Home / Docs

Documentation

How DiffMon works across monitoring, alerts, security, and API integration.

Security

How DiffMon protects fetches, secrets, and customer data across the platform.

Security

Security is built into the worker pipeline, storage, and admin surface.

Fetch safeguards

  • SSRF checks validate hosts and protocols before any request leaves the worker.
  • Redirects are capped and protocol downgrades are blocked unless explicitly allowed.
  • Rate limits avoid overwhelming upstream services.

Secret handling

  • API tokens and webhook secrets are encrypted at rest.
  • Authorization headers are sanitized from logs and telemetry.
TypeScript
const initial = validateTarget(currentUrl);
if (!initial.ok) return makeError(`SSRF_BLOCKED_${initial.reason}`);
const dns = await resolveHostname(initial.hostname);
if (!dns.ok) return makeError(`SSRF_BLOCKED_${dns.reason}`);

Auditability

  • Every member change, token action, and webhook rotation is written to the audit log.
  • Request IDs appear in alerts, logs, and UI to help correlate investigations.