Skip to content
FSS Knowledge Base

Fix KB Online + MBR KB Setup

Section titled “Fix KB Online + MBR KB Setup”

Period: 2026-03-28 to 2026-03-31

Background

Section titled “Background”

Google Safe Browsing flagged kb-online-site.pages.dev because password-gate.js was still being served as a static file (Cursor had disabled it in HTML but left the file on disk). Removed it, deployed, submitted a false positive review for the exact deployed URL — not a custom domain. Flag cleared within days.

Deploy Pipeline — What Was Built

Section titled “Deploy Pipeline — What Was Built”

kb-mbr (new)

Section titled “kb-mbr (new)”

Full Astro/Starlight KB deployment for MBR vault, mirroring kb-business:

  • Scaffolded and pushed to github.com/talbotstevens/kb-mbr
  • Cloudflare Pages connected → live at https://kb-mbr.pages.dev/
  • sync-content.ts — syncs from /mnt/d/FSS/KB/MBR, privacy filtering, renames _WorkingOnWorkingOn post-sync (see Gotchas)
  • generate-sidebar.ts — strips leading _ from content paths for correct link generation
  • deploy.sh — commits and pushes to GitHub; CF Pages auto-builds

kb-business changes

Section titled “kb-business changes”
  • generate-sidebar.ts — switched to manual enumeration (file-name labels, not frontmatter titles); collapsed: true on top-level groups (table-of-contents view); skips _-prefixed files
  • sync-content.ts — added EXCLUDE_WORKING_ON flag
  • deploy.sh — added --allow-env to generate-sidebar step (was missing)
  • sanitize-kb-source.ts — fixed to also replace stale Tasks-Template title in frontmatter

web-deploy

Section titled “web-deploy”
  • config.yaml — kb-business URL set to kb-online-site.pages.dev; kb-mbr URL set to kb-mbr.pages.dev
  • kb-online/ folder renamed to kb-business/ (git mv, submodule pointer updated)
  • kb-mbr added as git submodule

Key Decisions

Section titled “Key Decisions”
DecisionDetail
_WorkingOn in productionIncluded by default. Set EXCLUDE_WORKING_ON=true in deploy.sh to opt out.
FILTER_PRIVATE vs EXCLUDE_WORKING_ONDeliberately decoupled — each flag controls exactly one concern. Don’t re-couple them.
Sidebar labelsFile-name based via manual enumeration. autogenerate uses frontmatter titles — avoid it.
Sidebar default statecollapsed: true — folders closed by default, table-of-contents on load.
MBR deployment URLhttps://kb-mbr.pages.dev/. kb.mybetterrates.com does NOT exist.

Gotchas

Section titled “Gotchas”

Astro excludes _-prefixed directories at the content collection root (not in subdirectories). _WorkingOn at root level → silently invisible to Astro. Workaround: rename post-sync in sync-content.ts. Already implemented; don’t remove it.

Deno --allow-env required for any script using Deno.env.get(). Adding a new env var to a script without adding --allow-env to its deno run line causes an interactive permission prompt that blocks unattended deploys.

Cloudflare Pages vs Workers UI: CF’s unified UI defaults to Workers. Pages is accessed via “Looking to deploy Pages? Get started” link at the bottom of the Workers creation screen.

Safe Browsing reviews: Submit for the exact URL users access (kb-online-site.pages.dev), not a custom domain unless that domain is the one being flagged.