v1.5.1 — top-level README + named-tunnel operator runbook

Added — README.md

• Top-level project README, ~330 lines, covering the full operator surface so a teammate (or future-self after a long break) can set up + run + operate the project without spelunking through 15 scripts and 9 modules.
• Sections: status + state-file pointers (PLAN/PROGRESS/CHANGELOG/IDEAS/CLAUDE), quick-start (one block of commands for the impatient), prerequisites (Python/Node/Postgres/cloudflared/FFLogs API client), step-by-step setup (venv, Postgres CREATE DATABASE, .env config, alembic upgrade head, npm install/build, smoke test), dev mode (FastAPI --reload + vite with proxy), prod mode (scripts/run_prod.ps1 quick-tunnel runner with HTTP Basic auth), first-time data flow (scripts.bootstrap_abilities → Roster tab → Watched panel → optional field backfill → optional FFLogs Gold connect → optional scheduled polling), daily operations (during-prog flow, strat editor with the structured-slot + role-assignment shape, session report modal), one-page architecture, scripts tour (all 14 under scripts/ + the 2 jobs/), test invocation, complete named-tunnel + Cloudflare Access upgrade runbook (the 6-step ops sequence — cloudflared login → tunnel create → tunnel route dns → config.yml ingress → Access app + policy → unset AUTH_*), pointer to project state files, cactbot vendor refresh note, license + attribution.
• The deployment-upgrade runbook captures every step needed to swap quick-tunnel → named-tunnel + Cloudflare Access. When the user picks a hostname (is-a.dev PR vs paid domain) the upgrade is one decision plus a runbook follow — no code change required.

Version

• 1.5.0 → 1.5.1 in api/init.py, pyproject.toml, web/package.json. PATCH bump per CLAUDE.md §4 — README is documentation, not a roadmap feature. 342/342 tests still passing after the bump (smoke test reads __version__).