Monitoring your platform app with UV and tasksMonitorTool: A Lightweight & Secure Approach

In this post, I want to share a minimal and efficient method I implemented to monitor the health and system resources of the tasksforge.ai SaaS platform using the simple script tool: tasksMonitorTool, powered by the ultra-fast UV Python runtime.

🧠 Context: Managing the tasksforge.ai Platform

tasksforge.ai is structured as a modular, secure SaaS platform where:

• The backend (BE) is isolated inside a private internal network, only accessible by the Next.js frontend (FE) that handles user interactions.
• A separate SaaS management layer is under development to manage:
  • Subscriptions
  • User permissions
  • Server health monitoring (DB, website, APIs, system resources)

❌ Option 1: Internal /api/health Endpoint with psutil

One approach is to integrate psutil directly into the backend and expose a /api/health endpoint.

But this presents several drawbacks:

• Introduces extra load on the backend.
• Violates the isolation principle (monitoring is now tied to app runtime).
• Not scalable for short interval queries (e.g., every 10s).

✅ Option 2: External Monitor via UV Script and SSH

To decouple monitoring from the backend and maintain performance, I implemented a separate, isolated monitoring script that:

• Is written in Python
• Runs using UV for speed and isolation
• Is executed remotely via SSH from my local machine

This keeps the backend clean and the resource monitoring fully externalized.

🔒 Security Concerns: SSH & Internal Network Design

Security was central to this approach. Here's how I designed it:

🧱 Network Isolation

• The backend server is inside a private internal network, with no direct internet exposure.
• Only the frontend (Next.js) has access to the backend APIs; it acts as a gateway.
• The SaaS management platform is also isolated and lives in a separate internal network.

🔐 SSH Access Model

• Access to monitoring is performed via SSH using public/private key authentication only.
• No passwords. No open ports to the world.
• The monitor script can only be invoked through a secure SSH tunnel:

ssh -i ~/.ssh/forge-monitor user@internal-ip 'uv run ~/monitor/monitor.py --json' 

🔄 SSH Tunnel (if remote access is required)

• To manage from the internet, I occasionally use SSH tunneling:

ssh -i ~/.ssh/forge-monitor -L 9000:localhost:9000 user@gateway-server 

This maintains full encryption, access control, and keeps internal services hidden from the public internet.

🧠 The golden rule: internal services are never directly exposed — they are reachable only through private, authenticated tunnels.

⚙️ How the Monitor Works

The tool checks:

• CPU, memory, and disk usage
• Database connection health
• Backend/website availability via HTTP requests or sockets Run It (Locally or via SSH):

ssh user@server 'uv run ~/monitor/monitor.py --json' 

Output example

{ "status": "healthy", "cpu_usage": 11.6, "memory_total": 33325473792, "memory_available": 10426048512, "memory_used": 20279836672, "memory_percent": 68.7, "disk_total": 980799373312, "disk_used": 339543687168, "disk_free": 591358361600, "disk_percent": 36.5, "disk_read_bytes": 21832974848, "disk_write_bytes": 491035527168 } 

Or use a custom alias:

alias checkforge="ssh user@server '~/monitor/run_monitor.sh'" checkforge 

🖼️ Visual Output

From the command line

Integration into a saas platform management app

🧩 Conclusion

This approach ensures:

• ✅ No performance hit to the AI backend
• ✅ Full security via SSH tunneling and network isolation
• ✅ Ease of access for DevOps without needing public endpoints

Check out the tool here:
🔗 GitHub – tasksMonitorTool

I’ll continue sharing how I scale and secure the tasksforge.ai platform — stay tuned!