monkilabs/cloudflare-platform
src/orchestrator/plugins/cloudflare/SKILL.md
Creates and deploys Cloudflare Workers, configures wrangler.toml bindings, sets up KV/D1/R2 storage and Durable Objects, manages Pages deployments, and implements edge function patterns. Use when building or deploying Cloudflare Workers, setting up Pages, working with KV/D1/R2 storage, configuring wrangler.toml, or deploying edge applications.
$ install --global
skillsauthnpx skillsauth add monkilabs/opencastle cloudflare-platformInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 17, 2026, 9:16 AM220.7s5 files scanned
SKILL.md
- name:
- cloudflare-platform
- description:
- Creates and deploys Cloudflare Workers, configures wrangler.toml bindings, sets up KV/D1/R2 storage and Durable Objects, manages Pages deployments, and implements edge function patterns. Use when building or deploying Cloudflare Workers, setting up Pages, working with KV/D1/R2 storage, configuring wrangler.toml, or deploying edge applications.
Cloudflare Platform
Topic Routing
Read the matching reference before writing code for any of these topics:
| Topic | Reference |
|-------|-----------|
| Workers & edge functions | references/workers.md |
| Storage (KV, D1, R2) | references/storage.md |
| Pages & deployment | references/deployment.md |
Critical Rules
Workers
- Use Web standard Fetch API, not Node.js globals (
process,Buffer,fs) — Workers run in V8 isolates - Define all bindings (KV, D1, R2, secrets) in
wrangler.tomland access them via theenvparameter - Workers have 0ms cold starts — keep dependencies minimal; free tier has a 1MB bundle limit
- Use
ctx.waitUntil(promise)for non-blocking side effects (logging, analytics) that outlast the response
Storage Selection
- KV — key-value store for config, sessions, cache (eventually consistent reads)
- D1 — SQLite at the edge for relational SQL; strongly consistent
- R2 — object/file storage (S3-compatible); no egress costs
- Durable Objects — stateful coordination; use for real-time collaboration, rate limiters, and counters
- Queues — async message processing; use for background tasks
D1
- Use
env.DB.prepare(sql).bind(...params).run()for all DML; always use parameterized queries - Use
env.DB.batch([...stmts])for multiple queries in a single round trip - D1 is SQLite — avoid MySQL/Postgres-only SQL syntax
MCP Code Mode
- The Cloudflare MCP uses Code Mode: only 2 tools are available —
searchandexecute searchsearches the Cloudflare API spec;executeruns JavaScript against the Cloudflare API- This approach uses ~1k tokens per operation vs ~244k for native tool exposure
Wrangler
- Use
wrangler.toml(orwrangler.jsonc) for all config —npx wrangler devfor local dev npx wrangler deployfor production;wrangler tailfor live log streaming- Store secrets with
wrangler secret put VAR_NAME— never hardcode inwrangler.toml
Security
- Access secrets via
env.VAR_NAME— never hardcode credentials in Worker code - Use Cloudflare Turnstile for CAPTCHA; configure WAF rules for API protection
- Validate all inputs at the Worker boundary — Workers are publicly accessible
Basic Worker with KV
// src/index.ts
export interface Env {
SESSIONS: KVNamespace; // bound in wrangler.toml
API_SECRET: string; // secret bound in wrangler.toml
}
export default {
async fetch(request: Request, env: Env, ctx: ExecutionContext): Promise<Response> {
const url = new URL(request.url);
if (url.pathname === '/session') {
const sessionId = request.headers.get('x-session-id');
if (!sessionId) return new Response('Missing session', { status: 400 });
const data = await env.SESSIONS.get(sessionId, { type: 'json' });
if (!data) return new Response('Not found', { status: 404 });
// Non-blocking analytics — does not delay the response
ctx.waitUntil(logAnalytics(sessionId));
return Response.json(data);
}
return new Response('Not found', { status: 404 });
},
} satisfies ExportedHandler<Env>;
Storage Decision Guide
I need to store data → What type?
├── Key-value pairs (cache, sessions, feature flags) → KV
├── Relational/SQL data → D1
├── Files, images, blobs → R2
├── Stateful coordination (counters, locks, chat) → Durable Objects
└── Async job queue → Queues
Reference Files
references/workers.md— Worker structure, bindings, env, waitUntil, Durable Objects, Cron Triggers, Wrangler commandsreferences/storage.md— KV, D1, R2 APIs; decision guide for choosing between storage typesreferences/deployment.md— Pages setup, wrangler.toml, secrets, custom domains, CI/CD integration
Quick Workflow: Deploy a Cloudflare Worker
- Create project:
npm create cloudflare@latestand select "Hello World" Worker template - Define bindings (KV, D1, secrets) in
wrangler.tomlunder[[kv_namespaces]]/[[d1_databases]] - Verify resources exist:
npx wrangler kv:namespace list/npx wrangler d1 list— create any missing resources before continuing- If resource missing:
npx wrangler kv:namespace create <NAME>ornpx wrangler d1 create <DB>→ copy the ID intowrangler.toml
- If resource missing:
- Implement the
fetchhandler insrc/index.ts— type theEnvinterface to match your bindings - Test locally:
npx wrangler dev— verify the worker responds correctly athttp://localhost:8787- If dev fails: check
wrangler.tomlsyntax → verify binding IDs match → runnpx wrangler whoamito confirm account auth
- If dev fails: check
- Deploy:
npx wrangler deploy— confirm the deployment URL is returned- If deploy fails: check
wrangler.tomlbindings match created resources → verifycompatibility_dateis set → check account permissions
- If deploy fails: check
- Monitor with
wrangler tailfor live logs from production
Related Skills
monkilabs/validation-gates
development
VerifiedTrustedCommunity
Defines 10 sequential validation gates: secret scanning, lint/test/build checks, blast radius analysis, dependency auditing, browser testing, cache management, regression checks, smoke tests. Use when running pre-deploy validation or CI checks, CI/CD pipelines, deployment pipeline validation, pre-merge checks, continuous integration, or pull request validation.
44SKILL.mdUpdated Apr 21, 2026
monkilabs/testing-workflow
development
VerifiedTrustedCommunity
Generates test plans, writes unit/integration/E2E test files, identifies coverage gaps, flags common testing anti-patterns. Use when writing tests, creating test suites, planning test strategies, mocking dependencies, measuring code coverage, or test planning.
44SKILL.mdUpdated Apr 21, 2026
monkilabs/team-lead-reference
development
VerifiedTrustedCommunity
Provides model routing rules, validates delegation prerequisites, supplies cost tracking templates, defines dead-letter queue formats for Team Lead orchestration. Load when assigning tasks to agents, choosing model tiers, starting delegation session, running multi-agent workflow, delegating work, choosing which model to use, or assigning tasks.
44SKILL.mdUpdated Apr 21, 2026
monkilabs/session-checkpoints
testing
VerifiedTrustedCommunity
Saves, restores session state including task progress, file changes, delegation history. Use when saving progress, resuming interrupted work, picking up where you left off, or checkpointing current work.
44SKILL.mdUpdated Apr 21, 2026