diff --git a/README.md b/README.md
index 3e6e22f..c0cd9c6 100644
--- a/README.md
+++ b/README.md
@@ -1,22 +1,55 @@
-# GuardRailOps: Federated, Verifiable Incident Response Orchestration
+GuardRailOps: Federated, Verifiable Incident Response Orchestration
+=================================================================
 
-Prototype of an open-source platform enabling cross-organization incident response (IR) orchestration across multi-cloud and on-prem environments with offline resilience, deterministic replay, and auditable governance.
+Overview
+- GuardRailOps is an open-source platform for cross-organization incident response (IR)
+  that federates playbooks across public clouds (AWS/Azure/GCP) and on-prem environments.
+- It is designed to operate in partitioned networks (offline or partially connected) while
+  preserving data locality and enabling deterministic replay and auditable governance when
+  connectivity returns.
 
-Architecture at a glance
-- Local IR primitives: LocalIRTask, SharedTelemetry, PlanDelta
-- Delta-based offline-first propagation and deterministic replay
-- Tamper-evident governance ledger with cryptographic signatures (simulated for MVP)
-- Graph-of-Contracts (GoC) registry scaffold
-- Adapters marketplace scaffold (SIEM/EDR as starter adapters)
-- Privacy-preserving telemetry sharing via secure aggregation scaffolds (MVP stubs)
+Key Concepts
+- Graph-of-Contracts (GoC) registry: maps per-service IR tasks to aggregated signals and actions.
+- Minimal DSL for IR primitives: LocalIRTask, SharedTelemetry, PlanDelta, AuditLog, PrivacyBudget.
+- Deterministic delta-reconciliation: offline-first propagation of plan deltas with versioning,
+  timestamps, nonces, and cryptographic signatures to support reproducible retroactive analysis.
+- Tamper-evident governance ledger: append-only, cryptographically-signed records anchored to an audit trail.
+- Adapters marketplace: pluggable connectors to SIEM/EDR, ITSM, IAM/policy engines, and automation stacks.
 
-Getting started (developer workflow)
-- Install dependencies via test.sh (will be defined in repo)
-- Run tests and packaging to validate MVP
+Current State (MVP)
+- Core primitives implemented in Python:
+  - LocalIRTask, SharedTelemetry, PlanDelta, AuditLogEntry, DeltaSyncEngine, GovernanceLedger, GoCRegistry,
+    AdapterMarketplace
+- Lightweight adapter scaffolds (SIEMAdapter, EDRAdapter) with TLS mutual-auth style handshake (simulated).
+- Phase-0 MVP wiring for two starter adapters over TLS and a toy cross-organization IR scenario.
 
-This repository is structured to be extended by multiple agents in a SWARM fashion. See AGENTS.md for architecture details and contribution rules.
+Project Structure (highlights)
+- src/idea138_guardrailops_federated_verifiable: core primitives and adapters scaffolds
+- src/idea138_guardrailops_federated_verifiable/adapters.py: SIEM/EDR adapters (scaffolds)
+- src/idea138_guardrailops_federated_verifiable/contract_sketch.py: minimal contract sketch helper
+- test.sh: test harness that installs the package, runs tests, and verifies packaging
+- pyproject.toml: packaging metadata (name, version, Python requirement, readme hook)
 
-Links
-- AGENTS.md: Architecture and contribution rules
-- test.sh: Test and packaging automation
-- READY_TO_PUBLISH: Placeholder for publishing readiness
+How to Use (Dev Quickstart)
+- Build and test:
+  - bash test.sh
+- Explore primitives:
+  - Inspect LocalIRTask, SharedTelemetry, PlanDelta, AuditLogEntry, DeltaSyncEngine in src/idea138_guardrailops_federated_verifiable/__init__.py
+- Start adapters (toy-only):
+  - Use SIEMAdapter and EDRAdapter from adapters.py and call their simple APIs (ingest/trigger_action)
+
+Roadmap (MVP to production)
+- Phase 0: protocol skeleton + 2 starter adapters (SIEM/EDR) with TLS mutual authentication; delta-sync; toy IR scenario
+- Phase 1: GoC registry, identity management, secure telemetry aggregation, governance ledger scaffolding
+- Phase 2: end-to-end cross-domain pilot with simulated multi-cloud/on-prem environments; reference SDK
+- Phase 3: auditor-friendly governance hardening, performance dashboards
+
+Contributing
+- Minimal, atomic changes preferred. Add tests for new features. Do not push to remote unless requested.
+- See AGENTS.md for repository-wide contribution rules.
+
+Contact
+- This repository is part of a collaborative effort. If you want to discuss architecture decisions,
+  open issues in the repo and reference this README.
+
+Enjoy building guarded IR interoperability.
diff --git a/docs/mvp_spec.md b/docs/mvp_spec.md
new file mode 100644
index 0000000..b62737b
--- /dev/null
+++ b/docs/mvp_spec.md
@@ -0,0 +1,43 @@
+Two-Adapter MVP Spec (SIEM + EDR)
+================================
+
+Goal
+- Provide a toy, production-ready skeleton that demonstrates GuardRailOps interoperability between twoAdapters: a SIEM adapter and an EDR adapter. The MVP runs over TLS-like mutual authentication and supports offline-first delta propagation with deterministic replay.
+
+Architecture Highlights
+- Protocol skeleton: lightweight messaging between IR orchestrator and adapters using a minimal, vendor-agnostic contract model.
+- GoC primitives:
+  - LocalIRTask: per-service detection/containment objectives
+  - SharedTelemetry: privacy-preserving signals shared across domains
+  - PlanDelta: incremental containment/execution actions with timestamp and nonce
+  - AuditLog: governance/provenance entries (signed in production)
+- Deterministic delta-reconciliation: deltas carry nonce and timestamp to enable replay.
+- Adapters: two starter adapters (SIEM and EDR) with TLS mutual authentication flavor.
+
+Data Contracts (Seed)
+- LocalIRTask: { id, service, detection_rules }
+- SharedTelemetry: { signals: { key: value }, budget, timestamp }
+- PlanDelta: { delta_id, parent_id, timestamp, nonce, changes }
+- RegistryEntry: { adapter_id, contract_version, data_contract, timestamp }
+- AuditLogEntry: { entry_id, event, detail, signature }
+
+Phase 0 (Weeks 1-2): Protocol skeleton
+- Implement a minimal transport layer (TLS-like) and a simple protocol to exchange LocalIRTask and PlanDelta.
+- Wire two adapters: SIEMAdapter (ingest telemetry) and EDRAdapter (trigger containment actions).
+- Implement DeltaSyncEngine to apply PlanDelta to an in-memory state and enable deterministic replay.
+
+Phase 1 (Weeks 3-5): Governance and identity
+- GoCRegistry: register adapter metadata.
+- PrivacyBudget: per-signal budgets to demonstrate privacy-preserving telemetry.
+- GovernanceLedger: append-only log with simple signing placeholder.
+
+Phase 2 (Weeks 6-8): Cross-domain pilot
+- Simulated cross-domain environment with offline-first mode: adapters communicate locally and reconcile when connected.
+- Reference SDK and adapter templates to enable rapid onboarding of new adapters.
+
+Phase 3 (Weeks 9-12): Auditability & dashboards
+- Demo dashboards showing delta fidelity, replay fidelity, and containment latency.
+- Harden governance proofs and privacy budgets; integrate with PortaLedger-like proofs if possible.
+
+Notes
+- This MVP intentionally uses toy cryptography placeholders and in-memory stores for clarity. Replace with production-grade crypto and persistent storage in later phases.