Add initial framework of configuration.

feat: configuration file system of app.

Note: still work in progress.

docs/architecture.md

@@ -1,22 +1,67 @@
 # Architecture
 
-## Code Layout
+## Layered Design
 
 ```
-main.go              — entrypoint, calls cmd.Execute()
-cmd/                  — cobra commands (root + subcommands)
-internal/             — private application packages
-docs/                 — project documentation
+Handler (Gin handlers)          ← translates HTTP ↔ Service calls
+    ↓
+Service (business logic)        ← orchestrates, authorizes, validates
+    ↓                        ↓
+Repository (GORM data access)   Storage (file I/O)
+    ↓                        ↓
+[SQLite / PostgreSQL]        [Local FS / S3]
 ```
 
-## Packages
+Rules:
+- Handler has no business logic — parse request, call service, write response.
+- Service has no HTTP awareness — operates on domain models and interfaces.
+- Repository abstracts the database; Storage abstracts where bytes live.
+- `internal/server` is the composition root — wires all dependencies together.
 
-| Package | Purpose | Status |
-|---------|---------|--------|
-| `cmd` | CLI command definitions | ✅ skeleton |
-| `internal/config` | Configuration loading and parsing | ⬜ planned |
-| `internal/controllers` | HTTP request handlers | ⬜ planned |
-| `internal/auth` | Authentication (JWT) | ⬜ planned |
-| `internal/storage` | File storage abstraction | ⬜ planned |
+## Package Map
 
-Add new rows as packages are created.
+| Layer | Package | Purpose | Status |
+|-------|---------|---------|--------|
+| **CLI** | `cmd` | Cobra root command | ✅ skeleton |
+| | `cmd/serve.go` | `mygo serve` — wire deps, start HTTP | ⬜ plan |
+| | `cmd/config.go` | `mygo config` — config subcommand | ⬜ plan |
+| | `cmd/status.go` | `mygo status` — health check | ⬜ plan |
+| **Config** | `internal/config` | Viper load (YAML + env + flags) | ⬜ plan |
+| **HTTP** | `internal/server` | Gin engine init, route registration, middleware chain | ⬜ plan |
+| | `internal/handler` | HTTP handlers (auth, file, admin, webdav...) | ⬜ plan |
+| | `internal/middleware` | Gin middleware (requestid, logger, cors, auth) | ⬜ plan |
+| **Business** | `internal/service` | Business logic (auth, file, admin) | ⬜ plan |
+| | `internal/model` | Domain types (User, File, errors) | ⬜ plan |
+| **Data** | `internal/repository` | Repository interfaces + GORM implementations | ⬜ plan |
+| | `internal/storage` | Storage backend interface + local disk impl | ⬜ plan |
+| **Util** | `internal/auth` | JWT sign/verify, context helpers | ⬜ plan |
+| | `internal/api` | JSON response writer, error code helpers | ⬜ plan |
+
+## API Routes (v0)
+
+```
+POST /api/v1/auth/register
+POST /api/v1/auth/login
+POST /api/v1/auth/refresh
+
+GET   /api/v1/users/me
+PATCH /api/v1/users/me
+
+GET    /api/v1/files
+POST   /api/v1/files
+GET    /api/v1/files/:id
+GET    /api/v1/files/:id/content
+PUT    /api/v1/files/:id
+DELETE /api/v1/files/:id
+
+GET    /api/v1/admin/users
+GET    /api/v1/admin/users/:id
+PUT    /api/v1/admin/users/:id
+DELETE /api/v1/admin/users/:id
+```
+
+## Middleware Chain
+
+Applied globally: requestid → logger → cors
+
+Applied to protected groups: auth (JWT validation, inject user into gin.Context)