feat: Enhance README documentation with security best practices and configuration injection details across all packages

Author: Smilefounder

README.md

@@ -10,6 +10,8 @@ Modular, framework-agnostic SDK for Mixcore projects. Built with TypeScript and
 - **TypeScript-first**: Full type safety and autocompletion
 - **Framework-agnostic**: Works with any JavaScript framework
 - **Production-ready**: Well-tested and documented
+- **Secure by design**: Configuration injection prevents hardcoded secrets
+- **Extensible**: Plugin/adapter architecture for custom implementations
 
 ## Packages
 
@@ -32,18 +34,49 @@ Modular, framework-agnostic SDK for Mixcore projects. Built with TypeScript and
 npm install @mixcore/api @mixcore/database # or whichever packages you need
 ```
 
-### Usage Example
+### SDK Initialization
 
 ```typescript
+import { createMixcoreSdk } from '@mixcore/api';
 import { ApiService } from '@mixcore/api';
 import { ModuleDataService } from '@mixcore/database';
 
-const api = new ApiService({ apiBaseUrl: 'https://api.mixcore.net' });
-const dataService = new ModuleDataService({ api });
-
-// Use services...
+// Initialize SDK with configuration
+const sdk = createMixcoreSdk(
+  { apiBaseUrl: 'https://api.mixcore.net' },
+  {
+    api: new ApiService({ apiBaseUrl: 'https://api.mixcore.net' }),
+    database: new ModuleDataService({ api: new ApiService({ apiBaseUrl: 'https://api.mixcore.net' }) })
+    // Add other domain services as needed
+  }
+);
+
+// Use services through SDK instance
+const data = await sdk.database.fetchDataItems('module-id');
 ```
 
+### Security Note
+
+- Never hardcode secrets in your application
+- Always inject configuration (API keys, URLs) at runtime
+- Use environment variables for sensitive values
+
+## API Reference
+
+### Core SDK Methods
+
+| Method | Parameters | Returns | Description |
+|--------|------------|---------|-------------|
+| `createMixcoreSdk` | `config: MixcoreSdkConfig`, `services: MixcoreSdkOptions` | `MixcoreSdkInstance` | Creates configured SDK instance |
+
+### Configuration Options
+
+| Option | Type | Required | Description |
+|--------|------|----------|-------------|
+| `apiBaseUrl` | string | Yes | Base URL for API requests |
+| `apiKey` | string | No | API key for authentication |
+| `timeout` | number | No | Request timeout in ms |
+
 ## Development
 
 ### Prerequisites
@@ -71,6 +104,8 @@ pnpm build
 pnpm test
 ```
 
+Test coverage reports are generated in `coverage/` directory.
+
 ## Contributing
 
 Contributions welcome! Please see our [Contribution Guidelines](CONTRIBUTING.md).

packages/api/README.md

@@ -9,6 +9,8 @@ API clients and endpoint wrappers for Mixcore SDK. Provides typed HTTP clients f
 - Built-in error handling
 - Support for authentication headers
 - Promise-based async operations
+- Secure configuration injection
+- Framework-agnostic implementation
 
 ## Installation
 
@@ -27,50 +29,56 @@ import { ApiService } from '@mixcore/api';
 
 const api = new ApiService({
   apiBaseUrl: 'https://api.mixcore.net',
-  apiKey: 'your-api-key' // optional
+  apiKey: process.env.MIXCORE_API_KEY // Never hardcode secrets!
 });
 
 // Make API requests
 const response = await api.get('/some-endpoint');
 ```
 
+### SDK Entrypoint
+
+```typescript
+import { createMixcoreSdk } from '@mixcore/api';
+
+const sdk = createMixcoreSdk(
+  { apiBaseUrl: 'https://api.mixcore.net' },
+  {
+    api: new ApiService({ apiBaseUrl: 'https://api.mixcore.net' })
+  }
+);
+```
+
 ### Configuration Options
 
-| Option | Type | Description |
-|--------|------|-------------|
-| apiBaseUrl | string | Base URL for API requests |
-| apiKey? | string | API key for authentication |
-| timeout? | number | Request timeout in ms |
+| Option | Type | Required | Description |
+|--------|------|----------|-------------|
+| apiBaseUrl | string | Yes | Base URL for API requests |
+| apiKey? | string | No | API key for authentication |
+| timeout? | number | No | Request timeout in ms |
 
-### Authentication
+### Security Note
 
-```typescript
-// With API key
-const api = new ApiService({
-  apiBaseUrl: 'https://api.mixcore.net',
-  apiKey: 'your-api-key-here'
-});
+- Never hardcode API keys or secrets in your code
+- Always inject configuration at runtime
+- Use environment variables for sensitive values
 
-// Requests will include Authorization: Bearer header
-```
+## API Reference
 
-## Error Handling
+### ApiService Methods
 
-The API client throws structured errors for:
+| Method | Parameters | Returns | Description |
+|--------|------------|---------|-------------|
+| get | `endpoint: string`, `params?: Record<string, any>` | `Promise<ApiResult>` | Makes GET request |
+| post | `endpoint: string`, `data: any`, `options?: { isFormData?: boolean }` | `Promise<ApiResult>` | Makes POST request |
+| delete | `endpoint: string` | `Promise<ApiResult>` | Makes DELETE request |
 
-- Network failures
-- Invalid responses (non-2xx status codes)
-- Timeouts
+## Testing
 
-```typescript
-try {
-  await api.get('/some-endpoint');
-} catch (error) {
-  console.error('API request failed:', error.message);
-  if (error.response) {
-    console.error('Status:', error.response.status);
-  }
-}
+Test coverage reports are generated in `coverage/` directory when running:
+
+```bash
+pnpm test
 ```
 
 ## Related Packages

packages/base/README.md

@@ -8,6 +8,7 @@ Mixcore SDK base abstractions. Provides core TypeScript classes and interfaces f
 - **BaseRestService**: REST API client base class
 - **Injectable configuration**: Flexible service configuration
 - **Framework-agnostic**: No UI/SPA dependencies
+- **Secure by design**: Configuration injection prevents hardcoded secrets
 
 ## Installation
 
@@ -37,39 +38,39 @@ class MyService extends BaseService {
 }
 ```
 
-### Using BaseRestService
+### Security Note
 
-```typescript
-import { BaseRestService } from '@mixcore/base';
+- Never hardcode secrets in configuration
+- Always inject configuration at runtime
+- Use environment variables for sensitive values
 
-class MyRestService extends BaseRestService {
-  constructor(baseUrl: string) {
-    super({ apiBaseUrl: baseUrl });
-  }
+## API Reference
 
-  async fetchItems() {
-    return this.get('/items');
-  }
-}
-```
+### BaseService Methods
 
-## API Reference
+| Method | Parameters | Returns | Description |
+|--------|------------|---------|-------------|
+| execute | `fn: () => Promise<T>` | `Promise<T>` | Wraps operations with error handling |
+| getConfig | None | `ConfigType` | Returns current configuration |
+
+### BaseRestService Methods
+
+| Method | Parameters | Returns | Description |
+|--------|------------|---------|-------------|
+| get | `path: string`, `params?: Record<string, any>` | `Promise<ApiResult>` | Makes GET request |
+| post | `path: string`, `data: any`, `options?: { isFormData?: boolean }` | `Promise<ApiResult>` | Makes POST request |
+| put | `path: string`, `data: any` | `Promise<ApiResult>` | Makes PUT request |
+| delete | `path: string` | `Promise<ApiResult>` | Makes DELETE request |
 
-### BaseService
+## Testing
 
-| Method | Description |
-|--------|-------------|
-| `execute(fn)` | Wraps operations with error handling |
-| `getConfig()` | Returns current configuration |
+Test coverage reports are generated in `coverage/` directory when running:
 
-### BaseRestService
+```bash
+pnpm test
+```
 
-| Method | Description |
-|--------|-------------|
-| `get(path)` | Makes GET request |
-| `post(path, data)` | Makes POST request |
-| `put(path, data)` | Makes PUT request |
-| `delete(path)` | Makes DELETE request |
+See test files in `tests/` directory for implementation details.
 
 ## Related Packages
 

packages/config/README.md

@@ -9,6 +9,7 @@ Configuration management services for Mixcore SDK. Provides loading, validation
 - Schema validation
 - Environment variable support
 - Hot-reloading for development
+- Secure by design: Prevents hardcoded secrets
 
 ## Installation
 
@@ -27,47 +28,51 @@ import { ConfigurationServices } from '@mixcore/config';
 
 const configService = new ConfigurationServices();
 
-// Load config from default location
-const config = await configService.loadConfiguration();
+// Load config from environment variables
+const config = await configService.loadConfiguration({
+  apiBaseUrl: process.env.MIXCORE_API_URL,
+  apiKey: process.env.MIXCORE_API_KEY // Never hardcode secrets!
+});
 
 // Access config values
 console.log(config.apiBaseUrl);
 ```
 
-### Custom Configuration Path
+### Security Best Practices
 
-```typescript
-const config = await configService.loadConfiguration('/path/to/config.json');
-```
-
-### Environment Variables
-
-Configuration values can be overridden by environment variables prefixed with `MIXCORE_`:
-
-```bash
-MIXCORE_API_BASE_URL=https://api.mixcore.net npm start
-```
+- Never commit configuration files with secrets
+- Use environment variables for sensitive values
+- Validate configuration schema in production
+- Rotate secrets regularly
 
 ## Configuration Schema
 
-The expected configuration format:
-
 ```typescript
 interface AppConfig {
-  apiBaseUrl: string;
-  apiKey?: string;
-  debug?: boolean;
+  apiBaseUrl: string; // Required
+  apiKey?: string; // Optional
+  debug?: boolean; // Optional
   // ...other app-specific settings
 }
 ```
 
 ## API Reference
 
-| Method | Description |
-|--------|-------------|
-| `loadConfiguration(path?)` | Loads and validates config |
-| `getConfig()` | Returns current config |
-| `watchForChanges()` | Enables hot-reloading |
+| Method | Parameters | Returns | Description |
+|--------|------------|---------|-------------|
+| loadConfiguration | `config?: Partial<AppConfig>` | `Promise<AppConfig>` | Loads and validates config |
+| getConfig | None | `AppConfig` | Returns current config |
+| watchForChanges | None | `void` | Enables hot-reloading |
+
+## Testing
+
+Test coverage reports are generated in `coverage/` directory when running:
+
+```bash
+pnpm test
+```
+
+See test files in `tests/` directory for implementation details.
 
 ## Related Packages
 

packages/database/README.md

@@ -8,6 +8,7 @@ Database domain services and types for Mixcore SDK. Provides data access, queryi
 - TypeScript interfaces for database models
 - Data validation and transformation
 - Modular service architecture
+- Secure configuration injection
 
 ## Installation
 
@@ -22,25 +23,51 @@ pnpm add @mixcore/database
 ### Basic Example
 
 ```typescript
+import { createMixcoreSdk } from '@mixcore/api';
 import { ModuleDataService } from '@mixcore/database';
-import { ApiService } from '@mixcore/api';
 
-const api = new ApiService({ apiBaseUrl: 'https://api.mixcore.net' });
-const dataService = new ModuleDataService({ api });
+const sdk = createMixcoreSdk(
+  { apiBaseUrl: 'https://api.mixcore.net' },
+  {
+    database: new ModuleDataService({
+      api: new ApiService({
+        apiBaseUrl: 'https://api.mixcore.net',
+        apiKey: process.env.MIXCORE_API_KEY // Never hardcode secrets!
+      })
+    })
+  }
+);
 
 // Fetch data items
-const result = await dataService.fetchDataItems('module-id');
+const result = await sdk.database.fetchDataItems('module-id');
 ```
 
-### Services
+### Security Note
 
-- `ModuleDataService`: Core data operations
-- `MixDatabaseDataRestPortalService`: Portal-specific data services
-- `RelatedAttributeDataRestPortalService`: Related attribute services
+- Never hardcode API keys or secrets
+- Always inject configuration at runtime
+- Use environment variables for sensitive values
 
 ## API Reference
 
-See [API Documentation](API.md) for detailed method signatures and types.
+### ModuleDataService Methods
+
+| Method | Parameters | Returns | Description |
+|--------|------------|---------|-------------|
+| fetchDataItems | `moduleId: string`, `options?: FetchOptions` | `Promise<DataItem[]>` | Fetches data items for module |
+| createDataItem | `moduleId: string`, `data: DataItem` | `Promise<DataItem>` | Creates new data item |
+| updateDataItem | `moduleId: string`, `id: string`, `data: Partial<DataItem>` | `Promise<DataItem>` | Updates existing data item |
+| deleteDataItem | `moduleId: string`, `id: string` | `Promise<void>` | Deletes data item |
+
+## Testing
+
+Test coverage reports are generated in `coverage/` directory when running:
+
+```bash
+pnpm test
+```
+
+See individual test files in `tests/` directory for implementation details.
 
 ## Related Packages