GitHub as Conduit: AI to Repo to Production

GitHub is not the only Git host, but it is the one every other tool in the modern AI-coding stack assumes you are using. Cloudflare Pages, Vercel, Netlify, AWS Amplify, and Heroku all offer first-class GitHub integrations: connect a repo, choose a branch, and pushes trigger builds automatically. Most CI/CD systems treat GitHub webhooks as a default event source. Most AI coding agents, including Claude Code, work by reading and writing files in a local Git working tree and committing through the standard git CLI. This means GitHub is the shared protocol layer of the stack: every other component speaks to it natively.

The practical consequence is that you should not over-engineer this layer. A single private repo per project, with GitHub Actions for any custom CI steps, covers ninety percent of what an early-stage builder needs. Pillar's own repos follow this pattern: one repo per surface (the marketing site, the Studio app, the Authority sub-brand), each connected to a Cloudflare Pages project, each deployed by a push to main. There is no separate build server, no self-hosted runner, no bespoke release tooling. The cost is zero dollars per month until you exceed the free tier on Actions minutes, at which point the upgrade is incremental.

The deeper reason GitHub wins as the conduit is auditability. Every change in production traces back to a commit, every commit traces back to an author, and every author traces back to a GitHub identity. When an AI agent makes a change, tagging the commit body with the agent name (for example, a trailer line like Co-Authored-By: Claude) preserves that chain. You can answer the question 'who shipped this?' in one git blame regardless of whether the answer is a human, an agent, or a human reviewing an agent.

A repo ready for the AI-to-Production Pipeline has five files and one directory that matter most. At the root, wrangler.toml declares the Cloudflare project name, the compatibility date, and any bindings (KV namespaces, R2 buckets, D1 databases). A .gitignore excludes node_modules/, build artifacts, and any .env files. A package.json pins the build command and the deploy command behind named scripts so the same incantation works locally and in CI. A README.md documents how to run, build, and deploy in fewer than ten lines. A .github/workflows/ directory holds any GitHub Actions you need; for many projects, you need none because wrangler pages deploy can be invoked from your laptop or from Cloudflare's own GitHub integration.

The .claude/ directory is where AI-specific configuration lives. A CLAUDE.md at the repo root or inside .claude/ gives the agent persistent context about the project: the stack, the conventions, the don't-do list. Per-project settings can live in .claude/settings.json with allowlisted tools, prompts, and hooks. This directory should be committed so that every contributor (human or agent) inherits the same context. It is also the cheapest possible documentation: the same file that teaches Claude Code about your repo teaches the next engineer who joins.

Secrets never live in the repo. Cloudflare Pages and Workers expose environment variables through the Cloudflare dashboard and through wrangler secret put; both inject values at runtime without touching Git. For deeper context on why this matters, see Zero-Secret Architecture. The rule is simple: if grep over your repo turns up anything that looks like a token, fix it before the next push.

The simplest viable branch strategy is main equals production. Every push to main deploys. Feature branches get preview deploys automatically through Cloudflare Pages, so you can share a URL with a teammate or a designer without merging. When the preview looks right, you open a pull request and merge it. The lifecycle of a typical AI-assisted change is: agent generates code on a feature branch, you review the diff and the preview, you merge to main, production updates within a minute.

Not every change needs a pull request. Cosmetic copy edits, typo fixes, and small CSS tweaks can land directly on main as long as the preview deploy confirms they render correctly. Substantive changes always earn a PR: schema migrations, billing code, anything that touches a sensitive route, anything that adds a dependency, anything that changes how authentication works. The heuristic is reversibility. If a bad deploy can be reverted with a single wrangler rollback and no data is lost, direct push is fine. If a bad deploy can corrupt user data, lose money, or expose a secret, you want a human eye on the diff before it ships.

AI-generated commits deserve explicit attribution in the commit body. A trailer line like Generated-By: Claude Code or Co-Authored-By: Claude in the message makes the provenance searchable in git log. This is not for compliance theater; it is for the moment six months from now when you are tracing a regression and want to know whether the original change was reviewed by a human or accepted from a draft.

A bare-metal deploy command at Pillar looks like npx wrangler pages deploy ./dist --project-name=<YOUR_PROJECT>. The build step that produces ./dist varies by stack (Astro, Next.js, plain HTML, a Vite bundle), but the deploy step is identical across projects. Wrangler reads your Cloudflare credentials from the local environment or from wrangler login, uploads the static assets, and returns a deploy URL within seconds. For Workers (server-side handlers), the equivalent command is wrangler deploy, which uploads code rather than assets.

Connecting the repo to Cloudflare's GitHub integration moves this step to the cloud. In the Cloudflare dashboard, you select your GitHub account, pick the repo, choose main as the production branch, and set the build command. From that point on, every push to main triggers a build and a deploy without anyone touching wrangler. Pull request branches get preview URLs automatically. The whole flow becomes: AI writes code, you push, Cloudflare builds, the edge serves. The conduit disappears into the background, which is exactly what you want.

Observability closes the loop. Every deploy gets a unique deployment ID in the Cloudflare dashboard with build logs, asset listings, and a 'rollback to this version' button. wrangler deployments list returns the same information from the CLI. If a deploy breaks production, the rollback is a single click or a single command, and the previous version is back on the edge in seconds. This is what makes shipping at AI speed safe: the cost of a bad deploy is the time to notice it plus the time to click rollback.