Version Updates

Review published InsightFlare releases and the running build.

Current version

v0.5.0

Latest release

v0.5.0

Current commit

115b4263c2c7

Releases

5

v0.5.0

StableCurrent version
Published: Jul 07, 2026, 03:15 PMAuthor: github-actions[bot]Commit: 67aecdc145fc
Open release
Release notes
InsightFlare v0.5.0 moves operational visibility down to the request entry layer, building a more complete loop around bot protection, abnormal request diversion, and request observation. This release focuses on "bot defense and observation." Sites can identify high-risk bot traffic at the collection entry point, divert it away from the normal analytics path, and use Cloudflare Analytics Engine to inspect bot requests, normal requests, abnormal ratios, source distribution, and recent request details. System administrators can also configure Analytics Engine read credentials in the management area, open the request observation page, and get clearer deployment and configuration feedback when Analytics Engine has not been enabled yet. > Note: Starting with this update, InsightFlare uses Cloudflare Analytics Engine for additional enhanced analysis. You need to **enable Analytics Engine in the Cloudflare Dashboard first** before InsightFlare can use it. > > Open https://dash.cloudflare.com/?to=/:account/workers/analytics-engine and click the "Enable" button on the right. After that, InsightFlare will automatically bind Analytics Engine to your Cloudflare account during deployment. ## Highlights - Added bot traffic diversion. The collection entry point now combines `isbot`, Cloudflare Bot Score, verified bot categories, ASN classification, and request characteristics to identify bot requests and separate high-confidence bot traffic from the normal analytics path. - Added signed collect tokens. The tracking script and collection endpoint now use signed tokens for stronger validation, reducing the risk of third parties forging collection requests directly. - Added a request observation page. Administrators can inspect total request volume, bot request ratio, the normal collection path, abnormal request trends, Bot Score buckets, verified bot categories, ASN types, and recent request details. - Added Analytics Engine system settings. Administrators can configure the Cloudflare Account ID and API Token used to read the bot and normal request datasets in Analytics Engine. - Added normal request Analytics Engine records. In addition to bot requests, normal collection requests are written to a separate dataset, making it easier to compare diverted requests with requests that entered the product analytics path. - Improved the bot request detail drawer by preserving geographic coordinates, request context, identification reasons, and trace information, making false positives, crawler sources, and abnormal access patterns easier to investigate. - Improved the Analytics Engine deployment experience. When Analytics Engine is not enabled on a Cloudflare account, the publish flow can fall back to a configuration without the binding and show clear hints in system settings and request observation. - Added Japanese UI support and continued improving Chinese, English, and Japanese copy so the management area, request observation, and system settings pages feel more consistent across languages. ## Changes Since v0.4.0 - Added `request-observation` entry protection logic covering User-Agent, Cloudflare Bot Management fields, ASN risk tiers, and verified bot information. - Added collect token generation, verification, and script-side injection so collection requests carry short-lived validation information issued by the server. - Changed collection endpoint behavior: bot requests are now written to the bot Analytics Engine dataset and no longer continue into the normal visit ingestion flow. - Added normal request Analytics Engine writes so the request observation page can compare the normal request path with abnormal diversion. - Added a request observation management page and connected it to the root management navigation, allowing system administrators to inspect request entry status from the global management area. - Added request observation demo data and page mocks so Demo Mode can show bot requests, normal requests, and abnormal request trends. - Added the Bot Analytics configuration model, validation, sensitive field redaction, and management APIs. - Improved the system settings structure with Analytics Engine configuration, guide dialogs, disabled-state hints, and save/delete feedback. - Optimized Analytics Engine query windows, time buckets, and compatibility handling to reduce offset and empty-window issues across time ranges. - Improved dashboard floating layers, drawers, tables, and export adapters to reduce click-through, layout shifting, and inconsistent complex table behavior. - Added a runtime configuration error page and strengthened root runtime secret requirements, making missing critical deployment configuration fail with clearer reasons. - Improved geo map loading, coordinate preservation, and geo table row height, making request details and map-related views more stable. - Standardized build, preview, deploy, publish, and operations scripts, reducing differences across the Cloudflare Worker lifecycle commands. ## Developer Experience - Added `scripts/build.ts`, `scripts/deploy.ts`, `scripts/publish.ts`, `scripts/preview.ts`, and `scripts/ops.ts` as unified entry points for build, publish, preview, and operations workflows. - Refactored the Cloudflare build flow, replacing the old `scripts/cf-build.ts` and centralizing target environments, database bindings, and deployment parameters. - Added Analytics Engine availability detection and wrangler configuration override tests covering root and multi-environment deployment scenarios. - Expanded test coverage for bot protection, collect tokens, request observation, Bot Analytics management APIs, Analytics Engine writes, and request observation mocks. - Improved i18n checks, message generation, and unused copy pruning, and added type and copy coverage for the Japanese locale. - Adjusted Vitest and test helper configuration to improve stability for edge runtime, management API, and dashboard component tests. ## Upgrade Notes - To enable request observation, first enable Analytics Engine in Cloudflare Workers & Pages, then redeploy InsightFlare so the bot and normal request datasets are bound. - After enabling Analytics Engine, enter your Cloudflare Account ID and an API Token with Analytics Engine read permission in system settings. - If Analytics Engine is not enabled on the current Cloudflare account, the app can still deploy and run, but request observation and Bot Analytics pages will show a setup-required or enable-required state. - This release strengthens collection entry security. Custom integrations that call `/collect` directly should use the latest tracking script or otherwise become compatible with the new signed collect token flow. - Make sure the deployment environment has a sufficiently strong `MAIN_SECRET` configured. Deployments without the root runtime secret are explicitly rejected to avoid unsafe default secrets.

v0.4.0

Stable
Published: Jul 03, 2026, 08:46 AMAuthor: github-actions[bot]Commit: 93b2e55754e5
Open release
Release notes
InsightFlare v0.4.0 moves the product from viewing analytics data to actively monitoring, notifying, and managing operations. This release focuses on notification and operations management. Teams can configure notification rules for sites, receive localized notification emails, and inspect notification messages and diagnostics. System administrators also get more complete management surfaces for email, login security, teams, users, tasks, and system status. Account invitations, password resets, Turnstile login protection, and scheduled task reliability have also been strengthened. ## Highlights - Added a team notification system. Teams can configure event-based and report-based notification rules, then view the notification center, rule states, message history, and diagnostics from the dashboard. - Added localized notification emails. Notification content can be generated from the user's preferred language, with email previews, email UI components, Resend sending configuration, and test delivery support. - Added system-level notification email management. Administrators can configure sender details, a Resend API Key, reply-to address, and send test emails to verify the configuration. - Added Turnstile login protection. Administrators can manage login security settings from system settings and add captcha protection to public login entry points. - Added team invitation links and account action links. The system now supports invitation links, password reset links, account link inspection, and completion flows, reducing manual member creation and account recovery work for administrators. - Added global management and root dashboard layouts. System performance, system settings, teams, users, scheduled tasks, and version update pages have been moved out of the team context for clearer administration paths. - Improved scheduled task execution and health statistics. Scheduled task runs can be grouped, skipped tasks count as successful in health summaries, and cron batches are split to reduce pressure on a single run. - Improved dashboard interactions, including page transition animations, icons in titles and control areas, native scrollbars on Safari, sidebar transitions, member time display, and management page layout. ## Changes Since v0.3.0 - Added notification rules, notification messages, delivery states, email channels, and diagnostics covering rule creation, state tracking, message storage, email delivery, and failure feedback. - Added notification email preview pages and sample data, making it easier to inspect email content for different notification types before sending. - Hardened Resend email delivery with retries, network failure handling, redacted error summaries, and test email failure handling. - Added a preferred locale field for users, so notification workflows can generate messages using each user's preferred language. - Added account action token storage for team invitations, password resets, and account link flows. - Added Turnstile protection to the login flow and adjusted login behavior to avoid implicitly creating teams during sign-in. - Administrators can now generate password reset links and create teams through a system user, making account and team management friendlier for self-hosted operations. - Replaced direct member creation with invitation links for team member management, reducing accidental changes and inconsistent account states. - Added public account link pages plus inspection and completion APIs for invitation and password reset entry points. - Added a system settings page in the management area and improved the information structure for system performance, teams, users, scheduled tasks, and version updates. - Reorganized root dashboard and team layouts so site analytics, team features, and system administration have clearer navigation levels. - Added new client management views for the notification center, email previews, team notification settings, login security settings, and notification email settings. - Expanded Demo Mode with users, team invitations, notification email previews, and sample events to make the new features easier to try. - Allowed required Cloudflare scripts through CSP and improved edge API origin inference. ## Developer Experience - Added D1 migrations for notification rule messages, user preferred locale, notification rule state, and account action tokens. - Expanded test coverage for notifications, email configuration, email rendering, the Resend client, account links, invitation links, Turnstile, account tokens, and routing layers. - Improved notification-related test stability by reducing the impact of slow retry behavior in email network failure tests. - Updated test coverage for scheduled tasks, notification tasks, and report data modules to reduce regression risk in future rule and scheduling changes. - Removed old legacy admin/archive route adapter code and kept thinner Hono route entry points. - Adjusted build and prebuild scripts to improve configuration handling in Cloudflare build environments. ## Upgrade Notes - If notification emails are enabled, configure the Resend API Key and sender email in system settings, then use a test email to confirm the sending domain status. - If Turnstile login protection is enabled, prepare the site key and secret configuration in Cloudflare Turnstile first.

v0.3.0

Stable
Published: Jun 29, 2026, 09:38 AMAuthor: github-actions[bot]Commit: a6363286bb5e
Open release
Release notes
InsightFlare v0.3.0 makes analytics data easier to share, query, and reuse. This release focuses on completing the public sharing experience. Teams can enable public access links for sites, allowing external members to view core analytics dashboards without signing in. The API also gains more complete query capabilities, making it easier for AI Agents, automation scripts, and external systems to read site data, combine metrics, and generate reports. ## Highlights - Added a public sharing system. Sites can enable a public access slug and generate share links that can be copied and opened without authorization. - Added public shared dashboard pages where external visitors can browse core analytics views that do not expose specific visitor privacy, including Overview, Pages, Referrers, Campaigns, Retention, Geo, Devices, Browsers, and Performance. - The public links management page now shows public access status, public URLs, and domains for all sites, with actions to copy links or jump to site settings. - API v1 now supports more complete site analytics queries, including trends, breakdowns, cross-breakdowns, time comparisons, explore queries, retention cohorts, and Web Vitals performance data. - Added global `/api/v1/batch` requests, making it easier for clients and Agents to combine multiple API queries in one call. - Added README guidance for connecting AI Agents through `skills.json`, so Agents can connect to InsightFlare and read analytics data. - Improved caching for public sharing and dashboard queries, making public dashboards faster on repeated visits. - Improved dashboard navigation, time ranges, map points, and metric loading states for a more stable day-to-day analytics experience. - The favicon and LOGO now look sharper. ## Changes Since v0.2.0 - Upgraded the public links management page from a placeholder to a site list where users can view site domains, public URLs, enabled status, copy links, and jump to site settings. - Added a dedicated header, time range controls, analytics tabs, and mobile adaptation to public share pages, allowing external visitors to browse core data directly. - Changed dashboard site route slugs to be domain-based, and refreshed the dashboard sidebar after site creation to reduce cases where a new site exists but navigation has not updated. - Fixed current analytics tab loss when switching sites from the sidebar, and preserved the current analytics section across all site links. - Fixed day/week interval availability at range boundaries such as 7d, 90d, and 12m. - Fixed geo page queries that could fail to return point data, and aggregated geographic points by rounded coordinates to reduce response payload size. - Added a two-column medium-width layout for overview metric cards and stabilized metric loading heights to reduce page jumping. - Unified map loading states around the project Spinner component. - Synced public sharing, API contracts, OpenAPI, and skills discovery documentation to fix pre-release API shape inconsistencies. - Relaxed CSP connect-src and ESLint allowDefaultProject configuration to reduce local development and tooling false positives. - Fixed inconsistent loading animations in some components. ## Developer Experience - Added a standalone Cloudflare build script, `scripts/cf-build.ts`, to unify local, remote, demo, and CI build entry points. - Added `scripts/dev.ts`, `wrangler.dev.toml`, and `workers/dev-worker.js`, so local development now goes through the Worker by default. - Consolidated the `check` workflow into a TypeScript script covering typecheck, lint, format, i18n, tests, OpenAPI, and skills checks. - Migrated OpenAPI contract checks and ast-grep binding checks to TypeScript scripts, reducing Node/ESM script fragmentation. - Removed unused dependencies and environment variable configuration to reduce install size and deployment configuration noise. - Added a Public API Gate with clearer request entry points, preflight handling, and security boundaries for public API access. - Migrated private dashboard, public sharing, management, archive, API v1, health check, well-known, map tile, and tracking script entry points to the Hono routing layer. - Added a local Worker development flow. `npm run dev` now runs through the Worker + Dashboard path, closer to the Cloudflare deployment environment. - Expanded test coverage for Hono routes, edge adapters, Public API Gate, API v1 branches, routing compatibility layers, and cache behavior. - Kept legacy API routes as compatibility wrappers, with a route inventory and parity baseline to reduce regression risk during the Hono migration.

v0.2.0

Stable
Published: Jun 27, 2026, 11:19 AMAuthor: github-actions[bot]Commit: 1aa8f6c1ac37
Open release
Release notes
InsightFlare v0.2.0 expands the product from a dashboard-first analytics app into a more integration-ready analytics service with a documented API surface, API key authentication, and stronger request validation. This release focuses on making InsightFlare easier to connect with external tools and safer to expose programmatically. It introduces API key management, a versioned API contract, OpenAPI and agent discovery endpoints, and a more consistent API response model. ## Highlights - Added API key management, including scoped keys, API key authentication, and dashboard controls for creating and managing access. - Introduced the versioned `/api/v1` API surface with generated OpenAPI 3.1 documentation and request/response examples. - Added `.well-known` discovery endpoints for OpenAPI, agent skills, health, security, and account password-change metadata. - Added generated `skills.json` documentation so LLM and agent clients can understand the public API more easily. - Added stronger request validation through shared Zod schemas for analytics, realtime, site, team, funnel, tracker, and common API inputs. - Improved API response consistency with request IDs, timestamps, and a unified response envelope. - Added same-origin request validation and strengthened secret/session handling for safer deployments. - Added dashboard surfaces for API key management and clearer version update details. - Improved geography and realtime dashboard rendering by moving heavier map and realtime views into dedicated client-side stages. ## Changes Since v0.1.0 - Fixed API version reporting so it is read from `package.json` instead of being hardcoded. - Fixed `/api/v1` root route matching with an optional catch-all route. - Aligned generated OpenAPI metadata, schemas, examples, and endpoint behavior with the actual implementation. - Fixed mobile page scrolling behavior. - Fixed rollback secret handling so fallback values are applied correctly. - Replaced hardcoded locale checks with the i18n system. - Renamed the funnel route to `funnels` for consistency. - Removed unnecessary release-summary height restrictions. - Reduced worker bundle pressure by moving heavier dashboard experiences behind client-only islands. ## Developer Experience - Added scripts for generating OpenAPI and skills documentation. - Added an OpenAPI contract checker to catch documentation drift. - Added CI coverage thresholds and broadened test coverage across API v1, API keys, scheduled tasks, hourly rollups, realtime mocks, schemas, validation, and dashboard client data. - Added explicit Prettier defaults and stricter ESLint coverage for the codebase. - Added environment and prebuild checks for safer Cloudflare deployment flows.

v0.1.0

Stable
Published: Jun 25, 2026, 02:56 AMAuthor: github-actions[bot]Commit: 108a5f922b8c
Open release
Release notes
InsightFlare v0.1.0 is the first public release of the project. This initial version establishes the core analytics experience and brings the foundational analysis workflow to a highly usable state. Teams can already collect traffic data, inspect real-time activity, analyze pages, referrers, sessions, visitors, devices, browsers, geography, campaigns, events, funnels, retention, and performance signals from a unified dashboard. ## Highlights - Delivered the first complete InsightFlare analytics dashboard experience. - Added high-availability core analysis flows for traffic overview, realtime monitoring, page analytics, referrers, sessions, visitors, geography, device and browser breakdowns, campaign tracking, custom events, funnels, retention, and Web performance. - Included team, site, user, and system management surfaces required to operate the product. - Established the tracking script and ingestion pipeline for collecting analytics data. - Added the first version update surface for future release visibility. ## Notes This release is intended as the baseline for future versioned updates. Subsequent releases will build on this foundation with more automation, deeper analysis, and operational refinements.