Add Prometheus metrics for connections, firewall, L7, and bytes transferred

Instrument mc-proxy with prometheus/client_golang. New internal/metrics/ package defines counters, gauges, and histograms for connection totals, active connections, firewall blocks by reason, backend dial latency, bytes transferred, L7 HTTP status codes, and L7 policy blocks. Optional [metrics] config section starts a scrape endpoint. Firewall gains BlockedWithReason() to report block cause. L7 handler wraps ResponseWriter to record status codes per hostname. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-25 18:05:25 -07:00
parent 42c7fffc3e
commit ffc31f7d55
16 changed files with 439 additions and 32 deletions
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -22,9 +22,16 @@ type Config struct {
 	GRPC      GRPC       `toml:"grpc"`
 	Firewall  Firewall   `toml:"firewall"`
 	Proxy     Proxy      `toml:"proxy"`
+	Metrics   Metrics    `toml:"metrics"`
 	Log       Log        `toml:"log"`
 }

+// Metrics holds the Prometheus metrics endpoint configuration.
+type Metrics struct {
+	Addr string `toml:"addr"` // e.g. "127.0.0.1:9090"
+	Path string `toml:"path"` // e.g. "/metrics" (default)
+}
+
 // Database holds the database configuration.
 type Database struct {
 	Path string `toml:"path"`
@@ -215,6 +222,10 @@ func (c *Config) validate() error {
 		}
 	}

+	if c.Metrics.Addr != "" && c.Metrics.Path != "" && !strings.HasPrefix(c.Metrics.Path, "/") {
+		return fmt.Errorf("metrics.path must start with \"/\"")
+	}
+
 	if c.Proxy.ConnectTimeout.Duration < 0 {
 		return fmt.Errorf("proxy.connect_timeout must not be negative")
 	}
--- a/internal/config/config_test.go
+++ b/internal/config/config_test.go
@@ -541,3 +541,54 @@ proxy_protocol = true
 		t.Fatal("expected send_proxy_protocol = true")
 	}
 }
+
+func TestLoadMetricsConfig(t *testing.T) {
+	dir := t.TempDir()
+	path := filepath.Join(dir, "test.toml")
+
+	data := `
+[database]
+path = "/tmp/test.db"
+
+[metrics]
+addr = "127.0.0.1:9090"
+path = "/metrics"
+`
+	if err := os.WriteFile(path, []byte(data), 0600); err != nil {
+		t.Fatalf("write config: %v", err)
+	}
+
+	cfg, err := Load(path)
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+
+	if cfg.Metrics.Addr != "127.0.0.1:9090" {
+		t.Fatalf("got metrics.addr %q, want %q", cfg.Metrics.Addr, "127.0.0.1:9090")
+	}
+	if cfg.Metrics.Path != "/metrics" {
+		t.Fatalf("got metrics.path %q, want %q", cfg.Metrics.Path, "/metrics")
+	}
+}
+
+func TestValidateMetricsInvalidPath(t *testing.T) {
+	dir := t.TempDir()
+	path := filepath.Join(dir, "test.toml")
+
+	data := `
+[database]
+path = "/tmp/test.db"
+
+[metrics]
+addr = "127.0.0.1:9090"
+path = "no-slash"
+`
+	if err := os.WriteFile(path, []byte(data), 0600); err != nil {
+		t.Fatalf("write config: %v", err)
+	}
+
+	_, err := Load(path)
+	if err == nil {
+		t.Fatal("expected error for metrics.path without leading slash")
+	}
+}