frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

SHOW HN: A usage circuit breaker for Cloudflare Workers

15•ethan_zhao•3h ago
I run 3mins.news (https://3mins.news), an AI news aggregator built entirely on Cloudflare Workers. The backend has 10+ cron triggers running every few minutes: RSS fetching, article clustering, LLM calls, email delivery.

The problem: Workers Paid Plan has hard monthly limits (10M requests, 1M KV writes, 1M queue ops, etc.). There's no built-in "pause when you hit the limit", CF just starts billing overages. KV writes cost $5/M over the cap, so a retry loop bug can get expensive fast.

AWS has Budget Alerts, but those are passive notifications, by the time you read the email, the damage is done. I wanted active, application-level self-protection.

So I built a circuit breaker that faces inward, instead of protecting against downstream failures (the Hystrix pattern), it monitors my own resource consumption and gracefully degrades before hitting the ceiling.

Key design decisions:

- Per-resource thresholds: Workers Requests ($0.30/M overage) only warns at 80%. KV Writes ($5/M overage) can trip the breaker at 90%. Not all resources are equally dangerous, so some are configured as warn-only (trip=null).

- Hysteresis: Trips at 90%, recovers at 85%. The 5% gap prevents oscillation, without it the system flaps between tripped and recovered every check cycle.

- Fail-safe on monitoring failure: If the CF usage API is down, maintain last known state rather than assuming "everything is fine." A monitoring outage shouldn't mask a usage spike.

- Alert dedup: Per-resource, per-month. Without it you'd get ~8,600 identical emails for the rest of the month once a resource hits 80%.

Implementation: every 5 minutes, queries CF's GraphQL API (requests, CPU, KV, queues) + Observability Telemetry API (logs/traces) in parallel, evaluates 8 resource dimensions, caches state to KV. Between checks it's a single KV read — essentially free.

When tripped, all scheduled tasks are skipped. The cron trigger still fires (you can't stop that), but the first thing it does is check the breaker and bail out if tripped.

It's been running in production for two weeks. Caught a KV reads spike at 82% early in the month, got one warning email, investigated, fixed the root cause, never hit the trip threshold.

The pattern should apply to any metered serverless platform (Lambda, Vercel, Supabase) or any API with budget ceilings (OpenAI, Twilio). The core idea: treat your own resource budget as a health signal, just like you'd treat a downstream service's error rate.

Happy to share code details if there's interest.

Full writeup with implementation code and tests: https://yingjiezhao.com/en/articles/Usage-Circuit-Breaker-for-Cloudflare-Workers

Comments

kopollo•2h ago
When collecting RSS feeds, I recommend setting a limit so that each RSS source is pulled every 10 minutes.
ethan_zhao•2h ago
That's a solid default. I actually set my RSS polling interval to 1 hour, most sources I follow don't update frequently enough to justify anything shorter. Every 10 minutes works too, but you might end up burning cycles on unchanged feeds.
photobombastic•2h ago
This is a real problem. I've heard similar stories from people running CI pipelines — a retry loop bug burns through your entire monthly Actions minutes budget in hours, and there's no built-in circuit breaker there either.

The approach of tracking usage locally and cutting off before you hit billing overages makes a lot more sense than trying to parse the billing API after the fact. Prevention over detection.

Could be cool to set per-worker limits in addition to the global ones.

ethan_zhao•2h ago
Totally. When I first launched my project, I literally couldn't sleep at night, kept worrying that some bug in my code would spiral into a self-inflicted Denial of Wallet attack by morning. That fear is what pushed me to build the circuit breaker early on. Prevention over detection is spot on.
westurner•1h ago
> The core idea: treat your own resource budget as a health signal, just like you'd treat a downstream service's error rate.

This is more state. The deployed app is then more stateful and thus more complex. If there is more complexity, there are probably more failure cases.

But resource budget quota signals are a good feature, I think.

Apps should throttle down when approaching their resource quotas.

What is the service hosting provider running to scale the service up and down?

Autoscaling: https://en.wikipedia.org/wiki/Autoscaling

k8s ResourceQuotas: https://kubernetes.io/docs/concepts/policy/resource-quotas/

willswire/union is a Kubernetes Helm chart for self-hosting cloudflare/workerd: https://github.com/willswire/union

Helm docs > intro > Using Helm: https://helm.sh/docs/intro/using_helm/ :

> Helm installs resources in the following order:

> [..., ResourceQuota, ..., HorizontalPodAutoscaler, ...]

How could this signal and the messaging about the event be standardized in the Containerfile spec, k8s, Helm?

Containerfile already supports HEALTHCHECK. Should there be a QUOTACMD Dockerfile instruction to specify a command to run when passed a message with the quota status?

iam_circuit•1h ago
This pattern should be default for any metered service. Budget exhaustion is a security failure mode — accidental (retry loops) and adversarial (amplification attacks) look identical to billing.

The gap: most platforms treat billing as purely financial. But spend limits are actually a form of resource isolation. When your Workers hit quota, you don't just lose money, you lose availability. Treating budget as a circuit breaker turns it into active defense.

Imustaskforhelp•1h ago
To whoever is running this account. Please stop using AI for Hackernews discussions; Thanks.

Tony Hoare has died

https://blog.computationalcomplexity.org/2026/03/tony-hoare-1934-2026.html
448•speckx•1h ago•39 comments

Debian decides not to decide on AI-generated contributions

https://lwn.net/SubscriberLink/1061544/125f911834966dd0/
83•jwilk•1h ago•63 comments

Intel Demos Chip to Compute with Encrypted Data

https://spectrum.ieee.org/fhe-intel
126•sohkamyung•3h ago•33 comments

I put my whole life into a single database

https://howisfelix.today/
305•lukakopajtic•6h ago•143 comments

Launch HN: Didit (YC W26) – Stripe for Identity Verification

22•rosasalberto•1h ago•22 comments

Rebasing in Magit

https://entropicthoughts.com/rebasing-in-magit
111•ibobev•3h ago•77 comments

Show HN: How I Topped the HuggingFace Open LLM Leaderboard on Two Gaming GPUs

https://dnhkng.github.io/posts/rys/
67•dnhkng•3h ago•32 comments

Online age-verification tools for child safety are surveilling adults

https://www.cnbc.com/2026/03/08/social-media-child-safety-internet-ai-surveillance.html
253•bilsbie•3h ago•130 comments

Ad-tech is fascist tech

https://pluralistic.net/2026/03/10/ice-tech/#foreseeable-outcomes
28•only_in_america•22m ago•2 comments

The Gervais Principle, or the Office According to "The Office" (2009)

https://www.ribbonfarm.com/2009/10/07/the-gervais-principle-or-the-office-according-to-the-office/
203•janandonly•3d ago•85 comments

Sending Jabber/XMPP Messages via HTTP

https://gultsch.de/posts/xmpp-via-http/
32•inputmice•3h ago•4 comments

Yann LeCun's AI startup raises $1B in Europe's largest ever seed round

https://www.ft.com/content/e5245ec3-1a58-4eff-ab58-480b6259aaf1
334•ottomengis•5h ago•177 comments

How many options fit into a boolean?

https://herecomesthemoon.net/2025/11/how-many-options-fit-into-a-boolean/
18•luu•3d ago•4 comments

Amazon is holding a mandatory meeting about AI breaking its systems

https://twitter.com/lukolejnik/status/2031257644724342957
132•lwhsiao•1h ago•81 comments

Meta acquires Moltbook

https://www.axios.com/2026/03/10/meta-facebook-moltbook-agent-social-network
94•mmayberry•2h ago•63 comments

PgAdmin 4 9.13 with AI Assistant Panel

https://www.pgadmin.org/docs/pgadmin4/9.13/query_tool.html#ai-assistant-panel
52•__natty__•4h ago•17 comments

Show HN: DD Photos – open-source photo album site generator (Go and SvelteKit)

https://github.com/dougdonohoe/ddphotos
32•dougdonohoe•3h ago•8 comments

A New Version of Our Oracle Solaris Environment for Developers

https://blogs.oracle.com/solaris/announcing-a-new-version-of-our-oracle-solaris-environment-for-d...
28•naves•2d ago•16 comments

Practical Guide to Bare Metal C++

https://arobenko.github.io/bare_metal_cpp/#_abstract_classes
81•ibobev•3d ago•30 comments

Caxlsx: Ruby gem for xlsx generation with charts, images, schema validation

https://github.com/caxlsx/caxlsx
44•earcar•4d ago•3 comments

Two Years of Emacs Solo

https://www.rahuljuliato.com/posts/emacs-solo-two-years
324•celadevra_•16h ago•122 comments

LoGeR – 3D reconstruction from extremely long videos (DeepMind, UC Berkeley)

https://loger-project.github.io
112•helloplanets•10h ago•25 comments

TCXO Failure Analysis

https://serd.es/2026/03/06/TCXO-failure-analysis.html
82•zdw•3d ago•36 comments

Lotus 1-2-3 on the PC with DOS

https://stonetools.ghost.io/lotus123-dos/
155•TMWNN•3d ago•60 comments

No, it doesn't cost Anthropic $5k per Claude Code user

https://martinalderson.com/posts/no-it-doesnt-cost-anthropic-5k-per-claude-code-user/
386•jnord•17h ago•275 comments

Traffic from Russia to Cloudflare is 60% down from last year

https://radar.cloudflare.com/traffic/ru?dateRange=52w
77•secondary_op•3h ago•46 comments

Building a Procedural Hex Map with Wave Function Collapse

https://felixturner.github.io/hex-map-wfc/article/
547•imadr•23h ago•83 comments

Redox OS has adopted a Certificate of Origin policy and a strict no-LLM policy

https://gitlab.redox-os.org/redox-os/redox/-/blob/master/CONTRIBUTING.md
287•pjmlp•7h ago•305 comments

JSLinux Now Supports x86_64

https://bellard.org/jslinux/
361•TechTechTech•23h ago•116 comments

Optimizing Top K in Postgres

https://www.paradedb.com/blog/optimizing-top-k
132•philippemnoel•1d ago•16 comments