feat: add @varlock/cloudflare-integration package#480
Open
theoephraim wants to merge 9 commits intomainfrom
Open
feat: add @varlock/cloudflare-integration package#480theoephraim wants to merge 9 commits intomainfrom
theoephraim wants to merge 9 commits intomainfrom
Conversation
Deploying with
|
| Status | Name | Latest Commit | Preview URL | Updated (UTC) |
|---|---|---|---|---|
| ✅ Deployment successful! View logs |
varlock-website | d0cc543 | Commit Preview URL Branch Preview URL |
Mar 29 2026, 05:55 PM |
🦋 Changeset detectedLatest commit: d0cc543 The changes in this PR will be included in the next version bump. This PR includes changesets to release 2 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
philmillman
approved these changes
Mar 24, 2026
Member
philmillman
left a comment
philmillman
left a comment
There was a problem hiding this comment.
lgtm!
one thing we might consider for the docs is calling out explicitly what the upgrade would look like for existing varlock/cloudflare users
|
No dependency changes detected. Learn more about Socket for GitHub. 👍 No dependency changes detected in pull request |
commit: |
New package for Cloudflare Workers that replaces bundling secrets into worker code with Cloudflare's native secrets/vars mechanism. - `varlockCloudflareVitePlugin()` - Vite plugin that reads `__VARLOCK_ENV` from Cloudflare secret bindings at runtime via `cloudflare:workers` - `varlock-wrangler` CLI - drop-in wrangler replacement that uploads non-sensitive values as vars and sensitive values as secrets on deploy, and generates correct types including varlock-managed env vars - `resolvedEnvVars()` helper for injecting vars into miniflare bindings in local dev Refactors the base Vite plugin to remove Cloudflare-specific logic and add generic extension points (ssrEntryCode, ssrEdgeRuntime, ssrEntryModuleIds, ssrInjectModeDev) that platform integrations can use. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- varlock-wrangler dev: injects env into miniflare via Unix named pipe (FIFO) so secrets never touch disk; watches .env files and restarts wrangler on changes; preserves color output - varlock-wrangler types: passes env keys via --env-file for correct Env type generation - @varlock/cloudflare-integration/init: standalone init module for non-Vite workers (reads __VARLOCK_ENV from CF bindings, patches console/response) - Rewrite docs: show varlock-wrangler approach first, Vite second; move native env access section into Vite section - Fix env file format: use single-quoted dotenv values to avoid escaping issues with JSON in __VARLOCK_ENV Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
theoephraim
force-pushed
the
feature/cloudflare-integration
branch
from
3d2a6de to
2c7942e
Compare
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
theoephraim
force-pushed
the
feature/cloudflare-integration
branch
from
ba578fa to
8bf8ac9
Compare
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
theoephraim
force-pushed
the
feature/cloudflare-integration
branch
from
8bf8ac9 to
5a87d42
Compare
…ng, docs cleanup - varlockCloudflareVitePlugin now wraps @cloudflare/vite-plugin directly, injecting resolved vars into miniflare bindings automatically in dev - FIFO serving moved to child process so blocked libuv thread doesn't prevent clean process exit - dev output: strip env var binding rows, rewrite FIFO path and wrangler types hints - deploy: add --keep-vars=false to clear stale vars/secrets - docs: rewrite for clarity, remove redundant sections, add log redaction/leak prevention section, fix unused imports Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- varlock-wrangler dev errors if .dev.vars file exists (would conflict) - fix empty method lint warnings with descriptive comments - fix typo in docs, incorporate user edits Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
… notice - Split __VARLOCK_ENV into chunks when it exceeds Cloudflare's 5KB secret limit (__VARLOCK_ENV_CHUNKS + __VARLOCK_ENV_0, _1, etc.) - Reassembly in init.ts and Vite ssrEntryCode - Add debug logs to dev and types commands (VARLOCK_DEBUG=1) - Add deploy summary notice with var/secret counts - Detect .dev.vars conflict in dev command Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…on, chunked secrets, framework tests - varlockCloudflareVitePlugin: wraps @cloudflare/vite-plugin with env injection into miniflare bindings (dev) and CF secret bindings (prod) - varlock-wrangler CLI: drop-in wrangler replacement handling deploy (vars/secrets split, 5KB chunking), dev (FIFO named pipe, file watching), and types generation - @varlock/cloudflare-integration/init: standalone init module for non-Vite workers - Bundle @varlock/vite-integration via tsup noExternal, remove resolvedEnvVars() and ssrInjectModeDev from vite integration - Framework tests for both wrangler and vite approaches (basic, leak detection, chunking) - Dev server test harness (dev-server.ts, describeDevScenario) - CI workflow: matrix strategy for integration tests, --all flag support - Website docs with both setup approaches, CLI reference, and upgrade guide Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
theoephraim
force-pushed
the
feature/cloudflare-integration
branch
from
0de8139 to
d0cc543
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
@varlock/cloudflare-integrationpackage that replaces bundling secrets into worker code with Cloudflare's native secrets/vars mechanismvarlockCloudflareVitePlugin()reads__VARLOCK_ENVfrom Cloudflare secret bindings at runtime viaimport { env } from 'cloudflare:workers'varlock-wranglerCLI wraps wrangler to automatically upload non-sensitive values as vars and sensitive values as secrets on deployvarlock-wrangler typesgenerates correct CloudflareEnvtypes including varlock-managed env varsresolvedEnvVars()helper for optionally injecting vars into miniflare bindings in local devssrEntryCode,ssrEdgeRuntime,ssrEntryModuleIds,ssrInjectModeDev)Test plan
vite devworks withvarlockCloudflareVitePlugin()— env vars load correctlyvarlock-wrangler deployuploads vars and secrets correctlyvarlock-wrangler typesgeneratesEnvinterface with varlock-managed varsresolvedEnvVars()enables nativeenv.MY_VARaccess in miniflare devvarlockVitePlugin()🤖 Generated with Claude Code