Implement production-grade High Availability and Serverless features

Features:
- Add circuit breaker pattern to Wazuh API client with automatic recovery
- Integrate exponential backoff retry logic (3 attempts, 1-10s delays)
- Implement graceful shutdown with connection draining (30s timeout)
- Add pluggable session storage architecture (in-memory/Redis)
- Enable serverless deployments with Redis session backend
- Support horizontal scaling and multi-instance deployments

Implementation:
- WazuhClient: Circuit breakers + retry decorators on all API calls
- SessionManager: Abstract storage interface with Redis/in-memory backends
- GracefulShutdown: Connection tracking and cleanup task execution
- Configuration: Redis URL and session TTL environment variables

Backward Compatible:
- Default behavior unchanged (in-memory sessions)
- Zero configuration required for single-instance deployments
- Optional Redis backend enabled via REDIS_URL environment variable
- All existing code paths work without modification

Dependencies:
- Add redis[async]>=5.0.0 for optional Redis session storage
- All resilience patterns integrated from existing resilience.py module

Documentation:
- Update README with Advanced Features section
- Add HA and Serverless configuration examples
- Document session storage modes and verification steps

Author: alokemajumder

.env.example

@@ -47,4 +47,10 @@ LOG_LEVEL=INFO
 
 # === Wazuh SSL ===
 WAZUH_VERIFY_SSL=false
-WAZUH_ALLOW_SELF_SIGNED=true
+WAZUH_ALLOW_SELF_SIGNED=true
+
+# === Session Storage (Serverless Ready) ===
+# Optional Redis URL for serverless/multi-instance deployments
+# If not set, uses in-memory storage (single-instance only)
+# REDIS_URL=redis://localhost:6379/0
+# SESSION_TTL_SECONDS=1800

README.md

@@ -29,8 +29,8 @@ A **production-ready, enterprise-grade** MCP-compliant remote server that provid
 - **📊 Comprehensive Monitoring**: Prometheus metrics, health checks, structured logging
 - **🐳 100% Containerized**: Everything in Docker - OS-agnostic deployment (Windows/macOS/Linux)
 - **🌍 Zero Host Dependencies**: No Python, tools, or libraries needed on host system
-- **🔄 High Availability**: Circuit breakers, retry logic, graceful shutdown
-- **☁️ Serverless Ready**: Can scale to zero when idle with Streamable HTTP
+- **🔄 High Availability**: Integrated circuit breakers, exponential backoff retry logic, graceful shutdown with connection draining
+- **☁️ Serverless Ready**: Pluggable session storage (Redis or in-memory), stateless operations, horizontal scaling support
 
 ### 🏅 MCP 2025-06-18 Specification Compliance
 
@@ -217,6 +217,8 @@ curl http://localhost:3000/health
 | `LOG_LEVEL` | Logging level | `INFO` | ❌ |
 | `WAZUH_VERIFY_SSL` | SSL verification | `false` | ❌ |
 | `ALLOWED_ORIGINS` | CORS origins | `https://claude.ai` | ❌ |
+| `REDIS_URL` | Redis URL for serverless sessions | - | ❌ |
+| `SESSION_TTL_SECONDS` | Session TTL (Redis only) | `1800` | ❌ |
 
 ### Docker Compose Configuration
 
@@ -302,6 +304,96 @@ docker compose pull
 docker compose up -d
 ```
 
+## 🚀 Advanced Features
+
+### High Availability (HA)
+
+The server includes production-grade HA features for maximum reliability:
+
+**Circuit Breakers**
+- Automatically opens after 5 consecutive failures
+- Prevents cascading failures to Wazuh API
+- Recovers automatically after 60 seconds
+- Falls back gracefully during outages
+
+**Retry Logic**
+- Exponential backoff with jitter
+- 3 retry attempts with 1-10 second delays
+- Applies to all Wazuh API calls
+- Handles transient network failures
+
+**Graceful Shutdown**
+- Waits for active connections to complete (max 30s)
+- Runs cleanup tasks before termination
+- Prevents data loss during restarts
+- Integrates with Docker health checks
+
+**Implementation:**
+```python
+# Automatically applied to all Wazuh API calls
+# No configuration required - works out of the box
+```
+
+### Serverless Ready
+
+Enable horizontally scalable, serverless deployments with external session storage:
+
+**Default Mode: In-Memory Sessions**
+```bash
+# Single-instance deployments (default)
+# No configuration needed
+docker compose up -d
+```
+- ✅ Zero configuration
+- ✅ Works immediately
+- ❌ Sessions lost on restart
+- ❌ Cannot scale horizontally
+
+**Serverless Mode: Redis Sessions**
+```bash
+# Multi-instance/serverless deployments
+# Configure Redis in .env file
+REDIS_URL=redis://redis:6379/0
+SESSION_TTL_SECONDS=1800  # 30 minutes
+
+# Deploy with Redis
+docker compose -f compose.yml -f compose.redis.yml up -d
+```
+- ✅ Sessions persist across restarts
+- ✅ Horizontal scaling support
+- ✅ Serverless compatible (AWS Lambda, Cloud Run)
+- ✅ Automatic session expiration
+
+**Redis Setup (Optional):**
+```yaml
+# compose.redis.yml
+services:
+  redis:
+    image: redis:7-alpine
+    ports:
+      - "6379:6379"
+    volumes:
+      - redis-data:/data
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 5s
+
+volumes:
+  redis-data:
+```
+
+**Verification:**
+```bash
+# Check session storage mode
+curl http://localhost:3000/health | jq '.session_storage'
+
+# Output:
+# {
+#   "type": "InMemorySessionStore"  # or "RedisSessionStore"
+#   "sessions_count": 5
+# }
+```
+
 ## 📊 Monitoring & Operations  
 
 ### Health Monitoring

requirements.txt

@@ -29,5 +29,8 @@ psutil>=5.9.0
 tenacity>=8.2.0  # Retry logic
 aiofiles>=23.0.0  # Async file operations
 
+# Session storage for serverless (optional)
+redis[async]>=5.0.0  # Redis async client for serverless session storage
+
 # Security and encryption
 cryptography>=41.0.0  # Encryption for secrets

src/wazuh_mcp_server/api/wazuh_client.py

@@ -5,13 +5,21 @@
 import time
 from typing import Dict, Any, Optional
 import httpx
+import logging
 
 from wazuh_mcp_server.config import WazuhConfig
+from wazuh_mcp_server.resilience import (
+    CircuitBreaker,
+    CircuitBreakerConfig,
+    RetryConfig
+)
+
+logger = logging.getLogger(__name__)
 
 
 class WazuhClient:
-    """Simplified Wazuh API client with rate limiting."""
-    
+    """Simplified Wazuh API client with rate limiting, circuit breaker, and retry logic."""
+
     def __init__(self, config: WazuhConfig):
         self.config = config
         self.token: Optional[str] = None
@@ -21,6 +29,15 @@ def __init__(self, config: WazuhConfig):
         self._request_times = []
         self._max_requests_per_minute = getattr(config, 'max_requests_per_minute', 100)
         self._rate_limit_enabled = True
+
+        # Circuit breaker for API resilience
+        circuit_config = CircuitBreakerConfig(
+            failure_threshold=5,
+            recovery_timeout=60,
+            expected_exception=Exception
+        )
+        self._circuit_breaker = CircuitBreaker(circuit_config)
+        logger.info("WazuhClient initialized with circuit breaker and retry logic")
 
     async def initialize(self):
         """Initialize the HTTP client and authenticate."""
@@ -180,45 +197,58 @@ async def _rate_limit_check(self):
         self._request_times.append(current_time)
 
     async def _request(self, method: str, endpoint: str, **kwargs) -> Dict[str, Any]:
-        """Make authenticated request to Wazuh API with rate limiting."""
+        """Make authenticated request to Wazuh API with rate limiting, circuit breaker, and retry logic."""
         # Apply rate limiting
         async with self._rate_limiter:
             await self._rate_limit_check()
-            
-            if not self.token:
+
+            # Apply circuit breaker and retry logic
+            return await self._request_with_resilience(method, endpoint, **kwargs)
+
+    @RetryConfig.WAZUH_API_RETRY
+    async def _request_with_resilience(self, method: str, endpoint: str, **kwargs) -> Dict[str, Any]:
+        """Execute request with circuit breaker and retry logic."""
+        return await self._circuit_breaker._call(self._execute_request, method, endpoint, **kwargs)
+
+    async def _execute_request(self, method: str, endpoint: str, **kwargs) -> Dict[str, Any]:
+        """Execute the actual HTTP request to Wazuh API."""
+        if not self.token:
+            await self._authenticate()
+
+        url = f"{self.config.base_url}{endpoint}"
+        headers = {"Authorization": f"Bearer {self.token}"}
+
+        try:
+            response = await self.client.request(method, url, headers=headers, **kwargs)
+            response.raise_for_status()
+
+            data = response.json()
+
+            # Validate response structure
+            if "data" not in data:
+                raise ValueError(f"Invalid response structure from Wazuh API: {endpoint}")
+
+            return data
+
+        except httpx.HTTPStatusError as e:
+            if e.response.status_code == 401:
+                # Token might be expired, try to re-authenticate
+                self.token = None
                 await self._authenticate()
-            
-            url = f"{self.config.base_url}{endpoint}"
-            headers = {"Authorization": f"Bearer {self.token}"}
-            
-            try:
+                # Retry the request once
+                headers = {"Authorization": f"Bearer {self.token}"}
                 response = await self.client.request(method, url, headers=headers, **kwargs)
                 response.raise_for_status()
-                
-                data = response.json()
-                
-                # Validate response structure
-                if "data" not in data:
-                    raise ValueError(f"Invalid response structure from Wazuh API: {endpoint}")
-                
-                return data
-                
-            except httpx.HTTPStatusError as e:
-                if e.response.status_code == 401:
-                    # Token might be expired, try to re-authenticate
-                    self.token = None
-                    await self._authenticate()
-                    # Retry the request once
-                    headers = {"Authorization": f"Bearer {self.token}"}
-                    response = await self.client.request(method, url, headers=headers, **kwargs)
-                    response.raise_for_status()
-                    return response.json()
-                else:
-                    raise ValueError(f"Wazuh API request failed: {e.response.status_code} - {e.response.text}")
-            except httpx.ConnectError:
-                raise ConnectionError(f"Lost connection to Wazuh server at {self.config.wazuh_host}")
-            except httpx.TimeoutException:
-                raise ConnectionError(f"Request timeout to Wazuh server")
+                return response.json()
+            else:
+                logger.error(f"Wazuh API request failed: {e.response.status_code} - {e.response.text}")
+                raise ValueError(f"Wazuh API request failed: {e.response.status_code} - {e.response.text}")
+        except httpx.ConnectError as e:
+            logger.error(f"Lost connection to Wazuh server at {self.config.wazuh_host}")
+            raise ConnectionError(f"Lost connection to Wazuh server at {self.config.wazuh_host}")
+        except httpx.TimeoutException as e:
+            logger.error(f"Request timeout to Wazuh server")
+            raise ConnectionError(f"Request timeout to Wazuh server")
 
     async def get_manager_info(self) -> Dict[str, Any]:
         """Get Wazuh manager information."""