Cloudflare -- Edge & CDN Integration Expert

---

name: cloudflare description: > Deploy Workers, configure KV/R2/D1/Durable Objects, and set up edge caching. USE WHEN: User needs Workers deployment, edge storage configuration, caching strategy, real-time edge applications, or Cloudflare security setup. DON'T USE WHEN: User needs general CDN configuration without Workers. Use Vercel skill for Next.js-specific edge deployment. OUTPUTS: Worker scripts, wrangler configs, storage bindings, caching rules, security policies, deployment pipelines, edge application architectures. version: 1.1.0 author: SpookyJuice tags: [cloudflare, workers, edge, kv, r2, d1, durable-objects] price: 14 author_url: "https://www.shopclawmart.com" support: "brian@gorzelic.net" license: proprietary osps_version: "0.1" content_hash: "sha256:4c59df6b28a2c1d4005eee943743104d47fe69a12ae013a6c53ab4d698fb5cad"

#‍​‌‌​‌‌‌‌​‌‌‌​​‌‌​‌‌‌​​​​​‌‌‌​​‌‌​​‌‌‌​‌​​​‌‌​​​‌​​‌‌‌​‌​​‌‌‌​​‌‌​‌‌​‌​‌​​​‌​‌‌​‌​​‌‌‌​​​​​‌‌​​​​​​‌‌​‌‌‌​‌‌​​‌‌​​​‌‌‌​​​​‌‌​​​‌‌​​‌‌​​‌‌​‌‌​​​‌‌‍ Cloudflare Workers

Version: 1.1.0 Price: $14 Type: Skill

Description

Production edge applications on Cloudflare Workers — beyond wrangler deploy. The platform gives you five storage systems (KV, R2, D1, Durable Objects, Queues), three compute models (Workers, Pages Functions, Cron Triggers), and a configuration surface split across wrangler.toml, the dashboard, and the API with different behavior in each. The hard part isn't writing a Worker — it's picking the right storage primitive before you've committed to the wrong one, configuring bindings that actually resolve across environments, and building cache invalidation that works at the edge without stale data leaking through.

Prerequisites

• Cloudflare account with Workers enabled
• Wrangler CLI: npm install -g wrangler
• API token: CLOUDFLARE_API_TOKEN (with Workers permissions)
• Custom domain added to Cloudflare (for custom routing)

Setup

1. Copy SKILL.md into your OpenClaw skills directory
2. Set environment variables:

   export CLOUDFLARE_API_TOKEN="your-api-token"
   export CLOUDFLARE_ACCOUNT_ID="your-account-id"
   

3. Reload OpenClaw

Commands

• "Deploy a Worker for [use case]"
• "Set up KV/R2/D1 storage for [data pattern]"
• "Configure Durable Objects for [stateful use case]"
• "Implement edge caching for [route pattern]"
• "Set up zero-trust access for [application]"
• "Build a real-time WebSocket app at the edge"
• "Debug this Worker error: [error]"

Workflow

Workers Deployment Pipeline

1. Project scaffolding — wrangler init creates the project structure. Choose your entry point: Module Worker (export default { fetch }) over Service Worker (addEventListener) — Module Workers support Durable Objects, scheduled handlers, and are the modern standard.
2. Environment configuration — define environments in wrangler.toml: [env.staging] and [env.production] with separate bindings, routes, and variables. Environment-specific vars override top-level ones. Use wrangler.toml for non-secret config, wrangler secret put for API keys.
3. Binding setup — declare bindings in wrangler.toml for each storage primitive: [[kv_namespaces]], [[r2_buckets]], [[d1_databases]], [[durable_objects.bindings]]. Each binding maps a variable name to a resource. Bindings are environment-specific — a staging KV namespace is separate from production.
4. Local development — wrangler dev runs the Worker locally with Miniflare (local simulator). It simulates KV, R2, D1, and Durable Objects locally. Use --remote flag to test against actual Cloudflare infrastructure when local simulation isn't sufficient.
5. Preview deployments — wrangler deploy --env staging deploys to your staging environment. Use wrangler tail --env staging to stream live logs. Test with real traffic patterns before promoting to production.
6. Production deployment — wrangler deploy --env production with route patterns that map your custom domain to the Worker. Enable gradual rollouts by deploying to a percentage of traffic first if available. Document rollback: wrangler rollback reverts to the previous version.

Storage Primitive Selection

1. KV (Key-Value) — eventually consistent, global read, single-region write. Use for: configuration data, feature flags, cached API responses, session tokens. NOT for: anything requiring strong consistency or transactional writes. Read latency: <10ms at the edge after propagation.
2. R2 (Object Storage) — S3-compatible, zero egress fees. Use for: file uploads, static assets, backups, media storage. Access via Worker bindings (fastest) or S3-compatible API (for existing S3 tooling). Set lifecycle rules for automatic cleanup of temporary objects.
3. D1 (SQLite at the edge) — full SQL database, per-region replicas. Use for: relational data, complex queries, transactions. Limitations: 10GB max database size, write operations route to primary. Run migrations with wrangler d1 migrations apply. Test queries locally with wrangler d1 execute --local.
4. Durable Objects — strongly consistent, single-instance per ID, WebSocket support. Use for: real-time collaboration, rate limiting, counters, stateful WebSocket connections. Each Durable Object is a JavaScript class instance with transactional storage. The platform guarantees single-threaded execution per object.
5. Queues — message queuing between Workers. Use for: async processing, event pipelines, batch operations. Producers push messages, consumer Workers pull in batches. Configure batch size and retry policies. Use dead-letter queues for failed messages.
6. Decision matrix — read-heavy global data → KV. File storage → R2. Relational queries → D1. Strong consistency + coordination → Durable Objects. Async processing → Queues. When in doubt, start with KV for simple data and D1 for structured data.

Edge Caching Strategy

1. Cache API — Workers can read and write to the Cloudflare cache directly with caches.default. Use cache.put() to store responses, cache.match() to retrieve them. This gives you programmatic control over what's cached and for how long.
2. Cache headers — set Cache-Control headers on responses: s-maxage for Cloudflare edge cache, max-age for browser cache. Use stale-while-revalidate to serve stale content while refreshing in the background. Vary headers for content negotiation (language, format).
3. Cache keys — customize cache keys to control cache granularity. Default key is the full URL. Strip query parameters that don't affect response content. Add custom headers to the key for A/B testing or geo-specific content.
4. Purge strategies — tag-based purge for invalidating groups of cached resources. Single-URL purge for targeted invalidation. Prefix purge for all URLs under a path. Purge everything as a nuclear option. Automate purges via API on content updates.
5. Tiered caching — enable Tiered Cache to reduce origin hits. Upper-tier data centers serve as intermediaries, absorbing cache misses from lower tiers. Argo Smart Routing optimizes paths between edge and origin for cache misses.
6. Cache analytics — monitor cache HIT/MISS ratios in the dashboard. Target 90%+ cache hit rate for static content. Identify URLs with low hit rates and adjust TTLs or cache keys. Set up alerts for cache hit rate drops.

Output Format

☁ CLOUDFLARE — [IMPLEMENTATION TYPE]
Project: [Name]
Workers: [script names]
Date: [YYYY-MM-DD]

═══ WORKER CONFIG ═══
[wrangler.toml content]

═══ STORAGE BINDINGS ═══
| Binding | Type | Resource | Environment |
|---------|------|----------|-------------|
| [var] | KV/R2/D1/DO | [name] | [staging/production] |

═══ ROUTES ═══
| Pattern | Worker | Environment |
|---------|--------|-------------|
| [route] | [worker] | [env] |

═══ CACHING ═══
| Route | Strategy | TTL | Purge Trigger |
|-------|----------|-----|---------------|
| [route] | Cache API/Headers | [seconds] | [event] |

═══ PERFORMANCE ═══
| Metric | Value | Target | Status |
|--------|-------|--------|--------|
| P50 Latency | [ms] | <50ms | 🟢/🟡/🔴 |
| Cache Hit Rate | [%] | >90% | 🟢/🟡/🔴 |
| CPU Time | [ms] | <10ms | 🟢/🟡/🔴 |

Common Pitfalls

• Wrong storage primitive — using KV for data that needs strong consistency leads to stale reads. KV is eventually consistent with ~60s propagation. Use Durable Objects for consistency.
• Binding mismatches across environments — a binding declared in [env.production] but missing from [env.staging] causes ReferenceError in staging. Mirror all bindings across environments.
• D1 write bottleneck — all D1 writes route to the primary region. Write-heavy workloads should use Durable Objects or queue writes for batch processing.
• Durable Object cold starts — first request to a Durable Object incurs a cold start (~20-50ms). Use the hibernation API for WebSocket handlers to reduce costs while maintaining connections.
• Cache key collisions — default cache keys include query parameters. If different query params return the same content, you're caching duplicate responses. Customize cache keys to strip irrelevant params.

Guardrails

• Never stores secrets in wrangler.toml. API keys, tokens, and credentials use wrangler secret put for encrypted secret storage. Config files are committed; secrets are not.
• Storage selection is justified. Every storage primitive choice includes a rationale. No defaulting to KV because it's easiest — the right primitive for the access pattern.
• Environments are isolated. Staging and production use separate KV namespaces, R2 buckets, and D1 databases. No shared state between environments.
• Cache invalidation is explicit. Every caching implementation includes a purge strategy. No indefinite caching without a plan for content updates.
• Worker size limits respected. Workers have a 1MB compressed script limit (10MB on paid plans). Bundle size is checked before deployment.
• Cost monitoring. Tracks Worker invocations, KV reads/writes, R2 operations, and D1 row reads against plan limits. Flags approaching overages before they hit.
• DNS changes verified with rollback plan. Every DNS record modification includes a pre-change snapshot, propagation verification steps, and a documented rollback procedure. No DNS changes are applied without confirming the ability to revert within minutes.

Support

Questions or issues with this skill? Contact brian@gorzelic.net Published by SpookyJuice — https://www.shopclawmart.com