Add cloudflare deploy support

[vladimirbalaur18]

Summary by CodeRabbit

• New Features

  • Added Cloudflare Workers/Pages deployment support with preconfigured assets and logging.
  • Enabled local dev initialization for OpenNext on Cloudflare.
  • Introduced scripts for build, preview, deploy, upload, and type generation.

• Documentation

  • Updated README with a clearer Table of Contents and Getting Started formatting.
  • Added a step-by-step guide for deploying on Cloudflare (login, build, preview, deploy).

• Chores

  • Updated .gitignore to exclude .open-next artifacts.

[codesandbox]

Review or Edit in CodeSandbox

Open the branch in Web Editor • VS Code • Insiders

Open Preview

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
x-line-design-web	Error			Oct 7, 2025 9:09am

[coderabbitai]

Walkthrough

Integrated OpenNext Cloudflare support: added Cloudflare-specific config and init, introduced Wrangler configuration, updated package scripts for build/preview/deploy, extended README with Cloudflare deployment steps, and ignored the .open-next build output.

Changes

Cohort / File(s)	Summary
Cloudflare integration config next.config.js, open-next.config.ts, wrangler.toml	Added OpenNext Cloudflare dev initialization in Next.js config; created Cloudflare config entry via default export using defineCloudflareConfig(); introduced wrangler.toml defining worker entry (.open-next/worker.js), assets, compatibility flags, project name, and logs.
Tooling & scripts package.json, .gitignore	Added scripts: build, preview, deploy, upload, cf-typegen; added dependencies @opennextjs/cloudflare, npx and devDependency wrangler; ignored /.open-next.
Documentation README.md	Reworked ToC formatting; expanded Getting Started; added Cloudflare Workers/Pages deployment guide with commands and flow.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    actor Dev as Developer
    participant Next as Next.js Config
    participant ONCF as OpenNext Cloudflare
    participant WR as Wrangler CLI
    participant CF as Cloudflare Workers
    participant AS as Static Assets

    Dev->>Next: next.config.js loads
    Note right of Next: initOpenNextCloudflareForDev()
    Next->>ONCF: Initialize dev integration
    Dev->>WR: wrangler build/preview/deploy
    WR->>ONCF: Use .open-next outputs
    ONCF->>AS: Produce .open-next/assets
    ONCF->>WR: Produce worker (.open-next/worker.js)
    WR->>CF: Upload worker and bind ASSETS
    CF-->>Dev: Preview/Deployed URL

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

A rabbit taps deploy with glee, 🐇
Cloudflare winds now lift our spree.
OpenNext whispers, “prep the stage,”
Workers hum, assets engage.
From burrowed build to global light,
We hop the clouds—quick, clean, and bright.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title succinctly and accurately describes the primary change of the PR, which is adding support for Cloudflare deployment infrastructure. It focuses on the main objective and uses clear, concise language, allowing reviewers to quickly grasp the core intent without extraneous details.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch add-cloudflare-deployment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

next.config.js (1)

10-17: Critical: Overly permissive image proxy configuration creates SSRF risk.

The wildcard hostname: "**" allows the Next.js image proxy to fetch from any external URL, which circumvents the SSRF protections in OpenNext Cloudflare >=1.3.0. An attacker could potentially use /_next/image to access internal services or scan networks.

Based on learnings: The OpenNext Cloudflare adapter validates image URLs against remotePatterns to prevent SSRF attacks. A wildcard hostname defeats this protection.

Replace the wildcard with explicit allowed hosts:

   images: {
     remotePatterns: [
       {
         protocol: "https",
-        hostname: "**",
+        hostname: "your-cdn-domain.com",
+        pathname: "/**",
       },
+      // Add additional trusted image hosts as needed
     ],
   },

If you need to allow multiple domains, enumerate them explicitly rather than using a wildcard.

🧹 Nitpick comments (1)

wrangler.toml (1)

3-3: Consider updating the compatibility_date.

The date 2025-03-25 is several months old. Using a more recent date (e.g., 2025-10-01) ensures you benefit from the latest Cloudflare Workers runtime features and fixes.

Apply this diff:

-compatibility_date = "2025-03-25"
+compatibility_date = "2025-10-01"

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9e9b9b9 and 5a49076.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (6)

• .gitignore (1 hunks)
• README.md (3 hunks)
• next.config.js (1 hunks)
• open-next.config.ts (1 hunks)
• package.json (4 hunks)
• wrangler.toml (1 hunks)

🧰 Additional context used

🪛 markdownlint-cli2 (0.18.1)

README.md

7-7: Link fragments should be valid

(MD051, link-fragments)

---

8-8: Link fragments should be valid

(MD051, link-fragments)

---

9-9: Link fragments should be valid

(MD051, link-fragments)

---

10-10: Link fragments should be valid

(MD051, link-fragments)

---

14-14: Link fragments should be valid

(MD051, link-fragments)

---

15-15: Link fragments should be valid

(MD051, link-fragments)

---

17-17: Link fragments should be valid

(MD051, link-fragments)

---

18-18: Link fragments should be valid

(MD051, link-fragments)

---

19-19: Link fragments should be valid

(MD051, link-fragments)

---

20-20: Link fragments should be valid

(MD051, link-fragments)

---

21-21: Link fragments should be valid

(MD051, link-fragments)

---

22-22: Link fragments should be valid

(MD051, link-fragments)

---

78-78: Spaces inside code span elements

(MD038, no-space-in-code)

🔇 Additional comments (9)

.gitignore (1)

25-25: LGTM!

Appropriately ignores the OpenNext build output directory, consistent with the new Cloudflare deployment workflow.

open-next.config.ts (1)

1-3: LGTM!

Standard OpenNext Cloudflare configuration setup. The minimal config allows the adapter to use sensible defaults.

wrangler.toml (1)

1-1: LGTM!

The worker path and assets configuration correctly reference the OpenNext build output structure.

Also applies to: 5-7

next.config.js (1)

38-39: Verify that dev-only initialization is appropriate for all builds.

The function initOpenNextCloudflareForDev() is called unconditionally at module load time, including during production builds. Confirm this is the intended pattern for your setup.

Based on learnings, this initialization enables features like remote bindings for local development. If this is only needed for dev, consider conditionally calling it:

-import { initOpenNextCloudflareForDev } from "@opennextjs/cloudflare";
-initOpenNextCloudflareForDev();
+if (process.env.NODE_ENV === 'development') {
+  const { initOpenNextCloudflareForDev } = await import("@opennextjs/cloudflare");
+  initOpenNextCloudflareForDev();
+}

Verify the correct usage pattern in the OpenNext Cloudflare documentation.

README.md (2)

78-78: Clarify "doesn't work" statement.

The note states that opennextjs-cloudflare from official documentation doesn't work. This is unclear and could confuse users. Please clarify:

• What specific issue did you encounter with the official docs?
• Is this a temporary workaround or the recommended approach?
• Should this be reported upstream to the OpenNext Cloudflare project?

Consider rephrasing to be more specific:

2. Run the commands via `wrangler` (`wrangler build`, `wrangler dev`). Note: Use these commands instead of the `opennextjs-cloudflare` CLI if you encounter [specific issue].

---

73-96: Good addition of deployment documentation.

The step-by-step Cloudflare deployment guide is clear and helpful, with proper code examples for each step.

package.json (3)

25-25: LGTM!

Using @opennextjs/cloudflare@^1.9.1 is appropriate—this is the latest stable version with important security fixes including SSRF protection for the image proxy.

Based on learnings: Version 1.9.1 includes critical security patches and performance improvements.

---

127-127: LGTM!

The Wrangler version ^4.42.0 is appropriate for Cloudflare Workers deployment and aligns with the new wrangler.toml configuration.

---

11-15: Verify script commands work as expected.

The new Cloudflare scripts use the opennextjs-cloudflare build command, but the README notes that "the opennextjs-cloudflare from official documentation doesn't work." Please verify:

1. Does the opennextjs-cloudflare CLI work correctly in your setup?
2. Are these scripts tested and functional?

If the CLI doesn't work, consider updating the scripts to use alternative commands as suggested in the README.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Remove unnecessary npx dependency.

The npx package is unnecessary as npx is a CLI tool bundled with npm (version 5.2.0+). Adding it as a dependency can cause conflicts and is not a standard practice.

Apply this diff:

     "node-telegram-bot-api": "^0.66.0",
-    "npx": "^10.2.2",
     "passport": "^0.7.0",

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"npx": "^10.2.2",
	"node-telegram-bot-api": "^0.66.0",
	"passport": "^0.7.0",

🤖 Prompt for AI Agents

In package.json around line 82, remove the "npx": "^10.2.2" entry from
dependencies (or devDependencies) because npx is bundled with npm and should not
be installed as a package; delete that line, run npm install (or yarn install)
to update package-lock.json/yarn.lock, and verify existing npm scripts still
work without the explicit npx dependency.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Fix code span formatting.

Extra spaces inside the backticks break markdown formatting.

Apply this diff:

-2. Run the commands via `wrangler`, (` wrangler build`, `wrangler dev`) since the `opennextjs-cloudflare` from official documentation doesn't work
+2. Run the commands via `wrangler` (`wrangler build`, `wrangler dev`) since the `opennextjs-cloudflare` from official documentation doesn't work

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	2. Run the commands via `wrangler`, (` wrangler build`, `wrangler dev`) since the `opennextjs-cloudflare` from official documentation doesn't work
	2. Run the commands via `wrangler` (`wrangler build`, `wrangler dev`) since the `opennextjs-cloudflare` from official documentation doesn't work

🧰 Tools

🪛 markdownlint-cli2 (0.18.1)

78-78: Spaces inside code span elements

(MD038, no-space-in-code)

🤖 Prompt for AI Agents

In README.md around line 78, the code spans contain extra spaces (e.g. "(`
wrangler build`, `wrangler dev`") which breaks Markdown formatting; remove the
stray space after the opening backticks so each command is a proper code span
(e.g. "`wrangler build`, `wrangler dev`"), and ensure other inline code uses
backticks without surrounding spaces.