Permanent URL
https://brief.josephbowens.comFallback (always works regardless of custom-domain state):
https://skyrun-brief.pages.dev
Architecture
11pm Mac → nightly-consolidation runs
→ build_pwa.py generates index.html in ~/Library/Application Support/SkyRun/pwa/
→ deploy_pwa.sh pushes to Cloudflare Pages via wrangler
→ ~30 seconds later, new HTML is live globally
Phone (anywhere, any network):
→ https://brief.josephbowens.com
→ Cloudflare edge → cached HTML
→ Mac state completely irrelevant
File layout
- Cloudflare Pages project:
skyrun-briefin accounte38dfdc47924abcebc2227f3a2b8c9e2 - Custom domain:
brief.josephbowens.com(CNAME →skyrun-brief.pages.dev, auto-SSL via Google CA) - Zone:
josephbowens.com(registered via Cloudflare Registrar, auto-renew on) - Auth token:
~/Library/Application Support/SkyRun/.env(chmod 600, containsCLOUDFLARE_API_TOKEN) - Deploy script:
~/Library/Application Support/SkyRun/deploy_pwa.sh - Build script:
/Users/josephbowens/Library/Application Support/SkyRun/build_pwa.py - Built HTML:
~/Library/Application Support/SkyRun/pwa/index.html - First-time setup script (one-shot, used once):
~/Library/Application Support/SkyRun/first_time_setup.sh - Deploy log:
~/Library/Logs/skyrun-pwa-deploy.log
Managing deploys
- Manual deploy:
bash "/Users/josephbowens/Library/Application Support/SkyRun/deploy_pwa.sh"(runs build + push) - Manual build only:
python3 /Users/josephbowens/Library/Application Support/SkyRun/build_pwa.py - Automatic: fires nightly at 11pm as Step 10 of
nightly-consolidationtask - Check wrangler auth:
CLOUDFLARE_API_TOKEN=<token> ~/bin/wrangler whoami
Updating the token
If the token needs rotation (e.g. leaked, expired, or narrowing permissions): 1. Create new token at https://dash.cloudflare.com/profile/api-tokens 2. Edit~/Library/Application Support/SkyRun/.env with new value
3. Delete old token in Cloudflare dashboard
Token needs Cloudflare Pages: Edit at minimum.
Decommissioned (no longer in use)
- Local web server on port 7777 (
~/Library/Application Support/SkyRun/serve_pwa.py) — script still on disk, LaunchAgent removed - Cloudflare quick tunnel (
com.skyrun.pwa-tunnel.plist) — removed - Old Desktop PWA folder — now just a redirect stub page pointing to the live URL
Phone setup (one-time)
1. Open Safari on iPhone →https://brief.josephbowens.com
2. Share → Add to Home Screen → name "SkyRun" → Done
3. Tap icon anytime to open. Works on any network, any location.
What the PWA shows
Five collapsible<details> sections, zero JavaScript required (works in every browser including iOS Quick Look):
1. 📋 Morning Brief (open by default)
2. 🔥 Active Deals (from knowledge_graph.json)
3. ⏱ Scheduled Tasks (all 7 cron tasks)
4. 📁 Consolidation Reports (archive)
5. 🧠 Project Memory (41 files grouped by type)
Cloudflare Access auth gate — ACTIVE (2026-04-22)
- Zero Trust Free plan: enabled (50-seat limit, $0/mo)
- Team domain:
josephbowens.cloudflareaccess.com - Access app:
SkyRun BD Brief(ID26c5a66b-de66-4ac2-a63c-aa35951829de) - Destination:
brief.josephbowens.com - Policy
Joseph: Allow → Include → Emails →Joseph.Bowens@SkyRun.com(only) - Verified: unauthenticated GET returns HTTP 302 →
josephbowens.cloudflareaccess.com/cdn-cgi/access/login/...withwww-authenticate: Cloudflare-Accessheader. Policy enforced.
Auth flow on phone:
1. Tap Home-Screen PWA icon → Safari loads https://brief.josephbowens.com
2. Cloudflare Access prompts for email → enter Joseph.Bowens@SkyRun.com
3. One-time 6-digit code sent to that email
4. Enter code → 24-hour session → PWA loads
5. Subsequent visits within 24h skip step 2-4 (session cookie)
Technical note: The in-dash subdomain+domain split form silently drops subdomain edits via JS automation. The fix was to click "Switch to custom input" under Destinations, which reveals a single hostname text field that accepts brief.josephbowens.com correctly via document.execCommand('insertText', ...). Documented for future dashboard edits.
- macOS scheduled wake not configured. If laptop sleeps at 11pm (lid closed on battery), nightly-consolidation won't fire. One-time sudo:
sudo pmset repeat wakeorpoweron MTWRFSU 22:58:00.
Token rotation checklist (do after setup validates)
The initial token has broad Workers + Pages permissions from the "Edit Cloudflare Workers" template. Rotate to a narrower token after first week of stable runs:- Keep:
Account > Cloudflare Pages > Edit,User > User Details > Read - Drop: everything else
- Replace .env value, delete old token in dashboard