Hi Cloudflare Agents team.
I built a small Cloudflare Workers proof for Code Mode approval and execution receipts.
The problem I'm trying to address is trust in longer autonomous Code Mode sessions. Signed receipts can turn each decision into machine-checkable state for the next step, so an agent can keep working from what was proposed, approved, executed, and changed.
Live demo with signed receipts: https://atrib-cloudflare.nagala.workers.dev/
Implementation source: https://github.com/creatornader/atrib/tree/main/packages/integration/examples/cloudflare-agents/approval-trace
Broader Cloudflare examples: https://github.com/creatornader/atrib/tree/main/packages/integration/examples/cloudflare-agents
The demo starts when a Workers checkout alert fires. The agent reviews Browser Run-style evidence, AI Search runbook context, and Think workspace notes, then proposes a Code Mode patch. The write is exposed as a connector call marked requiresApproval: true, so the autonomous run pauses for human review before it can change anything.
From there, the human can approve, reject, or request changes. Approve resumes the CodemodeRuntime run and executes the approved write. Reject stops without running the write. Request changes signs a revised proposal and pauses again. The trigger, proposal, human decision, runtime preview or execution, outcome, and handoff are each signed as separate records with separate agent, human, and runtime keys.
This gives the receipts a job during the run and after it:
- verification shows that an approved run executed what the human approved
- reject and request-changes paths leave signed state showing why the original
write did not run
- future debug or handoff surfaces can continue from the same chain instead of
reconstructing the chat transcript
One note on scope. Browser Run, AI Search, Think, and Artifacts are modeled as scenario evidence and metadata. The proof does not call those APIs, create an Artifacts repo, or change a real Cloudflare account.
I saw #1148 was closed as done after native Code Mode approval work landed. This is meant to build on that boundary by making approval and execution state portable across the run. The same receipts that help a person debug later can also be consumed by the agent, runtime, or a future handoff surface as proof of what was allowed to happen. #1486 and #1440 feel downstream if that receipt shape is useful, but human review and approved execution seem like the first boundary to validate.
I would appreciate feedback on whether this proof captures the right approval and execution state, especially any state you would want added before trusting a resumed run.
Hi Cloudflare Agents team.
I built a small Cloudflare Workers proof for Code Mode approval and execution receipts.
The problem I'm trying to address is trust in longer autonomous Code Mode sessions. Signed receipts can turn each decision into machine-checkable state for the next step, so an agent can keep working from what was proposed, approved, executed, and changed.
Live demo with signed receipts: https://atrib-cloudflare.nagala.workers.dev/
Implementation source: https://github.com/creatornader/atrib/tree/main/packages/integration/examples/cloudflare-agents/approval-trace
Broader Cloudflare examples: https://github.com/creatornader/atrib/tree/main/packages/integration/examples/cloudflare-agents
The demo starts when a Workers checkout alert fires. The agent reviews Browser Run-style evidence, AI Search runbook context, and Think workspace notes, then proposes a Code Mode patch. The write is exposed as a connector call marked
requiresApproval: true, so the autonomous run pauses for human review before it can change anything.From there, the human can approve, reject, or request changes. Approve resumes the
CodemodeRuntimerun and executes the approved write. Reject stops without running the write. Request changes signs a revised proposal and pauses again. The trigger, proposal, human decision, runtime preview or execution, outcome, and handoff are each signed as separate records with separate agent, human, and runtime keys.This gives the receipts a job during the run and after it:
write did not run
reconstructing the chat transcript
One note on scope. Browser Run, AI Search, Think, and Artifacts are modeled as scenario evidence and metadata. The proof does not call those APIs, create an Artifacts repo, or change a real Cloudflare account.
I saw #1148 was closed as done after native Code Mode approval work landed. This is meant to build on that boundary by making approval and execution state portable across the run. The same receipts that help a person debug later can also be consumed by the agent, runtime, or a future handoff surface as proof of what was allowed to happen. #1486 and #1440 feel downstream if that receipt shape is useful, but human review and approved execution seem like the first boundary to validate.
I would appreciate feedback on whether this proof captures the right approval and execution state, especially any state you would want added before trusting a resumed run.