Add platform standardization demo scenario (api-server module)

eat: add api-server module for platform standardization demo

- New educational risk scenario: c5.large → t3.large instance swap
- Demonstrates how compliance-driven changes can introduce hidden risks
- Includes demo-app (React) with compliance dashboard UI
- "Open in Editor" links to github.dev for seamless demo flow
- Infrastructure: EC2, ALB, IAM, CloudWatch alarms, security groups

The scenario shows Overmind catching CPU credit risks that
traditional tools miss when instance specs look identical.

Author: jameslaneovermind

main.tf

@@ -384,3 +384,17 @@ module "heritage" {
   message_size_breach_lambda_memory  = var.message_size_breach_lambda_memory
   message_size_breach_retention_days = var.message_size_breach_retention_days
 }
+
+# API Server
+module "api_server" {
+  source = "./modules/api-server"
+
+  enabled       = true
+  instance_type = "c5.large"
+
+  vpc_id         = module.baseline.vpc_id
+  public_subnets = module.baseline.public_subnets
+  ami_id         = module.baseline.ami_id
+
+  name_prefix = "api"
+}

modules/api-server/README.md

@@ -0,0 +1,71 @@
+# API Server Module - Platform Standardization Demo
+
+> Learn how standardizing on a single instance family can introduce hidden risks when workload characteristics aren't considered.
+
+## 🎬 Demo Flow
+
+### 1. Open Compliance Dashboard
+Launch the demo app at your Vercel URL or run locally:
+```bash
+cd demo-app && npm install && npm run dev
+```
+
+### 2. View the Auto-Created Ticket
+- Dashboard shows 97.9% compliance, 1 non-compliant instance
+- Click **"View Ticket"** → Opens ticket INFRA-4721
+- Notice: "Standard Change - no CAB approval required"
+
+### 3. Click "Open in Editor"
+- In **Related Resources**, click **"Open in Editor"**
+- Opens github.dev directly at line 389 of `main.tf`
+
+### 4. Make the Change
+Change the instance type:
+```diff
+- instance_type = "c5.large"
++ instance_type = "t3.large"
+```
+
+### 5. Create PR & Watch Overmind
+```bash
+git checkout -b align-platform-standards
+git commit -am "Align API server with t3 platform standards"
+git push origin align-platform-standards
+```
+Overmind analyzes the PR and catches the hidden risk.
+
+## 🎯 The Scenario
+
+| What the Engineer Sees | What Actually Happens |
+|------------------------|----------------------|
+| c5.large → t3.large | Compute-optimized → Burstable |
+| Same specs (2 vCPU, 4GB) | Different CPU models |
+| "Standard change" | Performance drops to 30% after ~1 hour |
+
+**The trap**: Both instances look identical on paper, but t3 uses CPU credits. At 70% sustained CPU, credits exhaust and performance collapses.
+
+## 🔍 What Overmind Catches
+
+1. **Blast Radius** - ALB, target groups, alarms, security groups
+2. **Educational Risk** - Explains CPU credit behavior
+3. **Impact Analysis** - Predicts performance degradation
+
+## 💰 Cost Management
+
+| State | Cost |
+|-------|------|
+| Running | ~$79/month |
+| Stopped | ~$0.60/month (EBS only) |
+
+```bash
+# Stop between demos
+aws ec2 stop-instances --instance-ids $(terraform output -raw api_server_instance_id)
+
+# Destroy when done  
+terraform destroy -target=module.api_server
+```
+
+## 📖 Learn More
+
+- [T3 CPU Credits](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-credits-baseline-concepts.html)
+- [C5 vs T3 Instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/compute-optimized-instances.html)

modules/api-server/demo-app/.gitignore

@@ -0,0 +1,24 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+pnpm-debug.log*
+lerna-debug.log*
+
+node_modules
+dist
+dist-ssr
+*.local
+
+# Editor directories and files
+.vscode/*
+!.vscode/extensions.json
+.idea
+.DS_Store
+*.suo
+*.ntvs*
+*.njsproj
+*.sln
+*.sw?

modules/api-server/demo-app/README.md

@@ -0,0 +1,73 @@
+# Welcome to your Lovable project
+
+## Project info
+
+**URL**: https://lovable.dev/projects/REPLACE_WITH_PROJECT_ID
+
+## How can I edit this code?
+
+There are several ways of editing your application.
+
+**Use Lovable**
+
+Simply visit the [Lovable Project](https://lovable.dev/projects/REPLACE_WITH_PROJECT_ID) and start prompting.
+
+Changes made via Lovable will be committed automatically to this repo.
+
+**Use your preferred IDE**
+
+If you want to work locally using your own IDE, you can clone this repo and push changes. Pushed changes will also be reflected in Lovable.
+
+The only requirement is having Node.js & npm installed - [install with nvm](https://github.com/nvm-sh/nvm#installing-and-updating)
+
+Follow these steps:
+
+```sh
+# Step 1: Clone the repository using the project's Git URL.
+git clone <YOUR_GIT_URL>
+
+# Step 2: Navigate to the project directory.
+cd <YOUR_PROJECT_NAME>
+
+# Step 3: Install the necessary dependencies.
+npm i
+
+# Step 4: Start the development server with auto-reloading and an instant preview.
+npm run dev
+```
+
+**Edit a file directly in GitHub**
+
+- Navigate to the desired file(s).
+- Click the "Edit" button (pencil icon) at the top right of the file view.
+- Make your changes and commit the changes.
+
+**Use GitHub Codespaces**
+
+- Navigate to the main page of your repository.
+- Click on the "Code" button (green button) near the top right.
+- Select the "Codespaces" tab.
+- Click on "New codespace" to launch a new Codespace environment.
+- Edit files directly within the Codespace and commit and push your changes once you're done.
+
+## What technologies are used for this project?
+
+This project is built with:
+
+- Vite
+- TypeScript
+- React
+- shadcn-ui
+- Tailwind CSS
+
+## How can I deploy this project?
+
+Simply open [Lovable](https://lovable.dev/projects/REPLACE_WITH_PROJECT_ID) and click on Share -> Publish.
+
+## Can I connect a custom domain to my Lovable project?
+
+Yes, you can!
+
+To connect a domain, navigate to Project > Settings > Domains and click Connect Domain.
+
+Read more here: [Setting up a custom domain](https://docs.lovable.dev/features/custom-domain#custom-domain)

modules/api-server/demo-app/bun.lockb

@@ -0,0 +1,20 @@
+{
+  "$schema": "https://ui.shadcn.com/schema.json",
+  "style": "default",
+  "rsc": false,
+  "tsx": true,
+  "tailwind": {
+    "config": "tailwind.config.ts",
+    "css": "src/index.css",
+    "baseColor": "slate",
+    "cssVariables": true,
+    "prefix": ""
+  },
+  "aliases": {
+    "components": "@/components",
+    "utils": "@/lib/utils",
+    "ui": "@/components/ui",
+    "lib": "@/lib",
+    "hooks": "@/hooks"
+  }
+}

modules/api-server/demo-app/components.json

@@ -0,0 +1,26 @@
+import js from "@eslint/js";
+import globals from "globals";
+import reactHooks from "eslint-plugin-react-hooks";
+import reactRefresh from "eslint-plugin-react-refresh";
+import tseslint from "typescript-eslint";
+
+export default tseslint.config(
+  { ignores: ["dist"] },
+  {
+    extends: [js.configs.recommended, ...tseslint.configs.recommended],
+    files: ["**/*.{ts,tsx}"],
+    languageOptions: {
+      ecmaVersion: 2020,
+      globals: globals.browser,
+    },
+    plugins: {
+      "react-hooks": reactHooks,
+      "react-refresh": reactRefresh,
+    },
+    rules: {
+      ...reactHooks.configs.recommended.rules,
+      "react-refresh/only-export-components": ["warn", { allowConstantExport: true }],
+      "@typescript-eslint/no-unused-vars": "off",
+    },
+  },
+);

modules/api-server/demo-app/eslint.config.js

@@ -0,0 +1,27 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>Stratum - Infrastructure Compliance</title>
+    <meta name="description" content="Enterprise infrastructure compliance monitoring and management platform" />
+    <meta name="author" content="Stratum Technologies" />
+
+    <meta property="og:title" content="Stratum - Infrastructure Compliance" />
+    <meta property="og:description" content="Real-time infrastructure compliance monitoring across all environments" />
+    <meta property="og:type" content="website" />
+    <meta property="og:image" content="https://lovable.dev/opengraph-image-p98pqg.png" />
+
+    <meta name="twitter:card" content="summary_large_image" />
+    <meta name="twitter:site" content="@CloudOps" />
+    <meta name="twitter:image" content="https://lovable.dev/opengraph-image-p98pqg.png" />
+
+    <link rel="preconnect" href="https://fonts.googleapis.com">
+    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
+  </head>
+
+  <body>
+    <div id="root"></div>
+    <script type="module" src="/src/main.tsx"></script>
+  </body>
+</html>