@deftai/directive-content 0.55.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (250) hide show
  1. package/.agents/skills/deft/SKILL.md +6 -0
  2. package/.agents/skills/deft-directive-article-review/SKILL.md +11 -0
  3. package/.agents/skills/deft-directive-build/SKILL.md +10 -0
  4. package/.agents/skills/deft-directive-cost/SKILL.md +12 -0
  5. package/.agents/skills/deft-directive-debug/SKILL.md +13 -0
  6. package/.agents/skills/deft-directive-gh-arch/SKILL.md +11 -0
  7. package/.agents/skills/deft-directive-gh-slice/SKILL.md +10 -0
  8. package/.agents/skills/deft-directive-glossary/SKILL.md +10 -0
  9. package/.agents/skills/deft-directive-interview/SKILL.md +9 -0
  10. package/.agents/skills/deft-directive-pre-pr/SKILL.md +9 -0
  11. package/.agents/skills/deft-directive-refinement/SKILL.md +10 -0
  12. package/.agents/skills/deft-directive-release/SKILL.md +12 -0
  13. package/.agents/skills/deft-directive-review-cycle/SKILL.md +10 -0
  14. package/.agents/skills/deft-directive-setup/SKILL.md +10 -0
  15. package/.agents/skills/deft-directive-swarm/SKILL.md +10 -0
  16. package/.agents/skills/deft-directive-sync/SKILL.md +9 -0
  17. package/.agents/skills/deft-directive-triage/SKILL.md +9 -0
  18. package/.agents/skills/deft-directive-write-skill/SKILL.md +9 -0
  19. package/LICENSE.md +22 -0
  20. package/QUICK-START.md +167 -0
  21. package/UPGRADING.md +517 -0
  22. package/coding/build-output.md +28 -0
  23. package/coding/coding.md +235 -0
  24. package/coding/debugging.md +110 -0
  25. package/coding/holzmann.md +96 -0
  26. package/coding/hygiene.md +127 -0
  27. package/coding/security.md +158 -0
  28. package/coding/testing.md +162 -0
  29. package/coding/toolchain.md +44 -0
  30. package/commands.md +300 -0
  31. package/context/context.md +57 -0
  32. package/context/deterministic-split.md +67 -0
  33. package/context/examples.md +26 -0
  34. package/context/fractal-summaries.md +69 -0
  35. package/context/long-horizon.md +46 -0
  36. package/context/spec-deltas.md +177 -0
  37. package/context/tool-design.md +34 -0
  38. package/context/working-memory.md +62 -0
  39. package/contracts/boundary-maps.md +65 -0
  40. package/contracts/deterministic-questions.md +59 -0
  41. package/contracts/hierarchy.md +77 -0
  42. package/conventions/content-manifest.json +399 -0
  43. package/conventions/machine-generated-banner.md +130 -0
  44. package/conventions/references.md +120 -0
  45. package/conventions/rule-ownership.json +382 -0
  46. package/conventions/task-caching.md +43 -0
  47. package/conventions/vbrief-filenames.md +70 -0
  48. package/deployments/README.md +37 -0
  49. package/deployments/agentuity/README.md +138 -0
  50. package/deployments/agentuity/via-cli.md +380 -0
  51. package/deployments/agentuity/via-cloud.md +425 -0
  52. package/deployments/agentuity/via-github-actions.md +664 -0
  53. package/deployments/agentuity/via-gravity-network.md +606 -0
  54. package/deployments/agentuity/via-vpc.md +607 -0
  55. package/deployments/aws/README.md +38 -0
  56. package/deployments/aws/via-app-runner.md +612 -0
  57. package/deployments/aws/via-ecs-fargate.md +561 -0
  58. package/deployments/aws/via-elastic-beanstalk.md +628 -0
  59. package/deployments/aws/via-lambda.md +649 -0
  60. package/deployments/azure/README.md +37 -0
  61. package/deployments/azure/via-aks.md +390 -0
  62. package/deployments/azure/via-app-service.md +564 -0
  63. package/deployments/azure/via-container-apps.md +599 -0
  64. package/deployments/azure/via-functions.md +552 -0
  65. package/deployments/cloud-gov/README.md +63 -0
  66. package/deployments/cloud-gov/agents/compliance-docs.md +154 -0
  67. package/deployments/cloud-gov/agents.md +39 -0
  68. package/deployments/cloud-gov/cicd.md +64 -0
  69. package/deployments/cloud-gov/deployment.md +150 -0
  70. package/deployments/cloud-gov/logging.md +43 -0
  71. package/deployments/cloud-gov/manifest.md +121 -0
  72. package/deployments/cloud-gov/overview.md +58 -0
  73. package/deployments/cloud-gov/security.md +46 -0
  74. package/deployments/cloud-gov/services.md +72 -0
  75. package/deployments/cloud-gov/upstream/README.md +18 -0
  76. package/deployments/cloudflare/README.md +33 -0
  77. package/deployments/cloudflare/via-dashboard.md +83 -0
  78. package/deployments/cloudflare/via-git.md +90 -0
  79. package/deployments/cloudflare/via-github-actions.md +185 -0
  80. package/deployments/cloudflare/via-terraform.md +157 -0
  81. package/deployments/cloudflare/via-wrangler.md +165 -0
  82. package/deployments/fly-io/README.md +37 -0
  83. package/deployments/fly-io/via-dockerfile.md +648 -0
  84. package/deployments/fly-io/via-flyctl.md +653 -0
  85. package/deployments/fly-io/via-github-actions.md +695 -0
  86. package/deployments/fly-io/via-multi-region.md +598 -0
  87. package/deployments/google/README.md +34 -0
  88. package/deployments/google/via-app-engine.md +42 -0
  89. package/deployments/google/via-cloud-functions.md +23 -0
  90. package/deployments/google/via-cloud-run.md +330 -0
  91. package/deployments/google/via-gke.md +23 -0
  92. package/deployments/netlify/README.md +99 -0
  93. package/deployments/netlify/via-cli.md +17 -0
  94. package/deployments/netlify/via-functions.md +19 -0
  95. package/deployments/netlify/via-git.md +25 -0
  96. package/deployments/vercel/README.md +90 -0
  97. package/deployments/vercel/via-api.md +16 -0
  98. package/deployments/vercel/via-cli.md +17 -0
  99. package/deployments/vercel/via-git.md +24 -0
  100. package/docs/BROWNFIELD.md +179 -0
  101. package/docs/getting-started.md +137 -0
  102. package/docs/good-agents-md.md +137 -0
  103. package/events/README.md +89 -0
  104. package/events/event-record.schema.json +26 -0
  105. package/events/registry.json +166 -0
  106. package/events/registry.schema.json +71 -0
  107. package/glossary.md +145 -0
  108. package/incidents/README.md +81 -0
  109. package/incidents/_template.md +38 -0
  110. package/interfaces/cli.md +104 -0
  111. package/interfaces/rest.md +212 -0
  112. package/interfaces/tui.md +242 -0
  113. package/interfaces/web.md +123 -0
  114. package/languages/6502-DASM.md +132 -0
  115. package/languages/c.md +235 -0
  116. package/languages/commands.md +23 -0
  117. package/languages/cpp.md +132 -0
  118. package/languages/csharp.md +259 -0
  119. package/languages/dart.md +183 -0
  120. package/languages/delphi.md +218 -0
  121. package/languages/elixir.md +208 -0
  122. package/languages/go.md +78 -0
  123. package/languages/java.md +278 -0
  124. package/languages/javascript.md +163 -0
  125. package/languages/julia.md +175 -0
  126. package/languages/kotlin.md +193 -0
  127. package/languages/markdown.md +168 -0
  128. package/languages/mermaid.md +146 -0
  129. package/languages/officejs.md +392 -0
  130. package/languages/python.md +209 -0
  131. package/languages/r.md +163 -0
  132. package/languages/rust.md +216 -0
  133. package/languages/sql.md +216 -0
  134. package/languages/swift.md +153 -0
  135. package/languages/typescript.md +132 -0
  136. package/languages/vba.md +279 -0
  137. package/languages/vhdl.md +180 -0
  138. package/languages/visual-basic.md +151 -0
  139. package/languages/zig.md +196 -0
  140. package/meta/SOUL.md +27 -0
  141. package/meta/code-field.md +44 -0
  142. package/meta/morals.md +40 -0
  143. package/meta/philosophy.md +39 -0
  144. package/meta/project.md +49 -0
  145. package/meta/ralph.md +223 -0
  146. package/meta/security.md +80 -0
  147. package/meta/versioning.md +326 -0
  148. package/package.json +22 -0
  149. package/packs/lessons/lessons-pack-0.1.json +553 -0
  150. package/packs/patterns/patterns-pack-0.1.json +57 -0
  151. package/packs/rules/rules-pack-0.1.json +4767 -0
  152. package/packs/skills/skills-pack-0.1.json +262 -0
  153. package/packs/strategies/strategies-pack-0.1.json +167 -0
  154. package/packs/swarm-spec/swarm-spec-pack-0.1.json +17 -0
  155. package/patterns/executor-layer-credentials.md +227 -0
  156. package/patterns/llm-app.md +156 -0
  157. package/patterns/multi-agent.md +278 -0
  158. package/patterns/prompt-assembly-layer-ordering.md +154 -0
  159. package/patterns/role-as-overlay.md +179 -0
  160. package/platforms/2600.md +137 -0
  161. package/platforms/unity.md +329 -0
  162. package/references/composer-skill-porting.md +152 -0
  163. package/references/cost-models.md +163 -0
  164. package/references/ip-risk.md +246 -0
  165. package/references/plain-english-ux.md +275 -0
  166. package/resilience/context-pruning.md +67 -0
  167. package/resilience/continue-here.md +62 -0
  168. package/scm/changelog.md +276 -0
  169. package/scm/git.md +139 -0
  170. package/scm/github.md +265 -0
  171. package/secrets/.gitkeep +0 -0
  172. package/skills/deft-build/SKILL.md +20 -0
  173. package/skills/deft-directive-article-review/SKILL.md +156 -0
  174. package/skills/deft-directive-build/SKILL.md +302 -0
  175. package/skills/deft-directive-cost/SKILL.md +201 -0
  176. package/skills/deft-directive-debug/SKILL.md +140 -0
  177. package/skills/deft-directive-decompose/SKILL.md +96 -0
  178. package/skills/deft-directive-gh-arch/SKILL.md +160 -0
  179. package/skills/deft-directive-gh-slice/SKILL.md +199 -0
  180. package/skills/deft-directive-glossary/SKILL.md +118 -0
  181. package/skills/deft-directive-interview/SKILL.md +528 -0
  182. package/skills/deft-directive-pre-pr/SKILL.md +131 -0
  183. package/skills/deft-directive-probe/SKILL.md +127 -0
  184. package/skills/deft-directive-refinement/SKILL.md +403 -0
  185. package/skills/deft-directive-release/SKILL.md +266 -0
  186. package/skills/deft-directive-review-cycle/SKILL.md +401 -0
  187. package/skills/deft-directive-setup/SKILL.md +717 -0
  188. package/skills/deft-directive-swarm/SKILL.md +989 -0
  189. package/skills/deft-directive-sync/SKILL.md +288 -0
  190. package/skills/deft-directive-triage/SKILL.md +137 -0
  191. package/skills/deft-directive-write-skill/SKILL.md +169 -0
  192. package/skills/deft-interview/SKILL.md +16 -0
  193. package/skills/deft-pre-pr/SKILL.md +16 -0
  194. package/skills/deft-review-cycle/SKILL.md +16 -0
  195. package/skills/deft-roadmap-refresh/SKILL.md +16 -0
  196. package/skills/deft-setup/SKILL.md +20 -0
  197. package/skills/deft-swarm/SKILL.md +16 -0
  198. package/skills/deft-sync/SKILL.md +16 -0
  199. package/strategies/README.md +83 -0
  200. package/strategies/artifact-guards.md +85 -0
  201. package/strategies/bdd.md +115 -0
  202. package/strategies/brownfield.md +7 -0
  203. package/strategies/discuss.md +129 -0
  204. package/strategies/emit-hints.md +69 -0
  205. package/strategies/enterprise.md +193 -0
  206. package/strategies/interview.md +551 -0
  207. package/strategies/map.md +179 -0
  208. package/strategies/probe.md +151 -0
  209. package/strategies/rapid.md +155 -0
  210. package/strategies/research.md +155 -0
  211. package/strategies/roadmap.md +9 -0
  212. package/strategies/speckit.md +437 -0
  213. package/strategies/v0-20-contract.md +134 -0
  214. package/strategies/yolo.md +169 -0
  215. package/swarm/swarm.md +300 -0
  216. package/templates/COST-ESTIMATE.md +114 -0
  217. package/templates/PULL_REQUEST_TEMPLATE.md +35 -0
  218. package/templates/agent-prompt-preamble.md +409 -0
  219. package/templates/agents-entry.md +211 -0
  220. package/templates/agents-entry.placeholders.md +75 -0
  221. package/templates/embed.go +20 -0
  222. package/templates/embed_test.go +36 -0
  223. package/templates/make-spec-example.md +9 -0
  224. package/templates/make-spec.md +246 -0
  225. package/templates/project.md.template +52 -0
  226. package/templates/specification.md +1 -0
  227. package/templates/swarm-greptile-poller-prompt.md +556 -0
  228. package/templates/user.md.template +31 -0
  229. package/tools/RWLDL.md +80 -0
  230. package/tools/greptile.md +141 -0
  231. package/tools/installer.md +23 -0
  232. package/tools/taskfile-migration.md +32 -0
  233. package/tools/taskfile.md +185 -0
  234. package/tools/telemetry.md +285 -0
  235. package/vbrief/schemas/cache-meta.schema.json +137 -0
  236. package/vbrief/schemas/candidates.schema.json +130 -0
  237. package/vbrief/schemas/codebase-map.schema.json +213 -0
  238. package/vbrief/schemas/lessons-pack.schema.json +134 -0
  239. package/vbrief/schemas/patterns-pack.schema.json +84 -0
  240. package/vbrief/schemas/rules-pack.schema.json +105 -0
  241. package/vbrief/schemas/skills-pack.schema.json +94 -0
  242. package/vbrief/schemas/slices.schema.json +87 -0
  243. package/vbrief/schemas/strategies-pack.schema.json +89 -0
  244. package/vbrief/schemas/swarm-spec-pack.schema.json +84 -0
  245. package/vbrief/schemas/vbrief-core.schema.json +1022 -0
  246. package/vbrief/vbrief.md +684 -0
  247. package/verification/integration.md +76 -0
  248. package/verification/plan-checking.md +85 -0
  249. package/verification/uat.md +60 -0
  250. package/verification/verification.md +117 -0
@@ -0,0 +1,72 @@
1
+ ---
2
+ applyTo: "**/*.py,**/*.js,**/*.ts,**/*.rb,**/*.java,**/*.go,**/manifest*.yml"
3
+ ---
4
+
5
+ # Cloud.gov Services Instructions (Deft)
6
+
7
+ Guidance for provisioning and using cloud.gov managed services.
8
+
9
+ ## Core Rules
10
+
11
+ - ! Never hardcode credentials
12
+ - ! Read credentials from `VCAP_SERVICES`
13
+ - ~ Prefer bound services over service keys
14
+ - ~ Document services in `manifest.yml`
15
+
16
+ ## Service Lifecycle
17
+
18
+ ```bash
19
+ cf marketplace
20
+ cf create-service <SERVICE> <PLAN> <INSTANCE_NAME>
21
+ cf bind-service <APP_NAME> <INSTANCE_NAME>
22
+ cf restage <APP_NAME>
23
+ ```
24
+
25
+ ## VCAP_SERVICES (Python example)
26
+
27
+ ```python
28
+ import json, os
29
+
30
+ vcap_services = json.loads(os.environ.get("VCAP_SERVICES", "{}"))
31
+ db_credentials = vcap_services.get("aws-rds", [{}])[0].get("credentials", {})
32
+
33
+ DATABASE_URL = db_credentials.get("uri")
34
+ ```
35
+
36
+ ## Relational Databases (RDS)
37
+
38
+ - ~ Use redundant plans for production
39
+ - ~ Rotate credentials regularly
40
+
41
+ ```bash
42
+ cf create-service aws-rds micro-psql my-database
43
+ cf create-service aws-rds small-psql-redundant my-database
44
+ cf update-service my-database -c '{"rotate_credentials": true}'
45
+ ```
46
+
47
+ ## S3 Storage
48
+
49
+ ```bash
50
+ cf create-service s3 basic my-s3-bucket
51
+ ```
52
+
53
+ ## Redis
54
+
55
+ ```bash
56
+ cf create-service aws-elasticache-redis redis-dev my-redis
57
+ ```
58
+
59
+ ## Service Keys
60
+
61
+ - ~ Use only when necessary (CI/CD, external access)
62
+
63
+ ```bash
64
+ cf create-service-key my-s3-bucket external-access
65
+ cf service-key my-s3-bucket external-access
66
+ ```
67
+
68
+ ## References
69
+
70
+ - https://docs.cloud.gov/platform/deployment/managed-services/
71
+ - https://docs.cloud.gov/platform/services/relational-database/
72
+ - https://docs.cloud.gov/platform/services/s3/
@@ -0,0 +1,18 @@
1
+ # Upstream Snapshot (cloud-gov-instructions)
2
+
3
+ This directory stores the pinned upstream release used for translation.
4
+
5
+ ## Current Pin
6
+
7
+ - Repository: `adhocteam/cloud-gov-instructions`
8
+ - Version: `v1.1.0`
9
+
10
+ ## Sync
11
+
12
+ Use:
13
+
14
+ ```
15
+ task cloudgov:sync
16
+ ```
17
+
18
+ This downloads the release tarball and extracts it here for reference.
@@ -0,0 +1,33 @@
1
+ # Cloudflare Deployment Module
2
+
3
+ Deft guidance for deploying to Cloudflare Pages and Workers.
4
+
5
+ ## Status
6
+
7
+ - ! Optional module
8
+ - ~ Good for Deft usage
9
+
10
+ ## Deployment Methods
11
+
12
+ | File | Method | Best For |
13
+ |------|--------|----------|
14
+ | `via-git.md` | Git Integration (GitHub/GitLab) | Teams wanting automated deploy-on-push |
15
+ | `via-wrangler.md` | Wrangler CLI | Local deploys, CI pipelines, Workers |
16
+ | `via-dashboard.md` | Dashboard Direct Upload | Quick one-off deploys, non-developers |
17
+ | `via-github-actions.md` | GitHub Actions CI/CD | Automated pipelines with custom build steps |
18
+ | `via-terraform.md` | Terraform IaC | Infrastructure-as-code, multi-resource management |
19
+
20
+ ## Important Note
21
+
22
+ Cloudflare deprecated Pages as a standalone product in April 2025, pushing toward
23
+ a unified Workers platform. The `wrangler deploy` and Workers-based workflows are
24
+ the recommended path forward. Git integration and direct upload still work but
25
+ now operate under the Workers & Pages umbrella in the dashboard.
26
+
27
+ ## Quick Decision Guide
28
+
29
+ - **Simplest path**: `via-git.md` — connect repo, push, done
30
+ - **Most control**: `via-wrangler.md` — CLI deploys with full config
31
+ - **CI/CD pipelines**: `via-github-actions.md` — automated with `wrangler-action`
32
+ - **IaC teams**: `via-terraform.md` — manage Cloudflare alongside other infra
33
+ - **One-off / non-dev**: `via-dashboard.md` — drag and drop in browser
@@ -0,0 +1,83 @@
1
+ # Deploy to Cloudflare via Dashboard Direct Upload
2
+
3
+ Legend (from RFC2119): !=MUST, ~=SHOULD, ≉=SHOULD NOT, ⊗=MUST NOT, ?=MAY.
4
+
5
+ **⚠️ See also**: [README.md](./README.md) | [via-git.md](./via-git.md) | [via-wrangler.md](./via-wrangler.md)
6
+
7
+ ## Overview
8
+
9
+ Upload pre-built static assets directly to Cloudflare Pages through the web
10
+ dashboard using drag-and-drop. No CLI, Git, or build pipeline required.
11
+
12
+ **Best for**: Quick one-off deploys, non-developers, prototypes, or teams without CI/CD.
13
+
14
+ ## Prerequisites
15
+
16
+ - Cloudflare account
17
+ - Pre-built static site files (HTML, CSS, JS, images) ready on local disk
18
+
19
+ ## Setup
20
+
21
+ ### First Deployment
22
+
23
+ 1. Go to the Cloudflare dashboard → **Workers & Pages**
24
+ 2. Select **Create application** → **Pages** tab → **Upload assets**
25
+ 3. Enter a **Project name** (becomes `<name>.pages.dev`)
26
+ 4. Drag and drop your build output directory into the upload frame
27
+ 5. Select **Save and Deploy**
28
+
29
+ ### Subsequent Deployments
30
+
31
+ 1. Go to your Pages project in the dashboard
32
+ 2. Select **Create a new deployment**
33
+ 3. Choose **Production** or **Preview** environment
34
+ 4. If preview, specify a branch name (for the preview URL alias)
35
+ 5. Drag and drop the updated build directory
36
+ 6. Select **Save and Deploy**
37
+
38
+ ## Standards
39
+
40
+ ### Project Structure
41
+ - ! Include a top-level `index.html` in the uploaded directory
42
+ - ! Ensure all asset paths are relative (not absolute filesystem paths)
43
+ - ~ Include `_redirects` and/or `_headers` files for routing and header configuration
44
+ - ~ Verify the build output locally before uploading
45
+
46
+ ### Deployment
47
+ - ! Understand that each deployment replaces the entire site — there is no partial/incremental upload
48
+ - ! Verify the deployment at `<project>.pages.dev` after upload
49
+ - ~ Use preview deployments for testing before deploying to production
50
+ - ? Use the Wrangler CLI for repeated deployments (more efficient than dashboard)
51
+
52
+ ### Custom Domains
53
+ - ! Configure custom domains via project **Custom Domains** settings after the first deploy
54
+ - ~ Use Cloudflare DNS for automatic CNAME configuration
55
+
56
+ ### Limits
57
+ - ! Be aware that individual file upload size is limited (25 MB per file on free plan)
58
+ - ! Stay within the 500 deploys/month limit on the free plan
59
+ - ~ Check for red warning icons next to files that failed to upload due to size limits
60
+
61
+ ## 🔧 Patterns
62
+
63
+ **Simple static site**:
64
+ - Build locally → drag the `dist/` or `build/` folder → deploy
65
+
66
+ **Preview before production**:
67
+ - Create new deployment → select **Preview** → upload → verify at preview URL → redeploy to Production
68
+
69
+ ## Anti-Patterns
70
+
71
+ - ⊗ Upload source code (e.g. `node_modules/`, `.git/`) — upload only the build output directory
72
+ - ⊗ Expect to switch a Direct Upload project to Git integration later (not supported — must create a new project)
73
+ - ⊗ Use dashboard uploads as a primary production workflow for active projects
74
+ - ≉ Rely on drag-and-drop for team workflows — use Git integration or Wrangler for repeatability
75
+ - ≉ Upload without building first — the dashboard does not run build commands
76
+ - ≉ Re-upload individual files to "patch" a deployment — each deployment is a complete replacement
77
+
78
+ ## Compliance Checklist
79
+
80
+ - ! Build output verified locally before upload
81
+ - ! `index.html` present at top level
82
+ - ! No secrets, source code, or `node_modules` in the uploaded directory
83
+ - ~ Custom domain configured after first successful deploy
@@ -0,0 +1,90 @@
1
+ # Deploy to Cloudflare via Git Integration
2
+
3
+ Legend (from RFC2119): !=MUST, ~=SHOULD, ≉=SHOULD NOT, ⊗=MUST NOT, ?=MAY.
4
+
5
+ **⚠️ See also**: [README.md](./README.md) | [via-wrangler.md](./via-wrangler.md) | [via-github-actions.md](./via-github-actions.md)
6
+
7
+ ## Overview
8
+
9
+ Connect a GitHub or GitLab repository to Cloudflare Pages. Every push to the
10
+ configured branch triggers an automatic build and deploy on Cloudflare's edge
11
+ network. Preview deployments are created for pull requests.
12
+
13
+ **Best for**: Teams that want zero-config continuous deployment with preview URLs on every PR.
14
+
15
+ ## Prerequisites
16
+
17
+ - Cloudflare account
18
+ - GitHub or GitLab repository with your project
19
+ - Build command and output directory known (e.g. `npm run build` → `dist/`)
20
+
21
+ ## Setup
22
+
23
+ 1. In the Cloudflare dashboard, go to **Workers & Pages**
24
+ 2. Select **Create application** → **Pages** tab → **Import an existing Git repository**
25
+ 3. Authorize GitHub/GitLab and select the repository
26
+ 4. Configure the build settings:
27
+ - **Project name**: defaults to repo name (becomes `<name>.pages.dev`)
28
+ - **Production branch**: typically `main`
29
+ - **Build command**: e.g. `npm run build` (use `exit 0` for pre-built static HTML)
30
+ - **Build output directory**: e.g. `dist/`, `build/`, `public/`
31
+ 5. Select **Save and Deploy**
32
+
33
+ ## Standards
34
+
35
+ ### Configuration
36
+ - ! Set the production branch to match your team's trunk branch (`main`, `master`, etc.)
37
+ - ! Configure the correct build output directory for your framework
38
+ - ~ Use `exit 0` as the build command if deploying pre-built static assets
39
+ - ~ Pin the Node.js version via environment variable `NODE_VERSION` if builds require it
40
+
41
+ ### Preview Deployments
42
+ - ! Understand that preview URLs (`<hash>.<project>.pages.dev`) are public by default
43
+ - ~ Enable Cloudflare Access on preview deployments for private projects
44
+ - ~ Use branch deployment controls to exclude noisy branches (e.g. `dependabot/*`)
45
+ - ? Limit preview branches to specific patterns (e.g. `feature/*`, `staging`)
46
+
47
+ ### Custom Domains
48
+ - ! Add custom domains via the Pages project **Custom Domains** settings
49
+ - ! Use a CNAME record pointing to `<project>.pages.dev` for external DNS
50
+ - ~ Let Cloudflare auto-configure DNS if the domain is already on Cloudflare
51
+
52
+ ### Environment Variables & Secrets
53
+ - ! Set sensitive values (API keys, tokens) as encrypted environment variables in the dashboard
54
+ - ! Configure separate values for Production and Preview environments
55
+ - ⊗ Commit secrets to the repository
56
+
57
+ ### Build Settings
58
+ - ~ Use framework presets when available (React, Vue, Hugo, Next.js, etc.)
59
+ - ~ Set `NODE_VERSION` and `NPM_VERSION` environment variables for reproducible builds
60
+ - ? Add a `_redirects` or `_headers` file in the output directory for routing/header rules
61
+
62
+ ## 🔧 Patterns
63
+
64
+ **Static HTML (no build)**:
65
+ - Build command: `exit 0`
66
+ - Output directory: `/` (or whichever folder contains `index.html`)
67
+
68
+ **Monorepo with subdirectory**:
69
+ - Set **Root directory** in build settings to the subdirectory path
70
+ - Build command and output are relative to that root
71
+
72
+ **Branch-based environments**:
73
+ - Production branch → `<project>.pages.dev` + custom domains
74
+ - All other branches → `<branch>.<project>.pages.dev` preview URLs
75
+
76
+ ## Anti-Patterns
77
+
78
+ - ⊗ Switch a Direct Upload project to Git integration (not supported — must create a new project)
79
+ - ⊗ Leave preview deployments public for projects containing sensitive content
80
+ - ⊗ Use different build tooling locally vs. in Cloudflare's build environment without pinning versions
81
+ - ≉ Store environment-specific config in the repo — use Cloudflare's environment variable settings
82
+ - ≉ Rely on Cloudflare's build cache for reproducibility — pin all dependency versions explicitly
83
+
84
+ ## Compliance Checklist
85
+
86
+ - ! Build output directory correctly configured
87
+ - ! Production branch matches team convention
88
+ - ! Secrets stored as encrypted environment variables (not in repo)
89
+ - ! Preview access controls reviewed
90
+ - ~ `_redirects` / `_headers` files present for SPA routing
@@ -0,0 +1,185 @@
1
+ # Deploy to Cloudflare via GitHub Actions
2
+
3
+ Legend (from RFC2119): !=MUST, ~=SHOULD, ≉=SHOULD NOT, ⊗=MUST NOT, ?=MAY.
4
+
5
+ **⚠️ See also**: [README.md](./README.md) | [via-wrangler.md](./via-wrangler.md) | [via-git.md](./via-git.md)
6
+
7
+ ## Overview
8
+
9
+ Use the official `cloudflare/wrangler-action` GitHub Action to deploy Workers
10
+ and Pages projects as part of a GitHub Actions CI/CD pipeline. This gives you
11
+ full control over the build process while automating deployments on push/merge.
12
+
13
+ **Best for**: Teams that need custom build steps, test gates, or multi-step pipelines before deploying.
14
+
15
+ ## Prerequisites
16
+
17
+ - Cloudflare account with API token
18
+ - GitHub repository
19
+ - `wrangler.toml` or `wrangler.jsonc` in the project (for Workers)
20
+
21
+ ## Secrets Setup
22
+
23
+ In GitHub: **Settings → Secrets and variables → Actions**, add:
24
+
25
+ - `CLOUDFLARE_API_TOKEN` — API token with Workers/Pages edit permissions
26
+ - `CLOUDFLARE_ACCOUNT_ID` — your Cloudflare account ID
27
+
28
+ ## Workflow Examples
29
+
30
+ ### Workers Deploy on Push to Main
31
+
32
+ ```yaml
33
+ name: Deploy Worker
34
+ on:
35
+ push:
36
+ branches: [main]
37
+
38
+ jobs:
39
+ deploy:
40
+ runs-on: ubuntu-latest
41
+ steps:
42
+ - uses: actions/checkout@v4
43
+ - name: Deploy
44
+ uses: cloudflare/wrangler-action@v3
45
+ with:
46
+ apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
47
+ accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
48
+ ```
49
+
50
+ ### Pages Deploy with Build Step
51
+
52
+ ```yaml
53
+ name: Deploy Pages
54
+ on:
55
+ push:
56
+ branches: [main]
57
+
58
+ jobs:
59
+ deploy:
60
+ runs-on: ubuntu-latest
61
+ steps:
62
+ - uses: actions/checkout@v4
63
+ - uses: actions/setup-node@v4
64
+ with:
65
+ node-version: '20'
66
+ - run: npm ci
67
+ - run: npm run build
68
+ - name: Deploy to Pages
69
+ id: deploy
70
+ uses: cloudflare/wrangler-action@v3
71
+ with:
72
+ apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
73
+ accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
74
+ command: pages deploy dist --project-name=my-site
75
+ - name: Print URL
76
+ run: echo "${{ steps.deploy.outputs.deployment-url }}"
77
+ ```
78
+
79
+ ### Preview Deploy on PR
80
+
81
+ ```yaml
82
+ name: Preview Deploy
83
+ on: pull_request
84
+
85
+ jobs:
86
+ preview:
87
+ runs-on: ubuntu-latest
88
+ steps:
89
+ - uses: actions/checkout@v4
90
+ - uses: actions/setup-node@v4
91
+ with:
92
+ node-version: '20'
93
+ - run: npm ci
94
+ - run: npm run build
95
+ - name: Deploy Preview
96
+ uses: cloudflare/wrangler-action@v3
97
+ with:
98
+ apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
99
+ accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
100
+ command: pages deploy dist --project-name=my-site --branch=${{ github.head_ref }}
101
+ ```
102
+
103
+ ## Standards
104
+
105
+ ### Action Configuration
106
+ - ! Use `cloudflare/wrangler-action@v3` (v3 or later with the `v` prefix)
107
+ - ! Pass `apiToken` and `accountId` via GitHub Secrets — never hardcode
108
+ - ~ Pin the action to a specific version tag (e.g. `@v3.14.0`) for reproducibility
109
+ - ~ Specify `packageManager` if not using npm (e.g. `packageManager: pnpm`)
110
+
111
+ ### Secrets Management
112
+ - ! Store `CLOUDFLARE_API_TOKEN` in GitHub Secrets (encrypted, not printed in logs)
113
+ - ! Store `CLOUDFLARE_ACCOUNT_ID` in GitHub Secrets (or as a repository variable)
114
+ - ! Scope the API token to the minimum required permissions
115
+ - ⊗ Use legacy API keys — use API tokens
116
+ - ⊗ Echo or log the API token value in workflow steps
117
+
118
+ ### Workflow Design
119
+ - ! Run build and test steps before the deploy step
120
+ - ! Use `actions/checkout@v4` to check out the repository
121
+ - ~ Use `actions/setup-node@v4` with a pinned Node.js version
122
+ - ~ Use `npm ci` (not `npm install`) for deterministic dependency installation
123
+ - ~ Output the deployment URL for PR comments or downstream steps
124
+ - ? Add a test/lint gate job that must pass before the deploy job runs
125
+
126
+ ### Workers-Specific
127
+ - ! Ensure `wrangler.toml` includes `account_id` or pass `accountId` in the action
128
+ - ~ Use `--strict` flag in CI to prevent accidental overrides of remote settings
129
+ - ~ Use Wrangler environments for staging vs. production deploys
130
+
131
+ ### Pages-Specific
132
+ - ! Use the `command:` input with `pages deploy <dir> --project-name=<name>`
133
+ - ~ Use `--branch=${{ github.head_ref }}` for PR preview deployments
134
+ - ~ Access `deployment-url` and `pages-deployment-alias-url` outputs for downstream use
135
+
136
+ ## 🔧 Patterns
137
+
138
+ **Deploy only when tests pass**:
139
+ ```yaml
140
+ jobs:
141
+ test:
142
+ runs-on: ubuntu-latest
143
+ steps:
144
+ - uses: actions/checkout@v4
145
+ - run: npm ci
146
+ - run: npm test
147
+
148
+ deploy:
149
+ needs: test
150
+ runs-on: ubuntu-latest
151
+ steps:
152
+ - uses: actions/checkout@v4
153
+ - uses: cloudflare/wrangler-action@v3
154
+ with:
155
+ apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
156
+ ```
157
+
158
+ **Comment preview URL on PR**:
159
+ - Use the `deployment-url` output from the action with a PR comment action
160
+
161
+ **Multi-environment deploy**:
162
+ ```yaml
163
+ - uses: cloudflare/wrangler-action@v3
164
+ with:
165
+ apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
166
+ environment: staging
167
+ ```
168
+
169
+ ## Anti-Patterns
170
+
171
+ - ⊗ Hardcode API tokens or account IDs in workflow files
172
+ - ⊗ Use `wrangler-action@1` or `wrangler-action@2` (Wrangler v1/v2 are EOL)
173
+ - ⊗ Deploy without running tests first in production pipelines
174
+ - ≉ Use `npm install` in CI — use `npm ci` for deterministic installs
175
+ - ≉ Skip the `accountId` input — Wrangler may prompt interactively and hang in CI
176
+ - ≉ Use `uses: cloudflare/wrangler-action@3.x.x` (must use `@v3.x.x` with the `v` prefix)
177
+
178
+ ## Compliance Checklist
179
+
180
+ - ! `CLOUDFLARE_API_TOKEN` stored in GitHub Secrets
181
+ - ! `CLOUDFLARE_ACCOUNT_ID` stored in GitHub Secrets or Variables
182
+ - ! `cloudflare/wrangler-action@v3` used with `v` prefix
183
+ - ! Build/test steps precede deploy step
184
+ - ! Node.js version pinned in workflow
185
+ - ~ Deployment URL captured in outputs
@@ -0,0 +1,157 @@
1
+ # Deploy to Cloudflare via Terraform
2
+
3
+ Legend (from RFC2119): !=MUST, ~=SHOULD, ≉=SHOULD NOT, ⊗=MUST NOT, ?=MAY.
4
+
5
+ **⚠️ See also**: [README.md](./README.md) | [via-wrangler.md](./via-wrangler.md) | [via-github-actions.md](./via-github-actions.md)
6
+
7
+ ## Overview
8
+
9
+ Use HashiCorp Terraform with the [Cloudflare provider](https://registry.terraform.io/providers/cloudflare/cloudflare/latest)
10
+ to manage Pages projects, Workers, DNS records, and other Cloudflare resources as
11
+ infrastructure-as-code. Terraform handles project creation and configuration but
12
+ actual content deployments still require Wrangler or Git integration.
13
+
14
+ **Best for**: Teams managing Cloudflare alongside other infrastructure (DNS, tunnels, WAF rules),
15
+ or organizations requiring versioned, reviewable infrastructure changes.
16
+
17
+ ## Prerequisites
18
+
19
+ - Cloudflare account with API token
20
+ - Terraform CLI installed
21
+ - Cloudflare provider `~> 5`
22
+
23
+ ## Authentication
24
+
25
+ ```bash
26
+ # Set via environment variable (recommended)
27
+ export CLOUDFLARE_API_TOKEN=<token>
28
+
29
+ # Or in provider block (less secure)
30
+ provider "cloudflare" {
31
+ api_token = var.cloudflare_api_token
32
+ }
33
+ ```
34
+
35
+ ## Example: Pages Project with Git Integration
36
+
37
+ ```hcl
38
+ terraform {
39
+ required_providers {
40
+ cloudflare = {
41
+ source = "cloudflare/cloudflare"
42
+ version = "~> 5"
43
+ }
44
+ }
45
+ }
46
+
47
+ variable "cloudflare_account_id" {}
48
+ variable "cloudflare_api_token" {}
49
+
50
+ provider "cloudflare" {
51
+ api_token = var.cloudflare_api_token
52
+ }
53
+
54
+ resource "cloudflare_pages_project" "my_site" {
55
+ account_id = var.cloudflare_account_id
56
+ name = "my-site"
57
+ production_branch = "main"
58
+
59
+ source {
60
+ type = "github"
61
+ config {
62
+ owner = "my-org"
63
+ repo_name = "my-repo"
64
+ production_branch = "main"
65
+ }
66
+ }
67
+
68
+ build_config {
69
+ build_command = "npm run build"
70
+ destination_dir = "dist"
71
+ }
72
+ }
73
+
74
+ resource "cloudflare_pages_domain" "custom_domain" {
75
+ account_id = var.cloudflare_account_id
76
+ project_name = cloudflare_pages_project.my_site.name
77
+ domain = "www.example.com"
78
+ }
79
+ ```
80
+
81
+ ## Standards
82
+
83
+ ### Provider Configuration
84
+ - ! Use the Cloudflare provider version `~> 5` (latest major)
85
+ - ! Authenticate via `CLOUDFLARE_API_TOKEN` environment variable
86
+ - ! Use API tokens (not legacy API keys)
87
+ - ⊗ Hardcode API tokens in `.tf` files
88
+
89
+ ### State Management
90
+ - ! Store Terraform state remotely (Terraform Cloud, S3, GCS, etc.)
91
+ - ! Never commit `terraform.tfstate` to version control
92
+ - ! Add `terraform.tfvars`, `.terraform/`, and `*.tfstate*` to `.gitignore`
93
+ - ~ Use state locking to prevent concurrent modifications
94
+
95
+ ### Variables & Secrets
96
+ - ! Define `cloudflare_account_id` and `cloudflare_api_token` as variables
97
+ - ! Pass sensitive values via environment variables or a secrets manager
98
+ - ⊗ Commit `terraform.tfvars` containing secrets to version control
99
+ - ~ Mark sensitive variables with `sensitive = true`
100
+
101
+ ### Resource Management
102
+ - ! Use `cloudflare_pages_project` to create and configure Pages projects
103
+ - ! Use `cloudflare_pages_domain` to attach custom domains
104
+ - ~ Use `cloudflare_dns_record` to manage DNS records alongside the Pages project
105
+ - ~ Use `terraform plan` before every `terraform apply`
106
+ - ? Use `cloudflare_worker_script` for Workers deployments (content must be provided inline or from file)
107
+
108
+ ### Limitations
109
+ - ! Understand that Terraform creates the Pages project but does **not trigger the first deployment**
110
+ - After `terraform apply`, you must push to the Git repo or manually trigger a deploy
111
+ - ~ Use Wrangler or GitHub Actions for the actual content deployment
112
+ - ~ Use Terraform for the infrastructure layer (project, DNS, domains, WAF rules)
113
+
114
+ ## 🔧 Patterns
115
+
116
+ **Pages project + DNS in one config**:
117
+ ```hcl
118
+ resource "cloudflare_pages_project" "site" {
119
+ account_id = var.cloudflare_account_id
120
+ name = "my-site"
121
+ production_branch = "main"
122
+ # ... source and build_config
123
+ }
124
+
125
+ resource "cloudflare_dns_record" "site_cname" {
126
+ zone_id = var.cloudflare_zone_id
127
+ name = "www"
128
+ content = "my-site.pages.dev"
129
+ type = "CNAME"
130
+ proxied = true
131
+ }
132
+ ```
133
+
134
+ **Separate environments with workspaces**:
135
+ ```bash
136
+ terraform workspace new staging
137
+ terraform workspace new production
138
+ terraform apply -var-file=staging.tfvars
139
+ ```
140
+
141
+ ## Anti-Patterns
142
+
143
+ - ⊗ Store API tokens in `.tf` files or commit `terraform.tfvars` with secrets
144
+ - ⊗ Expect Terraform to deploy site content — it manages infrastructure only
145
+ - ⊗ Run `terraform apply` without `terraform plan` first
146
+ - ⊗ Manage Terraform state locally for team projects
147
+ - ≉ Mix Terraform-managed and dashboard-managed settings for the same resource — pick one source of truth
148
+ - ≉ Use the Terraform provider alone for the full deployment lifecycle — pair with Wrangler or Git for content
149
+
150
+ ## Compliance Checklist
151
+
152
+ - ! Cloudflare provider `~> 5` specified in `required_providers`
153
+ - ! API token passed via environment variable, not hardcoded
154
+ - ! State stored remotely with locking
155
+ - ! `terraform plan` reviewed before every `terraform apply`
156
+ - ! `terraform.tfvars` and `*.tfstate*` in `.gitignore`
157
+ - ~ DNS records managed alongside Pages project in the same config