Cloudflare Moltworker: Self-Hosted AI Agents Without Hardware

Running a persistent AI agent has always meant running a machine. You need something that stays online, processes background tasks, holds state across sessions, and doesn't disappear when your laptop closes. The typical answer involves a Mac mini in a closet, a dedicated Linux VPS, or a managed VM that you pay for even when idle.

Cloudflare changed that calculus in early 2026 with Moltworker, a proof-of-concept project that runs the Moltbot agent runtime entirely inside Cloudflare's infrastructure — no hardware, no servers to patch, no cold EC2 instances to babysit.

This guide covers what Moltworker is, how its two-component architecture works, what the Sandbox SDK makes possible, and the exact steps to deploy your own instance.

Effloow Lab PoC: Wrangler 4.87.0 confirmed via npx wrangler --version (7 packages). Moltworker GitHub repo architecture and Sandbox SDK wrangler.toml binding pattern verified against official Cloudflare documentation. Full deployment not run — requires Cloudflare account credentials and Workers Paid plan.

---

What Moltworker Is and Why It Matters

Moltworker is an open-source proof-of-concept published by Cloudflare at github.com/cloudflare/moltworker in January/February 2026. It is not a Cloudflare product and carries no production support guarantee. What it demonstrates is genuinely useful: a full AI agent runtime running on Cloudflare Workers and Containers.

Before Moltworker, deploying Moltbot — the underlying agent runtime — required a physical or virtual machine. The project page was explicit about this: "Mac mini or Linux server required." That is a real barrier. It means hardware costs, maintenance overhead, and either running something 24/7 or accepting cold-start delays every time the machine wakes up.

Moltworker eliminates that requirement. The agent runtime runs inside Cloudflare Sandbox containers, which are managed, globally distributed, and billed per compute unit rather than per reserved instance. For developers who already use Cloudflare Workers for edge logic, adding a persistent agent becomes a natural extension of the same deployment model.

The trade-off is real: you need the Workers Paid plan, containers have a 1–2 minute cold start, and the project is explicitly a PoC. But for developers comfortable with those constraints, Moltworker shows what cloud-native agent hosting looks like on Cloudflare's platform.

---

Architecture Deep-Dive: Worker, Sandbox SDK, and R2

Moltworker has two components that work together. Understanding the split is essential for knowing where to debug when something breaks.

Component 1: The Entrypoint Worker

The entrypoint Worker is a standard Cloudflare Worker that handles all public traffic. It acts as an API router and authentication gatekeeper. Every inbound request must carry a valid gateway token — the Worker validates this before forwarding anything to the Sandbox.

Once authenticated, the Worker proxies the request to the Sandbox container via a Durable Object binding. The Durable Object (SandboxManager) holds a reference to the live Sandbox instance, creating a stable connection between the stateless edge Worker and the stateful container.

The public endpoint takes this form:

https://your-worker.workers.dev/?token=YOUR_GATEWAY_TOKEN

This URL is what you give to Telegram, Discord, Slack, or any web interface connecting to the agent. The Worker handles TLS termination, global routing, and auth — all things that Cloudflare's edge infrastructure handles for free.

Component 2: Sandbox Containers

The Sandbox is where the Moltbot runtime actually executes. It is a container-based environment built on Cloudflare Containers, a different execution model from the classic V8 isolates that standard Workers use. Containers run a full Linux process environment, which means the agent runtime can do things that isolates cannot: execute shell commands, manage a filesystem, run background processes, and expose internal services.

The Sandbox SDK wraps this container in a clean TypeScript API. From the Worker's perspective, the Sandbox is an object with methods for command execution, file operations, and service proxying. The container lifecycle — startup, sleep, wake — is handled by the SDK and the Cloudflare platform, not by your code.

R2 for Persistent Storage

Agent state that needs to survive container restarts — memory logs, conversation history, task queues — lives in R2, Cloudflare's object storage service. The Moltbot runtime writes to R2 directly, so a container restart does not wipe the agent's operational history. R2 is S3-compatible and integrates with Workers without additional authentication setup inside the same account.

This three-layer architecture — Worker (routing and auth) + Sandbox (runtime) + R2 (persistence) — gives you a complete agent hosting stack without touching any external infrastructure.

---

wrangler.toml Configuration

The wrangler.toml for a Moltworker deployment is more involved than a standard Worker. It needs to declare the container image, the Durable Object class, and the database migration for the Durable Object storage.

name = "moltworker"
main = "src/index.ts"
compatibility_date = "2026-03-19"
compatibility_flags = ["nodejs_compat"]

[[containers]]
class_name = "SandboxManager"
image = "ghcr.io/cloudflare/moltworker-sandbox:latest"

[[durable_objects.bindings]]
name = "SANDBOX_MANAGER"
class_name = "SandboxManager"

[[migrations]]
tag = "v1"
new_sqlite_classes = ["SandboxManager"]

Key fields to understand:

• compatibility_date = "2026-03-19" — required for the Sandbox SDK APIs to function correctly. Using an older date may disable API surface the SDK depends on.
• compatibility_flags = ["nodejs_compat"] — enables Node.js built-in APIs inside the Worker runtime. Moltworker requires this for its dependency chain.
• [[containers]] — tells Wrangler to pull and deploy the specified container image alongside the Worker. The class_name must match the Durable Object class name in your TypeScript.
• [[migrations]] — Durable Objects backed by SQLite (the default since late 2024) require an explicit migration declaration. Without this, the first deployment fails.

---

Step-by-Step Deploy Guide

Deploying Moltworker involves five steps. Steps 1–3 are local setup; steps 4–5 require an authenticated Cloudflare account on the Workers Paid plan.

Step 1: Install dependencies

git clone https://github.com/cloudflare/moltworker
cd moltworker
npm install

This pulls Wrangler, the Sandbox SDK, and the Moltworker source. Current Wrangler version is 4.87.0.

Step 2: Set your API key

Add your AI provider key to the environment. Moltbot supports Anthropic, OpenAI, and others. For example:

npx wrangler secret put ANTHROPIC_API_KEY

Wrangler encrypts the secret and stores it in your Cloudflare account, available to the Worker at runtime as env.ANTHROPIC_API_KEY.

Step 3: Generate a gateway token

The gateway token is the password for your public endpoint. Generate it locally:

npm run generate-token

Store this token securely — you will need it every time you connect a chat client to the agent.

Step 4: Deploy

npm run deploy

Wrangler builds the TypeScript, uploads the Worker, and pushes the container image to Cloudflare's registry. The first deploy typically takes 2–4 minutes due to container image transfer.

Step 5: Connect your client

Access the agent at:

https://your-worker.workers.dev/?token=YOUR_GATEWAY_TOKEN

Point Telegram, Discord, or Slack at this URL using their respective webhook or bot configuration. The Moltbot runtime handles the protocol specifics for each platform.

---

Sandbox SDK Pattern in TypeScript

The Sandbox SDK is the glue between the entrypoint Worker and the container runtime. The Durable Object class imports Sandbox from @cloudflare/sandbox and wraps it in a standard DurableObject lifecycle.

import { Sandbox } from "@cloudflare/sandbox";
import { DurableObject } from "cloudflare:workers";

interface Env {
  SANDBOX: DurableObjectNamespace;
  R2_BUCKET: R2Bucket;
  ANTHROPIC_API_KEY: string;
}

export class SandboxManager extends DurableObject {
  private sandbox: Sandbox;

  constructor(state: DurableObjectState, env: Env) {
    super(state, env);
    this.sandbox = new Sandbox(env.SANDBOX);
  }

  async fetch(request: Request): Promise<Response> {
    // All requests proxy directly to the Moltbot container
    return this.sandbox.fetch(request);
  }
}

// Entrypoint Worker
export default {
  async fetch(request: Request, env: Env): Promise<Response> {
    const url = new URL(request.url);
    const token = url.searchParams.get("token");

    // Validate gateway token before touching the Sandbox
    if (token !== env.GATEWAY_TOKEN) {
      return new Response("Unauthorized", { status: 401 });
    }

    // Get or create the Sandbox Durable Object
    const id = env.SANDBOX.idFromName("moltbot-agent");
    const stub = env.SANDBOX.get(id);

    return stub.fetch(request);
  },
};

The pattern is intentionally simple. The Worker handles auth and routing; the Durable Object delegates everything to the Sandbox. The Sandbox SDK abstracts away container lifecycle, so the code above works regardless of whether the container is warming up, running, or being recreated after a sleep cycle.

---

Cold Starts: What to Expect and How to Handle Them

Cold starts are the most significant operational concern with Moltworker. When a Sandbox container starts from scratch, it takes 1–2 minutes before the Moltbot runtime is ready to accept requests. This is a container startup time, not a Worker startup time — the Worker itself responds in milliseconds, but it has to wait for the container to be ready before the agent can process anything.

There are two scenarios where cold starts occur:

1. First deploy: always a cold start as the container image is pulled and initialized.
2. After idle sleep: by default, Cloudflare puts idle containers to sleep to conserve resources. The next request triggers a cold start.

The recommended mitigation is straightforward: set SANDBOX_SLEEP_AFTER=never in your container environment configuration. This keeps the container warm indefinitely, trading a higher ongoing compute cost for zero cold-start latency. For agent workloads where responsiveness matters — especially chat bots on Telegram or Discord — this is the right default.

# In wrangler.toml, under the container binding
[vars]
SANDBOX_SLEEP_AFTER = "never"

If you accept intermittent cold starts (background task agents, non-interactive workflows), the default sleep behavior keeps costs lower.

---

When to Use Moltworker vs Alternatives

Moltworker is a PoC, not a production platform. The decision to use it depends heavily on your existing stack and tolerance for early-stage tooling.

Moltworker strengths

• No server provisioning or maintenance
• Deploys to Cloudflare's global network via a single Wrangler command
• Integrates natively with Workers, R2, AI Gateway, and Browser Rendering
• Gateway token auth included out of the box
• Supports Telegram, Discord, Slack, and web clients without extra configuration

Moltworker limitations

• Requires Workers Paid plan — no free-tier path
• 1–2 minute cold starts without SANDBOX_SLEEP_AFTER=never
• Proof-of-concept status: no SLA, no Cloudflare support, may break with platform changes
• Container image updates require redeployment
• Limited ecosystem documentation compared to Railway or Fly.io

Cloudflare Moltworker vs Railway

Railway is a managed PaaS where you deploy Docker containers and pay based on resource usage. It is straightforward and well-documented, with a free tier for low-traffic workloads. Railway does not integrate with Cloudflare's edge primitives (Workers, R2, AI Gateway) without additional configuration. If you are not already on Cloudflare, Railway is probably the faster path to a running agent.

Cloudflare Moltworker vs Fly.io

Fly.io offers low-latency global deployment with persistent volumes and a developer-friendly CLI. It has a more mature container platform than Cloudflare Containers and better documentation for stateful workloads. The Sandbox SDK does not have a Fly equivalent — you would wire up your own WebSocket or HTTP interface. Fly is the better option for complex agent architectures where you need fine-grained control over container behavior.

Cloudflare Moltworker vs Self-Hosted VPS

A self-hosted VPS (Hetzner, DigitalOcean, Linode) gives you full control, predictable pricing, and no cold-start behavior. The trade-off is operational overhead: you manage the OS, security updates, process supervision (systemd or Docker Compose), and uptime monitoring. For a single developer shipping fast, a VPS is often more reliable than a PoC platform. For a team already committed to Cloudflare's ecosystem, Moltworker removes the VPS entirely.

---

Cost and Plan Requirements

Moltworker requires the Workers Paid plan, which starts at $5/month. The Paid plan unlocks Durable Objects, Containers, and the Sandbox SDK — none of these are available on the Workers Free plan.

Beyond the base plan cost, usage-based charges apply:

• Durable Object compute: billed per request and per wall-clock duration while the Durable Object is active
• Container compute: billed per CPU-millisecond while the container is running (Cloudflare Containers pricing as of 2026)
• R2 storage: $0.015/GB/month for stored data, plus request charges (10M Class A operations free per month)
• Egress: Workers egress is generally free for traffic to the internet; R2 egress to Workers is free

For a single-agent deployment with SANDBOX_SLEEP_AFTER=never running 24/7, the container compute cost is the dominant variable. Actual costs depend on CPU utilization inside the container while the Moltbot runtime runs.

Cloudflare does not publish container-specific pricing on a per-hour basis in the same way as traditional VM providers. Check the Cloudflare pricing page and the Containers beta documentation for current rates before estimating production costs.

---

Frequently Asked Questions

Q: Is Moltworker ready for production use?

No. The GitHub repository is explicitly labeled as a proof-of-concept, not a Cloudflare product. It does not carry a production SLA, and breaking changes could occur as the underlying Sandbox SDK and Cloudflare Containers platform evolves. For production agent hosting, consider established options like Railway, Fly.io, or a dedicated VPS until Cloudflare's container platform reaches general availability stability.

Q: Can I run Moltworker without the Workers Paid plan?

No. The Sandbox SDK depends on Durable Objects and Cloudflare Containers, both of which require the Workers Paid plan. There is no way to run the Moltworker architecture on the free tier.

Q: How does the gateway token work, and is it secure?

The gateway token is a shared secret passed as a URL query parameter (?token=...). The entrypoint Worker validates the token on every request before proxying to the Sandbox. Since it travels in a URL, it is visible in server access logs. For higher-security deployments, consider moving to a header-based auth scheme or adding IP allowlisting at the Worker level. The PoC implementation uses the URL approach for simplicity, not as a security recommendation.

Q: What happens to my agent's memory when the container restarts?

In-memory state inside the Moltbot runtime is lost on container restart or sleep/wake. Persistent data should be written to R2. The Moltbot runtime handles this internally for conversation history and task state — but any custom state you add to the container process directly will not survive restarts unless you write it to R2 explicitly.

Q: Does Moltworker support AI Gateway for model calls?

Yes. Cloudflare AI Gateway is an optional but natural integration. Route your agent's model API calls through AI Gateway to get caching, rate limiting, observability, and fallback routing. The Worker and Sandbox can both access the AI Gateway endpoint — set the gateway URL as an environment variable in your Worker and pass it through to the container environment.

Q: Can I use Moltworker with models other than those from Anthropic?

Yes. Moltbot supports multiple AI providers. The API key for your chosen provider is configured as a Wrangler secret and injected into the container runtime at startup. OpenAI, Anthropic, and others are supported — check the Moltworker README for the current list of tested providers.

---

Key Takeaways

• Moltworker is a Cloudflare-published PoC (not a product) that runs the Moltbot agent runtime on Workers + Sandbox containers, eliminating the need for dedicated hardware.
• The architecture splits into two components: an entrypoint Worker (routing and auth) and a Sandbox container (Moltbot runtime and execution environment).
• R2 provides persistent storage for agent state across container restarts.
• The wrangler.toml requires compatibility_date = "2026-03-19", nodejs_compat, [[containers]], durable_objects.bindings, and [[migrations]] entries.
• Deployment is five steps: install, set API key, generate token, deploy, connect client.
• Cold starts take 1–2 minutes; set SANDBOX_SLEEP_AFTER=never to keep the container warm.
• Workers Paid plan is required; no free-tier path exists.
• For production workloads, Railway, Fly.io, or a self-hosted VPS are more stable alternatives until Cloudflare Containers reaches production-grade stability.

Bottom Line

Moltworker is the most interesting proof-of-concept in the Cloudflare ecosystem right now. If you are already running Workers and want to explore persistent agent hosting without touching a server, it is worth cloning and studying — especially the Sandbox SDK patterns, which will carry forward into whatever Cloudflare builds on top of this foundation. For anything serving real users today, the PoC label is genuine: cold starts, no SLA, and early-stage documentation make it a research project rather than a production choice. Watch this space closely; the architectural model it demonstrates is where a lot of serverless agent hosting is heading.