Operational: No health check endpoint for upstream provider connectivity #104

New issue

Open

opened 2026-05-11 13:49:53 +00:00 by thabeta · 0 comments

thabeta commented

2026-05-11 13:49:53 +00:00

Owner

Severity: Medium

Location

crates/hero_aibroker_server/src/api_openrpc/mod.rs — health endpoint

Finding

The health endpoint only checks internal state, not upstream connectivity:

pub async fn health_handler(State(state): State<Arc<AppState>>) -> impl IntoResponse {
    // Returns "ok" even if all providers are down
}

Impact

Health checks pass when all providers are unreachable
Load balancers don't detect provider outages
No distinction between "broker is running" and "broker can serve requests"

Recommendation

Add a deep health check that probes each provider
Distinguish between "alive" and "ready" states
Include provider health in the health response

## Severity: Medium ## Location `crates/hero_aibroker_server/src/api_openrpc/mod.rs` — health endpoint ## Finding The health endpoint only checks internal state, not upstream connectivity: ```rust pub async fn health_handler(State(state): State<Arc<AppState>>) -> impl IntoResponse { // Returns "ok" even if all providers are down } ``` ## Impact - Health checks pass when all providers are unreachable - Load balancers don't detect provider outages - No distinction between "broker is running" and "broker can serve requests" ## Recommendation - Add a deep health check that probes each provider - Distinguish between "alive" and "ready" states - Include provider health in the health response