docs: comprehensive README accuracy pass — verified against every line of code

[tlongwell-block]

Why

The README had accumulated inaccuracies as the codebase grew. Features were claimed that aren't implemented, crates existed that weren't documented, env vars were missing from the config table, and descriptions had drifted from reality.

How this was verified

Two rounds of adversarial review:

Round 1: 13 AI delegates each read every single line of their assigned crate(s) (~72,000 lines total across all 17 crates) and compared against the README. Findings were synthesized, applied, then crossfire-reviewed through 4 rounds (codex CLI + opus subagents) until both approved at 9–10/10.

Round 2: A 12-reviewer flock (each assigned specific README sections) + codex CLI + Claude Opus + Gemini 3.1 Pro independently verified every line of the updated README against source code. This caught 7 remaining inaccuracies that Round 1 missed — including a false "single binary" claim, an overstated NIP-29 kind range, and a missing crate dependency. All fixes were verified by codex CLI (final rating: 8/10, APPROVE).

What changed

README.md only, no code changes.

Round 1 — Critical fixes

• "Approval gates" removed as shipped feature — RequestApproval always fails at runtime with "not yet implemented — see WF-08". Now marked (approval gates: planned).
• NIP-29 status corrected — kinds 9021 (join request) and 9022 (leave request) are fully implemented; only 9009 remains deferred. Previously said "9009, 9021 deferred".
• Architecture diagram updated — added S3/MinIO as fourth backend dependency; fixed relay label from "admin API" (doesn't exist) to "channel/DM/media/workflow REST"; expanded Postgres/Redis labels.

Round 1 — Supported NIPs table

Added 6 implemented NIPs that were missing from the table:

• NIP-05 (identity verification — /.well-known/nostr.json)
• NIP-09 (event deletion — kind:5 handling)
• NIP-10 (thread conventions — e/p tag resolution)
• NIP-17 (private DMs — gift-wrap kind:1059)
• NIP-50 (search capability — Typesense-backed)
• NIP-98 (HTTP Auth — partial, POST /api/tokens bootstrap only)

Round 1 — Crate Map

• Added 3 undocumented crates: sprout-sdk, sprout-media, sprout-cli with new "Shared libraries" section
• Fixed all 12 existing crate descriptions against actual code:
  • sprout-relay: "admin routes" → "channel/DM/media/workflow REST, Blossom media upload"
  • sprout-core: added zero-I/O constraint, Schnorr verification, channel/presence types
  • sprout-db: "events, channels, API tokens" → lists all 9 data domains
  • sprout-auth: added NIP-98, rate limiting
  • sprout-pubsub: added presence tracking, typing indicators, rate limiting
  • sprout-workflow: lists all 5 trigger types, removes false "approval gates" claim
  • sprout-mcp: dropped hard tool count (code has 43/44 discrepancy), lists actual tool categories
  • sprout-huddle: added webhook verification, in-memory session tracking
  • sprout-audit: "hash chain" → "SHA-256 hash chain"
  • sprout-test-client: lists 8 E2E suite names

Round 1 — Configuration table

• Added 17 missing env vars with defaults verified against config.rs: CORS, health port, metrics, connection limits, media/S3, pubkey allowlist, send buffer, UDS, JWKS URI
• Added SPROUT_TOOLSETS — critical for MCP operators (controls which of the 7 toolsets are active)
• Added SPROUT_RELAY_PUBKEY — required by sprout-proxy, also used as fallback auth by sprout-workflow
• Fixed SPROUT_PUBKEY_ALLOWLIST description — narrowed to NIP-42 pubkey-only scope (API token and Okta JWT bypass)

Round 1 — MCP Tools section

• Documented the toolset system: default (25 tools active out of the box), channel_admin, dms, canvas, workflow_admin, identity, forums
• Added SPROUT_TOOLSETS=all guidance

Round 1 — Development section

• Added sprout-cli to "Running a specific crate" examples

Round 2 — Fixes from crossfire review

7 additional inaccuracies caught by the 12-reviewer flock and crossfire:

1. "All Rust — single binary" → "Pure Rust backend — memory safe, no GC pauses" — workspace produces 7 distinct binaries; desktop is TypeScript/React
2. NIP-29 "kinds 9000–9008" → "kinds 9000–9002, 9005, 9007–9008" — kinds 9003, 9004, 9006 don't exist in the codebase
3. sprout-sdk dep list — added sprout-acp (was missing; confirmed in crates/sprout-acp/Cargo.toml)
4. "The relay applies schema on startup" → "just migrate; just setup runs migrations automatically" — relay only auto-applies audit schema, not schema/schema.sql
5. "Waits for all services to be healthy" → "Waits for core services (Postgres, Redis, Typesense)" — dev-setup.sh only waits for 3 of 7 services
6. E2E test suite list — added media extended (e2e_media_extended.rs was missing from the 8-file list)
7. Added SPROUT_MINT_RATE_LIMIT env var (default 50) — was in tokens.rs but missing from config table

What's NOT in this PR

• No code changes — README only
• Detailed workflow YAML examples (belongs in WORKFLOWS.md)
• Rate limiting tier details (operational, belongs in SECURITY.md)
• Template variable syntax (belongs in AGENTS.md)