Cloudflare engineers reclaim the 'eval' function for secure AI agents

For years, the serverless paradigm relied on a stateless model: a request arrives, a function executes, and the environment vanishes. While efficient for simple APIs, this model breaks down when building Cloudflare Workers that require persistent memory and real-time interaction. Sunil Pai and Matt Carey argue that the industry has struggled to manage state by bolting on external databases and complex synchronization logic.

Durable Objects solve this by providing a compute unit that lives at a specific ID, allowing every future request or WebSocket connection to land in the same execution context. This architecture enables 15ms latency in major hubs like London, allowing for real-time collaborative experiences where every user stays in perfect sync. For developers, this means the heavy lifting of distributed systems engineering is moved into the platform layer rather than the application code.

Reclaiming 30 years of avoided code execution

One of the most provocative claims from the Cloudflare team involves the rehabilitation of the eval function. Historically, executing dynamic code was considered a cardinal sin of security. However, the rise of LLM (LLMs) creates a massive demand for running generated code on the fly.

Dynamic Workers represent what the team calls Eval++. Unlike traditional VMs or containers that try to add security layers from the outside, these isolates start with zero capabilities. They have no access to the file system, no network access, and no environment variables. Security is additive: developers explicitly grant the sandbox access to specific APIs or domains. This allows an enterprise to safely execute code generated by an LLM or a user without the overhead of full virtualization.

Collapsing the complexity of API integration

The integration of the Model Context Protocol (MCP) into this ecosystem simplifies how agents interact with external services. Traditionally, exposing thousands of API endpoints to an AI requires massive token overhead, often confusing the model or exceeding context limits. Matt Carey reveals a method to collapse Cloudflare's 2,600 API endpoints into a tool that requires only 1,000 tokens.

This efficiency stems from the stateful nature of the platform. Because Durable Objects maintain persistent connections, they are ideal hosts for Model Context Protocol servers, which require stateful links between clients and servers. This removes the primary barrier to deploying Model Context Protocol in production environments where stateless functions typically fail to maintain the necessary session continuity.

Moving from JSON schemas to native React rendering

The team also challenges the current trend of generative UI, where models produce JSON that a frontend then interprets. They suggest that this middle step is a vestige of platforms that cannot safely execute untrusted code. With secure isolates, agents can skip the JSON and generate React or HTML directly.

This shift allows for resumable streaming and multi-tab synchronization out of the box. If a user refreshes their browser during a long-form LLM response, the Durable Objects simply reconnects the stream where it left off. By making AI a "multiplayer game" where multiple users can interact with the same agent session in real-time, Cloudflare is positioning its workers as the fundamental nexus for the next generation of software agents.