🐛 fix: remove server build metadata from unauthenticated /health endpoint (#3967)

[clubanderson]

Summary

• Adds minimal /healthz endpoint returning only {"status": "ok"} for k8s probes and load balancers
• Removes go_version, git_commit, git_time, git_dirty, and self_upgrade from the public /health endpoint — these expose build fingerprints useful for attacker reconnaissance and are not used by the frontend
• Build metadata remains available via the existing /api/version endpoint
• Updates k8s liveness/readiness probes and startup loading page to use /healthz

Test plan

• curl /healthz returns only {"status": "ok"}
• curl /health no longer includes go_version, git_commit, git_time, git_dirty, or self_upgrade
• /health still returns version, in_cluster, oauth_configured, install_method, project, branding, enabled_dashboards
• Frontend health polling still works (useBackendHealth)
• Sidebar config still loads dashboards (useSidebarConfig)
• Helm deployment probes work with /healthz

Closes #3967

[kubestellar-prow]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign clubanderson for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[netlify]

✅ Deploy Preview for kubestellarconsole ready!

Name	Link
🔨 Latest commit	2e05e49
🔍 Latest deploy log	https://app.netlify.com/projects/kubestellarconsole/deploys/69cbd6df48f83f0008c12f5c
😎 Deploy Preview	https://deploy-preview-3986.console-deploy-preview.kubestellar.io
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[github-actions]

👋 Hey @clubanderson — thanks for opening this PR!

🤖 This project is developed exclusively using AI coding assistants.

Please do not attempt to code anything for this project manually.
All contributions should be authored using an AI coding tool such as:

• Claude Code (Opus 4.5 / 4.6) — recommended
• GitHub Copilot
• Cursor
• Other AI coding assistants

This ensures consistency in code style, architecture patterns, test coverage,
and commit quality across the entire codebase.

---

This is an automated message.

[github-actions]

Thank you for your contribution! Your PR has been merged.

Check out what's new:

• KubeStellar Console — Live multi-cluster dashboard
• Marketplace — Community extensions
• Knowledge Base — Troubleshooting and how-tos

Stay connected: Slack #kubestellar-dev | Multi-Cluster Survey

[Copilot]

Pull request overview

This PR reduces unauthenticated health endpoint fingerprinting by introducing a minimal /healthz probe endpoint and removing server build metadata from the public /health response, while updating deployment probes and a contract-test script accordingly.

Changes:

• Added /healthz endpoint that returns only a status field for probes and load balancers.
• Removed build metadata fields (go_version, git_commit, git_time, git_dirty, self_upgrade) from /health and kept them in /api/version.
• Updated Helm liveness/readiness probes and the API contract test to include/use /healthz.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File	Description
scripts/api-contract-test.sh	Adds /healthz to unauthenticated endpoint contract checks.
pkg/api/server.go	Adds /healthz, trims /health response, and switches startup loading HTML to poll /healthz.
deploy/helm/kubestellar-console/templates/deployment.yaml	Points liveness/readiness probes to /healthz when watchdog is disabled.

[Copilot]

The startup loading page now polls /healthz, but the temporary loading server started in startLoadingServer only registers /health (returns {status:"starting"}) and does not serve /healthz. During initialization this will cause /healthz to 404, so the loading page may never reload and the Helm liveness/readiness probes (now pointed at /healthz) can fail/restart the pod before Fiber is up. Add a /healthz handler to the loading server mux (likely returning {status:"starting"}) or revert the loading page/probes to an endpoint that exists during the loading-server phase.

Suggested change

	// Poll /healthz and reload when ready
	setInterval(async function(){try{var r=await fetch('/healthz');if(r.ok){var d=await r.json();if(d.status==='ok')location.reload()}}catch(e){}},2000);
	// Poll /health and reload when ready
	setInterval(async function(){try{var r=await fetch('/health');if(r.ok){var d=await r.json();if(d.status==='ok')location.reload()}}catch(e){}},2000);

[Copilot]

Adding /healthz to the contract endpoints is good, but the current curl -f ... || http_code="000" logic treats any non-2xx (including a real 404/500 from /healthz) as a connection failure and marks it as “skipped”, which can hide regressions for this newly-added endpoint. Consider capturing the actual HTTP status code even on non-2xx and failing the contract test when the endpoint returns 4xx/5xx.

[clubanderson]

🔄 Auto-Applying Copilot Code Review

Copilot code review found 1 code suggestion(s) and 1 general comment(s).

@copilot Please apply all of the following code review suggestions:

• pkg/api/server.go (line 406): // Poll /health and reload when ready setInterval(async function(){try{var r=awa...

Also address these general comments:

• scripts/api-contract-test.sh (line 96): Adding /healthz to the contract endpoints is good, but the current curl -f ... || http_code="000" logic treats any n

Push all fixes in a single commit. Run cd web && npm run build && npm run lint before committing.

---

Auto-generated by copilot-review-apply workflow.