885ce86af4
- Introduced a comprehensive CI job structure for VEX Lens, including build, test, linting, and load testing. - Defined load test parameters and SLOs for VEX Lens API and Issuer Directory. - Created Grafana dashboards and alerting mechanisms for monitoring API performance and error rates. - Established offline posture guidelines for CI jobs and load testing. feat: Implement deterministic projection verification script - Added `verify_projection.sh` script for verifying the integrity of projection exports against expected hashes. - Ensured robust error handling for missing files and hash mismatches. feat: Develop Vuln Explorer CI and Ops Plan - Created CI jobs for Vuln Explorer, including build, test, and replay verification. - Implemented backup and disaster recovery strategies for MongoDB and Redis. - Established Merkle anchoring verification and automation for ledger projector. feat: Introduce EventEnvelopeHasher for hashing event envelopes - Implemented `EventEnvelopeHasher` to compute SHA256 hashes for event envelopes. feat: Add Risk Store and Dashboard components - Developed `RiskStore` for managing risk data and state. - Created `RiskDashboardComponent` for displaying risk profiles with filtering capabilities. - Implemented unit tests for `RiskStore` and `RiskDashboardComponent`. feat: Enhance Vulnerability Detail Component - Developed `VulnerabilityDetailComponent` for displaying detailed information about vulnerabilities. - Implemented error handling for missing vulnerability IDs and loading failures.
45 lines
2.0 KiB
Markdown
45 lines
2.0 KiB
Markdown
# Health & capability endpoint contract (DOCKER-44-003)
|
|
|
|
Target services: API, Console, Orchestrator, Task Runner, Concelier, Excititor, Policy, Notify, Export, AdvisoryAI.
|
|
|
|
## HTTP paths
|
|
- `GET /health/liveness` — fast, dependency-free check; returns `200` and minimal body.
|
|
- `GET /health/readiness` — may hit critical deps (DB, bus, cache); returns `503` when not ready.
|
|
- `GET /version` — static payload with `service`, `version`, `commit`, `buildTimestamp` (ISO-8601 UTC), `source` (channel).
|
|
- `GET /metrics` — Prometheus text exposition; reuse existing instrumentation.
|
|
- `GET /capabilities` — if present for Concelier/Excititor, must include `"merge": false`.
|
|
|
|
## Minimal ASP.NET 10 wiring (per service)
|
|
```csharp
|
|
var builder = WebApplication.CreateBuilder(args);
|
|
// health checks; add real checks as needed
|
|
builder.Services.AddHealthChecks();
|
|
var app = builder.Build();
|
|
|
|
app.MapHealthChecks("/health/liveness", new() { Predicate = _ => false });
|
|
app.MapHealthChecks("/health/readiness");
|
|
|
|
app.MapGet("/version", () => Results.Json(new {
|
|
service = "StellaOps.Policy", // override per service
|
|
version = ThisAssembly.AssemblyInformationalVersion,
|
|
commit = ThisAssembly.Git.Commit,
|
|
buildTimestamp = ThisAssembly.Git.CommitDate.UtcDateTime,
|
|
source = Environment.GetEnvironmentVariable("STELLA_CHANNEL") ?? "edge"
|
|
}));
|
|
|
|
app.UseHttpMetrics();
|
|
app.MapMetrics();
|
|
|
|
app.Run();
|
|
```
|
|
- Ensure `ThisAssembly.*` source generators are enabled or substitute build vars.
|
|
- Keep `/health/liveness` lightweight; `/health/readiness` should test critical dependencies (Mongo, Redis, message bus) with timeouts.
|
|
- When adding `/capabilities`, explicitly emit `merge = false` for Concelier/Excititor.
|
|
|
|
## CI verification
|
|
- After publishing an image, run `ops/devops/docker/verify_health_endpoints.sh <image> [port]`.
|
|
- CI should fail if any required endpoint is missing or non-200.
|
|
|
|
## Deployment
|
|
- Helm/Compose should set `readOnlyRootFilesystem: true` and wire readiness/liveness probes to these paths/port.
|