Skip to content

Cloudflare Pages Deployment

This repo is prepared for a single static Cloudflare Pages deployment with:

  • landing/demo site on https://cloak.cash/
  • MkDocs technical docs under https://cloak.cash/docs/

Combined Build

Run:

yarn public:build

Combined output directory:

  • dist-public/
  • index.html (landing root)
  • styles.css, app.js, examples/* (landing assets)
  • docs/* (MkDocs build output)

Build behavior:

  1. Copies landing/ into dist-public/
  2. Regenerates docs mirrors/references
  3. Builds MkDocs to dist-public/docs/

Cloudflare Pages Project Settings

Use these values in the Cloudflare Pages dashboard:

  • Framework preset: None
  • Build command: yarn public:build
  • Build output directory: dist-public
  • Root directory: repository root
  • Custom domain: cloak.cash

Required Manual Dashboard Steps

  1. Create a new Pages project connected to this repo.
  2. Set build command/output directory as above.
  3. Set production branch (usually main).
  4. Attach custom domain cloak.cash (if not managed by Terraform yet).
  5. Trigger first deployment.

docs.cloak.cash is intentionally deferred in this slice.

No functions/runtime binding is required for this static deployment.

Terraform Provisioning

Cloudflare Pages provisioning is codified under:

  • infra/cloudflare/

Run locally:

cd infra/cloudflare
export CLOUDFLARE_API_TOKEN="..."
# edit existing terraform.tfvars with real values
terraform init
terraform plan
terraform apply

Terraform uses the same deployment settings:

  • production branch: main (default)
  • build command: yarn public:build
  • output directory: dist-public
  • root directory: /
  • landing custom domain: cloak.cash

Terraform also supports a private-preview WAF restriction scoped to cloak.cash:

  • allowlist IPs (default 107.133.182.115)
  • block all other IPs for the landing hostname
  • WAF phase: http_request_firewall_custom
  • zone can be Terraform-managed (manage_landing_zone=true) or provided by existing_landing_zone_id
  • WAF is disabled by default (enable_preview_waf_lockdown = false) for bootstrap safety

Recommended bootstrap sequence:

  1. Stage A (project import/manage): keep manage_landing_zone=false, enable_custom_domain_attachment=false, and enable_preview_waf_lockdown=false
  2. Stage B (zone): set manage_landing_zone=true
  3. if zone already exists and should be Terraform-managed, import it first:
  4. terraform import 'cloudflare_zone.landing_zone[0]' "<zone_id>"
  5. apply and copy landing_zone_nameservers outputs into Namecheap
  6. Stage C (registrar): wait for nameserver delegation/propagation
  7. Stage D (domain): set enable_custom_domain_attachment=true
  8. if domain already exists, import:
  9. terraform import 'cloudflare_pages_domain.custom_domain[0]' "<account_id>/<project_name>/<landing_custom_domain>"
  10. Stage E (WAF): set enable_preview_waf_lockdown=true only after zone is active

One-time prerequisite: connect Cloudflare Pages to GitHub with access to this repository before running terraform apply.

If the bch-privatize project already exists outside Terraform state, import it before apply:

terraform import cloudflare_pages_project.direct_spend_public_site "<account_id>/bch-privatize"

Path Expectations

  • Landing CTAs target /docs/, /docs/runtime/, /docs/wallet/, /docs/specs/
  • MkDocs remains canonical technical documentation under /docs/
  • Docs include a link back to landing at /
  • docs.cloak.cash is paused for now and not required for this rollout

Domain Migration Notes

If privatize.cash was previously attached to the Pages project:

  1. detach or replace the old custom-domain binding in Cloudflare Pages if apply reports a binding conflict
  2. ensure cloak.cash is onboarded in the Cloudflare zone for this account (including registrar nameserver delegation)
  3. apply Terraform with landing_custom_domain = "cloak.cash"
  4. if the new domain already exists before apply, import it:
terraform import 'cloudflare_pages_domain.custom_domain[0]' "<account_id>/<project_name>/cloak.cash"

If you are not using Terraform-managed zone creation, set:

  • manage_landing_zone = false
  • existing_landing_zone_id = "<32-char-zone-id>"

Truth Boundary Reminder

Deployment setup does not change protocol semantics or proof semantics.

Public claim boundary remains:

  • bounded two-input direct-spend milestone is published
  • public shell/fee/graph observables remain explicit
  • repeated no-top-up sustainability and private reserve replenishment remain future work