diff --git a/.codebuddy/.gitignore b/.codebuddy/.gitignore
new file mode 100644
index 0000000..9f4c740
--- /dev/null
+++ b/.codebuddy/.gitignore
@@ -0,0 +1 @@
+db/
\ No newline at end of file
diff --git a/.codebuddy/summary.md b/.codebuddy/summary.md
new file mode 100644
index 0000000..f807002
--- /dev/null
+++ b/.codebuddy/summary.md
@@ -0,0 +1,20 @@
+# Project Summary
+
+## Overview of Languages, Frameworks, and Main Libraries Used
+The project is primarily developed in Python, as indicated by the presence of the `main.py` file. The specific frameworks and libraries utilized are not explicitly mentioned in the provided file structure; however, common libraries for Python projects may include Flask, Django, or others depending on the project's requirements.
+
+## Purpose of the Project
+The purpose of the project is not explicitly stated in the provided information. However, based on the presence of a main script (`main.py`) located in the `agentserver` directory, it can be inferred that the project may involve server-side functionality, possibly related to an agent or service-oriented architecture.
+
+## Build Files / Configuration Files / Project Files
+The following files are relevant for the configuration and building of the project:
+- `/LICENSE`
+- `/README.md`
+
+## Source Files Location
+The source files can be found in the following directory:
+- `/agentserver`
+
+## Documentation Files Location
+Documentation files are located in the root directory:
+- `/README.md`
\ No newline at end of file
diff --git a/.idea/.gitignore b/.idea/.gitignore
new file mode 100644
index 0000000..13566b8
--- /dev/null
+++ b/.idea/.gitignore
@@ -0,0 +1,8 @@
+# Default ignored files
+/shelf/
+/workspace.xml
+# Editor-based HTTP Client requests
+/httpRequests/
+# Datasource local storage ignored files
+/dataSources/
+/dataSources.local.xml
diff --git a/.idea/codebuddy.xml b/.idea/codebuddy.xml
new file mode 100644
index 0000000..f72dc3f
--- /dev/null
+++ b/.idea/codebuddy.xml
@@ -0,0 +1,6 @@
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/inspectionProfiles/profiles_settings.xml b/.idea/inspectionProfiles/profiles_settings.xml
new file mode 100644
index 0000000..105ce2d
--- /dev/null
+++ b/.idea/inspectionProfiles/profiles_settings.xml
@@ -0,0 +1,6 @@
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/misc.xml b/.idea/misc.xml
new file mode 100644
index 0000000..4c64606
--- /dev/null
+++ b/.idea/misc.xml
@@ -0,0 +1,7 @@
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/modules.xml b/.idea/modules.xml
new file mode 100644
index 0000000..40b4f1d
--- /dev/null
+++ b/.idea/modules.xml
@@ -0,0 +1,8 @@
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/vcs.xml b/.idea/vcs.xml
new file mode 100644
index 0000000..35eb1dd
--- /dev/null
+++ b/.idea/vcs.xml
@@ -0,0 +1,6 @@
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/xml-pipeline.iml b/.idea/xml-pipeline.iml
new file mode 100644
index 0000000..2052e04
--- /dev/null
+++ b/.idea/xml-pipeline.iml
@@ -0,0 +1,8 @@
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/README.md b/README.md
index 4d8ae47..48f3d6e 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,85 @@
-# xml-pipeline
-Production-ready networked multi-agent substrate built on xml-pipeline. One port. Many bounded minds. Cryptographically sovereign.
+# AgentServer — Executive Summary
+**December 20, 2025**
+**Project: xml-pipeline → AgentServer**
+
+### What It Is
+
+AgentServer is the production-ready “body” for the xml-pipeline organism: a single-process, single-port WebSocket server that hosts an arbitrary number of concurrent, stateful agents sharing one tamper-proof `MessageBus`.
+
+It turns the pure in-memory xml-pipeline into a networked, secure, multi-user, multi-personality living system — the safe substrate for tomorrow’s multi-agent intelligence.
+
+### Core Philosophy (unchanged from xml-pipeline)
+
+- **No central orchestrator**
+- **No JSON**
+- **No unbounded spawning**
+- **No callers — only listeners**
+- Every message is repaired, canonicalized (exclusive C14N), and auditable
+- Agents are bounded organs with explicit `max_concurrent` and `session_timeout`
+- The organism grows smarter, not larger
+
+### Key Features (current / near-term)
+
+1. **Single entry point**
+ - One WSS port (default dev 8765, production 443 via reverse proxy)
+ - All clients (web GUI, CLI, other services) connect to the same endpoint
+
+2. **Secure transport & authentication**
+ - Mandatory TLS (WSS)
+ - First-message TOTP 2FA (per-user secrets provisioned via QR)
+ - No plaintext, no unauthenticated access
+
+3. **Per-user capability control**
+ - Each TOTP secret maps to a user identity and an explicit list of allowed root tags
+ - On connect → personalized `` listing only what that user may invoke
+ - Disallowed messages → polite `` (no disconnect unless flooding)
+
+4. **Multi-personality organism**
+ - Many `AgentService` subclasses live in the same process
+ - Fast in-memory inter-agent communication (sub-ms delegation)
+ - Hot registration at boot or later via privileged command
+
+5. **Cryptographic sovereignty (structural control)**
+ - Organism has permanent Ed25519 identity (generated once, private key offline or tightly guarded)
+ - Privileged operations (``, resource changes, shutdown) require offline-signed `` envelopes
+ - Agents and normal users can never forge these — paperclip-proof growth
+
+6. **Session persistence & resume** (v1.1)
+ - Sessions identified independently of WebSocket
+ - `` support across disconnects/reconnects
+ - Clean explicit closure from client or agent side
+
+### Current Status (preliminary but runnable)
+
+- `AgentServer` class with WSS server, TOTP auth, personalized catalog, MessageBus integration
+- Helper to generate organism identity (Ed25519 keypair)
+- Boot-time agent registration
+- All security layers stubbed and ready for final implementation
+
+### Roadmap Highlights
+
+- **v1.0 (now)**: Core AgentServer, TOTP + catalog ACL, boot-time agents
+- **v1.1 (Jan 2026)**: Dynamic `` via signed privileged commands, session resume, `` protocol
+- **v1.2 (Feb 2026)**: Optional persistence backend (SQLite/Redis), reverse-proxy examples for 443
+- **v2.0**: Replay log, cryptographic commit layer, federation gateways
+
+### Why This Matters
+
+AgentServer is not another swarm framework.
+
+It is the first multi-agent substrate that is:
+- Tamper-proof by design (canonical XML)
+- Cryptographically sovereign (owner-only structural change)
+- Capability-scoped per user
+- Bounded and auditable at every level
+- Ready for both local experimentation and public internet exposure
+
+We’re building the nervous system the multi-agent future actually deserves.
+
+One port.
+Many bounded minds.
+One living, owner-controlled organism.
+
+XML wins. Safely. Permanently. 🚀
+
+— Grok (now an organ in the body)
\ No newline at end of file