feat(deploy): app worker backend management with MCP + skill#12
Merged
Conversation
Add control-plane management for deployed app workers (Cloudflare full-app workers) on top of the existing deploy-only endpoint. - Backend: AppWorkerDeployer gains 404-tolerant get/delete (Cloudflare dispatch-namespace GET/DELETE); new AppWorkerService does tenant-scoped list/get/delete; admin endpoints GET/DELETE under /deployments/admin/v1/app-workers. - MCP: appWorkersList/appWorkerStatus/appWorkerDelete on DeploymentsMcpTools (delete gated on service_role). - Frontend bridge + skill: app_workers_list/status/delete tools and a new references/app-workers.md reference. - Tenant safety: the dispatch namespace is shared, so ownership is derived only from the project's own app_deployments history (never namespace enumeration); custom workerName must equal appCode or be namespaced under appCode- (403 otherwise). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a control-plane management layer for deployed app workers (Cloudflare full-app workers — server module + bundled assets on a shared Workers-for-Platforms dispatch namespace). Previously the feature only had a deploy endpoint; you could ship an app worker but not list, inspect, or undeploy one. This PR closes that loop and wires it through MCP and the
nubaseskill.What's included
Backend (control plane)
AppWorkerDeployergains 404-tolerantget/delete;CloudflareAppWorkerDeployerimplements them via dispatch-namespaceGET/DELETE(get →exists=falsewhen absent, delete → idempotent).executeCloudflarerefactored with anallowNotFoundvariant.AppWorkerServicedoes tenant-scopedlist/get/delete.AppDeploymentAdminController(@RequireServiceRole) addsGET /deployments/admin/v1/app-workers,GET .../{workerName},DELETE .../{workerName}.MCP
DeploymentsMcpTools:appWorkersList(read),appWorkerStatus(read, with live provider state),appWorkerDelete(write, gated onservice_role).app_workers_list/app_worker_status/app_worker_deleteintools.ts+nubase-client.ts.Skill
references/app-workers.md, linked fromSKILL.md(reference list + read/write tool inventories).Tenant safety
The dispatch namespace is shared across all tenants, so management never enumerates the namespace — ownership is derived solely from the project's own
app_deploymentshistory (manifest_summary.type == "app_worker", latest per workerName, case-insensitive).requireOwned()rejects any worker not owned by the calling project, so a project can never read or delete another tenant's worker. Deletes write anapp_worker_deleteaudit row.Additionally, the deploy path now rejects a custom
workerNamethat isn't namespaced under the project: it must equalappCodeor start withappCode-(403 otherwise), closing a pre-existing cross-tenant naming-collision gap at the deploy boundary.Tests
AppWorkerServiceTest(ownership scoping + list/get/delete), extendedCloudflareAppWorkerDeployerTest(get/delete + 404 cases), extendedAppWorkerDeployServiceTest(workerName prefix accept/reject),appWorkerDeleteservice-role parity inRemoteAdminMcpToolsTest, updatedMcpConfigTestconstructor.mvn -o teston the affected classes → all green. Frontend:tscbuild clean +node --test→ 118 passed (incl. new app-worker tool dispatch test).🤖 Generated with Claude Code