AgentSkillsCN

pocket-brain-worker-bootstrap

使用KV命名空间与加密密钥设置,启动并部署PocketBrain Cloudflare Worker。当用户要求首次进行Worker设置、配置AI_SESSIONS KV、设置KEY_ENCRYPTION_SECRET、轮换Worker密钥,或排查Worker启动时的身份验证与配置失败时使用此功能。

SKILL.md
--- frontmatter
name: pocket-brain-worker-bootstrap
description: Bootstrap and deploy the PocketBrain Cloudflare Worker with KV namespace and encryption secret setup. Use when asked to perform first-time worker setup, configure AI_SESSIONS KV, set KEY_ENCRYPTION_SECRET, rotate worker keys, or troubleshoot worker bootstrap authentication and config failures.

PocketBrain Worker Bootstrap

Bootstrap worker infrastructure safely and verify deployment prerequisites before release.

Workflow

  1. Confirm bootstrap prerequisites.
  • Read references/bootstrap-prereqs.md.
  • Require CLOUDFLARE_API_TOKEN and KEY_ENCRYPTION_SECRET.
  • Require CLOUDFLARE_ACCOUNT_ID only when worker/wrangler.toml still has placeholder account ID.
  1. Run preflight runtime checks.
  • Run NODE_ENV=production npm run config:check:worker.
  • Stop and report if preflight fails.
  1. Execute bootstrap.
  • Run npm run worker:bootstrap.
  • Allow script-managed KV creation and secret setup to complete.
  1. Validate result.
  • Confirm deploy command exits cleanly.
  • Confirm no placeholder values remain in worker/wrangler.toml when bootstrap expected replacements.
  1. Handle rotation tasks when requested.
  • Read references/key-rotation.md.
  • Execute overlap-secret rotation sequence exactly and remove previous secret after TTL window.

Reporting

Return:

  • Prerequisite check result.
  • Bootstrap command result.
  • Any unresolved manual action (for example, route configuration in Cloudflare dashboard).
  • Rotation status when applicable.

Safety

  • Never echo secret values in output.
  • Never commit worker/.dev.vars or any live secret material.
  • Never remove KEY_ENCRYPTION_SECRET_PREV until the active session TTL window is covered.