diff --git a/src/env/schema.mjs b/src/env/schema.mjs
index 3754fb6..4fd8e14 100644
--- a/src/env/schema.mjs
+++ b/src/env/schema.mjs
@@ -10,6 +10,7 @@ export const serverSchema = z.object({
   GITHUB_API_TOKEN: z.string(),
   DIRECTUS_API_TOKEN: z.string(),
   DIRECTUS_REVALIDATE_KEY: z.string(),
+  HEALTHCHECK_SECRET: z.string(), // Added for healthcheck route
   NODE_ENV: z.enum(["development", "test", "production"]),
   TITLE: z.preprocess((value) => {
     if (value === undefined || value === "") return null;
diff --git a/src/pages/api/healthcheck.ts b/src/pages/api/healthcheck.ts
new file mode 100644
index 0000000..94813b7
--- /dev/null
+++ b/src/pages/api/healthcheck.ts
@@ -0,0 +1,24 @@
+import type { NextApiRequest, NextApiResponse } from "next";
+import directus from "@/utils/directus";
+import { env } from "@/env/server.mjs";
+import { readItems } from "@directus/sdk";
+
+export default async function handler(
+  req: NextApiRequest,
+  res: NextApiResponse,
+) {
+  const secret = req.headers["authorization"];
+  if (typeof secret !== "string" || secret !== env.HEALTHCHECK_SECRET) {
+    return res.status(401).json({ error: "Unauthorized" });
+  }
+
+  try {
+    // Try a simple Directus API call (fetch one project)
+    await directus.request(readItems("project", { limit: 1 }));
+    return res.status(200).json({ status: "ok" });
+  } catch (error) {
+    return res
+      .status(500)
+      .json({ error: "Directus unhealthy", details: String(error) });
+  }
+}