Health check reports false unhealthy for auth-protected services

[krisrowe]

Problem

gapp_status reports deployed services as unhealthy when they're actually running fine. It hits / without auth and gets a 401, which it interprets as unhealthy.

This happens because mcp-app solutions serve on / with JWT auth required — there's no unauthenticated health endpoint. The service is up and responding correctly, but gapp doesn't know how to talk to it.

Open Questions

The fix isn't obvious. Several approaches, and they may not be mutually exclusive:

1. Health endpoint in mcp-app — mcp-app could serve /health that returns 200 without auth. Simple, but the solution framework owns this, not gapp.

2. gapp.yaml configuration — gapp could learn the health check path and/or auth requirements from config. e.g., health_check: /health or health_check: false to skip.

3. Hand off to mcp-app — this may be part of a broader pattern where gapp delegates runtime concerns (health, user management, base URL discovery) to an mcp-app CLI or API. If mcp-app exposes a status/health command that knows how to probe its own services, gapp doesn't need to reinvent this. Similar to how user management is moving to mcp-app (Add CLI and MCP tools for user admin mcp-app#5).

4. Status token — gapp already has create_status_token which mints a short-lived JWT with scope: "status". But mcp-app's user-identity middleware doesn't recognize status-scoped tokens — that was a gapp_run wrapper concept. If mcp-app added support for status tokens, gapp could use its existing machinery.

Current Behavior

gapp_status → deployment.services[0].healthy = false
curl (no auth) → 401 "Missing authentication token"
curl (with PAT) → 200 (service works fine)

Related

• Add CLI and MCP tools for user admin mcp-app#5 — user management moving to mcp-app (same pattern of gapp delegating runtime concerns)
• Remove dead user management code from SDK #11 — removing dead user management code from gapp