PocketBrain Worker Bootstrap
Bootstrap worker infrastructure safely and verify deployment prerequisites before release.
Workflow
- •Confirm bootstrap prerequisites.
- •Read
references/bootstrap-prereqs.md. - •Require
CLOUDFLARE_API_TOKENandKEY_ENCRYPTION_SECRET. - •Require
CLOUDFLARE_ACCOUNT_IDonly whenworker/wrangler.tomlstill has placeholder account ID.
- •Run preflight runtime checks.
- •Run
NODE_ENV=production npm run config:check:worker. - •Stop and report if preflight fails.
- •Execute bootstrap.
- •Run
npm run worker:bootstrap. - •Allow script-managed KV creation and secret setup to complete.
- •Validate result.
- •Confirm deploy command exits cleanly.
- •Confirm no placeholder values remain in
worker/wrangler.tomlwhen bootstrap expected replacements.
- •Handle rotation tasks when requested.
- •Read
references/key-rotation.md. - •Execute overlap-secret rotation sequence exactly and remove previous secret after TTL window.
Reporting
Return:
- •Prerequisite check result.
- •Bootstrap command result.
- •Any unresolved manual action (for example, route configuration in Cloudflare dashboard).
- •Rotation status when applicable.
Safety
- •Never echo secret values in output.
- •Never commit
worker/.dev.varsor any live secret material. - •Never remove
KEY_ENCRYPTION_SECRET_PREVuntil the active session TTL window is covered.