Skip to main content
If your site runs on Cloudflare, you install the Agent Edge Network as a Worker that sits in front of your origin. It passes every request straight through to your site, except verified AI answer-engine crawlers, which it serves your pre-generated AEO artifact.
This is the drop-in v0 Worker — self-contained, zero dependencies, verified by published IP ranges. It is the Cloudflare counterpart of the Next.js middleware. You do not need wrangler — you can deploy entirely from the Cloudflare dashboard (see the tabs below).

What the Worker does

On every request to your site, the Worker:
  • Passes through anything that isn’t a known AI crawler — your site behaves exactly as before.
  • Never touches search bots — Googlebot, Bingbot and Applebot always get your real page (the cloaking firewall).
  • Verifies answer-engine crawlers by their published IP ranges, then — in default mode — serves them your optimized artifact instead of raw HTML.
  • Reports every hit to Agent Analytics, so you see who crawled what and whether it was served.
There is no LLM call and no round-trip to your origin for served pages — artifacts are generated offline and cached.

Before you start

  • Your domain is on Cloudflare (DNS proxied — the orange cloud).
  • An edge token from Agent Analytics → Settings in the Bluesky app (format aen_...).
  • The worker.js file below.

The Worker code

This is the single file you deploy. It ships in shadow mode (log-only, serves your normal page) — change SERVE_MODE to "default" when you’re ready to serve.
worker.js

Deploy it

Pick whichever you prefer — both do exactly the same thing.
The fastest path if you’d rather not touch a terminal.
1

Create the Worker

In the Cloudflare dashboard, go to Workers & Pages → Create → Create Worker, name it (e.g. bluesky-aen), and click Deploy. Then click Edit code, replace the starter code with the worker.js above, and Deploy again.
2

Add your edge token as a secret

Open the Worker → Settings → Variables and Secrets → Add. Choose Secret (encrypted), name it AEN_EDGE_TOKEN, paste the key from Agent Analytics → Settings, and Deploy.
3

Put it in front of your site

Settings → Triggers → Routes → Add route → enter yourdomain.com/* and pick your zone. The Worker now runs on every request to your site.

Test it

The Worker ships in shadow mode — it serves your normal page to everyone and only logs what it would have served, so there is zero risk while you validate.
1

Trigger a real AI crawler

Open ChatGPT (or Perplexity) with browsing and ask a question that makes it look up your site. Its crawler fetches your page from a published OpenAI IP.
2

Watch the hit land

The Worker detects the crawler as IP_VERIFIED and the visit appears in Agent Analytics, broken down by agent and verification level.
3

Go live

Once you see verified hits, change SERVE_MODE to "default" and redeploy (paste + Deploy, or wrangler deploy). Verified answer-engine agents now receive the optimized artifact. See Serve modes.

Troubleshooting

Confirm the route covers your site (yourdomain.com/*), the AEN_EDGE_TOKEN secret is set, and you actually triggered a browsing AI. Only verified crawlers are counted.
That’s expected in shadow mode, and for every human visitor in any mode — the Worker only changes the response for verified AI crawlers. To confirm it’s running, check the Worker’s logs in the Cloudflare dashboard while a crawler visits.
The request must be IP_VERIFIED, the crawler’s purpose must be enabled, and Bluesky must have generated an artifact for that URL. Check the page’s status in Agent Analytics.
No. Human and search-bot traffic passes straight through, and served artifacts are pre-generated and cached — there is no LLM call on the request path.

How it differs from the Next.js middleware

  • The Worker runs in front of your origin. Passthrough is fetch(request) — Cloudflare routes that subrequest to your origin (it does not re-run the Worker), so there is no loop.
  • The client IP comes from Cloudflare’s cf-connecting-ip header.
  • Telemetry is sent with ctx.waitUntil() so it never delays the response.
Everything else — the cloaking firewall, verification levels, serve modes, and offline artifact generation — behaves exactly as it does for the middleware.