Enforces LBA Platform SDK conventions across all Cloudflare Workers projects. Ensures consistent integration with circuit breakers, feature budgets, telemetry, error collection, and observability — making it nearly impossible to ship code that bypasses tracking or violates cost safety rules.
The Platform SDK (@littlebearapps/platform-consumer-sdk) provides proxy-based resource tracking, circuit breakers, telemetry, and cost safety for all LBA Cloudflare Workers. This Claude Code plugin is the enforcement layer — it ensures every project that uses the SDK does so correctly and consistently.
Why this plugin exists:
- A code bug caused $4,868 in D1 overages in January 2026 from missing safety patterns
- The weekly Platform Auditor scores projects against a 100/100 rubric — this plugin helps achieve that score
- Consistency across Scout, Brand Copilot, and future projects reduces integration errors to near-zero
What it provides:
- 3 rules (always-loaded) — Core SDK conventions, cost safety, required wrangler bindings
- 14 skills (on-demand) — Deep reference material for every integration area
- 4 agents (autonomous) — SDK integration, auditing, debugging, cost review
- 4 commands —
/platform-audit,/platform-integrate,/platform-health,/platform-costs - 4 hooks (automated) — Validate deploys, worker code, and wrangler configs in real-time
- AGENTS.md — Cross-agent reference for Cursor, Windsurf, Copilot, Cline, and other AI coding agents
- Claude Code installed
- Working in an LBA Cloudflare Workers project (Scout, Brand Copilot, etc.)
@littlebearapps/platform-consumer-sdkinstalled in the project (or the plugin will help you add it)
# Add the LBA marketplace (once per machine)
/plugin marketplace add littlebearapps/lba-plugins
# Install the plugin
/plugin install platform-sdk@lba-pluginsclaude --plugin-dir ~/claude-code-tools/plugins/platform-sdkAfter installing, start a new Claude Code session. You should see the session start hook output:
=== Platform SDK Status ===
@littlebearapps/platform-consumer-sdk@0.1.2
---
Wrangler configs with PLATFORM_CACHE: 2/2
If you see warnings about missing SDK or bindings, run /platform-integrate to fix them.
After installing, the rules and hooks are active immediately. Use commands for specific tasks:
# Score your project against the 100/100 audit rubric
/platform-audit
# Add SDK to a project or fix integration gaps
/platform-integrate
# Diagnose circuit breaker trips, missing metrics, stale heartbeats
/platform-health
# Review code changes for Cloudflare billing impact
/platform-costsThe plugin uses a layered knowledge model:
Layer 1: Rules (always in context, ~1.9KB)
├── SDK conventions — every code change must follow these
├── Cost safety — critical billing traps
└── Wrangler bindings — exact IDs that must be present
Layer 2: Skills (loaded on demand, ~50KB total)
├── sdk-integration — full handler patterns per binding type
├── circuit-breakers — CB hierarchy, budgets.yaml format
├── observability — logging, tracing, sampling profiles
├── heartbeat-monitoring — Gatus setup, staleness intervals
├── error-collector — tail worker, P0-P4 classification
├── cost-traps — full pricing table, all TRAP IDs
├── wrangler-config — config standards, new worker template
├── platform-apis — all Platform API endpoints
├── request-guards — per-invocation limits, anti-loop, cost estimation
├── observational-guards — anomaly detection, sliding window, D1 storage guard
├── admin-sdk — GraphQL usage, kill switch, AI Gateway config
├── resilience-patterns — timeout, retry, error tracking composition
├── service-communication — service client, tracing, AI Gateway tracking
└── middleware-patterns — project-level CB middleware (Hono)
Layer 3: Agents (autonomous task handlers)
├── sdk-integrator (green) — implements SDK from scratch
├── sdk-auditor (cyan) — scores against 100/100 rubric
├── sdk-debugger (yellow) — diagnoses runtime issues
└── cost-reviewer (red) — reviews code for billing risks
Layer 4: Hooks (automated real-time validation)
├── Session start — SDK health check
├── Pre-deploy — wrangler deploy gate
├── Post-write (workers) — SDK usage + cost trap validation
└── Post-write (wrangler) — binding + config validation
How they interact: Rules provide the baseline context for every interaction. When a task triggers an agent (e.g., "check my audit score"), the agent loads relevant skills for detailed patterns. Hooks fire automatically when you write code or deploy, using the rules to validate changes.
Rules are always loaded into Claude's context. They're kept small (~1.9KB total) to minimise token cost while ensuring critical patterns are never forgotten.
Core Platform SDK patterns that every code change must follow:
- SDK wrappers: Use
withFeatureBudget()(fetch),withCronBudget()(cron),withQueueBudget()(queue) - Naming: Result must be named
trackedEnv— use it for ALL binding access - Error handling: ALWAYS catch
CircuitBreakerError, return 503 (fetch) or log+skip (cron/queue) - Feature IDs: Format
{project}:{category}:{feature}(e.g.,scout:harvest:layer1) - Flush: Pass
ctxto SDK options for auto-flush; or callcompleteTracking()infinally - Service bindings: Capture raw Fetcher BEFORE
withFeatureBudget()to avoid "Illegal invocation" - Heartbeats: NEVER place heartbeat pings after early returns in
scheduled()handlers
Non-negotiable cost safety rules distilled from the $4,868 billing incident:
- D1: Batch inserts (
env.DB.batch()),ON CONFLICT DO NOTHING,LIMITon SELECTs,.bind()for SQL - KV: Minimise writes (10x more expensive than reads), always set TTL
- Queues: DLQ mandatory, max retries = 3
- AI: Use cheapest effective model, route through AI Gateway
- Anti-loop: No self-fetch, no
setIntervalin DOs, no queue self-production
Exact binding configuration required in every wrangler.*.jsonc:
PLATFORM_CACHEKV namespace: IDee1087b34e5646139b32feb4c45bb29ePLATFORM_TELEMETRYqueue producer: queueplatform-telemetryobservability.enabled: truetail_consumers: [{ "service": "error-collector" }]- Env type with
PLATFORM_CACHE: KVNamespaceandPLATFORM_TELEMETRY: Queue<TelemetryMessage>
Skills are loaded on demand when agents need them or when users invoke them. They can be large because they're not always in context.
Load when: Adding SDK to a project, fixing integration gaps, wrapping new handlers.
Covers: npm install, wrangler config, Env type definition, handler patterns for fetch/cron/queue, per-binding integration reference (D1, KV, R2, AI, AI Gateway, Vectorize, Queues, DO, Workflow, Service Bindings), external cost tracking, feature registration, verification checklist, troubleshooting table.
Load when: Configuring budgets, understanding CB trips, implementing cost protection.
Covers: CB hierarchy (global → project → feature), KV key patterns (CONFIG:FEATURE:{id}:STATUS), states (GO/STOP), progressive enforcement (70% warning, 90% critical, 100% trip, 150% emergency), auto-reset (1hr TTL, 5min cooldown, max 3 trips), budgets.yaml format, manual override commands, monthly budget tracking, project allocation percentages, CircuitBreakerError handling patterns for each handler type.
Load when: Setting up logging/tracing, improving audit scores, configuring sampling.
Covers: Required wrangler observability config, 5 sampling profiles (critical/low/medium/high/staging), structured logging schema (required + recommended fields), SDK logger functions, 12 error categories, distributed tracing, Platform Auditor scoring rubric (SDK 30%, Observability 25%, Cost Protection 25%, Security 20%), triangulation matrix (HEALTHY/ZOMBIE/UNTRACKED/BROKEN/NOT_INTEGRATED), config and code smell check lists, behavioural analysis.
Load when: Adding cron workers, health endpoints, diagnosing stale heartbeats.
Covers: pingHeartbeat() API, CRITICAL placement rules, wrangler env var setup, Gatus external endpoint format, staleness intervals by schedule type, adding new heartbeats to Gatus config (SSH, YAML, restart), health() dual-plane checks (control + data plane), status page URL.
Load when: Setting up tail worker error collection, debugging issue creation.
Covers: 3-step quick start (tail_consumers, script mapping, deploy), error classification flow, P0-P4 priority assignment by tier, deduplication (3 layers: KV rate limit, KV issue lock, GitHub search), GitHub issue labels, transient error handling (1/category/day), dynamic patterns (pending → shadow → approved), daily digest, gap alerts (< 90% coverage), script mapping KV format.
Load when: Reviewing code for billing risks, investigating cost anomalies, doing PRs.
Covers: January 2026 billing incident reference, full Cloudflare pricing table (2026), all 10 TRAP IDs with code examples (D1-001 through LOOP-002), budget enforcement flow, project allocation, code review checklist (10 items).
Load when: Creating or modifying wrangler.jsonc files.
Covers: JSONC format (never TOML), required fields table, new worker template (complete example), queue consumer with DLQ, cron trigger config, deployment commands (direnv exec . mandatory), pre-deploy checklist, post-deploy verification, service bindings, multi-worker naming convention.
Load when: Querying Platform state from consumer projects, managing circuit breakers.
Covers: All Platform API base URLs (Usage, Auditor, Notifications, Settings, Search, Error Collector, Dashboard, Status Page, Docs), endpoint tables per service, create notification example, circuit breaker management (check/reset via KV and API), Gatus status API, service binding access pattern.
Load when: Adding per-invocation budget limits, anti-loop guards, or cost estimation.
Covers: requestLimits option for withFeatureBudget(), RequestBudgetExceededError, incomingRequest for X-Recursion-Depth anti-loop guard, RecursionDepthError, estimateCostFromMetrics(), forecastMonthlyCost(), handler examples.
Load when: Configuring anomaly detection, sliding window rate limits, or D1 storage monitoring.
Covers: anomalyThresholds (warning/critical levels), slidingWindowLimits (two-bucket KV approximation), d1StorageGuard (PRAGMA queries, fail-open semantics). All observational by default — enrich telemetry, don't throw.
Load when: Querying CF usage data, managing workers programmatically, configuring AI Gateway limits.
Covers: @littlebearapps/platform-admin-sdk installation, sub-path imports, GraphQL usage monitor (13 CF products), emergency kill switch (3 severity levels with dryRun), AI Gateway spending limits and rate limiting.
Load when: Adding timeout, retry, or error tracking to worker code.
Covers: withTimeout/withTrackedTimeout/withRequestTimeout, DEFAULT_TIMEOUTS tiers, withExponentialBackoff (from /retry), reportError/withErrorTracking/categoriseError, 12 error categories, composite "onion model" pattern.
Load when: Workers call other workers, external APIs, or AI Gateway.
Covers: createServiceClient, wrapServiceBinding, correlation headers, extractCorrelationChain, W3C distributed tracing (spans, createTracedFetch, propagateTraceContext), consumer-side AI Gateway tracking (createAIGatewayFetch, parseAIGatewayUrl).
Load when: Adding project-level circuit breaker middleware to Hono apps.
Covers: createCircuitBreakerMiddleware, CB_PROJECT_KEYS, project status management (getProjectStatus/setProjectStatus), global emergency stop (isGlobalStopActive/setGlobalStop), non-Hono usage (checkProjectCircuitBreaker), two-tier CB comparison table.
For AI coding agents that cannot load Claude Code plugins (Cursor, Windsurf, Copilot, Cline, etc.), see AGENTS.md in the plugin root. It provides a condensed single-file reference covering critical rules, SDK API quick reference, handler templates, cost safety rules, wrangler bindings, and resilience patterns.
Trigger phrases: "integrate SDK", "add platform SDK", "fix SDK integration", "SDK setup", "platform integration", "add circuit breakers", "add budget tracking", "fix audit"
Tools: Read, Glob, Grep, Bash, Edit, Write
What it does: Implements Platform SDK into a project from scratch or fixes gaps in existing integration.
Workflow:
- Assessment — Check SDK installed, find wrangler configs, locate Env type, find handler entry points, check existing SDK usage
- Installation —
npm install @littlebearapps/platform-consumer-sdkif missing - Wrangler config — Add PLATFORM_CACHE, PLATFORM_TELEMETRY, observability, tail_consumers to every config
- Env type — Add Platform bindings to Env interface
- Handler wrapping — Wrap each handler with appropriate SDK function, add CircuitBreakerError catch
- Feature IDs — Assign IDs following
{project}:{category}:{feature}convention - Service binding safety — Ensure Fetcher captured before
withFeatureBudget() - Verification — Run typecheck and tests
Output: Summary of files modified, feature IDs created, bindings added, manual steps remaining.
Trigger phrases: "audit score", "platform audit", "check audit", "SDK score", "observability score", "fix audit", "improve score", "audit readiness", "100/100"
Tools: Read, Glob, Grep, Bash
What it does: Scores the project against the Platform Auditor's 100/100 rubric across 4 pillars.
Scoring rubric:
| Pillar | Weight | Checks |
|---|---|---|
| SDK Integration | 30 pts | SDK installed (5), bindings present (5), handlers wrapped (5), CB error handling (5), completeTracking (5), feature ID format (5) |
| Observability | 25 pts | observability.enabled (5), source maps (5), structured logging (5), sampling rate (5), traces enabled (5) |
| Cost Protection | 25 pts | No per-row inserts (5), ON CONFLICT (5), LIMIT on SELECTs (5), DLQ configured (5), budget entries (5) |
| Security | 20 pts | No hardcoded secrets (5), input validation (5), no internal leaks (5), no self-recursion (5) |
Output: Scorecard with overall score, per-pillar breakdown, pass/fail per check with file:line references, status determination (HEALTHY/ZOMBIE/BROKEN/UNTRACKED/NOT_INTEGRATED), prioritised recommendations.
Trigger phrases: "circuit breaker", "feature disabled", "503 error", "metrics missing", "heartbeat stale", "telemetry not working", "SDK not working", "budget exceeded", "CB tripped", "gap alert", "error collector"
Tools: Read, Glob, Grep, Bash
What it does: Diagnoses runtime Platform SDK issues by querying KV state, D1 records, and Gatus status.
Common diagnoses:
- Feature returns 503 — Checks feature/project/global CB state in KV, reads reason key, suggests reset
- No metrics appearing — Checks wrangler bindings, verifies
trackedEnvusage, checks queue health - Heartbeat stale — Checks Gatus status, verifies heartbeat code placement, checks env vars
- Error collector silent — Checks tail_consumers config, script mapping KV, rate limits
- Gap alert received — Checks telemetry coverage, queue backlog, feature registration
Output: Debug report with issue description, root cause, evidence (KV values, config issues), resolution steps, prevention advice.
Trigger phrases: "cost review", "check costs", "billing impact", "expensive", "optimise costs", "review PR costs", "deploy check", "billing safety"
Tools: Read, Glob, Grep, Bash
What it does: Reviews code changes against the 25 mandatory cost safety rules and estimates billing impact.
Checks performed:
- D1: TRAP-D1-001 (per-row inserts), D1-002 (unbounded SELECT), D1-003 (missing ON CONFLICT)
- KV: TRAP-KV-001 (write-heavy patterns, missing TTL)
- Queue: TRAP-QUEUE-001 (retry storms, missing DLQ)
- AI: TRAP-AI-001 (expensive model for automated tasks)
- Loop: TRAP-LOOP-001 (self-recursion), LOOP-002 (DO setInterval)
- SDK: Raw
envusage that should betrackedEnv
Output: Cost review report with risk level (LOW/MEDIUM/HIGH/CRITICAL), estimated monthly impact, findings table with file:line references and severity, cost estimation per operation, prioritised recommendations.
Score the project against the 100/100 audit rubric. Delegates to the sdk-auditor agent.
- No args: Full audit across all 4 pillars
--fix: After auditing, automatically fix gaps using thesdk-integratoragent--pillar=sdk: Focus on a single pillar only
Guided SDK integration wizard. Delegates to the sdk-integrator agent.
- No args: Full integration (installs SDK, adds bindings, wraps handlers)
--check-only: Dry run — reports gaps without making changes
Check health of Platform integrations. Delegates to the sdk-debugger agent.
- No args: Check all features found in the project
[feature-id]: Focus on a specific feature (e.g.,scout:harvest:layer1)
Review current code changes for Cloudflare billing impact. Delegates to the cost-reviewer agent. Analyses staged/committed changes against all 10 TRAP IDs.
Trigger: Every session start
Type: Shell command
What it does: Runs npm ls @littlebearapps/platform-consumer-sdk and checks wrangler configs for PLATFORM_CACHE binding. Shows a quick health summary.
On failure: Warns about missing SDK or bindings — suggests running /platform-integrate.
Trigger: Bash(wrangler deploy*)
Type: Prompt (AI-evaluated)
What it validates:
- Command uses
direnv exec .prefix - PLATFORM_CACHE KV binding present with correct ID
- PLATFORM_TELEMETRY queue producer present
observability.enabled: truetail_consumersincludeserror-collector- Tests and typecheck pass
On failure: Blocks the deploy and explains what's missing.
Trigger: Write(workers/**/*.ts) and Write(src/**/*.ts)
Type: Prompt (AI-evaluated)
What it validates:
- Uses
withFeatureBudget/withCronBudget/withQueueBudget - Catches
CircuitBreakerError - No per-row D1 inserts in loops
- All INSERTs have
ON CONFLICT DO NOTHING - All SELECTs have
LIMIT - Heartbeat pings not after early returns
- Service binding Fetchers captured before SDK
On failure: Suggests specific fixes for each issue found.
Trigger: Write(wrangler*.jsonc)
Type: Prompt (AI-evaluated)
What it validates:
- PLATFORM_CACHE KV with correct namespace ID
- PLATFORM_TELEMETRY queue producer
observability.enabled: truetail_consumerswitherror-collector$schemafield, recentcompatibility_date,nodejs_compat_v2flag- Queue consumers have DLQ and
max_retries <= 3
On failure: Reports missing items with expected values.
/platform-integrate
The sdk-integrator agent will install the npm package, add wrangler bindings, update your Env type, wrap your handlers, and assign feature IDs.
/platform-audit --fix
This runs the audit first, then automatically fixes all gaps it can. Manual steps (like registering features in budgets.yaml) will be listed in the output.
/platform-health scout:harvest:layer1
The sdk-debugger will check the feature's CB state in KV, read the trip reason, and tell you whether to wait for auto-reset or manually clear it.
/platform-costs
The cost-reviewer will analyse changed files against all 10 TRAP IDs and estimate monthly billing impact.
Ask Claude: "Add Gatus heartbeat monitoring to my new cron worker." The sdk-integrator agent triggers automatically (keyword: "add heartbeat"). It loads the heartbeat-monitoring skill for the exact pattern: try/catch with pingHeartbeat() in both paths, env vars, staleness interval.
Ask Claude: "Set up error collector for my-new-worker." It loads the error-collector skill: add tail_consumers, register script mapping in KV, deploy.
This plugin is designed for consumer projects that use the Platform SDK:
- Scout
- Brand Copilot
- Future LBA Cloudflare Workers projects
NOT for: Working on the Platform repo itself (~/claude-code-tools/lba/infrastructure/platform/main/), which has its own specialised agents, skills, and rules for Platform internals.
- Platform SDK (
@littlebearapps/platform-consumer-sdk): Subpackage in the platform monorepo atpackages/platform-sdk/. Published to npm. No separate repo. - This plugin: Lives at
~/claude-code-tools/plugins/platform-sdk/. No separate repo — installed via local path. - Both live on lba-1 VPS and are accessible to all LBA projects.
| Resource | URL |
|---|---|
| npm package | npmjs.com/package/@littlebearapps/platform-consumer-sdk |
| Platform Dashboard | admin.littlebearapps.com |
| Status Page | status.littlebearapps.com |
| Documentation | docs.littlebearapps.com |
| Consumer SDK (npm) | npmjs.com/package/@littlebearapps/platform-consumer-sdk |
| Admin SDK (npm) | npmjs.com/package/@littlebearapps/platform-admin-sdk |
| SDK source | ~/claude-code-tools/lba/infrastructure/platform/main/packages/consumer-sdk/src/ |
| Integration guide | ~/claude-code-tools/lba/infrastructure/platform/main/docs/quickrefs/guides/platform-sdk-integration-checklist.md |
| Budget config | ~/claude-code-tools/lba/infrastructure/platform/main/platform/config/budgets.yaml |
| Services config | ~/claude-code-tools/lba/infrastructure/platform/main/platform/config/services.yaml |
| Observability config | ~/claude-code-tools/lba/infrastructure/platform/main/platform/config/observability.yaml |
| Problem | Cause | Fix |
|---|---|---|
| Session start hook shows nothing | Plugin not installed | claude plugin install ~/claude-code-tools/plugins/platform-sdk |
| Hooks don't fire on file writes | Matcher pattern doesn't match file path | Check file is in workers/**/*.ts or src/**/*.ts |
| Skills not loading | Skill name typo | Check available skills with /plugins |
| Agent not triggering | Trigger phrases don't match | Use exact phrases from agent when field |
| Pre-deploy hook too strict | Hook blocks valid deploy | Review the validation prompt; adjust in .claude/settings.json |
| Problem | Cause | Fix |
|---|---|---|
| "Illegal invocation" on service binding | Fetcher wrapped by SDK proxy | Capture Fetcher before withFeatureBudget() |
| No metrics in dashboard | Queue binding missing | Add PLATFORM_TELEMETRY to wrangler config |
| CircuitBreakerError always thrown | Feature CB set to STOP | Check KV CONFIG:FEATURE:{id}:STATUS; delete key to reset |
| Wrong operation counts | Using raw env |
Replace env.DB with trackedEnv.DB everywhere |
~/claude-code-tools/plugins/platform-sdk/
├── .claude-plugin/plugin.json # Manifest (name, version, description)
├── .claude/
│ ├── settings.json # Hook definitions
│ ├── agents/*.md # Agent definitions (4 agents)
│ ├── skills/*/SKILL.md # Skill references (14 skills)
│ └── rules/*.md # Auto-loaded rules (3 rules)
├── commands/*.md # Slash commands (4 commands)
├── hooks/hooks.json # Hook definitions (6 hooks)
├── AGENTS.md # Cross-agent reference (Cursor/Windsurf/Copilot/Cline)
└── README.md # This file
- Create
~/claude-code-tools/plugins/platform-sdk/.claude/skills/my-skill/SKILL.md - Add YAML frontmatter with
nameanddescription - Write markdown content with patterns, examples, reference tables
- Create
~/claude-code-tools/plugins/platform-sdk/.claude/agents/my-agent.md - Add YAML frontmatter:
name,description,when,model,color,tools - Write workflow documentation in the markdown body
Edit .claude/settings.json and add to the appropriate event (SessionStart, PreToolUse, PostToolUse).
Restart Claude Code after modifying plugin files. Rules and hooks reload automatically; skills and agents are loaded on demand.
# Run the plugin validator
# (From any project with Claude Code)
# Ask: "validate the platform-sdk plugin at ~/claude-code-tools/plugins/platform-sdk"