Loading...
Loading...
Infrastructure operations for Cloudflare: Workers, KV, R2, D1, Hyperdrive, observability, builds, audit logs. Triggers: worker/KV/R2/D1/logs/build/deploy/audit. Three permission tiers: Diagnose (read-only), Change (write requires confirmation), Super Admin (isolated environment). Write operations follow read-first, confirm, execute, verify pattern. MCP is optional — works with Wrangler CLI/Dashboard too.
npx skill4agent add heyvhuang/ship-faster cloudflareMCP is optional. This skill works with MCP (auto), Wrangler CLI, or Dashboard. See BACKENDS.md for execution options.
| Tier | Purpose | Scope | Risk Control |
|---|---|---|---|
| Diagnose | Read-only/query/troubleshoot | Observability, Builds, Audit | Default entry, no writes |
| Change | Create/modify/delete resources | KV, R2, D1, Hyperdrive | Requires confirmation + verification |
| Super Admin | Highest privileges | All + Container Sandbox | Only in isolated/test environments |
1. Plan: Read current state first (list/get)
2. Confirm: Output precise change (name/ID/impact), await user confirmation
3. Execute: create/delete/update
4. Verify: audit logs + observability confirm no new errors| Category | What You Can Do |
|---|---|
| Observability | Query worker logs/metrics, discover fields, explore values |
| Builds | List build history, get build details, view build logs |
| Browser | Fetch page HTML, convert to markdown, take screenshots |
| Audit | Pull change history by time range |
| Workers | List workers, get details, view source code |
| Resource | Operations |
|---|---|
| KV | List, get, create ⚠️, update ⚠️, delete ⚠️ |
| R2 | List, get, create ⚠️, delete ⚠️ |
| D1 | List, get, query, create ⚠️, delete ⚠️ |
| Hyperdrive | List, get, create ⚠️, edit ⚠️, delete ⚠️ |
1. Clarify symptoms → worker name / time range / error type
2. Query observability to pull logs/metrics
3. If build-related → get build logs
4. If page-related → take screenshot to reproduce
5. Trace changes → pull audit logs
6. Summarize: root cause + evidence + fix recommendations1. List accounts → set active account
2. List resources (KV / R2 / D1)
3. Plan changes → present to user
4. Execute after confirmation
5. Verify: audit logs + observability shows no errors✅ Investigation complete: worker `api-gateway` experienced 5xx spike between 18:00-18:30
Root cause: New code deployed threw TypeError when processing /v2/users
Evidence:
- Logs: 18:02 first occurrence of "Cannot read property 'id' of undefined"
- Audit: 18:00 user dev@example.com deployed new version
- Metrics: error_rate jumped from 0.1% to 12%
Recommendation: Roll back to previous version, or fix /v2/users handlerruns/<workflow>/active/<run_id>/
├── proposal.md # Symptoms/objectives
├── context.json # Account/worker/resource/time_range
├── tasks.md # Checklist + approval gate
├── evidence/observability.md
├── evidence/audit.md
├── evidence/screenshots/
├── evidence/change-plan.md # Write operations written here first
├── evidence/report.md # Conclusion + evidence + next steps
└── logs/events.jsonl # Optional tool call summary| Situation | Action |
|---|---|
| Account not set | Run accounts_list → set_active_account first |
| Resource doesn't exist | Verify ID/name, list available resources |
| Insufficient permissions | Explain required permissions, check API token scope |
| Observability query too broad | Split into smaller time ranges |