elsabro 2.2.0 → 3.7.0

package/references/kubernetes-deployment.md

@@ -0,0 +1,3099 @@
+---
+name: kubernetes-deployment
+description: Sistema de deployment de ELSABRO en Kubernetes con Helm, HPA, VPA y observabilidad
+version: 3.6.0
+---
+
+# ELSABRO Kubernetes Deployment System (v3.6)
+
+Sistema completo para desplegar ELSABRO como servicio en Kubernetes con soporte para multi-tenancy, auto-scaling, y observabilidad enterprise.
+
+## Vision General
+
+```
++-----------------------------------------------------------------------------+
+|                      ELSABRO KUBERNETES ARCHITECTURE                         |
++-----------------------------------------------------------------------------+
+|                                                                              |
+|  +------------------------------------------------------------------------+  |
+|  |                         INGRESS LAYER                                   |  |
+|  |  +----------------+  +----------------+  +----------------+             |  |
+|  |  |    Nginx       |  |    Traefik     |  |   Istio GW    |             |  |
+|  |  |   Ingress      |  |   Ingress      |  |   (Service    |             |  |
+|  |  |  (default)     |  |  (alternative) |  |    Mesh)      |             |  |
+|  |  +-------+--------+  +-------+--------+  +-------+--------+             |  |
+|  +----------|------------------|------------------|-------------------------+  |
+|             |                  |                  |                           |
+|             +------------------+------------------+                           |
+|                                |                                              |
+|  +-----------------------------v------------------------------------------+  |
+|  |                     SERVICE LAYER                                       |  |
+|  |  +------------------------------------------------------------------+  |  |
+|  |  |                    elsabro-service                                |  |  |
+|  |  |  ClusterIP / LoadBalancer / NodePort                             |  |  |
+|  |  |  Port: 8080 (HTTP) | 8443 (HTTPS) | 9090 (Metrics)              |  |  |
+|  |  +------------------------------------------------------------------+  |  |
+|  +------------------------------------------------------------------------+  |
+|                                |                                              |
+|  +-----------------------------v------------------------------------------+  |
+|  |                    DEPLOYMENT LAYER                                     |  |
+|  |  +------------------------------------------------------------------+  |  |
+|  |  |                  elsabro-deployment                               |  |  |
+|  |  |  +------------+  +------------+  +------------+  +------------+  |  |  |
+|  |  |  |   Pod 1    |  |   Pod 2    |  |   Pod 3    |  |   Pod N    |  |  |  |
+|  |  |  | Replica    |  | Replica    |  | Replica    |  | Replica    |  |  |  |
+|  |  |  +------------+  +------------+  +------------+  +------------+  |  |  |
+|  |  |        ^               ^               ^               ^         |  |  |
+|  |  |        +---------------+---------------+---------------+         |  |  |
+|  |  |                              |                                   |  |  |
+|  |  |                   HPA / VPA / KEDA                              |  |  |
+|  |  +------------------------------------------------------------------+  |  |
+|  +------------------------------------------------------------------------+  |
+|                                |                                              |
+|  +-----------------------------v------------------------------------------+  |
+|  |                   INFRASTRUCTURE LAYER                                  |  |
+|  |  +----------------+  +----------------+  +----------------+             |  |
+|  |  |     Redis      |  |   PostgreSQL   |  |   RabbitMQ     |             |  |
+|  |  |    Cluster     |  |    Primary     |  |    Cluster     |             |  |
+|  |  |  (Session/     |  |  + Replicas    |  |  (Event Bus)   |             |  |
+|  |  |   Cache)       |  |                |  |                |             |  |
+|  |  +----------------+  +----------------+  +----------------+             |  |
+|  +------------------------------------------------------------------------+  |
+|                                |                                              |
+|  +-----------------------------v------------------------------------------+  |
+|  |                   OBSERVABILITY LAYER                                   |  |
+|  |  +----------------+  +----------------+  +----------------+             |  |
+|  |  |   Prometheus   |  |    Grafana     |  |    Jaeger      |             |  |
+|  |  |   (Metrics)    |  |  (Dashboards)  |  |   (Tracing)    |             |  |
+|  |  +----------------+  +----------------+  +----------------+             |  |
+|  +------------------------------------------------------------------------+  |
+|                                                                              |
++-----------------------------------------------------------------------------+
+```
+
+---
+
+## 1. K8sDeployer
+
+### Interfaces TypeScript
+
+```typescript
+/**
+ * K8sDeployer - Core deployment manager for ELSABRO on Kubernetes
+ */
+
+// Namespace configuration
+interface NamespaceConfig {
+  name: string;
+  labels: Record<string, string>;
+  annotations: Record<string, string>;
+  resourceQuota?: ResourceQuotaSpec;
+  limitRange?: LimitRangeSpec;
+  networkPolicy?: NetworkPolicySpec;
+}
+
+// Deployment specification
+interface DeploymentSpec {
+  name: string;
+  namespace: string;
+  replicas: number;
+  image: string;
+  imageTag: string;
+  imagePullPolicy: 'Always' | 'IfNotPresent' | 'Never';
+  resources: ResourceRequirements;
+  env: EnvVar[];
+  envFrom: EnvFromSource[];
+  ports: ContainerPort[];
+  volumeMounts: VolumeMount[];
+  volumes: Volume[];
+  nodeSelector?: Record<string, string>;
+  tolerations?: Toleration[];
+  affinity?: Affinity;
+  securityContext?: PodSecurityContext;
+  serviceAccountName?: string;
+}
+
+// Resource requirements
+interface ResourceRequirements {
+  requests: {
+    cpu: string;
+    memory: string;
+    'ephemeral-storage'?: string;
+  };
+  limits: {
+    cpu: string;
+    memory: string;
+    'ephemeral-storage'?: string;
+    'nvidia.com/gpu'?: number;
+  };
+}
+
+// Environment variable
+interface EnvVar {
+  name: string;
+  value?: string;
+  valueFrom?: {
+    configMapKeyRef?: { name: string; key: string };
+    secretKeyRef?: { name: string; key: string };
+    fieldRef?: { fieldPath: string };
+    resourceFieldRef?: { containerName: string; resource: string };
+  };
+}
+
+// ConfigMap specification
+interface ConfigMapSpec {
+  name: string;
+  namespace: string;
+  data: Record<string, string>;
+  binaryData?: Record<string, string>;
+  immutable?: boolean;
+}
+
+// Secret specification
+interface SecretSpec {
+  name: string;
+  namespace: string;
+  type: 'Opaque' | 'kubernetes.io/tls' | 'kubernetes.io/dockerconfigjson';
+  data?: Record<string, string>;
+  stringData?: Record<string, string>;
+}
+
+// Service Account specification
+interface ServiceAccountSpec {
+  name: string;
+  namespace: string;
+  automountServiceAccountToken?: boolean;
+  imagePullSecrets?: { name: string }[];
+  secrets?: { name: string }[];
+}
+
+// RBAC Role specification
+interface RoleSpec {
+  name: string;
+  namespace: string;
+  rules: PolicyRule[];
+}
+
+interface PolicyRule {
+  apiGroups: string[];
+  resources: string[];
+  verbs: ('get' | 'list' | 'watch' | 'create' | 'update' | 'patch' | 'delete')[];
+  resourceNames?: string[];
+}
+
+// K8sDeployer main class
+class K8sDeployer {
+  private kubeConfig: KubeConfig;
+  private coreApi: CoreV1Api;
+  private appsApi: AppsV1Api;
+  private rbacApi: RbacAuthorizationV1Api;
+  private networkingApi: NetworkingV1Api;
+  private autoscalingApi: AutoscalingV2Api;
+
+  constructor(config: K8sDeployerConfig) {
+    this.kubeConfig = new KubeConfig();
+    this.kubeConfig.loadFromDefault();
+    this.initializeApis();
+  }
+
+  // Namespace operations
+  async createNamespace(config: NamespaceConfig): Promise<V1Namespace> {
+    const namespace: V1Namespace = {
+      apiVersion: 'v1',
+      kind: 'Namespace',
+      metadata: {
+        name: config.name,
+        labels: {
+          'app.kubernetes.io/name': 'elsabro',
+          'app.kubernetes.io/managed-by': 'elsabro-deployer',
+          ...config.labels
+        },
+        annotations: config.annotations
+      }
+    };
+
+    const result = await this.coreApi.createNamespace(namespace);
+
+    // Apply resource quota if specified
+    if (config.resourceQuota) {
+      await this.createResourceQuota(config.name, config.resourceQuota);
+    }
+
+    // Apply limit range if specified
+    if (config.limitRange) {
+      await this.createLimitRange(config.name, config.limitRange);
+    }
+
+    // Apply network policy if specified
+    if (config.networkPolicy) {
+      await this.createNetworkPolicy(config.name, config.networkPolicy);
+    }
+
+    return result.body;
+  }
+
+  // Deployment operations
+  async deploy(spec: DeploymentSpec): Promise<DeploymentResult> {
+    const deployment = this.buildDeploymentManifest(spec);
+
+    try {
+      // Check if deployment exists
+      const existing = await this.appsApi.readNamespacedDeployment(
+        spec.name,
+        spec.namespace
+      );
+
+      // Update existing deployment
+      const result = await this.appsApi.replaceNamespacedDeployment(
+        spec.name,
+        spec.namespace,
+        deployment
+      );
+
+      return {
+        action: 'updated',
+        deployment: result.body,
+        timestamp: new Date().toISOString()
+      };
+    } catch (e) {
+      if (e.statusCode === 404) {
+        // Create new deployment
+        const result = await this.appsApi.createNamespacedDeployment(
+          spec.namespace,
+          deployment
+        );
+
+        return {
+          action: 'created',
+          deployment: result.body,
+          timestamp: new Date().toISOString()
+        };
+      }
+      throw e;
+    }
+  }
+
+  // ConfigMap operations
+  async createConfigMap(spec: ConfigMapSpec): Promise<V1ConfigMap> {
+    const configMap: V1ConfigMap = {
+      apiVersion: 'v1',
+      kind: 'ConfigMap',
+      metadata: {
+        name: spec.name,
+        namespace: spec.namespace,
+        labels: {
+          'app.kubernetes.io/name': 'elsabro',
+          'app.kubernetes.io/component': 'config'
+        }
+      },
+      data: spec.data,
+      binaryData: spec.binaryData,
+      immutable: spec.immutable
+    };
+
+    const result = await this.coreApi.createNamespacedConfigMap(
+      spec.namespace,
+      configMap
+    );
+    return result.body;
+  }
+
+  // Secret operations
+  async createSecret(spec: SecretSpec): Promise<V1Secret> {
+    const secret: V1Secret = {
+      apiVersion: 'v1',
+      kind: 'Secret',
+      metadata: {
+        name: spec.name,
+        namespace: spec.namespace,
+        labels: {
+          'app.kubernetes.io/name': 'elsabro',
+          'app.kubernetes.io/component': 'secret'
+        }
+      },
+      type: spec.type,
+      data: spec.data ? this.encodeSecretData(spec.data) : undefined,
+      stringData: spec.stringData
+    };
+
+    const result = await this.coreApi.createNamespacedSecret(
+      spec.namespace,
+      secret
+    );
+    return result.body;
+  }
+
+  // ServiceAccount and RBAC operations
+  async setupRBAC(
+    namespace: string,
+    serviceAccountSpec: ServiceAccountSpec,
+    roleSpec: RoleSpec,
+    roleBindingName: string
+  ): Promise<RBACSetupResult> {
+    // Create ServiceAccount
+    const sa = await this.createServiceAccount(serviceAccountSpec);
+
+    // Create Role
+    const role = await this.createRole(roleSpec);
+
+    // Create RoleBinding
+    const binding = await this.createRoleBinding({
+      name: roleBindingName,
+      namespace,
+      roleRef: {
+        apiGroup: 'rbac.authorization.k8s.io',
+        kind: 'Role',
+        name: roleSpec.name
+      },
+      subjects: [{
+        kind: 'ServiceAccount',
+        name: serviceAccountSpec.name,
+        namespace
+      }]
+    });
+
+    return { serviceAccount: sa, role, roleBinding: binding };
+  }
+
+  // Rollout operations
+  async rollout(
+    namespace: string,
+    deploymentName: string,
+    strategy: RolloutStrategy
+  ): Promise<RolloutResult> {
+    const deployment = await this.appsApi.readNamespacedDeployment(
+      deploymentName,
+      namespace
+    );
+
+    switch (strategy.type) {
+      case 'restart':
+        return this.restartDeployment(namespace, deploymentName);
+      case 'scale':
+        return this.scaleDeployment(namespace, deploymentName, strategy.replicas);
+      case 'canary':
+        return this.canaryDeployment(namespace, deployment.body, strategy);
+      case 'bluegreen':
+        return this.blueGreenDeployment(namespace, deployment.body, strategy);
+      default:
+        throw new Error(`Unknown rollout strategy: ${strategy.type}`);
+    }
+  }
+
+  // Status and monitoring
+  async getDeploymentStatus(
+    namespace: string,
+    deploymentName: string
+  ): Promise<DeploymentStatus> {
+    const deployment = await this.appsApi.readNamespacedDeployment(
+      deploymentName,
+      namespace
+    );
+
+    const pods = await this.coreApi.listNamespacedPod(
+      namespace,
+      undefined,
+      undefined,
+      undefined,
+      undefined,
+      `app.kubernetes.io/name=elsabro`
+    );
+
+    return {
+      name: deploymentName,
+      namespace,
+      replicas: {
+        desired: deployment.body.spec?.replicas || 0,
+        ready: deployment.body.status?.readyReplicas || 0,
+        available: deployment.body.status?.availableReplicas || 0,
+        unavailable: deployment.body.status?.unavailableReplicas || 0
+      },
+      conditions: deployment.body.status?.conditions || [],
+      pods: pods.body.items.map(pod => ({
+        name: pod.metadata?.name,
+        phase: pod.status?.phase,
+        ready: pod.status?.conditions?.find(c => c.type === 'Ready')?.status === 'True',
+        restarts: pod.status?.containerStatuses?.[0]?.restartCount || 0
+      }))
+    };
+  }
+
+  // Helper methods
+  private buildDeploymentManifest(spec: DeploymentSpec): V1Deployment {
+    return {
+      apiVersion: 'apps/v1',
+      kind: 'Deployment',
+      metadata: {
+        name: spec.name,
+        namespace: spec.namespace,
+        labels: {
+          'app.kubernetes.io/name': 'elsabro',
+          'app.kubernetes.io/instance': spec.name,
+          'app.kubernetes.io/version': spec.imageTag,
+          'app.kubernetes.io/component': 'api',
+          'app.kubernetes.io/managed-by': 'elsabro-deployer'
+        }
+      },
+      spec: {
+        replicas: spec.replicas,
+        selector: {
+          matchLabels: {
+            'app.kubernetes.io/name': 'elsabro',
+            'app.kubernetes.io/instance': spec.name
+          }
+        },
+        strategy: {
+          type: 'RollingUpdate',
+          rollingUpdate: {
+            maxSurge: '25%',
+            maxUnavailable: '25%'
+          }
+        },
+        template: {
+          metadata: {
+            labels: {
+              'app.kubernetes.io/name': 'elsabro',
+              'app.kubernetes.io/instance': spec.name,
+              'app.kubernetes.io/version': spec.imageTag
+            },
+            annotations: {
+              'prometheus.io/scrape': 'true',
+              'prometheus.io/port': '9090',
+              'prometheus.io/path': '/metrics'
+            }
+          },
+          spec: {
+            serviceAccountName: spec.serviceAccountName,
+            securityContext: spec.securityContext,
+            containers: [{
+              name: 'elsabro',
+              image: `${spec.image}:${spec.imageTag}`,
+              imagePullPolicy: spec.imagePullPolicy,
+              ports: spec.ports,
+              env: spec.env,
+              envFrom: spec.envFrom,
+              resources: spec.resources,
+              volumeMounts: spec.volumeMounts,
+              livenessProbe: {
+                httpGet: { path: '/health/live', port: 8080 },
+                initialDelaySeconds: 15,
+                periodSeconds: 20,
+                timeoutSeconds: 5,
+                failureThreshold: 3
+              },
+              readinessProbe: {
+                httpGet: { path: '/health/ready', port: 8080 },
+                initialDelaySeconds: 5,
+                periodSeconds: 10,
+                timeoutSeconds: 3,
+                failureThreshold: 3
+              },
+              startupProbe: {
+                httpGet: { path: '/health/startup', port: 8080 },
+                initialDelaySeconds: 10,
+                periodSeconds: 5,
+                timeoutSeconds: 3,
+                failureThreshold: 30
+              }
+            }],
+            volumes: spec.volumes,
+            nodeSelector: spec.nodeSelector,
+            tolerations: spec.tolerations,
+            affinity: spec.affinity
+          }
+        }
+      }
+    };
+  }
+}
+```
+
+---
+
+## 2. HelmChartGenerator
+
+### Helm Chart Structure
+
+```
+elsabro-chart/
++-- Chart.yaml
++-- values.yaml
++-- values-dev.yaml
++-- values-staging.yaml
++-- values-prod.yaml
++-- templates/
+|   +-- _helpers.tpl
+|   +-- deployment.yaml
+|   +-- service.yaml
+|   +-- ingress.yaml
+|   +-- hpa.yaml
+|   +-- vpa.yaml
+|   +-- configmap.yaml
+|   +-- secret.yaml
+|   +-- serviceaccount.yaml
+|   +-- role.yaml
+|   +-- rolebinding.yaml
+|   +-- networkpolicy.yaml
+|   +-- pdb.yaml
+|   +-- servicemonitor.yaml
++-- charts/
+|   +-- redis/
+|   +-- postgresql/
+|   +-- rabbitmq/
++-- .helmignore
+```
+
+### Chart.yaml
+
+```yaml
+apiVersion: v2
+name: elsabro
+description: ELSABRO - AI-Powered Development Workflow System
+type: application
+version: 3.6.0
+appVersion: "3.6.0"
+kubeVersion: ">=1.25.0-0"
+
+keywords:
+  - ai
+  - agents
+  - development
+  - workflow
+  - automation
+
+home: https://github.com/cubait/elsabro
+sources:
+  - https://github.com/cubait/elsabro
+
+maintainers:
+  - name: cubait
+    email: support@cubait.com
+
+dependencies:
+  - name: redis
+    version: "18.x.x"
+    repository: "https://charts.bitnami.com/bitnami"
+    condition: redis.enabled
+  - name: postgresql
+    version: "14.x.x"
+    repository: "https://charts.bitnami.com/bitnami"
+    condition: postgresql.enabled
+  - name: rabbitmq
+    version: "12.x.x"
+    repository: "https://charts.bitnami.com/bitnami"
+    condition: rabbitmq.enabled
+
+annotations:
+  artifacthub.io/license: MIT
+  artifacthub.io/links: |
+    - name: Documentation
+      url: https://docs.elsabro.dev
+    - name: Support
+      url: https://github.com/cubait/elsabro/issues
+```
+
+### values.yaml (Default)
+
+```yaml
+# ELSABRO Helm Chart Values
+# Default configuration for all environments
+
+global:
+  imageRegistry: ""
+  imagePullSecrets: []
+  storageClass: ""
+
+# Number of replicas
+replicaCount: 2
+
+# Image configuration
+image:
+  registry: ghcr.io
+  repository: cubait/elsabro
+  tag: "3.6.0"
+  pullPolicy: IfNotPresent
+
+# Service Account
+serviceAccount:
+  create: true
+  annotations: {}
+  name: "elsabro-sa"
+  automountServiceAccountToken: true
+
+# Pod annotations
+podAnnotations:
+  prometheus.io/scrape: "true"
+  prometheus.io/port: "9090"
+  prometheus.io/path: "/metrics"
+
+# Pod security context
+podSecurityContext:
+  runAsNonRoot: true
+  runAsUser: 1000
+  runAsGroup: 1000
+  fsGroup: 1000
+
+# Container security context
+securityContext:
+  allowPrivilegeEscalation: false
+  readOnlyRootFilesystem: true
+  runAsNonRoot: true
+  runAsUser: 1000
+  capabilities:
+    drop:
+      - ALL
+
+# Service configuration
+service:
+  type: ClusterIP
+  port: 8080
+  metricsPort: 9090
+  annotations: {}
+
+# Ingress configuration
+ingress:
+  enabled: false
+  className: "nginx"
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/proxy-body-size: "50m"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+  hosts:
+    - host: elsabro.local
+      paths:
+        - path: /
+          pathType: Prefix
+  tls:
+    - secretName: elsabro-tls
+      hosts:
+        - elsabro.local
+
+# Resource limits
+resources:
+  requests:
+    cpu: 500m
+    memory: 512Mi
+  limits:
+    cpu: 2000m
+    memory: 2Gi
+
+# Horizontal Pod Autoscaler
+autoscaling:
+  enabled: true
+  minReplicas: 2
+  maxReplicas: 10
+  targetCPUUtilizationPercentage: 70
+  targetMemoryUtilizationPercentage: 80
+  behavior:
+    scaleDown:
+      stabilizationWindowSeconds: 300
+      policies:
+        - type: Percent
+          value: 10
+          periodSeconds: 60
+    scaleUp:
+      stabilizationWindowSeconds: 0
+      policies:
+        - type: Percent
+          value: 100
+          periodSeconds: 15
+        - type: Pods
+          value: 4
+          periodSeconds: 15
+      selectPolicy: Max
+  customMetrics:
+    - type: Pods
+      pods:
+        metric:
+          name: elsabro_queue_length
+        target:
+          type: AverageValue
+          averageValue: 100
+    - type: Pods
+      pods:
+        metric:
+          name: elsabro_active_agents
+        target:
+          type: AverageValue
+          averageValue: 5
+
+# Vertical Pod Autoscaler
+vpa:
+  enabled: false
+  updateMode: "Auto"
+  resourcePolicy:
+    containerPolicies:
+      - containerName: elsabro
+        minAllowed:
+          cpu: 250m
+          memory: 256Mi
+        maxAllowed:
+          cpu: 4000m
+          memory: 8Gi
+        controlledResources:
+          - cpu
+          - memory
+
+# Pod Disruption Budget
+podDisruptionBudget:
+  enabled: true
+  minAvailable: 1
+  # maxUnavailable: 1
+
+# Node selector
+nodeSelector: {}
+
+# Tolerations
+tolerations: []
+
+# Affinity rules
+affinity:
+  podAntiAffinity:
+    preferredDuringSchedulingIgnoredDuringExecution:
+      - weight: 100
+        podAffinityTerm:
+          labelSelector:
+            matchExpressions:
+              - key: app.kubernetes.io/name
+                operator: In
+                values:
+                  - elsabro
+          topologyKey: kubernetes.io/hostname
+
+# Topology spread constraints
+topologySpreadConstraints:
+  - maxSkew: 1
+    topologyKey: topology.kubernetes.io/zone
+    whenUnsatisfiable: ScheduleAnyway
+    labelSelector:
+      matchLabels:
+        app.kubernetes.io/name: elsabro
+
+# Probes configuration
+probes:
+  liveness:
+    enabled: true
+    path: /health/live
+    initialDelaySeconds: 15
+    periodSeconds: 20
+    timeoutSeconds: 5
+    failureThreshold: 3
+  readiness:
+    enabled: true
+    path: /health/ready
+    initialDelaySeconds: 5
+    periodSeconds: 10
+    timeoutSeconds: 3
+    failureThreshold: 3
+  startup:
+    enabled: true
+    path: /health/startup
+    initialDelaySeconds: 10
+    periodSeconds: 5
+    timeoutSeconds: 3
+    failureThreshold: 30
+
+# ConfigMap data
+config:
+  LOG_LEVEL: "info"
+  LOG_FORMAT: "json"
+  TELEMETRY_ENABLED: "true"
+  METRICS_ENABLED: "true"
+  TRACING_ENABLED: "true"
+  CACHE_TTL: "3600"
+  SESSION_TTL: "86400"
+  MAX_CONCURRENT_AGENTS: "10"
+  MAX_TOKENS_PER_REQUEST: "100000"
+  DEFAULT_MODEL: "claude-opus-4-5-20251101"
+
+# Secrets (use external secrets in production)
+secrets:
+  create: true
+  annotations: {}
+  # Anthropic API key
+  ANTHROPIC_API_KEY: ""
+  # Database connection string
+  DATABASE_URL: ""
+  # Redis connection string
+  REDIS_URL: ""
+  # RabbitMQ connection string
+  RABBITMQ_URL: ""
+  # JWT secret
+  JWT_SECRET: ""
+
+# External Secrets Operator integration
+externalSecrets:
+  enabled: false
+  secretStoreRef:
+    name: vault-backend
+    kind: SecretStore
+  target:
+    name: elsabro-secrets
+  data: []
+
+# Network Policy
+networkPolicy:
+  enabled: true
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              name: ingress-nginx
+        - podSelector:
+            matchLabels:
+              app.kubernetes.io/name: prometheus
+      ports:
+        - port: 8080
+          protocol: TCP
+        - port: 9090
+          protocol: TCP
+  egress:
+    - to:
+        - namespaceSelector: {}
+      ports:
+        - port: 443
+          protocol: TCP
+        - port: 5432
+          protocol: TCP
+        - port: 6379
+          protocol: TCP
+        - port: 5672
+          protocol: TCP
+
+# Service Monitor for Prometheus
+serviceMonitor:
+  enabled: true
+  namespace: ""
+  interval: 30s
+  scrapeTimeout: 10s
+  labels: {}
+  relabelings: []
+  metricRelabelings: []
+
+# Prometheus Rules
+prometheusRule:
+  enabled: true
+  namespace: ""
+  labels: {}
+  rules:
+    - alert: ElsabroHighErrorRate
+      expr: |
+        sum(rate(elsabro_requests_total{status=~"5.."}[5m]))
+        / sum(rate(elsabro_requests_total[5m])) > 0.05
+      for: 5m
+      labels:
+        severity: critical
+      annotations:
+        summary: "High error rate detected"
+        description: "Error rate is {{ $value | humanizePercentage }} (threshold: 5%)"
+    - alert: ElsabroHighLatency
+      expr: |
+        histogram_quantile(0.95, sum(rate(elsabro_request_duration_seconds_bucket[5m]))
+        by (le)) > 2
+      for: 5m
+      labels:
+        severity: warning
+      annotations:
+        summary: "High latency detected"
+        description: "P95 latency is {{ $value | humanizeDuration }} (threshold: 2s)"
+    - alert: ElsabroPodNotReady
+      expr: |
+        kube_pod_status_ready{namespace="elsabro", condition="true"} == 0
+      for: 5m
+      labels:
+        severity: critical
+      annotations:
+        summary: "Pod not ready"
+        description: "Pod {{ $labels.pod }} has been not ready for 5 minutes"
+
+# Redis subchart configuration
+redis:
+  enabled: true
+  architecture: standalone
+  auth:
+    enabled: true
+    password: ""
+  master:
+    persistence:
+      enabled: true
+      size: 8Gi
+    resources:
+      requests:
+        cpu: 100m
+        memory: 128Mi
+      limits:
+        cpu: 500m
+        memory: 512Mi
+
+# PostgreSQL subchart configuration
+postgresql:
+  enabled: true
+  auth:
+    username: elsabro
+    password: ""
+    database: elsabro
+  primary:
+    persistence:
+      enabled: true
+      size: 20Gi
+    resources:
+      requests:
+        cpu: 250m
+        memory: 256Mi
+      limits:
+        cpu: 1000m
+        memory: 1Gi
+
+# RabbitMQ subchart configuration
+rabbitmq:
+  enabled: true
+  auth:
+    username: elsabro
+    password: ""
+  persistence:
+    enabled: true
+    size: 8Gi
+  resources:
+    requests:
+      cpu: 100m
+      memory: 256Mi
+    limits:
+      cpu: 500m
+      memory: 512Mi
+```
+
+### values-prod.yaml (Production Overrides)
+
+```yaml
+# Production-specific values
+
+replicaCount: 5
+
+image:
+  pullPolicy: Always
+
+resources:
+  requests:
+    cpu: 1000m
+    memory: 2Gi
+  limits:
+    cpu: 4000m
+    memory: 8Gi
+
+autoscaling:
+  enabled: true
+  minReplicas: 5
+  maxReplicas: 50
+  targetCPUUtilizationPercentage: 60
+  targetMemoryUtilizationPercentage: 70
+
+vpa:
+  enabled: true
+  updateMode: "Auto"
+
+podDisruptionBudget:
+  enabled: true
+  minAvailable: 3
+
+ingress:
+  enabled: true
+  className: "nginx"
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/proxy-body-size: "100m"
+    nginx.ingress.kubernetes.io/rate-limit: "100"
+    nginx.ingress.kubernetes.io/rate-limit-window: "1m"
+  hosts:
+    - host: api.elsabro.io
+      paths:
+        - path: /
+          pathType: Prefix
+  tls:
+    - secretName: elsabro-prod-tls
+      hosts:
+        - api.elsabro.io
+
+config:
+  LOG_LEVEL: "warn"
+  MAX_CONCURRENT_AGENTS: "50"
+  MAX_TOKENS_PER_REQUEST: "200000"
+
+externalSecrets:
+  enabled: true
+  secretStoreRef:
+    name: aws-secrets-manager
+    kind: ClusterSecretStore
+
+redis:
+  architecture: replication
+  replica:
+    replicaCount: 3
+  master:
+    persistence:
+      size: 32Gi
+    resources:
+      requests:
+        cpu: 500m
+        memory: 1Gi
+      limits:
+        cpu: 2000m
+        memory: 4Gi
+
+postgresql:
+  architecture: replication
+  readReplicas:
+    replicaCount: 2
+  primary:
+    persistence:
+      size: 100Gi
+    resources:
+      requests:
+        cpu: 1000m
+        memory: 2Gi
+      limits:
+        cpu: 4000m
+        memory: 8Gi
+
+rabbitmq:
+  replicaCount: 3
+  clustering:
+    enabled: true
+  persistence:
+    size: 32Gi
+  resources:
+    requests:
+      cpu: 500m
+      memory: 1Gi
+    limits:
+      cpu: 2000m
+      memory: 4Gi
+```
+
+### HelmChartGenerator TypeScript Interface
+
+```typescript
+/**
+ * HelmChartGenerator - Generates Helm charts for ELSABRO deployments
+ */
+
+interface HelmChartConfig {
+  name: string;
+  version: string;
+  appVersion: string;
+  description: string;
+  dependencies: ChartDependency[];
+}
+
+interface ChartDependency {
+  name: string;
+  version: string;
+  repository: string;
+  condition: string;
+}
+
+interface ValuesConfig {
+  environment: 'dev' | 'staging' | 'prod';
+  replicas: number;
+  image: ImageConfig;
+  resources: ResourceConfig;
+  autoscaling: AutoscalingConfig;
+  ingress: IngressConfig;
+  config: Record<string, string>;
+  secrets: Record<string, string>;
+  redis: RedisConfig;
+  postgresql: PostgreSQLConfig;
+  rabbitmq: RabbitMQConfig;
+}
+
+class HelmChartGenerator {
+  private chartDir: string;
+
+  constructor(outputDir: string) {
+    this.chartDir = path.join(outputDir, 'elsabro-chart');
+  }
+
+  // Generate complete Helm chart
+  async generate(config: HelmChartConfig): Promise<void> {
+    await this.createDirectoryStructure();
+    await this.generateChartYaml(config);
+    await this.generateValuesFiles();
+    await this.generateTemplates();
+    await this.generateHelpers();
+  }
+
+  // Generate Chart.yaml
+  private async generateChartYaml(config: HelmChartConfig): Promise<void> {
+    const chartYaml = {
+      apiVersion: 'v2',
+      name: config.name,
+      description: config.description,
+      type: 'application',
+      version: config.version,
+      appVersion: config.appVersion,
+      kubeVersion: '>=1.25.0-0',
+      dependencies: config.dependencies
+    };
+
+    await this.writeYaml(
+      path.join(this.chartDir, 'Chart.yaml'),
+      chartYaml
+    );
+  }
+
+  // Generate environment-specific values
+  async generateValuesForEnvironment(
+    environment: 'dev' | 'staging' | 'prod',
+    customValues?: Partial<ValuesConfig>
+  ): Promise<string> {
+    const baseValues = this.getBaseValues();
+    const envOverrides = this.getEnvironmentOverrides(environment);
+
+    const values = deepMerge(baseValues, envOverrides, customValues || {});
+
+    const outputPath = path.join(
+      this.chartDir,
+      `values-${environment}.yaml`
+    );
+
+    await this.writeYaml(outputPath, values);
+    return outputPath;
+  }
+
+  // Generate Kubernetes manifests from templates
+  async template(
+    releaseName: string,
+    namespace: string,
+    valuesFile: string
+  ): Promise<string> {
+    // Use execFile for safe command execution
+    const { stdout } = await execFileAsync('helm', [
+      'template',
+      releaseName,
+      this.chartDir,
+      '--namespace', namespace,
+      '--values', valuesFile
+    ]);
+    return stdout;
+  }
+
+  // Validate chart
+  async lint(): Promise<LintResult> {
+    const { stdout, stderr, status } = await execFileAsync('helm', ['lint', this.chartDir]);
+    return {
+      success: status === 0,
+      output: stdout,
+      errors: this.parseLintErrors(stderr)
+    };
+  }
+
+  // Package chart
+  async package(destination: string): Promise<string> {
+    const { stdout } = await execFileAsync('helm', [
+      'package',
+      this.chartDir,
+      '--destination', destination
+    ]);
+    const match = stdout.match(/Successfully packaged chart and saved it to: (.+)/);
+    return match ? match[1] : '';
+  }
+
+  // Push to registry
+  async push(packagePath: string, registry: string): Promise<void> {
+    await execFileAsync('helm', ['push', packagePath, registry]);
+  }
+
+  private getEnvironmentOverrides(env: 'dev' | 'staging' | 'prod'): Partial<ValuesConfig> {
+    const overrides: Record<string, Partial<ValuesConfig>> = {
+      dev: {
+        replicas: 1,
+        resources: {
+          requests: { cpu: '250m', memory: '256Mi' },
+          limits: { cpu: '1000m', memory: '1Gi' }
+        },
+        autoscaling: { enabled: false },
+        ingress: { enabled: false }
+      },
+      staging: {
+        replicas: 2,
+        resources: {
+          requests: { cpu: '500m', memory: '512Mi' },
+          limits: { cpu: '2000m', memory: '2Gi' }
+        },
+        autoscaling: { enabled: true, minReplicas: 2, maxReplicas: 5 }
+      },
+      prod: {
+        replicas: 5,
+        resources: {
+          requests: { cpu: '1000m', memory: '2Gi' },
+          limits: { cpu: '4000m', memory: '8Gi' }
+        },
+        autoscaling: { enabled: true, minReplicas: 5, maxReplicas: 50 }
+      }
+    };
+
+    return overrides[env];
+  }
+}
+```
+
+---
+
+## 3. ResourceScaler
+
+### TypeScript Interfaces
+
+```typescript
+/**
+ * ResourceScaler - Manages HPA, VPA, and custom metrics scaling
+ */
+
+// HPA Configuration
+interface HPAConfig {
+  name: string;
+  namespace: string;
+  targetRef: {
+    apiVersion: string;
+    kind: string;
+    name: string;
+  };
+  minReplicas: number;
+  maxReplicas: number;
+  metrics: HPAMetric[];
+  behavior?: HPABehavior;
+}
+
+interface HPAMetric {
+  type: 'Resource' | 'Pods' | 'Object' | 'External';
+  resource?: {
+    name: 'cpu' | 'memory';
+    target: {
+      type: 'Utilization' | 'AverageValue';
+      averageUtilization?: number;
+      averageValue?: string;
+    };
+  };
+  pods?: {
+    metric: { name: string; selector?: LabelSelector };
+    target: { type: 'AverageValue'; averageValue: string };
+  };
+  object?: {
+    describedObject: { apiVersion: string; kind: string; name: string };
+    metric: { name: string };
+    target: { type: 'Value' | 'AverageValue'; value?: string; averageValue?: string };
+  };
+  external?: {
+    metric: { name: string; selector?: LabelSelector };
+    target: { type: 'Value' | 'AverageValue'; value?: string; averageValue?: string };
+  };
+}
+
+interface HPABehavior {
+  scaleDown?: ScalingPolicy;
+  scaleUp?: ScalingPolicy;
+}
+
+interface ScalingPolicy {
+  stabilizationWindowSeconds?: number;
+  selectPolicy?: 'Max' | 'Min' | 'Disabled';
+  policies?: {
+    type: 'Pods' | 'Percent';
+    value: number;
+    periodSeconds: number;
+  }[];
+}
+
+// VPA Configuration
+interface VPAConfig {
+  name: string;
+  namespace: string;
+  targetRef: {
+    apiVersion: string;
+    kind: string;
+    name: string;
+  };
+  updatePolicy: {
+    updateMode: 'Off' | 'Initial' | 'Recreate' | 'Auto';
+    minReplicas?: number;
+  };
+  resourcePolicy?: {
+    containerPolicies: ContainerResourcePolicy[];
+  };
+}
+
+interface ContainerResourcePolicy {
+  containerName: string;
+  mode?: 'Auto' | 'Off';
+  minAllowed?: { cpu?: string; memory?: string };
+  maxAllowed?: { cpu?: string; memory?: string };
+  controlledResources?: ('cpu' | 'memory')[];
+  controlledValues?: 'RequestsAndLimits' | 'RequestsOnly';
+}
+
+// Resource Quota Configuration
+interface ResourceQuotaConfig {
+  name: string;
+  namespace: string;
+  hard: {
+    'requests.cpu'?: string;
+    'requests.memory'?: string;
+    'limits.cpu'?: string;
+    'limits.memory'?: string;
+    'pods'?: string;
+    'services'?: string;
+    'secrets'?: string;
+    'configmaps'?: string;
+    'persistentvolumeclaims'?: string;
+    'requests.storage'?: string;
+  };
+  scopeSelector?: {
+    matchExpressions: {
+      operator: 'In' | 'NotIn' | 'Exists' | 'DoesNotExist';
+      scopeName: 'Terminating' | 'NotTerminating' | 'BestEffort' | 'NotBestEffort' | 'PriorityClass';
+      values?: string[];
+    }[];
+  };
+}
+
+// Custom Metrics for ELSABRO
+interface ElsabroCustomMetrics {
+  // Queue length - number of pending tasks
+  queueLength: {
+    name: 'elsabro_queue_length';
+    targetAverageValue: number;
+    scaleThreshold: number;
+  };
+  // Active agents - number of currently running agents
+  activeAgents: {
+    name: 'elsabro_active_agents';
+    targetAverageValue: number;
+    maxPerPod: number;
+  };
+  // Token usage rate - tokens per second
+  tokenUsageRate: {
+    name: 'elsabro_tokens_per_second';
+    targetAverageValue: number;
+  };
+  // Memory pressure - percentage of allocated memory
+  memoryPressure: {
+    name: 'elsabro_memory_pressure';
+    targetPercentage: number;
+  };
+}
+
+class ResourceScaler {
+  private k8sClient: KubernetesClient;
+  private prometheusClient: PrometheusClient;
+
+  constructor(config: ScalerConfig) {
+    this.k8sClient = new KubernetesClient(config.kubeConfig);
+    this.prometheusClient = new PrometheusClient(config.prometheusUrl);
+  }
+
+  // Create or update HPA
+  async configureHPA(config: HPAConfig): Promise<V2HorizontalPodAutoscaler> {
+    const hpa: V2HorizontalPodAutoscaler = {
+      apiVersion: 'autoscaling/v2',
+      kind: 'HorizontalPodAutoscaler',
+      metadata: {
+        name: config.name,
+        namespace: config.namespace,
+        labels: {
+          'app.kubernetes.io/name': 'elsabro',
+          'app.kubernetes.io/component': 'autoscaler'
+        }
+      },
+      spec: {
+        scaleTargetRef: config.targetRef,
+        minReplicas: config.minReplicas,
+        maxReplicas: config.maxReplicas,
+        metrics: config.metrics,
+        behavior: config.behavior
+      }
+    };
+
+    return this.k8sClient.applyResource(hpa);
+  }
+
+  // Create or update VPA
+  async configureVPA(config: VPAConfig): Promise<VerticalPodAutoscaler> {
+    const vpa: VerticalPodAutoscaler = {
+      apiVersion: 'autoscaling.k8s.io/v1',
+      kind: 'VerticalPodAutoscaler',
+      metadata: {
+        name: config.name,
+        namespace: config.namespace
+      },
+      spec: {
+        targetRef: config.targetRef,
+        updatePolicy: config.updatePolicy,
+        resourcePolicy: config.resourcePolicy
+      }
+    };
+
+    return this.k8sClient.applyResource(vpa);
+  }
+
+  // Create resource quota
+  async createResourceQuota(config: ResourceQuotaConfig): Promise<V1ResourceQuota> {
+    const quota: V1ResourceQuota = {
+      apiVersion: 'v1',
+      kind: 'ResourceQuota',
+      metadata: {
+        name: config.name,
+        namespace: config.namespace
+      },
+      spec: {
+        hard: config.hard,
+        scopeSelector: config.scopeSelector
+      }
+    };
+
+    return this.k8sClient.applyResource(quota);
+  }
+
+  // Configure ELSABRO-specific scaling
+  async configureElsabroScaling(
+    namespace: string,
+    deploymentName: string,
+    customMetrics: Partial<ElsabroCustomMetrics>
+  ): Promise<ScalingConfiguration> {
+    // Build HPA metrics array
+    const metrics: HPAMetric[] = [
+      // CPU utilization (standard)
+      {
+        type: 'Resource',
+        resource: {
+          name: 'cpu',
+          target: { type: 'Utilization', averageUtilization: 70 }
+        }
+      },
+      // Memory utilization (standard)
+      {
+        type: 'Resource',
+        resource: {
+          name: 'memory',
+          target: { type: 'Utilization', averageUtilization: 80 }
+        }
+      }
+    ];
+
+    // Add custom metrics
+    if (customMetrics.queueLength) {
+      metrics.push({
+        type: 'Pods',
+        pods: {
+          metric: { name: customMetrics.queueLength.name },
+          target: {
+            type: 'AverageValue',
+            averageValue: String(customMetrics.queueLength.targetAverageValue)
+          }
+        }
+      });
+    }
+
+    if (customMetrics.activeAgents) {
+      metrics.push({
+        type: 'Pods',
+        pods: {
+          metric: { name: customMetrics.activeAgents.name },
+          target: {
+            type: 'AverageValue',
+            averageValue: String(customMetrics.activeAgents.targetAverageValue)
+          }
+        }
+      });
+    }
+
+    // Configure HPA
+    const hpa = await this.configureHPA({
+      name: `${deploymentName}-hpa`,
+      namespace,
+      targetRef: {
+        apiVersion: 'apps/v1',
+        kind: 'Deployment',
+        name: deploymentName
+      },
+      minReplicas: 2,
+      maxReplicas: 20,
+      metrics,
+      behavior: {
+        scaleDown: {
+          stabilizationWindowSeconds: 300,
+          policies: [
+            { type: 'Percent', value: 10, periodSeconds: 60 }
+          ]
+        },
+        scaleUp: {
+          stabilizationWindowSeconds: 0,
+          policies: [
+            { type: 'Percent', value: 100, periodSeconds: 15 },
+            { type: 'Pods', value: 4, periodSeconds: 15 }
+          ],
+          selectPolicy: 'Max'
+        }
+      }
+    });
+
+    // Configure VPA (in recommendation mode)
+    const vpa = await this.configureVPA({
+      name: `${deploymentName}-vpa`,
+      namespace,
+      targetRef: {
+        apiVersion: 'apps/v1',
+        kind: 'Deployment',
+        name: deploymentName
+      },
+      updatePolicy: {
+        updateMode: 'Auto',
+        minReplicas: 2
+      },
+      resourcePolicy: {
+        containerPolicies: [{
+          containerName: 'elsabro',
+          minAllowed: { cpu: '250m', memory: '256Mi' },
+          maxAllowed: { cpu: '4000m', memory: '8Gi' },
+          controlledResources: ['cpu', 'memory'],
+          controlledValues: 'RequestsAndLimits'
+        }]
+      }
+    });
+
+    return { hpa, vpa };
+  }
+
+  // Get current scaling metrics
+  async getScalingMetrics(
+    namespace: string,
+    deploymentName: string
+  ): Promise<ScalingMetrics> {
+    const hpaStatus = await this.k8sClient.getHPAStatus(
+      `${deploymentName}-hpa`,
+      namespace
+    );
+
+    const prometheusMetrics = await this.prometheusClient.query(`
+      {
+        queue_length: avg(elsabro_queue_length{namespace="${namespace}"}),
+        active_agents: sum(elsabro_active_agents{namespace="${namespace}"}),
+        tokens_per_second: rate(elsabro_tokens_total{namespace="${namespace}"}[5m]),
+        cpu_usage: avg(container_cpu_usage_seconds_total{namespace="${namespace}", container="elsabro"}),
+        memory_usage: avg(container_memory_usage_bytes{namespace="${namespace}", container="elsabro"})
+      }
+    `);
+
+    return {
+      currentReplicas: hpaStatus.currentReplicas,
+      desiredReplicas: hpaStatus.desiredReplicas,
+      metrics: {
+        cpu: prometheusMetrics.cpu_usage,
+        memory: prometheusMetrics.memory_usage,
+        queueLength: prometheusMetrics.queue_length,
+        activeAgents: prometheusMetrics.active_agents,
+        tokensPerSecond: prometheusMetrics.tokens_per_second
+      },
+      recommendations: this.generateRecommendations(prometheusMetrics)
+    };
+  }
+
+  // Manual scaling
+  async scale(
+    namespace: string,
+    deploymentName: string,
+    replicas: number
+  ): Promise<void> {
+    await this.k8sClient.scaleDeployment(namespace, deploymentName, replicas);
+  }
+
+  private generateRecommendations(metrics: any): ScalingRecommendation[] {
+    const recommendations: ScalingRecommendation[] = [];
+
+    if (metrics.queue_length > 500) {
+      recommendations.push({
+        type: 'scale_up',
+        reason: 'High queue length',
+        suggestedReplicas: Math.ceil(metrics.queue_length / 100)
+      });
+    }
+
+    if (metrics.active_agents > 40) {
+      recommendations.push({
+        type: 'scale_up',
+        reason: 'High agent concurrency',
+        suggestedReplicas: Math.ceil(metrics.active_agents / 5)
+      });
+    }
+
+    return recommendations;
+  }
+}
+```
+
+### HPA YAML Example
+
+```yaml
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: elsabro-hpa
+  namespace: elsabro
+  labels:
+    app.kubernetes.io/name: elsabro
+    app.kubernetes.io/component: autoscaler
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: elsabro
+  minReplicas: 2
+  maxReplicas: 20
+  metrics:
+    # CPU utilization
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: 70
+    # Memory utilization
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: 80
+    # Custom metric: Queue length
+    - type: Pods
+      pods:
+        metric:
+          name: elsabro_queue_length
+        target:
+          type: AverageValue
+          averageValue: "100"
+    # Custom metric: Active agents
+    - type: Pods
+      pods:
+        metric:
+          name: elsabro_active_agents
+        target:
+          type: AverageValue
+          averageValue: "5"
+  behavior:
+    scaleDown:
+      stabilizationWindowSeconds: 300
+      policies:
+        - type: Percent
+          value: 10
+          periodSeconds: 60
+    scaleUp:
+      stabilizationWindowSeconds: 0
+      policies:
+        - type: Percent
+          value: 100
+          periodSeconds: 15
+        - type: Pods
+          value: 4
+          periodSeconds: 15
+      selectPolicy: Max
+```
+
+---
+
+## 4. HealthMonitor
+
+### TypeScript Interfaces
+
+```typescript
+/**
+ * HealthMonitor - Health checks, metrics, and alerting for ELSABRO
+ */
+
+// Health check types
+interface HealthCheckResult {
+  status: 'healthy' | 'degraded' | 'unhealthy';
+  timestamp: string;
+  checks: {
+    [key: string]: {
+      status: 'pass' | 'warn' | 'fail';
+      message?: string;
+      duration_ms?: number;
+      data?: Record<string, any>;
+    };
+  };
+  version: string;
+  uptime_seconds: number;
+}
+
+// Probe configuration
+interface ProbeConfig {
+  liveness: {
+    path: string;
+    port: number;
+    initialDelaySeconds: number;
+    periodSeconds: number;
+    timeoutSeconds: number;
+    failureThreshold: number;
+    successThreshold: number;
+  };
+  readiness: {
+    path: string;
+    port: number;
+    initialDelaySeconds: number;
+    periodSeconds: number;
+    timeoutSeconds: number;
+    failureThreshold: number;
+    successThreshold: number;
+  };
+  startup: {
+    path: string;
+    port: number;
+    initialDelaySeconds: number;
+    periodSeconds: number;
+    timeoutSeconds: number;
+    failureThreshold: number;
+  };
+}
+
+// Metrics endpoint
+interface MetricsConfig {
+  enabled: boolean;
+  port: number;
+  path: string;
+  namespace: string;
+  labels: Record<string, string>;
+  histogramBuckets: {
+    requestDuration: number[];
+    tokenUsage: number[];
+    agentDuration: number[];
+  };
+}
+
+// Alert rule
+interface AlertRule {
+  name: string;
+  expression: string;
+  duration: string;
+  severity: 'critical' | 'warning' | 'info';
+  summary: string;
+  description: string;
+  runbook_url?: string;
+  labels?: Record<string, string>;
+  annotations?: Record<string, string>;
+}
+
+class HealthMonitor {
+  private startTime: Date;
+  private checks: Map<string, HealthCheck>;
+  private metricsRegistry: MetricsRegistry;
+
+  constructor(config: HealthMonitorConfig) {
+    this.startTime = new Date();
+    this.checks = new Map();
+    this.metricsRegistry = new MetricsRegistry(config.metrics);
+    this.registerDefaultChecks();
+    this.registerDefaultMetrics();
+  }
+
+  // Register default health checks
+  private registerDefaultChecks(): void {
+    // Database connection
+    this.registerCheck('database', async () => {
+      const start = Date.now();
+      try {
+        await this.db.query('SELECT 1');
+        return {
+          status: 'pass',
+          duration_ms: Date.now() - start
+        };
+      } catch (error) {
+        return {
+          status: 'fail',
+          message: error.message,
+          duration_ms: Date.now() - start
+        };
+      }
+    });
+
+    // Redis connection
+    this.registerCheck('redis', async () => {
+      const start = Date.now();
+      try {
+        await this.redis.ping();
+        return {
+          status: 'pass',
+          duration_ms: Date.now() - start
+        };
+      } catch (error) {
+        return {
+          status: 'fail',
+          message: error.message,
+          duration_ms: Date.now() - start
+        };
+      }
+    });
+
+    // RabbitMQ connection
+    this.registerCheck('rabbitmq', async () => {
+      const start = Date.now();
+      try {
+        const channel = await this.amqp.checkQueue('elsabro_tasks');
+        return {
+          status: 'pass',
+          duration_ms: Date.now() - start,
+          data: { messageCount: channel.messageCount }
+        };
+      } catch (error) {
+        return {
+          status: 'fail',
+          message: error.message,
+          duration_ms: Date.now() - start
+        };
+      }
+    });
+
+    // Memory usage
+    this.registerCheck('memory', async () => {
+      const usage = process.memoryUsage();
+      const heapUsedPercent = (usage.heapUsed / usage.heapTotal) * 100;
+      return {
+        status: heapUsedPercent > 90 ? 'warn' : 'pass',
+        data: {
+          heapUsed: usage.heapUsed,
+          heapTotal: usage.heapTotal,
+          external: usage.external,
+          rss: usage.rss
+        }
+      };
+    });
+
+    // Agent pool
+    this.registerCheck('agent_pool', async () => {
+      const pool = await this.agentManager.getPoolStatus();
+      return {
+        status: pool.available > 0 ? 'pass' : 'warn',
+        data: {
+          available: pool.available,
+          active: pool.active,
+          queued: pool.queued
+        }
+      };
+    });
+  }
+
+  // Register default metrics
+  private registerDefaultMetrics(): void {
+    // Request counter
+    this.metricsRegistry.registerCounter({
+      name: 'elsabro_requests_total',
+      help: 'Total number of requests',
+      labelNames: ['method', 'path', 'status']
+    });
+
+    // Request duration histogram
+    this.metricsRegistry.registerHistogram({
+      name: 'elsabro_request_duration_seconds',
+      help: 'Request duration in seconds',
+      labelNames: ['method', 'path'],
+      buckets: [0.01, 0.05, 0.1, 0.5, 1, 2, 5, 10, 30, 60]
+    });
+
+    // Agent invocations
+    this.metricsRegistry.registerCounter({
+      name: 'elsabro_agent_invocations_total',
+      help: 'Total agent invocations',
+      labelNames: ['agent', 'model', 'status']
+    });
+
+    // Agent duration
+    this.metricsRegistry.registerHistogram({
+      name: 'elsabro_agent_duration_seconds',
+      help: 'Agent execution duration',
+      labelNames: ['agent', 'model'],
+      buckets: [1, 5, 10, 30, 60, 120, 300, 600]
+    });
+
+    // Token usage
+    this.metricsRegistry.registerCounter({
+      name: 'elsabro_tokens_total',
+      help: 'Total tokens used',
+      labelNames: ['model', 'type']
+    });
+
+    // Queue length gauge
+    this.metricsRegistry.registerGauge({
+      name: 'elsabro_queue_length',
+      help: 'Current queue length'
+    });
+
+    // Active agents gauge
+    this.metricsRegistry.registerGauge({
+      name: 'elsabro_active_agents',
+      help: 'Currently active agents'
+    });
+
+    // Flow executions
+    this.metricsRegistry.registerCounter({
+      name: 'elsabro_flow_executions_total',
+      help: 'Total flow executions',
+      labelNames: ['flow', 'status']
+    });
+
+    // Checkpoint counter
+    this.metricsRegistry.registerCounter({
+      name: 'elsabro_checkpoints_total',
+      help: 'Total checkpoints saved',
+      labelNames: ['type']
+    });
+
+    // Error counter
+    this.metricsRegistry.registerCounter({
+      name: 'elsabro_errors_total',
+      help: 'Total errors',
+      labelNames: ['type', 'severity']
+    });
+  }
+
+  // Liveness endpoint handler
+  async handleLiveness(req: Request, res: Response): Promise<void> {
+    // Liveness just checks if the process is running
+    res.status(200).json({
+      status: 'ok',
+      timestamp: new Date().toISOString()
+    });
+  }
+
+  // Readiness endpoint handler
+  async handleReadiness(req: Request, res: Response): Promise<void> {
+    const result = await this.runChecks(['database', 'redis']);
+    const status = result.status === 'healthy' ? 200 : 503;
+    res.status(status).json(result);
+  }
+
+  // Startup endpoint handler
+  async handleStartup(req: Request, res: Response): Promise<void> {
+    const result = await this.runChecks(['database', 'redis', 'rabbitmq']);
+    const status = result.status === 'healthy' ? 200 : 503;
+    res.status(status).json(result);
+  }
+
+  // Full health endpoint
+  async handleHealth(req: Request, res: Response): Promise<void> {
+    const result = await this.runAllChecks();
+    const status = result.status === 'healthy' ? 200 :
+                   result.status === 'degraded' ? 200 : 503;
+    res.status(status).json(result);
+  }
+
+  // Metrics endpoint
+  async handleMetrics(req: Request, res: Response): Promise<void> {
+    res.set('Content-Type', this.metricsRegistry.contentType);
+    res.end(await this.metricsRegistry.metrics());
+  }
+
+  // Run specific checks
+  async runChecks(checkNames: string[]): Promise<HealthCheckResult> {
+    const checks: HealthCheckResult['checks'] = {};
+    let hasFailure = false;
+    let hasWarning = false;
+
+    for (const name of checkNames) {
+      const check = this.checks.get(name);
+      if (check) {
+        checks[name] = await check();
+        if (checks[name].status === 'fail') hasFailure = true;
+        if (checks[name].status === 'warn') hasWarning = true;
+      }
+    }
+
+    return {
+      status: hasFailure ? 'unhealthy' : hasWarning ? 'degraded' : 'healthy',
+      timestamp: new Date().toISOString(),
+      checks,
+      version: process.env.APP_VERSION || '3.6.0',
+      uptime_seconds: (Date.now() - this.startTime.getTime()) / 1000
+    };
+  }
+
+  // Register custom check
+  registerCheck(name: string, check: () => Promise<HealthCheckResult['checks'][string]>): void {
+    this.checks.set(name, check);
+  }
+
+  // Get alerting rules
+  getAlertingRules(): AlertRule[] {
+    return [
+      {
+        name: 'ElsabroHighErrorRate',
+        expression: `
+          sum(rate(elsabro_errors_total{severity="critical"}[5m]))
+          / sum(rate(elsabro_requests_total[5m])) > 0.05
+        `,
+        duration: '5m',
+        severity: 'critical',
+        summary: 'ELSABRO high error rate',
+        description: 'Error rate is {{ $value | humanizePercentage }} (threshold: 5%)',
+        runbook_url: 'https://docs.elsabro.dev/runbooks/high-error-rate'
+      },
+      {
+        name: 'ElsabroHighLatency',
+        expression: `
+          histogram_quantile(0.95,
+            sum(rate(elsabro_request_duration_seconds_bucket[5m])) by (le)
+          ) > 5
+        `,
+        duration: '5m',
+        severity: 'warning',
+        summary: 'ELSABRO high latency',
+        description: 'P95 latency is {{ $value | humanizeDuration }}'
+      },
+      {
+        name: 'ElsabroQueueBacklog',
+        expression: 'elsabro_queue_length > 1000',
+        duration: '10m',
+        severity: 'warning',
+        summary: 'ELSABRO queue backlog',
+        description: 'Queue has {{ $value }} pending tasks'
+      },
+      {
+        name: 'ElsabroAgentFailures',
+        expression: `
+          sum(rate(elsabro_agent_invocations_total{status="failed"}[5m]))
+          / sum(rate(elsabro_agent_invocations_total[5m])) > 0.1
+        `,
+        duration: '5m',
+        severity: 'critical',
+        summary: 'ELSABRO high agent failure rate',
+        description: 'Agent failure rate is {{ $value | humanizePercentage }}'
+      },
+      {
+        name: 'ElsabroDatabaseConnectionFailure',
+        expression: 'elsabro_database_connections_active == 0',
+        duration: '1m',
+        severity: 'critical',
+        summary: 'ELSABRO database connection failure',
+        description: 'No active database connections'
+      },
+      {
+        name: 'ElsabroRedisConnectionFailure',
+        expression: 'elsabro_redis_connections_active == 0',
+        duration: '1m',
+        severity: 'critical',
+        summary: 'ELSABRO Redis connection failure',
+        description: 'No active Redis connections'
+      },
+      {
+        name: 'ElsabroHighMemoryUsage',
+        expression: `
+          container_memory_usage_bytes{container="elsabro"}
+          / container_spec_memory_limit_bytes{container="elsabro"} > 0.9
+        `,
+        duration: '5m',
+        severity: 'warning',
+        summary: 'ELSABRO high memory usage',
+        description: 'Memory usage is {{ $value | humanizePercentage }} of limit'
+      },
+      {
+        name: 'ElsabroPodCrashLooping',
+        expression: 'rate(kube_pod_container_status_restarts_total{container="elsabro"}[15m]) > 0',
+        duration: '15m',
+        severity: 'critical',
+        summary: 'ELSABRO pod crash looping',
+        description: 'Pod {{ $labels.pod }} is crash looping'
+      }
+    ];
+  }
+}
+```
+
+### Grafana Dashboard JSON
+
+```json
+{
+  "dashboard": {
+    "id": null,
+    "uid": "elsabro-overview",
+    "title": "ELSABRO Overview",
+    "tags": ["elsabro", "ai", "agents"],
+    "timezone": "browser",
+    "schemaVersion": 38,
+    "version": 1,
+    "refresh": "30s",
+    "panels": [
+      {
+        "id": 1,
+        "title": "Request Rate",
+        "type": "stat",
+        "gridPos": { "h": 4, "w": 6, "x": 0, "y": 0 },
+        "targets": [{
+          "expr": "sum(rate(elsabro_requests_total[5m]))",
+          "legendFormat": "requests/sec"
+        }]
+      },
+      {
+        "id": 2,
+        "title": "Error Rate",
+        "type": "stat",
+        "gridPos": { "h": 4, "w": 6, "x": 6, "y": 0 },
+        "targets": [{
+          "expr": "sum(rate(elsabro_errors_total[5m])) / sum(rate(elsabro_requests_total[5m])) * 100",
+          "legendFormat": "error %"
+        }],
+        "fieldConfig": {
+          "defaults": {
+            "unit": "percent",
+            "thresholds": {
+              "steps": [
+                { "value": 0, "color": "green" },
+                { "value": 1, "color": "yellow" },
+                { "value": 5, "color": "red" }
+              ]
+            }
+          }
+        }
+      },
+      {
+        "id": 3,
+        "title": "P95 Latency",
+        "type": "stat",
+        "gridPos": { "h": 4, "w": 6, "x": 12, "y": 0 },
+        "targets": [{
+          "expr": "histogram_quantile(0.95, sum(rate(elsabro_request_duration_seconds_bucket[5m])) by (le))",
+          "legendFormat": "p95"
+        }],
+        "fieldConfig": {
+          "defaults": {
+            "unit": "s",
+            "thresholds": {
+              "steps": [
+                { "value": 0, "color": "green" },
+                { "value": 2, "color": "yellow" },
+                { "value": 5, "color": "red" }
+              ]
+            }
+          }
+        }
+      },
+      {
+        "id": 4,
+        "title": "Active Agents",
+        "type": "stat",
+        "gridPos": { "h": 4, "w": 6, "x": 18, "y": 0 },
+        "targets": [{
+          "expr": "sum(elsabro_active_agents)",
+          "legendFormat": "agents"
+        }]
+      },
+      {
+        "id": 5,
+        "title": "Request Rate by Endpoint",
+        "type": "timeseries",
+        "gridPos": { "h": 8, "w": 12, "x": 0, "y": 4 },
+        "targets": [{
+          "expr": "sum(rate(elsabro_requests_total[5m])) by (path)",
+          "legendFormat": "{{ path }}"
+        }]
+      },
+      {
+        "id": 6,
+        "title": "Latency Distribution",
+        "type": "heatmap",
+        "gridPos": { "h": 8, "w": 12, "x": 12, "y": 4 },
+        "targets": [{
+          "expr": "sum(rate(elsabro_request_duration_seconds_bucket[5m])) by (le)",
+          "format": "heatmap"
+        }]
+      },
+      {
+        "id": 7,
+        "title": "Agent Invocations by Model",
+        "type": "timeseries",
+        "gridPos": { "h": 8, "w": 12, "x": 0, "y": 12 },
+        "targets": [{
+          "expr": "sum(rate(elsabro_agent_invocations_total[5m])) by (model)",
+          "legendFormat": "{{ model }}"
+        }]
+      },
+      {
+        "id": 8,
+        "title": "Token Usage",
+        "type": "timeseries",
+        "gridPos": { "h": 8, "w": 12, "x": 12, "y": 12 },
+        "targets": [
+          {
+            "expr": "sum(rate(elsabro_tokens_total{type=\"input\"}[5m]))",
+            "legendFormat": "Input Tokens"
+          },
+          {
+            "expr": "sum(rate(elsabro_tokens_total{type=\"output\"}[5m]))",
+            "legendFormat": "Output Tokens"
+          }
+        ]
+      },
+      {
+        "id": 9,
+        "title": "Queue Length",
+        "type": "timeseries",
+        "gridPos": { "h": 6, "w": 8, "x": 0, "y": 20 },
+        "targets": [{
+          "expr": "elsabro_queue_length",
+          "legendFormat": "queue"
+        }],
+        "fieldConfig": {
+          "defaults": {
+            "thresholds": {
+              "steps": [
+                { "value": 0, "color": "green" },
+                { "value": 500, "color": "yellow" },
+                { "value": 1000, "color": "red" }
+              ]
+            }
+          }
+        }
+      },
+      {
+        "id": 10,
+        "title": "Pod CPU Usage",
+        "type": "timeseries",
+        "gridPos": { "h": 6, "w": 8, "x": 8, "y": 20 },
+        "targets": [{
+          "expr": "sum(rate(container_cpu_usage_seconds_total{container=\"elsabro\"}[5m])) by (pod)",
+          "legendFormat": "{{ pod }}"
+        }]
+      },
+      {
+        "id": 11,
+        "title": "Pod Memory Usage",
+        "type": "timeseries",
+        "gridPos": { "h": 6, "w": 8, "x": 16, "y": 20 },
+        "targets": [{
+          "expr": "container_memory_usage_bytes{container=\"elsabro\"}",
+          "legendFormat": "{{ pod }}"
+        }],
+        "fieldConfig": {
+          "defaults": { "unit": "bytes" }
+        }
+      }
+    ]
+  }
+}
+```
+
+---
+
+## 5. Infrastructure Components
+
+### Redis Configuration
+
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: redis-config
+  namespace: elsabro
+data:
+  redis.conf: |
+    # Memory management
+    maxmemory 2gb
+    maxmemory-policy allkeys-lru
+
+    # Persistence
+    appendonly yes
+    appendfsync everysec
+
+    # Performance
+    tcp-backlog 511
+    tcp-keepalive 300
+
+    # Security
+    protected-mode yes
+    bind 0.0.0.0
+
+    # Cluster (if enabled)
+    # cluster-enabled yes
+    # cluster-config-file nodes.conf
+    # cluster-node-timeout 5000
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: redis
+  namespace: elsabro
+spec:
+  serviceName: redis
+  replicas: 1
+  selector:
+    matchLabels:
+      app: redis
+  template:
+    metadata:
+      labels:
+        app: redis
+    spec:
+      containers:
+        - name: redis
+          image: redis:7-alpine
+          ports:
+            - containerPort: 6379
+          resources:
+            requests:
+              cpu: 100m
+              memory: 256Mi
+            limits:
+              cpu: 500m
+              memory: 2Gi
+          volumeMounts:
+            - name: redis-data
+              mountPath: /data
+            - name: redis-config
+              mountPath: /usr/local/etc/redis
+          command:
+            - redis-server
+            - /usr/local/etc/redis/redis.conf
+          readinessProbe:
+            exec:
+              command: ["redis-cli", "ping"]
+            initialDelaySeconds: 5
+            periodSeconds: 10
+          livenessProbe:
+            exec:
+              command: ["redis-cli", "ping"]
+            initialDelaySeconds: 15
+            periodSeconds: 20
+      volumes:
+        - name: redis-config
+          configMap:
+            name: redis-config
+  volumeClaimTemplates:
+    - metadata:
+        name: redis-data
+      spec:
+        accessModes: ["ReadWriteOnce"]
+        resources:
+          requests:
+            storage: 10Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: redis
+  namespace: elsabro
+spec:
+  ports:
+    - port: 6379
+      targetPort: 6379
+  selector:
+    app: redis
+  clusterIP: None
+```
+
+### PostgreSQL Configuration
+
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: postgres-config
+  namespace: elsabro
+data:
+  postgresql.conf: |
+    # Connection settings
+    listen_addresses = '*'
+    max_connections = 200
+
+    # Memory settings
+    shared_buffers = 256MB
+    effective_cache_size = 768MB
+    work_mem = 4MB
+    maintenance_work_mem = 64MB
+
+    # WAL settings
+    wal_level = replica
+    max_wal_senders = 3
+    max_replication_slots = 3
+
+    # Logging
+    log_destination = 'stderr'
+    logging_collector = on
+    log_directory = 'log'
+    log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log'
+    log_statement = 'ddl'
+    log_min_duration_statement = 1000
+
+    # Performance
+    random_page_cost = 1.1
+    effective_io_concurrency = 200
+
+  pg_hba.conf: |
+    # TYPE  DATABASE  USER  ADDRESS      METHOD
+    local   all       all                trust
+    host    all       all   127.0.0.1/32 scram-sha-256
+    host    all       all   ::1/128      scram-sha-256
+    host    all       all   0.0.0.0/0    scram-sha-256
+    host    replication all 0.0.0.0/0    scram-sha-256
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: postgres
+  namespace: elsabro
+spec:
+  serviceName: postgres
+  replicas: 1
+  selector:
+    matchLabels:
+      app: postgres
+  template:
+    metadata:
+      labels:
+        app: postgres
+    spec:
+      containers:
+        - name: postgres
+          image: postgres:16-alpine
+          ports:
+            - containerPort: 5432
+          env:
+            - name: POSTGRES_DB
+              value: elsabro
+            - name: POSTGRES_USER
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-secret
+                  key: username
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-secret
+                  key: password
+            - name: PGDATA
+              value: /var/lib/postgresql/data/pgdata
+          resources:
+            requests:
+              cpu: 250m
+              memory: 512Mi
+            limits:
+              cpu: 1000m
+              memory: 2Gi
+          volumeMounts:
+            - name: postgres-data
+              mountPath: /var/lib/postgresql/data
+            - name: postgres-config
+              mountPath: /etc/postgresql
+          readinessProbe:
+            exec:
+              command: ["pg_isready", "-U", "$(POSTGRES_USER)"]
+            initialDelaySeconds: 5
+            periodSeconds: 10
+          livenessProbe:
+            exec:
+              command: ["pg_isready", "-U", "$(POSTGRES_USER)"]
+            initialDelaySeconds: 15
+            periodSeconds: 20
+      volumes:
+        - name: postgres-config
+          configMap:
+            name: postgres-config
+  volumeClaimTemplates:
+    - metadata:
+        name: postgres-data
+      spec:
+        accessModes: ["ReadWriteOnce"]
+        resources:
+          requests:
+            storage: 50Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgres
+  namespace: elsabro
+spec:
+  ports:
+    - port: 5432
+      targetPort: 5432
+  selector:
+    app: postgres
+  clusterIP: None
+```
+
+### RabbitMQ Configuration
+
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: rabbitmq-config
+  namespace: elsabro
+data:
+  rabbitmq.conf: |
+    ## Cluster formation
+    cluster_formation.peer_discovery_backend = k8s
+    cluster_formation.k8s.host = kubernetes.default.svc.cluster.local
+    cluster_formation.k8s.address_type = hostname
+    cluster_formation.node_cleanup.interval = 30
+    cluster_formation.node_cleanup.only_log_warning = true
+    cluster_partition_handling = autoheal
+
+    ## Queue settings
+    queue_master_locator = min-masters
+
+    ## Networking
+    listeners.tcp.default = 5672
+    management.listener.port = 15672
+
+    ## Memory management
+    vm_memory_high_watermark.relative = 0.7
+    vm_memory_high_watermark_paging_ratio = 0.75
+
+    ## Disk free limit
+    disk_free_limit.absolute = 1GB
+
+  enabled_plugins: |
+    [rabbitmq_management,rabbitmq_peer_discovery_k8s,rabbitmq_prometheus].
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: rabbitmq
+  namespace: elsabro
+spec:
+  serviceName: rabbitmq
+  replicas: 3
+  selector:
+    matchLabels:
+      app: rabbitmq
+  template:
+    metadata:
+      labels:
+        app: rabbitmq
+    spec:
+      serviceAccountName: rabbitmq
+      containers:
+        - name: rabbitmq
+          image: rabbitmq:3.12-management-alpine
+          ports:
+            - containerPort: 5672
+              name: amqp
+            - containerPort: 15672
+              name: management
+            - containerPort: 15692
+              name: prometheus
+          env:
+            - name: RABBITMQ_DEFAULT_USER
+              valueFrom:
+                secretKeyRef:
+                  name: rabbitmq-secret
+                  key: username
+            - name: RABBITMQ_DEFAULT_PASS
+              valueFrom:
+                secretKeyRef:
+                  name: rabbitmq-secret
+                  key: password
+            - name: RABBITMQ_ERLANG_COOKIE
+              valueFrom:
+                secretKeyRef:
+                  name: rabbitmq-secret
+                  key: erlang-cookie
+            - name: K8S_SERVICE_NAME
+              value: rabbitmq
+            - name: RABBITMQ_NODENAME
+              value: rabbit@$(POD_NAME).rabbitmq.elsabro.svc.cluster.local
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          resources:
+            requests:
+              cpu: 200m
+              memory: 512Mi
+            limits:
+              cpu: 1000m
+              memory: 2Gi
+          volumeMounts:
+            - name: rabbitmq-data
+              mountPath: /var/lib/rabbitmq
+            - name: rabbitmq-config
+              mountPath: /etc/rabbitmq
+          readinessProbe:
+            exec:
+              command: ["rabbitmq-diagnostics", "check_running"]
+            initialDelaySeconds: 20
+            periodSeconds: 10
+          livenessProbe:
+            exec:
+              command: ["rabbitmq-diagnostics", "ping"]
+            initialDelaySeconds: 60
+            periodSeconds: 30
+      volumes:
+        - name: rabbitmq-config
+          configMap:
+            name: rabbitmq-config
+  volumeClaimTemplates:
+    - metadata:
+        name: rabbitmq-data
+      spec:
+        accessModes: ["ReadWriteOnce"]
+        resources:
+          requests:
+            storage: 10Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: rabbitmq
+  namespace: elsabro
+spec:
+  ports:
+    - port: 5672
+      targetPort: 5672
+      name: amqp
+    - port: 15672
+      targetPort: 15672
+      name: management
+    - port: 15692
+      targetPort: 15692
+      name: prometheus
+  selector:
+    app: rabbitmq
+  clusterIP: None
+```
+
+### Ingress Configuration (Nginx)
+
+```yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: elsabro-ingress
+  namespace: elsabro
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/proxy-body-size: "100m"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
+    nginx.ingress.kubernetes.io/proxy-connect-timeout: "60"
+    nginx.ingress.kubernetes.io/proxy-buffering: "on"
+    nginx.ingress.kubernetes.io/proxy-buffer-size: "128k"
+    nginx.ingress.kubernetes.io/rate-limit: "100"
+    nginx.ingress.kubernetes.io/rate-limit-window: "1m"
+    nginx.ingress.kubernetes.io/enable-cors: "true"
+    nginx.ingress.kubernetes.io/cors-allow-origin: "*"
+    nginx.ingress.kubernetes.io/cors-allow-methods: "GET, POST, PUT, DELETE, OPTIONS"
+    nginx.ingress.kubernetes.io/cors-allow-headers: "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization"
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+        - api.elsabro.io
+        - ws.elsabro.io
+      secretName: elsabro-tls
+  rules:
+    - host: api.elsabro.io
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: elsabro
+                port:
+                  number: 8080
+    - host: ws.elsabro.io
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: elsabro
+                port:
+                  number: 8080
+```
+
+---
+
+## 6. Docker Multi-Stage Build
+
+### Dockerfile
+
+```dockerfile
+# ==============================================================================
+# ELSABRO Docker Multi-Stage Build
+# Version: 3.6.0
+# ==============================================================================
+
+# ------------------------------------------------------------------------------
+# Stage 1: Dependencies
+# ------------------------------------------------------------------------------
+FROM node:20-alpine AS deps
+
+WORKDIR /app
+
+# Install build dependencies
+RUN apk add --no-cache python3 make g++ git
+
+# Copy package files
+COPY package.json package-lock.json ./
+
+# Install production dependencies
+RUN npm ci --only=production && \
+    cp -R node_modules /prod_modules
+
+# Install all dependencies (including devDependencies)
+RUN npm ci
+
+# ------------------------------------------------------------------------------
+# Stage 2: Builder
+# ------------------------------------------------------------------------------
+FROM node:20-alpine AS builder
+
+WORKDIR /app
+
+# Copy dependencies from deps stage
+COPY --from=deps /app/node_modules ./node_modules
+
+# Copy source code
+COPY . .
+
+# Build TypeScript
+RUN npm run build
+
+# Run tests (optional, can be skipped with --build-arg SKIP_TESTS=true)
+ARG SKIP_TESTS=false
+RUN if [ "$SKIP_TESTS" = "false" ]; then npm run test; fi
+
+# Prune dev dependencies
+RUN npm prune --production
+
+# ------------------------------------------------------------------------------
+# Stage 3: Production
+# ------------------------------------------------------------------------------
+FROM node:20-alpine AS production
+
+# Labels
+LABEL org.opencontainers.image.title="ELSABRO"
+LABEL org.opencontainers.image.description="AI-Powered Development Workflow System"
+LABEL org.opencontainers.image.version="3.6.0"
+LABEL org.opencontainers.image.vendor="CubaIT"
+LABEL org.opencontainers.image.source="https://github.com/cubait/elsabro"
+
+# Create non-root user
+RUN addgroup -g 1000 elsabro && \
+    adduser -u 1000 -G elsabro -D -h /app elsabro
+
+WORKDIR /app
+
+# Install runtime dependencies
+RUN apk add --no-cache \
+    dumb-init \
+    tini \
+    curl \
+    ca-certificates
+
+# Copy built artifacts
+COPY --from=builder --chown=elsabro:elsabro /app/dist ./dist
+COPY --from=builder --chown=elsabro:elsabro /app/node_modules ./node_modules
+COPY --from=builder --chown=elsabro:elsabro /app/package.json ./
+
+# Create directories for runtime data
+RUN mkdir -p /app/.elsabro /app/logs /app/tmp && \
+    chown -R elsabro:elsabro /app
+
+# Switch to non-root user
+USER elsabro
+
+# Environment variables
+ENV NODE_ENV=production
+ENV PORT=8080
+ENV METRICS_PORT=9090
+ENV LOG_LEVEL=info
+ENV LOG_FORMAT=json
+
+# Expose ports
+EXPOSE 8080 9090
+
+# Health check
+HEALTHCHECK --interval=30s --timeout=10s --start-period=30s --retries=3 \
+    CMD curl -f http://localhost:8080/health/live || exit 1
+
+# Use tini as init system
+ENTRYPOINT ["/sbin/tini", "--"]
+
+# Start application
+CMD ["node", "dist/server.js"]
+
+# ------------------------------------------------------------------------------
+# Stage 4: Development (optional)
+# ------------------------------------------------------------------------------
+FROM node:20-alpine AS development
+
+WORKDIR /app
+
+# Install development dependencies
+RUN apk add --no-cache python3 make g++ git
+
+# Copy all dependencies
+COPY --from=deps /app/node_modules ./node_modules
+
+# Copy source code
+COPY . .
+
+# Environment variables
+ENV NODE_ENV=development
+ENV PORT=8080
+
+# Expose ports
+EXPOSE 8080 9090 9229
+
+# Start with hot reload
+CMD ["npm", "run", "dev"]
+```
+
+### docker-compose.yml
+
+```yaml
+version: '3.8'
+
+services:
+  elsabro:
+    build:
+      context: .
+      target: production
+    image: ghcr.io/cubait/elsabro:3.6.0
+    container_name: elsabro
+    restart: unless-stopped
+    ports:
+      - "8080:8080"
+      - "9090:9090"
+    environment:
+      - NODE_ENV=production
+      - DATABASE_URL=postgresql://elsabro:${POSTGRES_PASSWORD}@postgres:5432/elsabro
+      - REDIS_URL=redis://:${REDIS_PASSWORD}@redis:6379/0
+      - RABBITMQ_URL=amqp://elsabro:${RABBITMQ_PASSWORD}@rabbitmq:5672
+      - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}
+      - JWT_SECRET=${JWT_SECRET}
+      - LOG_LEVEL=info
+    depends_on:
+      postgres:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
+      rabbitmq:
+        condition: service_healthy
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8080/health/live"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 30s
+    networks:
+      - elsabro-network
+
+  postgres:
+    image: postgres:16-alpine
+    container_name: elsabro-postgres
+    restart: unless-stopped
+    environment:
+      - POSTGRES_DB=elsabro
+      - POSTGRES_USER=elsabro
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+    volumes:
+      - postgres-data:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U elsabro"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    networks:
+      - elsabro-network
+
+  redis:
+    image: redis:7-alpine
+    container_name: elsabro-redis
+    restart: unless-stopped
+    command: redis-server --requirepass ${REDIS_PASSWORD}
+    volumes:
+      - redis-data:/data
+    healthcheck:
+      test: ["CMD", "redis-cli", "-a", "${REDIS_PASSWORD}", "ping"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    networks:
+      - elsabro-network
+
+  rabbitmq:
+    image: rabbitmq:3.12-management-alpine
+    container_name: elsabro-rabbitmq
+    restart: unless-stopped
+    environment:
+      - RABBITMQ_DEFAULT_USER=elsabro
+      - RABBITMQ_DEFAULT_PASS=${RABBITMQ_PASSWORD}
+    volumes:
+      - rabbitmq-data:/var/lib/rabbitmq
+    healthcheck:
+      test: ["CMD", "rabbitmq-diagnostics", "ping"]
+      interval: 30s
+      timeout: 10s
+      retries: 5
+    networks:
+      - elsabro-network
+
+volumes:
+  postgres-data:
+  redis-data:
+  rabbitmq-data:
+
+networks:
+  elsabro-network:
+    driver: bridge
+```
+
+---
+
+## 7. CLI Commands
+
+### /elsabro:k8s
+
+```bash
+# Deploy ELSABRO to Kubernetes
+/elsabro:k8s deploy [environment] [options]
+
+# Options:
+#   --namespace <ns>      Target namespace (default: elsabro)
+#   --replicas <n>        Number of replicas (default: from values)
+#   --image-tag <tag>     Docker image tag (default: latest)
+#   --values <file>       Custom values file
+#   --dry-run             Preview without applying
+#   --wait                Wait for deployment to complete
+
+# Examples:
+/elsabro:k8s deploy dev
+/elsabro:k8s deploy staging --replicas 3
+/elsabro:k8s deploy prod --image-tag v3.6.0 --wait
+
+# Scale deployment
+/elsabro:k8s scale <replicas> [options]
+
+# Options:
+#   --namespace <ns>      Target namespace
+#   --deployment <name>   Deployment name (default: elsabro)
+
+# Examples:
+/elsabro:k8s scale 5
+/elsabro:k8s scale 10 --namespace elsabro-prod
+
+# Get deployment status
+/elsabro:k8s status [options]
+
+# Options:
+#   --namespace <ns>      Target namespace
+#   --watch               Watch for changes
+#   --output <format>     Output format (table|json|yaml)
+
+# Examples:
+/elsabro:k8s status
+/elsabro:k8s status --namespace elsabro-prod --watch
+
+# View logs
+/elsabro:k8s logs [options]
+
+# Options:
+#   --namespace <ns>      Target namespace
+#   --pod <name>          Specific pod name
+#   --container <name>    Container name
+#   --follow              Follow log output
+#   --tail <n>            Number of lines (default: 100)
+#   --since <duration>    Show logs since duration (e.g., 1h)
+
+# Examples:
+/elsabro:k8s logs
+/elsabro:k8s logs --follow --tail 500
+/elsabro:k8s logs --since 30m --namespace elsabro-prod
+
+# Generate Helm chart
+/elsabro:k8s helm generate [options]
+
+# Options:
+#   --output <dir>        Output directory
+#   --environment <env>   Target environment (dev|staging|prod)
+
+# Rollout management
+/elsabro:k8s rollout <action> [options]
+
+# Actions:
+#   status    - Show rollout status
+#   restart   - Restart deployment
+#   undo      - Rollback to previous version
+#   pause     - Pause rollout
+#   resume    - Resume rollout
+
+# Examples:
+/elsabro:k8s rollout status
+/elsabro:k8s rollout restart
+/elsabro:k8s rollout undo --to-revision 3
+
+# Port forwarding
+/elsabro:k8s port-forward [options]
+
+# Options:
+#   --namespace <ns>      Target namespace
+#   --port <local:remote> Port mapping (default: 8080:8080)
+#   --pod <name>          Specific pod
+
+# Examples:
+/elsabro:k8s port-forward
+/elsabro:k8s port-forward --port 3000:8080
+
+# Execute command in pod
+/elsabro:k8s exec <command> [options]
+
+# Options:
+#   --namespace <ns>      Target namespace
+#   --pod <name>          Specific pod
+#   --interactive         Interactive mode (-it)
+
+# Examples:
+/elsabro:k8s exec "npm run migrate"
+/elsabro:k8s exec "sh" --interactive
+```
+
+---
+
+## Comandos de Usuario Rapidos
+
+```bash
+# Deployment commands
+/elsabro:k8s deploy dev                    # Deploy to development
+/elsabro:k8s deploy staging --replicas 3   # Deploy to staging with 3 replicas
+/elsabro:k8s deploy prod --wait            # Deploy to production and wait
+
+# Scaling commands
+/elsabro:k8s scale 5                       # Scale to 5 replicas
+/elsabro:k8s scale 10 --namespace prod     # Scale production to 10
+
+# Status and monitoring
+/elsabro:k8s status                        # Get current status
+/elsabro:k8s status --watch                # Watch status in real-time
+/elsabro:k8s logs --follow                 # Stream logs
+
+# Rollout management
+/elsabro:k8s rollout status                # Check rollout status
+/elsabro:k8s rollout restart               # Restart all pods
+/elsabro:k8s rollout undo                  # Rollback to previous version
+```
+
+---
+
+## Changelog
+
+- **v3.6.0**: Initial Kubernetes Deployment System implementation
+  - K8sDeployer for deployment management
+  - HelmChartGenerator for Helm chart creation
+  - ResourceScaler with HPA/VPA support
+  - HealthMonitor with probes and metrics
+  - Infrastructure components (Redis, PostgreSQL, RabbitMQ)
+  - Docker multi-stage build
+  - CLI commands for operations