Cloudflare Dynamic Worker Loader: Sandboxing AI Agents with Isolates
What Dynamic Worker Loader Does
Dynamic Worker Loader is an API that enables a Cloudflare Worker to create a new Worker with code specified at runtime, running in its own secure sandbox. This addresses the security need for executing AI-generated code without exposing your application to vulnerabilities.
Technical Implementation
The feature uses isolates—instances of the V8 JavaScript execution engine—as the underlying sandboxing mechanism. Isolates start in a few milliseconds and use a few megabytes of memory, making them approximately 100x faster and 10x-100x more memory efficient than typical Linux containers.
Here's the basic code pattern from the source:
// Have your LLM generate code like this.
let agentCode: string = `
export default {
async myAgent(param, env, ctx) {
// ...
}
}
`;
// Load a worker to run the code
let worker = env.LOADER.load({
compatibilityDate: "2026-03-01",
mainModule: "agent.js",
modules: {
"agent.js": agentCode
},
env: {
CHAT_ROOM: chatRoomRpcStub
},
globalOutbound: null,
});
// Call RPC methods exported by the agent code
await worker.getEntrypoint().myAgent(param);
Key Capabilities
- No global concurrency limits: Unlike container-based solutions, there are no limits on concurrent sandboxes or creation rate
- Zero latency: Dynamic Workers typically run on the same machine and thread as the creating Worker
- Global deployment: Supported in all of Cloudflare's hundreds of locations worldwide
- Security controls: Can block internet access (globalOutbound: null) or intercept it
- RPC-based API access: Agents can access specific APIs through RPC stubs defined in the env parameter
Context and Limitations
This approach builds on Cloudflare's Code Mode concept where agents write code instead of making tool calls. The main limitation versus containers is that agents need to write JavaScript (though Workers technically support Python and WebAssembly). For small code snippets generated by AI agents, JavaScript loads and runs faster.
📖 Read the full source: HN AI Agents
👀 See Also
TigrimOS v1.1.0 and Tiger CoWork v0.5.0 released with remote agent swarms and configurable governance
TigrimOS v1.1.0 and Tiger CoWork v0.5.0 released today add swarm-to-swarm communication between remote instances and five configurable governance protocols. Both are self-hosted, free, and open source.
Building a Programming Language with Claude Code: The Cutlet Experiment
Ankur Sethi built a complete programming language called Cutlet using Claude Code over four weeks, with the AI generating every line of code while he focused on guardrails and testing. The language features dynamic typing, vectorized operations, and a REPL, running on macOS and Linux.
Qwen 3.5 35B Running on 8GB VRAM with llama.cpp Configuration
A developer shares their llama.cpp configuration for running Qwen 3.5 35B (Q4_K_M GGUF) on an RTX 4060m with 8GB VRAM, achieving 700 t/s prompt processing and 42 t/s generation, and discusses using Cline in VSCode with kat-coder-pro and qwen3.5 modes.
Leadership App with 90+ Lessons from 20+ Books Runs in Claude
A developer created a leadership app that runs inside Claude, featuring 90+ lessons extracted from 20+ books on leadership, habits, discipline, influence, team culture, and wealth mindset. The app provides daily lessons with specific actions, streak tracking, journaling, and search capabilities.