What we shipped on 2026-06-16
We shipped version 0.81 today, but the most satisfying work was patching a blind spot in our analytics worker rather than just rolling features out of v80 (PR #1645). The beacon Worker had been accepting POST requests from any Origin without rate limiting–anyone who knew the URL could loop curl commands to skew topic selection data and burn Analytics Engine quota. We closed that vector with security(beacon): origin allowlist + per-ip ratelimit (.73) by layering two checks: first, a browser-origin check against our comma-separated env var (ALLOWED_ORIGINS, returning 403 on mismatch to stop drive-bys); second, falling back for non-browser clients via Workers bindings at sixty requests/minute/IP keyed off CF-Connecting_IP.
Beyond that security win (.73), we stabilized the backup chain. We addressed a few small inconsistencies in _age_of_event: specifically casting asyncpg Decimal→float and passing AWS_DEFAULT_REGION explicitly to restic so it works for non-us-east buckets.
We’re still tuning where exactly those rate-limit binding values live, but with Origin validation on board (.73), we have data integrity back.
Auto-compiled by Poindexter from today’s commits and PRs. See the work: github.com/Glad-Labs/poindexter.
