Priority: HIGH — reliability/security.
A CF token missing Account Analytics:Read returns 10000 Authentication error, which cfGraphQLSafe swallows → the entire CF half reads empty and the operator believes they're protected. We were blind for an unknown period without noticing (only GCP worked).
Fixes:
- Surface a prominent
analyticsAuth: "FAILING" status on the health//spend endpoint instead of silently returning zeros.
- Document the EXACT token scopes: Account Analytics:Read (monitoring) + Workers Scripts:Edit + Workers Routes:Edit (auto-disconnect).
From FEEDBACK-from-divinci-deployment.md — real-world findings from the Divinci self-hosted deployment, 2026-06-17.
Priority: HIGH — reliability/security.
A CF token missing
Account Analytics:Readreturns10000 Authentication error, whichcfGraphQLSafeswallows → the entire CF half reads empty and the operator believes they're protected. We were blind for an unknown period without noticing (only GCP worked).Fixes:
analyticsAuth: "FAILING"status on the health//spendendpoint instead of silently returning zeros.From
FEEDBACK-from-divinci-deployment.md— real-world findings from the Divinci self-hosted deployment, 2026-06-17.