feat(workflow-executor): add GET /health endpoint for ops monitoring

matthv · claude · alban bertolini · commit 371befcd51cb · 2026-03-26T18:39:35.000+01:00
Public endpoint (no JWT required) that returns the Runner state:
- 200 { state: 'running' } or { state: 'draining' }
- 503 { state: 'stopped' } or { state: 'idle' }

Usable as k8s readiness probe, ECS health check, or manual curl.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/packages/workflow-executor/src/http/executor-http-server.ts b/packages/workflow-executor/src/http/executor-http-server.ts
@@ -62,6 +62,19 @@ export default class ExecutorHttpServer {
       }
     });
 
+    // Health endpoint — before JWT so it's publicly accessible (infra probes don't send tokens)
+    this.app.use(async (ctx, next) => {
+      if (ctx.method === 'GET' && ctx.path === '/health') {
+        const { state } = this.options.runner;
+        ctx.status = state === 'running' || state === 'draining' ? 200 : 503;
+        ctx.body = { state };
+
+        return;
+      }
+
+      await next();
+    });
+
     this.app.use(bodyParser());
 
     // JWT middleware — validates Bearer token using authSecret
diff --git a/packages/workflow-executor/test/http/executor-http-server.test.ts b/packages/workflow-executor/test/http/executor-http-server.test.ts
@@ -20,6 +20,7 @@ function signToken(payload: object, secret = AUTH_SECRET, options?: jsonwebtoken
 
 function createMockRunner(overrides: Partial<Runner> = {}): Runner {
   return {
+    state: 'running',
     start: jest.fn().mockResolvedValue(undefined),
     stop: jest.fn().mockResolvedValue(undefined),
     triggerPoll: jest.fn().mockResolvedValue(undefined),
@@ -156,6 +157,52 @@ describe('ExecutorHttpServer', () => {
     });
   });
 
+  describe('GET /health', () => {
+    it('returns 200 with state when runner is running', async () => {
+      const server = createServer({ runner: createMockRunner({ state: 'running' } as never) });
+
+      const response = await request(server.callback).get('/health');
+
+      expect(response.status).toBe(200);
+      expect(response.body).toEqual({ state: 'running' });
+    });
+
+    it('returns 200 with state when runner is draining', async () => {
+      const server = createServer({ runner: createMockRunner({ state: 'draining' } as never) });
+
+      const response = await request(server.callback).get('/health');
+
+      expect(response.status).toBe(200);
+      expect(response.body).toEqual({ state: 'draining' });
+    });
+
+    it('returns 503 when runner is stopped', async () => {
+      const server = createServer({ runner: createMockRunner({ state: 'stopped' } as never) });
+
+      const response = await request(server.callback).get('/health');
+
+      expect(response.status).toBe(503);
+      expect(response.body).toEqual({ state: 'stopped' });
+    });
+
+    it('returns 503 when runner is idle', async () => {
+      const server = createServer({ runner: createMockRunner({ state: 'idle' } as never) });
+
+      const response = await request(server.callback).get('/health');
+
+      expect(response.status).toBe(503);
+      expect(response.body).toEqual({ state: 'idle' });
+    });
+
+    it('does not require JWT authentication', async () => {
+      const server = createServer();
+
+      const response = await request(server.callback).get('/health');
+
+      expect(response.status).toBe(200);
+    });
+  });
+
   describe('run access authorization', () => {
     it('returns 403 when hasRunAccess returns false on GET /runs/:runId', async () => {
       const workflowPort = createMockWorkflowPort({
