Skip to content

runbook: inspect Cloudflare wiki policy and rollback controls #459

Description

@ss-o

Outcome

Create a non-secret organization runbook for inspecting and safely rolling back the Cloudflare controls that affect the public Z-Shell wiki.

Owner: @ss-o

Related public implementation: z-shell/wiki#795

Read-only inspection scope

  • Determine whether Cloudflare manages or modifies the wiki's robots.txt or content-signal behavior.
  • Identify the supported Pages deployment rollback workflow and the evidence needed to select a known-good deployment.
  • Determine whether path-level analytics can distinguish requests for discovery and machine-readable artifacts.
  • Record the available log fields and retention period needed for release verification and incident diagnosis.

Runbook requirements

  • Document the non-secret dashboard navigation and observation procedure.
  • Record the rollback decision points, verification steps, and restoration procedure.
  • Describe how repository-owned crawler/header policy is compared with deployed behavior.
  • State what analytics or logging is unavailable rather than inferring account capability.
  • Minimize collected data; do not log prompts, query text, or personal data.
  • Require explicit maintainer approval before any Cloudflare setting or deployment is changed.

Security boundary

Do not place account IDs, tokens, private settings, secret values, internal hostnames, or screenshots containing sensitive account data in the issue or runbook.

Done when

  • A maintainer can perform the inspection without changing state.
  • The runbook identifies an owner and a tested review/rollback checklist.
  • Public verification evidence can be recorded without exposing Cloudflare account details.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions