Cloudflare Migration Rehearsal Checklist (Vercel → Workers)

Goal

Run one controlled pilot migration for an existing Vercel app and produce hard data on:

deployment success rate
runtime speed
time-to-result for core workflows
stability/error profile
security posture

Pilot target: Brand Radar Current prod: https://brand-radar-rosy.vercel.app

0) Success Criteria (Pass/Fail)

Must pass

95%+ successful preview deploys over 20 consecutive attempts
99%+ successful production deploys over first 10 attempts
p95 API latency within +10% of Vercel baseline (or better)
Core workflow latency (brand scan) within +15% of baseline (or better)
No Sev-1 errors in 72-hour canary
No new critical security findings

Nice-to-have

Better p50 TTFB vs Vercel
Lower infra cost per 1k requests

1) Preflight (Before Touching Code)

[ ] Identify branch for pilot: pilot/cloudflare-brand-radar
[ ] Freeze current Vercel baseline commit SHA
[ ] Export baseline metrics (last 7 days):
- [ ] request success rate
- [ ] p50/p95 latency
- [ ] core workflow completion time
- [ ] error rate by endpoint
[ ] Confirm rollback owner + decision authority
[ ] Confirm observability dashboards exist and are shared

Deliverable: reports/cloudflare-baseline-brand-radar.md

2) Runtime Compatibility Audit

Check and classify each dependency:

[ ] Uses Node-only modules? (filesystem, net, child_process, etc.)
[ ] Uses edge-safe fetch APIs?
[ ] Any long-running request paths that exceed edge-friendly limits?
[ ] ORM/DB driver compatibility with Workers path
[ ] Auth/session mechanisms compatible with Workers runtime

Classification output:

✅ edge-safe
⚠️ needs adaptation
❌ incompatible (blocker)

Deliverable: reports/cloudflare-compat-audit-brand-radar.md

3) Environment & Secret Mapping

Create exact env parity map:

[ ] Vercel env var inventory (name only, no secrets in docs)
[ ] Cloudflare target bindings/env names
[ ] Required secrets added in Cloudflare
[ ] Sanity test endpoint confirms env availability

Template: | Vercel var | Cloudflare binding/env | Scope (preview/prod) | Status | |---|---|---|---|

Deliverable: reports/cloudflare-env-map-brand-radar.md

4) First Deploy (Preview)

[ ] Build and deploy to Cloudflare preview environment
[ ] Verify app boot, auth flow, primary dashboard route
[ ] Verify top API routes return expected schema
[ ] Run smoke tests against preview URL

Smoke pack minimum:

[ ] / load
[ ] auth/login flow
[ ] one brand scan trigger
[ ] report read endpoint

5) Instrumentation (Required Before Any Traffic)

[ ] Enable Workers logs
[ ] Enable traces/metrics collection
[ ] Capture per-route latency (p50/p95/p99)
[ ] Capture error rates by code and endpoint
[ ] Add request correlation ID in app logs

Monitoring intervals during pilot:

T+0 to T+60 min: every 15 min
T+1h to T+24h: hourly
24h to 72h: every 4 hours

6) Canary Rollout Plan

[ ] Start at 5% traffic (or selected internal users)
[ ] Hold for 24h if pass thresholds remain green
[ ] Increase to 25% for next 24h
[ ] Increase to 50% for next 24h
[ ] Move to 100% only if all go/no-go gates pass

Immediate rollback triggers:

[ ] error rate > 1% for 5+ minutes
[ ] p95 latency > 2x baseline for 10+ minutes
[ ] core workflow failure > 2% over rolling 30 min
[ ] auth/session failure regression

7) Security Validation

[ ] Validate auth/session behavior under Cloudflare deployment
[ ] Confirm no secret leakage in logs/traces
[ ] Confirm external endpoints obey scope rules (internal vs external)
[ ] Verify rate-limit behavior matches policy
[ ] Run dependency vulnerability scan on pilot branch

Deliverable: reports/cloudflare-security-check-brand-radar.md

8) Rollback Procedure (Practice Once)

[ ] Perform dry-run rollback rehearsal before production traffic
[ ] Document exact switchback steps to Vercel
[ ] Verify DNS/traffic policy rollback time
[ ] Verify data consistency assumptions after rollback

Rollback SLA target: < 10 minutes from decision to effective traffic switch

9) Final Decision Readout

Produce one-page decision memo:

[ ] Did Cloudflare meet reliability thresholds?
[ ] Did speed improve or regress materially?
[ ] Was deployment workflow easier/harder than Vercel?
[ ] Net recommendation: stay/move/hybrid
[ ] Next app candidate if pass

Deliverable: reports/cloudflare-pilot-decision-brand-radar.md

Suggested Next App if Pilot Passes

seo-report-app (direct strategic value)
wp-engine-dashboard (ops + API orchestration value)

Operator Notes

Keep this pilot focused on platform/runtime first, not feature changes.
Avoid simultaneous DB migrations during platform evaluation.
One variable at a time, or results are junk.