1mn.ai docs
Integrations

Deployments — Cloudflare

Connect Cloudflare to track deployments on your tickets and give coding runs ambient wrangler access for deploys, tail, and rollbacks.

Connect Cloudflare to do two things: track deployments on the tickets that caused them, and give coding runs ambient wrangler access inside the sandbox so they can deploy, tail logs, and roll back. There are two ways to connect — an OAuth flow and a scoped API token — and which you pick determines whether runs can actually deploy.

Prerequisites

  • A Cloudflare account that owns the Workers/Pages project you deploy.
  • To deploy (not just track), you need write access — see "Read-only vs. write-capable" below.

Option A — Connect with Cloudflare (OAuth)

  1. Open Integrations → the Deployments (Cloudflare) card and click Connect with Cloudflare.
  2. Approve the consent screen. 1mn requests a broad-but-scoped set so an in-sandbox wrangler deploy works across the resources a Worker touches, including:
    • workers-scripts.read / workers-scripts.write
    • workers-routes.read / workers-routes.write
    • workers-tail.read
    • d1.read / d1.write, workers-r2.read / workers-r2.write
    • containers.read / containers.write, workers-observability.read / workers-observability.write, page.read / page.write
  3. On return, 1mn auto-detects your account when exactly one is visible; otherwise pick the account. The connection is now active.

Read-only vs. write-capable

Some Cloudflare setups grant the OAuth connection read-only scopes — enough to track deploys but not to run wrangler deploy. The card flags this and tells you to reconnect or use a scoped API token (Option B). 1mn records the granted scopes so it can show whether your connection can actually deploy.

Option B — Paste a scoped API token (guaranteed deploy)

Use this when the OAuth connection is read-only or you want explicit control:

  1. In Cloudflare, go to My Profile → API Tokens and create a token with Workers Scripts: Edit — plus edit permissions for any resource you deploy (D1, R2, Pages, …).
  2. On the Deployments card, paste the token under Or paste an API token.
  3. Optionally paste your Account ID — it's auto-detected if the token can list accounts; otherwise provide it.
  4. Click Save token. This connection is write-capable and runs can wrangler deploy.

Example: what a coding run can do once connected

With a write-capable connection, deploy/rollback/inspect commands run inside the sandbox with the token already in the environment:

# Deploy the Worker
pnpm wrangler deploy

# Tail production logs to diagnose a failed deploy
pnpm wrangler tail

# Roll back to a previous version
pnpm wrangler rollback

See the deploy runbook the coding loops follow for the full command reference.

Notes & limits

  • Tracking works with read-only; deploying needs write. If runs report they can't deploy, your connection is read-only — switch to a scoped token (Option B).
  • Account auto-detect only fills in when exactly one account is visible; with several, set the Account ID yourself.
  • Disconnect removes the connection and coding agents lose their wrangler token in the sandbox.

Telegram

Connect a per-product Telegram bot from @BotFather to get notifications and reply to the agent from your phone.

The 1mn SDK

A first-party, embeddable browser SDK — pageviews, events, errors, web vitals, and in-app feedback that becomes tickets.

On this page

PrerequisitesOption A — Connect with Cloudflare (OAuth)Option B — Paste a scoped API token (guaranteed deploy)Example: what a coding run can do once connectedNotes & limits