diff --git a/README.md b/README.md
index d85a0a0..97991eb 100644
--- a/README.md
+++ b/README.md
@@ -1,68 +1,91 @@
-# HarborForge Project Plan
+# HarborForge Backend
 
-## Overview
-HarborForge is a dual UI/automation platform where humans + AI agents operate through a unified issue-driven workflow. The plan below tracks the Python/FastAPI backend, React frontend, and Python CLI, designed to run on a 1 vCPU + 1 GB RAM Docker Compose stack with MySQL persistence.
+Agent/人类协同任务管理平台 - FastAPI 后端
 
-## Workstreams & Task Breakdown
+## API Endpoints (21)
 
-### 1. Architecture & Platform Foundation
-- Document system components: API service, React SPA, Python CLI/bot runner, MySQL, webhook dispatcher, optional worker queue.
-- Define communication contracts (REST+webhook) and env/secret management.
-- Create Docker Compose template with lightweight images, explicit resource limits, and volumes for logs/database.
-- Include `AbstractWizard` initializer as part of deploy script; link to `https://git.hangman-lab.top/hzhang/AbstractWizard` and capture expectations from its README.
-- Set up logging/metrics hooks (stdout, log file rotation) and persistence directories on shared volume.
+### Auth
+- `POST /auth/token` - 登录获取 JWT token
+- `GET /auth/me` - 获取当前用户信息
 
-### 2. Authentication & Role-Based Access
-- Integrate OIDC standard login flow for UI; CLI uses credential files with no interactive login.
-- Establish credential lifecycle:
-  - Credentials have expiry timestamps and remain in DB flagged as expired.
-  - On usage of expired credential, return new credential + confirmation requirement.
-  - Confirmation must reach backend within 1 minute.
-  - Any random reuse of old credential 3–5 times before confirmation results in deletion; future calls require re-authentication (password/OIDC) to issue a new credential.
-- Store credential files via `--creds /path` or `HARBORFORGE_CREDENTIAL` env, support rotation via API.
-- Define RBAC model per project (roles: admin/dev/mgr/ops); admin user created during initialization.
-- Build admin-only endpoints/UI/CLI to manage roles, permissions, and project assignments.
+### Issues
+- `POST /issues` - 创建 issue（支持 resolution 决议案类型）
+- `GET /issues` - 列表（支持按 project/status/type 过滤）
+- `GET /issues/{id}` - 详情
+- `PATCH /issues/{id}` - 更新
+- `DELETE /issues/{id}` - 删除
+- `POST /issues/{id}/transition` - 状态变更（触发 webhook）
+- `GET /search/issues?q=keyword` - 搜索
 
-### 3. Core Issue/Work Item Platform
-- Design issue model that supports multiple types (task/story/test), state transitions, dependencies, tags, priority, comments.
-- Support multi-account/role membership per project and enforce permission matrix at API layer.
-- Guarantee every user-facing action can be invoked via API/CLI.
-- Catalog automation touchpoints (issue lifecycle updates, script triggers, deployment actions) for future extension.
+### Comments
+- `POST /comments` - 创建评论
+- `GET /issues/{id}/comments` - 列表
+- `PATCH /comments/{id}` - 更新
+- `DELETE /comments/{id}` - 删除
 
-### 4. Frontend (React)
-- Define app routes: dashboard, board/list, issue detail, role/project admin, audit/log viewer, automation console.
-- Implement state management (React Query or equivalent) matching API structure.
-- Provide UI components for admin role management + webhook configuration.
-- Surface webhook events and automation status, letting users inspect audit entries.
+### Projects
+- `POST /projects` - 创建
+- `GET /projects` - 列表
+- `GET /projects/{id}` - 详情
+- `PATCH /projects/{id}` - 更新
+- `DELETE /projects/{id}` - 删除
 
-### 5. CLI & Automation Surface
-- Build interactive Python CLI mirroring UI flows; commands are rendered differently but invoke same backend APIs.
-- CLI uses credential files or env tokens; includes runtime prompts for confirmation when credential rotation occurs.
-- Bot agent runner polls API for pending automations, executes scripts, and emits callbacks via webhook.
-- Document CLI command set (issue CRUD, role management, automation triggers, logs) and error handling.
+### Project Members
+- `POST /projects/{id}/members` - 添加成员
+- `GET /projects/{id}/members` - 列表
+- `DELETE /projects/{id}/members/{user_id}` - 移除
 
-### 6. API Coverage & Webhooks
-- Enumerate APIs for all core operations: issues, comments, projects, roles, credentials, automation scripts, audit logs.
-- Design webhook schema and catalog events to support: issue lifecycle, authentication events, automation/script completion.
-- Ensure webhook delivery is authenticated and configurable; details to be defined during implementation.
-- Provide API for credential confirmation flows and for requesting new credentials after deletion.
+### Users
+- `POST /users` - 注册
+- `GET /users` - 列表
+- `GET /users/{id}` - 详情
+- `PATCH /users/{id}` - 更新
 
-### 7. Observability & Logging
-- Log all API invocations to a file on Docker-mounted volume, capped at 10 MB with rotation.
-- Keep a webhook audit log (which event, trigger source, response status) for troubleshooting.
-- Provide endpoints/UI to browse recent logs (within retention threshold).
+### Webhooks
+- `POST /webhooks` - 创建
+- `GET /webhooks` - 列表
+- `GET /webhooks/{id}` - 详情
+- `PATCH /webhooks/{id}` - 更新
+- `DELETE /webhooks/{id}` - 删除
+- `GET /webhooks/{id}/logs` - 投递日志
 
-### 8. Deployment & Security Posture
-- Keep `ufw` locked down on `vps.t1` and rely on SSH tunnels (`ssh -L`) for UI/CLI testing.
-- Document CLI/agent testing setup (SSH tunnel commands, env vars) so Zhi/Hangman can coordinate.
-- Outline backup strategy for MySQL data directory within the Compose stack.
-- Confirm `AbstractWizard` handles initial admin/project creation; fall back to Zhi if issues arise.
+### System
+- `GET /health` - 健康检查
+- `GET /version` - 版本信息
+- `GET /dashboard/stats` - 统计面板
 
-### 9. Collaboration & Delivery Rhythm
-- Maintain the new channel with templates for requirements, story cards, milestones, and progress updates.
-- Use channel to publish deliverables (architecture doc, API spec, deployment instructions, automation scenarios).
-- Record testing points for UI/CLI without prescribing steps; let Hangman/Zhi define the execution details.
+## CLI
 
----
+```bash
+# 环境变量
+export HARBORFORGE_URL=http://localhost:8000
+export HARBORFORGE_TOKEN=<your-token>
 
-Need any section expanded into user stories or backlog cards next?
\ No newline at end of file
+# 命令
+python3 cli.py login <username> <password>
+python3 cli.py issues [-p project_id] [-t type] [-s status]
+python3 cli.py create-issue "title" -p 1 -r 1 [-t resolution --summary "..." --positions "..." --pending "..."]
+python3 cli.py search "keyword"
+python3 cli.py transition <issue_id> <new_status>
+python3 cli.py stats [-p project_id]
+python3 cli.py projects
+python3 cli.py users
+python3 cli.py health
+python3 cli.py version
+```
+
+## 技术栈
+
+- Python 3.11 + FastAPI
+- SQLAlchemy + MySQL
+- JWT (python-jose)
+- Docker
+
+## Issue Types
+
+| Type | 用途 |
+|------|------|
+| task | 普通任务 |
+| story | 用户故事 |
+| test | 测试用例 |
+| resolution | 决议案（Agent 僵局提交）|