Update README.md to provide a comprehensive overview of The Order monorepo, including repository structure, quickstart guide, development workflow, and contribution guidelines.

infra/gateways/README.md

@@ -0,0 +1,45 @@
+# API Gateway Configuration
+
+Configuration for API gateway, proxy, and WAF.
+
+## Components
+
+- **NGINX** - Reverse proxy and load balancer
+- **API Gateway** - Cloud provider API gateway (AWS API Gateway, GCP API Gateway, etc.)
+- **WAF** - Web Application Firewall rules
+
+## Configuration Files
+
+- `nginx.conf` - NGINX configuration
+- `api-gateway.yaml` - API Gateway configuration (cloud-specific)
+- `waf-rules.yaml` - WAF rules configuration
+
+## Features
+
+- Rate limiting
+- Request routing
+- SSL/TLS termination
+- Authentication/Authorization
+- Request/Response transformation
+- Logging and monitoring
+
+## Policies
+
+- OPA (Open Policy Agent) policies in `policies/` directory
+- Rate limiting policies
+- Access control policies
+- Data validation policies
+
+## Usage
+
+```bash
+# Deploy NGINX configuration
+kubectl apply -f nginx-configmap.yaml
+
+# Update API Gateway
+# (Cloud provider specific commands)
+
+# Apply WAF rules
+# (Cloud provider specific commands)
+```
+

infra/gateways/nginx.conf

@@ -0,0 +1,74 @@
+# NGINX configuration for API Gateway
+# This is a template - customize for your needs
+
+upstream intake {
+    server intake-service:4001;
+}
+
+upstream identity {
+    server identity-service:4002;
+}
+
+upstream finance {
+    server finance-service:4003;
+}
+
+upstream dataroom {
+    server dataroom-service:4004;
+}
+
+server {
+    listen 80;
+    server_name api.the-order.local;
+
+    # Rate limiting
+    limit_req_zone $binary_remote_addr zone=api_limit:10m rate=10r/s;
+
+    # Intake service
+    location /api/intake/ {
+        limit_req zone=api_limit burst=20 nodelay;
+        proxy_pass http://intake/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    # Identity service
+    location /api/identity/ {
+        limit_req zone=api_limit burst=20 nodelay;
+        proxy_pass http://identity/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    # Finance service
+    location /api/finance/ {
+        limit_req zone=api_limit burst=20 nodelay;
+        proxy_pass http://finance/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    # Dataroom service
+    location /api/dataroom/ {
+        limit_req zone=api_limit burst=20 nodelay;
+        proxy_pass http://dataroom/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    # Health check
+    location /health {
+        access_log off;
+        return 200 "healthy\n";
+        add_header Content-Type text/plain;
+    }
+}
+