Documenting

Author: AlchemiistCreative

docs/.vitepress/config.ts

@@ -18,7 +18,6 @@ export default defineConfig({
 
     nav: [
       { text: "Home", link: "/" },
-      { text: "Architecture", link: "/architecture" },
       { text: "API", link: "/api" },
       { text: "Agents", link: "/agents" },
       { text: "GitHub", link: "https://github.com/openhvx" },
@@ -29,17 +28,9 @@ export default defineConfig({
         text: "Getting Started",
         items: [
           { text: "Overview", link: "/index" },
-          { text: "Workflow Example", link: "/workflow-example" }, // 👈 ajouté ici
           { text: "Quick Start", link: "/getting-started" },
-        ],
-      },
-      {
-        text: "Architecture",
-        items: [
-          { text: "High-level Design", link: "/architecture" },
-          { text: "Control Plane", link: "/control-plane" },
-          { text: "Agent Lifecycle", link: "/agent-lifecycle" },
-          { text: "Inventory Merge Logic", link: "/inventory-merge" },
+          { text: "Workflow Example", link: "/workflow-example" },
+          { text: "Environment variables", link: "/environment-variables" },
         ],
       },
       {
@@ -50,14 +41,6 @@ export default defineConfig({
           { text: "Errors", link: "/errors" },
         ],
       },
-      {
-        text: "Agents",
-        items: [
-          { text: "Overview", link: "/agents" },
-          { text: "Hyper-V Agent", link: "/agents/hyperv" },
-          { text: "Tasks & Inventory", link: "/agents/tasks" },
-        ],
-      },
       {
         text: "Contributing",
         items: [

docs/environment-variables.md

@@ -0,0 +1,85 @@
+### 3. Environment Variables
+
+Each service has its own `.env` file:
+
+| Service      | File              | Description                    |
+| ------------ | ----------------- | ------------------------------ |
+| Auth Service | `.env.auth`       | JWT and Mongo configuration    |
+| API Gateway  | `.env.gateway`    | HTTP gateway + CORS            |
+| Controller   | `.env.controller` | Core logic, RabbitMQ, MongoDB  |
+| WS Broker    | `.env.ws`         | WebSocket broker configuration |
+
+---
+
+### 🧩 Example configuration
+
+#### **WS Broker**
+
+| Variable             | Example               | Description                     |
+| -------------------- | --------------------- | ------------------------------- |
+| `PORT`               | `8081`                | HTTP port exposed by the broker |
+| `JWT_AGENT_SECRET`   | `supersecret_agent`   | Token for agent auth            |
+| `JWT_BROWSER_SECRET` | `supersecret_browser` | Token for browser sessions      |
+
+---
+
+#### **API Gateway**
+
+| Variable         | Example                                       | Description                         |
+| ---------------- | --------------------------------------------- | ----------------------------------- |
+| `PORT`           | `8080`                                        | API Gateway port                    |
+| `AUTH_URL`       | `http://auth:4000`                            | Internal service URL for Auth       |
+| `CONTROLLER_URL` | `http://controller:3000`                      | Internal service URL for Controller |
+| `CORS_ORIGIN`    | `http://localhost:5173,http://127.0.0.1:5173` | Allowed origins for web UI          |
+| `BROKER_URL`     | `http://ws-broker:8081`                       | Internal URL to WebSocket broker    |
+
+---
+
+#### **Controller**
+
+| Variable             | Example                             | Description                     |
+| -------------------- | ----------------------------------- | ------------------------------- |
+| `PORT`               | `3000`                              | HTTP port for Controller        |
+| `CORS_ORIGIN`        | `*`                                 | Allowed origins                 |
+| `LOG_LEVEL`          | `info`                              | Logging verbosity               |
+| `MONGO_URL`          | `mongodb://mongo:27017/hvwm`        | Mongo connection string         |
+| `MONGO_DB`           | `openhvx`                           | Database name                   |
+| `RMQ_URL`            | `amqp://guest:guest@rabbitmq:5672/` | RabbitMQ connection             |
+| `JOBS_EXCHANGE`      | `jobs`                              | Exchange for async jobs         |
+| `TELEMETRY_EXCHANGE` | `agent.telemetry`                   | Exchange for telemetry          |
+| `RESULTS_EXCHANGE`   | `results`                           | Exchange for agent task results |
+| `HEARTBEATS_QUEUE`   | `agent.heartbeats`                  | Queue for agent heartbeats      |
+| `HEARTBEATS_TTL_MS`  | `120000`                            | Heartbeat timeout (ms)          |
+| `INVENTORIES_QUEUE`  | `agent.inventories`                 | Queue for agent inventories     |
+| `RESULTS_QUEUE`      | `results.controller`                | Queue consumed by controller    |
+| `RESULTS_BINDING`    | `results.*`                         | Routing key pattern             |
+| `AGENT_STALE_MS`     | `120000`                            | Delay to mark agent as offline  |
+| `IMAGES_INDEX_PATH`  | `/share/_index/images.json`         | Path to shared image index      |
+| `JWT_AGENT_SECRET`   | `supersecret_agent`                 | JWT secret for agents           |
+| `JWT_BROWSER_SECRET` | `supersecret_browser`               | JWT secret for browsers         |
+| `PUBLIC_WS_BASE`     | `wss://console.openhvx.local/api`   | Browser WebSocket endpoint      |
+| `BROKER_WS_BASE`     | `wss://ws.openhvx.local`            | Direct agent WebSocket endpoint |
+
+---
+
+#### **Auth Service**
+
+| Variable             | Example                           | Description                 |
+| -------------------- | --------------------------------- | --------------------------- |
+| `PORT`               | `4000`                            | HTTP port                   |
+| `MONGO_URL`          | `mongodb://mongo:27017/hvwm_auth` | Auth DB connection          |
+| `JWT_SECRET`         | `change-me`                       | Main signing secret         |
+| `JWT_EXPIRES`        | `8h`                              | Default token lifetime      |
+| `AUTH_DEBUG`         | `true`                            | Enable verbose logs         |
+| `JWT_TENANT_ISS`     | `auth-service/tenant`             | JWT issuer (tenant)         |
+| `JWT_TENANT_AUD`     | `api://tenant`                    | JWT audience (tenant)       |
+| `JWT_TENANT_SECRET`  | `example_secret`                  | Tenant token secret         |
+| `JWT_TENANT_EXPIRES` | `8h`                              | Tenant token lifetime       |
+| `JWT_ADMIN_ISS`      | `auth-service/admin`              | JWT issuer (admin)          |
+| `JWT_ADMIN_AUD`      | `api://admin`                     | JWT audience (admin)        |
+| `JWT_ADMIN_SECRET`   | `example_secret`                  | Admin token secret          |
+| `JWT_ADMIN_EXPIRES`  | `30m`                             | Admin token lifetime        |
+| `REGISTER_ENABLED`   | `true`                            | Allow new user registration |
+| `REGISTER_API_KEY`   | `example_api_key`                 | Optional registration key   |
+
+---

docs/getting-started.md

@@ -0,0 +1,102 @@
+# Getting Started (Developer Preview)
+
+> ⚠️ **Active Development:** OpenHVX is not production‑ready. This guide targets **contributors and early testers**.
+
+## Prerequisites
+
+- Windows host with **Hyper‑V** (for Agent tests)
+- **Docker/Podman & Docker Compose**
+- **Node.js 20+** and **npm**
+- **Go 1.21+** (to build Agent tools)
+
+---
+
+## Quick Start (Backend)
+
+```bash
+# 1) Clone
+git clone https://github.com/openhvx/openhvx-backend.git
+cd openhvx-backend
+Pour cette partie, comment on fait le lien?
+# 2) Env
+Create and fill env files (.env.auth, .env.controller, .env.gateway, .env.ws)
+All variables and examples are documented in [Environment variables](https://openhvx.org/docs/environment-variables.html).
+
+# 3) Run services
+docker compose up -d
+
+```
+
+---
+
+## Build Agent Tools (Windows helpers)
+
+These binaries are required by the PowerShell Agent to create cloud‑init ISOs and to bridge serial consoles.
+
+**Layout:**
+
+```
+/tools/
+  cloudinit-iso/
+    src/     # Go project
+  serial-bridge/
+    src/     # Go project
+/src/powershell/bin/   # ← final target for the built .exe files
+```
+
+Use the provided **Makefile**:
+
+```bash
+# From repo root
+make agent-bin
+```
+
+This will:
+
+1. Build Go projects in `/tools/cloudinit-iso/src` and `/tools/serial-bridge/src`
+2. Place the resulting binaries into `/src/powershell/bin`
+
+> If you build manually, ensure you build `src/` first, then the tools, then move outputs to `/src/powershell/bin`.
+
+---
+
+## Running the Agent (on a Hyper‑V host)
+
+1. Copy the folder `src/powershell/` and its `bin/` subfolder (containing the built `.exe`) to the Windows host.
+2. Open an elevated PowerShell.
+3. Create and configure the **config.json** file with your environment.
+
+### Example `config.json`
+
+```json
+{
+  "agentId": "HOST-HVX-TEST-001",
+  "rabbitmqUrl": "amqp://guest:guest@10.0.0.15:5672/",
+  "heartbeatIntervalSec": 30,
+  "inventoryIntervalSec": 90,
+  "basePath": "D:\\VM-REPO",
+  "capabilities": [
+    "inventory",
+    "vm.power",
+    "vm.create",
+    "vm.delete",
+    "console",
+    "vm.edit"
+  ]
+}
+```
+
+### Start the Agent
+
+```powershell
+# Example (adapt to your parameters)
+# .\openhvx-agent.exe
+```
+
+---
+
+## Next Steps
+
+- Read: **Overview → Architecture & Features**
+- Contribute: open issues/PRs on GitHub: [https://github.com/openhvx](https://github.com/openhvx)
+- Roadmap & known limitations: _(coming soon)_

docs/index.md

@@ -1 +1,46 @@
-# Work in Progress
+# Overview
+
+OpenHVX is an open-source orchestration platform for **multi-tenant Hyper-V infrastructures**. It provides a unified control plane to manage virtual machines, quotas, and networking across distributed hosts, built on a lightweight and modular design.
+
+> ⚠️ **Active Development Notice:** OpenHVX is under active development and not yet production-ready.
+> Expect rapid iteration and potential breaking changes between releases.
+> Community testing and contributions are highly encouraged!
+
+---
+
+## Architecture
+
+OpenHVX separates orchestration and execution into clear layers.
+
+The architecture is divided into four functional layers:
+
+### Architecture Diagram
+
+![Architecture Diagram Placeholder](/assets/schema.openhvx.dark.png)
+
+- **Control Plane:** Includes the API Gateway, Authentication Service, Controller, Quota Service, WS-Broker (console tunneling), MongoDB, and RabbitMQ. It handles orchestration logic, workflows, multi-tenancy and quota enforcement.
+- **Data Plane:** Consists of lightweight PowerShell Agents running on Hyper-V hosts. Agents execute tasks, collect inventory, and stream console sessions.
+- **Integration Plane:** Manages tenant networking and routing through the Network Orchestrator (VyOS API, IPAM).
+- **Storage Layer:** SMB/NFS repositories store public and tenant-specific VM images.
+
+The design emphasizes **asynchronous communication**, **tenant isolation**, and **extensibility** through modular services.
+
+---
+
+## Features
+
+- **VM Lifecycle:** Create, edit, clone, and manage VMs with cloud-init and console access via WS-Broker.
+- **Quotas:** Per-tenant CPU, RAM, storage, and VM limits with atomic reservation (hold → execute → release).
+- **Multi-Tenancy:** Logical separation of compute, storage, and network resources per tenant.
+- **Networking:** Automated provisioning via VyOS API and IPAM integration for NAT, routing, and isolation. (Still under development)
+- **Authentication:** Admin and tenant login flows with JWT tokens and different audiences.
+- **Agents:** Lightweight, host-based agents for secure orchestration and telemetry.
+- **Extensible:** Modular microservice architecture, event-driven.
+
+---
+
+### 🤝 Contributing
+
+We welcome contributions from the community! Whether it’s documentation improvements, feature suggestions, or bug reports — every input helps make OpenHVX better. Visit the [GitHub organization](https://github.com/openhvx) to get started.
+
+> **Built for Hyper-V. Driven by automation. Empowered by simplicity.**

docs/workflow-example.md

@@ -27,16 +27,18 @@ Authorization: Bearer <JWT>
 ```
 
 ### Gateway actions
-1. **Validate JWT** using the appropriate audience (`tenant` or `admin`) via the **Auth Service**, depending on the host (`api.` or `api-admin.`).  
-2. **Check roles and scopes** according to the request domain.  
-3. Run **anti-spoofing and policy checks** (e.g., tenant ID consistency).  
+
+1. **Validate JWT** using the appropriate audience (`tenant` or `admin`) via the **Auth Service**, depending on the host (`api.` or `api-admin.`).
+2. **Check roles and scopes** according to the request domain.
+3. Run **anti-spoofing and policy checks** (e.g., tenant ID consistency).
 4. **Proxy the request** to the **Controller** service at `controller:[PORT]/api/admin/tasks`.
 
 ---
 
 ## 2. API Gateway → Controller
 
 ### Middleware & context setup
+
 - **accessMode middleware**: sets `req.isAdmin = true|false`.
 - **Envelope validation**: ensures presence of `kind`, `refId`, and `target`.
 - **Schema pre-validation**: uses `src/lib/schemas/task.js` (per action, e.g. `vm.create`).
@@ -50,6 +52,7 @@ Authorization: Bearer <JWT>
 ## 3. Agent Selection & Ownership
 
 The **Controller** performs **agent election** based on:
+
 - Agent heartbeat freshness.
 - Available resources (CPU, RAM, storage).
 - Advertised capabilities (`vm.create`, `network.*`, etc.).
@@ -61,6 +64,7 @@ If the selected agent already satisfies capability and availability requirements
 ## 4. Payload Enrichment
 
 **Controller** enriches and normalizes the incoming payload through `src/lib/enrich.js (vm.create)`:
+
 - Sets default values for RAM, CPU, and storage.
 - Ensures proper image ID and generation type.
 - Adds default `cloud-init` configuration when missing.
@@ -69,16 +73,16 @@ If the selected agent already satisfies capability and availability requirements
 
 ## 5. Quota Reservation
 
-1. Compute **resource deltas** (vCPU, RAM, storage).  
-2. Perform a **quota hold** with TTL to reserve capacity temporarily.  
-3. If limits are exceeded → respond with `ERR_QUOTA_EXCEEDED`.  
+1. Compute **resource deltas** (vCPU, RAM, storage).
+2. Perform a **quota hold** with TTL to reserve capacity temporarily.
+3. If limits are exceeded → respond with `ERR_QUOTA_EXCEEDED`.
 4. If successful → continue with persistence and dispatch.
 
 ---
 
 ## 6. Task Persistence & Dispatch
 
-- Persist the new Task document in MongoDB with `status: "sent"`.  
+- Persist the new Task document in MongoDB with `status: "sent"`.
 - Publish the message to RabbitMQ:
 
   ```
@@ -109,34 +113,36 @@ If the selected agent already satisfies capability and availability requirements
 ## 8. Result Handling
 
 The **Controller** consumes results from the `results` exchange:
+
 - Updates the Task document with final status (`SUCCESS` or `FAILED`).
 - Stores logs and execution metadata.
 
 Depending on the result:
-- **Success** → consume the quota hold (commit resources).  
+
+- **Success** → consume the quota hold (commit resources).
 - **Failure** → release the quota hold (rollback).
 
 ---
 
 ## 9. Resource Linking
 
-- Link the newly created VM to the corresponding **TenantResource** entry.  
+- Link the newly created VM to the corresponding **TenantResource** entry.
 
 ---
 
 ## ✅ Summary (High-Level Flow)
 
-| Step | Service | Description |
-|------|----------|-------------|
-| 1 | API Gateway | Auth, scopes, anti-spoofing, proxy |
-| 2 | Controller | Envelope & schema validation |
-| 3 | Controller | Agent election & ownership checks |
-| 4 | Controller | Payload enrichment |
-| 5 | Controller | Quota hold reservation |
-| 6 | Controller + MQ | Persist and publish task to agent queue |
-| 7 | Agent | Execute PowerShell script on Hyper-V |
-| 8 | Controller | Process result and adjust quota |
-| 9 | Controller | Link resources |
+| Step | Service         | Description                             |
+| ---- | --------------- | --------------------------------------- |
+| 1    | API Gateway     | Auth, scopes, anti-spoofing, proxy      |
+| 2    | Controller      | Envelope & schema validation            |
+| 3    | Controller      | Agent election & ownership checks       |
+| 4    | Controller      | Payload enrichment & normalization      |
+| 5    | Controller      | Quota hold reservation                  |
+| 6    | Controller + MQ | Persist and publish task to agent queue |
+| 7    | Agent           | Execute PowerShell script on Hyper-V    |
+| 8    | Controller      | Process result and adjust quota         |
+| 9    | Controller      | Link resources                          |
 
 ---