docs: rewrite README with structured overview and quick start guide

Replaces the minimal project description with a comprehensive README
including a component overview table, quick start instructions, common
Ansible operations, and links to detailed documentation. Aligns with
Red Panda Approval™ standards.

ansible/kernos/deploy.yml

@@ -0,0 +1,180 @@
+---
+- name: Deploy Kernos MCP Shell Server
+  hosts: kernos
+  vars:
+    ansible_common_remote_group: "{{kernos_group}}"
+    allow_world_readable_tmpfiles: true
+  tasks:
+  - name: Create Kernos group
+    become: true
+    ansible.builtin.group:
+      name: "{{kernos_group}}"
+      state: present
+
+  - name: Create kernos user
+    become: true
+    ansible.builtin.user:
+      name: "{{kernos_user}}"
+      group: "{{kernos_group}}"
+      home: "/home/{{kernos_user}}"
+      shell: /bin/bash
+      system: false
+      create_home: true
+
+  - name: Add remote_user to kernos group
+    become: true
+    ansible.builtin.user:
+      name: "{{remote_user}}"
+      groups: "{{kernos_group}}"
+      append: true
+
+  - name: Reset connection to pick up new group membership
+    ansible.builtin.meta: reset_connection
+
+  - name: Create required directories
+    become: true
+    ansible.builtin.file:
+      path: "{{kernos_directory}}"
+      owner: "{{kernos_user}}"
+      group: "{{kernos_group}}"
+      state: directory
+      mode: '750'
+
+  - name: Ensure tar is installed for unarchive task
+    become: true
+    ansible.builtin.apt:
+      name:
+        - tar
+      state: present
+      update_cache: true
+
+  - name: Ensure Python, Python Dev, Venv module is installed
+    become: true
+    ansible.builtin.apt:
+      name: [python3, python3-venv, python3-dev]
+      state: present
+      update_cache: true
+
+  - name: Transfer and unarchive git archive
+    become: true
+    ansible.builtin.unarchive:
+      src: "~/rel/kernos_{{kernos_rel}}.tar"
+      dest: "{{kernos_directory}}"
+      owner: "{{kernos_user}}"
+      group: "{{kernos_group}}"
+      mode: '550'
+    notify: restart kernos
+
+  - name: Ensure venv directory ownership is correct
+    become: true
+    ansible.builtin.file:
+      path: "{{kernos_directory}}/.venv"
+      owner: "{{kernos_user}}"
+      group: "{{kernos_group}}"
+      state: directory
+      recurse: true
+    when: ansible_facts['file'] is defined or true
+
+  - name: Create virtual environment for Kernos
+    become: true
+    become_user: "{{kernos_user}}"
+    ansible.builtin.command:
+      cmd: "python3 -m venv {{kernos_directory}}/.venv/"
+      creates: "{{kernos_directory}}/.venv/bin/activate"
+
+  - name: Install wheel in virtual environment
+    become: true
+    become_user: "{{kernos_user}}"
+    ansible.builtin.pip:
+      name:
+        - wheel
+      state: latest
+      virtualenv: "{{kernos_directory}}/.venv"
+
+  - name: Install pyproject.toml dependencies in virtualenv
+    become: true
+    become_user: "{{kernos_user}}"
+    ansible.builtin.pip:
+      chdir: "{{kernos_directory}}"
+      name: .
+      virtualenv: "{{kernos_directory}}/.venv"
+      virtualenv_command: python3 -m venv
+    notify: restart kernos
+
+  - name: Template Kernos .env configuration
+    become: true
+    ansible.builtin.template:
+      src: .env.j2
+      dest: "{{kernos_directory}}/.env"
+      owner: "{{kernos_user}}"
+      group: "{{kernos_group}}"
+      mode: '640'
+    notify: restart kernos
+
+  - name: Template systemd service file
+    become: true
+    ansible.builtin.template:
+      src: kernos.service.j2
+      dest: /etc/systemd/system/kernos.service
+      owner: root
+      group: root
+      mode: '644'
+    notify: restart kernos
+
+  - name: Enable and start kernos service
+    become: true
+    ansible.builtin.systemd:
+      name: kernos
+      enabled: true
+      state: started
+      daemon_reload: true
+
+  - name: Flush handlers to restart service before validation
+    ansible.builtin.meta: flush_handlers
+
+  - name: Validate Kernos liveness endpoint
+    ansible.builtin.uri:
+      url: "http://localhost:{{kernos_port}}/live"
+      status_code: 200
+      return_content: true
+    register: live_check
+    retries: 5
+    delay: 5
+    until: live_check.status == 200
+
+  - name: Validate Kernos readiness endpoint
+    ansible.builtin.uri:
+      url: "http://localhost:{{kernos_port}}/ready"
+      status_code: 200
+      return_content: true
+    register: ready_check
+    retries: 5
+    delay: 5
+    until: ready_check.status == 200
+
+  - name: Validate Kernos health endpoint
+    ansible.builtin.uri:
+      url: "http://localhost:{{kernos_port}}/health"
+      status_code: 200
+      return_content: true
+    register: health_check
+    retries: 5
+    delay: 5
+    until: health_check.status == 200
+
+  - name: Validate Kernos /metrics endpoint
+    ansible.builtin.uri:
+      url: "http://localhost:{{kernos_port}}/metrics"
+      status_code: 200
+      return_content: false
+    register: metrics_check
+    retries: 5
+    delay: 5
+    until: metrics_check.status == 200
+
+  handlers:
+  - name: restart kernos
+    become: true
+    ansible.builtin.systemd:
+      name: kernos
+      state: restarted