Skip to content

M4 slice c: health probes + backup/restore CLI#5

Merged
MikeBengtson merged 3 commits into
mainfrom
wsB/health-backup
May 13, 2026
Merged

M4 slice c: health probes + backup/restore CLI#5
MikeBengtson merged 3 commits into
mainfrom
wsB/health-backup

Conversation

@MikeBengtson
Copy link
Copy Markdown
Collaborator

@MikeBengtson MikeBengtson commented May 13, 2026

Summary

  • Structured /healthz + /readyz probes (gm-o9t8.4): new internal/server/health.go adds root-mux liveness (/healthz, always 200) and readiness (/readyz, aggregates KVM, vault, dolt, audit-dir component checks; 503 if any fail). Dependency-injected probers via Router.AttachHealthChecks. Existing /api/readyz untouched.
  • Admin backup/restore CLI: new gemba admin backup --out and gemba admin restore --from produce/consume a single tar.gz containing dolt data dir, vault blobs, audit log, and a per-entry sha256 manifest. Restore refuses to overwrite a non-empty target without --force.

Test plan

  • go test ./internal/server/... ./cmd/gemba/... ./internal/cli/... — 955 tests pass
  • /healthz returns 200 unconditionally
  • /readyz returns 200 when all components pass, 503 when any fails
  • Each component failing path covered (vault, dolt, audit dir, KVM-on-linux)
  • Backup -> wipe -> restore round-trip preserves vault.Inject + audit.Verify
  • Restore rejects tampered tarball
  • Restore refuses non-empty target without --force

🤖 Generated with Claude Code

MikeBengtson and others added 3 commits May 13, 2026 04:36
@MikeBengtson @claude
gm-o9t8.4: structured /healthz + /readyz probes
30d1a9c 
Add internal/server/health.go with liveness (/healthz) and structured
readiness (/readyz) handlers wired at the root mux. The readiness
probe aggregates four component checks (KVM device, vault sentinel
round-trip, dolt prober, audit-dir writability) into a single JSON
envelope and returns 503 when any component fails. Probers are
dependency-injected via Router.AttachHealthChecks so tests can fault
each component independently.

The existing /api/readyz handler is left untouched — it remains the
narrow dolt-only probe that the SPA's degraded banner already
consumes.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@MikeBengtson @claude
gm-o9t8.4: admin backup/restore CLI
aa1cdc0 
Add `gemba admin backup --out` / `gemba admin restore --from` for
disaster-recovery snapshots. Backups are single tar.gz files
containing the dolt data dir, per-workspace vault blobs, the audit
log, and a manifest.json with per-entry sha256 checksums. Restore
verifies every checksum and refuses to overwrite a non-empty target
data dir unless --force is supplied (the only auto-mode-friendly use
of force, gated to recovery flows).

Tests round-trip a real *vault.boltVault and an audit chain: after
restore vault.Inject returns the seeded plaintext and audit.Verify
succeeds against the restored log. A corruption test asserts restore
rejects a tampered tarball rather than silently extracting garbage.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@MikeBengtson
Merge remote-tracking branch 'origin/main' into wsB/health-backup
8b268eb
@MikeBengtson MikeBengtson merged commit 4b27292 into main May 13, 2026
3 of 6 checks passed
@MikeBengtson MikeBengtson deleted the wsB/health-backup branch May 13, 2026 09:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@MikeBengtson