CLI workflow

Deploy a Cloudflare Worker with Wrangler

Validate configuration and build output, run a local or preview check, then deploy only to the named environment and verify it.

Deployment and cloudRemote write

Prepare tools, authentication, and evidence first

Install the recommended tools, confirm minimum permissions, and keep compatibility separate from real execution records.

wranglerverified
Develop, deploy, and inspect Cloudflare Workers and related resources.

Recommended install

$ shell
npm install --save-dev wrangler
Authentication
OAuth, API token
Tested agents
No agent-specific execution record
Evidence status
verified · Documentation checked 2026-07-10
Independent CLI execution
4.87.0 · 2 checks
curlverified
Call HTTP APIs with explicit methods, headers, authentication, retries, and failure handling.

Recommended install

$ shell
brew install curl
Authentication
none, basic, bearer token, client certificate, netrc
Tested agents
No agent-specific execution record
Evidence status
verified · Documentation checked 2026-07-10
Independent CLI execution
8.7.1 · 4 checks
jqverified
Parse, filter, validate, and transform JSON locally with deterministic output.

Recommended install

$ shell
brew install jq
Authentication
No authentication for the base operation
Tested agents
No agent-specific execution record
Evidence status
verified · Documentation checked 2026-07-10
Independent CLI execution
jq-1.7.1-apple · 4 checks

Copy or download this workflow Skill

The Skill includes input and output contracts, recommended tools, approval points, rollback, and evidence boundaries. Review it against the active environment before saving.

deploy-cloudflare-worker-SKILL.md
---
name: deploy-cloudflare-worker-workflow
description: "Validate configuration and build output, run a local or preview check, then deploy only to the named environment and verify it."
---

# Deploy a Cloudflare Worker

## Intended outcome

Publish a Worker to the intended account and environment with a known rollback target.

## Evidence boundary

- Tool status distinguishes `docs-verified` material from independent execution; the two are not interchangeable.
- The current registry does not attribute a tool execution to a particular agent, so compatible agents cannot be called tested agents.
- Reconfirm the target account, environment, version, and official documentation before execution.
- Never auto-execute an R2, R3, or confirmation-marked step; obtain explicit approval immediately before it runs.

## Recommended tools, installation, and authentication

- **Cloudflare Wrangler** (evidence: `verified`, docs checked: `2026-07-10`, independently tested version 4.87.0 recorded)
  - Install: `npm install --save-dev wrangler`
  - Authentication: OAuth, API token
  - Minimum permissions: Use an API token limited to the required account, zone, and Worker resources.
- **curl** (evidence: `verified`, docs checked: `2026-07-10`, independently tested version 8.7.1 recorded)
  - Install: `brew install curl`
  - Authentication: none, basic, bearer token, client certificate, netrc
  - Minimum permissions: Pass scoped tokens through environment-backed headers and never print request secrets.
- **jq** (evidence: `verified`, docs checked: `2026-07-10`, independently tested version jq-1.7.1-apple recorded)
  - Install: `brew install jq`
  - Authentication: not required for the base operation
  - Minimum permissions: No service credential is required; restrict filesystem and network access to the task.

## Input contract

- Worker repository
- wrangler configuration
- explicit account and environment
- scoped API token

## Output contract

- Build result
- preview or local check
- deployment ID and URL
- live verification report

## Safe workflow

1. **Inspect configuration** — Read scripts, Worker name, compatibility settings, bindings, and target environment without printing secrets.
   - Input: Repository and Wrangler configuration
   - Output: Deployment target and required bindings
   - Risk: `local-write`
   - Command: `wrangler deploy --dry-run --outdir /tmp/worker-build`
2. **Run a preview check** — Exercise the Worker locally or through a preview path and record expected responses.
   - Input: Built Worker and test requests
   - Output: Preview evidence and outstanding warnings
   - Risk: `read-only`
3. **Deploy and verify** — After approval, deploy to the named environment, save the deployment identifier, and test the live URL.
   - Input: Approved target and scoped token
   - Output: Deployment result and live checks
   - Risk: `remote-write`
   - Command: `wrangler deploy --env production`

## Ask before proceeding

- Deploying to any shared or production environment
- Creating or changing secrets, routes, domains, D1, KV, R2, or other bindings
- Running database migrations

## Rollback

- Record the previous deployment before release
- Use Wrangler’s documented deployment rollback path for the account
- Revert code or configuration and redeploy only after identifying the cause

## Official sources

- [Cloudflare Wrangler documentation](https://developers.cloudflare.com/workers/wrangler/) — Official Wrangler command and configuration documentation for Workers.
- [curl manual](https://curl.se/docs/manpage.html) — Official HTTP options, output handling, retries, and failure semantics.

Outcome, inputs, and outputs

Define the result and evidence before the agent selects a command.

Goal

Publish a Worker to the intended account and environment with a known rollback target.

Required inputs

  • Worker repository
  • wrangler configuration
  • explicit account and environment
  • scoped API token

Expected outputs

  • Build result
  • preview or local check
  • deployment ID and URL
  • live verification report

Deploy a Cloudflare Worker with Wrangler: safe workflow

Run each step inside its stated boundary and verify the output before continuing.

Step 1Local write

Inspect configuration

Read scripts, Worker name, compatibility settings, bindings, and target environment without printing secrets.
Input
Repository and Wrangler configuration
Output
Deployment target and required bindings
$ Inspect configuration
wrangler deploy --dry-run --outdir /tmp/worker-build
Step 2Read only

Run a preview check

Exercise the Worker locally or through a preview path and record expected responses.
Input
Built Worker and test requests
Output
Preview evidence and outstanding warnings
Step 3Remote write

Deploy and verify

After approval, deploy to the named environment, save the deployment identifier, and test the live URL.
Input
Approved target and scoped token
Output
Deployment result and live checks
$ Deploy and verify
wrangler deploy --env production

Approval points and rollback

Pause at the listed decision points and keep recovery instructions beside the action.

Ask before these actions

  • Deploying to any shared or production environment
  • Creating or changing secrets, routes, domains, D1, KV, R2, or other bindings
  • Running database migrations

Recovery plan

  • Record the previous deployment before release
  • Use Wrangler’s documented deployment rollback path for the account
  • Revert code or configuration and redeploy only after identifying the cause

CLI, MCP, or API?

Choose the interface by execution location, identity, output contract, and permission boundary.

CLI

Best for build-aware local development, deployment logs, and CI releases.

MCP

Useful if a managed integration exposes a narrow deployment and log surface.

API

Choose for a custom release controller that manages many Workers or accounts.

Recommended approach

Use Wrangler serially, name the environment explicitly, and verify the live URL after approval.

Official evidence and references

Use these primary or upstream sources to verify current command behavior before acting.

Cloudflare Wrangler documentation

Official Wrangler command and configuration documentation for Workers.

curl manual

Official HTTP options, output handling, retries, and failure semantics.

Questions before you run it

Does wrangler deploy --dry-run change Cloudflare?

Its purpose is to build without deploying; still review the current official command behavior and generated output for the installed CLI.

Can the token be printed for debugging?

No. Check that the variable exists and that account access succeeds without echoing its value.

Related tools and guides

Browse sibling guides and choose the next page that best matches the active task.

Continue with tool evidence, a workflow, or a decision guide related to this task.

Continue with tool evidence, a workflow, or a decision guide related to this task.

Continue with tool evidence, a workflow, or a decision guide related to this task.

Inspect installation, authentication, structured output, command risk, and official evidence.

Inspect installation, authentication, structured output, command risk, and official evidence.