update documentation about 0.db admin db + symmetric encryption + include RPC examples + asymmetric transpart named key instances for encryption and signatures

README.md

@@ -17,6 +17,8 @@ The main purpose of HeroDB is to offer a lightweight, embeddable, and Redis-comp
 - **Expiration**: Time-to-live (TTL) functionality for keys.
 - **Scanning**: Cursor-based iteration for keys and hash fields (`SCAN`, `HSCAN`).
 - **AGE Cryptography Commands**: HeroDB-specific extensions for cryptographic operations.
+- **Symmetric Encryption**: Stateless symmetric encryption using XChaCha20-Poly1305.
+- **Admin Database 0**: Centralized control for database management, access control, and per-database encryption.
 
 ## Quick Start
 
@@ -30,31 +32,14 @@ cargo build --release
 
 ### Running HeroDB
 
-You can start HeroDB with different backends and encryption options:
-
-#### Default `redb` Backend
+Launch HeroDB with the required `--admin-secret` flag, which encrypts the admin database (DB 0) and authorizes admin access. Optional flags include `--dir` for the database directory, `--port` for the TCP port (default 6379), `--sled` for the sled backend, and `--enable-rpc` to start the JSON-RPC management server on port 8080.
 
+Example:
 ```bash
-./target/release/herodb --dir /tmp/herodb_redb --port 6379
+./target/release/herodb --dir /tmp/herodb --admin-secret myadminsecret --port 6379 --enable-rpc
 ```
 
-#### `sled` Backend
-
-```bash
-./target/release/herodb --dir /tmp/herodb_sled --port 6379 --sled
-```
-
-#### `redb` with Encryption
-
-```bash
-./target/release/herodb --dir /tmp/herodb_encrypted --port 6379 --encrypt --encryption_key mysecretkey
-```
-
-#### `sled` with Encryption
-
-```bash
-./target/release/herodb --dir /tmp/herodb_sled_encrypted --port 6379 --sled --encrypt --encryption_key mysecretkey
-```
+For detailed launch options, see [Basics](docs/basics.md).
 
 ## Usage with Redis Clients
 
@@ -76,10 +61,24 @@ redis-cli -p 6379 SCAN 0 MATCH user:* COUNT 10
 #    2) 1) "user:1"
 ```
 
+## Cryptography
+
+HeroDB supports asymmetric encryption/signatures via AGE commands (X25519 for encryption, Ed25519 for signatures) in stateless or key-managed modes, and symmetric encryption via SYM commands. Keys are persisted in the admin database (DB 0) for managed modes.
+
+For details, see [AGE Cryptography](docs/age.md) and [Basics](docs/basics.md).
+
+## Database Management
+
+Databases are managed via JSON-RPC API, with metadata stored in the encrypted admin database (DB 0). Databases are public by default upon creation; use RPC to set them private, requiring access keys for SELECT operations (read or readwrite based on permissions). This includes per-database encryption keys, access control, and lifecycle management.
+
+For examples, see [JSON-RPC Examples](docs/rpc_examples.md) and [Admin DB 0 Model](docs/admin.md).
+
 ## Documentation
 
 For more detailed information on commands, features, and advanced usage, please refer to the documentation:
 
 - [Basics](docs/basics.md)
 - [Supported Commands](docs/cmds.md)
-- [AGE Cryptography](docs/age.md)
+- [AGE Cryptography](docs/age.md)
+- [Admin DB 0 Model (access control, per-db encryption)](docs/admin.md)
+- [JSON-RPC Examples (management API)](docs/rpc_examples.md)