Wrangler deployment and rollback commands mutate live Worker traffic; verify account, Worker name, route, and environment before running them., The archive URL points to Cloudflare's external Workers SDK tag archive; pin versions and review release provenance before using it in CI., Use least-privilege API tokens and secret stores; never commit `.dev.vars`, `.env`, tokens, account credentials, or CI secret values., Version rollback can restore Worker code/config traffic but does not restore bound KV, R2, D1, Durable Object, queue, or downstream service state., Trigger and route updates can change public reachability; treat them as separate release steps with explicit verification.
Privacy notes
Wrangler deploy uploads bundled Worker source, static assets, and configuration metadata to the target account., Release logs can include request URLs, headers, exception details, route names, account IDs, and zone IDs; redact before sharing publicly., CI deploys rely on API tokens and account IDs; avoid printing environment dumps, secret values, or full request payloads in logs., Worker routes, custom domains, and account metadata can reveal infrastructure topology; keep public notes minimal and intentional.
Current risk score 16/100. Use staged verification before broader rollout.
Risk 16
Pre-adoption checks
Validate source and review signals before any execution.
Confirm source provenanceRequired
Source URL/provenance metadata is present.
Done
Confirm metadata review state
Listing has review metadata.
Done
Verify install payload
Install/config payload exists and can be inspected.
Done
Security checks
Confirm safety, privacy, and package integrity signals.
Review safety notesRequired
Safety notes are present.
Done
Review privacy notesRequired
Privacy notes are present.
Done
Verify package integrity metadata
No package verification/checksum metadata.
Pending
Rollout
Adopt in controlled steps based on the selected plan.
Run in isolated sandbox firstRequired
Use a constrained sandbox and observe behavior across multiple tasks.
Pending
Roll out graduallyRequired
Roll out to a small cohort before wider usage.
Pending
Set monitoring and fallback
Define rollback path and monitor errors after adoption.
Pending
Evidence readiness
Evidence readiness matrix · balanced
Required evidence gates are covered (5/6 signals complete).
Risk 15
Source provenance
Present
Source repository/provenance is listed.
Required in this preset
Metadata review
Present
Review metadata is present.
Required in this preset
Safety notes
Present
Safety notes are present.
Required in this preset
Privacy notes
Present
Privacy notes are present.
Optional in this preset
Package integrity
Missing
Package integrity metadata is missing.
Optional in this preset
Install payload
Present
Install payload is available.
Required in this preset
Required evidence gates are covered for this preset.
Decision timeline
Decision timeline · balanced
5/6 steps complete with no blocking gaps for this preset.
Risk 14
triage
Confirm source provenanceRequired
Source/provenance metadata is available.
Done
triage
Check metadata review statusRequired
Review metadata is available.
Done
verify
Review safety notesRequired
Safety notes are available.
Done
verify
Review privacy notes
Privacy notes are available.
Done
verify
Validate package integrity metadata
Package integrity metadata is missing.
Pending
rollout
Verify install payload and commandsRequired
Install payload is available.
Done
No required blockers for this timeline preset.
Prerequisite readiness
Prerequisite readiness
5 prerequisites to line up before setup. Have accounts and credentials ready first.
0/5 ready
Account & credentials1Install & runtime2General2
Safety & privacy surface
Safety & privacy surface
5 safety and 4 privacy notes across 5 risk areas. Review closely: credentials & tokens, network access.
5 areas
SafetyExecution & processesWrangler deployment and rollback commands mutate live Worker traffic; verify account, Worker name, route, and environment before running them.
SafetyGeneralThe archive URL points to Cloudflare's external Workers SDK tag archive; pin versions and review release provenance before using it in CI.
SafetyCredentials & tokensUse least-privilege API tokens and secret stores; never commit `.dev.vars`, `.env`, tokens, account credentials, or CI secret values.
SafetyData retentionVersion rollback can restore Worker code/config traffic but does not restore bound KV, R2, D1, Durable Object, queue, or downstream service state.
SafetyGeneralTrigger and route updates can change public reachability; treat them as separate release steps with explicit verification.
PrivacyNetwork accessWrangler deploy uploads bundled Worker source, static assets, and configuration metadata to the target account.
PrivacyNetwork accessRelease logs can include request URLs, headers, exception details, route names, account IDs, and zone IDs; redact before sharing publicly.
PrivacyCredentials & tokensCI deploys rely on API tokens and account IDs; avoid printing environment dumps, secret values, or full request payloads in logs.
PrivacyData retentionWorker routes, custom domains, and account metadata can reveal infrastructure topology; keep public notes minimal and intentional.
Safety notes
Wrangler deployment and rollback commands mutate live Worker traffic; verify account, Worker name, route, and environment before running them.
The archive URL points to Cloudflare's external Workers SDK tag archive; pin versions and review release provenance before using it in CI.
Use least-privilege API tokens and secret stores; never commit `.dev.vars`, `.env`, tokens, account credentials, or CI secret values.
Version rollback can restore Worker code/config traffic but does not restore bound KV, R2, D1, Durable Object, queue, or downstream service state.
Trigger and route updates can change public reachability; treat them as separate release steps with explicit verification.
Privacy notes
Wrangler deploy uploads bundled Worker source, static assets, and configuration metadata to the target account.
Release logs can include request URLs, headers, exception details, route names, account IDs, and zone IDs; redact before sharing publicly.
CI deploys rely on API tokens and account IDs; avoid printing environment dumps, secret values, or full request payloads in logs.
Worker routes, custom domains, and account metadata can reveal infrastructure topology; keep public notes minimal and intentional.
Prerequisites
Wrangler-managed Worker project or release plan
Project-local Node.js toolchain that satisfies the pinned Wrangler package engines
Access to account ID, Worker name, environment name, route, and binding inventory
CI or local authentication plan for non-interactive deploys
Known smoke checks and rollback target for the release
.gemini/skills/<skill-name>/SKILL.md or .agents/skills/<skill-name>/SKILL.md
cursor
Adapter
.cursor/rules/<skill-name>.mdc
cli
Manual
AGENTS.md or tool-specific context file
Full copyable content
# Trigger
"Apply the Wrangler deployment operations capability pack to this release."
# Required output
1) Wrangler source/package version and command inventory
2) Account, Worker, environment, route, and binding review
3) Deploy/version/trigger command plan
4) Verification evidence and rollback path
About this resource
Knowledge Freshness
This capability pack is pinned to Wrangler package/source metadata verified on 2026-06-03. The package metadata checked was wrangler@4.97.0, tagged on 2026-06-02 at Workers SDK commit 0b6042466efdc845b374f82ab49f977399e6c237.
Prefer the pinned Workers SDK package source, npm package metadata, and exact tag/commit evidence over model memory for command availability and release behavior.
Core Workflow
Confirm the exact Wrangler package version, tag, package integrity, and Node engine requirement before planning the deploy.
Inventory the release target: account ID, Worker name, environment, route/custom domain, worker.dev exposure, bindings, secrets, service bindings, assets, queues, and build command.
Review Wrangler configuration as the deploy source of truth and call out dashboard/API drift that the deploy may overwrite.
Separate local/auth discovery from mutation: run npx wrangler --version, npx wrangler whoami, project tests, build, and a dry-run or preview step when available.
Choose the release path:
npx wrangler deploy for direct deploys that can shift traffic immediately.
npx wrangler versions deploy for selected version traffic splits.
npx wrangler triggers deploy when routes, domains, or time-based triggers need their own application step.
Verify the release with command output, deployment status, smoke checks, logs, and application-specific success criteria.
Prepare rollback before production mutation. Use explicit version IDs where possible and document resources that rollback will not restore.
Produce a concise release record with commands run, account/Worker/environment, changed targets, verification evidence, and residual risks.
Capability Scope
Wrangler package/source verification
Project-local install and command inventory
Deploy command risk classification
Environment and configuration drift review
Version traffic split planning
Trigger and route application checks
Rollback planning and evidence capture
CI secret handling for non-interactive deploys
Compatibility
Native
Claude Code / Claude: use as a reusable Agent Skill for planning and executing Wrangler release operations.
Codex/OpenAI workflows: use as SKILL.md-style instructions for Worker deploy changes and release review.
Manual Adaptation
Windsurf and Gemini: adapt the trigger, workflow, and output contract into their skill or command format.
Cursor and Generic AGENTS files: convert the production rules and validation checklist into repository-level release rules.
Required Inputs
Wrangler package version and package manager
Worker name, account ID, and target environment
Configuration file path and relevant environment block
Route, custom domain, worker.dev, and trigger inventory
Binding inventory for storage, services, queues, vars, and secrets
CI secret names and deploy workflow trigger
Health check, smoke test, and rollback criteria
Production Rules
Do not run a deploy command until the account, Worker name, environment, and route target are explicit.
Treat direct deploys as immediate traffic changes unless the command is explicitly dry-run or targets isolated infrastructure.
Pin Wrangler in the project and CI; avoid unpinned npx wrangler in release workflows.
Use scoped API tokens and keep account IDs/tokens in CI secret storage.
Do not assume rollback restores external resource state; record storage and binding caveats before release.
Keep trigger, domain, and route changes visible in the release plan because they can change public reachability independently of Worker code.
Use version traffic splits when blast radius, compatibility date, assets, or runtime behavior make an all-at-once release too risky.
Release inventory: account, Worker, environment, route/domain, bindings, secrets, triggers, and CI path.
Command plan: exact deploy/version/trigger/rollback commands with each placeholder named.
Risk decision: direct deploy, traffic split, or no-go with explicit reason.
Verification record: checks run, live smoke result, logs/status inspected, and caveats.
Rollback record: version ID or fallback command plus non-versioned resources that need separate recovery.
CI/CD Notes
Store API tokens and account IDs as CI secrets; do not hardcode them in workflow YAML or Wrangler config.
Prefer a project-pinned Wrangler install before the deploy step so local and CI behavior match.
Protect production deploy jobs with branch rules, environment approvals, manual dispatch, or equivalent release controls.
Emit enough deployment output to prove which account, Worker, environment, and version were affected without exposing secrets.
Keep package provenance checks lightweight but concrete: package version, tag/commit, integrity metadata, and source repository.
Troubleshooting
Issue: The deploy targets the wrong Worker or environment
Fix: Stop before another mutation. Check wrangler whoami, config name, selected environment, route/custom domain, CI secrets, and package-manager script arguments.
Issue: Direct deploy would overwrite dashboard/API changes
Fix: Compare local config against remote state and decide whether to accept the overwrite, backport remote changes into config, or pause for owner review.
Issue: A version traffic split is stuck or ambiguous
Fix: List deployments, capture version IDs and percentages, then either progress the intended version or roll back to a known-good version ID.
Issue: Route or trigger changes did not apply
Fix: Treat trigger application as its own release step and verify route/domain/time-based trigger state after the command completes.
Issue: Rollback does not fix data behavior
Fix: Inspect storage, queues, migrations, Durable Objects, and downstream services separately. Worker version rollback does not restore those states.
Validation Checklist
Wrangler package version, npm metadata, tag, and commit verified.
Local build/test/dry-run or preview checks completed where supported.
Account, Worker, environment, route/domain, and trigger target confirmed.
Bindings, secrets, and external resources inventoried.
CI secrets and deploy workflow protections reviewed.
Direct deploy versus version traffic split decision documented.
Smoke checks and logs/status evidence collected.
Rollback target and non-versioned resource caveats documented.
Show that Wrangler Deployment Operations Capability Pack Skill is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.
[](https://heyclau.de/entry/skills/wrangler-deployment-operations-capability-pack)
How it compares
Wrangler Deployment Operations Capability Pack Skill side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.
2 trust signals differ across this comparison (Source provenance, Submitter).
Next steps differ across entries — use the actions in the table below to copy install commands and source links per resource.
Source-backed agent for reviewing Cloudflare Workers deployments before production release, covering wrangler config, bindings, routes, secrets, compatibility flags, and rollback plans aligned to official Cloudflare docs.
✓Wrangler deployment and rollback commands mutate live Worker traffic; verify account, Worker name, route, and environment before running them.
The archive URL points to Cloudflare's external Workers SDK tag archive; pin versions and review release provenance before using it in CI.
Use least-privilege API tokens and secret stores; never commit `.dev.vars`, `.env`, tokens, account credentials, or CI secret values.
Version rollback can restore Worker code/config traffic but does not restore bound KV, R2, D1, Durable Object, queue, or downstream service state.
Trigger and route updates can change public reachability; treat them as separate release steps with explicit verification.
✓Workers deployments can change live traffic immediately; treat production deploy review as release-impacting work requiring explicit approval.
Do not run production deploy commands from unreviewed forks or unverified CI workflows with Cloudflare API tokens.
Bindings to production KV, R2, D1, or Queues can cause data loss or cross- environment contamination if environment names are wrong.
Wrangler rollback and versions features reduce but do not eliminate blast radius; verify rollback steps before deploy.
✓Runs Wrangler auth, secret-list, and deploy dry-run checks, but Wrangler deploy --dry-run still executes the project's local build/bundling pipeline and any configured build command or plugins.
Run this command only in a trusted Workers repository after reviewing wrangler config, package scripts, and bundler plugins; do not use it to evaluate untrusted submissions.
Never run a real deploy or publish, and validate any environment argument before passing it to Wrangler.
✓This hook is static and read-only. It reads only non-symlinked Wrangler config files inside the current project and does not run `wrangler deploy`, `wrangler dev`, `wrangler whoami`, `wrangler secret list`, package scripts, build plugins, or network commands.
The hook exits non-zero only for parse failures or missing required top-level Worker fields such as `name` and `compatibility_date`; warnings remain advisory so the user can review them.
The TOML checks are heuristic and do not replace Wrangler's own parser or a trusted pre-deploy dry run. Use them as a fast edit-time guard, then run official Wrangler validation in a trusted repository.
Do not expand this hook into a dry-run deploy hook unless the team has reviewed local build-script execution, inherited environment variables, and output-directory cleanup.
Keep matchers scoped to config file edits. Running config checks after every tool call adds noise without improving Cloudflare safety.
Privacy notes
✓Wrangler deploy uploads bundled Worker source, static assets, and configuration metadata to the target account.
Release logs can include request URLs, headers, exception details, route names, account IDs, and zone IDs; redact before sharing publicly.
CI deploys rely on API tokens and account IDs; avoid printing environment dumps, secret values, or full request payloads in logs.
Worker routes, custom domains, and account metadata can reveal infrastructure topology; keep public notes minimal and intentional.
✓Wrangler configs, Worker logs, and binding metadata can expose account IDs, internal hostnames, customer routes, and secret names.
Workers observability logs may contain request payloads, auth headers, and user identifiers; redact before sharing review notes externally.
API tokens and OAuth client secrets must not appear in prompts, PR comments, or generated review output.
Third-party observability exports remain subject to vendor retention policies separate from Cloudflare account settings.
✓Wrangler output entering the model context can include your account id, worker name, environment name, and secret names (never secret values).
The dry-run build reads source files and may execute project-controlled local code with inherited environment variables, including Cloudflare-related tokens; review the project before running on sensitive accounts.
The command writes Wrangler dry-run output to disk and project build tooling may write additional local files.
✓The hook reads `wrangler.toml`, `wrangler.json`, or `wrangler.jsonc` only inside the current project, with symlinks rejected and a 1 MiB size cap.
Wrangler config files can contain worker names, route patterns, account identifiers, resource IDs, binding names, environment names, analytics settings, and non-secret vars.
Hook output may include file paths, config key names, environment names, and secret-like variable names, so avoid pasting terminal logs into public issue comments without review.
If a Wrangler config currently contains real secrets in `vars`, the hook can reveal the key names and the surrounding configuration context. Move sensitive values to Wrangler secrets before sharing output.
Prerequisites
Wrangler-managed Worker project or release plan
Project-local Node.js toolchain that satisfies the pinned Wrangler package engines
Access to account ID, Worker name, environment name, route, and binding inventory
CI or local authentication plan for non-interactive deploys
Worker source repository with wrangler config, routes, and environment definitions for staging and production.
Cloudflare account access to inspect bindings (KV, R2, D1, Queues, AI, etc.), routes, and deployment history.
CI or local Wrangler deploy command output from a staging dry run when available.
Maintainer approval path before production deploy or traffic shift.
— none listed
Claude Code project where hooks are allowed by user or project policy.
Cloudflare Workers or Pages project with `wrangler.toml`, `wrangler.json`, or `wrangler.jsonc` checked into the repository.
`jq` available locally to parse Claude Code hook input.
Node.js available locally for static JSON/JSONC/TOML heuristics.