protean observatory
The observatory command runs the Protean Observatory — a dedicated
observability dashboard for real-time monitoring of the Protean event pipeline.
It runs on its own port (default 9000), separate from your application API
server.
The Observatory provides:
- An embedded HTML dashboard at the root URL
- Server-Sent Events (SSE) for real-time trace streaming
- REST API endpoints for health, outbox status, stream info, and throughput stats
- A Prometheus-compatible metrics endpoint
Usage
protean observatory [OPTIONS]
Options
| Option | Description | Default |
|---|---|---|
--domain |
Domain module path(s) to monitor. Repeatable for multi-domain setups. | (required) |
--host |
Host to bind the server to. Loopback by default; see Security. | 127.0.0.1 |
--port |
Port to bind the server to. | 9000 |
--title |
Title shown in the dashboard. | Protean Observatory |
--help |
Shows the help message and exits. |
Starting the Observatory
Single domain
To launch the observatory for a single domain:
protean observatory --domain auth
This will start the dashboard on http://127.0.0.1:9000 (loopback only). Read
Domain Discovery for options to specify the domain.
Multiple domains
To monitor several domains at once (e.g. in a multi-domain application):
protean observatory --domain identity --domain catalogue
Each --domain value is resolved and initialized independently. The dashboard
shows combined data from all monitored domains.
Custom host and port
To reach the Observatory from another machine you must bind a non-loopback address explicitly. Do this only on a trusted network; see Security.
protean observatory --domain auth --host 0.0.0.0 --port 8080
Custom title
protean observatory --domain auth --title "My App Observatory"
Verbose logging
To raise the log verbosity, pass the global --log-level DEBUG flag before the
subcommand:
protean --log-level DEBUG observatory --domain auth
You can combine options as needed:
protean --log-level DEBUG observatory --domain identity --domain catalogue --host 127.0.0.1 --port 3000 --title "ShopStream Observatory"
Endpoints
Pages
HTML views rendered by the dashboard. See Explore your domain in the Observatory for how to use them.
| Endpoint | Description |
|---|---|
GET / |
Dashboard home |
GET /domain |
Domain Visualizer (Topology, Event Flows, Process Managers) |
GET /timeline |
Event timeline browser, correlation chains, Traces tab |
GET /eventstore |
Event store streams view |
GET /handlers |
Registered handlers view |
GET /processes |
Process manager instances view |
GET /infrastructure |
Infrastructure status view |
GET /stream |
SSE real-time trace events |
API
JSON endpoints, all mounted under /api.
| Endpoint | Description |
|---|---|
GET /api/health |
Infrastructure health checks |
GET /api/outbox |
Outbox status per domain |
GET /api/streams |
Redis stream information |
GET /api/stats |
Throughput and error rate statistics |
GET /api/domain/ir |
Domain IR transformed into a D3 graph (nodes, links, clusters, flows, stats) |
GET /api/timeline/events |
Paginated, filterable event list from $all |
GET /api/timeline/events/{message_id} |
Single event with full payload and metadata |
GET /api/timeline/stats |
Timeline summary statistics |
GET /api/timeline/correlation/{correlation_id} |
All events in a correlation chain, with causation tree |
GET /api/timeline/aggregate/{stream_category}/{aggregate_id} |
Full event history for one aggregate instance |
GET /api/timeline/traces/recent |
Most recent correlation chains |
GET /api/timeline/traces/search |
Search chains by aggregate / event / command / stream |
GET /metrics |
Prometheus text exposition metrics |
Security
The Observatory has no authentication. It exposes the domain's internal structure (aggregates, events, handlers, process managers), the full event stream and correlation chains, and Dead Letter Queue management endpoints that can retry or delete messages. Treat it as a privileged operations console.
- It binds to loopback (
127.0.0.1) by default, so it is reachable only from the local machine. - To reach it from elsewhere, bind a non-loopback address explicitly
(
--host 0.0.0.0). The Observatory logs a warning when it does so. - Expose it only on a trusted network, and only behind an authenticating
reverse proxy (or an SSH tunnel /
kubectl port-forward). Never expose it directly to the public internet.