Architecture

OpenEdge is a Cloudflare-native SaaS platform. The gateway, console, storage, database, and scheduled jobs are built from managed edge components.

Runtime Components

Component	Cloudflare product	Role
API Gateway	Workers	Routes service APIs, authenticates callers, checks billing, and applies rate limits.
Console	Pages	Hosts the React dashboard used by customers and operators.
Database	D1	Stores users, API keys, services, billing records, connected accounts, and orders.
Media storage	R2	Stores permanent media or file-service objects.
Coordination	Durable Objects	Supports rate limiting and chat room coordination.
Jobs	Cron Triggers	Cleans expired auth rows and processes stale TRON lease/refund states.
Analytics	Analytics Engine	Records gateway usage and service-level metrics.

Request Flow

Client
  -> Cloudflare Worker gateway
  -> Auth and scope check
  -> Rate limit check
  -> Service instance lookup
  -> Balance / cost guard
  -> Service-specific handler or bound Worker
  -> Usage log and billing transaction

Service Instances

Each customer can create multiple instances of the same service by alias. Examples:

/v1/apps/ai/default/chat
/v1/apps/ai/coding/chat
/v1/apps/webhook-push/ops/send
/v1/apps/tron/lease

Aliases allow one team to separate production, testing, cost center, provider, and workflow configuration without deploying new Workers.

Connected Accounts

Connected Accounts are a platform-level credential vault. A service instance stores a reference such as:

{
  "connected_account_id": "conn_..."
}

At runtime, the gateway checks ownership, status, provider type, and encryption before decrypting credentials for the request. Secrets are not returned in console responses or logs.

Data Safety Principles

• API keys are hashed.
• Provider keys and bot tokens are encrypted with CONFIG_ENCRYPTION_KEY.
• External URLs are validated to reduce SSRF risk.
• Paid operations write transactions.
• Failed paid work is refunded when the service can prove no value was delivered.