diff --git a/mnemosyne/mcp_server/auth.py b/mnemosyne/mcp_server/auth.py
index 36dc989..7fdcb8e 100644
--- a/mnemosyne/mcp_server/auth.py
+++ b/mnemosyne/mcp_server/auth.py
@@ -200,8 +200,16 @@ class MCPAuthMiddleware(Middleware):
     MCP_REQUIRE_AUTH=False.
     """
 
+    # Tools that don't touch user data and must be callable without a token
+    # (e.g. Pallas health pollers, agent startup probes).
+    _PUBLIC_TOOLS = {"get_health"}
+
     async def on_call_tool(self, context: MiddlewareContext, call_next):
         require_auth = getattr(settings, "MCP_REQUIRE_AUTH", True)
+
+        if require_auth and self._extract_tool_name(context) in self._PUBLIC_TOOLS:
+            return await call_next(context)
+
         token_string = self._extract_token()
 
         user = None