fix(deploy): scope npm run deploy to --env production

[chitcommit]

⚠️ DO NOT ENABLE AUTO-MERGE

This PR's merge will trigger Workers Builds → production deploy. Verify the diff and manually merge when ready. The current production worker (3d46be98, healthy) is a manual rollback; the moment any commit lands on main, CI re-deploys.

Summary

package.json had "deploy": "wrangler deploy" with no --env flag. Workers Builds runs that verbatim. Without --env, wrangler reads only the top-level config block, where the only declared binding is secrets_store_secrets. Every other binding (KV / DO / D1 / R2 / Vectorize / queues / services / AI / Worker Loader / vars / routes / triggers) is correctly scoped under env.production per the canonical pattern documented in wrangler.jsonc:16-20.

Net effect: every CI deploy produces a worker with 17 secrets and zero resource bindings. The runtime tries to use env.MCP_AGENT / env.DB / env.OAUTH_KV / etc, gets undefined, and the OAuthProvider chain resolves to non-Response — Cloudflare returns 1101 across every path.

This was the regression mechanism for both:

• c3cd2a6d (post-PR-fix: MCP portal zero-trust fixes #168 deploy, took down prod for ~12h)
• a48c8f18 (post-PR-fix: reconcile uncommitted production hotfix to main #174 deploy from earlier today, also took down prod, rolled back to 3d46be98 via wrangler rollback)

Local wrangler deploy --env production reads the env block and produces a healthy bundle — same wrangler.jsonc, different invocation, opposite outcomes. The fix is one line of script change; no wrangler.jsonc edits needed.

Diff

-    "deploy": "wrangler deploy",
+    "deploy": "wrangler deploy --env production",
+    "deploy:staging": "wrangler deploy --env staging",
+    "deploy:production": "wrangler deploy --env production",

The aliases are belt-and-suspenders: npm run deploy always means production now, but explicit deploy:staging / deploy:production aliases let callers be unambiguous. Revertable in one line if Workers Builds is later configured to use a different command.

Verification plan (post-merge)

# 1. Wait for Workers Builds to complete (~30-60s after merge)
npx wrangler deployments list --env production | head -10

# 2. Inspect the new version's bindings — should show ~50 binding lines, not 17
npx wrangler versions view <new_version_id> --env production | tail -80

# 3. Health check
curl -s https://connect.chitty.cc/health | jq .status
# expect: "ok"

If the new deploy is broken, wrangler rollback 3d46be98-344c-4711-9e44-f5418ca84881 --env production restores the known-good state.

Why open this with auto-merge disabled

I broke prod once today by letting a merge trigger an auto-deploy from a CI invocation that was structurally wrong. Same root cause that broke prod yesterday after PR #168. Treating this PR as a controlled deploy gate so we observe the next CI build before allowing it to ship.

🤖 Generated with Claude Code

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
✅ Deployment successful! View logs	chittyconnect	c295666	May 01 2026, 01:02 PM

[coderabbitai]

Warning

Rate limit exceeded

@chitcommit has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 21 minutes and 31 seconds before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 06078c2f-b758-4908-9dd3-18a3a9a4562f

📥 Commits

Reviewing files that changed from the base of the PR and between 1828c1a and c295666.

📒 Files selected for processing (1)

• package.json

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/wrangler-deploy-env-flag

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 0/1 reviews remaining, refill in 21 minutes and 31 seconds.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Scopes the default npm deploy command to Cloudflare’s production environment to prevent CI/Workers Builds deployments from unintentionally using the top-level Wrangler config (missing most bindings) and causing production outages.

Changes:

• Change npm run deploy to run wrangler deploy --env production.
• Add explicit deploy:staging and deploy:production script aliases for clarity.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.