295c4d930a
Security: - Replace hardcoded Cloudflare account/zone/KV IDs in wrangler.toml with placeholders; add wrangler.toml to .gitignore, ship .example - Replace real EC2 IPs in docs with <EC2_IP> placeholders - Redact partial CF API token prefix in retrospective - Parameterize Langfuse dev credentials in docker-compose.infra.yml - Replace Neon project ID in runbook with <neon-project-id> Community: - Add CONTRIBUTING.md (build, test, branch conventions, CI info) - Add CODE_OF_CONDUCT.md (Contributor Covenant 2.1) Cleanup: - Replace personal runner username/machine name in CI + PLAN.md - Replace personal tenant URL in MCP setup guide - Replace personal author field in bundle-system doc - Replace personal login in webhook test fixture - Rewrite cryptominer incident reference as generic security remediation - Remove private repo commit hashes from PLAN.md Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
21 lines
621 B
TOML
21 lines
621 B
TOML
name = "molecule-tenant-proxy"
|
|
main = "src/index.ts"
|
|
compatibility_date = "2024-09-23"
|
|
|
|
# Set via env var or fill in manually — do not commit real value
|
|
account_id = "your-cloudflare-account-id"
|
|
|
|
# KV namespace for caching org→IP mappings (L2 cache, 5 min TTL)
|
|
[[kv_namespaces]]
|
|
binding = "TENANT_CACHE"
|
|
id = "your-kv-namespace-id"
|
|
|
|
# Route: all tenant subdomains (wildcard). Explicit records (api, app, www)
|
|
# take priority in Cloudflare DNS — the Worker only fires for tenant slugs.
|
|
[[routes]]
|
|
pattern = "*.moleculesai.app/*"
|
|
zone_id = "your-cloudflare-zone-id"
|
|
|
|
[vars]
|
|
CP_API_URL = "https://api.moleculesai.app"
|