{"id":40853162,"url":"https://github.com/littlebearapps/cloudflare-engineer","last_synced_at":"2026-01-21T23:42:37.362Z","repository":{"id":333111832,"uuid":"1129495934","full_name":"littlebearapps/cloudflare-engineer","owner":"littlebearapps","description":"Claude Code plugin: Senior Cloudflare Systems Engineer capabilities for architecture, cost optimization, security, and implementation","archived":false,"fork":false,"pushed_at":"2026-01-17T11:55:14.000Z","size":213,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-01-17T22:06:21.756Z","etag":null,"topics":["claude-code","claude-code-plugin","cloudflare","devops","infrastructure","workers"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/littlebearapps.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-01-07T07:04:42.000Z","updated_at":"2026-01-17T11:55:16.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/littlebearapps/cloudflare-engineer","commit_stats":null,"previous_names":["littlebearapps/cloudflare-engineer"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/littlebearapps/cloudflare-engineer","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/littlebearapps%2Fcloudflare-engineer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/littlebearapps%2Fcloudflare-engineer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/littlebearapps%2Fcloudflare-engineer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/littlebearapps%2Fcloudflare-engineer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/littlebearapps","download_url":"https://codeload.github.com/littlebearapps/cloudflare-engineer/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/littlebearapps%2Fcloudflare-engineer/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28646953,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-21T21:29:11.980Z","status":"ssl_error","status_checked_at":"2026-01-21T21:24:31.872Z","response_time":86,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["claude-code","claude-code-plugin","cloudflare","devops","infrastructure","workers"],"created_at":"2026-01-21T23:42:37.291Z","updated_at":"2026-01-21T23:42:37.348Z","avatar_url":"https://github.com/littlebearapps.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Cloudflare Engineer Plugin\n\n[![Version](https://img.shields.io/badge/version-1.6.0-blue.svg)](https://github.com/littlebearapps/cloudflare-engineer/releases)\n[![License](https://img.shields.io/badge/license-MIT-green.svg)](LICENSE)\n[![Claude Code](https://img.shields.io/badge/Claude%20Code-v2.0.12+-purple.svg)](https://claude.com/claude-code)\n[![GitHub Issues](https://img.shields.io/github/issues/littlebearapps/cloudflare-engineer)](https://github.com/littlebearapps/cloudflare-engineer/issues)\n[![GitHub Discussions](https://img.shields.io/github/discussions/littlebearapps/cloudflare-engineer)](https://github.com/littlebearapps/cloudflare-engineer/discussions)\n\n\u003e **The Platform Architect that protects your wallet.**\n\u003e Design, implement, and secure Cloudflare Workers without the billing anxiety.\n\n## Why This Plugin?\n\nServerless is powerful, but a single infinite loop or unindexed query can cost thousands. **Cloudflare Engineer** acts as your proactive pair programmer, enforcing architectural patterns that scale without bankrupting you.\n\nIt doesn't just write codeβ€”it **audits** it against a database of known Cloudflare billing traps.\n\n| πŸ›‘οΈ **Sleep Soundly** | ⚑ **Ship Faster** | πŸ—οΈ **Scale Smart** |\n| :--- | :--- | :--- |\n| Real-time cost guardrails catch row-read explosions and recursion loops *before* you deploy. | 13 auto-skills handle the boilerplate for Hono, D1, Queues, and Workflows instantly. | Pattern architect suggests the right tool (Workers vs Containers vs Workflows) for the job. |\n\n## Quick Install\n\n```bash\n# 1. Add the marketplace\n/plugin marketplace add littlebearapps/cloudflare-engineer\n\n# 2. Install the plugin\n/plugin install cloudflare-engineer@littlebearapps-cloudflare-engineer\n```\n\nTo update: `/plugin update cloudflare-engineer@littlebearapps-cloudflare-engineer`\n\n\u003e **Note**: Works fully without setup. For live validation against production metrics, configure the optional [Cloudflare MCP servers](#mcp-tool-integration).\n\n---\n\n## Billing Protection\n\nWe detect the specific patterns that cause billing spikes.\n\n| Protection | What It Catches | Rule |\n|------------|-----------------|------|\n| **D1 Row Read Shield** | `SELECT *` without `LIMIT`, unindexed queries causing millions of reads | QUERY001, BUDGET007 |\n| **R2 Cost Shield** | Class B operation abuse, public buckets without CDN caching | BUDGET008, R2002 |\n| **Loop Breaker** | Worker self-recursion, infinite retry loops, `setInterval` in DOs | LOOP001-008 |\n| **AI Cost Awareness** | Expensive models (Llama 405b, DeepSeek-R1) for simple tasks | AI001, AI002 |\n| **Queue Safety** | Missing DLQs, high retry counts, no max_concurrency | RES001, COST001 |\n\nSee the full [Cost-Sensitive Resources Watchlist](COST_SENSITIVE_RESOURCES.md) for all billing traps.\n\n## Architecture Skills\n\nStop guessing which service to use. The plugin provides decision trees for:\n\n| Skill | When It Activates |\n|-------|-------------------|\n| `architect` | \"Design a queue-based pipeline\" β†’ Edge-Native Constraints + Billing Safety |\n| `workflow-architect` | \"Should I use Queues or Workflows?\" β†’ Durable execution patterns |\n| `query-optimizer` | \"Optimize my D1 queries\" β†’ N+1 detection, caching decisions |\n| `loop-breaker` | \"Prevent infinite loops\" β†’ Recursion guards, idempotency |\n| `guardian` | \"Is my worker secure?\" β†’ Security + Budget + Privacy audit |\n| `zero-trust` | \"Protect my staging environment\" β†’ Access policies, Tunnel config |\n| `implement` | \"Scaffold a Hono API with D1\" β†’ Code templates + Queue Safety |\n\nAll 13 skills activate automatically based on your questions.\n\n---\n\n## Pre-Deploy Validation\n\nBefore `wrangler deploy`, our hook validates your config and source code against 30+ rules.\n\n### Severity Levels\n\n| Severity | Blocking? | Example Detection |\n|----------|-----------|-------------------|\n| πŸ”΄ CRITICAL | **Yes** | `while(true)` without break, D1 query inside `map()` |\n| 🟠 HIGH | No | Plaintext secrets, R2 writes in loops |\n| 🟑 MEDIUM | No | Missing DLQ, deprecated `[site]` config |\n| πŸ”΅ LOW/INFO | No | Smart placement disabled, observability not configured |\n\n### Key Rules\n\n| Rule | Severity | Detection |\n|------|----------|-----------|\n| SEC001 | πŸ”΄ CRITICAL | Plaintext secrets in config |\n| LOOP002 | πŸ”΄ CRITICAL | D1 query in loop (N+1 trap) |\n| LOOP005 | πŸ”΄ CRITICAL | Worker self-fetch recursion |\n| LOOP007 | πŸ”΄ CRITICAL | Unbounded `while(true)` loop |\n| BUDGET007 | πŸ”΄ CRITICAL | D1 row read explosion |\n| RES001 | 🟠 HIGH | Queue without dead letter queue |\n| BUDGET008 | 🟑 MEDIUM | R2 Class B without edge caching |\n| AI001 | 🟠 HIGH | Expensive AI model without cost awareness |\n\n### Suppressing False Positives\n\n**Inline comments** for known-safe patterns:\n\n```typescript\n// @pre-deploy-ok LOOP005\nasync function traverse(node: Node, depth = 0) {\n if (depth \u003e 10) return; // Has depth limit - safe\n await traverse(child, depth + 1);\n}\n\nwhile (true) { // @pre-deploy-ok LOOP007\n if (shouldStop) break; // Controlled loop\n}\n```\n\n**Project-level `.pre-deploy-ignore`** file:\n\n```bash\nRES001:my-queue # Suppress for specific queue\nLOOP001 # Allow high cpu_ms for this worker\n```\n\n**Emergency bypass** (session-only):\n\n```bash\nSKIP_PREDEPLOY_CHECK=1 npx wrangler deploy\n```\n\n---\n\n## Commands\n\n| Command | Description |\n|---------|-------------|\n| `/cf-costs [--validate]` | Cost report with monthly projections |\n| `/cf-audit [--validate]` | Full security, performance, and cost audit |\n| `/cf-design` | Interactive architecture design wizard |\n| `/cf-pattern \u003cname\u003e` | Apply patterns: `circuit-breaker`, `kv-cache-first`, `d1-batching` |\n| `/cf-logs` | Configure external logging (Axiom, Better Stack) with privacy filters |\n\n## Pattern Catalog\n\nApply battle-tested patterns with scaffolding:\n\n| Pattern | Problem | Solution |\n|---------|---------|----------|\n| `service-bindings` | Monolithic Worker hitting subrequest limits | Decompose with RPC |\n| `d1-batching` | High D1 write costs from per-row inserts | Batch INSERT operations |\n| `circuit-breaker` | External API cascading failures | Fail-fast with fallback |\n| `kv-cache-first` | D1 row read explosion | Cache reads in KV |\n| `r2-cdn-cache` | R2 Class B operation costs | Edge cache public assets |\n\n```bash\n/cf-pattern kv-cache-first\n/cf-pattern circuit-breaker --analyze-only\n```\n\n---\n\n## Supported Services\n\n| Category | Services |\n|----------|----------|\n| **Compute** | Workers, Durable Objects, Containers (Beta) |\n| **Storage** | R2, D1 (SQLite), KV, Vectorize |\n| **Flow** | Queues, Workflows, Stream |\n| **Security** | Access (Zero Trust), AI Gateway, Custom Hostnames |\n\n## MCP Tool Integration\n\nFor `--validate` mode, configure these Cloudflare MCP servers:\n\n| MCP Server | Used For |\n|------------|----------|\n| `cloudflare-observability` | Worker metrics, error rates, latency |\n| `cloudflare-ai-gateway` | AI costs, cache hit rates |\n| `cloudflare-bindings` | D1 queries, resource inventory |\n\n**Without MCP**: Full static analysis works perfectly. Commands tag findings as `[STATIC]`.\n\n**With MCP**: Live validation confirms findings against production. Tags: `[LIVE-VALIDATED]` or `[LIVE-REFUTED]`.\n\n---\n\n## What's New in v1.6.0\n\n### Session-Aware Hooks\n\n| Hook | When | What It Does |\n|------|------|--------------|\n| **SessionStart** | Session begins | Detects CF projects, announces bindings (D1, R2, KV, Queues, DO, AI) |\n| **PreToolUse** | Before `wrangler deploy` | Validates config and source code (30+ rules) |\n| **PostToolUse** | After `wrangler deploy` | Parses deployment output, suggests next steps |\n\n### AI Cost Detection\n\n| Rule | Severity | Detection |\n|------|----------|-----------|\n| AI001 | 🟠 HIGH | Expensive model usage (llama-3.1-405b, deepseek-r1) without cost awareness |\n| AI002 | 🟑 MEDIUM | AI binding without cache wrapper pattern |\n\n### GitHub Integration\n\n- YAML issue templates with structured fields\n- GitHub Discussions for community Q\u0026A\n- 10 new labels for Cloudflare services and components\n\n---\n\n## Support \u0026 Community\n\n| Channel | Purpose |\n|---------|---------|\n| [GitHub Issues](https://github.com/littlebearapps/cloudflare-engineer/issues) | Bug reports and feature requests |\n| [GitHub Discussions](https://github.com/littlebearapps/cloudflare-engineer/discussions) | Questions, ideas, and community chat |\n| [Changelog](CHANGELOG.md) | Version history and what's new |\n\n## Requirements\n\n- Claude Code v2.0.12+\n- Python 3.8+ (for pre-deploy hook)\n- Cloudflare account with Workers enabled\n\n## Contributing\n\nWe believe in the power of open source. See [CONTRIBUTING.md](CONTRIBUTING.md) for development setup.\n\n1. Check the [Issue Tracker](https://github.com/littlebearapps/cloudflare-engineer/issues)\n2. Read our [Contributing Guide](CONTRIBUTING.md)\n3. Submit a PR!\n\n## Security\n\nSee [SECURITY.md](SECURITY.md) for vulnerability reporting.\n\n## License\n\nDistributed under the MIT License. See [LICENSE](LICENSE) for details.\n\n---\n\n## Links\n\n- [Changelog](CHANGELOG.md)\n- [Cost-Sensitive Resources Watchlist](COST_SENSITIVE_RESOURCES.md)\n- [Contributing](CONTRIBUTING.md)\n- [Security Policy](SECURITY.md)\n- [Code of Conduct](CODE_OF_CONDUCT.md)\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\u003csub\u003eMade with care by \u003ca href=\"https://littlebearapps.com\"\u003eLittle Bear Apps\u003c/a\u003e\u003c/sub\u003e\n\u003c/div\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flittlebearapps%2Fcloudflare-engineer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flittlebearapps%2Fcloudflare-engineer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flittlebearapps%2Fcloudflare-engineer/lists"}