Observability Configuration
Keeptrusts exposes a Prometheus-compatible gateway metrics endpoint. Use
/metrics for the metric families the gateway emits. Query kt events or
GET /v1/events with required since for request-level policy decisions and
rejection reasons; use capture-enabled History for retained session context
and Trail for control-plane audit chronology.
Supported surface
| Surface | Use |
|---|---|
GET /metrics | Prometheus-format gateway metrics exposed on the gateway listener |
GET /keeptrusts/providers/metrics | Provider-level metrics for debugging routing and upstream behavior |
kt events tail or GET /v1/events with required since | Runtime request evidence and policy outcomes |
| History, when capture is enabled | Retained request or session context |
| Trail | Control-plane changes, audit chronology, and evidence workflows |
Basic check
Start the gateway and scrape metrics from the same listener:
kt gateway run --agent docs-observability --listen 127.0.0.1:41002 --policy-config policy-config.yaml
curl http://localhost:41002/metrics
Provider-level metrics are available separately:
curl http://localhost:41002/keeptrusts/providers/metrics
Dashboard guidance
The default /metrics registry currently exposes:
kt_gateway_requests_total, labelled by HTTP method, status bucket, and providerkt_gateway_policy_eval_duration_seconds, an unlabelled policy-chain latency histogramkt_gateway_upstream_errors_total, labelled by provider and error type- cache hit and miss counters, dropped-event count, and active connections
- Unified Access control-plane and relay counters, plus relay latency
GET /keeptrusts/providers/metrics is a JSON snapshot with per-provider sample
count, TTFT and throughput percentiles, and the latest recorded health sample.
Prometheus scrape health is available through the scraper's standard up
series.
The gateway does not currently emit route-labelled request latency, policy
verdict counts, fallback counts, or dedicated size-limit and rate-limit
rejection metrics. Use status-labelled request counts for aggregate changes,
kt events or the Events API for request outcomes, capture-enabled History
for retained session context, and Trail for control-plane chronology. Do
not build dashboards around metric names or labels that are not present in a
live scrape.
Configuration boundaries
Do not add callback or health-monitor YAML blocks to policy-config.yaml unless another product page explicitly documents them as supported configuration fields. For customer dashboards and alerts, rely on the metrics endpoints and evidence surfaces listed above.