Merge pull request #2117 from OWASP/copilot/fix-2116

docs: Add comprehensive documentation for AI agent efficiency

Author: commjoen

CONTRIBUTING.md

@@ -7,6 +7,7 @@ This document describes how you can contribute to WrongSecrets. Please read it c
 
 **Table of Contents**
 
+-   [Quick Start for Contributors](#quick-start-for-contributors)
 -   [How to Contribute to the Project](#how-to-contribute-to-the-project)
 -   [How to set up your Contributor Environment](#how-to-set-up-your-contributor-environment)
 -   [How to get your PR Accepted](#how-to-get-your-pr-accepted)
@@ -16,6 +17,77 @@ This document describes how you can contribute to WrongSecrets. Please read it c
     -   [Pictorial Guide on how to get started with the project in IntelliJ IDEA](#How-to-get-started-with-the-project-in-IntelliJ-IDEA)
 -   [How to add a Challenge](#how-to-add-a-challenge)
 
+## Quick Start for Contributors
+
+New to the project? Get up and running quickly with these essential steps:
+
+### 🚀 Immediate Setup (5 minutes)
+
+```bash
+# 1. Clone the repository
+git clone https://github.com/OWASP/wrongsecrets.git
+cd wrongsecrets
+
+# 2. Build and verify everything works
+./mvnw clean compile
+./mvnw test -Dtest=ChallengesControllerTest
+
+# 3. Run the application locally
+./mvnw spring-boot:run
+# Visit http://localhost:8080 to see the app running
+```
+
+### 📚 Essential Reading (10 minutes)
+
+Before diving in, familiarize yourself with:
+
+1. **[Architecture Overview](docs/ARCHITECTURE_OVERVIEW.md)** - Project structure and key components
+2. **[Development Patterns](docs/DEVELOPMENT_PATTERNS.md)** - Code patterns and conventions
+3. **[How to add a Challenge](#how-to-add-a-challenge)** (this document) - Challenge creation guide
+
+### 🛠️ Development Workflow
+
+1. **Check existing issues** - Look for `help wanted` or `good first issue` labels
+2. **Create a feature branch** - `git checkout -b feature/your-feature-name`
+3. **Make small, focused changes** - Follow the patterns in existing code
+4. **Test your changes** - Run relevant tests before submitting
+5. **Submit a PR** - Include clear description and link to related issue
+
+### 🔧 Common Development Commands
+
+```bash
+# Build and test
+./mvnw clean compile test
+
+# Run specific test
+./mvnw test -Dtest=Challenge44Test
+
+# Run with specific profile
+./mvnw spring-boot:run -Dspring.profiles.active=docker
+
+# Check code style
+./mvnw checkstyle:check
+
+# Format code (if pre-commit hooks configured)
+pre-commit run --all-files
+```
+
+### 💡 Quick Tips
+
+- **Challenges are in** `src/main/java/org/owasp/wrongsecrets/challenges/`
+- **Tests mirror source structure** in `src/test/java/`
+- **Most challenges extend** `FixedAnswerChallenge` for simple cases
+- **Use existing patterns** - check similar challenges for guidance
+- **Environment detection** is handled automatically via `RuntimeEnvironment`
+
+### 🆘 Getting Help
+
+- **Slack**: Join the OWASP Slack and find the #project-wrongsecrets channel
+- **GitHub Discussions**: Ask questions in the repository discussions
+- **Issues**: Comment on existing issues or create new ones for questions
+
+---
+
 ## How to Contribute to the project
 
 There are a couple of ways on how you can contribute to the project:

docs/ARCHITECTURE_OVERVIEW.md

@@ -0,0 +1,160 @@
+# Architecture Overview
+
+This document provides a quick reference for understanding the WrongSecrets project structure, testing patterns, build process, and key configuration files.
+
+## Project Structure
+
+### Core Package Organization
+
+```
+src/main/java/org/owasp/wrongsecrets/
+├── challenges/                    # Challenge implementations and controllers
+│   ├── cloud/                    # Cloud provider specific challenges (AWS, GCP, Azure)
+│   ├── docker/                   # Docker-based challenges
+│   ├── kubernetes/               # Kubernetes and Vault challenges
+│   ├── Challenge.java            # Core challenge interface
+│   ├── FixedAnswerChallenge.java # Abstract class for static answer challenges
+│   └── ChallengesController.java # REST API endpoints for challenges
+├── oauth/                        # OAuth authentication components
+├── asciidoc/                     # Documentation generation utilities
+├── canaries/                     # Security canary implementations
+├── definitions/                  # Challenge definitions and metadata
+└── [Core Application Files]      # Main application, security config, etc.
+```
+
+### Key Responsibilities by Package
+
+- **`challenges/`** - All challenge logic, grouped by deployment technology
+- **`oauth/`** - GitHub OAuth integration for user authentication
+- **`asciidoc/`** - AsciiDoc documentation generation and processing
+- **`canaries/`** - Security monitoring and detection mechanisms
+- **`definitions/`** - Challenge metadata, descriptions, and configuration
+
+## Testing Patterns
+
+### Test Organization
+
+```
+src/test/java/org/owasp/wrongsecrets/
+├── challenges/                   # Challenge-specific unit tests
+│   ├── cloud/                   # Cloud challenge tests
+│   ├── docker/                  # Docker challenge tests
+│   └── kubernetes/              # Kubernetes challenge tests
+├── ChallengesControllerTest.java # API endpoint tests
+├── SecurityConfigTest.java      # Security configuration tests
+└── [Other Component Tests]      # Individual component unit tests
+```
+
+### Test Types
+
+1. **Unit Tests** - Individual challenge logic testing (74+ test files)
+2. **Integration Tests** - Controller and API endpoint testing
+3. **E2E Tests** - Cypress tests in `src/test/e2e/cypress/`
+4. **Container Tests** - Docker and Kubernetes deployment validation
+
+### Test Naming Convention
+
+- Challenge tests: `Challenge[Number]Test.java` (e.g., `Challenge44Test.java`)
+- Controller tests: `[Controller]Test.java` (e.g., `ChallengesControllerTest.java`)
+- Component tests: `[Component]Test.java`
+
+## Build Process Overview
+
+### Maven → Docker Workflow
+
+1. **Maven Build** (`pom.xml`)
+   - Spring Boot 3.x application
+   - Dependencies managed through Spring Boot parent POM
+   - Plugins: AsciiDoctor, Checkstyle, PMD, SpotBugs
+
+2. **Docker Images**
+   - `Dockerfile` - Main application container
+   - `Dockerfile.web` - Web-only variant (no vault dependencies)
+   - `Dockerfile_webdesktop` - Desktop application variant
+   - `Dockerfile_webdesktopk8s` - Kubernetes desktop variant
+
+3. **Build Commands**
+   ```bash
+   ./mvnw clean compile           # Compile sources
+   ./mvnw test                    # Run unit tests
+   ./mvnw package                 # Create JAR
+   docker build -t wrongsecrets . # Build container
+   ```
+
+### Version Management
+
+- Version defined in `pom.xml` and synchronized across Dockerfiles
+- Automated version extraction in GitHub Actions
+- Snapshot versions for development, release versions for production
+
+## Key Configuration Files
+
+### Application Configuration
+
+| File | Purpose |
+|------|---------|
+| `pom.xml` | Maven build configuration, dependencies, plugins |
+| `src/main/resources/application.properties` | Spring Boot application configuration |
+| `config/fbctf.yml` | Facebook CTF integration configuration |
+
+### Code Quality & Standards
+
+| File | Purpose |
+|------|---------|
+| `config/checkstyle/` | Java code style rules and enforcement |
+| `config/zap/` | OWASP ZAP security scanning configuration |
+| `.pre-commit-config.yaml` | Pre-commit hooks for code quality |
+| `eslint.config.mjs` | JavaScript/TypeScript linting rules |
+
+### CI/CD Configuration
+
+| File | Purpose |
+|------|---------|
+| `.github/workflows/` | GitHub Actions workflow definitions |
+| `renovate.json` | Automated dependency updates |
+| `commitlint.config.js` | Commit message format enforcement |
+
+### Deployment Configuration
+
+| File | Purpose |
+|------|---------|
+| `heroku.yml` | Heroku deployment configuration |
+| `fly.toml` | Fly.io deployment configuration |
+| `render.yaml` | Render.com deployment configuration |
+| `app.json` | Heroku app configuration |
+| `k8s/` | Kubernetes deployment manifests |
+
+### Platform-Specific
+
+| Directory | Purpose |
+|-----------|---------|
+| `aws/` | AWS-specific deployment files and documentation |
+| `gcp/` | Google Cloud Platform deployment configuration |
+| `azure/` | Microsoft Azure deployment setup |
+| `okteto/` | Okteto Kubernetes platform configuration |
+
+## Development Environment Setup
+
+### Prerequisites
+
+- Java 21+
+- Maven 3.8+
+- Docker
+- Node.js (for frontend dependencies)
+
+### Quick Setup
+
+```bash
+# Clone and build
+git clone <repository>
+cd wrongsecrets
+./mvnw clean compile
+
+# Run locally
+./mvnw spring-boot:run
+
+# Run tests
+./mvnw test
+```
+
+For detailed setup instructions, see [CONTRIBUTING.md](../CONTRIBUTING.md).