> ## Documentation Index
> Fetch the complete documentation index at: https://docs.truthlocks.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Observability dashboard
> Monitor attestation volume, service health across 10 backend services, latency percentiles, and plan usage from the console.
The observability dashboard gives you a real-time view of your Truthlocks environment directly in the console. Use it to track attestation activity, monitor service health, spot latency trends, and check plan usage — all without leaving the browser.
The dashboard is available in two views: a **platform observability** dashboard for platform administrators, and a **tenant observability** dashboard for tenant users.
The tenant observability dashboard is available on **Business** and **Enterprise** plans. If you are on a Free or Starter plan, you will see an upgrade prompt when you navigate to the dashboard. The platform observability dashboard is available to all platform administrators. See [billing](/billing/overview) for plan details.
## Platform observability
Navigate to **Observability** in the platform console sidebar. The dashboard presents SLO performance, service health, error distribution, and cloud infrastructure links in a single page with interactive charts.
### KPI row
Four cards with colored left-border accents display top-level metrics:
| Card | Accent color | What it shows |
| :---------------- | :----------- | :---------------------------------------------- |
| **Gateway** | Cyan | Current gateway status (e.g. "operational") |
| **Services** | Green | Healthy services out of total (e.g. "9/10") |
| **SLO Status** | Purple | Overall SLO status badge — green, amber, or red |
| **Recent Errors** | Red | Count of recent grouped errors |
### SLO performance
When SLO data is available, the dashboard displays three visualizations:
#### Availability gauge
A radial bar gauge showing the current availability percentage. The gauge is color-coded:
| Color | Availability |
| :---- | :-------------- |
| Green | 99.9% or higher |
| Amber | 99.0% – 99.9% |
| Red | Below 99.0% |
The error budget consumed is displayed below the gauge.
#### SLO scorecards
Two scorecards show:
* **Availability** — the current percentage against the 99.9% target.
* **p99 Latency** — the worst-case response time against the 200 ms target.
Each scorecard is color-coded — green when within target, amber when approaching the threshold, and red when the target is breached.
#### SLO trend charts
Two seven-day line charts show the historical trend for availability and p99 latency. A dashed amber reference line marks the SLO target on each chart. Use these to spot whether your SLOs are trending toward or away from target.
### Service health
The services section includes three views:
* **Service health donut** — a compact radial chart showing the ratio of healthy, degraded, and unknown services.
* **Service latency chart** — a horizontal bar chart showing each service's response time in milliseconds. Bars are color-coded by latency (green under 50 ms, cyan under 200 ms, amber under 500 ms, red above). A dashed reference line at 200 ms marks the SLA threshold.
* **Service detail cards** — expandable cards for each backend service showing status, target URL, response time with a proportional progress bar, and links to logs and traces.
The platform dashboard monitors the following services:
| Service | Description |
| :------------------- | :---------------------------------------------- |
| API Gateway | Main API endpoint for all inbound requests |
| Trust Registry | Identity, issuers, keys, and governance |
| Attestation Service | Credential minting and lifecycle |
| Signing Service | Cryptographic key management and signing |
| Transparency Log | Tamper-evident append-only Merkle tree |
| Verification Service | Credential verification and validation |
| Audit Service | Tamper-proof audit trail with hash chaining |
| Billing Service | Usage metering and subscription management |
| Machine Identity | Agent registration, sessions, and trust scoring |
| AI CMO | AI content moderation and orchestration |
Each service displays its current status (**healthy**, **degraded**, or **down**). A service is marked **degraded** when it responds but takes longer than 2 seconds, and **down** when it fails to respond within the 5-second timeout.
### Error distribution
A bar chart breaks down recent grouped errors by signature, color-coded for quick identification. Below the chart, each error group shows its count, source, and sample trace IDs. Links to CloudWatch Logs Insights and X-Ray Service Map are provided when available.
### CloudWatch launchers
Quick-launch buttons for your cloud monitoring tools — Dashboard, Metrics, Logs Insights, X-Ray, and Alarms. These open directly in your AWS console.
### Trace lookup
Enter a trace ID to get a direct link to AWS X-Ray (or your OTLP backend) for that specific request. Press Enter or click **Look up** to resolve the trace.
### Auto-refresh
The dashboard polls all data sources every 30 seconds. Toggle auto-refresh on or off from the header. A countdown shows when the next refresh will occur. Click **Refresh** at any time to fetch the latest data immediately.
## Tenant observability
Navigate to **Observability** in the tenant console sidebar. The tenant dashboard is organized into four tabs with interactive charts.
### Dashboard tabs
| Tab | What it shows |
| :----------------- | :-------------------------------------------------------------------------------------------------------------- |
| **Overview** | Top-level stats, performance gauges, attestation lifecycle charts, and a latency trend chart |
| **Services** | Per-service health, SLA compliance bars, uptime percentages, latency details, and a multi-service latency trend |
| **Usage & Quotas** | Consumption of mints, verifications, storage, and other metered resources with a horizontal bar chart |
| **Security** | Cryptographic integrity, tenant isolation, and audit trail posture cards with detailed control tables |
### Overview
The overview tab displays four primary stat cards:
* **Total attestations** — active, revoked, and superseded counts.
* **Active issuers** — how many of your issuers are currently trusted.
* **Audit events** — total events recorded with hash-chain integrity.
* **System health** — how many backend services are healthy out of the total monitored.
Below the stat cards, three performance gauges show:
* **Average latency** across all services.
* **P95 latency** — the worst-case response time for the slowest service.
* **Health checks performed** since the page was opened.
#### Attestation lifecycle chart
A donut chart breaks down your total attestations into **active** (green), **revoked** (red), and **other** (gray) categories. A companion bar chart shows the same data with counts and percentages for each category.
#### Latency trend chart
An area chart overlays response times for all monitored services over recent health checks. Each service is color-coded with its own gradient fill. A legend below the chart identifies each service. The SLA thresholds are noted: green under 200 ms, yellow under 500 ms, red at 1000 ms or above.
### Services
The services tab shows the health of each monitored backend service:
| Service | Description |
| :------------------- | :---------------------------------------------- |
| API Gateway | Main API endpoint for all inbound requests |
| Trust Registry | Identity, issuers, keys, and governance |
| Attestation Service | Credential minting and lifecycle |
| Signing Service | Cryptographic key management and signing |
| Transparency Log | Tamper-evident append-only Merkle tree |
| Verification Service | Credential verification and validation |
| Audit Service | Tamper-proof audit trail with hash chaining |
| Billing Service | Usage metering and subscription management |
| Machine Identity | Agent registration, sessions, and trust scoring |
| AI CMO | AI content moderation and orchestration |
Each service displays its current status (**healthy**, **degraded**, or **down**), response time, and session uptime percentage. An SLA compliance bar compares each service's uptime against the 99.9% target.
Uptime percentages shown on the services tab are session-scoped — they reset each time you open the dashboard. For historical uptime data, visit the [public status page](https://status.truthlocks.com) or query the [status API](/ops/health#programmatic-status-api).
### Usage and quotas
The usage tab displays a horizontal bar chart showing each metered resource's consumption as a percentage of its plan limit. Bars are color-coded:
| Color | Usage level |
| :---- | :------------------ |
| Cyan | Normal (under 80%) |
| Amber | High (80% or above) |
| Red | At limit (100%) |
Unlimited meters are listed separately below the chart. Hover over any bar to see the exact count and limit.
If a usage meter is approaching its limit, consider upgrading your plan or contacting support for a custom quota. Once a limit is reached, API requests for that operation return HTTP 402. See [rate limits](/ops/limits) for details.
### Security
The security tab gives you a live view of your environment's security posture across three dimensions. At the top, three posture cards summarize overall strength:
| Posture card | What it measures |
| :-------------------------- | :----------------------------------------------------------------------------------------------------------------------- |
| **Cryptographic integrity** | Ed25519 signatures, SHA-256 audit hashing, and Merkle tree transparency. |
| **Tenant isolation** | PostgreSQL row-level security, per-tenant keys, and gateway-level enforcement. |
| **Audit trail** | Hash-chained event count with integrity verification status. Shows "Attention" until your first audit event is recorded. |
Below the posture cards, individual security controls are grouped into three categories:
#### Cryptographic controls
| Control | Algorithm | Description |
| :------------------ | :-------------------- | :----------------------------------------------------------------------- |
| Attestation signing | Ed25519 (EdDSA) | Every attestation is cryptographically signed with an Ed25519 key. |
| Audit hash chain | SHA-256 | Audit events are chained with SHA-256 hashes so tampering is detectable. |
| Auth / JWKS | ES256 (ECDSA P-256) | JWT tokens and JWKS keys use ES256 for authentication. |
| Transparency log | Merkle tree / SHA-256 | A tamper-evident Merkle tree provides public auditability. |
#### Access controls
| Control | Mechanism | Description |
| :----------------- | :------------------------ | :------------------------------------------------------------------ |
| Row-level security | PostgreSQL RLS | All database tables enforce tenant isolation at the row level. |
| RBAC | Role-based access control | Granular permissions scoped to your defined roles. |
| API gateway | nginx + rate limiting | Per-IP and per-tenant rate limits enforced at the gateway. |
| Service auth | Internal service keys | Service-to-service communication is authenticated with shared keys. |
#### Data protection controls
| Control | Mechanism | Description |
| :----------------- | :----------------------- | :--------------------------------------------------------------------------------------------------------- |
| Tenant isolation | Multi-tenant RLS | Complete data segregation between tenants at the database level. |
| Audit immutability | Append-only + hash chain | Events cannot be deleted or modified after creation. Shows "Attention" until your first event is recorded. |
| Key rotation | Per-issuer key lifecycle | Keys can be rotated and superseded without losing historical attestations. |
Each control shows an **Enforced** badge when active or an **Attention** badge when it requires action (for example, if no audit events have been recorded yet).
## Tenant dashboard charts
The main tenant dashboard (**Home** page in the console sidebar) includes three attestation insight charts when you have at least one attestation:
| Chart | Type | What it shows |
| :--------------------- | :----------- | :------------------------------------------------------------------------------------- |
| **Attestation status** | Donut (pie) | Breakdown of active, revoked, and other attestations with a color-coded legend |
| **Issuer coverage** | Bar chart | Active issuers versus total issuers configured |
| **Platform health** | Radial gauge | Percentage of attestations that are currently active, displayed as a half-circle gauge |
These charts provide a quick visual summary of your attestation portfolio health without navigating to the full observability dashboard.
## Programmatic monitoring
For machine-readable health data outside the console, use the [status API](/ops/health#programmatic-status-api) or the [billing usage endpoint](/api-reference/billing/usage). These endpoints let you integrate Truthlocks metrics into your own dashboards or alerting pipelines.
## Next steps
Health endpoints, status page, and monitoring integrations.
Track mints, verifications, and storage via the API.
Plan quotas and how to handle 429 and 402 responses.
Query and export your audit trail.