Skip to content

Commit 2a3b8a4

Browse files
committed
chore: new version
1 parent 6a40d5c commit 2a3b8a4

13 files changed

Lines changed: 144 additions & 845 deletions

File tree

.github/readme/README.en.md

Lines changed: 38 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -169,10 +169,26 @@ After filling in the variables, wait about 3 minutes for the deployment to finis
169169
![056](/.github/screenshot/056.webp)
170170
![057](/.github/screenshot/057.webp)
171171

172+
### Multi-Dimensional Bot Protection and Request Observation
173+
174+
![058](/.github/screenshot/058.webp)
175+
![059](/.github/screenshot/059.webp)
176+
![060](/.github/screenshot/060.webp)
177+
![061](/.github/screenshot/061.webp)
178+
![062](/.github/screenshot/062.webp)
179+
172180
---
173181

174182
## Advanced Configuration
175183

184+
### Enable Analytics Engine for Deep Analysis
185+
186+
Some optional InsightFlare features, such as bot traffic detection, use Cloudflare Analytics Engine for enhanced analysis while keeping pressure off the primary database.
187+
188+
This requires enabling Analytics Engine manually. Open the [Cloudflare Dashboard](https://dash.cloudflare.com/?to=/:account/workers/analytics-engine) and click the "Enable" button on the right. After that, InsightFlare will automatically bind Analytics Engine to your Cloudflare account during deployment.
189+
190+
Once enabled, InsightFlare can write data to Analytics Engine. Reading those datasets requires an API Token. In system settings, enter your Cloudflare Account ID and an API Token with the "Account Analytics" read permission. See the "Guide" button in the InsightFlare dashboard settings page for details.
191+
176192
### Connect AI Agents for Analysis
177193

178194
InsightFlare exposes Skills for AI Agents. You can connect your InsightFlare deployment to agents such as OpenClaw, Codex, Claude Code, and others, so they can access InsightFlare data directly for analysis and report generation.
@@ -338,28 +354,28 @@ Set `NEXT_PUBLIC_DEMO_MODE=1` to make the development server automatically enabl
338354

339355
## Common Commands
340356

341-
| Command | Purpose |
342-
| --------------------------------- | ------------------------------------------------------------------ |
343-
| `npm run dev` | Local Worker + dashboard development (use `http://127.0.0.1:8787`) |
344-
| `npm run dev:ui` | Start only the Next.js UI dev server in Demo Mode |
345-
| `npm run preview:local` | Build with local resources and run Wrangler preview |
346-
| `npm run build` | Cloudflare managed build entrypoint |
347-
| `npm run build:local` | Local precheck + local D1 migration + build |
348-
| `npm run build:demo` | Demo build without resource bindings |
349-
| `npm run deploy` | Cloudflare managed deploy entrypoint |
350-
| `npm run publish` | Build and publish from an allowed Cloudflare environment |
351-
| `npm run publish:demo` | Build and publish the demo Worker |
352-
| `npm run check` | Run typecheck + lint + format + i18n + tests + spec checks |
353-
| `npm run typecheck` | TypeScript type checking |
354-
| `npm run lint` / `lint:fix` | ESLint |
355-
| `npm run format` / `format:check` | Prettier |
356-
| `npm run check:i18n` | Validate translation key completeness |
357-
| `npm run db:migrate:local` | Local D1 migration |
358-
| `npm run db:migrate:cf` | Cloudflare D1 migration |
359-
| `npm run db:migration:create` | Create a new migration file |
360-
| `npm run ops:secret:main` | Set the `MAIN_SECRET` Worker secret |
361-
| `npm run ops:secret:bootstrap-admin-password` | Set the bootstrap admin password secret |
362-
| `npm run ops:tail` | View online Worker logs |
357+
| Command | Purpose |
358+
| --------------------------------------------- | ------------------------------------------------------------------ |
359+
| `npm run dev` | Local Worker + dashboard development (use `http://127.0.0.1:8787`) |
360+
| `npm run dev:ui` | Start only the Next.js UI dev server in Demo Mode |
361+
| `npm run preview:local` | Build with local resources and run Wrangler preview |
362+
| `npm run build` | Cloudflare managed build entrypoint |
363+
| `npm run build:local` | Local precheck + local D1 migration + build |
364+
| `npm run build:demo` | Demo build without resource bindings |
365+
| `npm run deploy` | Cloudflare managed deploy entrypoint |
366+
| `npm run publish` | Build and publish from an allowed Cloudflare environment |
367+
| `npm run publish:demo` | Build and publish the demo Worker |
368+
| `npm run check` | Run typecheck + lint + format + i18n + tests + spec checks |
369+
| `npm run typecheck` | TypeScript type checking |
370+
| `npm run lint` / `lint:fix` | ESLint |
371+
| `npm run format` / `format:check` | Prettier |
372+
| `npm run check:i18n` | Validate translation key completeness |
373+
| `npm run db:migrate:local` | Local D1 migration |
374+
| `npm run db:migrate:cf` | Cloudflare D1 migration |
375+
| `npm run db:migration:create` | Create a new migration file |
376+
| `npm run ops:secret:main` | Set the `MAIN_SECRET` Worker secret |
377+
| `npm run ops:secret:bootstrap-admin-password` | Set the bootstrap admin password secret |
378+
| `npm run ops:tail` | View online Worker logs |
363379

364380
---
365381

.github/readme/README.zh.md

Lines changed: 39 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -169,10 +169,27 @@ Cloudflare 会自动 Clone 这个仓库、创建并绑定所需要的资源。
169169
![056](/.github/screenshot/056.webp)
170170
![057](/.github/screenshot/057.webp)
171171

172+
### 多维度的机器人防护与观测系统
173+
174+
![058](/.github/screenshot/058.webp)
175+
![059](/.github/screenshot/059.webp)
176+
![060](/.github/screenshot/060.webp)
177+
![061](/.github/screenshot/061.webp)
178+
![062](/.github/screenshot/062.webp)
179+
172180
---
173181

174182
## 进阶配置
175183

184+
### 启用分析引擎来进行深度分析
185+
186+
InsightFlare 中包含的部分可选的附加功能,例如机器人流量检测等,将会使用 Cloudflare Analytics Engine 来进行额外的增强分析,以尽量避免影响主数据库。
187+
188+
但是,这需要您手动开启 Analytics Engine。您只需要前往 [Cloudflare Dashboard](
189+
https://dash.cloudflare.com/?to=/:account/workers/analytics-engine) 并点击右侧的“启用”按钮即可。之后部署 InsightFlare 时,系统会自动将 Analytics Engine 与您的 Cloudflare 账户绑定。
190+
191+
这样,InsightFlare 就可以向 Analytics Engine 写入数据。但是,Analytics Engine 需要一个 API Token 才能读取数据集。请在系统设置中填写 Cloudflare Account ID 和具备“账户分析”读取权限的 API Token,详见 InsightFlare 后台的设置页面的“教程”按钮。
192+
176193
### 接入 AI Agents 进行分析
177194

178195
我们开放了用于 AI Agents 的 Skills,您可以选择将 InsightFlare 接入您的 Agents,例如 OpenClaw、Codex、Claude Code 等, 让 Agents 能够直接访问 InsightFlare 的数据,进行分析和报告生成。
@@ -338,28 +355,28 @@ InsightFlare 的前端 SDK 支持以手动调用的方式上报自定义事件
338355

339356
## 常用命令
340357

341-
| 命令 | 用途 |
342-
| --------------------------------- | ------------------------------------------------------------ |
343-
| `npm run dev` | 本地开发 Worker + 仪表板(使用 `http://127.0.0.1:8787`|
344-
| `npm run dev:ui` | 以 Demo 模式仅启动 Next.js UI 开发服务器 |
345-
| `npm run preview:local` | 使用本地资源构建并启动 Wrangler 预览 |
346-
| `npm run build` | Cloudflare 托管构建入口 |
347-
| `npm run build:local` | 本地预检 + 本地 D1 迁移 + 构建 |
348-
| `npm run build:demo` | 无资源绑定的 Demo 构建 |
349-
| `npm run deploy` | Cloudflare 托管部署入口 |
350-
| `npm run publish` | 在允许的 Cloudflare 环境中构建并主动发布 |
351-
| `npm run publish:demo` | 构建并发布 Demo Worker |
352-
| `npm run check` | 一键执行 typecheck + lint + format + i18n + test + spec 校验 |
353-
| `npm run typecheck` | TypeScript 类型检查 |
354-
| `npm run lint` / `lint:fix` | ESLint |
355-
| `npm run format` / `format:check` | Prettier |
356-
| `npm run check:i18n` | 校验翻译键的完整性 |
357-
| `npm run db:migrate:local` | 本地 D1 迁移 |
358-
| `npm run db:migrate:cf` | Cloudflare D1 迁移 |
359-
| `npm run db:migration:create` | 新建迁移文件 |
360-
| `npm run ops:secret:main` | 设置 `MAIN_SECRET` Worker Secret |
361-
| `npm run ops:secret:bootstrap-admin-password` | 设置初始化管理员密码 Secret |
362-
| `npm run ops:tail` | 查看线上 Worker 日志 |
358+
| 命令 | 用途 |
359+
| --------------------------------------------- | ------------------------------------------------------------ |
360+
| `npm run dev` | 本地开发 Worker + 仪表板(使用 `http://127.0.0.1:8787`|
361+
| `npm run dev:ui` | 以 Demo 模式仅启动 Next.js UI 开发服务器 |
362+
| `npm run preview:local` | 使用本地资源构建并启动 Wrangler 预览 |
363+
| `npm run build` | Cloudflare 托管构建入口 |
364+
| `npm run build:local` | 本地预检 + 本地 D1 迁移 + 构建 |
365+
| `npm run build:demo` | 无资源绑定的 Demo 构建 |
366+
| `npm run deploy` | Cloudflare 托管部署入口 |
367+
| `npm run publish` | 在允许的 Cloudflare 环境中构建并主动发布 |
368+
| `npm run publish:demo` | 构建并发布 Demo Worker |
369+
| `npm run check` | 一键执行 typecheck + lint + format + i18n + test + spec 校验 |
370+
| `npm run typecheck` | TypeScript 类型检查 |
371+
| `npm run lint` / `lint:fix` | ESLint |
372+
| `npm run format` / `format:check` | Prettier |
373+
| `npm run check:i18n` | 校验翻译键的完整性 |
374+
| `npm run db:migrate:local` | 本地 D1 迁移 |
375+
| `npm run db:migrate:cf` | Cloudflare D1 迁移 |
376+
| `npm run db:migration:create` | 新建迁移文件 |
377+
| `npm run ops:secret:main` | 设置 `MAIN_SECRET` Worker Secret |
378+
| `npm run ops:secret:bootstrap-admin-password` | 设置初始化管理员密码 Secret |
379+
| `npm run ops:tail` | 查看线上 Worker 日志 |
363380

364381
---
365382

.github/screenshot/058.webp

64.7 KB
Loading

.github/screenshot/059.webp

88.3 KB
Loading

.github/screenshot/060.webp

77.4 KB
Loading

.github/screenshot/061.webp

95.5 KB
Loading

.github/screenshot/062.webp

59.2 KB
Loading

changelog/v0.5.0.md

Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,51 @@
1+
InsightFlare v0.5.0 moves operational visibility down to the request entry layer, building a more complete loop around bot protection, abnormal request diversion, and request observation.
2+
3+
This release focuses on "bot defense and observation." Sites can identify high-risk bot traffic at the collection entry point, divert it away from the normal analytics path, and use Cloudflare Analytics Engine to inspect bot requests, normal requests, abnormal ratios, source distribution, and recent request details. System administrators can also configure Analytics Engine read credentials in the management area, open the request observation page, and get clearer deployment and configuration feedback when Analytics Engine has not been enabled yet.
4+
5+
> Note: Starting with this update, InsightFlare uses Cloudflare Analytics Engine for additional enhanced analysis. You need to **enable Analytics Engine in the Cloudflare Dashboard first** before InsightFlare can use it.
6+
>
7+
> Open https://dash.cloudflare.com/?to=/:account/workers/analytics-engine and click the "Enable" button on the right. After that, InsightFlare will automatically bind Analytics Engine to your Cloudflare account during deployment.
8+
9+
## Highlights
10+
11+
- Added bot traffic diversion. The collection entry point now combines `isbot`, Cloudflare Bot Score, verified bot categories, ASN classification, and request characteristics to identify bot requests and separate high-confidence bot traffic from the normal analytics path.
12+
- Added signed collect tokens. The tracking script and collection endpoint now use signed tokens for stronger validation, reducing the risk of third parties forging collection requests directly.
13+
- Added a request observation page. Administrators can inspect total request volume, bot request ratio, the normal collection path, abnormal request trends, Bot Score buckets, verified bot categories, ASN types, and recent request details.
14+
- Added Analytics Engine system settings. Administrators can configure the Cloudflare Account ID and API Token used to read the bot and normal request datasets in Analytics Engine.
15+
- Added normal request Analytics Engine records. In addition to bot requests, normal collection requests are written to a separate dataset, making it easier to compare diverted requests with requests that entered the product analytics path.
16+
- Improved the bot request detail drawer by preserving geographic coordinates, request context, identification reasons, and trace information, making false positives, crawler sources, and abnormal access patterns easier to investigate.
17+
- Improved the Analytics Engine deployment experience. When Analytics Engine is not enabled on a Cloudflare account, the publish flow can fall back to a configuration without the binding and show clear hints in system settings and request observation.
18+
- Added Japanese UI support and continued improving Chinese, English, and Japanese copy so the management area, request observation, and system settings pages feel more consistent across languages.
19+
20+
## Changes Since v0.4.0
21+
22+
- Added `request-observation` entry protection logic covering User-Agent, Cloudflare Bot Management fields, ASN risk tiers, and verified bot information.
23+
- Added collect token generation, verification, and script-side injection so collection requests carry short-lived validation information issued by the server.
24+
- Changed collection endpoint behavior: bot requests are now written to the bot Analytics Engine dataset and no longer continue into the normal visit ingestion flow.
25+
- Added normal request Analytics Engine writes so the request observation page can compare the normal request path with abnormal diversion.
26+
- Added a request observation management page and connected it to the root management navigation, allowing system administrators to inspect request entry status from the global management area.
27+
- Added request observation demo data and page mocks so Demo Mode can show bot requests, normal requests, and abnormal request trends.
28+
- Added the Bot Analytics configuration model, validation, sensitive field redaction, and management APIs.
29+
- Improved the system settings structure with Analytics Engine configuration, guide dialogs, disabled-state hints, and save/delete feedback.
30+
- Optimized Analytics Engine query windows, time buckets, and compatibility handling to reduce offset and empty-window issues across time ranges.
31+
- Improved dashboard floating layers, drawers, tables, and export adapters to reduce click-through, layout shifting, and inconsistent complex table behavior.
32+
- Added a runtime configuration error page and strengthened root runtime secret requirements, making missing critical deployment configuration fail with clearer reasons.
33+
- Improved geo map loading, coordinate preservation, and geo table row height, making request details and map-related views more stable.
34+
- Standardized build, preview, deploy, publish, and operations scripts, reducing differences across the Cloudflare Worker lifecycle commands.
35+
36+
## Developer Experience
37+
38+
- Added `scripts/build.ts`, `scripts/deploy.ts`, `scripts/publish.ts`, `scripts/preview.ts`, and `scripts/ops.ts` as unified entry points for build, publish, preview, and operations workflows.
39+
- Refactored the Cloudflare build flow, replacing the old `scripts/cf-build.ts` and centralizing target environments, database bindings, and deployment parameters.
40+
- Added Analytics Engine availability detection and wrangler configuration override tests covering root and multi-environment deployment scenarios.
41+
- Expanded test coverage for bot protection, collect tokens, request observation, Bot Analytics management APIs, Analytics Engine writes, and request observation mocks.
42+
- Improved i18n checks, message generation, and unused copy pruning, and added type and copy coverage for the Japanese locale.
43+
- Adjusted Vitest and test helper configuration to improve stability for edge runtime, management API, and dashboard component tests.
44+
45+
## Upgrade Notes
46+
47+
- To enable request observation, first enable Analytics Engine in Cloudflare Workers & Pages, then redeploy InsightFlare so the bot and normal request datasets are bound.
48+
- After enabling Analytics Engine, enter your Cloudflare Account ID and an API Token with Analytics Engine read permission in system settings.
49+
- If Analytics Engine is not enabled on the current Cloudflare account, the app can still deploy and run, but request observation and Bot Analytics pages will show a setup-required or enable-required state.
50+
- This release strengthens collection entry security. Custom integrations that call `/collect` directly should use the latest tracking script or otherwise become compatible with the new signed collect token flow.
51+
- Make sure the deployment environment has a sufficiently strong `MAIN_SECRET` configured. Deployments without the root runtime secret are explicitly rejected to avoid unsafe default secrets.

0 commit comments

Comments
 (0)