@agenticprimitives/edge-cloudflare
The Cloudflare adapter for @agenticprimitives/edge-runtime (spec 288 §5). It maps the
platform runtime onto the vendor-neutral admission core — and owns no authority
(ADR-0043).
API
extractAdmissionRequest(request): Promise<ExtractedRequest>—{ admission, rawBody }. Reads the body once;admissionfeedsrunAdmission,rawBodyis the exact ArrayBuffer to forward downstream (byte-identical — the native pipeline re-hashes it for spec 287).createCloudflareRateLimiter(binding): SoftRateLimiter— wrapsenv.<NAME>.limit({ key })for Stage-1 abuse limits (fail-soft, opaque buckets).dispatchToBinding(fetcher, init): Promise<Response>— forwards the admitted request to the bound origin (env.MCP/env.A2A) over its Service Binding, setting the edge-mintedx-correlation-id.
Usage (in the Worker)
import { extractAdmissionRequest, createCloudflareRateLimiter, dispatchToBinding } from '@agenticprimitives/edge-cloudflare';
import { runAdmission } from '@agenticprimitives/edge-runtime';
const { admission, rawBody } = await extractAdmissionRequest(request);
const result = await runAdmission(admission, {
resolveRoute, // app catalog → SurfaceDescriptor
softLimiter: createCloudflareRateLimiter(env.EDGE_LIMITER),
});
if (!result.ok) return new Response('admission denied', { status: result.status });
return dispatchToBinding(env.MCP, {
url: request.url, method: admission.method, headers: result.headers,
correlationId: result.correlationId, rawBody,
});
Concrete hostnames + Service-Binding names live in the deployed Worker (apps/demo-edge), never here
(ADR-0021). The downstream origin still runs the full Web3 authority pipeline — the edge only admits + shuttles.