npm - tlc-claude-code - Versions diffs - 1.4.8 → 1.4.9 - Mend

tlc-claude-code 1.4.8 → 1.4.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (169) hide show

package/package.json +1 -1
package/server/index.js +229 -14
package/server/lib/compliance/control-mapper.js +401 -0
package/server/lib/compliance/control-mapper.test.js +117 -0
package/server/lib/compliance/evidence-linker.js +296 -0
package/server/lib/compliance/evidence-linker.test.js +121 -0
package/server/lib/compliance/gdpr-checklist.js +416 -0
package/server/lib/compliance/gdpr-checklist.test.js +131 -0
package/server/lib/compliance/hipaa-checklist.js +277 -0
package/server/lib/compliance/hipaa-checklist.test.js +101 -0
package/server/lib/compliance/iso27001-checklist.js +287 -0
package/server/lib/compliance/iso27001-checklist.test.js +99 -0
package/server/lib/compliance/multi-framework-reporter.js +284 -0
package/server/lib/compliance/multi-framework-reporter.test.js +127 -0
package/server/lib/compliance/pci-dss-checklist.js +214 -0
package/server/lib/compliance/pci-dss-checklist.test.js +95 -0
package/server/lib/compliance/trust-centre.js +187 -0
package/server/lib/compliance/trust-centre.test.js +93 -0
package/server/lib/dashboard/api-server.js +155 -0
package/server/lib/dashboard/api-server.test.js +155 -0
package/server/lib/dashboard/health-api.js +199 -0
package/server/lib/dashboard/health-api.test.js +122 -0
package/server/lib/dashboard/notes-api.js +234 -0
package/server/lib/dashboard/notes-api.test.js +134 -0
package/server/lib/dashboard/router-api.js +176 -0
package/server/lib/dashboard/router-api.test.js +132 -0
package/server/lib/dashboard/tasks-api.js +289 -0
package/server/lib/dashboard/tasks-api.test.js +161 -0
package/server/lib/dashboard/tlc-introspection.js +197 -0
package/server/lib/dashboard/tlc-introspection.test.js +138 -0
package/server/lib/dashboard/version-api.js +222 -0
package/server/lib/dashboard/version-api.test.js +112 -0
package/server/lib/dashboard/websocket-server.js +104 -0
package/server/lib/dashboard/websocket-server.test.js +118 -0
package/server/lib/deploy/branch-classifier.js +163 -0
package/server/lib/deploy/branch-classifier.test.js +164 -0
package/server/lib/deploy/deployment-approval.js +299 -0
package/server/lib/deploy/deployment-approval.test.js +296 -0
package/server/lib/deploy/deployment-audit.js +374 -0
package/server/lib/deploy/deployment-audit.test.js +307 -0
package/server/lib/deploy/deployment-executor.js +335 -0
package/server/lib/deploy/deployment-executor.test.js +329 -0
package/server/lib/deploy/deployment-rules.js +163 -0
package/server/lib/deploy/deployment-rules.test.js +188 -0
package/server/lib/deploy/rollback-manager.js +379 -0
package/server/lib/deploy/rollback-manager.test.js +321 -0
package/server/lib/deploy/security-gates.js +236 -0
package/server/lib/deploy/security-gates.test.js +222 -0
package/server/lib/k8s/gitops-config.js +188 -0
package/server/lib/k8s/gitops-config.test.js +59 -0
package/server/lib/k8s/helm-generator.js +196 -0
package/server/lib/k8s/helm-generator.test.js +59 -0
package/server/lib/k8s/kustomize-generator.js +176 -0
package/server/lib/k8s/kustomize-generator.test.js +58 -0
package/server/lib/k8s/network-policy.js +114 -0
package/server/lib/k8s/network-policy.test.js +53 -0
package/server/lib/k8s/pod-security.js +114 -0
package/server/lib/k8s/pod-security.test.js +55 -0
package/server/lib/k8s/rbac-generator.js +132 -0
package/server/lib/k8s/rbac-generator.test.js +57 -0
package/server/lib/k8s/resource-manager.js +172 -0
package/server/lib/k8s/resource-manager.test.js +60 -0
package/server/lib/k8s/secrets-encryption.js +168 -0
package/server/lib/k8s/secrets-encryption.test.js +49 -0
package/server/lib/monitoring/alert-manager.js +238 -0
package/server/lib/monitoring/alert-manager.test.js +106 -0
package/server/lib/monitoring/health-check.js +226 -0
package/server/lib/monitoring/health-check.test.js +176 -0
package/server/lib/monitoring/incident-manager.js +230 -0
package/server/lib/monitoring/incident-manager.test.js +98 -0
package/server/lib/monitoring/log-aggregator.js +147 -0
package/server/lib/monitoring/log-aggregator.test.js +89 -0
package/server/lib/monitoring/metrics-collector.js +337 -0
package/server/lib/monitoring/metrics-collector.test.js +172 -0
package/server/lib/monitoring/status-page.js +214 -0
package/server/lib/monitoring/status-page.test.js +105 -0
package/server/lib/monitoring/uptime-monitor.js +194 -0
package/server/lib/monitoring/uptime-monitor.test.js +109 -0
package/server/lib/network/fail2ban-config.js +294 -0
package/server/lib/network/fail2ban-config.test.js +275 -0
package/server/lib/network/firewall-manager.js +252 -0
package/server/lib/network/firewall-manager.test.js +254 -0
package/server/lib/network/geoip-filter.js +282 -0
package/server/lib/network/geoip-filter.test.js +264 -0
package/server/lib/network/rate-limiter.js +229 -0
package/server/lib/network/rate-limiter.test.js +293 -0
package/server/lib/network/request-validator.js +351 -0
package/server/lib/network/request-validator.test.js +345 -0
package/server/lib/network/security-headers.js +251 -0
package/server/lib/network/security-headers.test.js +283 -0
package/server/lib/network/tls-config.js +210 -0
package/server/lib/network/tls-config.test.js +248 -0
package/server/lib/security/auth-security.js +369 -0
package/server/lib/security/auth-security.test.js +448 -0
package/server/lib/security/cis-benchmark.js +152 -0
package/server/lib/security/cis-benchmark.test.js +137 -0
package/server/lib/security/compose-templates.js +312 -0
package/server/lib/security/compose-templates.test.js +229 -0
package/server/lib/security/container-runtime.js +456 -0
package/server/lib/security/container-runtime.test.js +503 -0
package/server/lib/security/cors-validator.js +278 -0
package/server/lib/security/cors-validator.test.js +310 -0
package/server/lib/security/crypto-utils.js +253 -0
package/server/lib/security/crypto-utils.test.js +409 -0
package/server/lib/security/dockerfile-linter.js +459 -0
package/server/lib/security/dockerfile-linter.test.js +483 -0
package/server/lib/security/dockerfile-templates.js +278 -0
package/server/lib/security/dockerfile-templates.test.js +164 -0
package/server/lib/security/error-sanitizer.js +426 -0
package/server/lib/security/error-sanitizer.test.js +331 -0
package/server/lib/security/headers-generator.js +368 -0
package/server/lib/security/headers-generator.test.js +398 -0
package/server/lib/security/image-scanner.js +83 -0
package/server/lib/security/image-scanner.test.js +106 -0
package/server/lib/security/input-validator.js +352 -0
package/server/lib/security/input-validator.test.js +330 -0
package/server/lib/security/network-policy.js +174 -0
package/server/lib/security/network-policy.test.js +164 -0
package/server/lib/security/output-encoder.js +237 -0
package/server/lib/security/output-encoder.test.js +276 -0
package/server/lib/security/path-validator.js +359 -0
package/server/lib/security/path-validator.test.js +293 -0
package/server/lib/security/query-builder.js +421 -0
package/server/lib/security/query-builder.test.js +318 -0
package/server/lib/security/secret-detector.js +290 -0
package/server/lib/security/secret-detector.test.js +354 -0
package/server/lib/security/secrets-validator.js +137 -0
package/server/lib/security/secrets-validator.test.js +120 -0
package/server/lib/security-testing/dast-runner.js +154 -0
package/server/lib/security-testing/dast-runner.test.js +62 -0
package/server/lib/security-testing/dependency-scanner.js +172 -0
package/server/lib/security-testing/dependency-scanner.test.js +64 -0
package/server/lib/security-testing/pentest-runner.js +230 -0
package/server/lib/security-testing/pentest-runner.test.js +60 -0
package/server/lib/security-testing/sast-runner.js +136 -0
package/server/lib/security-testing/sast-runner.test.js +62 -0
package/server/lib/security-testing/secret-scanner.js +153 -0
package/server/lib/security-testing/secret-scanner.test.js +66 -0
package/server/lib/security-testing/security-gate.js +216 -0
package/server/lib/security-testing/security-gate.test.js +115 -0
package/server/lib/security-testing/security-reporter.js +303 -0
package/server/lib/security-testing/security-reporter.test.js +114 -0
package/server/lib/standards/audit-checker.js +546 -0
package/server/lib/standards/audit-checker.test.js +415 -0
package/server/lib/standards/cleanup-executor.js +452 -0
package/server/lib/standards/cleanup-executor.test.js +293 -0
package/server/lib/standards/refactor-stepper.js +425 -0
package/server/lib/standards/refactor-stepper.test.js +298 -0
package/server/lib/standards/standards-injector.js +167 -0
package/server/lib/standards/standards-injector.test.js +232 -0
package/server/lib/user-management.test.js +284 -0
package/server/lib/vps/backup-manager.js +157 -0
package/server/lib/vps/backup-manager.test.js +59 -0
package/server/lib/vps/caddy-config.js +159 -0
package/server/lib/vps/caddy-config.test.js +48 -0
package/server/lib/vps/compose-orchestrator.js +219 -0
package/server/lib/vps/compose-orchestrator.test.js +50 -0
package/server/lib/vps/database-config.js +208 -0
package/server/lib/vps/database-config.test.js +47 -0
package/server/lib/vps/deploy-script.js +211 -0
package/server/lib/vps/deploy-script.test.js +53 -0
package/server/lib/vps/secrets-manager.js +148 -0
package/server/lib/vps/secrets-manager.test.js +58 -0
package/server/lib/vps/server-hardening.js +174 -0
package/server/lib/vps/server-hardening.test.js +70 -0
package/server/package-lock.json +19 -0
package/server/package.json +1 -0
package/server/templates/CLAUDE.md +37 -0
package/server/templates/CODING-STANDARDS.md +408 -0

package/server/lib/monitoring/incident-manager.test.js ADDED Viewed

@@ -0,0 +1,98 @@
+/**
+ * Incident Manager Tests
+ */
+import { describe, it, expect, vi } from 'vitest';
+import {
+  createIncident,
+  generateTimeline,
+  linkAlerts,
+  updateStatus,
+  generatePostMortem,
+  calculateMttr,
+  INCIDENT_STATUS,
+  createIncidentManager,
+} from './incident-manager.js';
+describe('incident-manager', () => {
+  describe('INCIDENT_STATUS', () => {
+    it('defines status constants', () => {
+      expect(INCIDENT_STATUS.OPEN).toBe('open');
+      expect(INCIDENT_STATUS.INVESTIGATING).toBe('investigating');
+      expect(INCIDENT_STATUS.RESOLVED).toBe('resolved');
+    });
+  });
+  describe('createIncident', () => {
+    it('creates incident from alert', () => {
+      const incident = createIncident({ alert: { id: 'a1', title: 'DB Down' } });
+      expect(incident.id).toBeDefined();
+      expect(incident.title).toBe('DB Down');
+      expect(incident.status).toBe('open');
+    });
+  });
+  describe('generateTimeline', () => {
+    it('generates timeline from events', () => {
+      const timeline = generateTimeline({
+        events: [
+          { type: 'alert', timestamp: new Date('2024-01-01T10:00:00Z') },
+          { type: 'acknowledge', timestamp: new Date('2024-01-01T10:05:00Z') },
+        ],
+      });
+      expect(timeline.length).toBe(2);
+    });
+  });
+  describe('linkAlerts', () => {
+    it('links related alerts to incident', () => {
+      const incident = createIncident({ title: 'Outage' });
+      const linked = linkAlerts(incident, [{ id: 'a1' }, { id: 'a2' }]);
+      expect(linked.alerts).toHaveLength(2);
+    });
+  });
+  describe('updateStatus', () => {
+    it('updates incident status', () => {
+      const incident = createIncident({ title: 'Test' });
+      const updated = updateStatus(incident, 'investigating');
+      expect(updated.status).toBe('investigating');
+    });
+    it('records status history', () => {
+      const incident = createIncident({ title: 'Test' });
+      const updated = updateStatus(incident, 'resolved');
+      expect(updated.statusHistory.length).toBeGreaterThan(0);
+    });
+  });
+  describe('generatePostMortem', () => {
+    it('generates post-mortem template', () => {
+      const postMortem = generatePostMortem({
+        incident: { id: 'i1', title: 'Outage' },
+      });
+      expect(postMortem).toContain('# Post-Mortem');
+      expect(postMortem).toContain('Outage');
+    });
+  });
+  describe('calculateMttr', () => {
+    it('calculates mean time to resolve', () => {
+      const incidents = [
+        { createdAt: new Date('2024-01-01T10:00:00Z'), resolvedAt: new Date('2024-01-01T11:00:00Z') },
+        { createdAt: new Date('2024-01-02T10:00:00Z'), resolvedAt: new Date('2024-01-02T10:30:00Z') },
+      ];
+      const mttr = calculateMttr(incidents);
+      expect(mttr).toBe(45 * 60 * 1000); // 45 minutes
+    });
+  });
+  describe('createIncidentManager', () => {
+    it('creates manager with methods', () => {
+      const manager = createIncidentManager();
+      expect(manager.create).toBeDefined();
+      expect(manager.update).toBeDefined();
+      expect(manager.resolve).toBeDefined();
+      expect(manager.getMetrics).toBeDefined();
+    });
+  });
+});

package/server/lib/monitoring/log-aggregator.js ADDED Viewed

@@ -0,0 +1,147 @@
+/**
+ * Log Aggregator
+ * Collects and aggregates logs from multiple sources
+ */
+/**
+ * Log level constants
+ */
+export const LOG_LEVELS = {
+  ERROR: 'error',
+  WARN: 'warn',
+  INFO: 'info',
+  DEBUG: 'debug',
+};
+/**
+ * Structures a log entry as JSON with timestamp
+ * @param {Object} entry - Log entry with message and level
+ * @returns {Object} Structured log entry
+ */
+export function structureLog(entry) {
+  return {
+    ...entry,
+    timestamp: entry.timestamp || new Date().toISOString(),
+  };
+}
+/**
+ * Filters sensitive data from log entries
+ * @param {Object} log - Log entry to filter
+ * @returns {Object} Filtered log entry
+ */
+export function filterSensitiveData(log) {
+  const sensitivePatterns = [
+    /password\s*[=:]\s*\S+/gi,
+    /api_key\s*[=:]\s*\S+/gi,
+    /secret\s*[=:]\s*\S+/gi,
+    /token\s*[=:]\s*\S+/gi,
+    /authorization\s*[=:]\s*\S+/gi,
+  ];
+  let filteredMessage = log.message;
+  for (const pattern of sensitivePatterns) {
+    filteredMessage = filteredMessage.replace(pattern, (match) => {
+      const [key] = match.split(/[=:]/);
+      return `${key}=[REDACTED]`;
+    });
+  }
+  return {
+    ...log,
+    message: filteredMessage,
+  };
+}
+/**
+ * Aggregates logs from multiple sources
+ * @param {Array} sources - Array of log sources with logs
+ * @returns {Array} Aggregated logs
+ */
+export function aggregateLogs(sources) {
+  const aggregated = [];
+  for (const source of sources) {
+    for (const log of source.logs) {
+      aggregated.push({
+        ...log,
+        source: source.source,
+      });
+    }
+  }
+  return aggregated;
+}
+/**
+ * Determines if logs should be rotated
+ * @param {Object} options - Rotation options
+ * @param {number} options.maxSize - Maximum size in bytes
+ * @param {number} options.currentSize - Current size in bytes
+ * @param {number} options.maxAge - Maximum age in milliseconds
+ * @param {number} options.age - Current age in milliseconds
+ * @returns {Object} Rotation result
+ */
+export function rotateLogs(options) {
+  const { maxSize, currentSize, maxAge, age } = options;
+  const shouldRotateBySize = maxSize && currentSize && currentSize > maxSize;
+  const shouldRotateByAge = maxAge && age && age > maxAge;
+  return {
+    rotated: shouldRotateBySize || shouldRotateByAge,
+    reason: shouldRotateBySize ? 'size' : shouldRotateByAge ? 'age' : null,
+  };
+}
+/**
+ * Exports logs to specified format
+ * @param {Array} logs - Logs to export
+ * @param {string} format - Output format (json or ndjson)
+ * @returns {string} Exported logs
+ */
+export function exportLogs(logs, format) {
+  if (format === 'ndjson') {
+    return logs.map(log => JSON.stringify(log)).join('\n');
+  }
+  return JSON.stringify(logs);
+}
+/**
+ * Creates a log aggregator instance
+ * @returns {Object} Log aggregator with methods
+ */
+export function createLogAggregator() {
+  const sources = [];
+  const logs = [];
+  return {
+    /**
+     * Adds a log source
+     * @param {Object} source - Source configuration
+     */
+    addSource(source) {
+      sources.push(source);
+    },
+    /**
+     * Collects logs from all sources
+     * @returns {Array} Collected logs
+     */
+    collect() {
+      const collected = aggregateLogs(sources.map(s => ({
+        source: s.name,
+        logs: s.getLogs ? s.getLogs() : [],
+      })));
+      logs.push(...collected);
+      return collected;
+    },
+    /**
+     * Exports all collected logs
+     * @param {string} format - Export format
+     * @returns {string} Exported logs
+     */
+    export(format = 'json') {
+      return exportLogs(logs, format);
+    },
+  };
+}

package/server/lib/monitoring/log-aggregator.test.js ADDED Viewed

@@ -0,0 +1,89 @@
+/**
+ * Log Aggregator Tests
+ */
+import { describe, it, expect, vi } from 'vitest';
+import {
+  aggregateLogs,
+  structureLog,
+  filterSensitiveData,
+  rotateLogs,
+  exportLogs,
+  LOG_LEVELS,
+  createLogAggregator,
+} from './log-aggregator.js';
+describe('log-aggregator', () => {
+  describe('LOG_LEVELS', () => {
+    it('defines level constants', () => {
+      expect(LOG_LEVELS.ERROR).toBe('error');
+      expect(LOG_LEVELS.WARN).toBe('warn');
+      expect(LOG_LEVELS.INFO).toBe('info');
+      expect(LOG_LEVELS.DEBUG).toBe('debug');
+    });
+  });
+  describe('structureLog', () => {
+    it('structures log as JSON', () => {
+      const log = structureLog({ message: 'Test', level: 'info' });
+      expect(log.message).toBe('Test');
+      expect(log.level).toBe('info');
+      expect(log.timestamp).toBeDefined();
+    });
+  });
+  describe('filterSensitiveData', () => {
+    it('redacts passwords', () => {
+      const log = filterSensitiveData({ message: 'password=secret123' });
+      expect(log.message).not.toContain('secret123');
+      expect(log.message).toContain('[REDACTED]');
+    });
+    it('redacts API keys', () => {
+      const log = filterSensitiveData({ message: 'api_key: sk-abc123' });
+      expect(log.message).not.toContain('sk-abc123');
+    });
+  });
+  describe('aggregateLogs', () => {
+    it('aggregates from multiple sources', () => {
+      const logs = aggregateLogs([
+        { source: 'app', logs: [{ message: 'a' }] },
+        { source: 'db', logs: [{ message: 'b' }] },
+      ]);
+      expect(logs.length).toBe(2);
+    });
+  });
+  describe('rotateLogs', () => {
+    it('rotates by size', () => {
+      const result = rotateLogs({ maxSize: 1000, currentSize: 1500 });
+      expect(result.rotated).toBe(true);
+    });
+    it('rotates by time', () => {
+      const result = rotateLogs({ maxAge: 86400000, age: 90000000 });
+      expect(result.rotated).toBe(true);
+    });
+  });
+  describe('exportLogs', () => {
+    it('exports to JSON', () => {
+      const output = exportLogs([{ message: 'test' }], 'json');
+      expect(JSON.parse(output)).toHaveLength(1);
+    });
+    it('exports to NDJSON', () => {
+      const output = exportLogs([{ message: 'a' }, { message: 'b' }], 'ndjson');
+      expect(output.split('\n').filter(Boolean)).toHaveLength(2);
+    });
+  });
+  describe('createLogAggregator', () => {
+    it('creates aggregator with methods', () => {
+      const aggregator = createLogAggregator();
+      expect(aggregator.addSource).toBeDefined();
+      expect(aggregator.collect).toBeDefined();
+      expect(aggregator.export).toBeDefined();
+    });
+  });
+});

package/server/lib/monitoring/metrics-collector.js ADDED Viewed

@@ -0,0 +1,337 @@
+/**
+ * Metrics Collector
+ * Prometheus format metrics collection and formatting
+ */
+export const METRIC_TYPES = {
+  COUNTER: 'counter',
+  HISTOGRAM: 'histogram',
+  GAUGE: 'gauge',
+};
+/**
+ * Create a counter metric
+ * @param {string} name - Metric name
+ * @param {Object} options - Configuration options
+ * @param {Array} options.labels - Label names
+ * @returns {Object} Counter with inc and get methods
+ */
+export function createCounter(name, options = {}) {
+  const { labels = [] } = options;
+  let value = 0;
+  const labeledValues = new Map();
+  function getLabelKey(labelValues) {
+    return JSON.stringify(labelValues);
+  }
+  return {
+    inc(amountOrLabels = 1) {
+      if (typeof amountOrLabels === 'number') {
+        value += amountOrLabels;
+      } else if (typeof amountOrLabels === 'object' && labels.length > 0) {
+        const key = getLabelKey(amountOrLabels);
+        labeledValues.set(key, (labeledValues.get(key) || 0) + 1);
+      } else {
+        value += 1;
+      }
+    },
+    get(labelValues) {
+      if (labelValues && labels.length > 0) {
+        const key = getLabelKey(labelValues);
+        return labeledValues.get(key) || 0;
+      }
+      return value;
+    },
+    getName() {
+      return name;
+    },
+    getType() {
+      return METRIC_TYPES.COUNTER;
+    },
+  };
+}
+/**
+ * Create a histogram metric
+ * @param {string} name - Metric name
+ * @param {Object} options - Configuration options
+ * @param {Array} options.buckets - Bucket boundaries
+ * @returns {Object} Histogram with observe and get methods
+ */
+export function createHistogram(name, options = {}) {
+  const { buckets = [0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1, 2.5, 5, 10] } = options;
+  const observations = [];
+  let sum = 0;
+  return {
+    observe(value) {
+      observations.push(value);
+      sum += value;
+    },
+    getCount() {
+      return observations.length;
+    },
+    getSum() {
+      return sum;
+    },
+    getPercentile(percentile) {
+      if (observations.length === 0) return 0;
+      const sorted = [...observations].sort((a, b) => a - b);
+      const index = Math.floor((percentile / 100) * sorted.length);
+      return sorted[Math.min(index, sorted.length - 1)];
+    },
+    getBuckets() {
+      const result = {};
+      for (const bucket of buckets) {
+        result[bucket] = observations.filter((v) => v <= bucket).length;
+      }
+      return result;
+    },
+    getName() {
+      return name;
+    },
+    getType() {
+      return METRIC_TYPES.HISTOGRAM;
+    },
+  };
+}
+/**
+ * Create a gauge metric
+ * @param {string} name - Metric name
+ * @param {Object} options - Configuration options
+ * @returns {Object} Gauge with set, inc, dec, and get methods
+ */
+export function createGauge(name, options = {}) {
+  let value = 0;
+  return {
+    set(newValue) {
+      value = newValue;
+    },
+    inc(amount = 1) {
+      value += amount;
+    },
+    dec(amount = 1) {
+      value -= amount;
+    },
+    get() {
+      return value;
+    },
+    getName() {
+      return name;
+    },
+    getType() {
+      return METRIC_TYPES.GAUGE;
+    },
+  };
+}
+/**
+ * Collect system metrics
+ * @param {Object} options - Configuration options
+ * @param {boolean} options.cpu - Include CPU metrics
+ * @param {boolean} options.memory - Include memory metrics
+ * @param {boolean} options.eventLoop - Include event loop metrics
+ * @returns {Object} Collected metrics
+ */
+export async function collectMetrics(options = {}) {
+  const { cpu = false, memory = false, eventLoop = false } = options;
+  const metrics = {};
+  if (cpu) {
+    const cpuUsage = process.cpuUsage();
+    metrics.cpu = {
+      user: cpuUsage.user,
+      system: cpuUsage.system,
+    };
+  }
+  if (memory) {
+    const memUsage = process.memoryUsage();
+    metrics.memory = {
+      heapUsed: memUsage.heapUsed,
+      heapTotal: memUsage.heapTotal,
+      external: memUsage.external,
+      rss: memUsage.rss,
+    };
+  }
+  if (eventLoop) {
+    // Measure event loop lag
+    const start = Date.now();
+    await new Promise((resolve) => setImmediate(resolve));
+    const lag = Date.now() - start;
+    metrics.eventLoop = {
+      lag,
+    };
+  }
+  return metrics;
+}
+/**
+ * Format metric in Prometheus format
+ * @param {Object} metric - Metric to format
+ * @param {string} metric.name - Metric name
+ * @param {string} metric.type - Metric type
+ * @param {number} metric.value - Metric value (for counter/gauge)
+ * @param {Object} metric.buckets - Bucket values (for histogram)
+ * @param {number} metric.sum - Sum (for histogram)
+ * @param {number} metric.count - Count (for histogram)
+ * @param {Object} metric.labels - Labels
+ * @returns {string} Prometheus formatted string
+ */
+export function formatPrometheus(metric) {
+  const { name, type, value, buckets, sum, count, labels } = metric;
+  const lines = [];
+  // Type declaration
+  lines.push(`# TYPE ${name} ${type}`);
+  // Format labels
+  let labelStr = '';
+  if (labels && Object.keys(labels).length > 0) {
+    const labelParts = Object.entries(labels).map(([k, v]) => `${k}="${v}"`);
+    labelStr = `{${labelParts.join(',')}}`;
+  }
+  if (type === 'histogram') {
+    // Histogram buckets
+    for (const [le, bucketCount] of Object.entries(buckets)) {
+      const bucketLabel = labelStr ? labelStr.replace('}', `,le="${le}"}`) : `{le="${le}"}`;
+      lines.push(`${name}_bucket${bucketLabel} ${bucketCount}`);
+    }
+    // Add +Inf bucket
+    const infLabel = labelStr ? labelStr.replace('}', ',le="+Inf"}') : '{le="+Inf"}';
+    lines.push(`${name}_bucket${infLabel} ${count}`);
+    lines.push(`${name}_sum${labelStr} ${sum}`);
+    lines.push(`${name}_count${labelStr} ${count}`);
+  } else {
+    // Counter or Gauge
+    lines.push(`${name}${labelStr} ${value}`);
+  }
+  return lines.join('\n');
+}
+/**
+ * Create a metrics collector
+ * @param {Object} options - Configuration options
+ * @param {number} options.retentionMs - Retention period in milliseconds
+ * @returns {Object} Metrics collector
+ */
+export function createMetricsCollector(options = {}) {
+  const { retentionMs = 3600000 } = options;
+  const counters = new Map();
+  const histograms = new Map();
+  const gauges = new Map();
+  const requestMetrics = [];
+  // Create default request metrics
+  const requestCounter = createCounter('http_requests_total', { labels: ['method', 'path', 'status'] });
+  const requestDuration = createHistogram('http_request_duration_seconds');
+  return {
+    counter(name, opts) {
+      if (!counters.has(name)) {
+        counters.set(name, createCounter(name, opts));
+      }
+      return counters.get(name);
+    },
+    histogram(name, opts) {
+      if (!histograms.has(name)) {
+        histograms.set(name, createHistogram(name, opts));
+      }
+      return histograms.get(name);
+    },
+    gauge(name, opts) {
+      if (!gauges.has(name)) {
+        gauges.set(name, createGauge(name, opts));
+      }
+      return gauges.get(name);
+    },
+    trackRequest({ method, path, status, duration }) {
+      requestCounter.inc({ method, path, status: String(status) });
+      requestDuration.observe(duration);
+      requestMetrics.push({
+        method,
+        path,
+        status,
+        duration,
+        timestamp: Date.now(),
+      });
+      // Clean up old metrics based on retention
+      const cutoff = Date.now() - retentionMs;
+      while (requestMetrics.length > 0 && requestMetrics[0].timestamp < cutoff) {
+        requestMetrics.shift();
+      }
+    },
+    collect() {
+      return {
+        counters: Object.fromEntries(counters),
+        histograms: Object.fromEntries(histograms),
+        gauges: Object.fromEntries(gauges),
+        requests: requestMetrics,
+      };
+    },
+    format() {
+      const output = [];
+      for (const [name, counter] of counters) {
+        output.push(formatPrometheus({
+          name,
+          type: 'counter',
+          value: counter.get(),
+        }));
+      }
+      for (const [name, histogram] of histograms) {
+        output.push(formatPrometheus({
+          name,
+          type: 'histogram',
+          buckets: histogram.getBuckets(),
+          sum: histogram.getSum(),
+          count: histogram.getCount(),
+        }));
+      }
+      for (const [name, gauge] of gauges) {
+        output.push(formatPrometheus({
+          name,
+          type: 'gauge',
+          value: gauge.get(),
+        }));
+      }
+      return output.join('\n\n');
+    },
+    getRetention() {
+      return retentionMs;
+    },
+  };
+}