feat: initial commit - set up API Portal with YAML-based deployment

- Add complete AWS API Gateway Developer Portal codebase
- Set up YAML-based deployment configuration (no secrets needed!)
- Configure GitHub Actions workflow with OIDC authentication
- Add dev environment with custom domain portal.aillc.link
- Add production environment template (disabled by default)
- Include branding assets and custom styling
- Add Makefile for easy local development
- Configure project documentation (CLAUDE.md)

This deployment system uses:
- YAML files for all configuration (environments/*.yaml)
- OIDC for secure AWS authentication (no credentials)
- File-based deployment triggers
- Custom domain and TLS support

Co-authored-by: Claude <[email protected]>

Author: svange

.claude/settings.local.json

@@ -0,0 +1,8 @@
+{
+  "permissions": {
+    "allow": [
+      "WebFetch(domain:www.augmentingintegrations.com)"
+    ],
+    "deny": []
+  }
+}

.github/BRANCH_PROTECTION.md

@@ -0,0 +1,188 @@
+# Branch Protection Settings for augint-api
+
+This document outlines the recommended GitHub Repository Ruleset settings for the augint-api serverless Infrastructure as Code (IaC) project.
+
+## Repository Ruleset Configuration
+
+**Navigate to:** Settings → Rules → Rulesets → **Create repository ruleset**
+
+**Note:** This repository uses GitHub's new Repository Rulesets (not classic branch protection rules) for enhanced flexibility and better auto-merge integration.
+
+## Dev Branch Protection Ruleset
+
+Create a ruleset named **"Development Branch Protection"** for auto-merge functionality.
+
+#### Ruleset Settings
+
+**General Settings:**
+- **Ruleset Name**: `Development Branch Protection`
+- **Enforcement Status**: `Active`
+- **Target Branches**: `Include by pattern` → `dev`
+- **Bypass List**:
+  - Add GitHub Apps that need bypass (e.g., `github-actions`)
+  - Add repository administrators for emergency access
+
+#### Protection Rules
+
+✅ **Restrict deletions**
+- Prevents accidental deletion of the dev branch
+
+✅ **Require pull request before merging**
+- **Required number of approvals**: `0` (auto-merge handles this)
+- **Dismiss stale PR approvals when new commits are pushed**: `Yes`
+- **Require review from CODEOWNERS**: `No` (for development speed)
+
+✅ **Require status checks to pass before merging**
+- **Require branches to be up to date before merging**: `Yes`
+- **Required status checks** (exact names from serverless-gitops.yaml):
+  - `Security scanning (SAST, dependencies, licenses)`
+  - `Run unit tests (no infrastructure)`
+  - `Infrastructure validation (SAM validate, cfn-lint)`
+  - `Deploy serverless API`
+  - `Run integration tests (against deployed API)`
+  - `Run E2E tests and smoke tests (all environments)`
+
+✅ **Require conversation resolution before merging**
+- Ensures all discussions are resolved before merge
+
+✅ **Block force pushes**
+- Maintains clean git history and prevents accidental overwrites
+
+#### Advanced Settings
+
+**Bypass permissions:**
+- Repository administrators can bypass in emergencies
+- GitHub Actions can bypass for automated processes
+
+## Main Branch Protection Ruleset
+
+Create a second ruleset named **"Production Branch Protection"** for production releases.
+
+#### Ruleset Settings
+
+**General Settings:**
+- **Ruleset Name**: `Production Branch Protection`
+- **Enforcement Status**: `Active`
+- **Target Branches**: `Include by pattern` → `main`
+
+#### Protection Rules
+
+✅ **Restrict deletions**
+- Prevents accidental deletion of main branch
+
+✅ **Restrict pushes**
+- Only administrators can push directly (emergency situations only)
+
+✅ **Require pull request before merging**
+- **Required number of approvals**: `1` (manual oversight for production)
+- **Dismiss stale PR approvals when new commits are pushed**: `Yes`
+- **Require review from CODEOWNERS**: `Yes`
+
+✅ **Require status checks to pass before merging**
+- **Require branches to be up to date before merging**: `Yes`
+- **Required status checks** (same as dev branch):
+  - `Security scanning (SAST, dependencies, licenses)`
+  - `Run unit tests (no infrastructure)`
+  - `Infrastructure validation (SAM validate, cfn-lint)`
+  - `Deploy serverless API`
+  - `Run integration tests (against deployed API)`
+  - `Run E2E tests and smoke tests (all environments)`
+
+✅ **Require conversation resolution before merging**
+
+✅ **Block force pushes**
+
+## Repository Settings
+
+**Navigate to:** Settings → General → Pull Requests
+
+### Required Settings for Auto-Merge
+
+✅ **Allow auto-merge**
+- Enables GitHub's native auto-merge functionality
+
+✅ **Allow squash merging**
+- Maintains clean commit history (recommended)
+
+❌ **Allow merge commits** (disabled)
+- Prevents noisy merge commits in history
+
+❌ **Allow rebase merging** (disabled)  
+- Reduces merge strategy complexity
+
+✅ **Always suggest updating pull request branches**
+- Helps keep branches up to date
+
+✅ **Automatically delete head branches**
+- Cleans up feature branches after merge
+
+## Status Check Names Reference
+
+The exact status check names that must be configured in the ruleset (from serverless-gitops.yaml):
+
+```yaml
+Required Status Checks:
+- "Security scanning (SAST, dependencies, licenses)"
+- "Run unit tests (no infrastructure)"  
+- "Infrastructure validation (SAM validate, cfn-lint)"
+- "Deploy serverless API"
+- "Run integration tests (against deployed API)"
+- "Run E2E tests and smoke tests (all environments)"
+```
+
+**Important:** Status check names must match exactly as they appear in the GitHub Actions workflow. Any mismatch will prevent auto-merge from working.
+
+## Differences from augint-library
+
+The augint-api project has additional quality gates compared to augint-library due to its Infrastructure as Code (IaC) nature:
+
+| Project | Quality Gates | Additional Requirements |
+|---------|---------------|-------------------------|
+| **augint-library** | 4 gates | Unit tests, security, compliance, pre-commit |
+| **augint-api** | 6 gates | + Infrastructure validation, deployment, integration/E2E tests |
+
+This reflects the higher complexity and risk associated with serverless infrastructure deployment.
+
+## Auto-Merge Integration
+
+The ruleset configuration works seamlessly with the auto-merge job in `serverless-gitops.yaml`:
+
+1. **Development branches** push to GitHub
+2. **Pipeline runs** all 6 quality gates
+3. **Auto-merge job** enables GitHub auto-merge if all gates pass
+4. **GitHub auto-merge** waits for all required status checks
+5. **Automatic merge** happens when all conditions are met
+
+## Troubleshooting
+
+### Common Ruleset Issues
+
+**Auto-merge not working:**
+1. Verify all 6 status checks are configured with exact names
+2. Check that auto-merge is enabled in repository settings
+3. Ensure the development branch is up to date
+4. Confirm the PR targets the `dev` branch
+
+**Status checks not found:**
+1. Check job names in `.github/workflows/serverless-gitops.yaml`
+2. Verify the pipeline has run at least once to establish status checks
+3. Update ruleset with exact status check names from successful pipeline runs
+
+**Emergency access needed:**
+1. Repository administrators can bypass rulesets
+2. Use "Override branch protection" option in PR interface
+3. Document reason for bypass in PR comments
+
+## Validation
+
+To verify your ruleset configuration:
+
+1. Create a test branch: `feat/issue-test-auto-merge`
+2. Make a small change and push
+3. Create PR targeting `dev` branch
+4. Verify all 6 status checks appear and must pass
+5. Confirm auto-merge enables when all checks pass
+
+---
+
+This configuration ensures robust protection for both development and production branches while enabling efficient auto-merge workflows for routine development.

.github/CODEOWNERS

@@ -0,0 +1,3 @@
+# Default: you own everything
+* @svange
+.github/ @svange

.github/FUNDING.yaml

@@ -0,0 +1 @@
+github: [svange]

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,20 @@
+---
+name: "🐛 Bug report"
+about: Report a bug to help improve the project
+title: "[Bug] "
+labels: bug
+assignees: svange
+---
+
+## 🐞 Description
+
+## 📋 Steps to reproduce
+
+## 📈 Expected behavior
+
+## 🖥️ Environment
+
+- OS:
+- Python version:
+
+## Additional context

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,13 @@
+---
+name: "✨ Feature request"
+about: Suggest a new idea or enhancement
+title: "[Feature] "
+labels: enhancement
+assignees: svange
+---
+
+## ✨ Description
+
+## 🚀 Why is this useful?
+
+## 🔗 Related issues or context

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,6 +1,14 @@
-*Issue #, if available:*
+## 🚀 Summary
 
-*Description of changes:*
+<!-- Briefly describe what this PR does -->
 
+## 🔗 Related issues
 
-By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
+<!-- Link to related issues, e.g. Closes #123 -->
+
+## ✅ Checklist
+
+- [ ] Tests added/updated
+- [ ] CI passing
+- [ ] Docs updated (if needed)
+- [ ] Ready for review

.github/SECURITY.md

@@ -0,0 +1,7 @@
+# Security Policy
+
+If you discover a security vulnerability, please report it responsibly.
+
+## How to report
+
+- Please contact the repository owner directly via email or GitHub issues.

.github/dependabot.yaml

@@ -0,0 +1,59 @@
+version: 2
+updates:
+  # GitHub Actions dependencies
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: weekly
+      day: monday
+      time: "09:00"
+    labels:
+      - dependencies
+      - github-actions
+    commit-message:
+      prefix: "ci"
+      include: "scope"
+    pull-request-branch-name:
+      separator: "-"
+    open-pull-requests-limit: 5
+
+  # Python dependencies - AGGRESSIVE for fast testing (daily at 6am UTC)
+  - package-ecosystem: pip
+    directory: /
+    schedule:
+      interval: "daily"  # Keep daily for now, most reliable
+      time: "06:00"
+    labels:
+      - dependencies
+      - python
+    commit-message:
+      prefix: "build"
+      include: "scope"
+    pull-request-branch-name:
+      separator: "-"
+    groups:
+      # Group patch and minor updates together for auto-merge
+      python-minor-patch:
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"
+      # Keep major updates separate for careful review
+      python-major:
+        patterns:
+          - "*"
+        update-types:
+          - "major"
+    open-pull-requests-limit: 2  # Keep it focused for fast testing
+    # Focus on production and main dev dependencies only
+    allow:
+      - dependency-type: "production"
+      - dependency-type: "development"
+    ignore:
+      # Skip security group deps (they have external dependencies causing SSL issues)
+      - dependency-name: "bandit"
+      - dependency-name: "safety"
+      - dependency-name: "pip-audit"
+      - dependency-name: "licensecheck"
+    target-branch: dev  # Enterprise pattern: Dependencies flow through staging first