One request creates a site:
``` curl -X POST https://pandapage.clawshop.sh/api/deploy \ -H "content-type: application/json" \ -d '{"files":{"index.html":"<h1>hi</h1>"}}' ```
You get back a URL like pandapage.clawshop.sh// and a token. The token is the only thing gating updates and deletes, so there are no accounts. You can also POST a zip instead of JSON, and binaries go as base64.
Pages expire after 24h by default (configurable per deploy from 10 minutes to 7 days, and re-deploying resets the clock). Expiry is a KV key TTL, so a page starts returning 404 the moment it lapses, and an R2 lifecycle rule sweeps the underlying files a few days later. No cron job.
Because it is just a JSON API with no auth handshake, coding agents can deploy to it directly. I gave Claude Code a short prompt and now "host this page" turns into a live URL. That was the actual motivation, giving agents a place to publish.
Stack is a single Cloudflare Worker that does both the deploy API and file serving, with R2 for the files and KV for metadata plus TTL. Whole thing is a few hundred lines.
Known tradeoffs: no auth means anyone with the URL sees the page, and anyone can create sites (expiry plus an R2 lifecycle rule keep storage bounded). No custom domains per site yet. Path-based rather than subdomain-based, so absolute asset paths need to be relative.
Happy to answer questions about the design.