refactor: simplify architecture and improve documentation

- Extract orchestration logic from `internal/cli` into a new `internal/manager` package for better composability.
- Migrate technical implementation details from README.md to package-level godoc strings.
- Rewrite README.md to be more user-centric, focusing on quick start and usage.
- Add comprehensive documentation for exported structs and fields across the project.
- Verify all changes with `go fmt`, `go vet`, `golangci-lint`, and full E2E test suite.

1 files changed, 20 insertions, 5 deletions

diff --git a/pkg/wgconf/wgconf.go b/pkg/wgconf/wgconf.go
index 36434ba..5eac20d 100644
--- a/pkg/wgconf/wgconf.go
+++ b/pkg/wgconf/wgconf.go
@@ -1,3 +1,11 @@
+// Package wgconf provides functionality for parsing WireGuard .conf files.
+//
+// Parsing Logic:
+// wgconf implements a robust parser for WireGuard configuration files, supporting:
+// - Case-insensitive section ([Interface], [Peer]) and key names.
+// - Inline and block comments starting with # or ;.
+// - Multi-value fields (e.g., AllowedIPs) separated by commas.
+// - Flexible whitespace handling around keys and values.
 package wgconf
 
 import (
@@ -9,16 +17,23 @@ import (
 
 // Config represents a parsed WireGuard configuration file.
 type Config struct {
+	// PrivateKey is the local interface's private key.
 	PrivateKey string
-	Address    string
-	DNS        string
-	Peers      []Peer
+	// Address is the local interface's IP address.
+	Address string
+	// DNS is the DNS server to be used when the tunnel is active.
+	DNS string
+	// Peers is the list of remote peers defined in the configuration.
+	Peers []Peer
 }
 
 // Peer represents a WireGuard peer.
 type Peer struct {
-	PublicKey  string
-	Endpoint   string
+	// PublicKey is the remote peer's public key.
+	PublicKey string
+	// Endpoint is the public IP and port of the remote peer.
+	Endpoint string
+	// AllowedIPs is the list of IP addresses/networks allowed for this peer.
 	AllowedIPs []string
 }