Stream D: Cloudflare usage monitor

[khaliqgant]

Summary

Cloudflare spend/usage monitor for the relayfile-cloud migration. Watches D1 rows read/written, R2 storage costs, queue throughput, and Worker error rates via the relayfile VFS usage feeds, posting Slack alerts when thresholds are exceeded.

Files

• cloudflare-monitor/persona.ts — definePersona with Cloudflare integration scope (5 usage feeds) + Slack, 4 configurable thresholds
• cloudflare-monitor/agent.ts — defineAgent with 2h cron sweep, fingerprint-deduped Slack alerts, memory persistence, inbox chat Q&A
• cloudflare-monitor/README.md — wiring diagram, signal descriptions, data source table

Design decisions

• No dead triggers: All 5 per-operation runtime error triggers (d1.query_failed, r2.operation_failed, etc.) dropped — no analytics dataset backs them. Only usage-threshold signals kept, per migration-lead direction.
• API-first: Agent reads only the Relayfile VFS mounts materialized by Nango syncs — no Cloudflare API token in the agent.
• Fingerprint dedup: Re-alerts only when signal values change, preventing Slack noise.
• Follows neon-monitor pattern in the same repo.

Verification

• tsc --noEmit passes clean
• Self-review completed — no issues found

Closes Stream D (monitor half). Usage sync PR in cloud repo follows.

---

Summary by cubic

Adds a Cloudflare usage monitor for the relayfile-cloud migration (Stream D) that reads VFS usage feeds and sends deduped Slack alerts when thresholds are exceeded. Fixes cron tick handling, wires inbox Q&A, and improves fingerprinting/logging for reliable, low-noise alerts.

• New Features

  • cloudflare-monitor/persona.ts: Persona with Cloudflare VFS scopes and Slack; inputs for SLACK_CHANNEL and thresholds; inbox Q&A.
  • cloudflare-monitor/agent.ts: 2-hour cron scan (cron gate fixed via isCronTickEvent), fingerprint-deduped Slack alerts (now include R2 Class A ops/egress and Worker requests), logs feed-read failures, memory persistence; no Cloudflare API token required.
  • Thresholds (defaults): D1 read 1,000,000; D1 written 100,000; R2 storage 100 GB; R2 Class A ops 1,000,000; R2 egress 100 GB; Queue unacked 1,000; Queue retries 100; Worker error rate 5%. Slack messages truncate to top 5 with “+N more”.

• Migration

  • Set SLACK_CHANNEL (required). Optionally override threshold inputs.
  • Ensure Nango syncs populate /cloudflare/{d1,r2,queues,workers}/usage/** mounts.
  • Deploy; cron 0 */2 * * * runs the scan and posts alerts.

^{Written for commit 80ae0a8. Summary will update on new commits.}

[gemini-code-assist]

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds a new cloudflare-monitor agent consisting of persona.ts (identity, Cloudflare/Slack integrations, threshold inputs, memory/harness wiring), agent.ts (cron-driven scan that reads VFS usage mounts, evaluates thresholds, deduplicates via fingerprint, and posts Slack alerts), and README.md (documentation and architecture diagram).

Changes

Cloudflare Monitor Agent

Layer / File(s)	Summary
Persona wiring and documentation cloudflare-monitor/persona.ts, cloudflare-monitor/README.md	Defines the cloudflare-monitor persona with Cloudflare and Slack integration scopes, environment-driven threshold inputs (D1 rows read/written, R2 storage GB, queue unacked), harness/memory settings, and onEvent: './agent.ts' wiring. README documents agent behavior, alert signals, configuration, Nango sync sources, and an architecture diagram.
Data models, thresholds, and agent entry point cloudflare-monitor/agent.ts (lines 1–82)	Exports typed interfaces D1Usage, R2Usage, QueueUsage, WorkerUsage plus internal AlertSignals/MonitorMemory shapes. Declares fixed threshold constants per category. Exports the cloudflare-scan scheduled agent that routes cron ticks to handleScan.
Scan orchestration and helper utilities cloudflare-monitor/agent.ts (lines 83–274)	handleScan reads Slack channel input, calls evaluateSignals, short-circuits on no alerts, deduplicates via fingerprint, posts to Slack, throws on missing ts receipt, and persists state. readCollection normalizes VFS JSON into arrays; input resolves env-driven config; loadMemory/saveMemory guard workspace persistence with try/catch.
Signal evaluation, alert formatting, and fingerprinting cloudflare-monitor/agent.ts (lines 128–237)	evaluateSignals concurrently reads all four VFS collections and filters items exceeding thresholds, computing per-script worker error rate. formatAlertMessage builds a Slack message with per-category sections capped at 5 entries. buildFingerprint produces a deterministic sorted string from triggered item identifiers.

Sequence Diagram(s)

sequenceDiagram
  participant Cron as Cron (every 2h)
  participant Agent as cloudflare-scan agent
  participant VFS as Cloudflare VFS Mount
  participant Memory as Workspace Memory
  participant Slack as Slack Integration

  Cron->>Agent: cron tick
  Agent->>VFS: readCollection(D1 / R2 / queues / workers)
  VFS-->>Agent: usage arrays

  alt no thresholds exceeded
    Agent-->>Cron: log "scan-clean", exit
  else alerts found
    Agent->>Memory: loadMemory → lastFingerprint
    Memory-->>Agent: MonitorMemory

    alt fingerprint unchanged
      Agent-->>Cron: log "unchanged", suppress
    else new fingerprint
      Agent->>Slack: postMessage(formatAlertMessage)
      Slack-->>Agent: ts receipt
      Agent->>Memory: saveMemory(newFingerprint, timestamp)
    end
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• AgentWorkforce/agents#53: Both PRs implement Slack-writing agents that guard delivery by requiring a non-empty ts receipt from the Slack writeback and throw when it is absent.

Poem

🐇 Hop, hop, the cron ticks away,
I sniff each VFS mount for data each day.
D1 rows and R2 bytes, queues in a haze,
A fingerprint saved so I don't re-amaze.
If thresholds are breached, to Slack I will say—
Then nap in my warren 'til the next two-hour relay! 🌩️

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Stream D: Cloudflare usage monitor' clearly and concisely summarizes the main change: introducing a Cloudflare usage monitoring agent for the relayfile-cloud migration, which is the primary purpose of the entire changeset.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description check	✅ Passed	The pull request description clearly explains the Cloudflare monitor implementation, its purpose, components, design decisions, and verification status.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch cost/stream-d-monitor

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 7525514db1

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Let scheduled ticks reach the scan handler

In this repo's cron event path, scripts/evals/run-evals.mjs:85-90 builds cron envelopes with name and cron, not schedule, and the existing scheduled agents only gate on isCronTickEvent. With a cloudflare-scan tick shaped like { type: 'cron.tick', name: 'cloudflare-scan', cron: '0 */2 * * *' }, this condition is false and this cron-only monitor never calls handleScan, so no Cloudflare usage alerts are sent.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Honor configurable alert thresholds

The persona exposes D1_ROWS_READ_THRESHOLD, D1_ROWS_WRITTEN_THRESHOLD, R2_STORAGE_GB_THRESHOLD, and QUEUE_UNACKED_THRESHOLD as deployment inputs, but the scan uses these module-level constants and handleScan never reads those inputs before calling evaluateSignals. In deployments that raise a D1/R2 budget or lower queue backlog sensitivity, alerts still fire or suppress at the hard-coded defaults, making the advertised configurable thresholds ineffective.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Handle relay inbox messages

The persona enables relay: { inbox: ['@self'] } and the README/description advertise chat Q&A, but this handler only handles cron ticks. When a user DMs the agent, the event is not a cron tick and falls through without loading usage data, calling ctx.llm.complete, or posting a Slack reply, so the advertised inbox path is dead.

Useful? React with 👍 / 👎.

[coderabbitai]

Actionable comments posted: 8

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@cloudflare-monitor/agent.ts`:
- Around line 74-81: The threshold constants D1_ROWS_READ_THRESHOLD,
D1_ROWS_WRITTEN_THRESHOLD, R2_STORAGE_THRESHOLD, R2_CLASSA_OPS_THRESHOLD,
R2_EGRESS_THRESHOLD, QUEUE_UNACKED_THRESHOLD, QUEUE_RETRY_THRESHOLD, and
WORKER_ERROR_RATE_THRESHOLD are hardcoded in the constant declarations at lines
74-81 and their usage locations at lines 139-161, which prevents the thresholds
configured in persona.ts from being applied. Replace these hardcoded constant
declarations with references to the corresponding persona object properties,
ensuring that the actual threshold values from the persona configuration are
used throughout the signal evaluation logic.
- Around line 251-253: The catch block around line 251-253 is silently returning
an empty array without logging the error, which masks data-source failures and
outages. Add error logging in the catch block before returning the empty array.
Log the actual error with a descriptive message that indicates a read failure
occurred, so failures are properly captured in logs and visible for debugging
instead of being silently converted to false clean scans.
- Around line 209-223: The queue backlogs and queue retries sections truncate
their output to 5 items using .slice(0, 5) but do not indicate when additional
items are hidden. After each for loop for signals.queueBacklogs and
signals.queueRetries, add a check to see if the original array length exceeds 5,
and if so, append an overflow message like "…and N more" where N is calculated
as the total length minus 5. This ensures users are aware when there are more
alerts beyond the top 5 displayed.
- Around line 231-233: The fingerprint calculation for signals is missing
critical metric values that are needed to properly distinguish between different
alert states. In the highR2Usage map operation, add the missing
class_a_operations and egress_bytes values to the fingerprint string alongside
bucket_name and storage_bytes. In the highWorkerErrors map operation, add the
missing requests value to the fingerprint string alongside script_name and
errors. These omitted values can cause materially different alerts to generate
identical fingerprints, resulting in false "unchanged" suppression.
- Around line 66-71: The handler in the agent currently only processes cron tick
events but the persona advertises inbox as a supported relay type, creating a
mismatch where inbox messages are silently ignored. Either add a chat handler
for inbox messages by checking for relay cast message events using
isRelaycastMessageEvent, then dispatching those messages to handleInboxChat with
ctx.llm.complete to enable Q&A functionality, or remove the inbox relay
declaration from the persona configuration if chat/Q&A support is not intended.
- Line 67: The condition in the if statement checking `event.schedule` is
referencing a property that does not exist in the event object from the
`@agentworkforce/runtime`. Replace the `event.schedule === '0 */2 * * *'` check
with either a check on `event.name` (if you need to discriminate between
specific schedules) or remove the schedule check entirely and keep only
`isCronTickEvent(event)` to match the pattern used in other agents. The event
object provides `event.name` for the schedule name and `event.cron` for the cron
expression, not `event.schedule`.

In `@cloudflare-monitor/README.md`:
- Line 16: The migration note in the README.md contains awkward phrasing on the
line mentioning "needs cost/usage monitoring that alerts on spend". Replace this
nonstandard phrasing with clearer, more conventional language that better
communicates the monitoring requirement without ambiguity. Consider rephrasing
to use more standard technical documentation language that clearly conveys the
need for cost and usage monitoring with spend alerts.
- Line 77: The fenced code block in the README.md file is missing a language tag
specification. Locate the opening triple backticks (```) of the code block that
closes at line 77 and add a language identifier after them, such as ```text or
another appropriate language, to satisfy markdown linting requirements and
ensure consistent rendering.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: d46795b9-b247-4a69-bb16-6403f3d97a99

📥 Commits

Reviewing files that changed from the base of the PR and between bdf8915 and 7525514.

📒 Files selected for processing (3)

• cloudflare-monitor/README.md
• cloudflare-monitor/agent.ts
• cloudflare-monitor/persona.ts

[agent-relay-code]

Review: PR #82 — Cloudflare usage monitor (Stream D)

Summary

PR #82 adds a new isolated agent in cloudflare-monitor/ (README.md, agent.ts, persona.ts). It's a notification-only Cloudflare usage monitor closely modeled on neon-monitor/. It reads VFS usage feeds and posts Slack alerts; it never mutates Cloudflare resources. No code outside the new directory is touched.

Verification performed

• Typecheck (CI canonical tsc --noEmit): passes clean with the PR in place.
• Test suite (npm test): 125 tests, 111 pass, 14 fail. I confirmed all 14 failures are pre-existing and environmental — they occur in daytona-monitor, gcp-watcher, hn-monitor, and neon-monitor tests with "Slack draft was not written" / channel-id mismatch errors from the sandbox's relayfile SDK mock. I re-ran tests/neon-monitor-agent.test.mjs with cloudflare-monitor/ removed entirely and it still fails identically, proving this PR does not cause them.
• Scope-mount guard (persona-integration-scopes.test.mjs): passes — cloudflare-monitor's slack scope (/slack/channels/**) correctly satisfies the writeback-needs-scope invariant for its slackClient().post() call.
• Cron guard correctness: verified event.schedule is populated with the cron expression (to-agent-event.js:40: env.cron ? env.cron : env.name), so the event.schedule === '0 */2 * * *' check in agent.ts:171 matches correctly. Not a bug.

I made no file edits — no mechanical issues (lint/format/typo/import-order) were found, and the substantive items below require human judgment.

Findings (review comments — not auto-fixed, behavioral)

1. Inbox/chat path is documented and configured but not implemented. README.md ("## Chat path") and persona.ts (relay: { inbox: ['@self'] }, useSubscription: true, a chat systemPrompt, and a workers non-usage scope) all describe answering questions via ctx.llm.complete(). But the agent.ts handler (agent.ts:170-175) only handles isCronTickEvent; there is no isRelaycastMessageEvent branch (compare neon-monitor/agent.ts:140-143). Inbox messages are silently dropped. Either implement the chat handler or trim the README/persona claims so the agent doesn't advertise a capability it lacks. Recommend a human decide which direction to take.

2. Configurable thresholds are dead config. persona.ts exposes inputs D1_ROWS_READ_THRESHOLD, D1_ROWS_WRITTEN_THRESHOLD, R2_STORAGE_GB_THRESHOLD, QUEUE_UNACKED_THRESHOLD (with defaults), and the README "Inputs" table documents them as tunable. But agent.ts uses hardcoded module constants (agent.ts:178-185) and only ever reads SLACK_CHANNEL through input(). The documented thresholds have no effect at runtime. neon-monitor reads its thresholds via input(ctx, 'FAILED_OPS_THRESHOLD'). Either wire the inputs through (note R2_STORAGE_GB_THRESHOLD is in GB while the constant R2_STORAGE_THRESHOLD is in bytes — a conversion is needed) or remove the unused inputs. This is a behavior decision for the author.

3. No unit test for the new agent. Every other monitor agent has a tests/*-agent.test.mjs. Adding one is a human decision (I will not add tests myself); flagging that the new signal-evaluation/fingerprint logic ships untested.

Advisory Notes

• The 14 pre-existing test failures (daytona-monitor, gcp-watcher, hn-monitor, neon-monitor) are unrelated to this PR and appear to be sandbox/mock-environment issues. They are out of scope for PR Stream D: Cloudflare usage monitor #82 and should not be folded into it.

Addressed comments

• No existing bot or human review comments were found for PR Stream D: Cloudflare usage monitor #82 (no review/comment artifacts in .workforce/ or the mirrored PR state; .relay/state.json contains only sync state). Nothing to reconcile.

The PR is functionally sound and type-clean, but findings #1 and #2 are genuine doc/behavior mismatches that need an author decision before merge, and the 14 CI test failures (pre-existing, unrelated) mean CI is not green. I am not printing READY.

[khaliqgant]

Addressed review feedback in 80ae0a8:

• Cron never fired (P1/Critical): handler gated on event.schedule which this runtime never sets (cron envelopes carry name/cron). Now gates on isCronTickEvent(event) alone, matching neon-monitor/joke-bot.
• Thresholds ignored (P2/Major): D1_ROWS_READ/WRITTEN_THRESHOLD, R2_STORAGE_GB_THRESHOLD (GB→bytes), and QUEUE_UNACKED_THRESHOLD inputs are now read via a numberInput helper and threaded into evaluateSignals (falling back to the prior constants as defaults).
• Dead inbox path (P2/Major): implemented handleInboxChat — dispatches on isRelaycastMessageEvent, loads the Cloudflare usage VFS collections, calls ctx.llm.complete, and posts the reply to Slack (persona already had useSubscription: true).
• Fingerprint false-unchanged (Major): now includes R2 class_a_operations/egress_bytes and Worker requests so a worsening condition re-alerts.
• Swallowed read errors (Major): the usage-collection reader now logs the failure via ctx.log before returning empty.
• Queue overflow (Minor): queue backlog/retry sections append … and N more after the top-5 truncation.
• README (Minor): fixed awkward phrasing and added a text language tag to the fenced diagram.

Validation: persona compile succeeds; tsc --noEmit reports no new errors referencing cloudflare-monitor/ (only the known unrelated @relayfile/* dts errors remain). No eval cases exist for this agent, so evals were skipped.

[agent-relay-code]

ℹ️ pr-reviewer: review only — no file changes were applied to the PR (nothing to commit after review). The notes below are advisory and were not pushed.

Review: PR #82 — Cloudflare usage monitor (Stream D)

Summary

This PR adds a new self-contained cloudflare-monitor agent (README, agent.ts, persona.ts) that watches Cloudflare D1/R2/Queue/Worker usage via relayfile VFS mounts and posts Slack alerts when thresholds are exceeded, plus a relay-inbox Q&A chat path. It's a notification-only agent built on the established neon-monitor pattern. No other files in the repo reference these new files, so there is no downstream caller impact.

Verification (the way CI runs it)

• Installed deps with npm ci.
• npx tsc --noEmit (canonical typecheck) — passes, exit 0. Both persona.ts and agent.ts are in the tsconfig include.
• npm test (tsc build + node --test tests/*.test.mjs) — 125 tests, 111 pass / 14 fail.
  • The 14 failures are pre-existing and unrelated to this PR. I ran the identical suite on the base SHA (bdf8915, before this PR) in a separate worktree: it produces the same 14 failures (identical test names; only the ms timings differ). The failures are in daytona-monitor, gcp-watcher, hn-monitor, and neon-monitor tests — all caused by the Slack writeback mock not resolving in this sandbox (e.g. "Slack draft was not written", channel C0ALQ06AAUT vs C123). cloudflare-monitor has no test file, so it adds neither pass nor fail.
  • Per instructions, I did not modify or weaken any test to mask these — they are environmental, not PR-induced.
• Verified every import against the installed packages: defineAgent, isCronTickEvent, isRelaycastMessageEvent, readJsonFile, resolveMountRoot, WorkforceCtx, AgentEvent all exported from @agentworkforce/runtime; slackClient from @relayfile/relay-helpers. ctx.llm.complete(prompt, opts?) and ctx.persona.inputSpecs/inputs shapes match usage.

Addressed comments

• Prior PR review (commit 80ae0a8 "address PR review") — The earlier reviewer feedback (cron gating on a non-existent event.schedule, unhonored configurable thresholds, missing inbox chat handler, fingerprint not including R2/Worker delta fields, silent read failures, missing "+N more" truncation, README phrasing) was already fixed in the head commit. I validated each against the current checkout: handler gates on isCronTickEvent (agent.ts:181); thresholds threaded via numberInput/resolveThresholds (agent.ts:205-219); handleInboxChat implemented (agent.ts:405-455); fingerprint includes class_a_operations/egress_bytes/requests (agent.ts:373-388); readCollection logs on failure (agent.ts:469-478); queue sections append "+N more" (agent.ts:354-356, 365-367). All confirmed present — nothing stale to re-fix.
• No bot or human review comments were present in the supplied PR metadata (.workforce/context.json has none, and no comment file was provided), so there are no other threads to account for.

Advisory Notes

These are minor observations; none are blockers and none were changed (the first is a doc/data-semantics nuance, the others are non-defects matching the established pattern — out of scope for a mechanical edit):

• README "24h window" wording vs. raw comparison: The README and input descriptions describe thresholds as "in a 24h window," but evaluateSignals compares the raw rows_read/rows_written/etc. values straight from the usage feed (agent.ts:278-300). Windowing is the upstream Nango sync's responsibility, so this is accurate only if those feeds already emit 24h-windowed figures. Worth a human confirming the cloudflare-relay syncs window the data; if they don't, the doc wording is misleading. No code change made.
• Zero/negative threshold inputs: numberInput accepts any finite number, so a misconfigured 0 threshold would make everything alert (agent.ts:205-209). This mirrors neon-monitor's trust-the-input behavior, so it's consistent with the codebase, not a regression.
• harnessSettings.timeoutSeconds: 120 is lower than neon-monitor's 1600, but the chat path uses ctx.llm.complete() directly rather than the harness, so it's adequate for this agent's use.

Safety check

No fail-closed → fail-open changes, no lifecycle/reaper/dispatch code, no guard-default edits. The agent correctly throws on empty Slack receipt ts (treating delivery as failed) on both the scan and chat paths (agent.ts:259, 453), preserving fail-closed delivery semantics. I left all of this untouched.

Disposition

No file edits were needed or made — the working tree is clean. typecheck passes; the PR is self-contained with no downstream breakage. The only failing CI signal (the unit suite) fails identically on the base branch for sandbox-environment reasons unrelated to this change, so I cannot assert all required checks are green from here. Because I cannot confirm every required CI check is passing (the test suite is red in this environment, pre-existing though it is), I am not printing READY — a human should confirm CI status and the advisory note on windowing before merge.