Cloudflare Platform Canvas

Every CF service in the gfs-platform Worker — bindings, schedules, queues, buckets, indexes — laid out in one wall poster. Read top-to-bottom: Compute → Data → Async → Integrations → Schedules. Source: wrangler.jsonc.

Cloudflare account: ai-globalfoodsolutions.co · Single-vendor stack · No AWS, no GCP Worker: gfs-platform (src/index.ts ~18.5K lines + 4 helpers) · Compatibility 2026-05-18 · Observability head-sampling 100% COMPUTE — Workers + Pages gfs-platform Worker src/index.ts (single file) + email.ts (inbound) + document_converter.ts + annual_roll_workflow.ts + durable_objects.ts 175+ endpoints · council_v2 api.ai-globalfoodsolutions.co/* Routing layer: ROUTING_LAYER_ENABLED=true Pages: gfs-netsuite 17 HTML pages (chat, review, training, intake, admin-dashboard) gfs-netsuite.pages.dev chat.ai-globalfoodsolutions.co Pages: gfs-hub Corporate Hub v10.0 DNA gfs-hub.pages.dev Pages: gfs-nycdoe-hub B5875 bid response platform 246 specs, 6 PPI tabs, menus gfs-nycdoe-hub.pages.dev Pages: gfs-system-guide System guide, 1,897 lines gfs-system-guide.pages.dev Pages Functions /pages-functions/* (symlinked) • /pricing/<slug> • /vendor/<slug> • /item/<code> • /bid/<id> • /workflow/<name> Live render, no caching Workflow: gfs-annual-roll AnnualRollWorkflow (durable) Binding: ANNUAL_ROLL_WORKFLOW Pillar 4 annual price roll Durable Objects (2) CostCapDO · PushMutexDO migrations v1 Browser Rendering BROWSER binding /api/quote/pdf — quote HTML → PDF Workers AI + AI Gateway AI binding (workers-ai) AI_GATEWAY_URL → Anthropic Claude Haiku · cache + rate-limit telemetry DATA — D1 + R2 + KV + Vectorize D1: gfs-netsuite Binding: DB · id 3818ecd5-995e-4694-a08b-... 109 D1 tables (live) · 50 migration files NS-mirror (warm tier 5m): • customers, vendors, items • invoices, so, vb (transactions) • invoice_lines, so_lines, vb_lines (~311K rows) • departments, locations, subsidiaries Hub-only (not mirrored): • decision_corpus (R89 corpus) • proposed_actions (HITL queue) • pricing_eval_baseline / runs • review_queue, training_*, hub_* Spec items: spec_items (136 rows) Audit: ops_admin_notifications, audit_log D1 is canonical for hub_*; NS is system of record for mirrored tables R2: gfs-files Binding: STORAGE • inbound-bids/<id>/ (raw .eml + attachments) • backups/code/ — 90d lifecycle • backups/d1-exports/ — 60d lifecycle • analytics/csv/ (R88 weekly) Specs, attachments, signed URLs R2: gfs-hub-backups Binding: HUB_BACKUPS Nightly JSONL export of hub_* tables Retention 30d / 12w / 12m / 7y KV: CACHE id e880e40bc3674963bc37cf90e02f6369 • Query result cache (hot patterns) • Routing layer canonical patterns • R347 Jarvis 4h throttle counters • safe_query_log pre-warm (top-N) Pre-warm via R175 nightly maint Vectorize: gfs-pricing-corpus Binding: VECTORIZE decision_corpus embeddings R174 drift auto-triage · 0.7 sim threshold Worker Secrets & Identity NetSuite TBA OAuth1: • NS_ACCOUNT_ID · NS_REALM • NS_CONSUMER_KEY / SECRET • NS_TOKEN_ID / TOKEN_SECRET AI & Edit auth: • ANTHROPIC_API_KEY • AI_GATEWAY_URL • EDIT_TOKEN (X-Edit-Token hdr) Email + misc: • OPENAI_API_KEY (fallback) • CF_AI_GATEWAY_URL (legacy) Routing & flags: • ROUTING_LAYER_ENABLED=true • Custom Worker route:   api.ai-globalfoodsolutions.co/* HITL invariant: every NS write → ?preview → X-Edit-Token confirm ASYNC — Queues NS_PUSH_QUEUE gfs-ns-push-retry Producer: Worker (HITL confirm) Consumer: Worker (in-place) batch: 5 · timeout: 30s max_retries: 3 → DLQ on retry exhaustion NS_PUSH_DLQ gfs-ns-push-dlq Producer: Worker (auto) Consumer: Worker (in-place) batch: 10 · timeout: 60s max_retries: 3 (R64-A-G14) → FAILSAFE on retry exhaustion NS_PUSH_FAILSAFE gfs-ns-push-failsafe Producer: Worker (DLQ overflow) Consumer: NONE (manual triage) wrangler queues consumer list-messages Poison-pill terminal stop Email Routing — Inbound + Outbound Domain: ai-globalfoodsolutions.co · DKIM enforced per mailbox 5 inbound mailboxes: • bids@ → handleBidIntake (PDF vision) • pricing@ → handlePriceRequest • pricerequest@ → handlePriceRequest (alias) • customer@ → handleCustomerInquiry Outbound: • vendor@ → handleVendorCost • EMAIL send binding (auto-reply,   morning digest, Jarvis alerts) Logs: inbound_email_log, outbound_email_log SCHEDULES — 22 cron triggers (R121 tightened, ~1500 invocations/day) Sync & CDC */2 * * * * Hot tier + SystemNote CDC (R121) */5 * * * * Warm tier sync (R121) */15 * * * * Mirror-back verify + summarizer 5 */2 * * * Pricing tier 2 sync 0 */4 * * * Cold tier sync 0 * * * * Hourly aggregates 0 2 * * * Line backfill + hub DR export (R95+R155) 0 3 * * * Daily reconcile pass 0 19 * * * EOD snapshot 0 4 * * SUN D1 weekly backup + R88 CSV export 0 3 1 * * Monthly archive · 0 5 1 * * = month rollup Eval, Training & Learning Loop 7 * * * * R122 Karpathy eval (50 cases/h) 22,37,52 * * * * R174 drift auto-triage (15m) 30 3 * * * R175 nightly maint (re-embed) 0 3 * * SUN R84 weekly llm-wiki rebuild 12 */4 * * * R259 continuous training (5q/4h) 30 4 * * SUN R285 weekly tool-grader 0 7 * * * R75-G red-team probe (30 cases) 0 8 * * * Daily eval baseline gate 0 6 * * MON R181 weekly anomaly hunter 0 6 * * * Daily health check sweep 0 8 * * SUN Weekly skill inventory recap Ops & Notifications 17,47 * * * * R347 Jarvis proactive watchdog 30 6 * * * R201 morning digest email (2:30 ET) ~ throttled CostCapDO governance cap on-failure PushMutexDO single-flight audit_log Per-write trail (D1) ops_admin_ notifications (admin inbox view) Observability: • head_sampling_rate = 1.0 (full) • /api/healthcheck (R52 SLO) • /api/ai/metrics (cost dashboard) • /api/ns/touchpoints (NS view) Bindings @ a Glance D1: DB → gfs-netsuite R2: STORAGE → gfs-files HUB_BACKUPS → gfs-hub-backups KV: CACHE Queue: NS_PUSH_QUEUE / DLQ / FAILSAFE DO: COST_CAP_DO · PUSH_MUTEX_DO Workflow: ANNUAL_ROLL_WORKFLOW Vec: VECTORIZE → gfs-pricing-corpus AI: AI (Workers AI) + AI_GATEWAY_URL Browser: BROWSER (PDF render) Email: EMAIL (send) + 5 inbound routes Vars: ROUTING_LAYER_ENABLED R/W canonical push retry Claude Haiku via AI Gateway TBA OAuth1 / EDIT_TOKEN Legend Worker / Compute Pages (static) Data store Cloud service / R2 Queue / Bus Secret / Auth Hot path

What is on this canvas

  • • 1 Worker (gfs-platform) + 4 Pages projects
  • • 1 D1 (gfs-netsuite, 109 tables) + 2 R2 buckets + 1 KV + 1 Vectorize
  • • 3 Queues (retry → DLQ → failsafe) + 2 Durable Objects
  • • 1 Workflow (ANNUAL_ROLL) + Browser + AI + Email bindings
  • • 22 cron triggers grouped Sync / Eval / Ops

Read the canvas

  • • The Worker (green, top-left of COMPUTE band) is the everything-hub
  • • Green hot-path arrow = high-volume read/write
  • • Dashed rose arrow = auth-bearing call (TBA OAuth1, EDIT_TOKEN)
  • • Dashed violet = async vector / batch path
  • • Bindings panel (bottom-right) is the exact wrangler.jsonc surface

Invariants

  • • D1 is canonical for hub_* tables; NS is system of record for mirrored tables
  • • Every write to NS goes through NS_PUSH_QUEUE (never direct)
  • • HITL: preview → X-Edit-Token confirm on all writes
  • • FAILSAFE has NO consumer — poison pills wait for human triage
  • • All AI calls route through AI Gateway when AI_GATEWAY_URL set

GFS Platform · Cloudflare Platform Canvas · Source: wrangler.jsonc + CLAUDE.md · Generated 2026-05-24