Skip to content

Release v0.5.0

Latest

Choose a tag to compare

@github-actions github-actions released this 07 Jul 15:15

InsightFlare v0.5.0 moves operational visibility down to the request entry layer, building a more complete loop around bot protection, abnormal request diversion, and request observation.

This release focuses on "bot defense and observation." Sites can identify high-risk bot traffic at the collection entry point, divert it away from the normal analytics path, and use Cloudflare Analytics Engine to inspect bot requests, normal requests, abnormal ratios, source distribution, and recent request details. System administrators can also configure Analytics Engine read credentials in the management area, open the request observation page, and get clearer deployment and configuration feedback when Analytics Engine has not been enabled yet.

Note: Starting with this update, InsightFlare uses Cloudflare Analytics Engine for additional enhanced analysis. You need to enable Analytics Engine in the Cloudflare Dashboard first before InsightFlare can use it.

Open https://dash.cloudflare.com/?to=/:account/workers/analytics-engine and click the "Enable" button on the right. After that, InsightFlare will automatically bind Analytics Engine to your Cloudflare account during deployment.

Highlights

  • Added bot traffic diversion. The collection entry point now combines isbot, Cloudflare Bot Score, verified bot categories, ASN classification, and request characteristics to identify bot requests and separate high-confidence bot traffic from the normal analytics path.
  • Added signed collect tokens. The tracking script and collection endpoint now use signed tokens for stronger validation, reducing the risk of third parties forging collection requests directly.
  • Added a request observation page. Administrators can inspect total request volume, bot request ratio, the normal collection path, abnormal request trends, Bot Score buckets, verified bot categories, ASN types, and recent request details.
  • Added Analytics Engine system settings. Administrators can configure the Cloudflare Account ID and API Token used to read the bot and normal request datasets in Analytics Engine.
  • Added normal request Analytics Engine records. In addition to bot requests, normal collection requests are written to a separate dataset, making it easier to compare diverted requests with requests that entered the product analytics path.
  • Improved the bot request detail drawer by preserving geographic coordinates, request context, identification reasons, and trace information, making false positives, crawler sources, and abnormal access patterns easier to investigate.
  • Improved the Analytics Engine deployment experience. When Analytics Engine is not enabled on a Cloudflare account, the publish flow can fall back to a configuration without the binding and show clear hints in system settings and request observation.
  • Added Japanese UI support and continued improving Chinese, English, and Japanese copy so the management area, request observation, and system settings pages feel more consistent across languages.

Changes Since v0.4.0

  • Added request-observation entry protection logic covering User-Agent, Cloudflare Bot Management fields, ASN risk tiers, and verified bot information.
  • Added collect token generation, verification, and script-side injection so collection requests carry short-lived validation information issued by the server.
  • Changed collection endpoint behavior: bot requests are now written to the bot Analytics Engine dataset and no longer continue into the normal visit ingestion flow.
  • Added normal request Analytics Engine writes so the request observation page can compare the normal request path with abnormal diversion.
  • Added a request observation management page and connected it to the root management navigation, allowing system administrators to inspect request entry status from the global management area.
  • Added request observation demo data and page mocks so Demo Mode can show bot requests, normal requests, and abnormal request trends.
  • Added the Bot Analytics configuration model, validation, sensitive field redaction, and management APIs.
  • Improved the system settings structure with Analytics Engine configuration, guide dialogs, disabled-state hints, and save/delete feedback.
  • Optimized Analytics Engine query windows, time buckets, and compatibility handling to reduce offset and empty-window issues across time ranges.
  • Improved dashboard floating layers, drawers, tables, and export adapters to reduce click-through, layout shifting, and inconsistent complex table behavior.
  • Added a runtime configuration error page and strengthened root runtime secret requirements, making missing critical deployment configuration fail with clearer reasons.
  • Improved geo map loading, coordinate preservation, and geo table row height, making request details and map-related views more stable.
  • Standardized build, preview, deploy, publish, and operations scripts, reducing differences across the Cloudflare Worker lifecycle commands.

Developer Experience

  • Added scripts/build.ts, scripts/deploy.ts, scripts/publish.ts, scripts/preview.ts, and scripts/ops.ts as unified entry points for build, publish, preview, and operations workflows.
  • Refactored the Cloudflare build flow, replacing the old scripts/cf-build.ts and centralizing target environments, database bindings, and deployment parameters.
  • Added Analytics Engine availability detection and wrangler configuration override tests covering root and multi-environment deployment scenarios.
  • Expanded test coverage for bot protection, collect tokens, request observation, Bot Analytics management APIs, Analytics Engine writes, and request observation mocks.
  • Improved i18n checks, message generation, and unused copy pruning, and added type and copy coverage for the Japanese locale.
  • Adjusted Vitest and test helper configuration to improve stability for edge runtime, management API, and dashboard component tests.

Upgrade Notes

  • To enable request observation, first enable Analytics Engine in Cloudflare Workers & Pages, then redeploy InsightFlare so the bot and normal request datasets are bound.
  • After enabling Analytics Engine, enter your Cloudflare Account ID and an API Token with Analytics Engine read permission in system settings.
  • If Analytics Engine is not enabled on the current Cloudflare account, the app can still deploy and run, but request observation and Bot Analytics pages will show a setup-required or enable-required state.
  • This release strengthens collection entry security. Custom integrations that call /collect directly should use the latest tracking script or otherwise become compatible with the new signed collect token flow.
  • Make sure the deployment environment has a sufficiently strong MAIN_SECRET configured. Deployments without the root runtime secret are explicitly rejected to avoid unsafe default secrets.