+                    </div>
+                </div>
+            </div>
+            <div class="chat-input">
+                <div class="input-group">
+                    <textarea class="form-control message-textarea" placeholder="Type your message..." rows="1"></textarea>
+                    <button class="btn btn-primary" type="button" id="sendBtn">Send</button>
+                </div>
+            </div>
+        </div>
+    </div>
+    <script src="js/chat.js"></script>
+</body>
+</html>
diff --git a/src/main/resources/public/css/chat.css b/src/main/resources/public/css/chat.css
new file mode 100644
index 0000000000000000000000000000000000000000..df841f1254ed0173949fdfe9d07c55f8a34a7163
--- /dev/null
+++ b/src/main/resources/public/css/chat.css
@@ -0,0 +1,307 @@
+/* OpenSlice Chat Assistant - Chat Page Styles */
+
+body {
+    font-family: "Open Sans", sans-serif;
+    padding-top: 60px;
+    padding-bottom: 20px;
+    background-color: white;
+}
+
+/* Navbar */
+.navbar-default {
+    background-color: rgba(245, 245, 245, 0.93);
+    border-bottom: 1px solid #e7e7e7;
+}
+
+.navbar-brand img {
+    height: 25px;
+}
+
+/* Chat Container */
+.chat-container {
+    max-width: 900px;
+    margin: 20px auto;
+    background: white;
+    border-radius: 8px;
+    box-shadow: 0 2px 10px rgba(0,0,0,0.1);
+    overflow: hidden;
+}
+
+/* Chat Header */
+.chat-header {
+    background-color: #7EADDB;
+    color: white;
+    padding: 20px;
+    border-bottom: 1px solid #6589AB;
+}
+
+.chat-header h4 {
+    margin: 0;
+    font-weight: 600;
+}
+
+.chat-header .online-indicator {
+    display: inline-block;
+    width: 8px;
+    height: 8px;
+    background-color: #5cb85c;
+    border-radius: 50%;
+    margin-right: 5px;
+}
+
+/* Chat Messages */
+.chat-messages {
+    height: 500px;
+    overflow-y: auto;
+    padding: 20px;
+    background-color: #f9f9f9;
+}
+
+.message {
+    margin-bottom: 20px;
+    display: flex;
+    align-items: flex-start;
+    clear: both;
+}
+
+.message.incoming {
+    flex-direction: row;
+    justify-content: flex-start;
+    padding-right: 80px;
+}
+
+.message.outgoing {
+    flex-direction: row-reverse;
+    justify-content: flex-start;
+    padding-left: 80px;
+}
+
+.message .avatar {
+    width: 40px;
+    height: 40px;
+    border-radius: 50%;
+    background-color: #7EADDB;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    color: white;
+    font-weight: bold;
+    flex-shrink: 0;
+}
+
+.message.incoming .avatar {
+    margin-right: 12px;
+}
+
+.message.outgoing .avatar {
+    margin-left: 12px;
+    background-color: #6589AB;
+}
+
+.message-wrapper {
+    display: flex;
+    flex-direction: column;
+    max-width: 66%;
+    min-width: fit-content;
+}
+
+.message.incoming .message-wrapper {
+    align-items: flex-start;
+}
+
+.message.outgoing .message-wrapper {
+    align-items: flex-end;
+}
+
+.message-content {
+    max-width: 100%;
+    padding: 12px 16px;
+    border-radius: 8px;
+    word-wrap: break-word;
+    white-space: pre-wrap;
+    line-height: 1.5;
+}
+
+.message-content p {
+    margin: 0;
+}
+
+.message-content p:last-child {
+    margin-bottom: 0;
+}
+
+.message-content p + p {
+    margin-top: 10px;
+}
+
+.message-content code {
+    background-color: rgba(0, 0, 0, 0.05);
+    padding: 2px 4px;
+    border-radius: 3px;
+    font-family: monospace;
+    font-size: 13px;
+}
+
+.message-content pre {
+    background-color: rgba(0, 0, 0, 0.05);
+    padding: 10px;
+    border-radius: 4px;
+    overflow-x: auto;
+    margin: 10px 0;
+}
+
+.message-content pre code {
+    background-color: transparent;
+    padding: 0;
+}
+
+.message-content ul, .message-content ol {
+    margin: 10px 0;
+    padding-left: 20px;
+}
+
+.message-content li {
+    margin: 5px 0;
+}
+
+.message.incoming .message-content {
+    background-color: white;
+    border: 1px solid #e0e0e0;
+    color: #333;
+}
+
+.message.outgoing .message-content {
+    background-color: #7EADDB;
+    color: white;
+}
+
+.message.outgoing .message-content code {
+    background-color: rgba(255, 255, 255, 0.2);
+}
+
+.message.outgoing .message-content pre {
+    background-color: rgba(255, 255, 255, 0.2);
+}
+
+.message-time {
+    font-size: 11px;
+    color: #999;
+    margin-top: 5px;
+    text-align: right;
+}
+
+.message.incoming .message-time {
+    text-align: left;
+}
+
+/* Chat Input */
+.chat-input {
+    padding: 20px;
+    background-color: white;
+    border-top: 1px solid #e0e0e0;
+}
+
+.chat-input .input-group {
+    display: flex;
+}
+
+.chat-input textarea {
+    flex: 1;
+    resize: none;
+    border: 1px solid #ddd;
+    border-radius: 4px 0 0 4px;
+    padding: 10px;
+    font-size: 14px;
+    min-height: 45px;
+}
+
+.chat-input button {
+    background-color: #7EADDB;
+    border: none;
+    color: white;
+    padding: 0 25px;
+    border-radius: 0 4px 4px 0;
+    font-weight: 600;
+    transition: background-color 0.3s;
+}
+
+.chat-input button:hover {
+    background-color: #6589AB;
+}
+
+/* Tool Execution */
+.tool-execution {
+    background-color: #f0f8ff;
+    border-left: 3px solid #7EADDB;
+    padding: 10px;
+    margin-top: 8px;
+    border-radius: 4px;
+    font-family: monospace;
+    font-size: 12px;
+}
+
+.tool-name {
+    font-weight: bold;
+    color: #6589AB;
+}
+
+/* Typing Indicator */
+.typing-indicator {
+    display: none;
+    margin-bottom: 20px;
+}
+
+.typing-indicator.active {
+    display: flex;
+}
+
+.typing-indicator .avatar {
+    width: 40px;
+    height: 40px;
+    border-radius: 50%;
+    background-color: #7EADDB;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    color: white;
+    font-weight: bold;
+    flex-shrink: 0;
+    margin-right: 12px;
+}
+
+.typing-indicator .dots {
+    background-color: white;
+    border: 1px solid #e0e0e0;
+    padding: 12px 20px;
+    border-radius: 8px;
+    display: flex;
+    align-items: center;
+    gap: 6px;
+}
+
+.typing-indicator .dot {
+    width: 8px;
+    height: 8px;
+    border-radius: 50%;
+    background-color: #7EADDB;
+    animation: typing 1.4s infinite;
+}
+
+.typing-indicator .dot:nth-child(2) {
+    animation-delay: 0.2s;
+}
+
+.typing-indicator .dot:nth-child(3) {
+    animation-delay: 0.4s;
+}
+
+@keyframes typing {
+    0%, 60%, 100% { 
+        transform: translateY(0); 
+        opacity: 0.4; 
+    }
+    30% { 
+        transform: translateY(-10px); 
+        opacity: 1; 
+    }
+}
diff --git a/src/main/resources/public/css/welcome.css b/src/main/resources/public/css/welcome.css
new file mode 100644
index 0000000000000000000000000000000000000000..c27aa166186ac0a649cab185f6d78bdcfabee097
--- /dev/null
+++ b/src/main/resources/public/css/welcome.css
@@ -0,0 +1,110 @@
+/* OpenSlice Chat Assistant - Welcome Page Styles */
+
+body {
+    font-family: 'Open Sans', sans-serif;
+    margin: 0;
+    padding: 60px 0 40px 0;
+    min-height: 100vh;
+    background-color: white;
+}
+
+/* Navbar */
+.navbar-default {
+    background-color: rgba(245, 245, 245, 0.93);
+    border-bottom: 1px solid #e7e7e7;
+}
+
+.navbar-brand img {
+    height: 25px;
+}
+
+/* Welcome Section */
+.welcome-section {
+    background: linear-gradient(135deg, #989DC3 0%, #7EADDB 100%);
+    padding: 80px 0;
+    text-align: center;
+    color: #FCFCFF;
+    margin-top: 0;
+    min-height: 500px;
+}
+
+.welcome-section h1 {
+    font-size: 48px;
+    font-weight: 300;
+    margin-bottom: 20px;
+    text-shadow: 2px 2px 4px rgba(0,0,0,0.3);
+}
+
+.welcome-section .subtitle {
+    font-size: 22px;
+    margin-bottom: 30px;
+    font-weight: 300;
+}
+
+.login-message {
+    background: rgba(255, 255, 255, 0.95);
+    color: #d9534f;
+    padding: 15px 30px;
+    border-radius: 4px;
+    display: inline-block;
+    margin-bottom: 30px;
+    font-weight: 600;
+    font-size: 16px;
+}
+
+.btn-login {
+    background-color: #7EADDB;
+    color: white;
+    border: none;
+    padding: 15px 40px;
+    font-size: 18px;
+    font-weight: 600;
+    border-radius: 4px;
+    transition: all 0.3s;
+}
+
+.btn-login:hover {
+    background-color: #6589AB;
+    color: white;
+    box-shadow: 0 4px 8px rgba(0,0,0,0.2);
+    transform: translateY(-2px);
+}
+
+/* Features Section */
+.features-section {
+    background-color: white;
+    padding: 60px 0;
+}
+
+.features-section h2 {
+    text-align: center;
+    font-size: 36px;
+    font-weight: 300;
+    margin-bottom: 50px;
+    color: #333;
+}
+
+.feature-box {
+    text-align: center;
+    padding: 30px 20px;
+    margin-bottom: 30px;
+}
+
+.feature-icon {
+    font-size: 60px;
+    margin-bottom: 20px;
+    color: #7EADDB;
+}
+
+.feature-box h3 {
+    font-size: 22px;
+    font-weight: 600;
+    margin-bottom: 15px;
+    color: #333;
+}
+
+.feature-box p {
+    font-size: 15px;
+    color: #666;
+    line-height: 1.6;
+}
diff --git a/src/main/resources/public/images/logo_clear.png b/src/main/resources/public/images/logo_clear.png
new file mode 100644
index 0000000000000000000000000000000000000000..2fa5efc135209ce66cee07ea7a76dc0a4cff9244
Binary files /dev/null and b/src/main/resources/public/images/logo_clear.png differ
diff --git a/src/main/resources/public/index.html b/src/main/resources/public/index.html
index 79a08c2bea2bb2f6475c06925ea501a91d78b9de..688ce8324487c245459a78470c7dfb6a956386b1 100644
--- a/src/main/resources/public/index.html
+++ b/src/main/resources/public/index.html
@@ -3,65 +3,102 @@
 <head>
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>AI Chat</title>
-    <link href="https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.3.8/css/bootstrap.min.css" rel="stylesheet">
-    <link href="/styles.css" rel="stylesheet">
-
+    <title>OpenSlice Chat Assistant</title>
+    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js"></script>
+    <style>
+        body {
+            margin: 0;
+            padding: 0;
+            min-height: 100vh;
+            background-color: white;
+            font-family: 'Open Sans', sans-serif;
+            opacity: 0;
+            transition: opacity 0.1s ease-in;
+        }
+    </style>
 </head>
 <body>
-<div class="container py-4">
-    <div class="row justify-content-center">
-        <div class="col-md-8">
-            <div class="chat-container position-relative">
-                <!-- Chat Header -->
-                <div class="chat-header d-flex align-items-center">
-                    <div class="avatar">
-                        <img src="/robot.svg" alt="Robot Avatar">
-                    </div>
-                    <div>
-                        <h5 class="mb-0">ChatBot</h5>
-                        <p class="mb-0"><span class="online-indicator"></span>Online</p>
-                    </div>
-                </div>
-
-                <!-- Chat Messages -->
-                <div class="chat-messages" id="chatMessages">
-                    <!-- Incoming Message -->
-                    <div class="message d-flex incoming">
-                        <div class="avatar">
-                            <img src="/robot.svg" alt="Robot Avatar">
-                        </div>
-                        <div>
-                            <div class="message-content">
-                                Hi there! How can I help you today?
-                            </div>
-                            <div class="message-time">10:03 AM</div>
-                        </div>
-                    </div>
-
-                </div>
-
-                <!-- Chat Input -->
-                <div class="chat-input">
-                    <div class="input-group">
-                        <textarea class="form-control message-textarea" placeholder="Type your message..." aria-label="Type your message"></textarea>
-                        <button class="btn btn-primary" type="button">
-                            <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-send" viewBox="0 0 16 16">
-                                <path d="M15.854.146a.5.5 0 0 1 .11.54l-5.819 14.547a.75.75 0 0 1-1.329.124l-3.178-4.995L.643 7.184a.75.75 0 0 1 .124-1.33L15.314.037a.5.5 0 0 1 .54.11ZM6.636 10.07l2.761 4.338L14.13 2.576 6.636 10.07Zm6.787-8.201L1.591 6.602l4.339 2.76 7.494-7.493Z"/>
-                            </svg>
-                        </button>
-                    </div>
-                </div>
-            </div>
-        </div>
-    </div>
-</div>
+    
+    <script>
+        // Immediate redirect without any visible UI
+        $.ajax({
+            type: "GET",
+            url: "/api/user",
+            dataType: 'json'
+        })
+        .done(function(response) {
+            if (response.authenticated) {
+                window.location.replace('/chat.html');
+            } else {
+                window.location.replace('/welcome.html');
+            }
+        })
+        .fail(function() {
+            window.location.replace('/welcome.html');
+        });
+    </script>
+</body>
+</html>
+        
+        // Login button handler
+        $('#loginBtn').click(function() {
+            window.location.href = '/oauth2/authorization/keycloak';
+        });
+        
+        // Logout button handler
+        $('#logoutBtn').click(function() {
+            $.ajax({
+                type: "POST",
+                url: "/api/logout",
+                dataType: 'json'
+            })
+            .done(function(response) {
+                console.log("Logged out:", response);
+                accessToken = null;
+                currentUser = null;
+                updateAuthUI();
+                addMessage("You have been logged out.", false);
+            })
+            .fail(function(jqXHR, textStatus, errorThrown) {
+                console.error("Logout error:", textStatus, errorThrown);
+            });
+        });
+    });
 
-<script src="https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.3.8/js/bootstrap.bundle.min.js"></script>
-<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js"></script>
-<script>
+    function updateAuthUI() {
+        if (currentUser && currentUser.authenticated) {
+            const displayName = currentUser.preferredUsername || currentUser.name || currentUser.email;
+            $('#userName').text(displayName);
+            $('#loginBtn').hide();
+            $('#logoutBtn').show();
+        } else {
+            $('#userName').text('');
+            $('#loginBtn').show();
+            $('#logoutBtn').hide();
+        }
+    }
 
-    const robotSvg = `<img src="/robot.svg" alt="Robot Avatar">`;
+    function checkAuthStatus() {
+        $.ajax({
+            type: "GET",
+            url: "/api/user",
+            dataType: 'json'
+        })
+        .done(function(response) {
+            console.log("Auth status:", response);
+            currentUser = response;
+            if (response.authenticated && response.token) {
+                accessToken = response.token;
+                console.log("User authenticated");
+            }
+            updateAuthUI();
+        })
+        .fail(function(jqXHR, textStatus, errorThrown) {
+            console.log("User not authenticated");
+            currentUser = { authenticated: false };
+            updateAuthUI();
+        });
+    }
 
     // Simple function to add a new message
     function addMessage(content, isOutgoing = false) {
@@ -109,22 +146,37 @@
             textarea.value = '';
             textarea.style.height = '50px'; // Reset height
 
-            $.ajax({
-                    type: "POST",
-                    url: "/ask",
-                    dataType: 'json',
-                    contentType: 'application/json',
-                    data: JSON.stringify({ 'question': message }),
-                })
+            // Build AJAX request with authorization header if token is available
+            const ajaxConfig = {
+                type: "POST",
+                url: "/ask",
+                dataType: 'json',
+                contentType: 'application/json',
+                data: JSON.stringify({ 'question': message })
+            };
+
+            // Add Authorization header if we have a token
+            if (accessToken) {
+                ajaxConfig.headers = {
+                    'Authorization': 'Bearer ' + accessToken
+                };
+            }
+
+            $.ajax(ajaxConfig)
                 .done(function(response) {
                     console.log("Success:", response);
                     addMessage(response.answer);
                 })
                 .fail(function(jqXHR, textStatus, errorThrown) {
-                        console.error("Error:", textStatus, errorThrown);
-                        alert("Error fetching data.");
+                    console.error("Error:", textStatus, errorThrown);
+                    if (jqXHR.status === 401 || jqXHR.status === 403) {
+                        // Redirect to login
+                        console.log("Unauthorized, redirecting to login...");
+                        window.location.href = '/oauth2/authorization/keycloak';
+                    } else {
+                        alert("Error fetching data: " + (jqXHR.responseText || textStatus));
                     }
-                );
+                });
         }
     });
 
diff --git a/src/main/resources/public/js/chat.js b/src/main/resources/public/js/chat.js
new file mode 100644
index 0000000000000000000000000000000000000000..a7550129fa1918601f6faac6b9bad99effba3bbd
--- /dev/null
+++ b/src/main/resources/public/js/chat.js
@@ -0,0 +1,186 @@
+/**
+ * OpenSlice Chat Assistant - Chat Page JavaScript
+ */
+
+var accessToken = null;
+var currentUser = null;
+
+$(document).ready(function() {
+    initializeChat();
+});
+
+/**
+ * Initialize chat page
+ */
+function initializeChat() {
+    checkAuthStatus();
+    $("#initialTime").text(getCurrentTime());
+    $("#sendBtn").click(sendMessage);
+    
+    // Handle Enter key in textarea
+    $(".message-textarea").keypress(function(e) {
+        if (e.which === 13 && !e.shiftKey) {
+            e.preventDefault();
+            sendMessage();
+        }
+    });
+    
+    // Handle logout
+    $("#logoutBtn").click(function(e) {
+        e.preventDefault();
+        logout();
+    });
+}
+
+/**
+ * Check user authentication status
+ */
+function checkAuthStatus() {
+    $.ajax({
+        type: "GET", 
+        url: "/api/user", 
+        dataType: "json"
+    })
+    .done(function(response) {
+        if (response.authenticated) {
+            currentUser = response.username;
+            accessToken = response.access_token;
+            $("#userName").text("Welcome, " + currentUser);
+        } else {
+            window.location.href = "/welcome.html";
+        }
+    })
+    .fail(function() {
+        window.location.href = "/welcome.html";
+    });
+}
+
+/**
+ * Logout user
+ */
+function logout() {
+    // Simply navigate to logout endpoint which will handle the Keycloak logout and redirect
+    window.location.href = "/api/logout";
+}
+
+/**
+ * Send message to chat
+ */
+function sendMessage() {
+    var messageText = $(".message-textarea").val().trim();
+    if (!messageText) return;
+    
+    // Add user message
+    addMessage(messageText, "outgoing", currentUser || "You");
+    $(".message-textarea").val("");
+    
+    // Show typing indicator
+    showTypingIndicator();
+    
+    // Send to backend
+    $.ajax({
+        type: "POST",
+        url: "/ask",
+        contentType: "application/json",
+        headers: accessToken ? { "Authorization": "Bearer " + accessToken } : {},
+        data: JSON.stringify({ question: messageText }),
+        dataType: "json"
+    })
+    .done(function(response) {
+        hideTypingIndicator();
+        
+        var aiMessage = response.answer || "I'm sorry, I couldn't process that request.";
+        addMessage(aiMessage, "incoming", "AI");
+        
+        // Show tool executions if any
+        if (response.toolExecutions && response.toolExecutions.length > 0) {
+            response.toolExecutions.forEach(function(tool) {
+                addToolExecution(tool);
+            });
+        }
+    })
+    .fail(function(xhr) {
+        hideTypingIndicator();
+        
+        var errorMsg = "Error: " + (xhr.responseJSON ? xhr.responseJSON.error : xhr.statusText || "Unknown error");
+        addMessage(errorMsg, "incoming", "AI");
+    });
+}
+
+/**
+ * Show typing indicator
+ */
+function showTypingIndicator() {
+    var typingHtml = '<div class="typing-indicator active" id="typingIndicator">' +
+        '<div class="avatar">AI</div>' +
+        '<div class="dots">' +
+        '<div class="dot"></div>' +
+        '<div class="dot"></div>' +
+        '<div class="dot"></div>' +
+        '</div>' +
+        '</div>';
+    $("#chatMessages").append(typingHtml);
+    scrollToBottom();
+}
+
+/**
+ * Hide typing indicator
+ */
+function hideTypingIndicator() {
+    $("#typingIndicator").remove();
+}
+
+/**
+ * Add message to chat
+ * @param {string} text - Message text (HTML for AI, plain text for user)
+ * @param {string} type - "incoming" or "outgoing"
+ * @param {string} sender - Sender name
+ */
+function addMessage(text, type, sender) {
+    var messageDiv = $("<div>").addClass("message " + type);
+    var avatar = $("<div>").addClass("avatar").text(sender.substring(0, 2).toUpperCase());
+    var contentWrapper = $("<div>").addClass("message-wrapper");
+    var content = $("<div>").addClass("message-content");
+    
+    // AI responses are HTML (markdown converted), user messages are plain text
+    if (type === "incoming") {
+        content.html(text);
+    } else {
+        // For outgoing messages, normalize whitespace but preserve intentional line breaks
+        var normalizedText = text.replace(/\r\n/g, '\n');
+        content.text(normalizedText);
+    }
+    
+    var time = $("<div>").addClass("message-time").text(getCurrentTime());
+    
+    contentWrapper.append(content).append(time);
+    messageDiv.append(avatar).append(contentWrapper);
+    $("#chatMessages").append(messageDiv);
+    scrollToBottom();
+}
+
+/**
+ * Add tool execution info to chat
+ */
+function addToolExecution(tool) {
+    var toolDiv = $("<div>").addClass("tool-execution");
+    toolDiv.html('<span class="tool-name">Tool: ' + tool.name + '</span><br>Status: ' + tool.status);
+    $("#chatMessages").append(toolDiv);
+    scrollToBottom();
+}
+
+/**
+ * Scroll chat to bottom
+ */
+function scrollToBottom() {
+    var chatMessages = $("#chatMessages");
+    chatMessages.scrollTop(chatMessages[0].scrollHeight);
+}
+
+/**
+ * Get current time formatted
+ */
+function getCurrentTime() {
+    var now = new Date();
+    return now.toLocaleTimeString("en-US", { hour: "2-digit", minute: "2-digit" });
+}
diff --git a/src/main/resources/public/js/welcome.js b/src/main/resources/public/js/welcome.js
new file mode 100644
index 0000000000000000000000000000000000000000..baf8d0d058118908bdd96dc75424c53ddd68ac19
--- /dev/null
+++ b/src/main/resources/public/js/welcome.js
@@ -0,0 +1,29 @@
+/**
+ * OpenSlice Chat Assistant - Welcome Page JavaScript
+ */
+
+$(document).ready(function() {
+    checkAuthenticationStatus();
+});
+
+/**
+ * Check if user is already authenticated
+ * If authenticated, redirect to chat page
+ */
+function checkAuthenticationStatus() {
+    $.ajax({
+        type: "GET",
+        url: "/api/user",
+        dataType: 'json'
+    })
+    .done(function(response) {
+        if (response.authenticated) {
+            console.log("User already authenticated, redirecting to chat...");
+            window.location.href = '/chat.html';
+        }
+    })
+    .fail(function() {
+        // Expected for unauthenticated users - stay on welcome page
+        console.log("User not authenticated");
+    });
+}
diff --git a/src/main/resources/public/welcome.html b/src/main/resources/public/welcome.html
new file mode 100644
index 0000000000000000000000000000000000000000..825313b514b8d9c1802bb9a66fe5d52f19faa8e2
--- /dev/null
+++ b/src/main/resources/public/welcome.html
@@ -0,0 +1,95 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Welcome - OpenSlice Chat Assistant</title>
+    
+    <!-- Fonts -->
+    <link href='https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700' rel='stylesheet' type='text/css'>
+    
+    <!-- Bootstrap CSS -->
+    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
+    
+    <!-- Custom CSS -->
+    <link rel="stylesheet" href="css/welcome.css">
+    
+    <!-- jQuery & Bootstrap JS -->
+    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js"></script>
+    <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
+</head>
+<body>
+    <!-- Navbar -->
+    <nav class="navbar navbar-default navbar-fixed-top" role="navigation">
+        <div class="container-fluid">
+            <div class="navbar-header">
+                <button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#navbar-collapse">
+                    <span class="sr-only">Toggle navigation</span>
+                    <span class="icon-bar"></span>
+                    <span class="icon-bar"></span>
+                    <span class="icon-bar"></span>
+                </button>
+                <a class="navbar-brand" href="/">
+                    <img src="images/logo_clear.png" alt="OpenSlice">
+                </a>
+            </div>
+            <div class="collapse navbar-collapse" id="navbar-collapse">
+                <ul class="nav navbar-nav navbar-right">
+                    <li><a href="/oauth2/authorization/keycloak">Sign In</a></li>
+                </ul>
+            </div>
+        </div>
+    </nav>
+
+    <!-- Welcome Section -->
+    <div class="welcome-section">
+        <div class="container">
+            <h1>Welcome to OpenSlice Chat Assistant</h1>
+            <p class="subtitle">AI-powered assistance for your OpenSlice platform</p>
+            
+            <div class="login-message">
+                🔒 You are not logged in. Please login to continue.
+            </div>
+            
+            <br>
+            
+            <button class="btn btn-login btn-lg" onclick="window.location.href='/oauth2/authorization/keycloak'">
+                Login with Keycloak
+            </button>
+        </div>
+    </div>
+
+    <!-- Features Section -->
+    <div class="features-section">
+        <div class="container">
+            <h2>What you can do</h2>
+            <div class="row">
+                <div class="col-md-4">
+                    <div class="feature-box">
+                        <div class="feature-icon">💬</div>
+                        <h3>Natural Language Queries</h3>
+                        <p>Ask questions about your services, catalogs, and deployments using natural language. Get instant answers powered by AI.</p>
+                    </div>
+                </div>
+                <div class="col-md-4">
+                    <div class="feature-box">
+                        <div class="feature-icon">🔧</div>
+                        <h3>Intelligent Tool Execution</h3>
+                        <p>Let AI help you interact with TMF APIs and manage resources efficiently. Automate complex workflows with simple commands.</p>
+                    </div>
+                </div>
+                <div class="col-md-4">
+                    <div class="feature-box">
+                        <div class="feature-icon">📊</div>
+                        <h3>Real-time Information</h3>
+                        <p>Get instant answers about your platform status, resource utilization, and system health in real-time.</p>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+    
+    <!-- Custom JS -->
+    <script src="js/welcome.js"></script>
+</body>
+</html>