npm.io
0.0.0-alpha.1 • Published yesterday

@agenticprimitives/edge-cloudflare

Licence
MIT
Version
0.0.0-alpha.1
Deps
0
Size
20 kB
Vulns
0
Weekly
0
Stars
1

@agenticprimitives/edge-cloudflare

The Cloudflare adapter for @agenticprimitives/edge-runtime (spec 288 §5). It maps the platform runtime onto the vendor-neutral admission core — and owns no authority (ADR-0043).

API

  • extractAdmissionRequest(request): Promise<ExtractedRequest>{ admission, rawBody }. Reads the body once; admission feeds runAdmission, rawBody is the exact ArrayBuffer to forward downstream (byte-identical — the native pipeline re-hashes it for spec 287).
  • createCloudflareRateLimiter(binding): SoftRateLimiter — wraps env.<NAME>.limit({ key }) for Stage-1 abuse limits (fail-soft, opaque buckets).
  • dispatchToBinding(fetcher, init): Promise<Response> — forwards the admitted request to the bound origin (env.MCP / env.A2A) over its Service Binding, setting the edge-minted x-correlation-id.

Usage (in the Worker)

import { extractAdmissionRequest, createCloudflareRateLimiter, dispatchToBinding } from '@agenticprimitives/edge-cloudflare';
import { runAdmission } from '@agenticprimitives/edge-runtime';

const { admission, rawBody } = await extractAdmissionRequest(request);
const result = await runAdmission(admission, {
  resolveRoute,                                   // app catalog → SurfaceDescriptor
  softLimiter: createCloudflareRateLimiter(env.EDGE_LIMITER),
});
if (!result.ok) return new Response('admission denied', { status: result.status });
return dispatchToBinding(env.MCP, {
  url: request.url, method: admission.method, headers: result.headers,
  correlationId: result.correlationId, rawBody,
});

Concrete hostnames + Service-Binding names live in the deployed Worker (apps/demo-edge), never here (ADR-0021). The downstream origin still runs the full Web3 authority pipeline — the edge only admits + shuttles.