You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Omi’s current Grafana alert set has useful service rules, but the monitoring and delivery path is not itself trustworthy enough to make outages loud and obvious.
Read-only production review on 2026-07-12 found:
All 54 Grafana alert rules explicitly select Omi - Services Alerting (Telegram). Notification policy routes exist for instatus_component, but explicit rule receivers appear to bypass those label-based Instatus routes. A public status component may therefore not update during a confirmed incident.
Prometheus scrape health is materially degraded: kubelet, CoreDNS, GPU, and service metric targets include large down/unknown sets. No service-rule inventory item protects expected target coverage for critical exporters.
backend-sync lacks reliable availability/completion coverage: no traffic-zero/readiness/queue-age/completion SLI. Its semantic fallback metric path is paused because backend-sync metrics are not scraped by GKE Prometheus.
Several availability rules use metric or vector(0), which can intentionally or accidentally conflate absent telemetry with a zero-valued product signal.
This issue complements existing #9138, which owns persistent managed-GKE control-plane/rule noise. It focuses on the product-monitoring delivery/coverage contract and should link to, not duplicate, #9138.
Scope
Make monitoring a monitored dependency: explicit alert-routing behavior, expected telemetry coverage, documented no-data semantics, and customer-facing delivery verification. This issue does not require inventing every product SLI; transcription and sync semantic metrics are tracked separately.
Proposed deliverables
1. Alert routing and delivery contract
Decide whether component alerts route through policy labels, rule-level receivers, or both; encode one authoritative model.
Ensure confirmed critical incidents reach both an accountable paging/escalation path and the intended Instatus component.
Retain Telegram broadcast, but do not let it be the only ownership/escalation path for P1 conditions.
Add controlled, non-customer-impacting alert tests for every component route: API, live transcription, speech processing, plugins, and AI/chat.
Document grouping, deduplication, acknowledgement/escalation expectations, and test evidence.
2. Monitoring-pipeline health and expected-target inventory
Create a declared inventory of critical telemetry sources and expected coverage for at least:
backend-listen metrics;
pusher metrics;
Parakeet metrics;
kube-state-metrics;
Stackdriver/Cloud Monitoring datasource or exporter;
GPU metrics where they are required for speech processing.
Add actionable coverage alerts for absent/insufficient expected targets. Separately classify known managed-GKE control-plane scrape limitations under #9138; do not page a generic TargetDown for expected unreachable endpoints.
3. Explicit no-data semantics
For each critical rule, document and test one of:
NoData means service/telemetry outage and must page;
NoData means event absence is expected and must be OK;
a separate telemetry-health alert represents missing data while the service rule remains outcome-based.
Do not use or vector(0) to imply an actual zero product signal unless absence-as-zero is intentional, tested, and annotated. Separate exporter absence, readiness loss, and traffic/session anomaly rules.
4. Backend-sync operational coverage
Add a deliberate supported metric/log-based source for backend-sync acceptance/completion and operational backlog: queue age/depth, retry/exhaustion, oldest nonterminal work, readiness/revision health, and traffic where meaningful. It may be Cloud Tasks/Cloud Monitoring/log-based rather than GKE Prometheus, but must be a verified maintained path.
5. Runbook and verification
Create a concise public-safe monitoring runbook with:
how to distinguish product outage, datasource outage, and expected idleness;
alert route test procedure;
critical target inventory and owner;
dashboard/runbook links carried in alerts;
response when the monitoring pipeline itself is degraded.
Acceptance criteria
A controlled alert verifies delivery to the intended Instatus component and the accountable escalation/broadcast path for every component class.
Rule-level receiver overrides and notification-policy behavior are documented and tested; routing cannot silently bypass component status updates.
Critical telemetry sources have expected-target/coverage checks, with known managed-GKE exclusions explicitly classified rather than ignored.
Missing datasource/exporter data is distinguishable from an application error or customer outage.
Every critical availability rule has documented no-data behavior and avoids unintentional absence-as-zero coercion.
Backend-sync has an actionable, maintained operational completion/backlog signal even without GKE Prometheus scraping.
Do not include Grafana bearer tokens, webhook URLs/secrets, private dashboard links, credentials, customer identifiers, audio, or transcript content in code, fixtures, logs, or issue comments.
Prefer dry-run/test alert labels and non-customer-facing test components for routing verification.
Grafana/contact-point/notification-policy changes, pager configuration, public status changes, production deploys, and monitoring infrastructure mutations require separate maintainer approval.
Problem
Omi’s current Grafana alert set has useful service rules, but the monitoring and delivery path is not itself trustworthy enough to make outages loud and obvious.
Read-only production review on 2026-07-12 found:
Omi - Services Alerting (Telegram). Notification policy routes exist forinstatus_component, but explicit rule receivers appear to bypass those label-based Instatus routes. A public status component may therefore not update during a confirmed incident.backend-synclacks reliable availability/completion coverage: no traffic-zero/readiness/queue-age/completion SLI. Its semantic fallback metric path is paused because backend-sync metrics are not scraped by GKE Prometheus.NoData -> Alertingfalse-positive was addressed by fix(monitoring): resolve 5XX alert false positives from Stackdriver no-data #9567, but this clarified a broader rule: datasource/query absence, expected low-volume event absence, and customer-service failure require different semantics.metric or vector(0), which can intentionally or accidentally conflate absent telemetry with a zero-valued product signal.This issue complements existing #9138, which owns persistent managed-GKE control-plane/rule noise. It focuses on the product-monitoring delivery/coverage contract and should link to, not duplicate, #9138.
Scope
Make monitoring a monitored dependency: explicit alert-routing behavior, expected telemetry coverage, documented no-data semantics, and customer-facing delivery verification. This issue does not require inventing every product SLI; transcription and sync semantic metrics are tracked separately.
Proposed deliverables
1. Alert routing and delivery contract
2. Monitoring-pipeline health and expected-target inventory
Create a declared inventory of critical telemetry sources and expected coverage for at least:
Add actionable coverage alerts for absent/insufficient expected targets. Separately classify known managed-GKE control-plane scrape limitations under #9138; do not page a generic
TargetDownfor expected unreachable endpoints.3. Explicit no-data semantics
For each critical rule, document and test one of:
NoDatameans service/telemetry outage and must page;NoDatameans event absence is expected and must be OK;Do not use
or vector(0)to imply an actual zero product signal unless absence-as-zero is intentional, tested, and annotated. Separate exporter absence, readiness loss, and traffic/session anomaly rules.4. Backend-sync operational coverage
Add a deliberate supported metric/log-based source for backend-sync acceptance/completion and operational backlog: queue age/depth, retry/exhaustion, oldest nonterminal work, readiness/revision health, and traffic where meaningful. It may be Cloud Tasks/Cloud Monitoring/log-based rather than GKE Prometheus, but must be a verified maintained path.
5. Runbook and verification
Create a concise public-safe monitoring runbook with:
Acceptance criteria
Related
Safety / agent notes