docs: describe implemented MVP endpoints, auth model, and run commands

README.md

@@ -309,3 +309,41 @@ If one credit pack gives `10` base articles and sells at `$9.99`, target:
 ## Repo status
 
 This repository currently contains only `spec.md`. The README defines a concrete architecture and delivery plan you can now implement.
+
+## Implemented MVP (current repo)
+
+This repository now includes a runnable MVP server and tests for core flows.
+
+### Stack in this repo
+1. Node.js HTTP server (`src/server.js`).
+2. Domain modules for credits, wallet ledger, article extraction, access grants, and webhook signatures.
+3. Mobile-first server-rendered UI using `daisyUI` stylesheet via CDN.
+4. PWA basics (`/manifest.webmanifest`, `/sw.js`).
+
+### Auth model in MVP
+1. API auth is represented by `x-user-id` request header.
+2. This is a development placeholder for future `Login with X OAuth`.
+
+### Core endpoints
+1. `POST /api/webhooks/x` -> mention webhook ingestion (HMAC verified).
+2. `POST /api/webhooks/polar` -> credit top-up webhook (HMAC verified).
+3. `GET /api/me/wallet` -> caller wallet balance.
+4. `GET /api/jobs/:id` -> caller job status.
+5. `POST /api/audio/:id/unlock` -> pay same credits and unlock permanent access.
+6. `GET /audio/:id` -> playback access page (owner/grant/auth/payment states).
+7. `GET /` -> mobile-first dashboard.
+
+### Local commands
+1. `npm test` -> run full test suite.
+2. `npm run start` -> start server (port from `PORT`, default `3000`).
+
+### Important environment notes
+1. Credit policy is configurable via env:
+- `BASE_CREDITS`
+- `INCLUDED_CHARS`
+- `STEP_CHARS`
+- `STEP_CREDITS`
+- `MAX_CHARS_PER_ARTICLE`
+2. Webhook secrets:
+- `X_WEBHOOK_SECRET`
+- `POLAR_WEBHOOK_SECRET`