@vellumai/assistant 0.3.19 → 0.3.21

package/src/runtime/routes/guardian-action-routes.ts

@@ -0,0 +1,206 @@
+/**
+ * Route handlers for deterministic guardian action endpoints.
+ *
+ * These endpoints let desktop clients fetch pending guardian prompts and
+ * submit button decisions without relying on text parsing.
+ */
+import { applyGuardianDecision } from '../../approvals/guardian-decision-primitive.js';
+import {
+  getPendingApprovalForRequest,
+  listPendingApprovalRequests,
+} from '../../memory/channel-guardian-store.js';
+import type { ApprovalAction } from '../channel-approval-types.js';
+import { handleChannelDecision } from '../channel-approvals.js';
+import type { GuardianDecisionPrompt } from '../guardian-decision-types.js';
+import { buildDecisionActions } from '../guardian-decision-types.js';
+import { httpError } from '../http-errors.js';
+import * as pendingInteractions from '../pending-interactions.js';
+import { handleAccessRequestDecision } from './access-request-decision.js';
+
+// ---------------------------------------------------------------------------
+// GET /v1/guardian-actions/pending?conversationId=...
+// ---------------------------------------------------------------------------
+
+/**
+ * List pending guardian decision prompts for a conversation.
+ *
+ * Returns guardian approval requests (from the channel guardian store) that
+ * are still pending, mapped to the GuardianDecisionPrompt shape so clients
+ * can render structured button UIs.
+ */
+export function handleGuardianActionsPending(req: Request): Response {
+  const url = new URL(req.url);
+  const conversationId = url.searchParams.get('conversationId');
+
+  if (!conversationId) {
+    return httpError('BAD_REQUEST', 'conversationId query parameter is required', 400);
+  }
+
+  const prompts = listGuardianDecisionPrompts({ conversationId });
+  return Response.json({ conversationId, prompts });
+}
+
+// ---------------------------------------------------------------------------
+// POST /v1/guardian-actions/decision
+// ---------------------------------------------------------------------------
+
+/**
+ * Submit a guardian action decision.
+ *
+ * Looks up the guardian approval by requestId and applies the decision
+ * through the unified guardian decision primitive.
+ */
+export async function handleGuardianActionDecision(req: Request): Promise<Response> {
+  const body = await req.json() as {
+    requestId?: string;
+    action?: string;
+    conversationId?: string;
+  };
+
+  const { requestId, action, conversationId } = body;
+
+  if (!requestId || typeof requestId !== 'string') {
+    return httpError('BAD_REQUEST', 'requestId is required', 400);
+  }
+
+  if (!action || typeof action !== 'string') {
+    return httpError('BAD_REQUEST', 'action is required', 400);
+  }
+
+  const VALID_ACTIONS = new Set<string>(['approve_once', 'approve_always', 'reject']);
+  if (!VALID_ACTIONS.has(action)) {
+    return httpError('BAD_REQUEST', `Invalid action: ${action}. Must be one of: approve_once, approve_always, reject`, 400);
+  }
+
+  // Try the channel guardian approval store first (tool approval prompts)
+  const approval = getPendingApprovalForRequest(requestId);
+  if (approval) {
+    // Enforce conversationId scoping: reject decisions that target the wrong conversation.
+    if (conversationId && conversationId !== approval.conversationId) {
+      return httpError('BAD_REQUEST', 'conversationId does not match the approval', 400);
+    }
+
+    // Access request approvals need a separate decision path — they don't have
+    // pending interactions and use verification sessions instead.
+    if (approval.toolName === 'ingress_access_request') {
+      const mappedAction = action === 'reject' ? 'deny' as const : 'approve' as const;
+      // Use 'desktop' as the actor identity because this endpoint is
+      // unauthenticated — we cannot verify the caller is the assigned
+      // guardian, so we record a generic desktop origin instead of
+      // falsely attributing the decision to guardianExternalUserId.
+      const decisionResult = handleAccessRequestDecision(
+        approval,
+        mappedAction,
+        'desktop',
+      );
+      return Response.json({
+        applied: decisionResult.type !== 'stale',
+        requestId,
+        reason: decisionResult.type === 'stale' ? 'stale' : undefined,
+        accessRequestResult: decisionResult,
+      });
+    }
+
+    // Note: actorExternalUserId is left undefined because the desktop endpoint
+    // does not authenticate caller identity. This means scoped grant minting is
+    // skipped for button-based decisions — an acceptable trade-off to avoid
+    // falsifying audit records with an unverified guardian identity.
+    const result = applyGuardianDecision({
+      approval,
+      decision: { action: action as 'approve_once' | 'approve_always' | 'reject', source: 'plain_text', requestId },
+      actorExternalUserId: undefined,
+      actorChannel: 'vellum',
+    });
+    return Response.json({ ...result, requestId: result.requestId ?? requestId });
+  }
+
+  // Fall back to the pending interactions tracker (direct confirmation requests).
+  // Route through handleChannelDecision so approve_always properly persists trust rules.
+  const interaction = pendingInteractions.get(requestId);
+  if (interaction) {
+    // Enforce conversationId scoping for interactions too.
+    if (conversationId && conversationId !== interaction.conversationId) {
+      return httpError('BAD_REQUEST', 'conversationId does not match the interaction', 400);
+    }
+
+    const result = handleChannelDecision(
+      interaction.conversationId,
+      { action: action as ApprovalAction, source: 'plain_text', requestId },
+    );
+    return Response.json({ ...result, requestId: result.requestId ?? requestId });
+  }
+
+  return httpError('NOT_FOUND', 'No pending guardian action found for this requestId', 404);
+}
+
+// ---------------------------------------------------------------------------
+// Shared helper: list guardian decision prompts
+// ---------------------------------------------------------------------------
+
+/**
+ * Build a list of GuardianDecisionPrompt objects for the given conversation.
+ *
+ * Aggregates pending guardian approval requests from the channel guardian
+ * store and pending confirmation interactions from the pending-interactions
+ * tracker, exposing them in a uniform shape that clients can render as
+ * structured button UIs.
+ */
+export function listGuardianDecisionPrompts(params: {
+  conversationId: string;
+}): GuardianDecisionPrompt[] {
+  const { conversationId } = params;
+  const prompts: GuardianDecisionPrompt[] = [];
+
+  // 1. Channel guardian approval requests (tool approvals routed to guardians)
+  const approvalRequests = listPendingApprovalRequests({
+    conversationId,
+    status: 'pending',
+  }).filter(a => a.expiresAt > Date.now() && a.requestId != null);
+
+  for (const approval of approvalRequests) {
+    const reqId = approval.requestId!;
+    prompts.push({
+      requestId: reqId,
+      requestCode: reqId.slice(0, 6).toUpperCase(),
+      state: 'pending',
+      questionText: approval.reason ?? `Approve tool: ${approval.toolName ?? 'unknown'}`,
+      toolName: approval.toolName ?? null,
+      actions: buildDecisionActions({ forGuardianOnBehalf: true }),
+      expiresAt: approval.expiresAt,
+      conversationId: approval.conversationId,
+      callSessionId: null,
+    });
+  }
+
+  // 2. Guardian action requests (voice call guardian questions) are intentionally
+  // excluded here — resolving them requires the answerCall + resolveGuardianActionRequest
+  // flow which is handled by the conversational session-process path, not by the
+  // deterministic button decision endpoint.
+  // TODO: Surface voice guardian-action requests as read-only informational prompts
+  // so desktop clients can see them even though they can't be resolved via buttons.
+
+  // 3. Pending confirmation interactions (direct tool approval prompts)
+  const interactions = pendingInteractions.getByConversation(conversationId);
+  for (const interaction of interactions) {
+    if (interaction.kind !== 'confirmation' || !interaction.confirmationDetails) continue;
+    // Skip if already covered by a channel guardian approval above
+    if (prompts.some(p => p.requestId === interaction.requestId)) continue;
+
+    const details = interaction.confirmationDetails;
+    prompts.push({
+      requestId: interaction.requestId,
+      requestCode: interaction.requestId.slice(0, 6).toUpperCase(),
+      state: 'pending',
+      questionText: `Approve tool: ${details.toolName}`,
+      toolName: details.toolName,
+      actions: buildDecisionActions({
+        persistentDecisionsAllowed: details.persistentDecisionsAllowed,
+      }),
+      expiresAt: Date.now() + 300_000,
+      conversationId,
+      callSessionId: null,
+    });
+  }
+
+  return prompts;
+}

package/src/runtime/routes/guardian-approval-interception.ts

@@ -2,6 +2,7 @@
  * Approval interception: checks for pending approvals and handles inbound
  * messages as decisions, reminders, or conversational follow-ups.
  */
+import { applyGuardianDecision } from '../../approvals/guardian-decision-primitive.js';
 import type { ChannelId } from '../../channels/types.js';
 import {
   getAllPendingApprovalsByGuardianChat,
@@ -11,9 +12,7 @@ import {
   type GuardianApprovalRequest,
   updateApprovalDecision,
 } from '../../memory/channel-guardian-store.js';
-import { createScopedApprovalGrant } from '../../memory/scoped-approval-grants.js';
 import { emitNotificationSignal } from '../../notifications/emit-signal.js';
-import { computeToolApprovalDigest } from '../../security/tool-approval-digest.js';
 import { getLogger } from '../../util/logger.js';
 import { runApprovalConversationTurn } from '../approval-conversation-turn.js';
 import { composeApprovalMessageGenerative } from '../approval-message-composer.js';
@@ -25,7 +24,6 @@ import {
   getApprovalInfoByConversation,
   getChannelApprovalPrompt,
   handleChannelDecision,
-  type PendingApprovalInfo,
 } from '../channel-approvals.js';
 import { deliverChannelReply } from '../gateway-client.js';
 import type {
@@ -49,68 +47,6 @@ import {
 
 const log = getLogger('runtime-http');
 
-/** TTL for scoped approval grants minted on guardian approve_once decisions. */
-export const GRANT_TTL_MS = 5 * 60 * 1000;
-
-// ---------------------------------------------------------------------------
-// Scoped grant minting on guardian tool-approval decisions
-// ---------------------------------------------------------------------------
-
-/**
- * Mint a `tool_signature` scoped grant when a guardian approves a tool-approval
- * request.  Only mints when the approval info contains a tool invocation with
- * input (so we can compute the input digest).  Informational ASK_GUARDIAN
- * requests that lack tool input are skipped.
- *
- * Fails silently on error — grant minting is best-effort and must never block
- * the approval flow.
- */
-function tryMintToolApprovalGrant(params: {
-  approvalInfo: PendingApprovalInfo;
-  approval: GuardianApprovalRequest;
-  decisionChannel: ChannelId;
-  guardianExternalUserId: string;
-}): void {
-  const { approvalInfo, approval, decisionChannel, guardianExternalUserId } = params;
-
-  // Only mint for requests that carry a tool name — the presence of toolName
-  // distinguishes tool-approval requests from informational ones.
-  // computeToolApprovalDigest can deterministically hash {} so zero-argument
-  // tool invocations must still receive a grant.
-  if (!approvalInfo.toolName) {
-    return;
-  }
-
-  try {
-    const inputDigest = computeToolApprovalDigest(approvalInfo.toolName, approvalInfo.input);
-
-    createScopedApprovalGrant({
-      assistantId: approval.assistantId,
-      scopeMode: 'tool_signature',
-      toolName: approvalInfo.toolName,
-      inputDigest,
-      requestChannel: approval.channel,
-      decisionChannel,
-      executionChannel: null,
-      conversationId: approval.conversationId,
-      callSessionId: null,
-      guardianExternalUserId,
-      requesterExternalUserId: approval.requesterExternalUserId,
-      expiresAt: new Date(Date.now() + GRANT_TTL_MS).toISOString(),
-    });
-
-    log.info(
-      { toolName: approvalInfo.toolName, conversationId: approval.conversationId },
-      'Minted scoped approval grant for guardian tool-approval decision',
-    );
-  } catch (err) {
-    log.error(
-      { err, toolName: approvalInfo.toolName, conversationId: approval.conversationId },
-      'Failed to mint scoped approval grant (non-fatal)',
-    );
-  }
-}
-
 export interface ApprovalInterceptionParams {
   conversationId: string;
   callbackData?: string;
@@ -250,13 +186,6 @@ export async function handleApprovalInterception(
       }
 
       if (callbackDecision) {
-        // approve_always is not available for guardian approvals — guardians
-        // should not be able to permanently allowlist tools on behalf of the
-        // requester. Downgrade to approve_once.
-        if (callbackDecision.action === 'approve_always') {
-          callbackDecision = { ...callbackDecision, action: 'approve_once' };
-        }
-
         // Access request approvals don't have a pending interaction in the
         // session tracker, so they need a separate decision path that creates
         // a verification session instead of resuming an agent loop.
@@ -272,44 +201,22 @@ export async function handleApprovalInterception(
           return accessResult;
         }
 
-        // Capture pending approval info before handleChannelDecision resolves
-        // (and removes) the pending interaction. Needed for grant minting.
-        const cbApprovalInfo = getApprovalInfoByConversation(guardianApproval.conversationId);
-        const cbMatchedInfo = callbackDecision.requestId
-          ? cbApprovalInfo.find(a => a.requestId === callbackDecision!.requestId)
-          : cbApprovalInfo[0];
-
-        // Apply the decision to the underlying session using the requester's
-        // conversation context
-        const result = handleChannelDecision(
-          guardianApproval.conversationId,
-          callbackDecision,
-        );
+        // Apply the decision through the unified guardian decision primitive.
+        // The primitive handles approve_always downgrade, approval info capture,
+        // record update, and scoped grant minting.
+        const result = applyGuardianDecision({
+          approval: guardianApproval,
+          decision: callbackDecision,
+          actorExternalUserId: senderExternalUserId,
+          actorChannel: sourceChannel,
+        });
 
         if (result.applied) {
-          // Update the guardian approval request record only when the decision
-          // was actually applied. If the request was already resolved (race with
-          // expiry sweep or concurrent callback), skip to avoid inconsistency.
-          const approvalStatus = callbackDecision.action === 'reject' ? 'denied' as const : 'approved' as const;
-          updateApprovalDecision(guardianApproval.id, {
-            status: approvalStatus,
-            decidedByExternalUserId: senderExternalUserId,
-          });
-
-          // Mint a scoped grant when a guardian approves a tool-approval request
-          if (callbackDecision.action !== 'reject' && cbMatchedInfo) {
-            tryMintToolApprovalGrant({
-              approvalInfo: cbMatchedInfo,
-              approval: guardianApproval,
-              decisionChannel: sourceChannel,
-              guardianExternalUserId: senderExternalUserId,
-            });
-          }
-
           // Notify the requester's chat about the outcome with the tool name
+          const effectiveAction = callbackDecision.action === 'approve_always' ? 'approve_once' : callbackDecision.action;
           const outcomeText = await composeApprovalMessageGenerative({
             scenario: 'guardian_decision_outcome',
-            decision: callbackDecision.action === 'reject' ? 'denied' : 'approved',
+            decision: effectiveAction === 'reject' ? 'denied' : 'approved',
             toolName: guardianApproval.toolName,
             channel: sourceChannel,
           }, {}, approvalCopyGenerator);
@@ -428,38 +335,15 @@ export async function handleApprovalInterception(
           ...(engineResult.targetRequestId ? { requestId: engineResult.targetRequestId } : {}),
         };
 
-        // Capture pending approval info before handleChannelDecision resolves
-        // (and removes) the pending interaction. Needed for grant minting.
-        const engineApprovalInfo = getApprovalInfoByConversation(targetApproval.conversationId);
-        const engineMatchedInfo = engineDecision.requestId
-          ? engineApprovalInfo.find(a => a.requestId === engineDecision.requestId)
-          : engineApprovalInfo[0];
-
-        const result = handleChannelDecision(
-          targetApproval.conversationId,
-          engineDecision,
-        );
+        // Apply the decision through the unified guardian decision primitive.
+        const result = applyGuardianDecision({
+          approval: targetApproval,
+          decision: engineDecision,
+          actorExternalUserId: senderExternalUserId,
+          actorChannel: sourceChannel,
+        });
 
         if (result.applied) {
-          // Update the guardian approval request record only when the decision
-          // was actually applied. If the request was already resolved (race with
-          // expiry sweep or concurrent callback), skip to avoid inconsistency.
-          const approvalStatus = decisionAction === 'reject' ? 'denied' as const : 'approved' as const;
-          updateApprovalDecision(targetApproval.id, {
-            status: approvalStatus,
-            decidedByExternalUserId: senderExternalUserId,
-          });
-
-          // Mint a scoped grant when a guardian approves a tool-approval request
-          if (decisionAction !== 'reject' && engineMatchedInfo) {
-            tryMintToolApprovalGrant({
-              approvalInfo: engineMatchedInfo,
-              approval: targetApproval,
-              decisionChannel: sourceChannel,
-              guardianExternalUserId: senderExternalUserId,
-            });
-          }
-
           // Notify the requester's chat about the outcome
           const outcomeText = await composeApprovalMessageGenerative({
             scenario: 'guardian_decision_outcome',
@@ -591,35 +475,15 @@ export async function handleApprovalInterception(
             return accessResult;
           }
 
-          // Capture pending approval info before handleChannelDecision resolves
-          // (and removes) the pending interaction. Needed for grant minting.
-          const legacyApprovalInfo = getApprovalInfoByConversation(targetLegacyApproval.conversationId);
-          const legacyMatchedInfo = legacyGuardianDecision.requestId
-            ? legacyApprovalInfo.find(a => a.requestId === legacyGuardianDecision.requestId)
-            : legacyApprovalInfo[0];
-
-          const result = handleChannelDecision(
-            targetLegacyApproval.conversationId,
-            legacyGuardianDecision,
-          );
+          // Apply the decision through the unified guardian decision primitive.
+          const result = applyGuardianDecision({
+            approval: targetLegacyApproval,
+            decision: legacyGuardianDecision,
+            actorExternalUserId: senderExternalUserId,
+            actorChannel: sourceChannel,
+          });
 
           if (result.applied) {
-            const approvalStatus = legacyGuardianDecision.action === 'reject' ? 'denied' as const : 'approved' as const;
-            updateApprovalDecision(targetLegacyApproval.id, {
-              status: approvalStatus,
-              decidedByExternalUserId: senderExternalUserId,
-            });
-
-            // Mint a scoped grant when a guardian approves a tool-approval request
-            if (legacyGuardianDecision.action !== 'reject' && legacyMatchedInfo) {
-              tryMintToolApprovalGrant({
-                approvalInfo: legacyMatchedInfo,
-                approval: targetLegacyApproval,
-                decisionChannel: sourceChannel,
-                guardianExternalUserId: senderExternalUserId,
-              });
-            }
-
             // Notify the requester's chat about the outcome
             const outcomeText = await composeApprovalMessageGenerative({
               scenario: 'guardian_decision_outcome',
@@ -742,13 +606,15 @@ export async function handleApprovalInterception(
               action: 'reject',
               source: 'plain_text',
             };
-            const cancelApplyResult = handleChannelDecision(conversationId, rejectDecision);
+            // Apply the cancel decision through the unified primitive.
+            // The primitive handles record update and (no-op) grant logic.
+            const cancelApplyResult = applyGuardianDecision({
+              approval: guardianApprovalForRequest,
+              decision: rejectDecision,
+              actorExternalUserId: senderExternalUserId,
+              actorChannel: sourceChannel,
+            });
             if (cancelApplyResult.applied) {
-              updateApprovalDecision(guardianApprovalForRequest.id, {
-                status: 'denied',
-                decidedByExternalUserId: senderExternalUserId,
-              });
-
               // Notify requester
               const replyText = cancelReplyText ?? await composeApprovalMessageGenerative({
                 scenario: 'requester_cancel',
@@ -1152,29 +1018,39 @@ async function handleAccessRequestApproval(
     });
   }
 
-  // Emit guardian_decision (approved) signal
-  void emitNotificationSignal({
-    sourceEventName: 'ingress.trusted_contact.guardian_decision',
-    sourceChannel: approval.channel,
-    sourceSessionId: approval.conversationId,
-    assistantId,
-    attentionHints: {
-      requiresAction: false,
-      urgency: 'medium',
-      isAsyncBackground: false,
-      visibleInSourceNow: false,
-    },
-    contextPayload: {
+  // Don't emit guardian_decision for approvals that still require code
+  // verification — the guardian already received the code, and emitting
+  // this signal prematurely causes the notification pipeline to deliver
+  // a confusing "approved" message before the requester has verified.
+  // The guardian_decision signal should only fire once access is fully granted
+  // (i.e. after code consumption), which is handled in the verification path.
+  if (!decisionResult.verificationSessionId) {
+    void emitNotificationSignal({
+      sourceEventName: 'ingress.trusted_contact.guardian_decision',
       sourceChannel: approval.channel,
-      requesterExternalUserId: approval.requesterExternalUserId,
-      requesterChatId: approval.requesterChatId,
-      decidedByExternalUserId,
-      decision: 'approved',
-    },
-    dedupeKey: `trusted-contact:guardian-decision:${approval.id}`,
-  });
+      sourceSessionId: approval.conversationId,
+      assistantId,
+      attentionHints: {
+        requiresAction: false,
+        urgency: 'medium',
+        isAsyncBackground: false,
+        visibleInSourceNow: false,
+      },
+      contextPayload: {
+        sourceChannel: approval.channel,
+        requesterExternalUserId: approval.requesterExternalUserId,
+        requesterChatId: approval.requesterChatId,
+        decidedByExternalUserId,
+        decision: 'approved',
+      },
+      dedupeKey: `trusted-contact:guardian-decision:${approval.id}`,
+    });
+  }
 
-  // Only emit verification_sent when the code was actually delivered to the guardian.
+  // Emit verification_sent with visibleInSourceNow=true so the notification
+  // pipeline suppresses delivery — the guardian already received the
+  // verification code directly. Without this flag, the pipeline generates
+  // a redundant LLM message like "Good news! Your request has been approved."
   if (decisionResult.verificationSessionId && codeDelivered) {
     void emitNotificationSignal({
       sourceEventName: 'ingress.trusted_contact.verification_sent',
@@ -1185,7 +1061,7 @@ async function handleAccessRequestApproval(
         requiresAction: false,
         urgency: 'low',
         isAsyncBackground: true,
-        visibleInSourceNow: false,
+        visibleInSourceNow: true,
       },
       contextPayload: {
         sourceChannel: approval.channel,

package/src/runtime/routes/identity-routes.ts

@@ -3,6 +3,7 @@
  */
 
 import { existsSync, readFileSync, statfsSync,statSync } from 'node:fs';
+import { cpus, totalmem } from 'node:os';
 import { dirname,join } from 'node:path';
 import { fileURLToPath } from 'node:url';
 
@@ -36,6 +37,76 @@ function getDiskSpaceInfo(): DiskSpaceInfo | null {
   }
 }
 
+interface MemoryInfo {
+  currentMb: number;
+  maxMb: number;
+}
+
+// Read the container memory limit from cgroups if available, falling back to host total.
+// cgroups v2: /sys/fs/cgroup/memory.max (returns "max" when unlimited)
+// cgroups v1: /sys/fs/cgroup/memory/memory.limit_in_bytes (large sentinel when unlimited)
+function getContainerMemoryLimitBytes(): number | null {
+  try {
+    const v2 = readFileSync('/sys/fs/cgroup/memory.max', 'utf-8').trim();
+    if (v2 !== 'max') {
+      const bytes = parseInt(v2, 10);
+      if (!isNaN(bytes) && bytes > 0) return bytes;
+    }
+  } catch { /* not available */ }
+  try {
+    const v1 = readFileSync('/sys/fs/cgroup/memory/memory.limit_in_bytes', 'utf-8').trim();
+    const bytes = parseInt(v1, 10);
+    // cgroups v1 uses a near-INT64_MAX sentinel when no limit is set
+    if (!isNaN(bytes) && bytes > 0 && bytes < totalmem() * 1.5) return bytes;
+  } catch { /* not available */ }
+  return null;
+}
+
+function getMemoryInfo(): MemoryInfo {
+  const bytesToMb = (b: number) => Math.round((b / (1024 * 1024)) * 100) / 100;
+  return {
+    currentMb: bytesToMb(process.memoryUsage().rss),
+    maxMb: bytesToMb(getContainerMemoryLimitBytes() ?? totalmem()),
+  };
+}
+
+interface CpuInfo {
+  currentPercent: number;
+  maxCores: number;
+}
+
+// Track CPU usage over a rolling window so /healthz reports near-real-time
+// utilization instead of a lifetime average (total CPU time / total uptime).
+const CPU_SAMPLE_INTERVAL_MS = 5_000;
+let _lastCpuUsage: NodeJS.CpuUsage = process.cpuUsage();
+let _lastCpuTime: number = Date.now();
+let _cachedCpuPercent = 0;
+
+// Kick off the background sampler. unref() so it never prevents process exit.
+setInterval(() => {
+  const now = Date.now();
+  const newUsage = process.cpuUsage();
+  const elapsedMs = now - _lastCpuTime;
+  if (elapsedMs > 0) {
+    const deltaCpuUs =
+      (newUsage.user - _lastCpuUsage.user) +
+      (newUsage.system - _lastCpuUsage.system);
+    const deltaCpuMs = deltaCpuUs / 1000;
+    const numCores = cpus().length;
+    _cachedCpuPercent =
+      Math.round((deltaCpuMs / (elapsedMs * numCores)) * 10000) / 100;
+  }
+  _lastCpuUsage = newUsage;
+  _lastCpuTime = now;
+}, CPU_SAMPLE_INTERVAL_MS).unref();
+
+function getCpuInfo(): CpuInfo {
+  return {
+    currentPercent: _cachedCpuPercent,
+    maxCores: cpus().length,
+  };
+}
+
 function getPackageVersion(): string | undefined {
   try {
     const pkgPath = join(dirname(fileURLToPath(import.meta.url)), '../../../package.json');
@@ -52,6 +123,8 @@ export function handleHealth(): Response {
     timestamp: new Date().toISOString(),
     version: getPackageVersion(),
     disk: getDiskSpaceInfo(),
+    memory: getMemoryInfo(),
+    cpu: getCpuInfo(),
   });
 }