Tools of the Trade

How it works

Every demo here is a real, working proof-of-concept on Cloudflare's actual platform. Not slideware. The whole site runs on Cloudflare Pages + Pages Functions; each bounty below is one primitive doing one job at the edge.

👤 Visitor → 🌐 Cloudflare Pages + Functions (the edge) → one primitive per bounty:

🛡️ Turnstile → The Toll Collector invisible human check ⚡ Workers → The Rustler classify AI crawlers at the edge 🗄️ D1 ×2 (EU / US) → The Two-Faced Drifter data residency by jurisdiction 📚 AI Search + R2 + Workers AI → Snake-Oil Sam grounded answers, cited or refused 🐢 Cache / CDN → The Slowpoke slow render cached at the edge 🐎 Rate Limiting → The Stampede throttle floods before origin 📦 D1 (atomic stock) → The Hoarder no oversell, one atomic write 🔥 Workers AI + Aura-2 → static → Campfire joke bot voice baked once, $0 per use 🎯 D1 + edge rate-limit → Defend the Edge atomic leaderboard writes

Scale-to-zero serverless: idle costs nothing. No Workers Paid plan required — the only recurring cost is the domain. (The Campfire voice is the one paid model, Deepgram Aura-2, and it's pre-baked to static audio so there's $0 per-use spend.)

Turnstile

Invisible verification

Try the live demo →

How it works

One script tag in your form, one check on your server. No infrastructure to run.

👤

Visitor

your form

loads

→

🛡️

Turnstile

Cloudflare edge

token

→

🖥️

Your server

/siteverify

→

Verified → allowed

Failed → blocked

Add it to your site

~10 lines · no infrastructure

Client: drop into your form

<script src="https://challenges.cloudflare.com/turnstile/v0/api.js" defer></script>
<div class="cf-turnstile" data-sitekey="YOUR_SITEKEY"></div>

Server: verify the token on submit

const r = await fetch('https://challenges.cloudflare.com/turnstile/v0/siteverify', {
  method: 'POST',
  body: new URLSearchParams({ secret: env.TURNSTILE_SECRET, response: token }),
}).then((res) => res.json());

if (!r.success) return new Response('Blocked', { status: 403 });

Paste the widget into your form

Verify the token when the form submits

Ship. There is nothing to host.

Works with:Static HTMLNext.jsWordPressAny backend

Official Cloudflare docs

Turnstile · Get started Server-side validation (siteverify)

Workers

AI-crawler control

Try the live demo →

How it works

Identify AI crawlers at the edge and decide per-caller: allow, charge, or block.

🤖

Caller

by User-Agent

request

→

🌐

Cloudflare edge

classify

→

Human → allowed

AI training → 402 license

Disallowed bot → 403

Add it to your site

1 dashboard toggle, or ~15 lines

No code: Cloudflare dashboard

Security → Bots → "Block AI bots" / "Pay per crawl"
One toggle. Cloudflare maintains the crawler signatures for you.

Custom policy: a Worker

const ua = request.headers.get('user-agent') || '';
const bot = classifyAiCrawler(ua); // GPTBot, ClaudeBot, CCBot, PerplexityBot…

if (bot?.policy === 'block')   return new Response('Forbidden', { status: 403 });
if (bot?.policy === 'license') return new Response('Payment required', { status: 402 });
return fetch(request); // humans pass straight through

Flip the AI-bots toggle in the dashboard (zero code)

Or deploy a Worker for custom allow / charge / block

Read the analytics: see exactly who is crawling you

Works with:Any site on CloudflareWorkersPages

Official Cloudflare docs

AI Crawl Control overview Block AI bots Pay per crawl

Data residency

Try the live demo →

How it works

Route each write to the data store in the visitor's own jurisdiction, decided at the edge.

👤

Visitor

write

POST

→

⚡

Worker

reads request.cf.country

route

→

🇪🇺 EU → D1 Dublin

🇺🇸 Else → D1 N. Virginia

Add it to your site

~20 lines + 2 D1 bindings

Worker: route by jurisdiction

const country = request.cf.country;          // free, at the edge
const eu = ['DE', 'FR', 'IE', 'NL' /* …EEA */];
const db = eu.includes(country) ? env.RESIDENCY_EU : env.RESIDENCY_US;

await db.prepare('INSERT INTO records (data) VALUES (?)').bind(payload).run();

wrangler.jsonc: two located databases

"d1_databases": [
  { "binding": "RESIDENCY_EU", "database_name": "app-eu" }, // created --location weur
  { "binding": "RESIDENCY_US", "database_name": "app-us" }  //         --location enam
]

Create two D1 databases with EU / US location hints

Bind both in wrangler

Route on request.cf.country, resolved at the edge, no geo-IP service

Works with:WorkersPages FunctionsD1

Official Cloudflare docs

D1 data location & jurisdictions request.cf properties Data Localization Suite

AI Search (AutoRAG)

Grounded trust assistant

Try the live demo →

How it works

Point AI Search at your docs; it answers with citations, or refuses when the answer is not there.

💬

Question

from a user

query

→

⚡

Worker

aiSearch()

retrieve + generate

→

📚

AI Search

corpus + LLM

→

Grounded answer + citations

Not in docs → refuses

Add it to your site

dashboard setup + ~15 lines

Dashboard: create an AI Search instance

AI → AI Search → New
Data source: your R2 bucket or uploaded docs
Cloudflare chunks, embeds, and indexes them for you.

Worker: one call

const res = await env.AI.autorag('your-instance').aiSearch({
  query: question,
});

return Response.json({ answer: res.response, citations: res.data });

Create an AI Search instance pointed at your docs

Call aiSearch() from a Worker

Render the answer + citations; refusals come from your system prompt

Works with:Workers AIAI Search (AutoRAG)R2

Official Cloudflare docs

AI Search (overview)aiSearch() Workers binding

Workers AI · pre-baked static

Campfire joke bot

How it works

A joke bot whose voice runs on Cloudflare. Generated once with Workers AI, then served as static audio for $0 per use.

🤖

Workers AI

Llama 3.3 70B

writes joke

→

🗣️

Aura-2 TTS

voices it

baked once

→

📦

Static files

on Pages

served

→

Setup → spoken

Punchline → on reveal

Add it to your site

pre-baked → $0 per use

Generate the line (Workers AI · Llama)

const r = await env.AI.run('@cf/meta/llama-3.3-70b-instruct-fp8-fast', {
  messages: [{ role: 'system', content: COWBOY_PROMPT }, { role: 'user', content: 'Tell me a joke.' }],
});

Voice it once (Deepgram Aura-2)

const audio = await env.AI.run('@cf/deepgram/aura-2-en', { text, speaker: 'zeus' });
// baked to /cowboy/jokes/<id>-zeus-<line>.mp3 -> served static, no per-use spend

Generate the joke pool with Workers AI (Llama)

Voice each line once with Deepgram Aura-2 (TTS)

Ship the audio as static files: $0 recurring, instant playback

Works with:Workers AIDeepgram Aura-2Pages (static)

Official Cloudflare docs

Workers AI · text generation Aura-2 (Deepgram) TTS

Defend the Edge leaderboard

Try the live demo →

How it works

A global leaderboard on D1: every submit is one atomic insert, with hashed-IP rate limiting at the edge.

🎯

Player

submits score

POST

→

⚡

Worker

rate-limit

check

→

🗄️

atomic INSERT

insert

→

Saved → rank returned

Too many → 429

Add it to your site

D1 · no read-modify-write race

Atomic insert (no lost-update race)

await env.LEADERBOARD_DB
  .prepare('INSERT INTO leaderboard_scores (name, score, ip_hash, ts) VALUES (?, ?, ?, ?)')
  .bind(name, score, ipHash, ts).run();

Edge rate-limit (privacy-safe)

const ipHash = await sha256(request.headers.get('CF-Connecting-IP')); // never store raw IP
const recent = await db.prepare('SELECT COUNT(*) c FROM leaderboard_scores WHERE ip_hash=? AND ts>?')
  .bind(ipHash, Date.now() - 60_000).first();
if (recent.c >= 8) return json({ ok: false, error: 'rate limited' }, 429);

Create a D1 database for scores

INSERT per submit: atomic, so concurrent writes never clobber

Rate-limit per hashed IP to stop flooding

Works with:D1Pages FunctionsWeb Crypto

Official Cloudflare docs

D1 (overview)D1 · prepared statements

← Back to all bounties