Cloudflare Workers
Run the SDK at the edge without leaking sessions or caching private responses.
A
J@cavuno/board has no runtime dependencies and uses the platform Fetch API, so it can run directly in a Worker. Keep the shared client stateless, pass each visitor’s authorization per request, and use Cloudflare cache controls only for anonymous reads.
Create the Worker client
12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152import { createBoardClient, isBoardApiError } from '@cavuno/board';import { parseSessionCookie } from '@cavuno/board/server';interface Env {PUBLIC_CAVUNO_BOARD: string;}function client(env: Env) {return createBoardClient({board: env.PUBLIC_CAVUNO_BOARD,auth: { storage: 'nostore' },});}export default {async fetch(request, env): Promise<Response> {const url = new URL(request.url);const board = client(env);try {if (request.method === 'GET' && url.pathname === '/api/jobs') {const jobs = await board.jobs.list({ limit: 20, sort: 'newest' },{ cf: { cacheTtl: 60 } },);return Response.json(jobs);}if (request.method === 'GET' && url.pathname === '/api/me') {const session = parseSessionCookie(request.headers.get('cookie'));if (!session) return Response.json({ user: null });const user = await board.me.retrieve(undefined, {cache: 'no-store',headers: { authorization: `Bearer ${session.accessToken}` },});return Response.json({ user });}return new Response('Not found', { status: 404 });} catch (error) {if (!isBoardApiError(error)) {return new Response('Upstream request failed', { status: 502 });}return Response.json({ error: { code: error.code, requestId: error.requestId } },{ status: error.status },);}},} satisfies ExportedHandler<Env>;
The cf property is a Workers extension to RequestInit; use types generated by the installed Wrangler version. The SDK forwards the property without interpreting it.
Separate the two cache layers
Cloudflare’s cf options control the subrequest to Cavuno. The response your Worker returns has its own cache headers. Configure them separately. Never attach a shared TTL or public response header to saved jobs, applications, employer data, or any request that reads a cookie or authorization header.
Keep shared clients stateless
A Worker isolate can serve concurrent users. A module-scoped client is safe only with auth.storage: 'nostore'; pass the current access token in that call’s headers. Never mutate shared client state with a visitor session.
Verify on the deployed runtime
- Run the Worker typecheck with types generated by the current Wrangler configuration.
- Request
/api/jobstwice and inspect Cloudflare cache status and origin logs. - Request
/api/mefor two users and confirm their responses never cross. - Inspect responses and logs for access or refresh tokens.
- Trigger an API error and confirm logs retain the Cavuno
codeandrequestId.