skyoo2003
diff --git a/‎docs/README.md‎
Lines changed: 42 additions & 0 deletions b/‎docs/README.md‎
Lines changed: 42 additions & 0 deletions
diff --git a/‎docs/architecture.md‎
Lines changed: 198 additions & 0 deletions b/‎docs/architecture.md‎
Lines changed: 198 additions & 0 deletions
diff --git a/‎docs/configuration.md‎
Lines changed: 154 additions & 0 deletions b/‎docs/configuration.md‎
Lines changed: 154 additions & 0 deletions
@@ -0,0 +1,42 @@
+# DevCloud Documentation
+
+This directory holds DevCloud's technical documentation. Use the map below to jump to what you need.
+
+## Start here
+
+- **[Getting Started](getting-started.md)** — install, first run, boto3 / AWS CLI / Terraform examples
+- **[Configuration](configuration.md)** — YAML options, env-var overrides, tier shortcuts
+- **[Architecture](architecture.md)** — system design, plugin model, codegen pipeline, multi-CSP vision
+- **[Roadmap](roadmap.md)** — phased plan toward multi-CSP support
+- **[Services Matrix](services-matrix.md)** — 96 services, coverage status, boto3 pass rate
+
+## Per-service references
+
+Located under [`services/`](services/):
+
+- [S3](services/s3.md) — object storage (REST-XML)
+- [SQS](services/sqs.md) — message queue (Query + JSON)
+- [DynamoDB](services/dynamodb.md) — NoSQL KV + document (JSON 1.0)
+- [Lambda](services/lambda.md) — function runtime (REST-JSON)
+- [IAM / STS](services/iam-sts.md) — identity & tokens (Query)
+
+## Problem solving
+
+- **[FAQ](faq.md)** — common questions about scope, compatibility, CI use
+- **[Troubleshooting](troubleshooting.md)** — common errors and fixes
+
+## Contributing
+
+- **[Contributing Guide](contributing.md)** — dev setup, testing, codegen, adding new services
+- Root-level pointers: [CONTRIBUTING.md](../CONTRIBUTING.md), [CODE_OF_CONDUCT.md](../CODE_OF_CONDUCT.md), [SECURITY.md](../SECURITY.md), [SUPPORT.md](../SUPPORT.md)
+
+## Meta
+
+- [Changelog](../CHANGELOG.md)
+- [License (Apache 2.0)](../LICENSE)
+- [Trademarks](../TRADEMARKS.md)
+- [NOTICE](../NOTICE)
+
+---
+
+If something is missing from this index, that's a bug. Please file an [issue](https://github.com/skyoo2003/devcloud/issues) or open a PR to fix the link.
@@ -0,0 +1,198 @@
+# Architecture
+
+## Multi-CSP Vision
+
+DevCloud's long-term direction is to support multiple Cloud Service Providers (AWS, Azure, GCP, and others) behind a single local runtime. Today's implementation targets **AWS only** — the sections below describe the current AWS-specific architecture.
+
+A phased refactor is planned (see [roadmap.md](roadmap.md)):
+
+- **Phase 1 (current)** — AWS services via Smithy codegen, single-port gateway, AWS SigV4 auth.
+- **Phase 2 (preparation)** — Introduce an Intermediate Representation (IR) between API models and codegen. Abstract `ModelSource` so OpenAPI (Azure) and Protocol Buffers / Discovery Documents (GCP) can feed the same pipeline. Extract a per-provider auth adapter interface.
+- **Phase 3 (pilot)** — First non-AWS service (candidate: Azure Blob Storage) validates the multi-CSP architecture.
+- **Phase 4 (breadth)** — Additional services across CSPs; community-owned providers.
+
+The existing plugin system, protocol detector, and storage abstractions are intentionally CSP-agnostic where possible, to minimize rework when providers are added.
+
+## Request Flow
+
+```
+Client (boto3 / AWS CLI / Terraform / CDK)
+  │
+  ▼
+API Gateway (port 4747)
+  │
+  ├─ Middleware Chain
+  │   ├─ ErrorRecovery (panic recovery)
+  │   ├─ BodyLimit (request size limiting)
+  │   ├─ CORS (cross-origin handling)
+  │   ├─ RequestID (X-Amz-Request-Id)
+  │   ├─ RequestLogger (structured logging)
+  │   └─ LogCollector (dashboard live logs)
+  │
+  ├─ Route: /devcloud/api/* → Dashboard API
+  │
+  ▼
+Protocol Detector
+  │
+  ├─ X-Amz-Target header present       → JSON protocol (DynamoDB, SQS JSON)
+  ├─ Content-Type: x-www-form-urlencoded + Action= → Query protocol (IAM, STS, SQS Query)
+  ├─ SigV4 with Lambda path            → REST-JSON (Lambda)
+  └─ Default                           → REST-XML (S3)
+  │
+  ▼
+Auth Validator (SigV4 format check, account ID extraction)
+  │
+  ▼
+Service Router → Plugin Registry → ServicePlugin.HandleRequest()
+  │
+  ▼
+Service Implementation (S3, SQS, DynamoDB, Lambda, IAM, STS)
+  │
+  ▼
+Storage Backend → Response Serializer → HTTP Response
+```
+
+## Plugin System
+
+All services implement the `ServicePlugin` interface:
+
+```go
+type ServicePlugin interface {
+    ServiceID() string
+    ServiceName() string
+    Protocol() ProtocolType
+    Init(config PluginConfig) error
+    Shutdown(ctx context.Context) error
+    HandleRequest(ctx context.Context, op string, req *http.Request) (*Response, error)
+    ListResources(ctx context.Context) ([]Resource, error)
+    GetMetrics(ctx context.Context) (*ServiceMetrics, error)
+}
+```
+
+Plugins are registered in the `Registry` at startup. The gateway routes requests to the correct plugin based on protocol detection and service identification.
+
+### Supported Protocols
+
+| Protocol | Services | Request Format | Response Format |
+|----------|----------|----------------|-----------------|
+| REST-XML | S3 | HTTP path/headers | XML |
+| JSON 1.0 | DynamoDB, SQS | JSON body, `X-Amz-Target` header | JSON |
+| JSON 1.1 | Lambda | JSON body, REST path | JSON |
+| Query | IAM, STS, SQS | Form-encoded body with `Action=` | XML |
+
+SQS supports both Query and JSON protocols. The protocol is auto-detected per request based on Content-Type and headers.
+
+## Smithy Code Generation
+
+DevCloud auto-generates Go code from AWS Smithy JSON models. This enables rapid tracking of AWS API changes with minimal manual work.
+
+### Pipeline
+
+```
+smithy-models/*.json  (AWS Smithy model files)
+       │
+       ▼
+  Parser (internal/codegen/parser.go)
+  Reads service definitions, operations, input/output shapes
+       │
+       ▼
+  Generator (internal/codegen/generator.go)
+  Uses Go templates to produce:
+       │
+       ├─ types.go          — Request/response structs
+       ├─ interface.go       — Service interface (all operations)
+       ├─ serializer.go      — Request marshaling
+       ├─ deserializer.go    — Response unmarshaling
+       ├─ router.go          — Operation routing
+       ├─ errors.go          — Service-specific error types
+       └─ base_provider.go   — Stub implementation (NotImplementedError)
+       │
+       ▼
+  internal/generated/{service}/  (DO NOT EDIT)
+```
+
+### Running Codegen
+
+```bash
+# Generate code for all services
+make codegen
+
+# Generate for a specific service
+make codegen-s3
+```
+
+### Weekly Auto-Sync
+
+A GitHub Actions workflow runs weekly to:
+1. Fetch the latest Smithy models from AWS
+2. Run codegen
+3. Open a PR if any generated code changed
+
+## Event Bus
+
+The event bus (`internal/eventbus/`) provides in-memory pub/sub for internal communication:
+
+- Services publish events (resource created, deleted, etc.)
+- Dashboard subscribes to stream real-time updates via WebSocket
+- Loose coupling between services and dashboard
+
+## Dashboard
+
+The dashboard (`internal/dashboard/`) provides:
+
+- **REST API** at `/devcloud/api/` — service status, resource listing, request logs
+- **WebSocket** at `/devcloud/api/ws` — real-time event streaming
+- **Web UI** — Next.js static export served by the Go server
+
+Log collector maintains a circular buffer of the last 1000 API requests for the dashboard log viewer.
+
+## Directory Structure
+
+```
+devcloud/
+├── cmd/
+│   ├── devcloud/           # Server entry point (main.go)
+│   └── codegen/            # Smithy code generator CLI (main.go)
+├── internal/
+│   ├── gateway/            # HTTP server, middleware, protocol detection, routing
+│   ├── plugin/             # ServicePlugin interface, Registry
+│   ├── codegen/            # Smithy parser, code generators, templates
+│   ├── config/             # YAML config loading, env overrides
+│   ├── generated/          # Auto-generated code (DO NOT EDIT)
+│   │   ├── s3/
+│   │   ├── sqs/
+│   │   ├── dynamodb/
+│   │   ├── lambda/
+│   │   ├── iam/
+│   │   └── sts/
+│   ├── services/           # Service implementations
+│   │   ├── s3/             # FileSystem + SQLite
+│   │   ├── sqs/            # In-memory queues
+│   │   ├── dynamodb/       # BadgerDB
+│   │   ├── lambda/         # SQLite + filesystem (stub runtime)
+│   │   └── iam/            # SQLite (IAM + STS)
+│   ├── dashboard/          # Dashboard REST API + WebSocket
+│   ├── eventbus/           # In-memory event pub/sub
+│   └── storage/            # Shared storage abstractions
+├── web/                    # Next.js dashboard (React, TypeScript, Tailwind)
+├── docker/                 # Dockerfile, docker-compose.yml
+├── smithy-models/          # AWS Smithy JSON model files
+├── tests/compatibility/    # Python/boto3 compatibility tests
+├── docs/                   # Documentation
+├── Makefile
+├── devcloud.yaml           # Default configuration
+└── go.mod
+```
+
+## Startup Flow
+
+1. Load config from `devcloud.yaml` (or specified path)
+2. Initialize structured logger (slog)
+3. Create plugin registry
+4. Register service factories (S3, SQS, DynamoDB, IAM, Lambda)
+5. Initialize services in order: S3 → SQS → DynamoDB → IAM → STS → Lambda
+6. IAM store is shared with STS via plugin config options
+7. Set up event bus, log collector, dashboard API
+8. Create gateway with middleware chain and service router
+9. Start HTTP server on configured port
+10. Wait for shutdown signal (SIGINT/SIGTERM), graceful shutdown with 15s timeout
@@ -0,0 +1,154 @@
+# Configuration
+
+**Configuration is optional.** DevCloud ships with built-in defaults: running `devcloud` with no flags enables all 96 services on port 4747, storing data under `./data/<service>/`. The embedded defaults are compiled into the binary from [`internal/config/default.yaml`](https://github.com/skyoo2003/devcloud/blob/main/internal/config/default.yaml).
+
+To override defaults, provide a YAML file. DevCloud looks for config in this order:
+
+1. `--config <path>` flag (explicit; the file must exist)
+2. `./devcloud.yaml` in the current working directory (auto-detected)
+3. Embedded defaults (used when neither of the above is present)
+
+Environment variables override YAML values for selected keys (see [Environment Variable Overrides](#environment-variable-overrides)).
+
+## Configuration File
+
+### Server
+
+| Key | Default | Description |
+|-----|---------|-------------|
+| `server.port` | `4747` | HTTP server port |
+
+### Services
+
+Each service has the following options:
+
+| Key | Default | Description |
+|-----|---------|-------------|
+| `services.<name>.enabled` | `true` | Enable or disable the service |
+| `services.<name>.data_dir` | varies | Data directory for persistent storage |
+
+Service-specific options:
+
+| Key | Default | Description |
+|-----|---------|-------------|
+| `services.lambda.runtime` | `""` | Lambda runtime configuration |
+| `services.lambda.warm_containers` | `0` | Number of warm containers to keep |
+| `services.iam.enforce_policies` | `false` | Enforce IAM policies (experimental) |
+
+### Auth
+
+| Key | Default | Description |
+|-----|---------|-------------|
+| `auth.enabled` | `false` | Enable SigV4 signature validation |
+
+### Dashboard
+
+| Key | Default | Description |
+|-----|---------|-------------|
+| `dashboard.enabled` | `false` | Enable the web dashboard |
+
+### Logging
+
+| Key | Default | Description |
+|-----|---------|-------------|
+| `logging.level` | `info` | Log level: `debug`, `info`, `warn`, `error` |
+| `logging.format` | `text` | Log format: `text` or `json` |
+
+## Full Example
+
+```yaml
+server:
+  port: 4747
+
+services:
+  s3:
+    enabled: true
+    data_dir: ./data/s3
+  sqs:
+    enabled: true
+  dynamodb:
+    enabled: true
+    data_dir: ./data/dynamodb
+  iam:
+    enabled: true
+    data_dir: ./data/iam
+  sts:
+    enabled: true
+    data_dir: ./data/sts
+  lambda:
+    enabled: true
+    data_dir: ./data/lambda
+
+auth:
+  enabled: false
+
+dashboard:
+  enabled: false
+
+logging:
+  level: info
+  format: text
+```
+
+## Environment Variable Overrides
+
+### `DEVCLOUD_SERVICES`
+
+Comma-separated list of services to enable. All other services listed in the config file are disabled. Accepts individual service names and tier shortcuts.
+
+**Tier shortcuts** (expand to predefined service groups — see [`internal/config/config.go`](https://github.com/skyoo2003/devcloud/blob/main/internal/config/config.go) for the exact list):
+
+| Token | Expands to |
+|-------|------------|
+| `tier1` | Big 6 + core integration: s3, sqs, dynamodb, iam, sts, lambda, sns, kms, secretsmanager, ssm, cloudwatchlogs, cloudwatch, eventbridge, ec2, ecs, ecr, route53, acm |
+| `tier2` | Extended services: cognito, elasticloadbalancingv2, ebs, efs, states, apigateway, apigatewayv2, kinesis, firehose, ses, sesv2, rds, cloudformation |
+| `tier3` | Analytics & platform: elasticache, cloudfront, wafv2, glue, athena, organizations, cloudtrail, eks, autoscaling, appsync, emr, batch |
+| `all` | Disables the env-var filter (all enabled services in the config stay enabled) |
+
+Examples:
+
+```bash
+# Enable only S3 and SQS
+DEVCLOUD_SERVICES=s3,sqs ./dist/devcloud
+
+# Enable all Tier 1 services
+DEVCLOUD_SERVICES=tier1 ./dist/devcloud
+
+# Enable Tier 1 + a few extras
+DEVCLOUD_SERVICES=tier1,kinesis,firehose ./dist/devcloud
+
+# With Docker
+docker run -p 4747:4747 -e DEVCLOUD_SERVICES=tier1 ghcr.io/skyoo2003/devcloud:latest
+```
+
+### `DEVCLOUD_DATA_DIR`
+
+Overrides the base data directory for **all** services. Each service's `data_dir` becomes `<DEVCLOUD_DATA_DIR>/<service_name>` regardless of what's in the YAML file.
+
+```bash
+# Put all service data under /tmp/devcloud-local
+DEVCLOUD_DATA_DIR=/tmp/devcloud-local ./dist/devcloud
+
+# With Docker (mount the host directory)
+docker run -p 4747:4747 \
+  -e DEVCLOUD_DATA_DIR=/app/data \
+  -v $(pwd)/devcloud-data:/app/data \
+  ghcr.io/skyoo2003/devcloud:latest
+```
+
+Useful for:
+- CI jobs that need ephemeral per-run data dirs
+- Quickly relocating state without editing `devcloud.yaml`
+
+## Data Directories
+
+Services with persistent storage create data under their configured `data_dir`:
+
+| Service | Default `data_dir` | Storage Backend | Contents |
+|---------|-------------------|-----------------|----------|
+| S3 | `./data/s3` | Filesystem + SQLite | Object files, `metadata.db` |
+| DynamoDB | `./data/dynamodb` | BadgerDB | BadgerDB data files |
+| IAM | `./data/iam` | SQLite | `iam.db` (users, roles, keys) |
+| STS | `./data/sts` | Shared with IAM | Uses IAM's database |
+| Lambda | `./data/lambda` | SQLite + Filesystem | `lambda.db`, `code/` directory |
+| SQS | — | In-memory | No persistence |