Cloudflare Workers + Sandbox

Deploy to Cloudflare Workers with Durable Object sessions and Cloudflare Sandbox.

The Cloudflare target emits an unbundled Worker entrypoint, a Durable Object session store, and a Cloudflare Sandbox container binding. Wrangler owns the Cloudflare bundle; Fabric Harness just emits the entry, bindings, and config.

Status: experimental. Build and fh dev --target cloudflare work. Durable Object store parity is improving. R2-backed artifact storage and R2 filesystem sources are available; full backup/restore parity remains roadmap.

Build

fh build --target cloudflare
cd .fabricharness/build/cloudflare
npm install @cloudflare/sandbox @fabric-harness/cloudflare @fabric-harness/sdk

Output:

.fabricharness/build/cloudflare/
  dist/worker.ts
  wrangler.jsonc
  Dockerfile         # default Cloudflare Sandbox image
  manifest.json
  README.cloudflare.md

Develop locally

npx wrangler dev

Deploy

npx wrangler deploy

Routes

GET /health
GET /manifest
POST /agents/:agent/:id

Enabling Cloudflare Sandbox

In .fabricharness/config.ts:

export default {
  sandbox: {
    backend: 'cloudflare',
    mode: 'sandbox',
    binding: 'Sandbox',
    cwd: '/workspace',
  },
};

If Cloudflare Sandbox isn't configured, the Worker falls back to Fabric's empty sandbox.

How it maps to Fabric primitives

Fabric primitive	Cloudflare equivalent
Session store	Durable Object (one DO instance per session id)
`SandboxEnv`	Cloudflare Sandbox container binding via `@cloudflare/sandbox`
Webhook trigger	`POST /agents/:agent/:id`
Health/manifest	`GET /health`, `GET /manifest`

Limits and considerations

Worker request/CPU limits apply; long-running workflows belong on the Temporal worker target.
Sandbox container start latency depends on the Cloudflare image; warm pools help.
Persistent filesystem and full backup/restore are deferred — design agents to be replayable from the session log rather than disk state.