docs: initialize project wiki with architecture and request flow documentation and add MIT license

Author: codewithme-py

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 FairDrop
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Makefile

@@ -1,6 +1,10 @@
 HOST ?= http://localhost:8080
+HOST_DIRECT ?= http://localhost:8000
 
 .PHONY: stress-test oversell-test orders-test mixed-test ratelimit-test s3-test
+.PHONY: stress-test-direct oversell-test-direct orders-test-direct mixed-test-direct ratelimit-test-direct s3-test-direct
+
+# === Through nginx gateway (port 8080) ===
 
 stress-test:
 	uv run locust \
@@ -56,3 +60,60 @@ s3-test:
 		--spawn-rate 10 \
 		--run-time 20s \
 		--host $(HOST)
+
+# === Direct to FastAPI, bypassing nginx (port 8000) ===
+
+stress-test-direct:
+	uv run locust \
+		-f load_tests/locustfile.py \
+		--headless \
+		--users 500 \
+		--spawn-rate 100 \
+		--run-time 60s \
+		--host $(HOST_DIRECT)
+
+oversell-test-direct:
+	DB_HOST=localhost uv run python scripts/seed_oversell_product.py
+	uv run locust \
+		-f load_tests/locustfile_oversell.py \
+		--headless \
+		--users 100 \
+		--spawn-rate 50 \
+		--run-time 60s \
+		--host $(HOST_DIRECT)
+
+orders-test-direct:
+	uv run locust \
+		-f load_tests/locustfile_orders.py \
+		--headless \
+		--users 100 \
+		--spawn-rate 50 \
+		--run-time 60s \
+		--host $(HOST_DIRECT)
+
+mixed-test-direct:
+	uv run locust \
+		-f load_tests/locustfile_mixed.py \
+		--headless \
+		--users 100 \
+		--spawn-rate 50 \
+		--run-time 60s \
+		--host $(HOST_DIRECT)
+
+ratelimit-test-direct:
+	uv run locust \
+		-f load_tests/locustfile_ratelimit.py \
+		--headless \
+		--users 1 \
+		--spawn-rate 1 \
+		--run-time 15s \
+		--host $(HOST_DIRECT)
+
+s3-test-direct:
+	uv run locust \
+		-f load_tests/locustfile_s3.py \
+		--headless \
+		--users 50 \
+		--spawn-rate 10 \
+		--run-time 20s \
+		--host $(HOST_DIRECT)

README.md

@@ -0,0 +1,77 @@
+# System Architecture
+
+FairDrop uses a modular monolith architecture with nginx gateway, async FastAPI services, PostgreSQL, Redis, MinIO, and ARQ workers.
+
+```mermaid
+flowchart TB
+    User["Client B2B"]
+    Attacker["Botnet"]
+    NginxHost["Nginx 20rps"]
+    NginxDocker["Nginx proxy"]
+    UserAPI["user module"]
+    BuyerAPI["buyer_user module"]
+    SellerAPI["seller_user module"]
+    ExternalAPI["external module"]
+    InvAPI["inventory module"]
+    OrderAPI["orders module"]
+    MediaAPI["media module"]
+    Worker["ARQ worker"]
+    Postgres[("PostgreSQL 15")]
+    Redis[("Redis")]
+    MinIO[("MinIO S3")]
+    Prometheus["Prometheus"]
+    Grafana["Grafana"]
+
+    User --> NginxHost
+    Attacker --> NginxHost
+    NginxHost --> NginxDocker
+    NginxDocker --> UserAPI
+    NginxDocker --> BuyerAPI
+    NginxDocker --> SellerAPI
+    NginxDocker --> ExternalAPI
+    NginxDocker --> InvAPI
+    NginxDocker --> OrderAPI
+    NginxDocker --> MediaAPI
+
+    UserAPI --> Redis
+    BuyerAPI --> Redis
+    SellerAPI --> Redis
+    ExternalAPI --> Redis
+    InvAPI --> Redis
+    OrderAPI --> Redis
+    MediaAPI --> Redis
+
+    UserAPI --> Postgres
+    BuyerAPI --> Postgres
+    SellerAPI --> Postgres
+    ExternalAPI --> Postgres
+    InvAPI --> Postgres
+    OrderAPI --> Postgres
+    MediaAPI --> Postgres
+
+    Worker --> Redis
+    Worker --> Postgres
+
+    MediaAPI -.-> User
+    User -.-> MinIO
+    MinIO -.-> MediaAPI
+    Worker -.-> Postgres
+    Worker -.-> MinIO
+    UserAPI -.-> Prometheus
+    InvAPI -.-> Prometheus
+    OrderAPI -.-> Prometheus
+    MediaAPI -.-> Prometheus
+    Prometheus --> Grafana
+```
+
+## Components
+
+| Layer | Component | Description |
+|---|---|---|
+| **Perimeter** | Nginx Gateway | Rate limiting 20r/s, IP whitelist for webhooks |
+| **App** | FastAPI | 8 modules: user, buyer_user, seller_user, external, inventory, orders, media, payments |
+| **Background** | ARQ Worker | Cron cleanup expired reservations, image sanitization |
+| **Storage** | PostgreSQL 15 | Async SQLAlchemy, pool 200+ |
+| **Cache** | Redis | Lua rate limiting, ARQ queues, idempotency keys |
+| **Storage** | MinIO S3 | Object storage for media |
+| **Monitoring** | Prometheus + Grafana | Metrics via prometheus-fastapi-instrumentator |

docs/wiki/Architecture.md

@@ -0,0 +1,20 @@
+# FairDrop Wiki
+
+Welcome to the FairDrop documentation wiki. This project is a B2B/B2C dropshipping platform with async modular monolith architecture.
+
+## Navigation
+
+| Page | Description |
+|---|---|
+| [Architecture](Architecture) | System architecture diagram |
+| [Request Flow](Request-Flow) | Inventory reservation flow |
+
+## License
+
+This project is licensed under the [MIT License](https://github.com/codewithme-py/FairDrop/blob/main/LICENSE).
+
+## Quick Links
+
+- [Source Code](https://github.com/codewithme-py/FairDrop)
+- [README](https://github.com/codewithme-py/FairDrop#readme)
+- [Actions](https://github.com/codewithme-py/FairDrop/actions)

docs/wiki/Home.md

@@ -0,0 +1,71 @@
+# Request Flow — Inventory Reservation
+
+Sequence diagram showing the complete inventory reservation flow including rate limiting, idempotency, and ARQ cleanup.
+
+```mermaid
+sequenceDiagram
+    autonumber
+    participant C as Client
+    participant N as Nginx Gateway
+    participant A as FastAPI App
+    participant R as Redis
+    participant DB as Postgres
+
+    Note over C,N: Rate Limiting Nginx layer
+    C->>N: POST /api/v1/inventory/reserve
+    N->>N: limit_req_zone 20r/s global
+    alt Rate exceeded at Nginx
+        N-->>C: 429 Too Many Requests
+    else OK
+        N->>A: Forward to app port 8000
+    end
+
+    Note over A,R: Rate Limiting Lua layer
+    A->>R: Lua script per-user and global
+    R-->>A: OK limit not reached
+
+    Note over A,R: Idempotency check
+    A->>R: GET idempotency key 24h TTL
+    alt Key exists
+        R-->>A: Return cached response
+        A-->>C: 200 OK cached
+    else
+        A->>R: SET idempotency key
+    end
+
+    Note over A,DB: Reserve transaction
+    A->>DB: BEGIN Transaction
+    A->>DB: SELECT Product FOR UPDATE
+    alt Stock Available
+        A->>DB: INSERT Reservation status PENDING expires 15 min
+        A->>DB: UPDATE Product qty_available minus qty_reserved
+        A->>DB: COMMIT Transaction
+        A->>R: Cache response
+        A-->>C: 201 Created reserved 15 min
+    else Out of Stock
+        A->>DB: ROLLBACK
+        A-->>C: 409 Conflict Sold Out
+    end
+
+    Note over A,DB: ARQ Worker cleanup expired reservations
+    loop Cron every 60 seconds
+        A->>DB: SELECT Reservation status PENDING expired
+        alt Found expired
+            A->>DB: FOR UPDATE Reservation plus Product
+            A->>DB: Product.qty_available plus Reservation.qty_reserved
+            A->>DB: Reservation.status equals EXPIRED
+            opt order_id is set
+                A->>DB: cancel_order_by_system
+            end
+            A->>DB: COMMIT
+        end
+    end
+```
+
+## Flow Steps
+
+1. **Nginx rate limit** — global 20r/s filter at gateway level
+2. **Lua rate limit** — per-user 10 RPS + global 1000 RPS in Redis
+3. **Idempotency check** — Redis cache with 24h TTL prevents duplicate orders
+4. **Reserve transaction** — `SELECT FOR UPDATE` locks product row, creates PENDING reservation for 15 min
+5. **ARQ cleanup** — cron job runs every 60 seconds, releases expired reservations and returns stock

docs/wiki/Request-Flow.md

@@ -0,0 +1,9 @@
+# FairDrop Wiki
+
+- [[Home| Home]]
+- [[Architecture| System Architecture]]
+- [[Request-Flow| Request Flow]]
+
+---
+
+[View Source Code](https://github.com/codewithme-py/FairDrop)

docs/wiki/_Sidebar.md

@@ -0,0 +1,77 @@
+# System Architecture
+
+FairDrop uses a modular monolith architecture with nginx gateway, async FastAPI services, PostgreSQL, Redis, MinIO, and ARQ workers.
+
+```mermaid
+flowchart TB
+    User["Client B2B"]
+    Attacker["Botnet"]
+    NginxHost["Nginx 20rps"]
+    NginxDocker["Nginx proxy"]
+    UserAPI["user module"]
+    BuyerAPI["buyer_user module"]
+    SellerAPI["seller_user module"]
+    ExternalAPI["external module"]
+    InvAPI["inventory module"]
+    OrderAPI["orders module"]
+    MediaAPI["media module"]
+    Worker["ARQ worker"]
+    Postgres[("PostgreSQL 15")]
+    Redis[("Redis")]
+    MinIO[("MinIO S3")]
+    Prometheus["Prometheus"]
+    Grafana["Grafana"]
+
+    User --> NginxHost
+    Attacker --> NginxHost
+    NginxHost --> NginxDocker
+    NginxDocker --> UserAPI
+    NginxDocker --> BuyerAPI
+    NginxDocker --> SellerAPI
+    NginxDocker --> ExternalAPI
+    NginxDocker --> InvAPI
+    NginxDocker --> OrderAPI
+    NginxDocker --> MediaAPI
+
+    UserAPI --> Redis
+    BuyerAPI --> Redis
+    SellerAPI --> Redis
+    ExternalAPI --> Redis
+    InvAPI --> Redis
+    OrderAPI --> Redis
+    MediaAPI --> Redis
+
+    UserAPI --> Postgres
+    BuyerAPI --> Postgres
+    SellerAPI --> Postgres
+    ExternalAPI --> Postgres
+    InvAPI --> Postgres
+    OrderAPI --> Postgres
+    MediaAPI --> Postgres
+
+    Worker --> Redis
+    Worker --> Postgres
+
+    MediaAPI -.-> User
+    User -.-> MinIO
+    MinIO -.-> MediaAPI
+    Worker -.-> Postgres
+    Worker -.-> MinIO
+    UserAPI -.-> Prometheus
+    InvAPI -.-> Prometheus
+    OrderAPI -.-> Prometheus
+    MediaAPI -.-> Prometheus
+    Prometheus --> Grafana
+```
+
+## Components
+
+| Layer | Component | Description |
+|---|---|---|
+| **Perimeter** | Nginx Gateway | Rate limiting 20r/s, IP whitelist for webhooks |
+| **App** | FastAPI | 8 modules: user, buyer_user, seller_user, external, inventory, orders, media, payments |
+| **Background** | ARQ Worker | Cron cleanup expired reservations, image sanitization |
+| **Storage** | PostgreSQL 15 | Async SQLAlchemy, pool 200+ |
+| **Cache** | Redis | Lua rate limiting, ARQ queues, idempotency keys |
+| **Storage** | MinIO S3 | Object storage for media |
+| **Monitoring** | Prometheus + Grafana | Metrics via prometheus-fastapi-instrumentator |

wiki/Architecture.md

@@ -0,0 +1,20 @@
+# FairDrop Wiki
+
+Welcome to the FairDrop documentation wiki. This project is a B2B/B2C dropshipping platform with async modular monolith architecture.
+
+## Navigation
+
+| Page | Description |
+|---|---|
+| [Architecture](Architecture) | System architecture diagram |
+| [Request Flow](Request-Flow) | Inventory reservation flow |
+
+## License
+
+This project is licensed under the [MIT License](https://github.com/codewithme-py/FairDrop/blob/main/LICENSE).
+
+## Quick Links
+
+- [Source Code](https://github.com/codewithme-py/FairDrop)
+- [README](https://github.com/codewithme-py/FairDrop#readme)
+- [Actions](https://github.com/codewithme-py/FairDrop/actions)