feat(health): add /api/health endpoint for monitoring and load balancers #102
Conversation
Add a public health check endpoint at /api/health that returns service status, version, and timestamp. This endpoint requires no authentication and is designed for integration with monitoring tools, load balancers, and orchestration platforms (Kubernetes probes, AWS ELB, Prometheus). Changes: - Add health_routes.py with /api/health endpoint - Register health router in main.py - Add comprehensive unit tests (test_health_route.py) - Update admin documentation with health monitoring section - Update endpoint_summary.md with new endpoint All tests pass (263 backend tests). Linting clean. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
🔒 Security Scan ResultsSecurity Scan SummaryScan ResultsPython SAST (Bandit)Recommendations
|
There was a problem hiding this comment.
Pull request overview
This PR adds a health check endpoint at /api/health intended for monitoring tools, load balancers, and orchestration platforms. The endpoint returns JSON with service status, version, and timestamp. However, the implementation has a critical bug: the endpoint will require authentication in production mode, contradicting its stated purpose.
Key Changes:
- New
/api/healthendpoint returning status, service name, version, and timestamp - Router registration in main.py
- Unit tests for endpoint functionality (3 tests)
- Documentation updates in admin guide and endpoint summary
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| backend/routes/health_routes.py | New health check route implementation (will require auth middleware update to work as intended) |
| backend/main.py | Register health router with FastAPI app |
| backend/tests/test_health_route.py | Unit tests for health endpoint (tests don't validate production behavior) |
| docs/02_admin_guide.md | Add health monitoring section describing the new endpoint |
| docs/archive/endpoint_summary.md | Update endpoint list with new /api/health entry |
backend/routes/health_routes.py
Outdated
| return { | ||
| "status": "healthy", | ||
| "service": "atlas-ui-3-backend", | ||
| "version": "2.0.0", |
There was a problem hiding this comment.
The version "2.0.0" is hardcoded here, creating a maintenance burden. The version is already centrally defined in backend/main.py line 116 as part of the FastAPI app configuration.
Consider extracting the version to a constant or reading it from the app's metadata to maintain consistency:
from main import app
@router.get("/health")
async def health_check() -> Dict[str, Any]:
# ... docstring ...
return {
"status": "healthy",
"service": "atlas-ui-3-backend",
"version": app.version, # Use version from FastAPI app
"timestamp": datetime.now(timezone.utc).isoformat()
}This ensures the health endpoint always reflects the actual application version without manual synchronization.
docs/archive/endpoint_summary.md
Outdated
|
|
||
| Generated: 2025-08-09 | ||
| Last Updated: 2025-11-21 | ||
| Branch: feature/s3-file-storage |
There was a problem hiding this comment.
[nitpick] The branch name "feature/s3-file-storage" in the metadata is outdated and doesn't reflect the current PR's purpose (adding a health endpoint). This archived document should either be updated with the correct branch name or the branch line should be removed if this is meant to be a living document that tracks multiple branches over time.
| Branch: feature/s3-file-storage |
| @router.get("/health") | ||
| async def health_check() -> Dict[str, Any]: | ||
| """Health check endpoint for service monitoring. | ||
| Returns basic service status information. This endpoint does not require | ||
| authentication and is intended for use by load balancers, monitoring | ||
| systems, and orchestration platforms. | ||
| Returns: | ||
| Dictionary containing: | ||
| - status: Service health status ("healthy") | ||
| - service: Service name | ||
| - version: Service version | ||
| - timestamp: Current UTC timestamp in ISO-8601 format | ||
| """ | ||
| return { | ||
| "status": "healthy", | ||
| "service": "atlas-ui-3-backend", | ||
| "version": "2.0.0", | ||
| "timestamp": datetime.now(timezone.utc).isoformat() | ||
| } |
There was a problem hiding this comment.
The /api/health endpoint is currently protected by AuthMiddleware and will require authentication in production (non-debug mode), contradicting the PR's goal of providing a public health check for monitoring tools and load balancers.
To make this endpoint truly public, the AuthMiddleware in backend/core/middleware.py needs to be updated to skip authentication for /api/health, similar to how it currently skips /static paths. Add this check in the dispatch method around line 50:
# Skip auth for static files, health check, and configured auth endpoint
if (request.url.path.startswith('/static') or
request.url.path == '/api/health' or
request.url.path == self.auth_redirect_url):
return await call_next(request)Without this change, external monitoring systems and load balancers will receive 401 Unauthorized or redirect responses instead of the expected health status.
- Updated AuthMiddleware to bypass authentication for /api/health endpoint. - Modified health check route to use version from a centralized version file. - Added unit tests to verify health endpoint bypasses authentication. - Cleaned up endpoint summary documentation by removing branch reference. - Introduced version.py for consistent version management across the application.
🔒 Security Scan ResultsSecurity Scan SummaryScan ResultsPython SAST (Bandit)Recommendations
|
| The application provides a public health check endpoint at `/api/health` specifically designed for monitoring tools, load balancers, and orchestration platforms. This endpoint requires no authentication and returns a JSON response containing the service status, version, and current timestamp in ISO-8601 format. You can integrate this endpoint into your monitoring infrastructure (such as Kubernetes liveness/readiness probes, AWS ELB health checks, or Prometheus monitoring) to verify that the backend service is running and responding correctly. The endpoint is lightweight and does not check database connectivity or external dependencies, making it ideal for high-frequency health polling without impacting application performance. For more detailed system status information that includes configuration and component health, admin users can access the `/admin/system-status` endpoint, which requires authentication and admin group membership. | ||
There was a problem hiding this comment.
[nitpick] This documentation paragraph is quite long and dense (581 characters in a single paragraph). Consider breaking it into multiple paragraphs or a bulleted list for better readability. For example:
## Health Monitoring (Added 2025-11-21)
The application provides a public health check endpoint at `/api/health` specifically designed for monitoring tools, load balancers, and orchestration platforms.
**Key Features:**
- No authentication required
- Returns JSON with service status, version, and ISO-8601 timestamp
- Lightweight - no database or external dependency checks
- Ideal for high-frequency health polling
**Integration Examples:**
You can integrate this endpoint into monitoring infrastructure such as:
- Kubernetes liveness/readiness probes
- AWS ELB/ALB health checks
- Prometheus monitoring
**Advanced Monitoring:**
For more detailed system status information that includes configuration and component health, admin users can access the `/admin/system-status` endpoint, which requires authentication and admin group membership.| The application provides a public health check endpoint at `/api/health` specifically designed for monitoring tools, load balancers, and orchestration platforms. This endpoint requires no authentication and returns a JSON response containing the service status, version, and current timestamp in ISO-8601 format. You can integrate this endpoint into your monitoring infrastructure (such as Kubernetes liveness/readiness probes, AWS ELB health checks, or Prometheus monitoring) to verify that the backend service is running and responding correctly. The endpoint is lightweight and does not check database connectivity or external dependencies, making it ideal for high-frequency health polling without impacting application performance. For more detailed system status information that includes configuration and component health, admin users can access the `/admin/system-status` endpoint, which requires authentication and admin group membership. | |
| The application provides a public health check endpoint at `/api/health` specifically designed for monitoring tools, load balancers, and orchestration platforms. | |
| **Key Features:** | |
| - No authentication required | |
| - Returns JSON with service status, version, and ISO-8601 timestamp | |
| - Lightweight: does not check database connectivity or external dependencies | |
| - Ideal for high-frequency health polling without impacting application performance | |
| **Integration Examples:** | |
| You can integrate this endpoint into your monitoring infrastructure, such as: | |
| - Kubernetes liveness/readiness probes | |
| - AWS ELB/ALB health checks | |
| - Prometheus monitoring | |
| **Advanced Monitoring:** | |
| For more detailed system status information, including configuration and component health, admin users can access the `/admin/system-status` endpoint, which requires authentication and admin group membership. |
Summary
/api/healthfor monitoring tools and load balancersTest plan
Changes
New Files:
backend/routes/health_routes.py- Health check route implementationbackend/tests/test_health_route.py- Unit tests for health endpointModified Files:
backend/main.py- Register health routerdocs/02_admin_guide.md- Add health monitoring sectiondocs/archive/endpoint_summary.md- Update endpoint listIntegration
This endpoint can be used with:
🤖 Generated with Claude Code