appService: {
id: "app";
mount: { kind: "base" };
env: [
{
name: "TRUSTED_ORIGINS";
hint: "comma-separated browser origins allowed on /api/* (CORS)";
},
{
name: "CLOUDFLARE_API_TOKEN";
required: true;
secret: true;
provisioning: true;
hint: "CF account-scoped master token (Workers Scripts + D1 + KV Edit) — mints the scoped tokens + provisions, then DELETED (never in git)";
},
{
name: "CLOUDFLARE_ACCOUNT_ID";
required: true;
secret: true;
surface: "local";
hint: "CF account id — a KEEPER (routine scoped-token ops need it), kept encrypted in .env";
},
{
name: "CLOUDFLARE_D1_TOKEN";
secret: true;
minted: true;
hint: "scoped: D1 Write (migrations)";
},
{
name: "CLOUDFLARE_WORKERS_TOKEN";
secret: true;
minted: true;
hint: "scoped: Workers Scripts Write (deploy + secret put)";
},
{
name: "CLOUDFLARE_KV_TOKEN";
secret: true;
minted: true;
hint: "scoped: KV Write (rate-limit / rate-credit namespaces)";
},
];
} = ...
Type Declaration
Readonlyid: "app"
Readonlymount: { kind: "base" }
Readonlyenv: [
{
name: "TRUSTED_ORIGINS";
hint: "comma-separated browser origins allowed on /api/* (CORS)";
},
{
name: "CLOUDFLARE_API_TOKEN";
required: true;
secret: true;
provisioning: true;
hint: "CF account-scoped master token (Workers Scripts + D1 + KV Edit) — mints the scoped tokens + provisions, then DELETED (never in git)";
},
{
name: "CLOUDFLARE_ACCOUNT_ID";
required: true;
secret: true;
surface: "local";
hint: "CF account id — a KEEPER (routine scoped-token ops need it), kept encrypted in .env";
},
{
name: "CLOUDFLARE_D1_TOKEN";
secret: true;
minted: true;
hint: "scoped: D1 Write (migrations)";
},
{
name: "CLOUDFLARE_WORKERS_TOKEN";
secret: true;
minted: true;
hint: "scoped: Workers Scripts Write (deploy + secret put)";
},
{
name: "CLOUDFLARE_KV_TOKEN";
secret: true;
minted: true;
hint: "scoped: KV Write (rate-limit / rate-credit namespaces)";
},
]
The 19 CORE services, expressed through the common interface (the dogfood). Ported field-for-field from the C051 CATALOG;
authandcreditsadditionally declare their composition surface (theauth.onUserCreatedport + thecredits.grantOnSignupcapability) — inert until the Phase-3 engine consumes them, and the render/build templates are PROVISIONAL (Phase 3 pins them against the real auth seam signature, see ADR C053 open question #1).