@checkstack/healthcheck-http-backend 0.6.1 → 0.7.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +117 -0
- package/package.json +5 -5
- package/src/request-collector.ts +9 -0
- package/src/strategy.ts +7 -4
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,122 @@
|
|
|
1
1
|
# @checkstack/healthcheck-http-backend
|
|
2
2
|
|
|
3
|
+
## 0.7.1
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- c55d7c6: Unify the healthcheck chart system on the `@checkstack/ui` SVG kit and
|
|
8
|
+
redesign the HealthCheck drawer.
|
|
9
|
+
|
|
10
|
+
- `@checkstack/ui` gains six chart primitives (each with a Storybook story):
|
|
11
|
+
`StackedTimeline` (stacked status counts per bucket on the colorblind-safe
|
|
12
|
+
status triad), `ChartTooltip` + `useBandHover` (the one shared chart
|
|
13
|
+
tooltip and its cursor hit-testing), `ChartCard` / `chartCardChromeClass`
|
|
14
|
+
(the premium gradient card chrome, flat on low-power devices), `StatTile`
|
|
15
|
+
(number-led metric tile with delta chip, sparkline/ribbon footer, and
|
|
16
|
+
click-to-expand disclosure), `DistributionBar` (stacked horizontal
|
|
17
|
+
distribution + legend, replaces pies), and `CategoryRibbon` (categorical
|
|
18
|
+
history ribbon). `TimeSeriesChart` gains a hover tooltip with a crosshair
|
|
19
|
+
marker.
|
|
20
|
+
- `@checkstack/common` adds four optional chart metadata keys to
|
|
21
|
+
`BaseHealthResultMeta`: `x-chart-priority` (tile sort weight, lower first,
|
|
22
|
+
default 100), `x-chart-good-direction` (`"up" | "down"`, which direction
|
|
23
|
+
of change is an improvement; consumers fall back to
|
|
24
|
+
`x-anomaly-direction`), and `x-chart-true-label` / `x-chart-false-label`
|
|
25
|
+
(prose for a boolean field's values wherever they surface in text, e.g. a
|
|
26
|
+
dominance chip reading "Usually successful (98%)" instead of "Usually
|
|
27
|
+
true"). Built-in collector backends annotate their headline metrics and
|
|
28
|
+
boolean fields accordingly (purely additive metadata).
|
|
29
|
+
- `@checkstack/healthcheck-frontend` rebuilds the drawer: a hero status
|
|
30
|
+
banner (status pill, healthy %, avg latency, interval, last run with the
|
|
31
|
+
exact datetime on hover, full-width status ribbon) replaces the metric
|
|
32
|
+
tiles; the status timeline and latency heroes share the `ChartCard`
|
|
33
|
+
chrome; the auto-generated charts become a prioritized, click-to-expand
|
|
34
|
+
2-up tile grid (collector ids demoted to hover titles); the anomaly
|
|
35
|
+
Expected/Trend derivation is consolidated into one tested module shared by
|
|
36
|
+
the latency hero and the tiles.
|
|
37
|
+
|
|
38
|
+
BREAKING CHANGES: `recharts` is removed from `@checkstack/healthcheck-frontend`
|
|
39
|
+
(and the unused dependency from `@checkstack/ui`); the
|
|
40
|
+
`HealthCheckStatusTimeline` and `SparklineTooltip` components are deleted.
|
|
41
|
+
Extensions rendering into `HealthCheckDiagramSlot` should build on the
|
|
42
|
+
`@checkstack/ui` chart primitives instead.
|
|
43
|
+
|
|
44
|
+
- Updated dependencies [c55d7c6]
|
|
45
|
+
- Updated dependencies [c55d7c6]
|
|
46
|
+
- @checkstack/healthcheck-common@1.13.0
|
|
47
|
+
- @checkstack/common@0.21.0
|
|
48
|
+
- @checkstack/backend-api@0.29.1
|
|
49
|
+
|
|
50
|
+
## 0.7.0
|
|
51
|
+
|
|
52
|
+
### Minor Changes
|
|
53
|
+
|
|
54
|
+
- faf98f5: Security: config secrets (health-check strategy/collector credentials such as
|
|
55
|
+
SSH passwords, DB credentials, HTTP auth, and integration connection
|
|
56
|
+
credentials) ride ONE shared, domain-agnostic extraction channel instead of
|
|
57
|
+
being stored as plaintext or re-implemented per plugin.
|
|
58
|
+
|
|
59
|
+
New primitive and shared service:
|
|
60
|
+
|
|
61
|
+
- `configSecret({ id })` (in `@checkstack/backend-api`) declares an
|
|
62
|
+
extraction-channel secret keyed by a STABLE `id`, independent of field name or
|
|
63
|
+
position, so renaming or reordering a field never orphans its value. Use it
|
|
64
|
+
(not `configString({ "x-secret": true })`) for any credential whose config is
|
|
65
|
+
relayed to a satellite, projected to AI, or diffed by GitOps. `validateSecretIds`
|
|
66
|
+
rejects, at plugin registration, an `x-secret` field with no `id`, a duplicate
|
|
67
|
+
`id`, or a secret nested in an un-keyable container (array / record / tuple /
|
|
68
|
+
map) - so a mis-keyable schema fails boot rather than at run time.
|
|
69
|
+
- `ConfigSecretChannel` (in `@checkstack/secrets-backend`) is the single
|
|
70
|
+
extract / inflate / collect / redact / merge / delete / prune implementation.
|
|
71
|
+
Health-checks and integration connections both BIND it to their own scope
|
|
72
|
+
(marker prefix + internal-secret key layout); neither re-implements the walk.
|
|
73
|
+
|
|
74
|
+
Lifecycle (both bindings):
|
|
75
|
+
|
|
76
|
+
- **Write**: an inline value is extracted into the encrypted internal secret
|
|
77
|
+
store; the stored config keeps only an opaque marker. `${{ secrets.NAME }}`
|
|
78
|
+
references are stored verbatim and resolve through the active backend (local
|
|
79
|
+
or Vault) at run time.
|
|
80
|
+
- **Read**: configuration and connection reads strip `x-secret` values and
|
|
81
|
+
internal markers while keeping `${{ secrets.NAME }}` references visible; the
|
|
82
|
+
AI `getConfigurations` tool and create/update responses are redacted too. A
|
|
83
|
+
value never reaches a browser or an AI model context.
|
|
84
|
+
- **Run**: the core executor inflates markers/references in memory just before
|
|
85
|
+
the client is built. Satellites receive markers only and fetch values
|
|
86
|
+
just-in-time over the authenticated WS channel, per run, never persisted, then
|
|
87
|
+
fail CLOSED if any marker/reference survives resolution.
|
|
88
|
+
- **No orphan**: clearing a secret, removing a field/collector, swapping an
|
|
89
|
+
inline value for a reference, updating a connection, or deleting a
|
|
90
|
+
configuration/connection deletes the now-unreferenced internal secret. Cleanup
|
|
91
|
+
is schema-free (scans markers by prefix) and best-effort on delete, so it works
|
|
92
|
+
even when the owning plugin is uninstalled and never blocks a delete.
|
|
93
|
+
- **Forged-marker safe**: extract/inflate key each internal secret by the
|
|
94
|
+
SCHEMA leaf's stable `id`, never by an id parsed out of a stored marker string,
|
|
95
|
+
so a crafted marker can never resolve or delete another scope's secret.
|
|
96
|
+
|
|
97
|
+
Health-checks additionally get an idempotent, advisory-locked backfill that
|
|
98
|
+
moves pre-existing plaintext values into the internal store, and per-config-id
|
|
99
|
+
locking so concurrent writers across pods can never leave a dangling marker.
|
|
100
|
+
Integration connection credentials keep their released `__connref__:` marker
|
|
101
|
+
prefix and key layout (id equals the flat field name), so existing stored
|
|
102
|
+
connections are byte-compatible.
|
|
103
|
+
|
|
104
|
+
BREAKING CHANGES:
|
|
105
|
+
|
|
106
|
+
- Configuration and connection reads no longer include `x-secret` field values
|
|
107
|
+
(clients must treat blank-on-save as keep-existing; the bundled editors
|
|
108
|
+
already do).
|
|
109
|
+
- Satellites must be upgraded together with the core: an old satellite cannot
|
|
110
|
+
resolve the markers a new core stores, so its credentialed checks fail until
|
|
111
|
+
upgraded.
|
|
112
|
+
|
|
113
|
+
### Patch Changes
|
|
114
|
+
|
|
115
|
+
- Updated dependencies [faf98f5]
|
|
116
|
+
- @checkstack/backend-api@0.29.0
|
|
117
|
+
- @checkstack/common@0.20.0
|
|
118
|
+
- @checkstack/healthcheck-common@1.12.0
|
|
119
|
+
|
|
3
120
|
## 0.6.1
|
|
4
121
|
|
|
5
122
|
### Patch Changes
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@checkstack/healthcheck-http-backend",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.7.1",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"main": "src/index.ts",
|
|
6
6
|
"checkstack": {
|
|
@@ -14,16 +14,16 @@
|
|
|
14
14
|
"pack": "bunx @checkstack/scripts plugin-pack"
|
|
15
15
|
},
|
|
16
16
|
"dependencies": {
|
|
17
|
-
"@checkstack/backend-api": "0.
|
|
18
|
-
"@checkstack/healthcheck-common": "1.
|
|
17
|
+
"@checkstack/backend-api": "0.29.1",
|
|
18
|
+
"@checkstack/healthcheck-common": "1.13.0",
|
|
19
19
|
"jsonpath-plus": "^10.3.0",
|
|
20
|
-
"@checkstack/common": "0.
|
|
20
|
+
"@checkstack/common": "0.21.0"
|
|
21
21
|
},
|
|
22
22
|
"devDependencies": {
|
|
23
23
|
"@types/bun": "^1.0.0",
|
|
24
24
|
"typescript": "^5.0.0",
|
|
25
25
|
"@checkstack/tsconfig": "0.0.7",
|
|
26
|
-
"@checkstack/scripts": "0.7.
|
|
26
|
+
"@checkstack/scripts": "0.7.2"
|
|
27
27
|
},
|
|
28
28
|
"description": "Checkstack healthcheck-http-backend plugin",
|
|
29
29
|
"author": {
|
package/src/request-collector.ts
CHANGED
|
@@ -81,6 +81,7 @@ const requestResultSchema = healthResultSchema({
|
|
|
81
81
|
statusCode: healthResultNumber({
|
|
82
82
|
"x-chart-type": "counter",
|
|
83
83
|
"x-chart-label": "Status Code",
|
|
84
|
+
"x-chart-priority": 30,
|
|
84
85
|
// Off by default: the raw status code is an identifier, not a quantity
|
|
85
86
|
// with a meaningful baseline. Legitimate shifts (200 -> 301/302 redirects,
|
|
86
87
|
// content negotiation) are not problems, while real availability loss is
|
|
@@ -97,6 +98,7 @@ const requestResultSchema = healthResultSchema({
|
|
|
97
98
|
"x-chart-type": "line",
|
|
98
99
|
"x-chart-label": "Response Time",
|
|
99
100
|
"x-chart-unit": "ms",
|
|
101
|
+
"x-chart-priority": 10,
|
|
100
102
|
"x-anomaly-enabled": true,
|
|
101
103
|
"x-anomaly-direction": "lower-is-better",
|
|
102
104
|
"x-anomaly-sensitivity": 2,
|
|
@@ -109,11 +111,16 @@ const requestResultSchema = healthResultSchema({
|
|
|
109
111
|
"x-chart-type": "counter",
|
|
110
112
|
"x-chart-label": "Body Length",
|
|
111
113
|
"x-chart-unit": "bytes",
|
|
114
|
+
"x-chart-priority": 90,
|
|
112
115
|
"x-anomaly-enabled": false,
|
|
113
116
|
}),
|
|
114
117
|
success: healthResultBoolean({
|
|
115
118
|
"x-chart-type": "boolean",
|
|
116
119
|
"x-chart-label": "HTTP Success",
|
|
120
|
+
"x-chart-true-label": "successful",
|
|
121
|
+
"x-chart-false-label": "failing",
|
|
122
|
+
"x-chart-priority": 20,
|
|
123
|
+
"x-chart-good-direction": "up",
|
|
117
124
|
"x-anomaly-enabled": true,
|
|
118
125
|
"x-anomaly-direction": "dominance",
|
|
119
126
|
}),
|
|
@@ -127,6 +134,7 @@ const requestAggregatedFields = {
|
|
|
127
134
|
"x-chart-type": "line",
|
|
128
135
|
"x-chart-label": "Avg Response Time",
|
|
129
136
|
"x-chart-unit": "ms",
|
|
137
|
+
"x-chart-priority": 10,
|
|
130
138
|
"x-anomaly-enabled": true,
|
|
131
139
|
"x-anomaly-direction": "lower-is-better",
|
|
132
140
|
// Latency: bias toward fewer false positives. Require several consecutive
|
|
@@ -141,6 +149,7 @@ const requestAggregatedFields = {
|
|
|
141
149
|
"x-chart-type": "gauge",
|
|
142
150
|
"x-chart-label": "Success Rate",
|
|
143
151
|
"x-chart-unit": "%",
|
|
152
|
+
"x-chart-priority": 20,
|
|
144
153
|
"x-anomaly-enabled": true,
|
|
145
154
|
"x-anomaly-direction": "higher-is-better",
|
|
146
155
|
// Availability percent: the canonical saturation/failure signal. Debounce
|
package/src/strategy.ts
CHANGED
|
@@ -7,6 +7,7 @@ import {
|
|
|
7
7
|
mergeCounter,
|
|
8
8
|
z,
|
|
9
9
|
configString,
|
|
10
|
+
configSecret,
|
|
10
11
|
type InferAggregatedResult,
|
|
11
12
|
type ConnectedClient,
|
|
12
13
|
type TransportTimings,
|
|
@@ -74,14 +75,14 @@ export const httpHealthCheckConfigSchema = baseStrategyConfigSchema
|
|
|
74
75
|
})
|
|
75
76
|
.optional()
|
|
76
77
|
.describe("Username for Basic authentication"),
|
|
77
|
-
authPassword:
|
|
78
|
-
"
|
|
78
|
+
authPassword: configSecret({
|
|
79
|
+
id: "authPassword",
|
|
79
80
|
"x-hidden-when": { authType: ["none", "token", ""] },
|
|
80
81
|
})
|
|
81
82
|
.optional()
|
|
82
83
|
.describe("Password for Basic authentication"),
|
|
83
|
-
authToken:
|
|
84
|
-
"
|
|
84
|
+
authToken: configSecret({
|
|
85
|
+
id: "authToken",
|
|
85
86
|
"x-hidden-when": { authType: ["none", "basic", ""] },
|
|
86
87
|
})
|
|
87
88
|
.optional()
|
|
@@ -199,6 +200,8 @@ const httpAggregatedFields = {
|
|
|
199
200
|
errorCount: aggregatedCounter({
|
|
200
201
|
"x-chart-type": "counter",
|
|
201
202
|
"x-chart-label": "Errors",
|
|
203
|
+
"x-chart-priority": 90,
|
|
204
|
+
"x-chart-good-direction": "down",
|
|
202
205
|
// Off by default: a raw per-bucket error COUNT scales with how many runs
|
|
203
206
|
// land in the bucket, so it has no stable baseline and drifts with traffic
|
|
204
207
|
// volume. The percent form of the same signal (`successRate`) is the one
|