WorkerFlow is an event-driven automation control plane on Cloudflare Workers.
Design goals:
- keep execution stateless and horizontally scalable
- preserve strong run/idempotency history in D1
- support both human-operated and agent-operated workflows
- API Worker: ingress policy, auth/signature checks, idempotency, sync/async split
- Queue Consumer: asynchronous execution adapter
- Workflow Worker: route/schedule dispatch and handler execution
- Scheduler Worker: cron-to-task producer
- Ops Dashboard Worker: operational reads + retry/cron-run writes
- D1: run ledger, idempotency keys, cursor state, dead letters, replay lineage
HTTP route (async):
POST /api/{route}- API validates and checks auth/signature/rate limits
- API writes idempotency marker
- API enqueues
http_routetask - queue consumer invokes workflow
- workflow executes handler and records run state
HTTP route (sync):
POST /api/{route}- API validates and forwards task to workflow
/run-sync - workflow executes immediately and returns payload
Scheduled job:
- scheduler cron tick
- scheduler enqueues
scheduled_job - queue consumer invokes workflow
- workflow executes schedule handler
- handler failures are persisted to dead letters
- replay APIs allow controlled reprocessing
- route/schedule enablement checks guard stale or disabled tasks
- ingress token + HMAC signature on API worker
- optional API rate limiting
- dashboard read/write token separation
WorkerFlow is single-tenant by default.
For multi-tenant use-cases, introduce tenant partitioning at:
- ingress identity (
x-tenant-id+ signed claims) - task payload metadata
- D1 query filters and run/dead-letter views
- per-tenant secret routing and policy checks