Documentation

Oack is an uptime and performance monitoring platform with deep TCP-level telemetry, multi-channel alerting, and AI-assisted troubleshooting via MCP. Run checkers on your own infrastructure, get notified in seconds, and diagnose issues all the way down to the network layer.

Quick Start

Get monitoring in three steps:

1. 1. Create an account — Sign up at app.oack.io and create your first team.
2. 2. Add a monitor — Enter the URL you want to watch, pick an HTTP method, set the check interval, and choose a checker region.
3. 3. Configure alerts — Create alert channels (Slack, Discord, Telegram, PagerDuty, Email, or Webhook) and link them to your monitor. You'll be notified within seconds when something goes wrong.

HTTP Monitoring

Each monitor performs an HTTP/HTTPS request to your endpoint at a configurable interval. Every probe captures:

• Full timing breakdown — DNS lookup, TCP connect, TLS handshake, send, wait (TTFB), and receive phases.
• HTTP headers & body — Request and response headers plus truncated body (1 KB) captured on every probe.
• TCP metrics — Kernel-level TCP_INFO data including RTT, retransmits, congestion window, and segment counters.
• Packet capture — Optional per-probe pcap of the full HTTP exchange (SYN to FIN) for deep post-mortem analysis.

Monitors support custom HTTP methods (GET, POST, HEAD, etc.), custom headers, request body, and configurable timeouts. Check intervals range from 30 seconds (Business) to 5 minutes (Free).

Health Rules

Health rules define when a monitor is considered up or down. Each monitor has:

• Success criteria — Expected HTTP status codes (e.g. 200-299) and maximum latency threshold.
• Failure threshold — Number of consecutive failing probes required before the monitor transitions from UP to DOWN.
• Recovery threshold — Number of consecutive passing probes required before the monitor transitions from DOWN back to UP.

A probe that exceeds the latency threshold or returns an unexpected status code counts as a failure. Probe-level errors (timeouts, DNS failures, connection refused) also count as failures.

SSL & Domain Expiration

Oack automatically monitors SSL certificate and domain registration expiration for every active monitor. A daily sweep checks:

• SSL certificates — TLS handshake reads the leaf certificate's expiration date.
• Domain registration — RDAP protocol (the ICANN standard replacement for WHOIS) checks registration expiry.

Notifications are sent through your linked alert channels at configurable thresholds (default: 30, 14, 7, and 1 days before expiration). Duplicate alerts are suppressed until the next threshold. Available on Pro and Business plans.

Alert Channels

Alert channels define where notifications are sent when a monitor changes state. Supported channel types:

Telegram uses a one-click deep-link flow — no bot tokens or chat IDs to configure manually. Webhook payloads include HMAC signatures for verification.

Alert Behavior

Monitors notify only explicitly linked alert channels. If no channels are linked, the monitor stays silent. This gives you full control over which monitors trigger which notifications.

Alert events are dispatched on two transitions:

• DOWN — fired when the failure threshold is reached. Includes monitor URL, status code, and error details.
• Recovery — fired when the recovery threshold is reached. Includes downtime duration.

Failed deliveries are logged but never block monitoring or other channel deliveries.

Uptime, MTBF & MTTR

Oack computes three reliability metrics from monitor status change history:

• Uptime % — percentage of time the monitor was in the UP state within the selected window.
• MTBF — Mean Time Between Failures. Average duration between consecutive DOWN incidents.
• MTTR — Mean Time To Recovery. Average duration of DOWN incidents before recovery.

Metrics are available over 7-day, 30-day, 90-day, and 365-day windows. Paused or blocked periods are excluded from calculations.

Probe Aggregation

For time ranges longer than 12 hours, probes are automatically aggregated into time buckets using SQL-level statistical functions.

Available aggregation functions: avg, median, min, max, p75, p90, p95, p99.

Bucket size scales with range: 5m buckets for 12-24h, up to 12h buckets for 90d+. Each bucket includes all six timing phases, probe count, and error count. Maximum 1,000 buckets per query.

TCP Telemetry

Every probe captures kernel-level TCP_INFO metrics with zero overhead. This gives you visibility into network behavior that HTTP-level monitoring alone can't provide:

• RTT (Round-Trip Time) — Smoothed RTT and RTT variance as seen by the kernel.
• Retransmits — Total retransmitted segments during the connection.
• Congestion window — TCP congestion window size, indicating bandwidth capacity.
• Segment counters — Segments sent and received during the exchange.

Rules of thumb: retransmits above zero indicate packet loss; RTT variance much higher than smoothed RTT suggests jitter; a small congestion window relative to expected bandwidth hints at congestion or path issues.

Performance Percentiles

When you open a probe's detail view, Oack computes a percent rank for each latency fraction — telling you where this probe sits relative to all successful probes for the same monitor.

The score answers: "what percentage of probes had an equal or lower value?" A higher percentile means the probe was slower than most. A lower percentile means it was faster than most.

Reading the score

Latency fractions

Percentiles are computed independently for each phase of the HTTP request:

Time windows

Each fraction is ranked across four time windows to distinguish short-term spikes from long-term trends:

• 1 day — Detects recent anomalies. High percentile here but normal at 7d+ suggests a transient issue.
• 7 days — Weekly baseline. Accounts for day/night traffic patterns.
• 30 days — Monthly baseline. Smooths out weekly variance.
• 90 days — Long-term baseline. High percentile at 90d with normal 1d suggests the endpoint has improved over time.

Only successful probes (HTTP status > 0, no error) are included in the percentile calculation. Fractions with a value of zero (e.g. tls_ms on plain HTTP) show null percentiles.

Probe Sharing

Share probe data with anyone using permalink share links. Any team member can create a share link for a monitor, selecting a specific time range to expose.

• Time range — Pick the exact start and end timestamps for the probes you want to share.
• Expiration — Choose how long the link stays active: 1 hour, 24 hours, 7 days, 30 days, or 1 year.
• Access mode — Public links work for anyone with the URL. Authenticated links require the viewer to be logged in.
• View count — Every share link tracks how many times it has been viewed.

Shared views include probe list and time-series aggregation charts. Each user can have up to 100 active share links. Links can be revoked at any time by the creator or any team admin.

Redaction Groups

When creating a share link you can hide sensitive data from viewers. Redaction is applied server-side — redacted fields are stripped from API responses, not just hidden in the UI.

Multiple redaction groups can be combined on a single share link.

Network Checker

A network checker (also called a dedicated checker) is an agent that runs on your infrastructure, connects to Oack, and performs HTTP health checks against your monitors. This lets you monitor endpoints from inside your network, behind firewalls, or from specific geographic locations.

Checkers operate in two modes:

• Shared — available to all accounts. Oack runs shared checkers in multiple regions.
• Dedicated — private to your account. You deploy and manage the checker binary on your own servers.

Checker assignment supports pinning to a specific checker, or geographic preferences (country and macro-region). If a checker goes offline, monitors are automatically reassigned to another available checker in the same region.

Checker Installation

The checker binary supports Linux (amd64, arm64), macOS (Intel & Apple Silicon), and FreeBSD (amd64, arm64).

Binary install

curl -sSfL "https://raw.githubusercontent.com/greggyNapalm/network-tester/refs/heads/main/install-network-tester.sh" | bash

Optional flags: --version VERSION, --dir DIR (default: /usr/local/bin).

Docker

docker pull greggynapalm/network-tester:latest

mkdir -p $HOME/.net-checker-data
docker run --rm \
    -v $HOME/.net-checker-data:/data \
    greggynapalm/network-tester:latest \
    --token-db /data/tokens.db --mode shared

The checker is free to use. Pre-built binaries and Docker images are available on the GitHub releases page.

MCP (AI-Assisted Troubleshooting)

Oack exposes a Model Context Protocol server that lets AI agents (Claude Code, Claude Desktop, etc.) read your monitoring data. All MCP tools are read-only.

Available tools include:

• Account & team navigation
• Monitor listing, details, metrics, and expiration status
• Probe listing, detail, and aggregation
• Alert channels and events
• Checker & geo information
• Status overview, SLA reports, and incident lists

Authorization uses OAuth 2.0 with PKCE. Access tokens are valid for 1 hour with 90-day refresh tokens. The transport is HTTP + SSE with JSON-RPC messaging.

{
  "mcpServers": {
    "oack": {
      "type": "http",
      "url": "https://api.oack.io/mcp/"
    }
  }
}

To allow Claude to use all Oack MCP tools without permission prompts:

/permissions add mcp__oack__* "allow all Oack MCP tools"

REST API

All platform functionality is available through the REST API at https://api.oack.io/api/v1/. Browse the full Swagger documentation for details. Key resource groups:

• /accounts — account CRUD, subscriptions, members, invites
• /teams — team CRUD, members, invite links, alert channels
• /teams/:id/monitors — monitor CRUD, probes, metrics, aggregation, expiration
• /checkers — checker management and geo data
• /geo/regions — available checker regions for online checkers
• /oauth — authorization, token exchange, client registration

Account Roles

Every user in an account has one of five roles. The role determines what the user can do across all teams that belong to the account.

Account owners and admins are automatically treated as admins in every team under the account, even if they are not explicitly added to those teams.

Team Roles

Teams have their own role system that controls access to monitors and alert channels within the team.

Permissions Summary

The table below shows which actions require which minimum role.

Plan Comparison

When a paid subscription expires, monitors and alerts keep running. You lose access to advanced analytics and probe history beyond 30 minutes until you resubscribe. See Pricing for full details.