Skip to content

motiful/cloudflare-deploy-rules

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.github
.github
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SKILL.md
SKILL.md
 
 

Repository files navigation

cloudflare-deploy-rules

License: MIT Version Agent Skills Rule-Skill

Hard constraints on every wrangler / Cloudflare API action — so the first deploy of the day does not hang on a proxy timeout or leak a token into git.

Standalone rule-skill, no capability counterpart required. Pair with rules-as-skills to activate MUST-level priority across Claude Code, Codex, Cursor, Windsurf, and OpenClaw.

The Problem

Cloudflare deployment on a developer machine hits the same three failure modes over and over: wrangler login silently breaks behind ClashX/VPN/corporate proxies, API calls to api.cloudflare.com time out or return opaque 401s when a local HTTP proxy rewrites headers, and least-privilege tokens cannot list accounts directly so the account ID derivation step is forgotten. Every agent rediscovers these answers from scratch, and the fixes are not in Cloudflare's docs. This rule-skill binds the fixes to the trigger: any wrangler invocation, any api.cloudflare.com call, any CLOUDFLARE_* env edit.

What It Enforces

Auth

  • MUST use a scoped API Token in CLOUDFLARE_API_TOKEN (loaded from git-ignored .env)
  • NEVER run wrangler login (OAuth breaks on proxied/VPN/CI machines)
  • NEVER commit credentials; .env MUST be .gitignored before the token lands on disk

Proxy

  • MUST bypass local HTTP proxy on every Cloudflare API call
  • curl--noproxy '*'
  • wrangler → prefix with NO_PROXY="*" no_proxy="*" (both cases required)
  • NEVER assume an API failure is a credential bug until proxy bypass is verified

Account ID

  • MUST derive from zone info when the token lacks Account:Read: GET /zones?name=<domain>.result[0].account.id
  • MUST persist as CLOUDFLARE_ACCOUNT_ID in .env once known
  • NEVER hardcode in committed source

Full catalog, per-section rationale, and the verify_cloudflare_environment() EP live in SKILL.md.

Install

npx skills add motiful/cloudflare-deploy-rules

Manual registration:

git clone https://github.com/motiful/cloudflare-deploy-rules ~/skills/cloudflare-deploy-rules

ln -sfn ~/skills/cloudflare-deploy-rules ~/.claude/skills/cloudflare-deploy-rules
ln -sfn ~/skills/cloudflare-deploy-rules ~/.agents/skills/cloudflare-deploy-rules

For MUST-level priority across every major coding agent, install and activate rules-as-skills. Its meta-rule protocol treats every -rules suffix skill — including this one — as a hard constraint.

Usage

This skill auto-activates. Environment-trigger description matches any of:

running a wrangler command
calling api.cloudflare.com (curl / fetch / SDK)
editing CLOUDFLARE_API_TOKEN / CLOUDFLARE_ACCOUNT_ID / CLOUDFLARE_* env vars
writing or updating a Cloudflare deploy script
debugging a 401/403/ETIMEDOUT from Cloudflare

No explicit invocation needed. When the skill loads, it runs verify_cloudflare_environment(action, env, files) against the action about to execute.

What's Inside

SKILL.md        — Full constraint catalog, verify_cloudflare_environment() EP
LICENSE         — MIT
.github/
  repo-meta.yml — GitHub description + topics

No references/ directory — rule-skills carry their full content in the body, by convention.

License

MIT — See LICENSE for details.

Crafted with Readme Craft

About

Hard constraints for Cloudflare deployment — MUST use API Token (not wrangler OAuth), MUST bypass proxy on API calls, account ID extraction from zone info. Activates on wrangler, api.cloudflare.com, CLOUDFLARE_* env.

Topics

deployment cloudflare wrangler agent-skills claude-code rule-skill rules-as-skills

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors