菜单
Deploy static HTML files to Cloudflare Workers with 1Password credential management.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
user wants to send a WhatsApp message, share a link or document via WhatsApp, generate a wa.me click-to-chat link, or message a contact on WhatsApp by phone number.
Claude Code hooks development guide. TRIGGERS - create hook, PostToolUse, PreToolUse, Stop hook, hook lifecycle, decision block.
Dual-channel notifications on watchexec events. TRIGGERS - watchexec alerts, Telegram+Pushover, file change notifications.
Session log provenance tracking. TRIGGERS - who created, trace origin, session archaeology, ADR reference.
Generate custom Claude Code slash commands via guided question flow. TRIGGERS - create slash command, generate command, custom command.
Send Pushover notifications with UUID-linked verbatim JSONL audit trail. TRIGGERS - pushover notify, send pushover, observability alert, verbatim notification, fleet alert, pushover-lookup, audit log notification, push notification with UUID
| name | cloudflare-workers-publish |
| description | Deploy static HTML files to Cloudflare Workers with 1Password credential management. |
| disable-model-invocation | false |
| allowed-tools | Read, Bash, Grep, Write, Edit, Glob, AskUserQuestion |
Deploy static HTML files (Bokeh charts, dashboards, reports) to Cloudflare Workers with Static Assets, using 1Password for credential management.
Scope: Static-only deployments on workers.dev. No dynamic Workers, no R2 object storage.
Prerequisite: 1Password CLI (brew install 1password-cli) + Node.js (npx wrangler)
Self-Evolving Skill: This skill improves through use. If instructions are wrong, parameters drifted, or a workaround was needed — fix this file immediately, don't defer. Only update for real, reproducible issues.
Do NOT use for: Dynamic Workers (JavaScript/TypeScript logic), Cloudflare Pages (deprecated April 2025 - CFW-01), R2 object storage, or custom domains (advanced setup not covered).
Local project/
├── results/published/ # Deploy root (contains wrangler.toml)
│ ├── wrangler.toml # Workers config (name + assets)
│ ├── index.html # Auto-generated directory listing
│ └── gen800/ # Subdirectories with HTML files
│ └── XRPUSDT_750/
│ └── equity_plot.html # 13MB Bokeh chart
└── scripts/
└── publish_findings.sh # Deploy script (3 phases)
Credential flow:
1Password (Claude Automation vault)
├── account_id (TEXT) → CLOUDFLARE_ACCOUNT_ID env var
└── credential (CONCEALED) → CLOUDFLARE_API_TOKEN env var
↓
npx wrangler deploy
↓
https://{name}.{slug}.workers.dev/
1. [Preflight] Verify Node.js and 1Password CLI installed
2. [Preflight] Create Cloudflare API token (Workers Scripts Edit permission)
3. [Execute] Pre-provision 1Password item in Claude Automation vault (biometric)
4. [Execute] Store token + account ID in 1Password item fields
5. [Execute] Create publish directory with wrangler.toml (3 fields only)
6. [Execute] Create deploy script from skill template (parameterize 4 vars)
7. [Execute] Create mise task wrapper in .mise/tasks/publish.toml
8. [Execute] Add .wrangler/ to .gitignore
9. [Execute] Add LFS tracking for large HTML files in .gitattributes
10. [Verify] Enable workers.dev subdomain in Cloudflare dashboard
11. [Verify] Run first deploy and verify URL in browser (NOT curl)
12. [Verify] Document the workers.dev URL in project docs
1. [Preflight] Verify files are real content, not LFS pointers (head -1)
2. [Execute] Copy HTML files to published/{generation}/{symbol_threshold}/
3. [Execute] Run deploy script (index.html auto-regenerates)
4. [Verify] Verify new files appear at workers.dev URL in browser
1. [Preflight] Choose worker name ({name}.{slug}.workers.dev)
2. [Execute] Create 1Password item OR reuse existing Cloudflare credentials
3. [Execute] Create wrangler.toml with chosen name and today's date
4. [Execute] Create parameterized deploy script from skill template
5. [Execute] Create mise task wrapper
6. [Verify] Deploy and discover actual workers.dev URL via wrangler output
1. [Execute] Create new API token in Cloudflare dashboard (Workers Scripts Edit)
2. [Execute] Update 1Password item credential field (biometric required)
3. [Verify] Run deploy script to verify new token works
4. [Execute] Revoke old token in Cloudflare dashboard
1. Is wrangler.toml in current directory? (CFW-10)
2. Are credentials populated? Print first 8 chars of account ID
3. Is --reveal present for CONCEALED fields? (CFW-03)
4. Is workers.dev subdomain registered in CF dashboard? (CFW-07)
5. Does token have Workers Scripts Edit permission? (CFW-11)
6. Are HTML files real content or LFS pointers? head -1 file (CFW-12)
7. SSL handshake error? Verify in browser, not curl (CFW-08)
8. Is npx wrangler installed? npx wrangler --version
CRITICAL (CFW-02): 1Password service accounts can only READ items. They CANNOT CREATE new items. Create the item manually first.
See 1Password setup guide for step-by-step instructions.
After provisioning, the item should have:
| Field | Type | --reveal | Content |
|---|---|---|---|
account_id | TEXT | No | Cloudflare acct ID |
credential | CONCEALED | YES | API token |
See wrangler setup guide.
# Minimal Workers Static Assets config (CFW-09)
name = "my-project-name"
compatibility_date = "2026-02-18"
[assets]
directory = "."
Copy the bundled template and edit the 4 config variables:
cp "$(skill-path)/scripts/publish_static.sh" scripts/publish_myproject.sh
# Edit: PUBLISH_DIR, OP_ITEM_ID, SITE_TITLE, PROJECT_URL
Or reference the working implementation: rangebar-patterns/scripts/publish_findings.sh
# .mise/tasks/publish.toml (CFW-13: bash in .sh file, not inline TOML)
["publish:site"]
description = "Deploy published files to Cloudflare Workers (static)"
run = "bash scripts/publish_myproject.sh"
Add to .mise.toml [task_config] includes:
[task_config]
includes = [
".mise/tasks/publish.toml",
]
.gitignore:
# Wrangler temp files (Cloudflare Workers deploy)
.wrangler/
results/published/.wrangler/
.gitattributes (for large HTML files):
results/published/**/*.html filter=lfs diff=lfs merge=lfs -text
First-time Cloudflare accounts must enable the workers.dev route:
The subdomain is NOT predictable (CFW-06). Discover yours after deploy:
npx wrangler whoami
mise run publish:site
Verify in BROWSER, not curl (CFW-08). macOS LibreSSL can fail TLS handshake with Cloudflare but browsers handle it fine.
Full details with code examples: references/anti-patterns.md
| ID | Severity | Gotcha | Fix |
|---|---|---|---|
| CFW-01 | HIGH | Cloudflare Pages deprecated (April 2025) | Use Workers with Static Assets |
| CFW-02 | HIGH | 1P service account creating items | Pre-provision via biometric/web UI |
| CFW-03 | HIGH | Missing --reveal for CONCEALED fields | Always pass --reveal for API tokens |
| CFW-04 | MEDIUM | SC2155 export VAR=$(cmd) | Split: VAR=$(cmd) then export VAR |
| CFW-05 | LOW | Bash 4+ ${var^^} on macOS | Use tr '[:lower:]' '[:upper:]' |
| CFW-06 | MEDIUM | Assuming workers.dev URL format | Run npx wrangler whoami to discover slug |
| CFW-07 | HIGH | workers.dev subdomain not registered | Enable in Cloudflare dashboard first |
| CFW-08 | LOW | curl SSL/TLS handshake failure on macOS | Verify in browser instead |
| CFW-09 | MEDIUM | Overcomplicating wrangler.toml | Only name, compatibility_date, [assets] |
| CFW-10 | HIGH | Running wrangler from wrong directory | Always cd to directory with wrangler.toml |
| CFW-11 | MEDIUM | Excessive token permissions | Workers Scripts Edit (Account) only |
| CFW-12 | HIGH | Deploying LFS pointers instead of files | Run git lfs pull before deploy |
| CFW-13 | MEDIUM | Tera template conflict in mise TOML | Complex bash in standalone .sh files |
| CFW-14 | MEDIUM | Pipe subshell data loss in while-read | Use < <(find ...) process substitution |
| CFW-15 | LOW | No directory listing page | Auto-generate index.html before each deploy |
The working production deployment lives in rangebar-patterns:
| File | Purpose |
|---|---|
results/published/wrangler.toml | Minimal Workers config |
scripts/publish_findings.sh | 3-phase deploy script |
.mise/tasks/publish.toml | mise task wrapper |
.gitignore (.wrangler/) | Ignore wrangler temp files |
.gitattributes | LFS tracking for HTML |
Live URL: https://rangebar-findings.terry-301.workers.dev/
After modifying this skill:
set -euo pipefailbash -n syntax check./references/...)| Issue | Cause | Solution |
|---|---|---|
op item get returns masked | Missing --reveal flag (CFW-03) | Add --reveal for CONCEALED fields |
op item create fails | Service account can't create (CFW-02) | Use biometric op or web UI to create item first |
| wrangler: config not found | Not in correct directory (CFW-10) | cd to directory containing wrangler.toml before deploy |
| SSL handshake failure | macOS LibreSSL (CFW-08) | Verify in browser; ignore curl errors |
| 403 on workers.dev URL | Subdomain not enabled (CFW-07) | Enable in Cloudflare dashboard > Workers & Pages |
| Deploy succeeds, files missing | LFS pointers deployed (CFW-12) | Run git lfs pull before deploy |
${var^^} syntax error | Bash 3 on macOS (CFW-05) | Use tr '[:lower:]' '[:upper:]' |
| mise TOML parse error | Tera template conflict (CFW-13) | Move complex bash to standalone .sh file |
| Empty index.html | No gen*/*.html files found | Check file paths match find . -path './gen*/*.html' pattern |
| Token permission denied | Wrong token scope (CFW-11) | Recreate with Account > Workers Scripts > Edit permission |
After this skill completes, reflect before closing the task: