Welcome to Day 1 of Cloudflare's Agents Week, an entire week dedicated to announcements & product launches on the Cloudflare developer platform! I'll cover the announcements in detail, we're starting off the week with: 🚀 Durable Object Facets in Beta 📦 Sandbox/Containers GA 🔐 Secure Auth for Sandboxes Let's take a closer look at each 🚀 Durable Objects Facets in Beta 🚀 Durable Object Facets allow any Durable Object to create child Durable Objects on-the-fly inside a Durable Object, with each Facet having their own isolated storage. At this stage, Facets are limited for use within a Dynamic Worker, but perhaps in future it will be possible to do it outside of Dynamic Workers. With today's release, @KentonVarda covers what it's aiming to solve succinctly: Facets are useful when you want dynamically-generated code — for example, code written by an AI agent — to have persistent storage, without giving it direct access to a Durable Object namespace. Your supervisor loads the code, creates the facet, and forwards requests into it. You stay in control of what the dynamic code can do. To make this more "real", here's a couple of examples where I think Facets would be really useful: 1. Dynamic subagents, with persistent storage. Let's say you have a generalist (implemented by the Durable Object) that needs to carry out a series of tasks, and wants to employ subagents - it can do so by creating a Facet for each one (researcher, reviewer etc.) and have it be able to store things in SQLite it needs to remember across requests. Once it's done with that subagent, it can just destroy the Facet. 2. Agent memory, you probably don't want to allow your AI agent to access the same storage as your main Durable Object - so instead, you allow it to write SQL queries and simply execute those inside a Facet. Safe, fast and secure. There's probably a ton more use cases, but those were two that came to mind initially to bring it more to life. 📦 Cloudflare Sandboxes/Containers are now GA 📦 Sandboxes allow you to run untrusted code and libraries within a safe, secure and isolated environment. We just talked about Dynamic Workers, that are a very lightweight sandbox, but there are varying flavours - with Cloudflare's Sandbox product being another. If you want to write code in languages not supported by the Workers runtime, or need a full Linux environment due to dependencies or other concerns, then this is where you reach for Sandboxes. They have a ton of features, such as: - PTY support, giving the Sandbox a terminal - Filesystem watching - Snapshots - Persistent code interpreters Both Containers and Sandboxes are GA, which means they are at the point they are ready for production workloads. 🔐 Secure Auth for Sandboxes 🔐 A recent release enabled Cloudflare Sandboxes to intercept traffic leaving a sandbox using a Worker, allowing credentials to be injected outside of the sandbox itself. This keeps your credentials safe and unexposed to the sandbox itself. Today's release takes this a step further with a bunch more capabilities. To start, Outbound Workers can now intercept HTTPS traffic as well as HTTP traffic. Before this, you effectively had to upgrade from HTTP to HTTPS in the Worker but this is no longer an issue as each sandbox instance has a unique ephemeral certificate authority (CA) and private key. The CA is trusted by the Sandbox by default, and the private key never leaves the sandbox. If you need to access resources stored within Cloudflare's developer platform, such as R2 or D1, you can do so by allowing the Sandbox to call endpoints that your Outbound Worker intercepts, calls any bindings to retrieve the data, and then returns it to the Sandbox. The sandbox has no idea this interception has happened, and simply gets the data it needs. Rather than having to instrument everything yourself, you can now effortlessly add allow and deny lists to restrict your Sandbox's access to the internet. If you add hosts to the allow list, any other hosts are denied by default, with support for glob patterns. Lastly, you can programatically add and remove Outbound Workers at runtime which avoids sandbox restarts in the event you need to modify the egress policy at runtime. That's it for today, check back tomorrow for more insights + I plan to demo some of this week's announcements with a demo app over the week!
