Every change in this sprint is additive. Workers at *.jason-8ce.workers.dev never died. The 5 tenant subdomains, the registry D1, the chatbot, the cron, and the rules-deploy are all reversible in <15 minutes total. This doc shows you exactly how, per phase and en bloc.
π Living doc rule: this rollback plan is updated EVERY time something ships, drifts, or is rolled back. The Cowork session/task making the change is responsible for appending a "Changelog" entry below and redeploying this worker. Single source of truth.
sperry-hub.jason-8ce.workers.dev converted from full page render to single 301 redirect β sperry.bosstorque.ai. Preserves Rob/Michele bookmarks. Verified HTTP 301 with Location header. Rollback: redeploy from baseline snapshot.sperry-spring-lp-apr2026 which is classified public (customer landing page reachable from previously-sent emails). Workers.dev URL must stay alive forever. No change.bosstorque-rules.jason-8ce.workers.dev. Codifies pre-deploy checklist, public-vs-internal classification rules, and post-deploy registry registration. Implemented as policy in rules rather than hard lint at the deploy relay (avoids breakage risk on existing flows).mcp__scheduled-tasks__list_scheduled_tasks and update any that hold stale tokens.TOK="cfat_2KhI8ZseoSlZleebNGqKaaU057NTRbvwsbwUWq15de4b6b15"
ACCT="8cef3a20d2c22491d2bbbc594cf4865d"
API="https://api.cloudflare.com/client/v4/accounts/$ACCT"
# 1. Remove all 6 sprint-added custom domains
for HOST in bt sperry giftcue trnka me plan.bt; do
ID=$(curl -s "$API/workers/domains?hostname=${HOST}.bosstorque.ai" -H "Authorization: Bearer $TOK" \
| python3 -c "import json,sys; d=json.load(sys.stdin); print(d['result'][0]['id'] if d.get('result') else '')")
[ -n "$ID" ] && curl -s -X DELETE "$API/workers/domains/$ID" -H "Authorization: Bearer $TOK"
done
# 2. Delete the 8 new workers (NONE of them are customer-facing; safe to remove)
for W in bt-tenant-hub sperry-tenant-hub giftcue-tenant-hub trnka-tenant-hub personal-tenant-hub \
bt-chat bt-registry-sync bt-cf-restructure-plan-may2026 \
bt-cf-restructure-summary-may2026 bt-url-inventory-may2026; do
curl -s -X DELETE "$API/workers/scripts/$W" -H "Authorization: Bearer $TOK"
done
# 3. Delete the registry D1 (or keep β non-destructive on its own)
curl -s -X DELETE "$API/d1/database/36578b81-7532-4fac-bf4e-57c4423493f4" -H "Authorization: Bearer $TOK"
# 4. Restore bosstorque-hub to pre-sprint version (from local git backup)
PASTE=$(curl -s --data-binary @/Users/Jason/My\ Drive*/4_Strategy*/Internal*/BT\ Hub/cf-baseline-may2026/workers/bosstorque-hub.js https://paste.rs/)
curl -s -X POST "https://mdp-api-proxy-may2026.jason-8ce.workers.dev/deploy/bosstorque-hub?raw_js=1" \
-H "Authorization: Bearer Dtr1oXnkX4sA_AvexQwwlLFCaedgjmWQQ_oPByo4aj8" \
-H "Content-Type: application/json" -d "{\"url\":\"$PASTE\"}"
# 5. Restore global rules to pre-sprint version
PASTE=$(curl -s --data-binary @/Users/Jason/My\ Drive*/4_Strategy*/Internal*/BT\ Hub/cf-baseline-may2026/workers/bosstorque-rules.js https://paste.rs/)
curl -s -X POST "https://mdp-api-proxy-may2026.jason-8ce.workers.dev/deploy/bosstorque-rules?raw_js=1" \
-H "Authorization: Bearer Dtr1oXnkX4sA_AvexQwwlLFCaedgjmWQQ_oPByo4aj8" \
-H "Content-Type: application/json" -d "{\"url\":\"$PASTE\"}"
# Done. Every original *.jason-8ce.workers.dev URL still resolves.
Effect: all custom subdomains 404, all sprint-added workers gone, bosstorque-hub restored to pre-sprint version, rules restored. Original 144 workers unaffected throughout. Total elapsed: ~10 minutes.
| Subdomain | Tenant | Allowlist (Phase 1 target) | Notes |
|---|---|---|---|
bt.bosstorque.ai | BT Internal | jason@bosstorque.ai | P&L, banking, hiring, strategy. Most sensitive tenant. |
sperry.bosstorque.ai | Sperry Tree Care | jason@ + rob@sperrytreecare.com + michele@sperrytreecare.com (Michele Hatfield) | Only client tenant. Active engagement. 74 artifacts including approvals and SOWs. |
giftcue.bosstorque.ai | GiftCue | jason@ only initially; co-founders TBD | Pre-launch product. 13 artifacts including business plan. |
trnka.bosstorque.ai | Trnka | jason@ only β Jason's personal citizenship case, not a client | Czech Β§31(3) descent case via grandfather Hans Trnka. PII-sensitive. |
me.bosstorque.ai | Personal | jason@ only | Concerts, AAA, fitness. Separate from Trnka (different correspondence cadence). |
Critical for Phase 1 (Cloudflare Access). PUBLIC workers MUST stay reachable without authentication β they serve customer emails, public marketing, embedded asset URLs, and infra relays. INTERNAL workers go behind Access on canonical .bosstorque.ai URLs. The classification is stored on artifacts.visibility in bt-registry D1.
| Tenant | Public | Internal | Examples of public |
|---|---|---|---|
| BT | 14 | 44 | bosstorque-site, bosstorque-rules, bosstorque-templates, bt-notify, bosstorque-powerleak-apr2026 (customer-facing assessment) |
| Sperry | 18 | 56 | sperry-assets (email image server), sperry-spring-lp-apr2026 (customer LP), sperry-stock-gallery, sperry-images-apr2026, sperry-bosstorque-tos, sperry-club-thankyou (customer page) |
| GiftCue | 8 | 5 | getgiftcue-landing-may2026, giftcue-tos-may2026, giftcue-privacy-may2026, giftcue-marketing-may2026 (most of giftcue is public β pre-launch surface) |
| MDP | 2 | 2 | mothers-day-picker-may2026, mdp-api-proxy-may2026 (the deploy relay β infra-public) |
| Personal | 2 | 5 | seated-relay (Slack relay), fancy-frog-c42e (CF placeholder) |
| Trnka | 0 | 6 | All internal β personal citizenship records |
*.jason-8ce.workers.dev URLs stay permanently public. Customer emails contain these URLs (e.g. Sperry email image src tags reference sperry-assets.jason-8ce.workers.dev/<img>). Killing those would break all previously-sent emails. Phase 1 Access never goes near them.| Phase | Forward action (what shipped) | Rollback action | Difficulty |
|---|---|---|---|
| 0a Plan publish | Deployed bt-cf-restructure-plan-may2026; added pinned card to bosstorque-hub | Remove card from hub; delete worker | 2 min |
| 0b Slack channel | Rotated bt-notify token to 351222a9... (final value) | Token policy now in global rules β do not roll back to a prior value. If broken, follow the policy: re-read from KV/Apple Note, do not rotate. | N/A |
| 0c Backup | 12 MB written to BT Hub Drive folder (cf-baseline-may2026) | Non-destructive. Delete folder if desired. Drive trash retains for 30 days. | 1 min |
| 0 DNS | 6 custom domains attached (bt., sperry., giftcue., trnka., me., plan.bt.) | DELETE each via /workers/domains. CF auto-removes the DNS record on detach. | 3 min |
| 2 Registry D1 | Created bt-registry D1 (UUID above), 155 artifacts indexed, url_references table | DELETE D1 via API. Or keep β no consumers outside this sprint. Non-destructive to other workers. | 1 min |
| 3 BT Internal hub | Deployed bt-tenant-hub, bound to bt.bosstorque.ai | Detach domain + DELETE script. Original bosstorque-hub still serves at .workers.dev. | 1 min |
| 4 Sperry hub | Deployed sperry-tenant-hub, bound to sperry.bosstorque.ai | Same. Legacy sperry-hub still serves at .workers.dev. | 1 min |
| 5 Global nav | Baked into tenant hub workers | Reverts when those workers are deleted. | included |
| 6 GiftCue/Trnka/Personal hubs | 3 more tenant hubs deployed + bound | Same pattern. | 2 min |
| 7 AI chatbot | Deployed bt-chat with Anthropic key + D1 binding | DELETE script. Chat panel in tenant hubs returns network error on use; non-fatal. | 1 min |
| 8 Auto-update cron | Deployed bt-registry-sync with hourly :05 cron | DELETE script. Registry stops auto-updating; manual /api/register still works. | 1 min |
| 1.0a Patch bosstorque-hub | Replace workers.dev URLs in cards with .bosstorque.ai canonicals | Redeploy from /BT Hub/cf-baseline-may2026/workers/bosstorque-hub.js (pre-sprint snapshot) via deploy relay. | 2 min |
| 1.0b Patch sperry-hub | Either replace URLs in-line OR convert to 301 redirect to sperry.bosstorque.ai | Redeploy from baseline snapshot. | 2 min |
| 1.0c Source-replace internal refs | ~40 workers patched, internalβinternal URL refs swapped to .bosstorque.ai | Redeploy each from baseline snapshot. Per-worker reversal possible. | ~15 min for all |
| 1.0d WP page patch | spring-estimate page on sperrytreecare.com β JS inline URL swapped (or left workers.dev if customer-facing) | WP REST API PATCH with original snippet. Pre-patch content saved in Drive. | 1 min |
| 1.0e Deploy relay lint | mdp-api-proxy-may2026 rejects workers.dev refs in submitted JS | Redeploy mdp-api-proxy-may2026 from pre-lint snapshot. | 2 min |
| 1 Cloudflare Access (when shipped) | Create 5 Access apps, attach allowlists, enforce on canonical subdomains | DELETE each Access app via /access/apps/{id}. Workers stay reachable; auth gate removed. | 3 min |
| 9 Stale cleanup (deferred) | Not started | N/A | N/A |
plan.bt.bosstorque.ai or https://bt-cf-restructure-plan-may2026.jason-8ce.workers.dev to verify the hub URL is the only thing broken.public.curl https://sperry-assets.jason-8ce.workers.dev/sperry-logo-oval-crop.png -I returns 200.public. The Phase 1 setup script must filter by artifacts.visibility = 'internal' before attaching Access policies.curl -X POST https://bt-registry-sync.jason-8ce.workers.dev/sync -H "Authorization: Bearer <sync_token from KV>"TOK=$(curl -s "https://api.cloudflare.com/client/v4/accounts/8cef3a20d2c22491d2bbbc594cf4865d/storage/kv/namespaces/fc91179257c34d0ca13af644aa4f3f81/values/cf_admin_token" \
-H "Authorization: Bearer cfat_2KhI8ZseoSlZleebNGqKaaU057NTRbvwsbwUWq15de4b6b15")
# 1. All 144 original workers still alive?
curl -s "https://api.cloudflare.com/client/v4/accounts/8cef3a20d2c22491d2bbbc594cf4865d/workers/scripts?per_page=200" \
-H "Authorization: Bearer $TOK" | python3 -c "import sys,json; print('Workers in CF:', len(json.load(sys.stdin)['result']))"
# 2. Original bosstorque-hub responds?
curl -s -o /dev/null -w "bosstorque-hub: HTTP %{http_code}\n" https://bosstorque-hub.jason-8ce.workers.dev
# 3. Customer-facing public URLs responding?
for HOST in sperry-assets sperry-spring-lp-apr2026 bosstorque-site mothers-day-picker-may2026; do
curl -s -o /dev/null -w "$HOST: HTTP %{http_code}\n" https://$HOST.jason-8ce.workers.dev/
done
# 4. bt-notify still functional?
NOTIFY=$(curl -s "https://api.cloudflare.com/client/v4/accounts/8cef3a20d2c22491d2bbbc594cf4865d/storage/kv/namespaces/fc91179257c34d0ca13af644aa4f3f81/values/bt_notify_token" \
-H "Authorization: Bearer $TOK")
curl -s -X POST https://bt-notify.jason-8ce.workers.dev/send -H "Authorization: Bearer $NOTIFY" \
-H "Content-Type: application/json" \
-d '{"channel":"bt-ops","text":"rollback verification probe","source":"rollback"}'