feat: add comprehensive documentation for project setup, architecture, and troubleshooting

Author: rahim-jr

client/README.md

@@ -13,16 +13,15 @@ Visit [http://localhost:3000](http://localhost:3000)
 
 ## Documentation
 
-All documentation has been moved to the [`docs/`](./docs/) folder:
-
-- **[Quick Start Guide](./docs/QUICKSTART.md)** - Get up and running in 3 steps
-- **[README](./docs/README.md)** - Full project documentation
-- **[Migration Guide](./docs/MIGRATION.md)** - Vite to Next.js migration details
-- **[Upgrade Steps](./docs/UPGRADE_STEPS.md)** - Step-by-step upgrade instructions
-- **[Architecture Overview](./docs/ARCHITECTURE.md)** - Before/after architecture comparison
-- **[Migration Summary](./docs/MIGRATION_SUMMARY.md)** - Technical migration details
-- **[Migration Complete](./docs/MIGRATION_COMPLETE.md)** - Migration completion checklist
-- **[Verification Checklist](./docs/VERIFICATION_CHECKLIST.md)** - Testing checklist
+Project documentation is in the shared root [`docs/`](../docs/) folder:
+
+- **[Docs Home](../docs/README.md)**
+- **[Quick Start](../docs/QUICKSTART.md)**
+- **[Product Guide](../docs/PRODUCT_GUIDE.md)**
+- **[Architecture](../docs/ARCHITECTURE.md)**
+- **[Technical Reference](../docs/TECHNICAL_REFERENCE.md)**
+- **[Engineering Practices](../docs/ENGINEERING_PRACTICES.md)**
+- **[Troubleshooting](../docs/TROUBLESHOOTING.md)**
 
 ## Tech Stack
 

docs/ARCHITECTURE.md

@@ -0,0 +1,102 @@
+# Architecture
+
+## High-Level System
+
+```mermaid
+flowchart LR
+  U[Browser] --> C[Next.js Client App]
+  C --> SA[Next.js Server Actions]
+  SA --> GH[GitHub REST + GraphQL APIs]
+  C --> OA[Express OAuth Service]
+  OA --> GHO[GitHub OAuth Endpoints]
+```
+
+## Services
+
+### Frontend (`client/`)
+
+- Framework: Next.js App Router + React
+- Responsibilities:
+  - UI rendering
+  - Auth flow initiation and callback handling
+  - Server actions for GitHub data read/write
+  - Route protection via middleware
+
+### OAuth Service (`server/`)
+
+- Framework: Express
+- Responsibilities:
+  - Return safe OAuth config (`/api/auth/config`)
+  - Exchange OAuth code for token (`/api/auth/exchange`)
+  - Fetch GitHub user profile during exchange
+
+## Authentication Flow
+
+```mermaid
+sequenceDiagram
+  participant B as Browser
+  participant N as Next.js Client
+  participant S as Express OAuth Server
+  participant G as GitHub
+
+  B->>N: Click "Sign in with GitHub"
+  N->>S: GET /api/auth/config
+  S-->>N: client_id, redirect_uri
+  N->>G: Redirect to /login/oauth/authorize (PKCE + state)
+  G-->>B: Redirect to /auth/callback?code=...&state=...
+  B->>N: Load callback page
+  N->>S: POST /api/auth/exchange (code, verifier)
+  S->>G: Exchange code for token
+  S->>G: Fetch /user
+  S-->>N: access_token + user
+  N->>N: Set httpOnly auth cookie via server action
+  N-->>B: Redirect to /workspace
+```
+
+## Runtime Request Patterns
+
+### Read Path
+
+1. UI component calls server action in `client/app/actions/github.ts`
+2. Action calls `githubReadJson` (`client/lib/github/server.ts`)
+3. Wrapper adds GitHub auth headers and caching policy
+4. Response is mapped to app types in `client/lib/github/mappers.ts`
+5. UI renders normalized data
+
+### Write Path
+
+1. UI component calls server action in `client/app/actions/issues.ts`
+2. Action calls `githubWriteJson` with no-store cache
+3. On success, action calls `revalidateTag('github')`
+4. Updated entity is returned and local UI state is patched
+
+### Linked Pull Request Lookup
+
+- Issue list batches lookups by repository
+- GraphQL query uses `issueOrPullRequest(number: ...)`
+- Non-issue nodes are ignored to avoid failures on PR numbers
+
+## Caching Model
+
+- Read calls default to `revalidate: 60` seconds and tag `github`
+- Write calls are always `no-store`
+- Mutations trigger cache invalidation via `revalidateTag('github')`
+
+## Route Segmentation
+
+- Public routes: `client/app/(public)/...`
+- Authenticated workspace: `client/app/(auth)/...`
+- Middleware enforces token presence for `/workspace`
+
+## Error Handling
+
+- Client actions normalize user-facing messages with `getErrorMessage`
+- Errors are reported through `reportClientError` telemetry utility
+- Workspace has dedicated `loading` and `error` boundaries
+
+## Security Notes
+
+- Access token stored in `httpOnly` cookie
+- OAuth `state` and PKCE verifier validated on callback
+- Session reset route clears auth cookies and performs safe redirect
+- OAuth server validates redirect URI mismatch attempts

docs/ENGINEERING_PRACTICES.md

@@ -0,0 +1,69 @@
+# Engineering Practices
+
+## Engineering Principles
+
+- Favor clarity over cleverness.
+- Keep side effects isolated.
+- Prefer typed boundaries between layers.
+- Keep UI, API wrapper, and mapper responsibilities separate.
+
+## Branch and PR Workflow
+
+1. Create a focused feature branch.
+2. Keep PR scope small and reviewable.
+3. Include problem statement and validation steps in PR description.
+4. Update docs in the same PR when behavior changes.
+
+## Code Quality Standards
+
+- TypeScript strict mode is enabled in both services.
+- Preserve file/module boundaries:
+  - UI components do not call raw GitHub APIs directly.
+  - Server actions orchestrate read/write operations.
+  - Mapping layer normalizes external payloads.
+- Handle async failures with explicit error messages and telemetry hooks.
+
+## Validation Before Merge
+
+Minimum local checks:
+
+```bash
+# Client
+cd client
+npx tsc --noEmit
+
+# Server
+cd ../server
+npx tsc --noEmit
+```
+
+Optional checks:
+
+- `client`: `npm run lint` (requires ESLint setup in this repo)
+- `server`: `npm run lint` (if lint config is present)
+
+## Documentation Standards
+
+- Every docs page should include:
+  - clear purpose
+  - expected audience
+  - concrete steps or references
+- Avoid stale references; verify paths and commands.
+- Prefer examples with real repo paths and routes.
+
+## Change Management Checklist
+
+When changing behavior, verify if updates are needed in:
+
+- `docs/QUICKSTART.md`
+- `docs/ARCHITECTURE.md`
+- `docs/TECHNICAL_REFERENCE.md`
+- `docs/TROUBLESHOOTING.md`
+
+## Security and Privacy Checklist
+
+- Never commit secrets (`.env`, access tokens).
+- Keep tokens in server-managed cookies only.
+- Validate redirect URIs and OAuth state.
+- Avoid exposing internal errors directly in user-facing messages.
+

docs/PRODUCT_GUIDE.md

@@ -0,0 +1,69 @@
+# Product Guide
+
+## What This Project Is
+
+NesOHQ Issue Tracker is a web workspace for managing GitHub issues across repositories from one interface.
+
+It focuses on:
+
+- Fast issue discovery
+- Lightweight editing
+- Clear context (labels, assignees, linked pull requests)
+
+## Core User Workflows
+
+### 1. Sign In
+
+- User clicks GitHub sign-in.
+- User completes OAuth consent on GitHub.
+- User returns to workspace with authenticated session.
+
+### 2. Browse Repositories
+
+- Sidebar lists accessible repositories.
+- User can search repositories.
+- User can pin frequently used repositories.
+
+### 3. Find Issues
+
+- Filter by issue state (`open`, `closed`, `all`)
+- Search issues by query
+- Load additional pages of results
+
+### 4. Create a New Issue
+
+- Choose repository
+- Enter title and body (markdown supported)
+- Apply labels
+- Submit issue to GitHub
+
+### 5. Update an Existing Issue
+
+- Edit title
+- Edit description/body
+- Toggle labels
+- Close/Reopen issue
+
+### 6. Review Linked Pull Requests
+
+Linked PR statuses are shown with clear visual state:
+
+- Open or new: green
+- Failed (closed without merge): red
+- Merged: purple
+
+## Permission Model
+
+The app uses the signed-in GitHub user's token. All visible repositories and writable actions are constrained by that user's GitHub permissions.
+
+## Current Feature Boundaries
+
+- Assignees are currently display-only (no assign/unassign control in UI)
+- No custom issue templates
+- No built-in analytics dashboard in this repo (client telemetry hooks exist)
+
+## Primary Value
+
+- Reduce context switching between repositories
+- Keep issue triage and updates fast
+- Provide a consistent editing experience over GitHub issue APIs

docs/QUICKSTART.md

@@ -0,0 +1,88 @@
+# Quickstart
+
+This guide gets the full stack running locally:
+
+- Next.js frontend (`client`, port `3000`)
+- Express OAuth service (`server`, port `3001`)
+
+## Prerequisites
+
+- Node.js `22.x`
+- npm `10+`
+- A GitHub OAuth App (for login flow)
+
+## 1. Configure Environment Variables
+
+### Server
+
+Copy the template:
+
+```bash
+cp server/.env.example server/.env
+```
+
+Set required values in `server/.env`:
+
+- `GH_CLIENT_ID`
+- `GH_CLIENT_SECRET`
+
+Optional but recommended:
+
+- `GH_REDIRECT_URI=http://localhost:3000/auth/callback`
+- `CORS_ORIGIN=http://localhost:3000`
+
+### Client
+
+Copy the template:
+
+```bash
+cp client/.env.local.example client/.env.local
+```
+
+Set:
+
+- `NEXT_PUBLIC_API_URL=http://localhost:3001`
+
+## 2. Install Dependencies
+
+```bash
+cd server && npm install
+cd ../client && npm install
+```
+
+## 3. Start Services
+
+Run in two terminals:
+
+Terminal 1:
+
+```bash
+cd server
+npm run dev
+```
+
+Terminal 2:
+
+```bash
+cd client
+npm run dev
+```
+
+Open: `http://localhost:3000`
+
+## 4. Smoke Test Checklist
+
+1. Home page renders sign-in UI.
+2. Click `Sign in with GitHub`.
+3. OAuth callback returns to `/auth/callback`.
+4. You are redirected to `/workspace`.
+5. Repositories and issues load.
+6. Create or edit an issue to verify write path.
+
+## Common Setup Notes
+
+- If sign-in fails immediately, verify `GH_CLIENT_ID` and `GH_CLIENT_SECRET`.
+- If callback fails, verify OAuth app callback URL and `GH_REDIRECT_URI` alignment.
+- If `/api` calls fail with CORS errors, set `CORS_ORIGIN` to frontend origin.
+- `client/public/config.js` can override API base URL at runtime for deployed builds.
+