server {
    listen 80;
    server_name localhost;

    # API versioning
    set $api_version "v1";

    # CORS configuration
    add_header 'Access-Control-Allow-Origin' '$http_origin' always;
    add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
    add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, X-Requested-With' always;
    add_header 'Access-Control-Allow-Credentials' 'true' always;

    # Handle OPTIONS requests
    if ($request_method = 'OPTIONS') {
        add_header 'Access-Control-Max-Age' 1728000;
        add_header 'Content-Type' 'text/plain; charset=utf-8';
        add_header 'Content-Length' 0;
        return 204;
    }

    # Health check endpoint
    location /health {
        access_log off;
        return 200 "healthy\n";
        add_header Content-Type text/plain;
    }

    # Auth endpoints
    location ~ ^/api/($api_version/)?auth {
        limit_req zone=auth_limit burst=5 nodelay;
        proxy_pass http://orchestrator;
        include /etc/nginx/proxy.conf;
    }

    # Orchestrator service
    location ~ ^/api/($api_version/)?orchestrator {
        limit_req zone=api_limit burst=20 nodelay;
        proxy_pass http://orchestrator;
        include /etc/nginx/proxy.conf;
    }

    # Claude Agent service
    location ~ ^/api/($api_version/)?claude {
        limit_req zone=api_limit burst=10 nodelay;
        proxy_pass http://claude_agent;
        include /etc/nginx/proxy.conf;
    }

    # GramJS Adapter service
    location ~ ^/api/($api_version/)?telegram {
        limit_req zone=api_limit burst=20 nodelay;
        proxy_pass http://gramjs_adapter;
        include /etc/nginx/proxy.conf;
    }

    # Safety Guard service
    location ~ ^/api/($api_version/)?safety {
        limit_req zone=api_limit burst=30 nodelay;
        proxy_pass http://safety_guard;
        include /etc/nginx/proxy.conf;
    }

    # Analytics service
    location ~ ^/api/($api_version/)?analytics {
        limit_req zone=api_limit burst=50 nodelay;
        proxy_pass http://analytics;
        include /etc/nginx/proxy.conf;
    }

    # A/B Testing service
    location ~ ^/api/($api_version/)?experiments {
        limit_req zone=api_limit burst=20 nodelay;
        proxy_pass http://ab_testing;
        include /etc/nginx/proxy.conf;
    }

    # WebSocket endpoints
    location ~ ^/ws/($api_version/)? {
        proxy_pass http://orchestrator;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 86400;
    }

    # Static files (if any)
    location /static {
        alias /usr/share/nginx/html/static;
        expires 30d;
        add_header Cache-Control "public, immutable";
    }

    # Default location
    location / {
        return 404;
    }
}