HEALTH-001 critical basic-health

Basic health endpoint exists

Simple health endpoint at standard path (/health, /healthz, /ping) returning 200 OK with no auth required and <50ms response time

Question to ask

"How does your load balancer know the app is actually alive?"

Verification guide

Severity: Critical

Check automatically:

  1. Search for health endpoint definitions:

    # Multi-framework search for health routes
grep -rE "(app\.get|router\.get|@app\.get|\.GET|HandleFunc)\s*\(['\"]\/?(health|healthz|ping|up)" \
  --include="*.ts" --include="*.js" --include="*.py" --include="*.go" --include="*.rb"

# Find dedicated health files
find . -type f -name "*health*" | grep -E "\.(ts|js|py|go|rb)$"

# Next.js API routes
ls -la pages/api/health* app/api/health* 2>/dev/null

  2. Test the endpoint (requires app running locally):

    # Try common paths - note response time
curl -s -o /dev/null -w "%{http_code} %{time_total}s" http://localhost:PORT/health
curl -s -o /dev/null -w "%{http_code} %{time_total}s" http://localhost:PORT/healthz
curl -s -o /dev/null -w "%{http_code} %{time_total}s" http://localhost:PORT/ping
curl -s -o /dev/null -w "%{http_code} %{time_total}s" http://localhost:PORT/up

  3. Verify no authentication required:

    # Should return 200 without any auth headers
curl -s -o /dev/null -w "%{http_code}" http://localhost:PORT/health

  4. Check response body (optional but good practice):

    curl -s http://localhost:PORT/health

Cross-reference with:

  • GIT-001 (Clone and run) - test health endpoint during app startup
  • Section 6 (Resilience) - health endpoint should work even when dependencies are down
  • Section 12 (Monitoring/Status pages) - status pages typically call health endpoints

Pass criteria:

  • Health endpoint exists at a standard path (/health, /healthz, /ping, /up)
  • Returns HTTP 200 when app is running
  • Response time < 50ms locally (no expensive operations)
  • No authentication required (load balancers need access)
  • Does NOT check external dependencies (that's deep health's job)

Fail criteria:

  • No health endpoint found
  • Endpoint returns 500 or error when app is healthy
  • Requires authentication
  • Response time > 50ms locally (likely doing DB queries or external calls)
  • Non-standard path with no documentation

If no endpoint found, ask user: "No health endpoint found at standard paths (/health, /healthz, /ping, /up). Does one exist at a different path? If not, this is required for load balancer health checks and container orchestration."

Evidence to capture:

  • Endpoint path found (or none)
  • HTTP status code
  • Response time (ms)
  • Response body (if any)
  • Whether authentication is required

Section

07. Health Endpoints

Monitoring & Health

← Previous

RES-001

Third-party service resilience

 Next →

HEALTH-002

Deep health endpoint with dependency checks