As developers, we know that building an AI-powered platform like TasksForge.ai — an intelligent assistant for project management elaboration — is only part of the journey. Ensuring reliability, observability, and security is the other half.
In this post, I want to share a minimal and efficient method I implemented to monitor the health and system resources of the tasksforge.ai SaaS platform using the simple script tool: tasksMonitorTool, powered by the ultra-fast UV Python runtime.
🧠 Context: Managing the tasksforge.ai Platform
tasksforge.ai is structured as a modular, secure SaaS platform where:
- The backend (BE) is isolated inside a private internal network, only accessible by the Next.js frontend (FE) that handles user interactions.
- A separate SaaS management layer is under development to manage:
- Subscriptions
- User permissions
- Server health monitoring (DB, website, APIs, system resources)
❌ Option 1: Internal /api/health Endpoint with psutil
One approach is to integrate psutil directly into the backend and expose a /api/health endpoint.
But this presents several drawbacks:
- Introduces extra load on the backend.
- Violates the isolation principle (monitoring is now tied to app runtime).
- Not scalable for short interval queries (e.g., every 10s).
✅ Option 2: External Monitor via UV Script and SSH
To decouple monitoring from the backend and maintain performance, I implemented a separate, isolated monitoring script that:
- Is written in Python
- Runs using UV for speed and isolation
- Is executed remotely via SSH from my local machine
This keeps the backend clean and the resource monitoring fully externalized.
🔒 Security Concerns: SSH & Internal Network Design
Security was central to this approach. Here’s how I designed it:
🧱 Network Isolation
- The backend server is inside a private internal network, with no direct internet exposure.
- Only the frontend (Next.js) has access to the backend APIs — it acts as a gateway.
- The SaaS management platform is also isolated and lives in a separate internal network.
🔐 SSH Access Model
- Access to monitoring is performed via SSH using public/private key authentication only.
- No passwords. No open ports to the world.
- The monitor script can only be invoked through a secure SSH tunnel:
ssh -i ~/.ssh/forge-monitor user@internal-ip 'uv run ~/monitor/monitor.py --json'
🔄 SSH Tunnel (if remote access is required)
- To manage from the internet, I occasionally use SSH tunneling:
ssh -i ~/.ssh/forge-monitor -L 9000:localhost:9000 user@gateway-server
This maintains full encryption, access control, and keeps internal services hidden from the public internet.
🧠 The golden rule: internal services are never directly exposed — they are reachable only through private, authenticated tunnels.
⚙️ How the Monitor Works
The tool checks:
- CPU, memory, and disk usage
- Database connection health
- Backend/website availability via HTTP requests or sockets
Run It (Locally or via SSH):
ssh user@server 'uv run ~/monitor/monitor.py --json'
Output example
{
"status": "healthy",
"cpu_usage": 11.6,
"memory_total": 33325473792,
"memory_available": 10426048512,
"memory_used": 20279836672,
"memory_percent": 68.7,
"disk_total": 980799373312,
"disk_used": 339543687168,
"disk_free": 591358361600,
"disk_percent": 36.5,
"disk_read_bytes": 21832974848,
"disk_write_bytes": 491035527168
}
Or use a custom alias:
alias checkforge="ssh user@server '~/monitor/run_monitor.sh'"
checkforge
🖼️ Visual Output
From command line
Integration into a saas platform management app
🧩 Conclusion
This approach ensures:
- ✅ No performance hit to the AI backend
- ✅ Full security via SSH tunneling and network isolation
- ✅ Ease of access for DevOps without needing public endpoints
Check out the tool here:
🔗 GitHub – tasksMonitorTool
I’ll continue sharing how I scale and secure the tasksforge.ai platform — stay tuned!