ibexharness
DocsBlogReleasesRoadmap
GitHub
ibexharness

Documentation

Auth gRPC (ValidateToken, ValidateAgent)Health and metricsChat completions (Phase 1 stub)Errors
API Reference›Health and metrics
API Reference

Health and metrics

Liveness, readiness, and Prometheus metrics endpoints on auth and proxy services (ADR-0022).

Both Go services expose three operational HTTP routes on their respective IBEX_PORT values: proxy 8080, auth 8081. These endpoints are unauthenticated and intended for load balancers, Kubernetes probes, and Prometheus scrapes.

Contract

Response schemas and checker classification are defined in ADR-0022 and implemented via packages/healthcheck.

Endpoints

GET/health

Liveness — always 200 when the process responds; no external dependency checks.

GET/ready

Readiness — 200 when critical dependencies are healthy; 503 when any critical check fails.

GET/metrics

Prometheus text exposition format from packages/metrics.

Apply the same three routes on both http://localhost:8080 (proxy) and http://localhost:8081 (auth).

Response schemas

GET /health

Always returns 200 with minimal JSON:

JSON
{
  "status": "ok",
  "checks": {}
}

Use for liveness probes. Failure → restart the pod/process.

GET /ready

Returns dependency detail:

JSON
{
  "status": "ok",
  "checks": {
    "postgres": { "status": "ok", "latency_ms": 2 },
    "auth_grpc": { "status": "ok", "latency_ms": 4 }
  }
}
Top-level statusHTTPMeaning
ok200All critical checks passed
degraded200Critical OK; advisory failure (none in Phase 1)
unhealthy503At least one critical check failed

Per-check timeout: 500ms. Overall request budget: 750ms.

Critical checks by service

ServiceCheck nameWhat it verifies
AuthpostgresSELECT 1 via pool
AuthgrpcTCP reachability to gRPC listen address
Proxyauth_grpcValidateToken with sentinel probe token; Unauthenticated = reachable
ProxyredisPING over RESP

Use readiness probes for load-balancer membership. A failing /ready removes traffic without restarting the pod.

Probe examples

bash
# Liveness
curl -s -o /dev/null -w "%{http_code}\n" http://localhost:8080/health
 
# Readiness (proxy — needs auth gRPC + Redis)
curl -s http://localhost:8080/ready | jq
 
# Metrics scrape
curl -s http://localhost:8080/metrics | head

make dev-smoke

make dev-smoke asserts proxy /health and /ready return 200 when compose, auth, and proxy are running with seed data.

Metrics catalog (Phase 1)

Scrape /metrics on both services. Key series include:

MetricTypeLabelsService
ibex_proxy_requests_totalCounterroute, method, codeProxy
ibex_proxy_auth_validate_duration_secondsHistogramresultProxy
ibex_auth_validate_token_duration_secondsHistogramresultAuth
ibex_auth_validate_agent_duration_secondsHistogramresultAuth

Full catalog: ADR-0021.

Related

  • Docker Compose — local boot order
  • Kubernetes — future probe wiring (not shipped)

Was this page helpful?

Edit on GitHub

Last updated on

PreviousAuth gRPC (ValidateToken, ValidateAgent)NextChat completions (Phase 1 stub)

On this page

  • Endpoints
  • Response schemas
  • GET /health
  • GET /ready
  • Critical checks by service
  • Probe examples
  • Metrics catalog (Phase 1)
  • Related
0%