Highlights
Added
- Read-only Health API endpoints (admin-password auth)
GET /api/health— full JSON payload: service identity, uptime, listener / call activity, transcription queue depth, Go runtime stats (goroutines, heap, OS-allocated memory, CPU%), DB pool stats + ping, free-disk on the data directory, and integration status booleans (Central Management paired, relay configured, Hydra enabled).GET /api/health/live— minimal{"status":"ok"}for uptime probes.GET /api/health/ready—200 okor503 degradedwith areasons[]list (e.g.db: ping failed,disk: <5% free on data directory) so orchestrators can pull the scanner from a load-balancer pool when it is unhealthy.- All three endpoints are gated by HTTP Basic Auth using the admin password (same scheme as
/calls). No new keys to manage, no admin-UI surface added. - Response cached in-process for ~3 s so a hostile scraper can't force a
runtime.ReadMemStats/db.Pingper request. - No secrets in the payload — relay / CM URLs and external API keys are reduced to booleans (
relay_configured,hydra_api_key_present, etc.).
Quick test
curl -u admin:YOUR_ADMIN_PASSWORD https://your-tlr/api/health
curl -u admin:YOUR_ADMIN_PASSWORD https://your-tlr/api/health/live
curl -u admin:YOUR_ADMIN_PASSWORD https://your-tlr/api/health/readyInternal
processStartTimenow captured at the top ofmain()for accurateuptime_seconds.- New
HealthService(server/health.go) wired ontoController.Health; reuses the samegopsutilprocess sampler approach used by the Central Management heartbeat so health calls don't reset the heartbeat's CPU window. - Cross-platform disk stats use
gopsutil/v4/diskinstead of rawsyscall.Statfs_tso all 17 build targets compile cleanly.
See CHANGELOG.md for full details.