Cloudflare Workers application implementing an autonomous security agent for API protection with Shadow AI detection and honeypot deception capabilities.
This project demonstrates a sophisticated Zero Trust Security Agent that autonomously protects APIs from threats including:
- π€ Shadow AI Detection - Identifies LLM-driven automated attacks
- π‘οΈ Real-time Threat Analysis - Uses Cloudflare's AI models for intelligent decisions
- π― Deception Honeypots - Wastes attacker time with convincing fake responses
- π Dynamic Trust Scoring - Maintains IP reputation using Durable Objects
- β‘ High Performance - Optimized for speed with parallel processing
βββββββββββββββββββ ββββββββββββββββββββ βββββββββββββββββββ
β Client ββββββ Security Agent ββββββ Origin API β
β Request β β (Worker) β β (Protected) β
βββββββββββββββββββ ββββββββββββββββββββ βββββββββββββββββββ
β
βββ Durable Objects (Trust Tracking)
βββ Workers AI (Threat Analysis)
βββ AI Gateway (Enterprise Controls)
βββ KV Storage (Security Logs)
βββ Honeypot Service (Deception)
src/index.ts- Main entry point with optimized request routingsrc/securityAgent.ts- Autonomous security analysis and decision enginesrc/durableObjects.ts- Trust tracking and persistent state managementsrc/aiGateway.ts- Enterprise AI integration with observabilitysrc/honeypot.ts- Deceptive response generation systemsrc/types.ts- TypeScript definitions and interfaces
- Bun installed (
https://bun.sh) - Cloudflare account with Workers and AI enabled
- Wrangler CLI configured (
npx wrangler login)
# Clone or download the project
cd cf_ai_job_appl
# Install dependencies (minimal - Bun has most built-in)
bun install
# Verify setup
bun run test-all# Run all tests (unit + integration)
bun run test-all
# Build the project
bun run build
# Type checking
bun run type-check
# Test standalone logic (no deployment needed)
bun run test-standalone
# Start local development server
bun run devThe project includes comprehensive testing without requiring your Cloudflare credentials:
bun testTests the core security agent logic with mocked services.
bun run test-standaloneTests the complete security flow including:
- β Legitimate request processing
- β Suspicious bot detection
- β Malicious path blocking
- β XSS attempt prevention
bun run test-allRuns both unit and integration tests.
Update wrangler.toml with your actual resource IDs:
# Replace these mock values with your actual IDs
[[ai.bindings]]
type = "ai_gateway"
name = "AI_GATEWAY"
gateway_id = "your-actual-gateway-id" # β Replace this
gateway_token = "your-actual-gateway-token" # β Replace this
[[kv_namespaces]]
binding = "SECURITY_LOGS"
id = "your-actual-kv-namespace-id" # β Replace this
preview_id = "your-preview-kv-namespace-id" # β Replace this# Create KV namespace for security logs
npx wrangler kv:namespace create "SECURITY_LOGS"
npx wrangler kv:namespace create "SECURITY_LOGS" --preview
# Create AI Gateway (via Cloudflare dashboard)
# Go to AI > AI Gateway > Create Gateway# Deploy to Cloudflare Workers
bun run deploy
# Or with Wrangler directly
npx wrangler deployThe agent makes intelligent, autonomous decisions based on real-time analysis:
| Decision | Trigger | Response |
|---|---|---|
| Allow | Low risk (0-35) | Process normally |
| Monitor | Low-moderate risk (35-60) | Enhanced logging |
| Honeypot | Moderate risk (60-80) | Deploy deception |
| Block | High risk (80+) | Deny access |
- User Agent Patterns - Detects automated tools, bots, scripts
- Path Analysis - Identifies suspicious endpoints (
/admin,/wp-admin, etc.) - Payload Inspection - Scans for XSS, SQL injection, command injection
- Request Patterns - Analyzes frequency, headers, behavior
- Trust History - Maintains per-IP reputation scores
When deploying deception, the agent can:
- Fake Data Response - Convincing but fabricated API data
- Fake Errors - Realistic error messages with delays
- Slow Response - Artificial processing delays
- Redirect Loops - Waste computational resources
- AI-Generated - Custom deceptive responses via LLM
Set these in your wrangler.toml:
[vars]
HONEYPOT_MODE = "true" # Enable/disable honeypot responses
LOG_LEVEL = "debug" # Logging: debug, info, warn, error
THREAT_THRESHOLD = "5" # Score threshold for auto-blocking (0-100)# Development
[env.development]
vars = { HONEYPOT_MODE = "true", LOG_LEVEL = "debug" }
# Production
[env.production]
vars = { HONEYPOT_MODE = "true", LOG_LEVEL = "info" }All security events are logged to multiple destinations:
- KV Namespace - Long-term storage (30 days retention)
- AI Gateway - AI call observability and usage tracking
- Durable Objects - Real-time state and trust scores
monitor:ip:timestamp- Enhanced monitoring eventshoneypot:ip:timestamp- Deception activationsai_request:request_id- AI analysis callsai_error:request_id- AI service failures
Access through Cloudflare dashboard:
- Request volume and patterns
- Security decision distribution
- AI Gateway usage and costs
- Durable Object performance
Once deployed, test the security agent:
curl -H "User-Agent: Mozilla/5.0" https://your-worker.your-subdomain.workers.dev/api/users
# Expected: 200 OK with normal responsecurl -H "User-Agent: python-requests/2.28.0" https://your-worker.your-subdomain.workers.dev/admin
# Expected: 403 Blocked or honeypot responsecurl https://your-worker.your-subdomain.workers.dev/wp-admin
# Expected: 403 Blocked immediatelycurl -X POST -H "Content-Type: application/json" \
-d '{"query":"<script>alert(\"xss\")</script>"}' \
https://your-worker.your-subdomain.workers.dev/search
# Expected: 403 Blocked or honeypotThe application is optimized for production use:
- Quick Pre-checks - Obviously malicious requests blocked in <1ms
- Smart AI Usage - AI only called for moderate+ risk requests
- Parallel Processing - Multiple operations run concurrently
- Efficient Risk Scoring - Fast pattern matching algorithms
- Minimal Dependencies - Uses Bun's built-in tools
- Selective AI Calls - Reduces AI Gateway costs
- Optimized Durable Objects - Efficient state management
- Smart Caching - Reduces redundant calculations
- Memory - ~10MB typical usage
- CPU - ~5ms average processing time
- AI Calls - Only for requests scoring >30 risk points
- Storage - Automatic cleanup with TTL
Tests Failing
# Verify TypeScript compilation
bun run type-check
# Run standalone tests
bun run test-standaloneDeployment Issues
# Check Wrangler authentication
npx wrangler whoami
# Verify resource IDs in wrangler.toml
npx wrangler kv:namespace listPerformance Issues
# Monitor via Cloudflare dashboard
# Adjust THREAT_THRESHOLD in wrangler.toml
# Review AI Gateway usage patternsEnable debug logging:
[vars]
LOG_LEVEL = "debug"View logs:
npx wrangler tail- Custom risk scoring rules
- Geographic threat analysis
- Rate limiting integration
- Custom honeypot templates
- Machine learning model training
- Threat intelligence feeds
- Multi-tenant support
- Advanced analytics dashboard
git clone <repository>
cd cf_ai_job_appl
bun install
bun run test-all- Use TypeScript for all new code
- Follow the existing patterns
- Add tests for new features
- Update documentation
All changes must pass:
bun run test-all # Unit + integration tests
bun run type-check # TypeScript validation
bun run build # Compilation checkMIT License - See LICENSE file for details.
- Cloudflare Workers Documentation
- Durable Objects Guide
- Workers AI Documentation
- AI Gateway Documentation
- Bun Documentation
Built with β€οΈ for Cloudflare's Zero Trust Security platform