apiVersion: capsule.dev/v0.1
kind: Capsule
name: yingjieli-cloudflare-deploy
version: 1.0.0
type: adapter
domain: yingjieli.deploy
maintainers:
- name: Quake
email: [email protected]
purpose:
summary: |
Cloudflare Pages deployment adapter. Owns the wrangler.toml template,
the KV namespace binding (YL_DATA), the R2 bucket binding (YL_IMAGES),
the CDN cache + security headers, and legacy URL redirects.
owns:
- wrangler.toml template (KV + R2 bindings; project name)
- "_headers (CDN cache rules, security headers)"
- "_redirects (legacy URL fixes)"
- the canonical binding names YL_DATA and YL_IMAGES
does_not_own:
- any application code (functions and assets belong to their own capsules)
- the ADMIN_PASSWORD / SESSION_SECRET values (set via Cloudflare dashboard)
interfaces:
provides:
- kind: env
name: YL_DATA
description: KV namespace binding (id supplied at reconstruct time).
- kind: env
name: YL_IMAGES
description: R2 bucket binding (name supplied at reconstruct time).
requires:
- kind: env
name: ADMIN_PASSWORD
description: |
Set via Cloudflare Pages → Settings → Environment Variables AFTER deploy.
Required at runtime by yingjieli-admin-auth.
- kind: env
name: SESSION_SECRET
description: HMAC key (>= 32 bytes). Set same place as ADMIN_PASSWORD.
dependencies:
capsules: []
runtime:
- wrangler: ">=3"
- cloudflare-pages: "*"
agent:
summary_for_ai: |
The bridge between the code in this repo and the Cloudflare Pages
runtime. Contains bindings, not logic. The two bindings (YL_DATA,
YL_IMAGES) make the other capsules' env requirements satisfied at
runtime. If the bindings change, every dependent capsule must change.
avoid:
- Committing ADMIN_PASSWORD or SESSION_SECRET to wrangler.toml.
- Renaming bindings without coordinating with dependent capsules.
verification:
health_checks:
- id: wrangler-template-present
command: node -e "require('fs').statSync('src/wrangler.toml.tmpl')"
- id: headers-present
command: node -e "require('fs').statSync('src/_headers')"
invariants:
- Secrets are never committed to wrangler.toml.
- The binding names YL_DATA and YL_IMAGES are stable across reconstructions.
- /assets/* and /images/* responses are immutable cache; HTML is no-cache.
x-reconstruct:
install: install.json
notes: |
install.json's template_substitutions directive lets the reconstructor
fill in PROJECT_NAME / YL_DATA_ID / YL_IMAGES_BUCKET at run time. If
not supplied, defaults are used (the user must then edit wrangler.toml
by hand before deploy).