implemented observability

README.md

@@ -4,7 +4,7 @@
 
 ForgeBucket is a self-hosted, federated developer operations platform. Where other Git platforms show you a list of files, ForgeBucket surfaces deployments, pipeline health, environment drift, and operational context directly alongside your code. Repositories are runtime systems. The dashboard is a command center.
 
-**Status:** Active development. Phase 3D (GitOps controller + drift detection) complete. Phase 3E (observability) is next.
+**Status:** Active development. Phase 3E (observability) complete. Phase 3F (federation handlers) is next.
 
 ---
 
@@ -88,8 +88,12 @@ ForgeBucket is a self-hosted, federated developer operations platform. Where oth
 ### Observability + Security
 | Feature | Status |
 |---------|--------|
-| Prometheus endpoint + health checks | Planned (Phase 3E) |
-| Health sparklines in repo/env pages | Planned (Phase 3E) |
+| `GET /health` — structured DB + NATS liveness check | Done |
+| `GET /metrics` — Prometheus endpoint (HTTP + platform metrics) | Done |
+| HTTP instrumentation middleware (latency histogram, request counter) | Done |
+| Per-repo operational health summary (`GET /repos/.../health`) | Done |
+| NATS-driven pipeline + deployment counters | Done |
+| Health sparklines in repo/env pages (frontend) | Planned (Phase 4) |
 | Secret scanning | Planned (Phase 4) |
 | Dependency scanning | Planned (Phase 4) |
 | Signed artifacts (Sigstore/Cosign) | Planned (Phase 4) |
@@ -138,6 +142,7 @@ ForgeBucket
 ├── Issue Service        (issues — internal/api/handlers/)
 ├── CI Orchestrator      (DAG execution, Docker runner — internal/domain/ci/)
 ├── GitOps Controller    (drift detection, auto-sync — internal/domain/gitops/)
+├── Observability        (Prometheus metrics, health — internal/observability/)
 ├── Environment Service  (environments, deployments — internal/api/handlers/environment.go)
 ├── Secret Manager       (scoped AES-256-GCM — internal/api/handlers/secret.go)
 ├── Workspace Service    (multi-tenant namespaces — internal/api/handlers/workspace.go)
@@ -148,9 +153,9 @@ ForgeBucket
 └── Web Frontend         (React 18 + TypeScript, //go:embed — web/)
 ```
 
-**Middleware chain (every authenticated request):**
+**Middleware chain (every request):**
 ```
-Logger → RealIP → Recoverer → CORS → CSRF → SessionAuth → AuditLog → Handler
+Logger → RealIP → Recoverer → Metrics → CORS → CSRF → SessionAuth → AuditLog → Handler
 ```
 
 ---
@@ -236,8 +241,8 @@ ForgeBucket has its own design language — intentionally distinct from GitHub a
 | Phase 3B | Unified operational timeline | Done |
 | Phase 3C | Workspaces + secret management hierarchy (Global → Workspace → Repo → Env) | Done |
 | Phase 3D | GitOps controller + drift detection + auto-sync | Done |
-| Phase 3E | Observability (Prometheus endpoint, health checks, sparklines) | Next |
-| Phase 3F | Federation handlers (ActivityPub inbox/outbox, cross-instance PRs) | Planned |
+| Phase 3E | Observability (Prometheus `/metrics`, structured `/health`, repo health API) | Done |
+| Phase 3F | Federation handlers (ActivityPub inbox/outbox, cross-instance PRs) | Next |
 | Phase 4 | AI diagnostics, signed artifacts, OCI registry, secret/dep scanning | Planned |
 
 ---