Cloudflare Worker Deployment Handoff

GCA Worker Routes Handoff

This page publishes the operator deployment sequence for the prepared /gca/service-requests and /gca/credit-usage routes. The source, D1 migrations, and local dry-run are ready, but the production routes are still non-live until Cloudflare authentication, Worker deploy permission, remote D1 migrations, deploy, and smoke checks all pass.

The handoff is intentionally read-only until the deploy gates pass. It does not expose user records, does not print admin tokens, does not connect wallets, does not request wallet signatures, and does not create trading permission.

API Status Service Delivery Playbook Access API Contract Operations Runbook Release Gates
Handoff ID worker-routes-handoff-v1

Public deployment handoff for prepared operator routes.

Current Status Prepared, not production-live

Worker dry-run and D1 visibility passed on 2026-06-18.

Current Blocker Cloudflare error 10000

Cloudflare auth session and Worker deploy permission must pass first.

Prepared Routes 2 operator routes

/gca/service-requests and /gca/credit-usage.

Access Model Token-protected admin

Public visitors must not be able to read ledgers.

Source Handoff docs/gca_worker_pending_routes_deploy_handoff.md

Keep the docs copy as the operator source of truth.

Already Live Routes

Public healthGET /health
Access configGET /gca/access-config
Email registrationPOST /gca/email-registrations
Contact suppressionPOST /gca/contact-suppressions
Wallet verificationPOST /gca/wallet-verifications with read-only balanceOf
Member accessPOST /gca/member-access for eligible ledger records.

Prepared But Non-Live

Service request queueGET/POST /gca/service-requests; prepared in source, pending Worker deploy.
Credit usage ledgerGET/POST /gca/credit-usage; prepared in source, pending Worker deploy.
Claim boundaryDo not say these routes are production-live until both public and admin smoke checks pass with --include-pending-routes.

Required Gate Order

1. Read-only readinessRun the deploy-readiness checker and require cloudflare-auth-session, D1 visibility, and Worker deploy permission to pass.
2. Remote D1 migrationsApply 0004_credit_usage_ledger.sql and 0005_service_requests.sql only after Gate 1 passes.
3. Worker deployDeploy the updated Worker only after remote migrations complete successfully.
4. Post-Deploy Public SmokeConfirm health/config versions, CORS, and unauthenticated admin-read rejection with --include-pending-routes.
5. Post-Deploy Admin SmokeUse the local admin token file to check token-protected response shape without printing tokens or user records.
6. Status updateOnly after Gates 1-5 pass, update public API status pages from prepared to live token-protected status.

Gate 1 Command

Safe before deploy. It does not write D1 data, deploy Workers, read user ledgers, or print secrets.

cd /Users/abc/Desktop/gca_token
python3 tools/check_gca_worker_deploy_readiness.py --run-wrangler --run-cloudflare --require-deploy-auth

Gate 2 Command

Run only after the read-only readiness gate passes.

cd /Users/abc/Desktop/gca_token/cloudflare/gca-registration-worker
npx wrangler d1 migrations apply gca_registration --remote

Gate 3 Command

Run only after remote D1 migrations succeed.

cd /Users/abc/Desktop/gca_token/cloudflare/gca-registration-worker
npx wrangler deploy

Gate 4 Command

Public route check; no admin token required and no write test record.

cd /Users/abc/Desktop/gca_token
python3 tools/check_gca_registration_api.py --public-only --timeout 30 --include-pending-routes

Gate 5 Command

Local operator check. Keep ADMIN_READ_TOKEN in the ignored token file and do not paste it into chat, commits, logs, or public pages.

cd /Users/abc/Desktop/gca_token
python3 tools/check_gca_registration_api.py --token-file cloudflare/gca-registration-worker/.env.admin.local --limit 5 --include-pending-routes

Optional Export After Success

Internal operator artifact only. Do not publish full user records.

cd /Users/abc/Desktop/gca_token
python3 tools/export_cloudflare_member_access.py --token-file cloudflare/gca-registration-worker/.env.admin.local --limit 100 --include-pending-routes --output .gca_access_data/cloudflare_member_access_export.json

Safe To Say

  • The service-request and credit-usage routes are prepared in source.
  • The deploy handoff is published for the owner/operator workflow.
  • The routes remain non-live until deploy gates and smoke checks pass.
  • The routes are operator-only and token-protected, not public user ledgers.

Do Not Claim Yet

  • Do not say production self-service service delivery is live.
  • Do not say credits are automatically deducted before operator review.
  • Do not say these routes connect wallets or request wallet signatures.
  • Do not say the workflow sends transactions, transfers GCA, or creates trading permission.
  • Do not publish full user records, admin tokens, private evidence, or local export files.

Stop Conditions

Cloudflare auth errorStop if readiness still returns Authentication error [code: 10000].
Migration failureStop if remote D1 migrations fail or if the expected migration IDs are not applied.
Deploy failureStop if wrangler deploy fails or deploy history cannot be read.
Health mismatchStop if /health does not expose gca_credit_usage_v1 and gca_service_request_v1.
Auth boundary failureStop if unauthenticated reads do not return authorization errors.
Secret exposureStop if any command prints secrets or user record contents.

Copy-Ready Status Summary

GCA has published the Worker Routes Handoff for the prepared service-request and credit-usage routes. The code and D1 migrations are ready, but production remains non-live until Cloudflare authentication, Worker deploy permission, remote D1 migrations, deploy, and public/admin smoke checks pass. The routes are operator-only, token-protected, no-custody, and do not request wallet signatures or create trading permission.