Cloudflare Dynamic Worker Loader: Sandboxing AI Agents with Isolates
What Dynamic Worker Loader Does
Dynamic Worker Loader is an API that enables a Cloudflare Worker to create a new Worker with code specified at runtime, running in its own secure sandbox. This addresses the security need for executing AI-generated code without exposing your application to vulnerabilities.
Technical Implementation
The feature uses isolates—instances of the V8 JavaScript execution engine—as the underlying sandboxing mechanism. Isolates start in a few milliseconds and use a few megabytes of memory, making them approximately 100x faster and 10x-100x more memory efficient than typical Linux containers.
Here's the basic code pattern from the source:
// Have your LLM generate code like this.
let agentCode: string = `
export default {
async myAgent(param, env, ctx) {
// ...
}
}
`;
// Load a worker to run the code
let worker = env.LOADER.load({
compatibilityDate: "2026-03-01",
mainModule: "agent.js",
modules: {
"agent.js": agentCode
},
env: {
CHAT_ROOM: chatRoomRpcStub
},
globalOutbound: null,
});
// Call RPC methods exported by the agent code
await worker.getEntrypoint().myAgent(param);
Key Capabilities
- No global concurrency limits: Unlike container-based solutions, there are no limits on concurrent sandboxes or creation rate
- Zero latency: Dynamic Workers typically run on the same machine and thread as the creating Worker
- Global deployment: Supported in all of Cloudflare's hundreds of locations worldwide
- Security controls: Can block internet access (globalOutbound: null) or intercept it
- RPC-based API access: Agents can access specific APIs through RPC stubs defined in the env parameter
Context and Limitations
This approach builds on Cloudflare's Code Mode concept where agents write code instead of making tool calls. The main limitation versus containers is that agents need to write JavaScript (though Workers technically support Python and WebAssembly). For small code snippets generated by AI agents, JavaScript loads and runs faster.
📖 Read the full source: HN AI Agents
👀 See Also
Lat.md: A Markdown-Based Knowledge Graph for Codebases
Lat.md creates a knowledge graph for codebases using interconnected markdown files in a lat.md/ directory. It addresses scaling issues with monolithic documentation by linking sections with [[wiki links]], connecting to source code via comments like // @lat: [[section-id]], and providing CLI tools for validation and search.
Developer Builds LibraHQ App to Solve AI Agent Memory Problem
A developer created LibraHQ, a free notes app that serves as a shared memory layer between chatbots and coding agents. The app records important notes and decisions from chats and stores them for future sessions, addressing the problem of AI agents forgetting previously made decisions.
Benchmark Results: 331 GGUF Models Tested on Mac Mini M4 16GB
A benchmark of 331 GGUF models on a Mac Mini M4 with 16GB RAM reveals only 11 Pareto-optimal models, all Mixture-of-Experts architectures. Mixture-of-Experts models dominate performance with median 20.0 tokens/second versus 4.4 for dense models.
Local-first AI tax preparer with encrypted PII built on MCP
A developer built a tax filing extension for Crow that encrypts all PII with AES-256-GCM and works with any MCP-compatible client including Claude, ChatGPT, Gemini, or local models through Ollama. The system handles 1040, Schedule 1, HSA (8889), education credits (8863), self-employment (Schedule C/SE), and capital gains (Schedule D) calculations locally.