The tenant observability dashboard is available on Business and Enterprise plans. If you are on a Free or Starter plan, you will see an upgrade prompt when you navigate to the dashboard. The platform observability dashboard is available to all platform administrators. See billing for plan details.
Platform observability
Navigate to Observability in the platform console sidebar. The dashboard presents SLO performance, service health, error distribution, and cloud infrastructure links in a single page with interactive charts.KPI row
Four cards with colored left-border accents display top-level metrics:| Card | Accent color | What it shows |
|---|---|---|
| Gateway | Cyan | Current gateway status (e.g. “operational”) |
| Services | Green | Healthy services out of total (e.g. “9/10”) |
| SLO Status | Purple | Overall SLO status badge — green, amber, or red |
| Recent Errors | Red | Count of recent grouped errors |
SLO performance
When SLO data is available, the dashboard displays three visualizations:Availability gauge
A radial bar gauge showing the current availability percentage. The gauge is color-coded:| Color | Availability |
|---|---|
| Green | 99.9% or higher |
| Amber | 99.0% – 99.9% |
| Red | Below 99.0% |
SLO scorecards
Two scorecards show:- Availability — the current percentage against the 99.9% target.
- p99 Latency — the worst-case response time against the 200 ms target.
SLO trend charts
Two seven-day line charts show the historical trend for availability and p99 latency. A dashed amber reference line marks the SLO target on each chart. Use these to spot whether your SLOs are trending toward or away from target.Service health
The services section includes three views:- Service health donut — a compact radial chart showing the ratio of healthy, degraded, and unknown services.
- Service latency chart — a horizontal bar chart showing each service’s response time in milliseconds. Bars are color-coded by latency (green under 50 ms, cyan under 200 ms, amber under 500 ms, red above). A dashed reference line at 200 ms marks the SLA threshold.
- Service detail cards — expandable cards for each backend service showing status, target URL, response time with a proportional progress bar, and links to logs and traces.
| Service | Description |
|---|---|
| API Gateway | Main API endpoint for all inbound requests |
| Trust Registry | Identity, issuers, keys, and governance |
| Attestation Service | Credential minting and lifecycle |
| Signing Service | Cryptographic key management and signing |
| Transparency Log | Tamper-evident append-only Merkle tree |
| Verification Service | Credential verification and validation |
| Audit Service | Tamper-proof audit trail with hash chaining |
| Billing Service | Usage metering and subscription management |
| Machine Identity | Agent registration, sessions, and trust scoring |
| AI CMO | AI content moderation and orchestration |
Error distribution
A bar chart breaks down recent grouped errors by signature, color-coded for quick identification. Below the chart, each error group shows its count, source, and sample trace IDs. Links to CloudWatch Logs Insights and X-Ray Service Map are provided when available.CloudWatch launchers
Quick-launch buttons for your cloud monitoring tools — Dashboard, Metrics, Logs Insights, X-Ray, and Alarms. These open directly in your AWS console.Trace lookup
Enter a trace ID to get a direct link to AWS X-Ray (or your OTLP backend) for that specific request. Press Enter or click Look up to resolve the trace.Auto-refresh
The dashboard polls all data sources every 30 seconds. Toggle auto-refresh on or off from the header. A countdown shows when the next refresh will occur. Click Refresh at any time to fetch the latest data immediately.Tenant observability
Navigate to Observability in the tenant console sidebar. The tenant dashboard is organized into four tabs with interactive charts.Dashboard tabs
| Tab | What it shows |
|---|---|
| Overview | Top-level stats, performance gauges, attestation lifecycle charts, and a latency trend chart |
| Services | Per-service health, SLA compliance bars, uptime percentages, latency details, and a multi-service latency trend |
| Usage & Quotas | Consumption of mints, verifications, storage, and other metered resources with a horizontal bar chart |
| Security | Cryptographic integrity, tenant isolation, and audit trail posture cards with detailed control tables |
Overview
The overview tab displays four primary stat cards:- Total attestations — active, revoked, and superseded counts.
- Active issuers — how many of your issuers are currently trusted.
- Audit events — total events recorded with hash-chain integrity.
- System health — how many backend services are healthy out of the total monitored.
- Average latency across all services.
- P95 latency — the worst-case response time for the slowest service.
- Health checks performed since the page was opened.
Attestation lifecycle chart
A donut chart breaks down your total attestations into active (green), revoked (red), and other (gray) categories. A companion bar chart shows the same data with counts and percentages for each category.Latency trend chart
An area chart overlays response times for all monitored services over recent health checks. Each service is color-coded with its own gradient fill. A legend below the chart identifies each service. The SLA thresholds are noted: green under 200 ms, yellow under 500 ms, red at 1000 ms or above.Services
The services tab shows the health of each monitored backend service:| Service | Description |
|---|---|
| API Gateway | Main API endpoint for all inbound requests |
| Trust Registry | Identity, issuers, keys, and governance |
| Attestation Service | Credential minting and lifecycle |
| Signing Service | Cryptographic key management and signing |
| Transparency Log | Tamper-evident append-only Merkle tree |
| Verification Service | Credential verification and validation |
| Audit Service | Tamper-proof audit trail with hash chaining |
| Billing Service | Usage metering and subscription management |
| Machine Identity | Agent registration, sessions, and trust scoring |
| AI CMO | AI content moderation and orchestration |
Uptime percentages shown on the services tab are session-scoped — they reset each time you open the dashboard. For historical uptime data, visit the public status page or query the status API.
Usage and quotas
The usage tab displays a horizontal bar chart showing each metered resource’s consumption as a percentage of its plan limit. Bars are color-coded:| Color | Usage level |
|---|---|
| Cyan | Normal (under 80%) |
| Amber | High (80% or above) |
| Red | At limit (100%) |
Security
The security tab gives you a live view of your environment’s security posture across three dimensions. At the top, three posture cards summarize overall strength:| Posture card | What it measures |
|---|---|
| Cryptographic integrity | Ed25519 signatures, SHA-256 audit hashing, and Merkle tree transparency. |
| Tenant isolation | PostgreSQL row-level security, per-tenant keys, and gateway-level enforcement. |
| Audit trail | Hash-chained event count with integrity verification status. Shows “Attention” until your first audit event is recorded. |
Cryptographic controls
| Control | Algorithm | Description |
|---|---|---|
| Attestation signing | Ed25519 (EdDSA) | Every attestation is cryptographically signed with an Ed25519 key. |
| Audit hash chain | SHA-256 | Audit events are chained with SHA-256 hashes so tampering is detectable. |
| Auth / JWKS | ES256 (ECDSA P-256) | JWT tokens and JWKS keys use ES256 for authentication. |
| Transparency log | Merkle tree / SHA-256 | A tamper-evident Merkle tree provides public auditability. |
Access controls
| Control | Mechanism | Description |
|---|---|---|
| Row-level security | PostgreSQL RLS | All database tables enforce tenant isolation at the row level. |
| RBAC | Role-based access control | Granular permissions scoped to your defined roles. |
| API gateway | nginx + rate limiting | Per-IP and per-tenant rate limits enforced at the gateway. |
| Service auth | Internal service keys | Service-to-service communication is authenticated with shared keys. |
Data protection controls
| Control | Mechanism | Description |
|---|---|---|
| Tenant isolation | Multi-tenant RLS | Complete data segregation between tenants at the database level. |
| Audit immutability | Append-only + hash chain | Events cannot be deleted or modified after creation. Shows “Attention” until your first event is recorded. |
| Key rotation | Per-issuer key lifecycle | Keys can be rotated and superseded without losing historical attestations. |
Tenant dashboard charts
The main tenant dashboard (Home page in the console sidebar) includes three attestation insight charts when you have at least one attestation:| Chart | Type | What it shows |
|---|---|---|
| Attestation status | Donut (pie) | Breakdown of active, revoked, and other attestations with a color-coded legend |
| Issuer coverage | Bar chart | Active issuers versus total issuers configured |
| Platform health | Radial gauge | Percentage of attestations that are currently active, displayed as a half-circle gauge |
Programmatic monitoring
For machine-readable health data outside the console, use the status API or the billing usage endpoint. These endpoints let you integrate Truthlocks metrics into your own dashboards or alerting pipelines.Next steps
Health and readiness
Health endpoints, status page, and monitoring integrations.
Billing usage
Track mints, verifications, and storage via the API.
Rate limits
Plan quotas and how to handle 429 and 402 responses.
Audit logs
Query and export your audit trail.