# Codebase Discovery

## Directory Tree

```
Azaion.AdminApi.sln
├── Azaion.AdminApi/          # ASP.NET Core Minimal API (entry point)
│   ├── Program.cs            # App configuration + all endpoint definitions
│   └── BusinessExceptionHandler.cs
├── Azaion.Common/            # Shared library (entities, configs, DB, requests, extensions)
│   ├── Configs/
│   │   ├── ConnectionStrings.cs
│   │   ├── JwtConfig.cs
│   │   └── ResourcesConfig.cs
│   ├── Database/
│   │   ├── AzaionDb.cs
│   │   ├── AzaionDbShemaHolder.cs
│   │   └── DbFactory.cs
│   ├── Entities/
│   │   ├── User.cs           # User, UserConfig, UserQueueOffsets
│   │   └── RoleEnum.cs
│   ├── Extensions/
│   │   ├── EnumExtensions.cs
│   │   ├── QueryableExtensions.cs
│   │   ├── StreamExtensions.cs
│   │   └── StringExtensions.cs
│   ├── Requests/
│   │   ├── GetResourceRequest.cs  # also CheckResourceRequest + validator
│   │   ├── LoginRequest.cs
│   │   ├── RegisterUserRequest.cs # also RegisterUserValidator
│   │   ├── SetHWRequest.cs        # also SetHWRequestValidator
│   │   └── SetUserQueueOffsetsRequest.cs
│   └── BusinessException.cs       # also ExceptionEnum
├── Azaion.Services/          # Business logic layer
│   ├── AuthService.cs        # JWT token creation, current user resolution
│   ├── UserService.cs        # User CRUD, hardware validation, role management
│   ├── ResourcesService.cs   # File storage, encrypted resource delivery
│   ├── Security.cs           # Hashing, AES encryption/decryption
│   └── Cache.cs              # In-memory caching wrapper over LazyCache
├── Azaion.Test/              # xUnit test project
│   ├── UserServiceTest.cs
│   └── SecurityTest.cs
├── env/                      # Infrastructure provisioning scripts
│   ├── db/                   # PostgreSQL setup + schema DDL
│   ├── api/                  # API deployment scripts
│   ├── rabbit/               # RabbitMQ setup (not used by this API)
│   └── cdn/                  # MinIO object storage setup
├── docker.test/              # Placeholder test Dockerfile
├── .woodpecker/              # Woodpecker CI pipeline
│   └── build-arm.yml
├── Dockerfile                # Multi-stage build targeting .NET 10.0
├── deploy.cmd                # Docker build + push to docker.azaion.com
└── .dockerignore
```

## Tech Stack

| Category | Technology | Version / Details |
|----------|-----------|-------------------|
| Language | C# | .NET 10.0 |
| Framework | ASP.NET Core Minimal API | net10.0 SDK |
| Database | PostgreSQL | via linq2db 5.4.1 + Npgsql 10.0.1 |
| Auth | JWT Bearer | Microsoft.AspNetCore.Authentication.JwtBearer 10.0.3 |
| Token Generation | System.IdentityModel.Tokens.Jwt | 7.1.2 |
| Validation | FluentValidation | 11.3.0 (API) / 11.10.0 (Common) |
| Caching | LazyCache | 2.4.0 |
| Logging | Serilog | 4.1.0 (Console + File sinks) |
| API Docs | Swagger / Swashbuckle | 10.1.4 |
| Encryption | AES-256-CBC | System.Security.Cryptography (built-in) |
| Password Hashing | SHA-384 | System.Security.Cryptography (built-in) |
| Serialization | Newtonsoft.Json | 13.0.1 |
| Testing | xUnit 2.9.2 + FluentAssertions 6.12.2 | Microsoft.NET.Test.Sdk 17.11.1 |
| CI/CD | Woodpecker CI | ARM64 build pipeline |
| Container | Docker | Multi-stage, .NET 10.0 base images |
| Container Registry | docker.azaion.com | Private registry |

## Dependency Graph

### Project-Level

```mermaid
graph TD
    Common["Azaion.Common"]
    Services["Azaion.Services"]
    AdminApi["Azaion.AdminApi"]
    Test["Azaion.Test"]

    Services --> Common
    AdminApi --> Common
    AdminApi --> Services
    Test --> Services
```

### Module-Level (Topological Order)

**Tier 0 — Leaf modules (no internal dependencies):**
1. `Common/Extensions/EnumExtensions`
2. `Common/Extensions/StringExtensions`
3. `Common/Extensions/StreamExtensions`
4. `Common/Extensions/QueryableExtensions`
5. `Common/Entities/RoleEnum`
6. `Common/Configs/ConnectionStrings`
7. `Common/Configs/JwtConfig`
8. `Common/Configs/ResourcesConfig`
9. `Common/Requests/LoginRequest`

**Tier 1 — Depends on Tier 0:**
10. `Common/Entities/User` → RoleEnum
11. `Common/BusinessException` → EnumExtensions
12. `Common/Requests/RegisterUserRequest` → RoleEnum, BusinessException
13. `Common/Requests/GetResourceRequest` → BusinessException
14. `Common/Requests/SetHWRequest` → BusinessException

**Tier 2 — Depends on Tier 0-1:**
15. `Common/Requests/SetUserQueueOffsetsRequest` → User
16. `Common/Database/AzaionDb` → User
17. `Common/Database/AzaionDbSchemaHolder` → User, RoleEnum, StringExtensions
18. `Common/Database/DbFactory` → AzaionDb, AzaionDbSchemaHolder, ConnectionStrings

**Tier 3 — Services (depends on Common):**
19. `Services/Security` → (standalone cryptographic utilities)
20. `Services/Cache` → (standalone caching wrapper)
21. `Services/UserService` → DbFactory, User, BusinessException, Security, Cache, QueryableExtensions, Requests
22. `Services/AuthService` → JwtConfig, User, IUserService
23. `Services/ResourcesService` → ResourcesConfig, BusinessException, Security (EncryptTo)

**Tier 4 — API + Exception Handler:**
24. `AdminApi/BusinessExceptionHandler` → BusinessException
25. `AdminApi/Program` → all services, configs, entities, requests (entry point)

**Tier 5 — Tests:**
26. `Test/SecurityTest` → Security, StreamExtensions
27. `Test/UserServiceTest` → UserService, DbFactory, Cache, ConnectionStrings

## Entry Points

- `Azaion.AdminApi/Program.cs` — single API entry point, top-level statements

## Test Structure

- Framework: xUnit
- Location: `Azaion.Test/`
- Tests: `SecurityTest` (encrypt/decrypt round-trip), `UserServiceTest` (hardware hash check against live DB)
- Coverage: minimal — only Security encryption and one UserService integration test