Appearance

30-Day Uptime Heatmap & Drift Watch Hardening

Released: May 11, 2026

A status-page upgrade with daily uptime visibility, plus hardening across Drift Watch detection and auto-revert.

New

  • 30-day uptime heatmap. Each service on the public status page now shows a 30-cell heatmap of daily uptime. Hover a cell for the exact percentage and date. Gap-aware math counts missing per-minute probes as downtime, so the percentage tracks reality even across deploys and process restarts.
  • Event-loop based API health probe. API health on /api/status/metrics and /health is now derived from the API process's event-loop responsiveness (via monitorEventLoopDelay). Anything over 1 second of max lag in a probe interval is reported as an outage — directly measuring the property that determines whether user requests succeed.
  • Response-time percentiles on the status page. Per-request latencies feed an in-memory ring buffer; the Response Times card shows avg / p95 / p99 with nearest-rank percentile math.
  • IPv6 open-world ingress detection. Drift Watch auto-revert now detects security-group rules opened to ::/0 (IPv6) alongside 0.0.0.0/0 (IPv4). Both families are tracked independently so adding IPv6 open to an existing IPv4-open port is correctly classified as new.

Improved

  • Status page latency. /api/status/metrics fans out per-service uptime queries in parallel — total poll latency drops to roughly the slowest single service rather than the sum across services.
  • Drift Watch baseline acceptance clears stale severity counters so the watch's recorded severity reflects the post-acceptance baseline.
  • Drift Watch provider validation covers AWS, Azure, and GCP across single-create, bulk-create, and template-run paths.
  • Drift Watch handles port 0 correctly. ICMP type/code and protocol-0 wildcards are preserved as legitimate values during auto-revert keying.
  • Status page stays dark regardless of the dashboard theme toggle, matching status-page conventions.
  • Scheduled Jobs panel gated to localhost so internal cron job names are not exposed publicly. Gate is based on the TCP socket source IP (not the Host header), so it cannot be spoofed by a remote caller.

Security

  • Robust credential decryption in the Drift Watch runner for AWS and Azure — handles both encrypted and legacy plaintext credential storage without depending on a length / format heuristic.