Observability
Operational observability boundaries for cron health, webhooks, billing events, abuse trends, D1/R2 usage, and admin dashboards.
What operators watch
The admin ops view should focus on service health and metadata-only signals: cron health, webhook failures, billing failures, D1 table counts, R2 encrypted-byte trends, Turnstile/abuse trends, API Shield drift, and email OTP delivery failures.
- Cron health
- Webhook failures
- Billing failures
- D1/R2 trends
- Abuse trends
Redaction boundary
Observability must never capture plaintext, URL fragments, passphrases, opening codes, full private URLs, account tokens, API keys, recovery codes, OAuth tokens, or sensitive filenames.
- Metadata only
- Redacted identifiers
- No private payloads
Alert posture
Alerts should classify warning/error severity, show the affected surface, and suggest an action. They should not include customer secret material or replayable credentials.
- Severity
- Suggested action
- No replayable material