waypoint-monitor TUI
waypoint-monitor is a separate binary that gives operators a live, terminal-UI view of every running Waypoint instance.
go build ./cmd/waypoint-monitor/waypoint-monitor -config waypoint-monitor.tomlHow discovery works
Section titled “How discovery works”Each Waypoint instance publishes a heartbeat record to Redis with a TTL. ✓ TestHeartbeat internal/heartbeat/heartbeat_test.go:35 The monitor reads the same Redis (using the same key_prefix) and renders one row per live instance. ✓ TestDiscoverInstances internal/monitor/monitor_test.go:223
Add the matching Redis section to waypoint-monitor.toml:
[redis]address = "localhost:6379"key_prefix = "waypoint:"
[tailscale]hostname = "waypoint-mgr"state_dir = "/var/lib/waypoint-monitor/tsnet"The monitor also runs on the tailnet so it can poll instances directly for per-connection detail.
SSH access to the monitor
Section titled “SSH access to the monitor”The monitor can expose itself over Tailscale SSH, including as a Tailscale Service:
[ssh]enabled = trueservice = "svc:waypoint-ssh"This lets multiple operators connect to the same monitor view without each running their own copy.
What you can see
Section titled “What you can see”- Instance hostname, uptime ✓
TestUptimeinternal/monitor/monitor_test.go:21 , version. - Active connections per listener.
- Per-user bandwidth and connection counts. ✓
TestListUsers_WithBandwidthinternal/monitor/monitor_test.go:175 ✓TestGetUserStats_WithBandwidthinternal/monitor/monitor_test.go:95 - Recent auth failures and limit violations.
The monitor is read-only — it does not change ACLs, kill connections, or restart instances.