← Skills

infrastructure-ops

Cloudflare DNS, Vercel deployments, subdomain management

Used by

🎯 Alfred

Skill: Infrastructure Ops

Owner: Devin (Delivery Ops) — primary Support: Alfred (Orchestrator) — escalation & approval Purpose: Manage Cloudflare DNS, Vercel deployments, and subdomain provisioning for LeadsPanther properties

Prerequisites

  • CLOUDFLARE_API_TOKEN — scoped to leadspanther.com (DNS edit, zone read, cache purge, SSL, page rules, firewall, analytics, email routing, Workers)
  • VERCEL_TOKEN — Vercel deployments
  • GITHUB_PAT — repo access for CI/CD
  • Cloudflare Zone ID: 4dd6a2162da1b2f3ba4a2cc44a7b7f53

Cloudflare DNS Management

Add a subdomain CNAME (e.g., for Vercel)

$headers = @{Authorization="Bearer $env:CLOUDFLARE_API_TOKEN"; "Content-Type"="application/json"} $body = @{type="CNAME"; name="SUBDOMAIN"; content="cname.vercel-dns.com"; ttl=1; proxied=$false} | ConvertTo-Json Invoke-RestMethod -Uri "https://api.cloudflare.com/client/v4/zones/4dd6a2162da1b2f3ba4a2cc44a7b7f53/dns_records" -Headers $headers -Method Post -Body $body

Important: Set proxied=$false (DNS only / gray cloud) for Vercel-hosted subdomains — Vercel needs direct CNAME resolution for SSL provisioning.

List existing DNS records

$headers = @{Authorization="Bearer $env:CLOUDFLARE_API_TOKEN"} Invoke-RestMethod -Uri "https://api.cloudflare.com/client/v4/zones/4dd6a2162da1b2f3ba4a2cc44a7b7f53/dns_records" -Headers $headers | Select-Object -ExpandProperty result | Format-Table name, type, content, proxied

Delete a DNS record

$headers = @{Authorization="Bearer $env:CLOUDFLARE_API_TOKEN"} Invoke-RestMethod -Uri "https://api.cloudflare.com/client/v4/zones/4dd6a2162da1b2f3ba4a2cc44a7b7f53/dns_records/RECORD_ID" -Headers $headers -Method Delete

Purge cache (after deployment)

$headers = @{Authorization="Bearer $env:CLOUDFLARE_API_TOKEN"; "Content-Type"="application/json"} $body = '{"purge_everything":true}' Invoke-RestMethod -Uri "https://api.cloudflare.com/client/v4/zones/4dd6a2162da1b2f3ba4a2cc44a7b7f53/purge_cache" -Headers $headers -Method Post -Body $body

Vercel Deployment Management

Deploy a project to production

npx vercel --prod --cwd "PROJECT_PATH" --yes

Add environment variable

echo "VALUE" | npx vercel env add VAR_NAME production --cwd "PROJECT_PATH"

List projects

npx vercel project ls

Add custom domain to a Vercel project

npx vercel domains add SUBDOMAIN.leadspanther.com PROJECT_NAME

Full Subdomain Provisioning Procedure

When deploying a new LeadsPanther service to a subdomain:

  1. Build & test locallynpm run build must pass
  2. Deploy to Vercelnpx vercel --prod --cwd "PATH" --yes
  3. Add Cloudflare CNAMESUBDOMAINcname.vercel-dns.com (proxied=false)
  4. Add domain in Vercelnpx vercel domains add SUBDOMAIN.leadspanther.com PROJECT
  5. Verify DNSnslookup SUBDOMAIN.leadspanther.com 8.8.8.8
  6. Wait for SSL — Vercel auto-provisions (2-10 min after DNS propagates)
  7. Verify HTTPS — confirm 200 response at https://SUBDOMAIN.leadspanther.com
  8. Set env vars — add any required env vars to the Vercel project
  9. Report — notify Alfred with deployment URL and status

Active Subdomains

SubdomainProjectStatus
wwwleadspanther-site✅ Live
mcmission-control✅ Live

Approval Requirements

  • New subdomain creation: Notify Alfred → Alfred requests Clayton's approval
  • DNS record deletion: Requires Clayton's explicit approval
  • Environment variable changes: Log all changes, notify Alfred
  • Cache purges: Can be done autonomously after deployments

Error Handling

  • DNS propagation delay: Wait up to 10 minutes, re-check with nslookup against 8.8.8.8
  • Vercel SSL failure: Ensure Cloudflare proxy is OFF (gray cloud). Check domain in Vercel dashboard.
  • Build failure: Check npx vercel inspect --logs URL for error details
  • Rate limits: Cloudflare free plan allows 1200 API requests per 5 minutes
View raw SKILL.md
# Skill: Infrastructure Ops

**Owner:** Devin (Delivery Ops) — primary
**Support:** Alfred (Orchestrator) — escalation & approval
**Purpose:** Manage Cloudflare DNS, Vercel deployments, and subdomain provisioning for LeadsPanther properties

---

## Prerequisites

- `CLOUDFLARE_API_TOKEN` — scoped to leadspanther.com (DNS edit, zone read, cache purge, SSL, page rules, firewall, analytics, email routing, Workers)
- `VERCEL_TOKEN` — Vercel deployments
- `GITHUB_PAT` — repo access for CI/CD
- Cloudflare Zone ID: `4dd6a2162da1b2f3ba4a2cc44a7b7f53`

## Cloudflare DNS Management

### Add a subdomain CNAME (e.g., for Vercel)

```powershell
$headers = @{Authorization="Bearer $env:CLOUDFLARE_API_TOKEN"; "Content-Type"="application/json"}
$body = @{type="CNAME"; name="SUBDOMAIN"; content="cname.vercel-dns.com"; ttl=1; proxied=$false} | ConvertTo-Json
Invoke-RestMethod -Uri "https://api.cloudflare.com/client/v4/zones/4dd6a2162da1b2f3ba4a2cc44a7b7f53/dns_records" -Headers $headers -Method Post -Body $body
```

**Important:** Set `proxied=$false` (DNS only / gray cloud) for Vercel-hosted subdomains — Vercel needs direct CNAME resolution for SSL provisioning.

### List existing DNS records

```powershell
$headers = @{Authorization="Bearer $env:CLOUDFLARE_API_TOKEN"}
Invoke-RestMethod -Uri "https://api.cloudflare.com/client/v4/zones/4dd6a2162da1b2f3ba4a2cc44a7b7f53/dns_records" -Headers $headers | Select-Object -ExpandProperty result | Format-Table name, type, content, proxied
```

### Delete a DNS record

```powershell
$headers = @{Authorization="Bearer $env:CLOUDFLARE_API_TOKEN"}
Invoke-RestMethod -Uri "https://api.cloudflare.com/client/v4/zones/4dd6a2162da1b2f3ba4a2cc44a7b7f53/dns_records/RECORD_ID" -Headers $headers -Method Delete
```

### Purge cache (after deployment)

```powershell
$headers = @{Authorization="Bearer $env:CLOUDFLARE_API_TOKEN"; "Content-Type"="application/json"}
$body = '{"purge_everything":true}'
Invoke-RestMethod -Uri "https://api.cloudflare.com/client/v4/zones/4dd6a2162da1b2f3ba4a2cc44a7b7f53/purge_cache" -Headers $headers -Method Post -Body $body
```

## Vercel Deployment Management

### Deploy a project to production

```powershell
npx vercel --prod --cwd "PROJECT_PATH" --yes
```

### Add environment variable

```powershell
echo "VALUE" | npx vercel env add VAR_NAME production --cwd "PROJECT_PATH"
```

### List projects

```powershell
npx vercel project ls
```

### Add custom domain to a Vercel project

```powershell
npx vercel domains add SUBDOMAIN.leadspanther.com PROJECT_NAME
```

## Full Subdomain Provisioning Procedure

When deploying a new LeadsPanther service to a subdomain:

1. **Build & test locally** — `npm run build` must pass
2. **Deploy to Vercel** — `npx vercel --prod --cwd "PATH" --yes`
3. **Add Cloudflare CNAME** — `SUBDOMAIN` → `cname.vercel-dns.com` (proxied=false)
4. **Add domain in Vercel** — `npx vercel domains add SUBDOMAIN.leadspanther.com PROJECT`
5. **Verify DNS** — `nslookup SUBDOMAIN.leadspanther.com 8.8.8.8`
6. **Wait for SSL** — Vercel auto-provisions (2-10 min after DNS propagates)
7. **Verify HTTPS** — confirm 200 response at `https://SUBDOMAIN.leadspanther.com`
8. **Set env vars** — add any required env vars to the Vercel project
9. **Report** — notify Alfred with deployment URL and status

## Active Subdomains

| Subdomain | Project | Status |
|-----------|---------|--------|
| www | leadspanther-site | ✅ Live |
| mc | mission-control | ✅ Live |

## Approval Requirements

- **New subdomain creation**: Notify Alfred → Alfred requests Clayton's approval
- **DNS record deletion**: Requires Clayton's explicit approval
- **Environment variable changes**: Log all changes, notify Alfred
- **Cache purges**: Can be done autonomously after deployments

## Error Handling

- **DNS propagation delay**: Wait up to 10 minutes, re-check with `nslookup` against `8.8.8.8`
- **Vercel SSL failure**: Ensure Cloudflare proxy is OFF (gray cloud). Check domain in Vercel dashboard.
- **Build failure**: Check `npx vercel inspect --logs URL` for error details
- **Rate limits**: Cloudflare free plan allows 1200 API requests per 5 minutes