diff --git a/license b/license
new file mode 100644
index 0000000..6f6a303
--- /dev/null
+++ b/license
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Task Venture Capital GmbH (hello@task.vc)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/license.md b/license.md
index 5d19587..6f6a303 100644
--- a/license.md
+++ b/license.md
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2026 Lossless GmbH
+Copyright (c) 2026 Task Venture Capital GmbH (hello@task.vc)
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
diff --git a/package.json b/package.json
index 216e1e4..2fa7e89 100644
--- a/package.json
+++ b/package.json
@@ -32,7 +32,7 @@
     "type": "git",
     "url": "ssh://git@code.foss.global:29419/serve.zone/corebuild.git"
   },
-  "author": "Lossless GmbH",
+  "author": "Task Venture Capital GmbH",
   "license": "MIT",
   "packageManager": "pnpm@10.28.2"
 }
diff --git a/readme.md b/readme.md
index b0720ab..a1d946c 100644
--- a/readme.md
+++ b/readme.md
@@ -1,28 +1,220 @@
 # @serve.zone/corebuild
 
-CoreBuild is the serve.zone worker service for heavy artifact generation jobs such as BaseOS ISO builds.
+CoreBuild is the serve.zone build-worker service for heavy image artifact jobs. Cloudly schedules the work; CoreBuild runs the build on a capable worker node, calls `isocreator`, uploads the finished artifact to S3-compatible storage, and returns artifact metadata and logs.
 
-Cloudly owns orchestration and user-facing downloads. CoreBuild runs on suitable builder nodes, executes `isocreator`, uploads artifacts to S3-compatible storage, and returns artifact metadata to Cloudly.
+## Issue Reporting and Security
 
-## Runtime
+For reporting bugs, issues, or security vulnerabilities, please visit [community.foss.global/](https://community.foss.global/). This is the central community hub for all issue reporting. Developers who sign and comply with our contribution agreement and go through identification can also get a [code.foss.global/](https://code.foss.global/) account to submit Pull Requests directly.
 
-Required environment:
+## Current Scope
 
-- `COREBUILD_PORT`: HTTP port, defaults to `3060`.
-- `COREBUILD_TOKEN`: shared worker token expected from Cloudly.
-- `COREBUILD_WORKDIR`: temp workspace, defaults to `.nogit/workdir`.
-- `ISO_CREATOR_COMMAND`: command used to run isocreator, defaults to `isocreator`.
+CoreBuild currently supports the `baseos-image` job type used by Cloudly's BaseOS manager.
 
-For local development against the workspace checkout:
+Supported output families:
 
-```bash
+- `ubuntu-iso` for `amd64` and `arm64` BaseOS installer images.
+- `balena-raw` for Raspberry Pi or raw-image based BaseOS builds.
+
+Supported architecture values reported by `/corebuild/v1/capabilities`:
+
+- `amd64`
+- `arm64`
+- `rpi`
+
+CoreBuild does not store permanent build state. Each job gets a temporary workspace under the configured workdir, and the workspace is removed after the artifact is uploaded.
+
+## Runtime Flow
+
+```text
+Cloudly BaseOS manager
+  -> GET /corebuild/v1/capabilities
+  -> POST /corebuild/v1/jobs/baseos-image
+      -> BaseOsImageBuilder
+          -> writes isocreator.config.json
+          -> runs ISO_CREATOR_COMMAND build --config <config>
+          -> uploads artifact to S3 with smartbucket
+          -> returns filename, size, sha256, content type, bucket, and key
+```
+
+Cloudly owns build records, user-facing status, retention, and download URLs. CoreBuild only executes the worker-side job.
+
+## Configuration
+
+| Env var | Default | Purpose |
+| --- | --- | --- |
+| `COREBUILD_PORT` | `3060` | HTTP server port. |
+| `COREBUILD_TOKEN` | unset | Optional shared token required for build jobs. |
+| `COREBUILD_WORKDIR` | `.nogit/workdir` under the current working directory | Temporary build workspace. |
+| `COREBUILD_WORKER_ID` | `<hostname>-<pid>` | Worker id reported in capabilities. |
+| `ISO_CREATOR_COMMAND` | `isocreator` | Command used to run isocreator. |
+
+Local development against the workspace checkout can point `ISO_CREATOR_COMMAND` at the neighboring `isocreator` repo:
+
+```sh
 ISO_CREATOR_COMMAND="deno run --allow-all ../isocreator/mod.ts" pnpm run startTs
 ```
 
-## API
+## Starting CoreBuild
 
-- `GET /health`
-- `GET /corebuild/v1/capabilities`
-- `POST /corebuild/v1/jobs/baseos-image`
+```sh
+pnpm install
+pnpm build
+pnpm start
+```
 
-The BaseOS image job expects Cloudly to provide the S3 descriptor and a one-time provisioning token. CoreBuild never stores those values beyond the build workspace.
+For direct TypeScript execution:
+
+```sh
+pnpm run startTs
+```
+
+Programmatic startup:
+
+```ts
+import { CoreBuildServer } from '@serve.zone/corebuild';
+
+const server = CoreBuildServer.fromEnv();
+await server.start();
+```
+
+## HTTP API
+
+### `GET /health`
+
+Returns a minimal health response:
+
+```json
+{ "ok": true }
+```
+
+### `GET /corebuild/v1/capabilities`
+
+Returns worker capabilities and sizing information:
+
+```json
+{
+  "workerId": "builder-1-12345",
+  "supportedBuildTypes": ["baseos-image"],
+  "supportedArchitectures": ["amd64", "arm64", "rpi"],
+  "supportedImageKinds": ["ubuntu-iso", "balena-raw"],
+  "cpuCores": 16,
+  "memoryGb": 64,
+  "workdir": "/var/tmp/corebuild"
+}
+```
+
+### `POST /corebuild/v1/jobs/baseos-image`
+
+Runs one BaseOS image job. If `COREBUILD_TOKEN` is set, the request must provide the token through one of these mechanisms:
+
+- `Authorization: Bearer <token>`
+- `x-corebuild-token: <token>`
+- JSON body field `apiToken`
+
+Request shape:
+
+```json
+{
+  "apiToken": "optional-token",
+  "job": {
+    "id": "build-123",
+    "architecture": "amd64",
+    "imageKind": "ubuntu-iso",
+    "cloudlyUrl": "https://cloudly.example.com",
+    "provisioningToken": "one-time-baseos-token",
+    "ubuntuVersion": "24.04",
+    "hostname": "baseos-build-123",
+    "sshPublicKey": "ssh-ed25519 ...",
+    "s3Descriptor": {
+      "endpoint": "s3.example.com",
+      "accessKey": "access-key",
+      "accessSecret": "secret-key",
+      "bucketName": "servezone-artifacts",
+      "port": 443,
+      "useSsl": true,
+      "region": "us-east-1"
+    },
+    "artifactKey": "corebuild/baseos/build-123/baseos.iso"
+  }
+}
+```
+
+Successful response:
+
+```json
+{
+  "success": true,
+  "artifact": {
+    "bucketName": "servezone-artifacts",
+    "key": "corebuild/baseos/build-123/baseos.iso",
+    "filename": "baseos.iso",
+    "contentType": "application/x-iso9660-image",
+    "size": 123456789,
+    "sha256": "...",
+    "createdAt": 1760000000000
+  },
+  "logs": ["Starting isocreator for amd64 ubuntu-iso"]
+}
+```
+
+## Image Generation Details
+
+For `ubuntu-iso` jobs, CoreBuild generates an isocreator config that:
+
+- Uses Ubuntu Server `24.04` unless the job supplies `ubuntuVersion`.
+- Writes `/etc/baseos/baserunner.env` with `BASEOS_CLOUDLY_URL`, `BASEOS_JOIN_TOKEN`, `BASEOS_STATE_PATH`, and heartbeat interval.
+- Installs a `baseos-baserunner.service` systemd unit.
+- Adds an installation script that installs Deno when missing and checks out `https://code.foss.global/serve.zone/baseos.git` into `/opt/baseos`.
+- Optionally injects WiFi and SSH user configuration.
+
+For `balena-raw` jobs, `sourceImageUrl` is required. The generated config embeds the Cloudly URL and provisioning token in the Balena/BaseOS runtime configuration and emits a compressed `baseos-<architecture>.img.xz` style artifact.
+
+## Cloudly Integration
+
+Cloudly discovers CoreBuild workers from settings:
+
+- `corebuildWorkersJson`: preferred, accepts a JSON array of URL strings or objects with `url`, optional `token`, and optional `id`.
+- `corebuildWorkerUrl` and `corebuildWorkerToken`: legacy single-worker settings.
+
+Cloudly selects the first worker whose capabilities include the requested build type, architecture, and image kind. It then posts the job with the configured token in both the authorization header and request body for compatibility with CoreBuild's token validation.
+
+## Development
+
+Common commands:
+
+```sh
+pnpm install
+pnpm build
+pnpm test
+pnpm run startTs
+```
+
+Important files:
+
+| Path | Purpose |
+| --- | --- |
+| `ts/index.ts` | Exports the public API and starts `CoreBuildServer.fromEnv()` when run directly. |
+| `ts/classes.corebuildserver.ts` | HTTP server, token validation, health, capabilities, and job endpoint. |
+| `ts/classes.baseosimagebuilder.ts` | Build workspace handling, isocreator config generation, command execution, artifact hashing, and S3 upload. |
+| `ts/types.ts` | Job, artifact, S3 descriptor, capability, architecture, and image-kind types. |
+
+## License and Legal Information
+
+This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [license](./license) file.
+
+**Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file.
+
+### Trademarks
+
+This project is owned and maintained by Task Venture Capital GmbH. The names and logos associated with Task Venture Capital GmbH and any related products or services are trademarks of Task Venture Capital GmbH or third parties, and are not included within the scope of the MIT license granted herein.
+
+Use of these trademarks must comply with Task Venture Capital GmbH's Trademark Guidelines or the guidelines of the respective third-party owners, and any usage must be approved in writing. Third-party trademarks used herein are the property of their respective owners and used only in a descriptive manner, e.g. for an implementation of an API or similar.
+
+### Company Information
+
+Task Venture Capital GmbH
+Registered at District Court Bremen HRB 35230 HB, Germany
+
+For any legal inquiries or further information, please contact us via email at hello@task.vc.
+
+By using this repository, you acknowledge that you have read this section, agree to comply with its terms, and understand that the licensing of the code does not imply endorsement by Task Venture Capital GmbH of any derivative works.