SYSTEM Cited by 2 sources

Cloudflare Workers VPC

Cloudflare Workers VPC (documentation) is Cloudflare's primitive for connecting Workers directly to private cloud or on-premises VPC resources — internal databases, admin APIs, microservices that intentionally have no public endpoint — without requiring a VPN or bastion host in the operator's network.

The traffic is post-quantum-encrypted. From the agent / Worker's perspective, calling a Workers-VPC-connected backend looks like any other outbound fetch. From the operator's network perspective, the connection terminates at a Cloudflare endpoint that the security team trusts and audits.

Source: sources/2026-05-19-cloudflare-announcing-claude-managed-agents-on-cloudflare.

Why it matters for agent platforms

The launch context is Claude Managed Agents on Cloudflare. The architectural pressure: agents are far more useful when they can reach the operator's internal systems — the private database with the customer record; the internal admin API; the on-prem service that exposes a knowledge graph — but the default architectures that allow this all degrade security:

• Push the Worker into the operator's VPN → expand VPN trust boundary.
• Expose the internal service through a public bastion → expand attack surface.
• Run the agent inside the operator's network → the sandbox poisoning surface is the entire internal network.

Workers VPC avoids all three by placing the trust boundary at the Cloudflare edge — the connection is terminated there, the Worker talks to the VPC over the tunnel, the operator's VPN is unchanged.

Composes with the credentialed proxy

In the typical agent deployment shape (per the launch post), Workers VPC sits behind the outbound Worker proxy: the agent's sandbox can't reach the VPC directly; only the credentialed proxy can dial through the Workers VPC tunnel. This means the agent's egress is policied per request — the proxy decides whether to allow, deny, modify, or audit each call — and the connectivity itself is private.

This is the canonical composition for concepts/outbound-proxy-credential-injection applied to private internal services.

Seen in

• sources/2026-05-19-cloudflare-announcing-claude-managed-agents-on-cloudflare — first canonical wiki appearance. Named as one of the two private-connectivity primitives (alongside Cloudflare Mesh) that lets the Cloudflare-based Claude Managed Agents sandbox reach private services. The post's exposed call_service tool is the canonical example — it abstracts the Mesh / Workers VPC connection behind a single Cloudflare-managed agent tool.
• sources/2026-06-10-cloudflare-route-public-traffic-to-private-applications — Workers VPC now relies on the same underlying private connectivity layer as DNS-proxied HTTP origins and Spectrum — "a single source of truth for controlling how private traffic moves through their Cloudflare environment." Completes the loop for edge compute: browsers, mobile, Workers, and AI agents all reach private origins through Cloudflare.

Related

• Sister product: systems/cloudflare-mesh
• System: systems/cloudflare-private-origins
• Pattern compositions: patterns/outbound-worker-proxy-for-agent-egress
• Concept: concepts/outbound-proxy-credential-injection, concepts/unified-connectivity-layer
• Higher-level umbrella: systems/cloudflare-one-sase / systems/cloudflare-zero-trust-access
• Crypto baseline: concepts/post-quantum-cryptography
• Companies: companies/cloudflare