max / makenotwork

server: expose git_sha on /api/health The JSON health endpoint reported version (semver) but omitted the build sha, so a same-semver hot-swap (the carousel case) couldn't be verified from the API. Add git_sha (short sha from build.rs GIT_HASH); a public commit ref, not a secret. PoM schema-drift guard stays green (additive). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Author: Max Johnson <me@maxj.phd> · 2026-06-13 22:41 UTC

Commit: 1bf92186ee23fd4b8fca96ab42a7ab7ef2bafdb4

Parent: 614c3e7

1 file changed, +19 insertions, -3 deletions

M server/src/routes/pages/public/health/mod.rs +19 -3

			@@ -623,9 +623,12 @@ pub(super) async fn health(
623	623		// JSON Health Endpoint (fast — reads from background monitor cache)
624	624		// ============================================================================
625	625
626		-	// Note: the HTML /health page has full diagnostics. The JSON endpoint is
627		-	// intentionally minimal (status only) to avoid leaking version, uptime,
628		-	// git hash, and service configuration to unauthenticated callers.
	626	+	// Note: the HTML /health page has full diagnostics. The JSON endpoint is kept
	627	+	// minimal: status, version, and the build's git sha — enough to answer "which
	628	+	// commit is live?" (the question a same-semver hot-swap like the carousel can't
	629	+	// answer from version alone), but still no uptime or service configuration. The
	630	+	// short git sha is a public commit ref (the server source is git-public), not a
	631	+	// secret.
629	632
630	633		/// `GET /api/health`: fast JSON health endpoint.
631	634		///
			@@ -680,6 +683,10 @@ fn health_json_body(overall: OverallStatus, db_ok: bool) -> serde_json::Value {
680	683		serde_json::json!({
681	684		"status": overall.api_label(),
682	685		"version": env!("CARGO_PKG_VERSION"),
	686	+	// The commit this binary was built from (short sha, set by build.rs).
	687	+	// `null` on a build without git metadata. Lets a deploy driver verify
	688	+	// the live commit when the version alone can't (same-semver swap).
	689	+	"git_sha": option_env!("GIT_HASH").filter(\|h\| !h.is_empty()),
683	690		"checks": {
684	691		"database": db_ok,
685	692		},
			@@ -733,6 +740,15 @@ mod tests {
733	740		assert_eq!(OverallStatus::Error.api_label(), "error");
734	741		}
735	742
	743	+	#[test]
	744	+	fn health_json_body_carries_version_and_git_sha_keys() {
	745	+	// A deploy driver answers "which commit is live?" from these keys; lock
	746	+	// their presence so the JSON endpoint can't silently drop them.
	747	+	let body = health_json_body(OverallStatus::Operational, true);
	748	+	assert_eq!(body["version"], env!("CARGO_PKG_VERSION"));
	749	+	assert!(body.get("git_sha").is_some(), "git_sha key must be present (null is fine)");
	750	+	}
	751	+
736	752		/// Schema-drift guard for the `mnw` target. See `shared/pom-contract/`.
737	753		#[test]
738	754		fn pom_hetzner_health_expectations_resolve() {