> ## Documentation Index
> Fetch the complete documentation index at: https://docs.devhelm.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Get a single monitor by id



## OpenAPI

````yaml /openapi/monitoring-api.json get /api/v1/monitors/{id}
openapi: 3.0.1
info:
  title: DevHelm API
  description: >-
    DevHelm monitoring and incident management API. Create and manage uptime
    monitors, incidents, alert channels, notification policies, and more.
  version: '1.0'
  contact:
    name: DevHelm
    url: https://devhelm.io
    email: support@devhelm.io
servers:
  - url: https://api.devhelm.io
    description: Production
security:
  - BearerAuth: []
tags:
  - name: Alert Channels
    description: Alert channel CRUD and connectivity testing
  - name: Alert Deliveries
    description: 'Delivery audit trail: inspect per-attempt details for alert deliveries'
  - name: API Auth
    description: Identity and quota info for API key authentication
  - name: API Keys
    description: Organization API key management
  - name: Audit Log
    description: Organization audit trail
  - name: Check Results
    description: Query raw check results, uptime statistics, and summary data
  - name: Dashboard
    description: Overview dashboard aggregates
  - name: Deploy Lock
    description: Mutex for CLI deploy operations
  - name: Environments
    description: Variable namespace management for monitors
  - name: Forensics
    description: >-
      Detection engine event-sourced history (policy snapshots, rule
      evaluations, state transitions)
  - name: Heartbeat
    description: Public ping endpoint for heartbeat monitors
  - name: Incident Policies
    description: Manage trigger, confirmation, and recovery rules for monitors
  - name: Incidents
    description: Incident management and lifecycle
  - name: Integrations
    description: Static catalog of supported alert channel integrations
  - name: Invites
    description: Organization invite management
  - name: Maintenance Windows
    description: Schedule alert-suppression windows for monitors
  - name: Members
    description: Organization member management
  - name: Monitor Alert Channels
    description: Manage alert channel mappings for a monitor
  - name: Monitor Assertions
    description: Manage assertions for a monitor
  - name: Monitor Auth
    description: Manage authentication configuration for a monitor
  - name: Monitors
    description: Monitor CRUD and lifecycle management
  - name: Notification Dispatches
    description: >-
      Dispatch debugging API: inspect which policies matched an incident and
      track delivery status
  - name: Notification Policies
    description: Org-level notification routing policies with JSONB match rules
  - name: Notifications
    description: In-app notification center
  - name: Organizations
    description: Organization management
  - name: Resource Groups
    description: Resource group CRUD and member management
  - name: Secrets
    description: Organization environment secret management
  - name: Service Subscriptions
    description: Manage which services an organization tracks
  - name: Status Data
    description: Public service status catalog, components, uptime, and incident history
  - name: Status Pages
    description: Status page management
  - name: Tags
    description: Org-scoped tag management for monitors
  - name: Vault
    description: Organization vault management (admin-only)
  - name: Webhooks
    description: Webhook endpoint management, event catalog, and delivery history
  - name: Workspaces
    description: Workspace management within an organization
paths:
  /api/v1/monitors/{id}:
    get:
      tags:
        - Monitors
      summary: Get a single monitor by id
      operationId: get_6
      parameters:
        - name: id
          in: path
          required: true
          schema:
            type: string
            format: uuid
      responses:
        '200':
          description: OK
          content:
            '*/*':
              schema:
                $ref: '#/components/schemas/SingleValueResponseMonitorDto'
        '400':
          description: Bad request — the payload failed validation
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '401':
          description: Unauthorized — missing or invalid credentials
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '403':
          description: Forbidden — the actor lacks permission for this resource
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '404':
          description: Not found — the requested resource does not exist
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '409':
          description: Conflict — the request collides with current resource state
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '500':
          description: Internal server error — see the message field for details
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '502':
          description: Bad gateway — an upstream provider returned an error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '503':
          description: Service unavailable — try again shortly
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
components:
  schemas:
    SingleValueResponseMonitorDto:
      required:
        - data
      type: object
      properties:
        data:
          $ref: '#/components/schemas/MonitorDto'
    ErrorResponse:
      required:
        - code
        - message
        - status
        - timestamp
      type: object
      properties:
        status:
          type: integer
          description: HTTP status code (mirrors the response status line)
          format: int32
          example: 404
        code:
          type: string
          description: >-
            Coarse machine-readable error category (e.g. NOT_FOUND,
            RATE_LIMITED); stable per status
          example: NOT_FOUND
        message:
          type: string
          description: Human-readable error message; safe to surface to end users
          example: Monitor not found
        timestamp:
          type: integer
          description: Server time when the error was produced (epoch milliseconds)
          format: int64
          example: 1737302400000
        requestId:
          type: string
          description: >-
            Opaque per-request id; same value as the X-Request-Id response
            header. Use in support tickets.
          nullable: true
          example: 5b6f7a8c-1234-4d5e-9f0a-1b2c3d4e5f6a
        errors:
          type: array
          description: >-
            Structured per-field rejections; populated for validation errors,
            null otherwise
          nullable: true
          items:
            nullable: true
            allOf:
              - $ref: '#/components/schemas/ErrorEntry'
      description: Uniform error envelope returned for every non-2xx response
      example:
        status: 404
        code: NOT_FOUND
        message: Monitor not found
        timestamp: 1737302400000
        requestId: 5b6f7a8c-1234-4d5e-9f0a-1b2c3d4e5f6a
    MonitorDto:
      required:
        - config
        - createdAt
        - id
        - managedBy
        - name
        - regions
        - type
        - updatedAt
        - organizationId
        - frequencySeconds
        - enabled
      type: object
      properties:
        id:
          type: string
          description: Unique monitor identifier
          format: uuid
        organizationId:
          type: integer
          description: Organization this monitor belongs to
          format: int32
        name:
          minLength: 1
          type: string
          description: Human-readable name for this monitor
        type:
          type: string
          enum:
            - HTTP
            - DNS
            - MCP_SERVER
            - TCP
            - ICMP
            - HEARTBEAT
            - BROWSER
            - MULTI_STEP_API
        config:
          oneOf:
            - $ref: '#/components/schemas/DnsMonitorConfig'
            - $ref: '#/components/schemas/HeartbeatMonitorConfig'
            - $ref: '#/components/schemas/HttpMonitorConfig'
            - $ref: '#/components/schemas/IcmpMonitorConfig'
            - $ref: '#/components/schemas/McpServerMonitorConfig'
            - $ref: '#/components/schemas/ScriptMonitorConfig'
            - $ref: '#/components/schemas/TcpMonitorConfig'
        frequencySeconds:
          type: integer
          description: Check frequency in seconds (30–86400)
          format: int32
        enabled:
          type: boolean
          description: Whether the monitor is active
        regions:
          type: array
          description: Probe regions where checks are executed
          items:
            type: string
            description: Probe regions where checks are executed
        managedBy:
          type: string
          description: >-
            Source that created/owns this monitor: DASHBOARD, CLI, TERRAFORM,
            MCP, or API
          enum:
            - DASHBOARD
            - CLI
            - TERRAFORM
            - MCP
            - API
        createdAt:
          type: string
          description: Timestamp when the monitor was created
          format: date-time
        updatedAt:
          type: string
          description: Timestamp when the monitor was last updated
          format: date-time
        assertions:
          type: array
          description: >-
            Assertions evaluated against each check result; null on list
            responses
          nullable: true
          items:
            $ref: '#/components/schemas/MonitorAssertionDto'
        tags:
          type: array
          description: Tags applied to this monitor
          nullable: true
          items:
            $ref: '#/components/schemas/TagDto'
        pingUrl:
          type: string
          description: Heartbeat ping URL; populated for HEARTBEAT monitors only
          nullable: true
        environment:
          nullable: true
          allOf:
            - $ref: '#/components/schemas/Summary'
        auth:
          nullable: true
          allOf:
            - $ref: '#/components/schemas/MonitorAuthConfig'
        incidentPolicy:
          nullable: true
          allOf:
            - $ref: '#/components/schemas/IncidentPolicyDto'
        alertChannelIds:
          type: array
          description: >-
            Alert channel IDs linked to this monitor; populated on
            single-monitor responses
          nullable: true
          items:
            type: string
            description: >-
              Alert channel IDs linked to this monitor; populated on
              single-monitor responses
            format: uuid
        currentStatus:
          type: string
          description: >-
            Current operational state — UP, DOWN, DEGRADED, PAUSED, or UNKNOWN
            if no probe data yet
          nullable: true
          enum:
            - up
            - degraded
            - down
            - paused
            - unknown
      description: Full monitor representation
    ErrorEntry:
      required:
        - code
        - message
      type: object
      properties:
        code:
          minLength: 1
          type: string
          description: >-
            Stable machine-readable code; see ValidationErrorCode for the
            registry
          example: MONITOR_HEARTBEAT_GRACE_EXCEEDS_INTERVAL
        field:
          type: string
          description: >-
            JSON-pointer-like path to the offending field, or null for
            request-wide errors
          nullable: true
          example: config.gracePeriod
        message:
          minLength: 1
          type: string
          description: Human-readable message; safe to surface to end users
      description: One structured validation rejection
    DnsMonitorConfig:
      required:
        - hostname
      type: object
      properties:
        hostname:
          minLength: 1
          type: string
          description: Domain name to resolve
        recordTypes:
          type: array
          description: >-
            DNS record types to query: A, AAAA, CNAME, MX, NS, TXT, SRV, SOA,
            CAA, PTR
          nullable: true
          items:
            type: string
            description: >-
              DNS record types to query: A, AAAA, CNAME, MX, NS, TXT, SRV, SOA,
              CAA, PTR
            nullable: true
            enum:
              - A
              - AAAA
              - CNAME
              - MX
              - NS
              - TXT
              - SRV
              - SOA
              - CAA
              - PTR
        nameservers:
          type: array
          description: Custom nameservers to query (uses system defaults if omitted)
          nullable: true
          items:
            type: string
            description: Custom nameservers to query (uses system defaults if omitted)
            nullable: true
        timeoutMs:
          type: integer
          description: Per-query timeout in milliseconds
          format: int32
          nullable: true
        totalTimeoutMs:
          type: integer
          description: Total timeout for all queries in milliseconds
          format: int32
          nullable: true
    HeartbeatMonitorConfig:
      required:
        - expectedInterval
        - gracePeriod
      type: object
      properties:
        expectedInterval:
          maximum: 86400
          minimum: 1
          type: integer
          description: Expected heartbeat interval in seconds
          format: int32
        gracePeriod:
          minimum: 1
          type: integer
          description: Grace period in seconds before marking as down
          format: int32
    HttpMonitorConfig:
      required:
        - method
        - url
      type: object
      properties:
        url:
          minLength: 1
          type: string
          description: Target URL to send requests to
        method:
          type: string
          description: 'HTTP method: GET, POST, PUT, PATCH, DELETE, or HEAD'
          enum:
            - GET
            - POST
            - PUT
            - PATCH
            - DELETE
            - HEAD
        customHeaders:
          type: object
          additionalProperties:
            type: string
            description: Additional HTTP headers to include in requests
            nullable: true
          description: Additional HTTP headers to include in requests
          nullable: true
        requestBody:
          type: string
          description: Request body content for POST/PUT/PATCH methods
          nullable: true
        contentType:
          type: string
          description: Content-Type header value for the request body
          nullable: true
        verifyTls:
          type: boolean
          description: 'Whether to verify TLS certificates (default: true)'
          nullable: true
    IcmpMonitorConfig:
      required:
        - host
      type: object
      properties:
        host:
          minLength: 1
          type: string
          description: Target hostname or IP address to ping
        packetCount:
          maximum: 20
          minimum: 1
          type: integer
          description: Number of ICMP packets to send
          format: int32
          nullable: true
        timeoutMs:
          type: integer
          description: Ping timeout in milliseconds
          format: int32
          nullable: true
    McpServerMonitorConfig:
      required:
        - command
      type: object
      properties:
        command:
          minLength: 1
          type: string
          description: Command to execute to start the MCP server
        args:
          type: array
          description: Command-line arguments for the MCP server process
          nullable: true
          items:
            type: string
            description: Command-line arguments for the MCP server process
            nullable: true
        env:
          type: object
          additionalProperties:
            type: string
            description: Environment variables to pass to the MCP server process
            nullable: true
          description: Environment variables to pass to the MCP server process
          nullable: true
    ScriptMonitorConfig:
      required:
        - script
      type: object
      properties:
        script:
          maxLength: 65536
          minLength: 1
          type: string
          description: Playwright test script source code
        timeoutSeconds:
          maximum: 120
          minimum: 5
          type: integer
          description: Maximum execution time in seconds (5–120)
          format: int32
          nullable: true
    TcpMonitorConfig:
      required:
        - host
        - port
      type: object
      properties:
        host:
          minLength: 1
          type: string
          description: Target hostname or IP address
        port:
          maximum: 65535
          minimum: 1
          type: integer
          description: TCP port to connect to
          format: int32
        timeoutMs:
          type: integer
          description: Connection timeout in milliseconds
          format: int32
          nullable: true
    MonitorAssertionDto:
      required:
        - assertionType
        - config
        - id
        - monitorId
        - severity
      type: object
      properties:
        id:
          type: string
          format: uuid
        monitorId:
          type: string
          format: uuid
        assertionType:
          type: string
          enum:
            - status_code
            - response_time
            - body_contains
            - json_path
            - header_value
            - regex_body
            - dns_resolves
            - dns_response_time
            - dns_expected_ips
            - dns_expected_cname
            - dns_record_contains
            - dns_record_equals
            - dns_txt_contains
            - dns_min_answers
            - dns_max_answers
            - dns_response_time_warn
            - dns_ttl_low
            - dns_ttl_high
            - mcp_connects
            - mcp_response_time
            - mcp_has_capability
            - mcp_tool_available
            - mcp_min_tools
            - mcp_protocol_version
            - mcp_response_time_warn
            - mcp_tool_count_changed
            - ssl_expiry
            - response_size
            - redirect_count
            - redirect_target
            - response_time_warn
            - tcp_connects
            - tcp_response_time
            - tcp_response_time_warn
            - icmp_reachable
            - icmp_response_time
            - icmp_response_time_warn
            - icmp_packet_loss
            - heartbeat_received
            - heartbeat_max_interval
            - heartbeat_interval_drift
            - heartbeat_payload_contains
        config:
          oneOf:
            - $ref: '#/components/schemas/BodyContainsAssertion'
            - $ref: '#/components/schemas/DnsExpectedCnameAssertion'
            - $ref: '#/components/schemas/DnsExpectedIpsAssertion'
            - $ref: '#/components/schemas/DnsMaxAnswersAssertion'
            - $ref: '#/components/schemas/DnsMinAnswersAssertion'
            - $ref: '#/components/schemas/DnsRecordContainsAssertion'
            - $ref: '#/components/schemas/DnsRecordEqualsAssertion'
            - $ref: '#/components/schemas/DnsResolvesAssertion'
            - $ref: '#/components/schemas/DnsResponseTimeAssertion'
            - $ref: '#/components/schemas/DnsResponseTimeWarnAssertion'
            - $ref: '#/components/schemas/DnsTtlHighAssertion'
            - $ref: '#/components/schemas/DnsTtlLowAssertion'
            - $ref: '#/components/schemas/DnsTxtContainsAssertion'
            - $ref: '#/components/schemas/HeaderValueAssertion'
            - $ref: '#/components/schemas/HeartbeatIntervalDriftAssertion'
            - $ref: '#/components/schemas/HeartbeatMaxIntervalAssertion'
            - $ref: '#/components/schemas/HeartbeatPayloadContainsAssertion'
            - $ref: '#/components/schemas/HeartbeatReceivedAssertion'
            - $ref: '#/components/schemas/IcmpPacketLossAssertion'
            - $ref: '#/components/schemas/IcmpReachableAssertion'
            - $ref: '#/components/schemas/IcmpResponseTimeAssertion'
            - $ref: '#/components/schemas/IcmpResponseTimeWarnAssertion'
            - $ref: '#/components/schemas/JsonPathAssertion'
            - $ref: '#/components/schemas/McpConnectsAssertion'
            - $ref: '#/components/schemas/McpHasCapabilityAssertion'
            - $ref: '#/components/schemas/McpMinToolsAssertion'
            - $ref: '#/components/schemas/McpProtocolVersionAssertion'
            - $ref: '#/components/schemas/McpResponseTimeAssertion'
            - $ref: '#/components/schemas/McpResponseTimeWarnAssertion'
            - $ref: '#/components/schemas/McpToolAvailableAssertion'
            - $ref: '#/components/schemas/McpToolCountChangedAssertion'
            - $ref: '#/components/schemas/RedirectCountAssertion'
            - $ref: '#/components/schemas/RedirectTargetAssertion'
            - $ref: '#/components/schemas/RegexBodyAssertion'
            - $ref: '#/components/schemas/ResponseSizeAssertion'
            - $ref: '#/components/schemas/ResponseTimeAssertion'
            - $ref: '#/components/schemas/ResponseTimeWarnAssertion'
            - $ref: '#/components/schemas/SslExpiryAssertion'
            - $ref: '#/components/schemas/StatusCodeAssertion'
            - $ref: '#/components/schemas/TcpConnectsAssertion'
            - $ref: '#/components/schemas/TcpResponseTimeAssertion'
            - $ref: '#/components/schemas/TcpResponseTimeWarnAssertion'
        severity:
          type: string
          enum:
            - fail
            - warn
    TagDto:
      required:
        - color
        - createdAt
        - id
        - name
        - updatedAt
        - organizationId
      type: object
      properties:
        id:
          type: string
          description: Unique tag identifier
          format: uuid
        organizationId:
          type: integer
          description: Organization this tag belongs to
          format: int32
        name:
          minLength: 1
          type: string
          description: Tag name, unique within the org
        color:
          minLength: 1
          type: string
          description: 'Hex color code for display (e.g. #6B7280)'
        createdAt:
          type: string
          description: Timestamp when the tag was created
          format: date-time
        updatedAt:
          type: string
          description: Timestamp when the tag was last updated
          format: date-time
      description: Tag for organizing and filtering monitors
    Summary:
      required:
        - id
        - name
        - slug
      type: object
      properties:
        id:
          type: string
          format: uuid
        name:
          minLength: 1
          type: string
        slug:
          minLength: 1
          type: string
      description: Environment associated with this monitor; null when unassigned
    MonitorAuthConfig:
      description: New authentication configuration (full replacement)
      discriminator:
        propertyName: type
        mapping:
          bearer:
            $ref: '#/components/schemas/BearerAuthConfig'
          basic:
            $ref: '#/components/schemas/BasicAuthConfig'
          header:
            $ref: '#/components/schemas/HeaderAuthConfig'
          api_key:
            $ref: '#/components/schemas/ApiKeyAuthConfig'
      oneOf:
        - $ref: '#/components/schemas/BearerAuthConfig'
        - $ref: '#/components/schemas/BasicAuthConfig'
        - $ref: '#/components/schemas/HeaderAuthConfig'
        - $ref: '#/components/schemas/ApiKeyAuthConfig'
    IncidentPolicyDto:
      required:
        - confirmation
        - createdAt
        - id
        - monitorId
        - recovery
        - triggerRules
        - updatedAt
      type: object
      properties:
        id:
          type: string
          description: Unique incident policy identifier
          format: uuid
        monitorId:
          type: string
          description: Monitor this policy is attached to
          format: uuid
        triggerRules:
          type: array
          description: Array of trigger rules defining when an incident should be raised
          items:
            $ref: '#/components/schemas/TriggerRule'
        confirmation:
          $ref: '#/components/schemas/ConfirmationPolicy'
        recovery:
          $ref: '#/components/schemas/RecoveryPolicy'
        createdAt:
          type: string
          description: Timestamp when the policy was created
          format: date-time
        updatedAt:
          type: string
          description: Timestamp when the policy was last updated
          format: date-time
        monitorRegionCount:
          type: integer
          description: >-
            Number of regions configured on the monitor (only set in internal
            API responses)
          format: int32
          nullable: true
        checkFrequencySeconds:
          type: integer
          description: >-
            Monitor check frequency in seconds (only set in internal API
            responses)
          format: int32
          nullable: true
      description: Incident detection, confirmation, and recovery policy for a monitor
    BodyContainsAssertion:
      required:
        - type
        - substring
      type: object
      properties:
        type:
          type: string
          enum:
            - body_contains
        substring:
          minLength: 1
          type: string
          description: Substring that must appear in the response body
    DnsExpectedCnameAssertion:
      required:
        - type
        - value
      type: object
      properties:
        type:
          type: string
          enum:
            - dns_expected_cname
        value:
          minLength: 1
          type: string
          description: Expected CNAME target the resolution must include
    DnsExpectedIpsAssertion:
      required:
        - type
        - ips
      type: object
      properties:
        type:
          type: string
          enum:
            - dns_expected_ips
        ips:
          minItems: 1
          type: array
          description: Allowed IP addresses; at least one resolved address must match
          items:
            type: string
            description: Allowed IP addresses; at least one resolved address must match
    DnsMaxAnswersAssertion:
      required:
        - type
        - recordType
        - max
      type: object
      properties:
        type:
          type: string
          enum:
            - dns_max_answers
        recordType:
          minLength: 1
          type: string
          description: DNS record type whose answer count is checked
        max:
          type: integer
          description: Maximum number of answers allowed for that record type
          format: int32
    DnsMinAnswersAssertion:
      required:
        - type
        - recordType
        - min
      type: object
      properties:
        type:
          type: string
          enum:
            - dns_min_answers
        recordType:
          minLength: 1
          type: string
          description: DNS record type whose answer count is checked
        min:
          type: integer
          description: Minimum number of answers required for that record type
          format: int32
    DnsRecordContainsAssertion:
      required:
        - type
        - recordType
        - substring
      type: object
      properties:
        type:
          type: string
          enum:
            - dns_record_contains
        recordType:
          minLength: 1
          type: string
          description: DNS record type to assert on (A, AAAA, CNAME, MX, TXT)
        substring:
          minLength: 1
          type: string
          description: Substring that must appear in a matching record value
    DnsRecordEqualsAssertion:
      required:
        - type
        - recordType
        - value
      type: object
      properties:
        type:
          type: string
          enum:
            - dns_record_equals
        recordType:
          minLength: 1
          type: string
          description: DNS record type to assert on (A, AAAA, CNAME, MX, TXT)
        value:
          minLength: 1
          type: string
          description: Expected DNS record value for an exact match
    DnsResolvesAssertion:
      type: object
      properties:
        type:
          type: string
          enum:
            - dns_resolves
      required:
        - type
    DnsResponseTimeAssertion:
      type: object
      properties:
        type:
          type: string
          enum:
            - dns_response_time
        maxMs:
          type: integer
          description: Maximum allowed DNS resolution time in milliseconds
          format: int32
      required:
        - type
        - maxMs
    DnsResponseTimeWarnAssertion:
      type: object
      properties:
        type:
          type: string
          enum:
            - dns_response_time_warn
        warnMs:
          type: integer
          description: DNS resolution time in milliseconds that triggers a warning only
          format: int32
      required:
        - type
        - warnMs
    DnsTtlHighAssertion:
      type: object
      properties:
        type:
          type: string
          enum:
            - dns_ttl_high
        maxTtl:
          type: integer
          description: Maximum TTL in seconds before a high-TTL warning is raised
          format: int32
      required:
        - type
        - maxTtl
    DnsTtlLowAssertion:
      type: object
      properties:
        type:
          type: string
          enum:
            - dns_ttl_low
        minTtl:
          type: integer
          description: Minimum acceptable TTL in seconds before a warning is raised
          format: int32
      required:
        - type
        - minTtl
    DnsTxtContainsAssertion:
      required:
        - type
        - substring
      type: object
      properties:
        type:
          type: string
          enum:
            - dns_txt_contains
        substring:
          minLength: 1
          type: string
          description: Substring that must appear in at least one TXT record
    HeaderValueAssertion:
      required:
        - type
        - headerName
        - expected
        - operator
      type: object
      properties:
        type:
          type: string
          enum:
            - header_value
        headerName:
          minLength: 1
          type: string
          description: HTTP header name to assert on
        expected:
          minLength: 1
          type: string
          description: Expected value to compare against
        operator:
          type: string
          description: >-
            Comparison operator (equals, contains, less_than, greater_than,
            etc.)
          enum:
            - equals
            - contains
            - less_than
            - greater_than
            - matches
            - range
    HeartbeatIntervalDriftAssertion:
      required:
        - type
        - maxDeviationPercent
      type: object
      properties:
        type:
          type: string
          enum:
            - heartbeat_interval_drift
        maxDeviationPercent:
          maximum: 100
          minimum: 1
          type: integer
          description: >-
            Max percent drift from expected ping interval before warning
            (non-fatal)
          format: int32
    HeartbeatMaxIntervalAssertion:
      required:
        - type
        - maxSeconds
      type: object
      properties:
        type:
          type: string
          enum:
            - heartbeat_max_interval
        maxSeconds:
          minimum: 1
          type: integer
          description: Maximum allowed gap in seconds between consecutive heartbeat pings
          format: int32
    HeartbeatPayloadContainsAssertion:
      required:
        - type
        - path
        - value
      type: object
      properties:
        type:
          type: string
          enum:
            - heartbeat_payload_contains
        path:
          minLength: 1
          type: string
          description: JSONPath expression into the heartbeat ping JSON payload
        value:
          type: string
          description: Expected value to compare against at that path
    HeartbeatReceivedAssertion:
      type: object
      properties:
        type:
          type: string
          enum:
            - heartbeat_received
      required:
        - type
    IcmpPacketLossAssertion:
      type: object
      properties:
        type:
          type: string
          enum:
            - icmp_packet_loss
        maxPercent:
          maximum: 100
          exclusiveMaximum: false
          minimum: 0
          exclusiveMinimum: false
          type: number
          description: >-
            Maximum allowed packet loss percentage before the check fails
            (0–100)
          format: double
      required:
        - type
        - maxPercent
    IcmpReachableAssertion:
      type: object
      properties:
        type:
          type: string
          enum:
            - icmp_reachable
      required:
        - type
    IcmpResponseTimeAssertion:
      type: object
      properties:
        type:
          type: string
          enum:
            - icmp_response_time
        maxMs:
          type: integer
          description: Maximum average ICMP round-trip time in milliseconds
          format: int32
      required:
        - type
        - maxMs
    IcmpResponseTimeWarnAssertion:
      type: object
      properties:
        type:
          type: string
          enum:
            - icmp_response_time_warn
        warnMs:
          type: integer
          description: ICMP round-trip time in milliseconds that triggers a warning only
          format: int32
      required:
        - type
        - warnMs
    JsonPathAssertion:
      required:
        - type
        - path
        - expected
        - operator
      type: object
      properties:
        type:
          type: string
          enum:
            - json_path
        path:
          minLength: 1
          type: string
          description: JSONPath expression to extract a value from the response body
        expected:
          minLength: 1
          type: string
          description: Expected value to compare against
        operator:
          type: string
          description: >-
            Comparison operator (equals, contains, less_than, greater_than,
            etc.)
          enum:
            - equals
            - contains
            - less_than
            - greater_than
            - matches
            - range
    McpConnectsAssertion:
      type: object
      properties:
        type:
          type: string
          enum:
            - mcp_connects
      required:
        - type
    McpHasCapabilityAssertion:
      required:
        - type
        - capability
      type: object
      properties:
        type:
          type: string
          enum:
            - mcp_has_capability
        capability:
          minLength: 1
          type: string
          description: Capability name the server must advertise, e.g. tools or resources
    McpMinToolsAssertion:
      type: object
      properties:
        type:
          type: string
          enum:
            - mcp_min_tools
        min:
          type: integer
          description: Minimum number of tools the server must expose
          format: int32
      required:
        - type
        - min
    McpProtocolVersionAssertion:
      required:
        - type
        - version
      type: object
      properties:
        type:
          type: string
          enum:
            - mcp_protocol_version
        version:
          minLength: 1
          type: string
          description: Expected MCP protocol version string from the server handshake
    McpResponseTimeAssertion:
      type: object
      properties:
        type:
          type: string
          enum:
            - mcp_response_time
        maxMs:
          type: integer
          description: Maximum allowed MCP check duration in milliseconds
          format: int32
      required:
        - type
        - maxMs
    McpResponseTimeWarnAssertion:
      type: object
      properties:
        type:
          type: string
          enum:
            - mcp_response_time_warn
        warnMs:
          type: integer
          description: MCP check duration in milliseconds that triggers a warning only
          format: int32
      required:
        - type
        - warnMs
    McpToolAvailableAssertion:
      required:
        - type
        - toolName
      type: object
      properties:
        type:
          type: string
          enum:
            - mcp_tool_available
        toolName:
          minLength: 1
          type: string
          description: MCP tool name that must appear in the server's tool list
    McpToolCountChangedAssertion:
      type: object
      properties:
        type:
          type: string
          enum:
            - mcp_tool_count_changed
        expectedCount:
          type: integer
          description: Expected tool count; warns when the live count differs
          format: int32
      required:
        - type
        - expectedCount
    RedirectCountAssertion:
      type: object
      properties:
        type:
          type: string
          enum:
            - redirect_count
        maxCount:
          type: integer
          description: Maximum number of HTTP redirects allowed before the check fails
          format: int32
      required:
        - type
        - maxCount
    RedirectTargetAssertion:
      required:
        - type
        - expected
        - operator
      type: object
      properties:
        type:
          type: string
          enum:
            - redirect_target
        expected:
          minLength: 1
          type: string
          description: Expected final URL after following redirects
        operator:
          type: string
          description: >-
            Comparison operator (equals, contains, less_than, greater_than,
            etc.)
          enum:
            - equals
            - contains
            - less_than
            - greater_than
            - matches
            - range
    RegexBodyAssertion:
      required:
        - type
        - pattern
      type: object
      properties:
        type:
          type: string
          enum:
            - regex_body
        pattern:
          minLength: 1
          type: string
          description: Regular expression the response body must match
    ResponseSizeAssertion:
      type: object
      properties:
        type:
          type: string
          enum:
            - response_size
        maxBytes:
          type: integer
          description: Maximum response body size in bytes before the check fails
          format: int32
      required:
        - type
        - maxBytes
    ResponseTimeAssertion:
      type: object
      properties:
        type:
          type: string
          enum:
            - response_time
        thresholdMs:
          type: integer
          description: Maximum allowed response time in milliseconds before the check fails
          format: int32
      required:
        - type
        - thresholdMs
    ResponseTimeWarnAssertion:
      type: object
      properties:
        type:
          type: string
          enum:
            - response_time_warn
        warnMs:
          type: integer
          description: HTTP response time in milliseconds that triggers a warning only
          format: int32
      required:
        - type
        - warnMs
    SslExpiryAssertion:
      type: object
      properties:
        type:
          type: string
          enum:
            - ssl_expiry
        minDaysRemaining:
          type: integer
          description: >-
            Minimum days before TLS certificate expiry; fails or warns below
            this threshold
          format: int32
      required:
        - type
        - minDaysRemaining
    StatusCodeAssertion:
      required:
        - type
        - expected
        - operator
      type: object
      properties:
        type:
          type: string
          enum:
            - status_code
        expected:
          minLength: 1
          type: string
          description: Expected status code, range pattern, or wildcard such as 2xx
        operator:
          type: string
          description: >-
            Comparison operator (equals, contains, less_than, greater_than,
            etc.)
          enum:
            - equals
            - contains
            - less_than
            - greater_than
            - matches
            - range
    TcpConnectsAssertion:
      type: object
      properties:
        type:
          type: string
          enum:
            - tcp_connects
      required:
        - type
    TcpResponseTimeAssertion:
      type: object
      properties:
        type:
          type: string
          enum:
            - tcp_response_time
        maxMs:
          type: integer
          description: Maximum TCP connect time in milliseconds before the check fails
          format: int32
      required:
        - type
        - maxMs
    TcpResponseTimeWarnAssertion:
      type: object
      properties:
        type:
          type: string
          enum:
            - tcp_response_time_warn
        warnMs:
          type: integer
          description: TCP connect time in milliseconds that triggers a warning only
          format: int32
      required:
        - type
        - warnMs
    BearerAuthConfig:
      type: object
      properties:
        type:
          type: string
          enum:
            - bearer
        vaultSecretId:
          type: string
          description: Vault secret ID holding the bearer token value
          format: uuid
          nullable: true
      required:
        - type
    BasicAuthConfig:
      type: object
      properties:
        type:
          type: string
          enum:
            - basic
        vaultSecretId:
          type: string
          description: Vault secret ID holding Basic auth username and password
          format: uuid
          nullable: true
      required:
        - type
    HeaderAuthConfig:
      required:
        - type
        - headerName
      type: object
      properties:
        type:
          type: string
          enum:
            - header
        headerName:
          minLength: 1
          pattern: ^[A-Za-z0-9\-_]+$
          type: string
          description: Custom HTTP header name for the secret value
        vaultSecretId:
          type: string
          description: Vault secret ID for the header value
          format: uuid
          nullable: true
    ApiKeyAuthConfig:
      required:
        - type
        - headerName
      type: object
      properties:
        type:
          type: string
          enum:
            - api_key
        headerName:
          minLength: 1
          pattern: ^[A-Za-z0-9\-_]+$
          type: string
          description: HTTP header name that carries the API key
        vaultSecretId:
          type: string
          description: Vault secret ID for the API key value
          format: uuid
          nullable: true
    TriggerRule:
      required:
        - scope
        - severity
        - type
      type: object
      properties:
        type:
          type: string
          description: Condition that opens or escalates an incident from check results
          enum:
            - consecutive_failures
            - failures_in_window
            - response_time
        count:
          type: integer
          description: Failure count for consecutive or windowed failure rules
          format: int32
          nullable: true
        windowMinutes:
          type: integer
          description: Window length in minutes for failures-in-window rules
          format: int32
          nullable: true
        scope:
          type: string
          description: Whether the rule applies per region or across regions
          nullable: true
          enum:
            - per_region
            - any_region
        thresholdMs:
          type: integer
          description: Response time threshold in milliseconds for response-time rules
          format: int32
          nullable: true
        severity:
          type: string
          description: Incident severity when this rule fires
          enum:
            - down
            - degraded
        aggregationType:
          type: string
          description: How response times are aggregated for response-time rules
          nullable: true
          enum:
            - all_exceed
            - average
            - p95
            - max
      description: Array of trigger rules defining when an incident should be raised
    ConfirmationPolicy:
      required:
        - type
        - minRegionsFailing
        - maxWaitSeconds
      type: object
      properties:
        type:
          type: string
          description: How incident confirmation is coordinated across regions
          enum:
            - multi_region
        minRegionsFailing:
          type: integer
          description: Minimum failing regions required to confirm an incident
          format: int32
        maxWaitSeconds:
          type: integer
          description: >-
            Maximum seconds to wait for enough regions to fail after first
            trigger
          format: int32
      description: Multi-region confirmation settings
    RecoveryPolicy:
      type: object
      properties:
        consecutiveSuccesses:
          type: integer
          description: Consecutive passing checks required to auto-resolve the incident
          format: int32
        minRegionsPassing:
          type: integer
          description: Minimum regions that must be passing before recovery can complete
          format: int32
        cooldownMinutes:
          type: integer
          description: >-
            Minutes after resolve before a new incident may open on the same
            monitor
          format: int32
      description: Auto-recovery settings
      required:
        - consecutiveSuccesses
        - minRegionsPassing
        - cooldownMinutes
  securitySchemes:
    BearerAuth:
      type: http
      description: API key (dh_live_...) or Auth0 JWT token
      scheme: bearer
      bearerFormat: JWT

````