Gold Shore keeps the marketing site, Cloudflare Workers router, scheduled jobs, and infrastructure helpers in a single workspace so every deploy ships the same way in CI and on local machines. The repo hosts the public Astro site, an /api/gpt proxy backed by the OpenAI Chat Completions API, and automation scripts for DNS, secrets, and worker maintenance.
goldshore/
ββ apps/
β ββ goldshore-web/ # Astro marketing site and content
β ββ goldshore-api/ # Cloudflare Worker powering API traffic
β ββ goldshore-agent/ # Background worker + queues
ββ packages/
β ββ ui/ # Shared UI components and design tokens
β ββ config/ # Shared TS/ESLint/Prettier configs
β ββ utils/ # Shared utility helpers
β ββ auth/ # Access authentication helpers
ββ functions/ # Cloudflare Pages Functions (contact form handler)
ββ infra/ # Scripts for DNS, Access, and other operational chores
ββ src/ # Root Worker modules mounted by wrangler.toml
ββ package.json # npm workspaces + shared tooling
See the Gold Shore Web & Worker Implementation Guide for the long-form playbook covering design, accessibility, deployment, DNS, and secrets rotation.
- Built with Astro 4.
- Shared theme lives in
apps/goldshore-web/src/styles/theme.css; layouts and reusable components are inapps/goldshore-web/src/components/. - Development:
pnpm run dev(from repo root or insideapps/goldshore-web). - Production build:
pnpm run buildβ optimises images first, then runsastro build.
- Receives all Cloudflare Worker traffic and proxies static assets to the correct Pages deployment (
production,preview,dev). - Environment variables
PRODUCTION_ASSETS,PREVIEW_ASSETS, andDEV_ASSETScan override the default Pages domains; the Worker stamps cache headers on proxied responses. - Requests to
/api/gptare forwarded to the GPT proxy handler described below.
- Validates Cloudflare Turnstile tokens before relaying submissions to Formspree.
- Requires
TURNSTILE_SECRETandFORMSPREE_ENDPOINTenvironment variables in each Pages environment (.dev.varslocally).
pnpm run buildexecutespackages/image-tools/process-images.mjsto emit AVIF/WEBP variants prior to the Astro build.- The script depends on
sharp; install dependencies withnpm installbefore running.
- Install Node.js 22+.
- Install workspace dependencies:
pnpm install
- Start the Astro dev server:
pnpm run dev
- Build for production (images + Astro output):
pnpm run build
| Command | Description |
|---|---|
pnpm run deploy:prod |
Deploy the Worker using the production environment in wrangler.worker.toml. |
pnpm run deploy:preview |
Deploy the Worker to the preview environment. |
pnpm run deploy:dev |
Deploy the Worker to the dev environment. |
pnpm run qa |
Execute the local QA helper (.github/workflows/local-qa.mjs). |
src/gpt-handler.js exposes a minimal wrapper around OpenAI's Chat Completions API:
- Only
POSTandOPTIONSmethods are supported. - Calls must authenticate with a shared secret provided via either the
x-api-keyheader or anAuthorization: Bearer <token>header. - CORS is restricted to the origins defined in
GPT_ALLOWED_ORIGINS(comma-separated). Requests from non-allowed origins are rejected before reaching OpenAI. - The handler accepts either a
messagesarray or a simplepromptstring and forwards a validated payload to OpenAI. - Streaming responses are passed through unchanged; non-streaming responses are returned as JSON with CORS headers applied.
| Variable | Purpose |
|---|---|
OPENAI_API_KEY |
Server-side key used when talking to OpenAI. |
GPT_PROXY_SECRET (or GPT_SERVICE_TOKEN) |
Shared secret expected in the auth header. |
GPT_ALLOWED_ORIGINS |
Comma-separated list of allowed browser origins. |
CF_ACCESS_AUD / CF_ACCESS_ISS / CF_ACCESS_JWKS_URL |
Optional Cloudflare Access claims for hardening authenticated worker hostnames. |
Automation scripts in infra/scripts/ keep DNS and Access policies aligned with deployed environments. Ensure the following GitHub Actions secrets exist so CI can execute deploy workflows:
CF_ACCOUNT_IDCF_API_TOKENCF_SECRET_STORE_IDOPENAI_API_KEYOPENAI_PROJECT_ID
The DNS helper keeps goldshore.org, www.goldshore.org, preview.goldshore.org, and dev.goldshore.org pointing at the correct Pages projects with proxied CNAME records.
- Email
intake@goldshore.orgfor partnership requests andprivacy@goldshore.orgfor data questions. - Internal operators should reference the Implementation Guide for step-by-step environment setup, including Cloudflare Access OAuth configuration with GitHub.
Empowering communities through secure, scalable, and intelligent infrastructure. π» Building tools in Cybersecurity, Cloud, and Automation. π Visit us at GoldShoreLabs
This repository is a monorepo containing the applications and packages that power the GoldShore platform. It is built using a modern stack of TypeScript, Astro, and Cloudflare Workers.
The repository is organized into the following workspaces:
apps/goldshore-web: The main marketing website, built with Astro.apps/goldshore-api: The Cloudflare Worker that serves as the API for the platform.apps/goldshore-agent: A Cloudflare Worker for background jobs and queues.packages/ui: Shared UI components and design tokens.packages/config: Shared configuration files (tsconfig, eslint).packages/utils: Shared utility functions.packages/auth: Helpers for Cloudflare Access authentication.infra/cloudflare: Cloudflare-related infrastructure configurations (wrangler.toml, bindings).infra/github: GitHub Actions workflows.
- Clone the repository:
git clone https://github.com/goldshore/goldshore.github.io.git
- Install the dependencies from the root of the repository:
pnpm install
To start the development servers for all the applications in parallel, run the following command from the root of the repository:
pnpm run devThis will start the Astro development server for the web app, and the Wrangler development server for the api and agent workers.
Each workspace has a consistent set of scripts:
pnpm dev: Starts the development server.pnpm build: Builds the application for production.pnpm preview: Previews the production build locally.pnpm deploy: Deploys the application to Cloudflare.
To build all the applications for production, run the following command from the root of the repository:
pnpm run buildThis will create optimized builds for the web app in its dist directory, and build the api and agent workers.
Deployment is handled automatically by the CI/CD pipeline, which is configured in infra/github/actions. When changes are pushed to the main branch, the following actions are performed:
- The applications are built and tested.
- The
goldshore-apiandgoldshore-agentworkers are deployed to Cloudflare Workers. - The
goldshore-webapplication is deployed to Cloudflare Pages.
For manual deployments, you can use the wrangler CLI. Refer to the wrangler.toml files within each app for configuration details.
Each application that deploys to Cloudflare has its own wrangler.toml file. This file contains the configuration for the application, including routes, bindings, and environment variables.
For a first-time setup, refer to the Cloudflare Setup Guide. This guide provides a complete walkthrough of the manual steps required to configure the project on Cloudflare.
To automate the provisioning of Cloudflare resources (D1, KV, R2, Queues), you can use the provisioning script:
bash infra/cloudflare/provision.shSecrets and environment variables are managed using .dev.vars for local development and wrangler secret put for production environments. Refer to the .dev.vars.example file for a list of required variables.