Detection dashboard — 2026-06-12
Run type: on-demand dispatch (first-outsider-traffic day / beta-launch campaign) Run window: 2026-06-12 UTC, first invocation Catalog size: 14 rules (10 from 2026-06-04 + 4 new from this campaign) Active rules: 5 (DET-SIGNUP-001, DET-SIGNUP-002, DET-AUTH-003, DET-BETA-001, DET-BETA-002, DET-BETA-004) Dormant rules: 9 (all others — see prerequisites in campaign docs)
Rule status summary
| Rule ID | Name | State | Fired this run | Notes |
|---|---|---|---|---|
| DET-AUTH-001 | Passkey enumeration | dormant (P1) | No | Heroku drain not wired |
| DET-AUTH-002 | Session creation velocity | dormant (P1) | No | Heroku drain not wired |
| DET-AUTH-003 | RBAC denied burst | live | No | No RBAC denials observed |
| DET-SIGNUP-001 | Waitlist velocity per origin | live | No | No spikes observed pre-run |
| DET-SIGNUP-002 | Email pattern anomaly | live | No | No pattern anomalies observed |
| DET-DATA-001 | Audit log gap window | dormant (P4) | No | No real-customer baseline yet |
| DET-DATA-002 | Audit log hash chain break | dormant (P3) | No | KMS chain not wired |
| DET-OPS-001 | Sentry error rate spike | dormant (P2) | No | sentry_backend OFF |
| DET-OPS-002 | Postgres p99 drift | dormant (P5) | No | pg_stat_statements not verified |
| DET-COST-001 | Dyno hour spike | dormant (P6) | No | Heroku Platform API scraper not built |
| DET-BETA-001 | Preview token enumeration | live (manual) | No | No log drain; manual check required |
| DET-BETA-002 | Preview screen scraping | live (manual) | No | No log drain; manual check required |
| DET-BETA-003 | Sentry error spike on beta routes | dormant (P2) | No | sentry_backend OFF — urgent |
| DET-BETA-004 | NDA bypass probe | live (manual) | No | No log drain; manual check required |
Actionable findings this run
FINDING-001 — sentry_backend OFF on prod (HIGH operational gap)
With beta testers hitting prod today, Sentry is the only signal path for detecting 500-class errors on the new beta preview routes. The INTERNAL_API_SECRET mismatch scenario (DET-BETA-003) would cause all beta tester requests to return 500 and is currently invisible.
Recommended action: operator enables sentry_backend + sre-agent sources DSN from vault.
Escalation: operator (decision) + sre-agent (execution).
Routing: ops@ same-day (HIGH, pre-launch digest exception given beta-launch context).
FINDING-002 — Heroku Logplex drain not wired (persistent HIGH gap)
Three of the four new beta detections (DET-BETA-001, DET-BETA-002, DET-BETA-004) require queryable log history to automate. Without the drain, detection runs on these rules require manual heroku logs grep every hour during the active beta window.
Recommended action: sre-agent to wire Logplex → drain. Remains the highest-leverage infrastructure unlock for the detection catalog (gates 7 of 14 rules). Routing: ops@ digest (persistent, not a new finding — echoing June 4 P1 priority).
FINDING-003 — CONSOLE_INTERNAL_URL env var should be verified (MEDIUM)
beta_token_verifier.py defaults to a hardcoded Console URL. If CONSOLE_INTERNAL_URL is not explicitly set on raxx-api-prod, the verifier uses the default which may not point to the correct Console app for the prod environment. A misconfigured URL causes all beta token verifications to fail.
Recommended action: sre-agent to verify CONSOLE_INTERNAL_URL is set on raxx-api-prod and points to the correct Console prod endpoint.
Routing: ops@ same-day.
Telemetry source availability
| Source | Status | Gates |
|---|---|---|
waitlist_signups table |
Available | DET-SIGNUP-001, DET-SIGNUP-002 |
customer_audit_events table |
Available (pre-customer baseline) | DET-DATA-001, DET-DATA-002 |
console_audit_events table |
Available | DET-AUTH-003 |
| Heroku app logs (manual only) | Manual via heroku logs |
DET-BETA-001, DET-BETA-002, DET-BETA-004 |
| Heroku app logs (automated) | Not wired | DET-AUTH-001, DET-AUTH-002 |
| Sentry (prod) | OFF | DET-OPS-001, DET-BETA-003 |
pg_stat_statements |
Unverified | DET-OPS-002 |
| Heroku Platform API metrics | Not scraped | DET-COST-001 |
| Stripe webhooks | Not wired | deferred rule |
| KMS HMAC hash chain | Not wired | DET-DATA-002 |
Next scheduled run
Daily run: 07:00 UTC 2026-06-13.
Hourly runs: 13:00–20:00 UTC during beta-launch week (2026-06-12 through 2026-06-18) — manual log check cadence until drain is wired.
Re-baseline trigger: 7 days of beta-tester traffic on /api/beta/preview/* routes, or when Heroku drain is wired (whichever comes first).