This is the drop-in v0 Worker — self-contained, zero dependencies, verified by
published IP ranges. It is the Cloudflare counterpart of the
Next.js middleware. You do not need wrangler — you
can deploy entirely from the Cloudflare dashboard (see the tabs below).
What the Worker does
On every request to your site, the Worker:- Passes through anything that isn’t a known AI crawler — your site behaves exactly as before.
- Never touches search bots — Googlebot, Bingbot and Applebot always get your real page (the cloaking firewall).
- Verifies answer-engine crawlers by their published IP ranges, then — in
defaultmode — serves them your optimized artifact instead of raw HTML. - Reports every hit to Agent Analytics, so you see who crawled what and whether it was served.
Before you start
- Your domain is on Cloudflare (DNS proxied — the orange cloud).
- An edge token from Agent Analytics → Settings in the Bluesky app (format
aen_...). - The
worker.jsfile below.
The Worker code
This is the single file you deploy. It ships inshadow mode (log-only, serves your
normal page) — change SERVE_MODE to "default" when you’re ready to serve.
worker.js
Deploy it
Pick whichever you prefer — both do exactly the same thing.- Cloudflare dashboard (no CLI)
- wrangler (CLI)
The fastest path if you’d rather not touch a terminal.
Create the Worker
In the Cloudflare dashboard, go to Workers & Pages → Create → Create Worker, name it
(e.g.
bluesky-aen), and click Deploy. Then click Edit code, replace the starter
code with the worker.js above, and Deploy again.Add your edge token as a secret
Open the Worker → Settings → Variables and Secrets → Add. Choose Secret (encrypted),
name it
AEN_EDGE_TOKEN, paste the key from Agent Analytics → Settings, and Deploy.Test it
The Worker ships inshadow mode — it serves your normal page to everyone and only
logs what it would have served, so there is zero risk while you validate.
Trigger a real AI crawler
Open ChatGPT (or Perplexity) with browsing and ask a question that makes it look up your
site. Its crawler fetches your page from a published OpenAI IP.
Watch the hit land
The Worker detects the crawler as
IP_VERIFIED and the visit appears in
Agent Analytics, broken down by agent and verification level.Go live
Once you see verified hits, change
SERVE_MODE to "default" and redeploy (paste + Deploy, or
wrangler deploy). Verified answer-engine agents now receive the optimized artifact. See
Serve modes.Troubleshooting
No hits appear in Agent Analytics
No hits appear in Agent Analytics
Confirm the route covers your site (
yourdomain.com/*), the AEN_EDGE_TOKEN secret is set, and
you actually triggered a browsing AI. Only verified crawlers are counted.My site looks unchanged
My site looks unchanged
That’s expected in
shadow mode, and for every human visitor in any mode — the Worker only
changes the response for verified AI crawlers. To confirm it’s running, check the Worker’s logs
in the Cloudflare dashboard while a crawler visits.The variant is never served (default mode)
The variant is never served (default mode)
The request must be
IP_VERIFIED, the crawler’s purpose must be enabled, and Bluesky must have
generated an artifact for that URL. Check the page’s status in Agent Analytics.Will this slow my site down?
Will this slow my site down?
No. Human and search-bot traffic passes straight through, and served artifacts are pre-generated
and cached — there is no LLM call on the request path.
How it differs from the Next.js middleware
- The Worker runs in front of your origin. Passthrough is
fetch(request)— Cloudflare routes that subrequest to your origin (it does not re-run the Worker), so there is no loop. - The client IP comes from Cloudflare’s
cf-connecting-ipheader. - Telemetry is sent with
ctx.waitUntil()so it never delays the response.