npm - tlc-claude-code - Versions diffs - 1.4.8 → 1.4.9 - Mend

tlc-claude-code 1.4.8 → 1.4.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (169) hide show

package/package.json +1 -1
package/server/index.js +229 -14
package/server/lib/compliance/control-mapper.js +401 -0
package/server/lib/compliance/control-mapper.test.js +117 -0
package/server/lib/compliance/evidence-linker.js +296 -0
package/server/lib/compliance/evidence-linker.test.js +121 -0
package/server/lib/compliance/gdpr-checklist.js +416 -0
package/server/lib/compliance/gdpr-checklist.test.js +131 -0
package/server/lib/compliance/hipaa-checklist.js +277 -0
package/server/lib/compliance/hipaa-checklist.test.js +101 -0
package/server/lib/compliance/iso27001-checklist.js +287 -0
package/server/lib/compliance/iso27001-checklist.test.js +99 -0
package/server/lib/compliance/multi-framework-reporter.js +284 -0
package/server/lib/compliance/multi-framework-reporter.test.js +127 -0
package/server/lib/compliance/pci-dss-checklist.js +214 -0
package/server/lib/compliance/pci-dss-checklist.test.js +95 -0
package/server/lib/compliance/trust-centre.js +187 -0
package/server/lib/compliance/trust-centre.test.js +93 -0
package/server/lib/dashboard/api-server.js +155 -0
package/server/lib/dashboard/api-server.test.js +155 -0
package/server/lib/dashboard/health-api.js +199 -0
package/server/lib/dashboard/health-api.test.js +122 -0
package/server/lib/dashboard/notes-api.js +234 -0
package/server/lib/dashboard/notes-api.test.js +134 -0
package/server/lib/dashboard/router-api.js +176 -0
package/server/lib/dashboard/router-api.test.js +132 -0
package/server/lib/dashboard/tasks-api.js +289 -0
package/server/lib/dashboard/tasks-api.test.js +161 -0
package/server/lib/dashboard/tlc-introspection.js +197 -0
package/server/lib/dashboard/tlc-introspection.test.js +138 -0
package/server/lib/dashboard/version-api.js +222 -0
package/server/lib/dashboard/version-api.test.js +112 -0
package/server/lib/dashboard/websocket-server.js +104 -0
package/server/lib/dashboard/websocket-server.test.js +118 -0
package/server/lib/deploy/branch-classifier.js +163 -0
package/server/lib/deploy/branch-classifier.test.js +164 -0
package/server/lib/deploy/deployment-approval.js +299 -0
package/server/lib/deploy/deployment-approval.test.js +296 -0
package/server/lib/deploy/deployment-audit.js +374 -0
package/server/lib/deploy/deployment-audit.test.js +307 -0
package/server/lib/deploy/deployment-executor.js +335 -0
package/server/lib/deploy/deployment-executor.test.js +329 -0
package/server/lib/deploy/deployment-rules.js +163 -0
package/server/lib/deploy/deployment-rules.test.js +188 -0
package/server/lib/deploy/rollback-manager.js +379 -0
package/server/lib/deploy/rollback-manager.test.js +321 -0
package/server/lib/deploy/security-gates.js +236 -0
package/server/lib/deploy/security-gates.test.js +222 -0
package/server/lib/k8s/gitops-config.js +188 -0
package/server/lib/k8s/gitops-config.test.js +59 -0
package/server/lib/k8s/helm-generator.js +196 -0
package/server/lib/k8s/helm-generator.test.js +59 -0
package/server/lib/k8s/kustomize-generator.js +176 -0
package/server/lib/k8s/kustomize-generator.test.js +58 -0
package/server/lib/k8s/network-policy.js +114 -0
package/server/lib/k8s/network-policy.test.js +53 -0
package/server/lib/k8s/pod-security.js +114 -0
package/server/lib/k8s/pod-security.test.js +55 -0
package/server/lib/k8s/rbac-generator.js +132 -0
package/server/lib/k8s/rbac-generator.test.js +57 -0
package/server/lib/k8s/resource-manager.js +172 -0
package/server/lib/k8s/resource-manager.test.js +60 -0
package/server/lib/k8s/secrets-encryption.js +168 -0
package/server/lib/k8s/secrets-encryption.test.js +49 -0
package/server/lib/monitoring/alert-manager.js +238 -0
package/server/lib/monitoring/alert-manager.test.js +106 -0
package/server/lib/monitoring/health-check.js +226 -0
package/server/lib/monitoring/health-check.test.js +176 -0
package/server/lib/monitoring/incident-manager.js +230 -0
package/server/lib/monitoring/incident-manager.test.js +98 -0
package/server/lib/monitoring/log-aggregator.js +147 -0
package/server/lib/monitoring/log-aggregator.test.js +89 -0
package/server/lib/monitoring/metrics-collector.js +337 -0
package/server/lib/monitoring/metrics-collector.test.js +172 -0
package/server/lib/monitoring/status-page.js +214 -0
package/server/lib/monitoring/status-page.test.js +105 -0
package/server/lib/monitoring/uptime-monitor.js +194 -0
package/server/lib/monitoring/uptime-monitor.test.js +109 -0
package/server/lib/network/fail2ban-config.js +294 -0
package/server/lib/network/fail2ban-config.test.js +275 -0
package/server/lib/network/firewall-manager.js +252 -0
package/server/lib/network/firewall-manager.test.js +254 -0
package/server/lib/network/geoip-filter.js +282 -0
package/server/lib/network/geoip-filter.test.js +264 -0
package/server/lib/network/rate-limiter.js +229 -0
package/server/lib/network/rate-limiter.test.js +293 -0
package/server/lib/network/request-validator.js +351 -0
package/server/lib/network/request-validator.test.js +345 -0
package/server/lib/network/security-headers.js +251 -0
package/server/lib/network/security-headers.test.js +283 -0
package/server/lib/network/tls-config.js +210 -0
package/server/lib/network/tls-config.test.js +248 -0
package/server/lib/security/auth-security.js +369 -0
package/server/lib/security/auth-security.test.js +448 -0
package/server/lib/security/cis-benchmark.js +152 -0
package/server/lib/security/cis-benchmark.test.js +137 -0
package/server/lib/security/compose-templates.js +312 -0
package/server/lib/security/compose-templates.test.js +229 -0
package/server/lib/security/container-runtime.js +456 -0
package/server/lib/security/container-runtime.test.js +503 -0
package/server/lib/security/cors-validator.js +278 -0
package/server/lib/security/cors-validator.test.js +310 -0
package/server/lib/security/crypto-utils.js +253 -0
package/server/lib/security/crypto-utils.test.js +409 -0
package/server/lib/security/dockerfile-linter.js +459 -0
package/server/lib/security/dockerfile-linter.test.js +483 -0
package/server/lib/security/dockerfile-templates.js +278 -0
package/server/lib/security/dockerfile-templates.test.js +164 -0
package/server/lib/security/error-sanitizer.js +426 -0
package/server/lib/security/error-sanitizer.test.js +331 -0
package/server/lib/security/headers-generator.js +368 -0
package/server/lib/security/headers-generator.test.js +398 -0
package/server/lib/security/image-scanner.js +83 -0
package/server/lib/security/image-scanner.test.js +106 -0
package/server/lib/security/input-validator.js +352 -0
package/server/lib/security/input-validator.test.js +330 -0
package/server/lib/security/network-policy.js +174 -0
package/server/lib/security/network-policy.test.js +164 -0
package/server/lib/security/output-encoder.js +237 -0
package/server/lib/security/output-encoder.test.js +276 -0
package/server/lib/security/path-validator.js +359 -0
package/server/lib/security/path-validator.test.js +293 -0
package/server/lib/security/query-builder.js +421 -0
package/server/lib/security/query-builder.test.js +318 -0
package/server/lib/security/secret-detector.js +290 -0
package/server/lib/security/secret-detector.test.js +354 -0
package/server/lib/security/secrets-validator.js +137 -0
package/server/lib/security/secrets-validator.test.js +120 -0
package/server/lib/security-testing/dast-runner.js +154 -0
package/server/lib/security-testing/dast-runner.test.js +62 -0
package/server/lib/security-testing/dependency-scanner.js +172 -0
package/server/lib/security-testing/dependency-scanner.test.js +64 -0
package/server/lib/security-testing/pentest-runner.js +230 -0
package/server/lib/security-testing/pentest-runner.test.js +60 -0
package/server/lib/security-testing/sast-runner.js +136 -0
package/server/lib/security-testing/sast-runner.test.js +62 -0
package/server/lib/security-testing/secret-scanner.js +153 -0
package/server/lib/security-testing/secret-scanner.test.js +66 -0
package/server/lib/security-testing/security-gate.js +216 -0
package/server/lib/security-testing/security-gate.test.js +115 -0
package/server/lib/security-testing/security-reporter.js +303 -0
package/server/lib/security-testing/security-reporter.test.js +114 -0
package/server/lib/standards/audit-checker.js +546 -0
package/server/lib/standards/audit-checker.test.js +415 -0
package/server/lib/standards/cleanup-executor.js +452 -0
package/server/lib/standards/cleanup-executor.test.js +293 -0
package/server/lib/standards/refactor-stepper.js +425 -0
package/server/lib/standards/refactor-stepper.test.js +298 -0
package/server/lib/standards/standards-injector.js +167 -0
package/server/lib/standards/standards-injector.test.js +232 -0
package/server/lib/user-management.test.js +284 -0
package/server/lib/vps/backup-manager.js +157 -0
package/server/lib/vps/backup-manager.test.js +59 -0
package/server/lib/vps/caddy-config.js +159 -0
package/server/lib/vps/caddy-config.test.js +48 -0
package/server/lib/vps/compose-orchestrator.js +219 -0
package/server/lib/vps/compose-orchestrator.test.js +50 -0
package/server/lib/vps/database-config.js +208 -0
package/server/lib/vps/database-config.test.js +47 -0
package/server/lib/vps/deploy-script.js +211 -0
package/server/lib/vps/deploy-script.test.js +53 -0
package/server/lib/vps/secrets-manager.js +148 -0
package/server/lib/vps/secrets-manager.test.js +58 -0
package/server/lib/vps/server-hardening.js +174 -0
package/server/lib/vps/server-hardening.test.js +70 -0
package/server/package-lock.json +19 -0
package/server/package.json +1 -0
package/server/templates/CLAUDE.md +37 -0
package/server/templates/CODING-STANDARDS.md +408 -0

package/server/lib/deploy/deployment-audit.test.js ADDED Viewed

@@ -0,0 +1,307 @@
+/**
+ * Deployment Audit Tests
+ */
+import { describe, it, expect, vi } from 'vitest';
+import {
+  logDeploymentEvent,
+  queryAuditLog,
+  exportAuditLog,
+  AUDIT_EVENTS,
+  createDeploymentAudit,
+} from './deployment-audit.js';
+describe('deployment-audit', () => {
+  describe('AUDIT_EVENTS', () => {
+    it('defines all event types', () => {
+      expect(AUDIT_EVENTS.DEPLOYMENT_STARTED).toBe('deployment_started');
+      expect(AUDIT_EVENTS.DEPLOYMENT_COMPLETED).toBe('deployment_completed');
+      expect(AUDIT_EVENTS.DEPLOYMENT_FAILED).toBe('deployment_failed');
+      expect(AUDIT_EVENTS.APPROVAL_REQUESTED).toBe('approval_requested');
+      expect(AUDIT_EVENTS.APPROVAL_GRANTED).toBe('approval_granted');
+      expect(AUDIT_EVENTS.APPROVAL_DENIED).toBe('approval_denied');
+      expect(AUDIT_EVENTS.ROLLBACK_TRIGGERED).toBe('rollback_triggered');
+      expect(AUDIT_EVENTS.ROLLBACK_COMPLETED).toBe('rollback_completed');
+      expect(AUDIT_EVENTS.SECURITY_GATE_PASSED).toBe('security_gate_passed');
+      expect(AUDIT_EVENTS.SECURITY_GATE_FAILED).toBe('security_gate_failed');
+    });
+  });
+  describe('logDeploymentEvent', () => {
+    it('logs event with required fields', async () => {
+      const mockWrite = vi.fn().mockResolvedValue(true);
+      const entry = await logDeploymentEvent({
+        event: 'deployment_started',
+        deploymentId: 'deploy-123',
+        branch: 'main',
+        user: 'alice',
+        writeFn: mockWrite,
+      });
+      expect(entry.id).toBeDefined();
+      expect(entry.event).toBe('deployment_started');
+      expect(entry.deploymentId).toBe('deploy-123');
+      expect(entry.branch).toBe('main');
+      expect(entry.user).toBe('alice');
+      expect(entry.timestamp).toBeDefined();
+    });
+    it('includes metadata when provided', async () => {
+      const mockWrite = vi.fn().mockResolvedValue(true);
+      const entry = await logDeploymentEvent({
+        event: 'deployment_completed',
+        deploymentId: 'deploy-123',
+        branch: 'main',
+        user: 'alice',
+        metadata: {
+          duration: 120000,
+          commitSha: 'abc123',
+        },
+        writeFn: mockWrite,
+      });
+      expect(entry.metadata.duration).toBe(120000);
+      expect(entry.metadata.commitSha).toBe('abc123');
+    });
+    it('generates checksum for integrity', async () => {
+      const mockWrite = vi.fn().mockResolvedValue(true);
+      const entry = await logDeploymentEvent({
+        event: 'deployment_started',
+        deploymentId: 'deploy-123',
+        branch: 'main',
+        user: 'alice',
+        writeFn: mockWrite,
+      });
+      expect(entry.checksum).toBeDefined();
+      expect(entry.checksum).toMatch(/^[a-f0-9]{64}$/); // SHA-256
+    });
+    it('links to previous entry', async () => {
+      const mockWrite = vi.fn().mockResolvedValue(true);
+      const previousChecksum = 'abc123def456';
+      const entry = await logDeploymentEvent({
+        event: 'deployment_completed',
+        deploymentId: 'deploy-123',
+        branch: 'main',
+        user: 'alice',
+        previousChecksum,
+        writeFn: mockWrite,
+      });
+      expect(entry.previousChecksum).toBe(previousChecksum);
+    });
+  });
+  describe('queryAuditLog', () => {
+    const mockEntries = [
+      { id: '1', event: 'deployment_started', branch: 'main', user: 'alice', timestamp: '2024-01-01T10:00:00Z' },
+      { id: '2', event: 'deployment_completed', branch: 'main', user: 'alice', timestamp: '2024-01-01T10:05:00Z' },
+      { id: '3', event: 'deployment_started', branch: 'dev', user: 'bob', timestamp: '2024-01-01T11:00:00Z' },
+      { id: '4', event: 'deployment_failed', branch: 'dev', user: 'bob', timestamp: '2024-01-01T11:02:00Z' },
+    ];
+    it('queries by date range', async () => {
+      const mockQuery = vi.fn().mockResolvedValue(mockEntries);
+      const results = await queryAuditLog({
+        startDate: '2024-01-01T10:00:00Z',
+        endDate: '2024-01-01T10:30:00Z',
+        queryFn: mockQuery,
+      });
+      expect(results).toHaveLength(2);
+    });
+    it('queries by user', async () => {
+      const mockQuery = vi.fn().mockResolvedValue(mockEntries);
+      const results = await queryAuditLog({
+        user: 'bob',
+        queryFn: mockQuery,
+      });
+      expect(results).toHaveLength(2);
+      expect(results.every(e => e.user === 'bob')).toBe(true);
+    });
+    it('queries by branch', async () => {
+      const mockQuery = vi.fn().mockResolvedValue(mockEntries);
+      const results = await queryAuditLog({
+        branch: 'main',
+        queryFn: mockQuery,
+      });
+      expect(results).toHaveLength(2);
+      expect(results.every(e => e.branch === 'main')).toBe(true);
+    });
+    it('queries by event type', async () => {
+      const mockQuery = vi.fn().mockResolvedValue(mockEntries);
+      const results = await queryAuditLog({
+        event: 'deployment_failed',
+        queryFn: mockQuery,
+      });
+      expect(results).toHaveLength(1);
+      expect(results[0].event).toBe('deployment_failed');
+    });
+    it('combines filters', async () => {
+      const mockQuery = vi.fn().mockResolvedValue(mockEntries);
+      const results = await queryAuditLog({
+        branch: 'dev',
+        user: 'bob',
+        queryFn: mockQuery,
+      });
+      expect(results).toHaveLength(2);
+    });
+    it('paginates results', async () => {
+      const mockQuery = vi.fn().mockResolvedValue(mockEntries);
+      const results = await queryAuditLog({
+        limit: 2,
+        offset: 1,
+        queryFn: mockQuery,
+      });
+      expect(results).toHaveLength(2);
+    });
+  });
+  describe('exportAuditLog', () => {
+    const mockEntries = [
+      { id: '1', event: 'deployment_started', branch: 'main', user: 'alice', timestamp: '2024-01-01T10:00:00Z' },
+      { id: '2', event: 'deployment_completed', branch: 'main', user: 'alice', timestamp: '2024-01-01T10:05:00Z' },
+    ];
+    it('exports as JSON', async () => {
+      const mockQuery = vi.fn().mockResolvedValue(mockEntries);
+      const result = await exportAuditLog({
+        format: 'json',
+        queryFn: mockQuery,
+      });
+      const parsed = JSON.parse(result);
+      expect(parsed.entries).toHaveLength(2);
+      expect(parsed.exportedAt).toBeDefined();
+    });
+    it('exports as CSV', async () => {
+      const mockQuery = vi.fn().mockResolvedValue(mockEntries);
+      const result = await exportAuditLog({
+        format: 'csv',
+        queryFn: mockQuery,
+      });
+      expect(result).toContain('id,event,branch,user,timestamp');
+      expect(result).toContain('deployment_started');
+    });
+    it('exports as SIEM format (CEF)', async () => {
+      const mockQuery = vi.fn().mockResolvedValue(mockEntries);
+      const result = await exportAuditLog({
+        format: 'cef',
+        queryFn: mockQuery,
+      });
+      expect(result).toContain('CEF:0');
+      expect(result).toContain('deployment_started');
+    });
+    it('includes metadata in export', async () => {
+      const mockQuery = vi.fn().mockResolvedValue(mockEntries);
+      const result = await exportAuditLog({
+        format: 'json',
+        includeMetadata: true,
+        queryFn: mockQuery,
+      });
+      const parsed = JSON.parse(result);
+      expect(parsed.totalEntries).toBe(2);
+    });
+  });
+  describe('createDeploymentAudit', () => {
+    it('creates audit logger', () => {
+      const audit = createDeploymentAudit();
+      expect(audit.log).toBeDefined();
+      expect(audit.query).toBeDefined();
+      expect(audit.export).toBeDefined();
+    });
+    it('logs events to storage', async () => {
+      const mockStorage = {
+        write: vi.fn().mockResolvedValue(true),
+        read: vi.fn().mockResolvedValue([]),
+      };
+      const audit = createDeploymentAudit({ storage: mockStorage });
+      await audit.log({
+        event: 'deployment_started',
+        deploymentId: 'deploy-123',
+        branch: 'main',
+        user: 'alice',
+      });
+      expect(mockStorage.write).toHaveBeenCalled();
+    });
+    it('maintains checksum chain', async () => {
+      const audit = createDeploymentAudit();
+      const entry1 = await audit.log({
+        event: 'deployment_started',
+        deploymentId: 'deploy-123',
+        branch: 'main',
+        user: 'alice',
+      });
+      const entry2 = await audit.log({
+        event: 'deployment_completed',
+        deploymentId: 'deploy-123',
+        branch: 'main',
+        user: 'alice',
+      });
+      expect(entry2.previousChecksum).toBe(entry1.checksum);
+    });
+    it('verifies log integrity', async () => {
+      const audit = createDeploymentAudit();
+      await audit.log({ event: 'deployment_started', deploymentId: 'd1', branch: 'main', user: 'alice' });
+      await audit.log({ event: 'deployment_completed', deploymentId: 'd1', branch: 'main', user: 'alice' });
+      const integrity = await audit.verifyIntegrity();
+      expect(integrity.valid).toBe(true);
+    });
+    it('detects tampered entries', async () => {
+      const audit = createDeploymentAudit();
+      await audit.log({ event: 'deployment_started', deploymentId: 'd1', branch: 'main', user: 'alice' });
+      // Simulate tampering
+      audit._tamperEntry(0, { user: 'mallory' });
+      const integrity = await audit.verifyIntegrity();
+      expect(integrity.valid).toBe(false);
+      expect(integrity.tamperedEntries).toHaveLength(1);
+    });
+  });
+});

package/server/lib/deploy/deployment-executor.js ADDED Viewed

@@ -0,0 +1,335 @@
+/**
+ * Deployment Executor
+ *
+ * Handles deployment orchestration with support for multiple strategies:
+ * - Rolling: Gradual replacement of instances
+ * - Blue-Green: Deploy to inactive slot, then switch traffic
+ * - Canary: Gradual traffic shift to new version
+ * - Recreate: Stop old version, start new version
+ */
+import { randomUUID } from 'node:crypto';
+/**
+ * Deployment state constants
+ */
+export const DEPLOYMENT_STATES = {
+  PENDING: 'pending',
+  BUILDING: 'building',
+  DEPLOYING: 'deploying',
+  HEALTH_CHECK: 'health_check',
+  SWITCHING: 'switching',
+  COMPLETED: 'completed',
+  FAILED: 'failed',
+  ROLLED_BACK: 'rolled_back',
+};
+/**
+ * Deployment strategy constants
+ */
+export const DEPLOYMENT_STRATEGIES = {
+  ROLLING: 'rolling',
+  BLUE_GREEN: 'blue-green',
+  CANARY: 'canary',
+  RECREATE: 'recreate',
+};
+/**
+ * Create a new deployment object
+ * @param {Object} options - Deployment options
+ * @param {string} options.branch - Git branch name
+ * @param {string} options.commitSha - Git commit SHA
+ * @param {string} [options.strategy='rolling'] - Deployment strategy
+ * @returns {Object} Deployment object
+ */
+export function createDeployment(options) {
+  const { branch, commitSha, strategy = DEPLOYMENT_STRATEGIES.ROLLING } = options;
+  const now = new Date().toISOString();
+  return {
+    id: randomUUID(),
+    branch,
+    commitSha,
+    strategy,
+    state: DEPLOYMENT_STATES.PENDING,
+    createdAt: now,
+    stateHistory: [{ state: DEPLOYMENT_STATES.PENDING, timestamp: now }],
+    error: null,
+  };
+}
+/**
+ * Transition deployment to a new state
+ * @param {Object} deployment - Deployment object
+ * @param {string} newState - New state
+ * @param {Function} [onStateChange] - State change callback
+ * @returns {Object} Updated deployment
+ */
+function transitionState(deployment, newState, onStateChange) {
+  deployment.state = newState;
+  deployment.stateHistory.push({
+    state: newState,
+    timestamp: new Date().toISOString(),
+  });
+  if (onStateChange) {
+    // Pass a snapshot to preserve state at time of callback
+    onStateChange({ ...deployment, stateHistory: [...deployment.stateHistory] });
+  }
+  return deployment;
+}
+/**
+ * Execute a deployment
+ * @param {Object} deployment - Deployment object
+ * @param {Object} options - Execution options
+ * @param {Function} options.build - Build function
+ * @param {Function} [options.deploy] - Deploy function
+ * @param {Function} [options.healthCheck] - Health check function
+ * @param {Function} [options.switchTraffic] - Traffic switch function (for blue-green)
+ * @param {Function} [options.onStateChange] - State change callback
+ * @returns {Promise<Object>} Updated deployment
+ */
+export async function executeDeployment(deployment, options) {
+  const { build, deploy, healthCheck, switchTraffic: switchTrafficFn, onStateChange } = options;
+  try {
+    // Building phase
+    transitionState(deployment, DEPLOYMENT_STATES.BUILDING, onStateChange);
+    const buildResult = await build(deployment);
+    if (!buildResult.success) {
+      deployment.error = buildResult.error || 'Build failed';
+      return transitionState(deployment, DEPLOYMENT_STATES.FAILED, onStateChange);
+    }
+    // Deploying phase
+    if (deploy) {
+      transitionState(deployment, DEPLOYMENT_STATES.DEPLOYING, onStateChange);
+      const deployResult = await deploy(deployment);
+      if (!deployResult.success) {
+        deployment.error = deployResult.error || 'Deploy failed';
+        return transitionState(deployment, DEPLOYMENT_STATES.FAILED, onStateChange);
+      }
+      deployment.slot = deployResult.slot;
+    }
+    // Health check phase
+    if (healthCheck) {
+      transitionState(deployment, DEPLOYMENT_STATES.HEALTH_CHECK, onStateChange);
+      const healthResult = await healthCheck(deployment);
+      if (!healthResult.healthy) {
+        deployment.error = healthResult.reason || 'Health check failed';
+        return transitionState(deployment, DEPLOYMENT_STATES.FAILED, onStateChange);
+      }
+    }
+    // Traffic switching phase (for blue-green deployments)
+    if (deployment.strategy === DEPLOYMENT_STRATEGIES.BLUE_GREEN && switchTrafficFn) {
+      transitionState(deployment, DEPLOYMENT_STATES.SWITCHING, onStateChange);
+      const switchResult = await switchTrafficFn(deployment);
+      if (!switchResult.success) {
+        deployment.error = switchResult.error || 'Traffic switch failed';
+        return transitionState(deployment, DEPLOYMENT_STATES.FAILED, onStateChange);
+      }
+    }
+    // Completed
+    return transitionState(deployment, DEPLOYMENT_STATES.COMPLETED, onStateChange);
+  } catch (error) {
+    deployment.error = error.message;
+    return transitionState(deployment, DEPLOYMENT_STATES.FAILED, onStateChange);
+  }
+}
+/**
+ * Run health checks against multiple endpoints
+ * @param {Object} options - Health check options
+ * @param {string[]} options.endpoints - URLs to check
+ * @param {Function} options.fetch - Fetch function
+ * @param {number} [options.retries=1] - Number of retry attempts
+ * @param {number} [options.retryDelay=1000] - Delay between retries in ms
+ * @param {number} [options.timeout=30000] - Timeout in ms
+ * @returns {Promise<Object>} Health check result
+ */
+export async function runHealthChecks(options) {
+  const { endpoints, fetch: fetchFn, retries = 1, retryDelay = 1000, timeout = 30000 } = options;
+  /**
+   * Check a single endpoint with timeout
+   */
+  async function checkEndpoint(url) {
+    return Promise.race([
+      fetchFn(url),
+      new Promise((_, reject) =>
+        setTimeout(() => reject(new Error('timeout')), timeout)
+      ),
+    ]);
+  }
+  /**
+   * Check endpoint with retries
+   */
+  async function checkWithRetries(url, attemptsLeft) {
+    try {
+      const response = await checkEndpoint(url);
+      if (response.ok) {
+        return { healthy: true, url };
+      }
+      if (attemptsLeft > 1) {
+        await new Promise((resolve) => setTimeout(resolve, retryDelay));
+        return checkWithRetries(url, attemptsLeft - 1);
+      }
+      return { healthy: false, url, reason: `Status ${response.status}` };
+    } catch (error) {
+      if (attemptsLeft > 1) {
+        await new Promise((resolve) => setTimeout(resolve, retryDelay));
+        return checkWithRetries(url, attemptsLeft - 1);
+      }
+      return { healthy: false, url, reason: error.message };
+    }
+  }
+  try {
+    const results = await Promise.all(
+      endpoints.map((endpoint) => checkWithRetries(endpoint, retries))
+    );
+    const unhealthy = results.filter((r) => !r.healthy);
+    if (unhealthy.length > 0) {
+      return {
+        healthy: false,
+        reason: unhealthy.map((u) => `${u.url}: ${u.reason}`).join(', '),
+        results,
+      };
+    }
+    return { healthy: true, results };
+  } catch (error) {
+    return { healthy: false, reason: error.message };
+  }
+}
+/**
+ * Switch traffic between deployment slots
+ * @param {Object} options - Switch options
+ * @param {string} options.fromSlot - Source slot
+ * @param {string} options.toSlot - Target slot
+ * @param {Function} options.switchFn - Switch function
+ * @returns {Promise<Object>} Switch result
+ */
+export async function switchTraffic(options) {
+  const { fromSlot, toSlot, switchFn } = options;
+  try {
+    const result = await switchFn(fromSlot, toSlot);
+    return { success: true, ...result };
+  } catch (error) {
+    return { success: false, error: error.message };
+  }
+}
+/**
+ * Cleanup old deployment resources
+ * @param {Object} options - Cleanup options
+ * @param {string} options.slot - Slot to cleanup
+ * @param {Function} options.cleanupFn - Cleanup function
+ * @returns {Promise<Object>} Cleanup result
+ */
+export async function cleanupOldDeployment(options) {
+  const { slot, cleanupFn } = options;
+  try {
+    await cleanupFn(slot);
+    return { success: true };
+  } catch (error) {
+    // Log warning but don't throw - cleanup failures are not critical
+    console.warn(`Cleanup failed for slot ${slot}:`, error.message);
+    return { success: false, error: error.message };
+  }
+}
+/**
+ * Create a deployment executor instance
+ * @param {Object} [config={}] - Executor configuration
+ * @param {Function} [config.build] - Build function
+ * @param {Function} [config.deploy] - Deploy function
+ * @param {Function} [config.healthCheck] - Health check function
+ * @param {Function} [config.switchTraffic] - Traffic switch function
+ * @returns {Object} Deployment executor
+ */
+export function createDeploymentExecutor(config = {}) {
+  const deployments = new Map();
+  return {
+    /**
+     * Execute an existing deployment
+     * @param {Object} deployment - Deployment to execute
+     * @param {Object} [options] - Additional options
+     * @returns {Promise<Object>} Execution result
+     */
+    async execute(deployment, options = {}) {
+      return executeDeployment(deployment, { ...config, ...options });
+    },
+    /**
+     * Start a new deployment
+     * @param {Object} options - Deployment options
+     * @returns {Promise<Object>} Created and executed deployment
+     */
+    async start(options) {
+      const deployment = createDeployment(options);
+      deployments.set(deployment.id, deployment);
+      // Execute in background, don't await
+      executeDeployment(deployment, config).catch((error) => {
+        deployment.error = error.message;
+        deployment.state = DEPLOYMENT_STATES.FAILED;
+      });
+      return deployment;
+    },
+    /**
+     * Get a deployment by ID
+     * @param {string} id - Deployment ID
+     * @returns {Object|undefined} Deployment or undefined
+     */
+    getDeployment(id) {
+      return deployments.get(id);
+    },
+    /**
+     * List all deployments
+     * @returns {Object[]} Array of deployments
+     */
+    list() {
+      return Array.from(deployments.values());
+    },
+    /**
+     * Cancel a deployment
+     * @param {string} id - Deployment ID
+     * @returns {boolean} True if cancelled
+     */
+    cancel(id) {
+      const deployment = deployments.get(id);
+      if (deployment && deployment.state !== DEPLOYMENT_STATES.COMPLETED) {
+        deployment.state = DEPLOYMENT_STATES.FAILED;
+        deployment.error = 'Cancelled';
+        return true;
+      }
+      return false;
+    },
+  };
+}