alee/fieldwitness
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add /health endpoint for system capability reporting

Browse Source 
Unauthenticated endpoint that reports what's installed, what's
missing, and what's degraded — without exposing secrets or key
material. Reports:

- Module status (stegasoo, verisoo) with versions
- Optional capabilities: DCT, audio, video stego, LMDB, imagehash,
  USB monitoring, GPIO — each with actionable install hints
- Key existence (identity, channel, trusted count, backup status)
- Fieldkit status (killswitch, deadman, chain enabled)
- System info (Python version, platform, available memory)

Overall status is "ok" when core modules + keys are present,
"degraded" otherwise. Memory reporting helps diagnose Argon2
OOM issues on constrained hardware (RPi).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Aaron D. Lee
2026-04-01 19:48:12 -04:00
parent 792254699c
commit 586aa50c95
1 changed files with 148 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

148
frontends/web/app.py
View File

@@ -222,6 +222,154 @@ def create_app(config: SoosefConfig | None = None) -> Flask:
def index():
return render_template("index.html")
# ── Health check ─────────────────────────────────────────────
@app.route("/health")
def health():
"""System health and capability report.
Unauthenticated — returns what's installed, what's missing,
and what's degraded. No secrets or key material exposed.
"""
import platform
import sys
from flask import jsonify
from soosef.keystore.manager import KeystoreManager
ks = KeystoreManager()
# Core modules
modules = {}
for name, import_path in [
("stegasoo", "soosef.stegasoo"),
("verisoo", "soosef.verisoo"),
]:
try:
mod = __import__(import_path, fromlist=["__version__"])
modules[name] = {"status": "ok", "version": getattr(mod, "__version__", "unknown")}
except ImportError as e:
modules[name] = {"status": "missing", "error": str(e)}
# Optional capabilities
capabilities = {}
# DCT steganography
try:
from soosef.stegasoo import has_dct_support
capabilities["stego_dct"] = {
"status": "ok" if has_dct_support() else "unavailable",
"hint": None if has_dct_support() else "Install soosef[stego-dct] (scipy, jpeglib, reedsolo)",
}
except ImportError:
capabilities["stego_dct"] = {"status": "missing", "hint": "Install soosef[stego-dct]"}
# Audio steganography
try:
from soosef.stegasoo import HAS_AUDIO_SUPPORT
capabilities["stego_audio"] = {
"status": "ok" if HAS_AUDIO_SUPPORT else "unavailable",
"hint": None if HAS_AUDIO_SUPPORT else "Install soosef[stego-audio] (soundfile, numpy)",
}
except ImportError:
capabilities["stego_audio"] = {"status": "missing", "hint": "Install soosef[stego-audio]"}
# Video steganography
try:
from soosef.stegasoo.constants import VIDEO_ENABLED
capabilities["stego_video"] = {
"status": "ok" if VIDEO_ENABLED else "unavailable",
"hint": None if VIDEO_ENABLED else "Requires ffmpeg in PATH",
}
except (ImportError, AttributeError):
capabilities["stego_video"] = {"status": "missing", "hint": "Requires ffmpeg"}
# LMDB (verisoo storage)
try:
import lmdb # noqa: F401
capabilities["lmdb"] = {"status": "ok"}
except ImportError:
capabilities["lmdb"] = {"status": "missing", "hint": "Install soosef[attest]"}
# Perceptual hashing
try:
import imagehash # noqa: F401
capabilities["imagehash"] = {"status": "ok"}
except ImportError:
capabilities["imagehash"] = {"status": "missing", "hint": "Install soosef[attest]"}
# USB monitoring
try:
import pyudev # noqa: F401
capabilities["usb_monitor"] = {"status": "ok"}
except ImportError:
capabilities["usb_monitor"] = {"status": "unavailable", "hint": "Install soosef[fieldkit] (Linux only)"}
# GPIO (RPi killswitch)
try:
import gpiozero # noqa: F401
capabilities["gpio"] = {"status": "ok"}
except ImportError:
capabilities["gpio"] = {"status": "unavailable", "hint": "Install soosef[rpi] (Raspberry Pi only)"}
# Key status (existence only, no material)
keys = {
"identity": "ok" if ks.has_identity() else "missing",
"channel_key": "ok" if ks.has_channel_key() else "missing",
"trusted_keys": len(ks.get_trusted_keys()),
}
# Backup status
backup_info = ks.last_backup_info()
keys["last_backup"] = backup_info["timestamp"] if backup_info else "never"
keys["backup_overdue"] = ks.is_backup_overdue(config.backup_reminder_days)
# Fieldkit status
fieldkit = {
"killswitch_enabled": config.killswitch_enabled,
"deadman_enabled": config.deadman_enabled,
"chain_enabled": config.chain_enabled,
}
if config.deadman_enabled:
from soosef.fieldkit.deadman import DeadmanSwitch
dm = DeadmanSwitch()
dm_status = dm.status()
fieldkit["deadman_armed"] = dm_status["armed"]
fieldkit["deadman_overdue"] = dm_status.get("overdue", False)
# System info (no secrets)
system = {
"python": sys.version.split()[0],
"platform": platform.machine(),
"os": platform.system(),
}
# Memory (for Argon2 sizing awareness)
try:
import os as _os
mem_bytes = _os.sysconf("SC_PAGE_SIZE") * _os.sysconf("SC_PHYS_PAGES")
system["memory_mb"] = mem_bytes // (1024 * 1024)
except (ValueError, OSError):
pass
# Overall status
all_ok = (
all(m["status"] == "ok" for m in modules.values())
and keys["identity"] == "ok"
and keys["channel_key"] == "ok"
)
return jsonify({
"status": "ok" if all_ok else "degraded",
"version": __import__("soosef").__version__,
"modules": modules,
"capabilities": capabilities,
"keys": keys,
"fieldkit": fieldkit,
"system": system,
})
return app