Health
TapPass exposes three health endpoints following the Kubernetes probe contract:
| Endpoint | Probe | Checks |
|---|---|---|
/health/live | Liveness | Process alive (no dep checks) |
/health/ready | Readiness | DB + OPA + Redis |
/health/startup | Startup | DB + OPA + Presidio models loaded |
/health | Legacy | Same as /health/ready |
GET /health/ready
Section titled “GET /health/ready”curl http://localhost:9620/health/ready{"status": "ok", "checks": {"database": "ok", "opa": "ok", "redis": "ok"}}Returns 503 if any dependency is unhealthy.
GET /health/live
Section titled “GET /health/live”curl http://localhost:9620/health/live{"status": "ok"}Always returns 200 if the process is running. Use for K8s liveness probe.
GET /health/startup
Section titled “GET /health/startup”curl http://localhost:9620/health/startupReturns 503 until Presidio NER models are loaded (~10-30s on cold start).
GET /health (legacy)
Section titled “GET /health (legacy)”curl http://localhost:9620/health{"status": "healthy", "version": "0.2.0", "storage": "postgresql"}Backward-compatible. Prefer /health/ready for new deployments.
GET /health/overview
Section titled “GET /health/overview”Fleet health overview: all agents with scores, sorted worst-first.
GET /metrics
Section titled “GET /metrics”Prometheus metrics endpoint (requires admin auth).
Key metrics:
| Metric | Type | Description |
|---|---|---|
tappass_http_requests_total | Counter | Requests by method, path, status |
tappass_pipeline_blocks_total | Counter | Pipeline blocks |
tappass_pii_detections_total | Counter | PII detections by type |
tappass_capability_tokens_total | Counter | Tokens minted/denied/expired |
tappass_active_agents | Gauge | Active agents |
tappass doctor
Section titled “tappass doctor”CLI deep diagnostic:
tappass doctorChecks: server connectivity, OPA health, database connectivity, SPIRE status, license validity.