Notes
Notes on alerts, privacy, and on-call.
2026-05-13 · security / engineering / cloudflare-workers / regex
How we built a no-ReDoS customer regex tokenizer in Cloudflare Workers
A pure-JS RE2 port, a 60s per-isolate cache with stampede guard, a Web Worker test gate, and the three production bugs we caught in the first 24 hours.
2026-05-09 · aiops / alert-correlation / incident-management / postgres
Two SQL primitives for when alert clustering gets it wrong
Why every alert clustering system needs a manual override, the two Postgres functions that implement split and merge with a full audit trail, and the race condition we found when shipping it.
2026-05-08 · llm / anthropic / prompt-caching / cost-engineering
Anthropic prompt caching cut our RCA cost by 90%
What actually goes in the cached segment, the two-segment trick that lets per-tenant context cache too, and the production numbers we see on Haiku 4.5.
2026-05-08 · on-call / alert-fatigue / observability / correlation
From 1,000 alerts to 10 incidents
Turning a thousand noisy webhooks into ten real incidents, without throwing away the signal that lives in the noise. Alert correlation, the four hard parts.
2026-05-08 · hipaa / security / observability / compliance
A HIPAA checklist for alert pipelines (8 controls)
Where PHI ends up in monitoring alerts, what HIPAA's Technical Safeguards actually require, and an 8-item checklist for keeping the alert path compliant.
2026-05-06 · pii / observability / tokenization / compliance
How to keep PII out of your alert pipeline
The four hard parts of edge tokenization for observability, and why the obvious shortcuts (strip-on-write, drop-on-detect, redact-in-prompt) all leak.
2026-05-05 · pii / regex / engineering / tokenization
6 regexes for detecting PII in event payloads
The regex set we run in production for tokenizing inbound alerts, with per-pattern false-negative cases and a structural fallback for what regex misses.
build b46460aupdated 2026-05-13no trackersno analyticsno third-party scripts