diff --git a/.gitignore b/.gitignore
index 24f5094..19be5e6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -29,3 +29,9 @@ go.work.sum
 
 
 .local
+
+*.csr
+*.crt
+*.key
+*.srl
+.kat/
\ No newline at end of file
diff --git a/Makefile b/Makefile
index 7e5e4fe..528b5cf 100644
--- a/Makefile
+++ b/Makefile
@@ -23,19 +23,19 @@ test: generate
 # Run unit tests only (faster, no integration tests)
 test-unit:
 	@echo "Running unit tests..."
-	@go test -count=1 -short ./...
+	@go test -v -count=1 -short ./...
 
 # Run integration tests only
 test-integration:
 	@echo "Running integration tests..."
-	@go test -count=1 -run Integration ./...
+	@go test -v -count=1 -run Integration ./...
 
 # Run tests for a specific package
 test-package:
 	@echo "Running tests for package $(PACKAGE)..."
 	@go test -v ./$(PACKAGE)
 
-kat-agent:
+kat-agent: $(shell find ./cmd/kat-agent -name '*.go') $(shell find . -name 'go.mod' -o -name 'go.sum')
 	@echo "Building kat-agent..."
 	@go build -o kat-agent ./cmd/kat-agent/main.go
 
diff --git a/internal/api/join_handler.go b/internal/api/join_handler.go
index 591b88e..30808f2 100644
--- a/internal/api/join_handler.go
+++ b/internal/api/join_handler.go
@@ -11,8 +11,8 @@ import (
 
 	"github.com/google/uuid"
 
-	"kat-system/internal/pki"
-	"kat-system/internal/store"
+	"git.dws.rip/dubey/kat/internal/pki"
+	"git.dws.rip/dubey/kat/internal/store"
 )
 
 // JoinRequest represents the data sent by an agent when joining
@@ -103,10 +103,10 @@ func NewJoinHandler(stateStore store.StateStore, caKeyPath, caCertPath string) h
 		// Store node registration in etcd
 		nodeRegKey := fmt.Sprintf("/kat/nodes/registration/%s", nodeName)
 		nodeReg := map[string]interface{}{
-			"uid":           nodeUID,
-			"advertiseAddr": joinReq.AdvertiseAddr,
+			"uid":             nodeUID,
+			"advertiseAddr":   joinReq.AdvertiseAddr,
 			"wireguardPubKey": joinReq.WireguardPubKey,
-			"joinTimestamp": time.Now().Unix(),
+			"joinTimestamp":   time.Now().Unix(),
 		}
 		nodeRegData, err := json.Marshal(nodeReg)
 		if err != nil {
diff --git a/internal/api/server.go b/internal/api/server.go
index 79b7f70..18ce1d7 100644
--- a/internal/api/server.go
+++ b/internal/api/server.go
@@ -8,7 +8,6 @@ import (
 	"log"
 	"net/http"
 	"os"
-	"strings"
 	"time"
 )
 
@@ -113,7 +112,7 @@ func (s *Server) Start() error {
 		ClientAuth:   tls.NoClientCert, // Don't require client certs for now
 		MinVersion:   tls.VersionTLS12,
 	}
-	
+
 	log.Printf("WARNING: TLS configured without client certificate verification for Phase 2")
 	log.Printf("This is a temporary development configuration and should be secured in production")
 
diff --git a/internal/api/server_test.go b/internal/api/server_test.go
index d6ebeae..b427322 100644
--- a/internal/api/server_test.go
+++ b/internal/api/server_test.go
@@ -12,7 +12,7 @@ import (
 	"testing"
 	"time"
 
-	"kat-system/internal/pki"
+	"git.dws.rip/dubey/kat/internal/pki"
 )
 
 func TestServerWithMTLS(t *testing.T) {
@@ -31,7 +31,7 @@ func TestServerWithMTLS(t *testing.T) {
 	// Generate CA
 	caKeyPath := filepath.Join(tempDir, "ca.key")
 	caCertPath := filepath.Join(tempDir, "ca.crt")
-	if err := pki.GenerateCA(caKeyPath, caCertPath, "KAT Test CA", 24*time.Hour); err != nil {
+	if err := pki.GenerateCA(tempDir, caKeyPath, caCertPath); err != nil {
 		t.Fatalf("Failed to generate CA: %v", err)
 	}
 
@@ -39,7 +39,7 @@ func TestServerWithMTLS(t *testing.T) {
 	serverKeyPath := filepath.Join(tempDir, "server.key")
 	serverCSRPath := filepath.Join(tempDir, "server.csr")
 	serverCertPath := filepath.Join(tempDir, "server.crt")
-	if err := pki.GenerateCertificateRequest("server.test", serverKeyPath, serverCSRPath); err != nil {
+	if err := pki.GenerateCertificateRequest("localhost", serverKeyPath, serverCSRPath); err != nil {
 		t.Fatalf("Failed to generate server CSR: %v", err)
 	}
 	if err := pki.SignCertificateRequest(caKeyPath, caCertPath, serverCSRPath, serverCertPath, 24*time.Hour); err != nil {
@@ -58,7 +58,7 @@ func TestServerWithMTLS(t *testing.T) {
 	}
 
 	// Create and start server
-	server, err := NewServer("localhost:0", serverCertPath, serverKeyPath, caCertPath)
+	server, err := NewServer("localhost:8443", serverCertPath, serverKeyPath, caCertPath)
 	if err != nil {
 		t.Fatalf("Failed to create server: %v", err)
 	}
@@ -76,7 +76,7 @@ func TestServerWithMTLS(t *testing.T) {
 	}()
 
 	// Wait for server to start
-	time.Sleep(100 * time.Millisecond)
+	time.Sleep(250 * time.Millisecond)
 
 	// Load CA cert
 	caCert, err := os.ReadFile(caCertPath)
diff --git a/internal/config/parse_test.go b/internal/config/parse_test.go
index ce0fd48..1b50189 100644
--- a/internal/config/parse_test.go
+++ b/internal/config/parse_test.go
@@ -201,8 +201,8 @@ func TestValidateClusterConfiguration_InvalidValues(t *testing.T) {
 			ApiPort:                10251,
 			EtcdPeerPort:           2380,
 			EtcdClientPort:         2379,
-			VolumeBasePath:         "~/.kat/volumes",
-			BackupPath:             "~/.kat/backups",
+			VolumeBasePath:         ".kat/volumes",
+			BackupPath:             ".kat/backups",
 			BackupIntervalMinutes:  30,
 			AgentTickSeconds:       15,
 			NodeLossTimeoutSeconds: 60,
diff --git a/internal/config/types.go b/internal/config/types.go
index c5c0c84..4e79c5d 100644
--- a/internal/config/types.go
+++ b/internal/config/types.go
@@ -11,8 +11,8 @@ const (
 	DefaultApiPort            = 9115
 	DefaultEtcdPeerPort       = 2380
 	DefaultEtcdClientPort     = 2379
-	DefaultVolumeBasePath     = "~/.kat/volumes"
-	DefaultBackupPath         = "~/.kat/backups"
+	DefaultVolumeBasePath     = ".kat/volumes"
+	DefaultBackupPath         = ".kat/backups"
 	DefaultBackupIntervalMins = 30
 	DefaultAgentTickSeconds   = 15
 	DefaultNodeLossTimeoutSec = 60 // DefaultNodeLossTimeoutSeconds = DefaultAgentTickSeconds * 4 (example logic)
diff --git a/internal/pki/ca.go b/internal/pki/ca.go
index c4eb9bb..42e4ede 100644
--- a/internal/pki/ca.go
+++ b/internal/pki/ca.go
@@ -22,7 +22,7 @@ const (
 	// Default certificate validity period
 	DefaultCertValidityDays = 365 // 1 year
 	// Default PKI directory
-	DefaultPKIDir = "/var/lib/kat/pki"
+	DefaultPKIDir = ".kat/pki"
 )
 
 // GenerateCA creates a new Certificate Authority key pair and certificate.
@@ -271,18 +271,6 @@ func GetPKIPathFromClusterConfig(backupPath string) string {
 	return filepath.Dir(backupPath) + "/pki"
 }
 
-// GetPKIPathFromClusterConfig determines the PKI directory from the cluster configuration.
-// If backupPath is provided, it uses the parent directory of backupPath.
-// Otherwise, it uses the default PKI directory.
-func GetPKIPathFromClusterConfig(backupPath string) string {
-	if backupPath == "" {
-		return DefaultPKIDir
-	}
-
-	// Use the parent directory of backupPath
-	return filepath.Dir(backupPath) + "/pki"
-}
-
 // generateSerialNumber creates a random serial number for certificates
 func generateSerialNumber() (*big.Int, error) {
 	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) // 128 bits
diff --git a/internal/testutil/testutil.go b/internal/testutil/testutil.go
index ea0391c..ae145b0 100644
--- a/internal/testutil/testutil.go
+++ b/internal/testutil/testutil.go
@@ -51,8 +51,8 @@ spec:
   apiPort: 9115
   etcdPeerPort: 2380
   etcdClientPort: 2379
-  volumeBasePath: "~/.kat/volumes"
-  backupPath: "~/.kat/backups"
+  volumeBasePath: ".kat/volumes"
+  backupPath: ".kat/backups"
   backupIntervalMinutes: 30
   agentTickSeconds: 15
   nodeLossTimeoutSeconds: 60