The Security section
Turning auth, gate, and rate-limit signals into a Security dashboard — failed logins, denied authorizations, and HTTP 429s in one place.
The watchers from the last few days produce data. This post is where that data becomes a view: a new Security section in the dashboard.
Security signals are scattered by nature — a failed login here, a denied permission there, a rate-limit trip somewhere else. Individually they're trivia. Together they're a picture: someone's poking at your app. The Security section assembles that picture.
What's in it
- Overview — the headline: authentication failures and failure rate, at a glance. The "is something happening right now?" card.
- Authentication — the login/logout/failure timeline from the auth watcher. Bursts of failures from one IP or one account jump out.
- Gates — authorization checks. Every
deniedis a record of someone (or something) trying to do what they shouldn't. A rising denied rate on a specific ability is a signal. - Rate limits — HTTP 429s, derived from request traces. Who's getting throttled, and on which endpoints.
Trace-based, not another table
The rate-limits view is interesting because it has no dedicated ingest. It reads existing request trace spans and counts the 429 status codes — json_extract(data, '$."http.status_code"'), which works the same on SQLite and MySQL. No new table, no new SDK work: the data was already arriving, I just had to ask the right question of it. A lot of the best watchers are like this — a new lens on data you already have.
The point
The platform isn't just "errors" anymore. With one section it tells a security story, and it does it from signals that were already flowing. Next: a service dependency map.