Edge Sandbox Runtime, Claude Agents as a Service
An agent-cloud / automation platform (OSS components)
Overview
The core edge runtime of the platform, the backend that runs Claude Code agents in isolated, per-user cloud sandboxes. It pairs a Cloudflare Worker control plane with a containerized agent runtime, giving each user their own durable, stateful sandbox addressable over WebSocket.
The Challenge
Running an autonomous coding agent on behalf of many users means giving each one a real, isolated execution environment (file system, bash, browser) that persists across turns, while strictly controlling concurrency, metering compute, and enforcing per-issuer authentication, all at the edge, without a heavy origin server.
What We Built
A Cloudflare Worker (src/) acting as the control plane: auth.ts (JWT validation against KV-stored issuer secrets), session.ts/sessions.ts/sessions-api.ts (session lifecycle), websocket.ts (real-time agent I/O), prompt.ts, git.ts, incubate.ts, storage.ts, plus billing.ts, metering.ts, and usage-api.ts for usage accounting, and concurrency.ts/semaphore.ts for throttling. Each user gets a dedicated Durable Object (Sandbox) bound to a Container built from a Dockerfile, with a second Durable Object (DeveloperSemaphore) gating concurrent developer sessions. The container side (container/) runs a bridge server, coordinator, and launcher that host the Claude Code agent and patch the agent SDK for the sandbox. Bindings (from wrangler.jsonc) include R2 (CLAUDE_SESSIONS bucket for session persistence), D1 (chuckybox-billing with SQL migrations for sessions and usage), and KV (issuer secrets), served on a custom domain with observability enabled.
Technologies & Approach
A fully edge-native architecture on Cloudflare: Durable Objects provide the per-user stateful coordination and SQLite storage, Containers provide the actual agent execution sandbox, R2 persists session state, D1 backs billing/metering, and KV holds issuer keys for stateless JWT validation. Semaphore Durable Objects enforce fair concurrency. This keeps the entire agent platform serverless and globally distributed.
Outcome / Impact
Delivers the platform’s central promise, Claude Code agents available on demand, each user fully isolated, with built-in metering and billing, running entirely on edge infrastructure rather than a traditional server fleet.
Capabilities Demonstrated
- Per-user isolated agent sandboxes via Durable Objects + Containers
- Edge-native architecture (Workers, R2, D1, KV) end to end
- Real-time agent I/O over WebSocket
- Usage metering and billing at the edge
- Concurrency control with semaphore Durable Objects
- Stateless JWT auth against per-issuer KV secrets