chore: rename packages/ to crates/

Move all 29 workspace members from packages/<name>/ to crates/<name>/.
Updates: workspace Cargo.toml (members + path deps), justfile, root
CLAUDE.md, scripts/build/CARGO_INSTALL.md, docs/architecture/crates.md
(renamed from packages.md), structural references in docs/architecture
and docs/configuration, per-crate CLAUDE.md self-references. Historical
plans, reports, and building/ docs are left untouched.

No behavior change; just check-all stays green and fermata tests pass.

README.md

@@ -0,0 +1,53 @@
+# dirigent_fermata
+
+`𝄐 fermata` — a fast, harness-agnostic guard that blocks AI coding agents from reading, writing, or executing things they shouldn't.
+
+Reads `.botignore` (gitignore syntax) and an optional `botignore.toml` for advanced rules. Designed to be called from agent hooks, used as an MCP server (future), or consumed as a library.
+
+## Status
+
+v0.1 — first releasable slice:
+- Library: `Op`, `Decision`, `Policy::check`, `Policy::check_command`, project-root walk-up, `.botignore` walker (via `ignore`), `botignore.toml` parsing, path identification heuristics.
+- CLI: `fermata check <path>...`, `fermata hook --harness <name>`.
+- Harness: Claude Code (PreToolUse) only.
+
+Out of scope for v0.1: Codex, Gemini, MCP server, audit log, filesystem watcher.
+
+## Quick start
+
+```bash
+# As a CLI
+fermata check --op read /path/to/.env
+echo $?  # 1 if blocked, 0 if allowed
+
+# As a Claude Code hook
+fermata hook --harness claude < hook_payload.json
+```
+
+## Configuration
+
+`.botignore` (gitignore syntax, applies to read + write):
+```
+.env
+.env.*
+secrets/**
+```
+
+`botignore.toml` (per-op rules):
+```toml
+[read]
+patterns = [".env*", "secrets/**"]
+
+[write]
+patterns = ["vendor/**", "*.lock"]
+
+[bash]
+deny = ["rm -rf /", "git push --force*"]
+ask = ["rm:*", "mv:*"]
+allow_prefixes = ["make test", "git checkout:*"]
+```
+
+## See also
+
+- `docs/tools/fermata.md` — Dirigent integration plan
+- `docs/workpad/brainstorm/fermata.md` — full product spec