Published by FR Studios

Drifter: The Cloudflare Guardian

Building a proactive monitoring tool and kill-switch for Cloudflare Workers.

If you’ve ever deployed a hobby project to Cloudflare Workers, you probably know the fear: a recursive loop or a sudden viral surge (for the wrong reasons) can eat through your free tier and lead to unexpected billing surprises.

I created Drifter, a proactive monitoring tool and kill switch, to address this. It limits the scope of your hobby endeavours. It can automatically activate a “kill switch” to stop those billing nightmares by monitoring your consumption.

Key Features

  • Hourly Usage Checks: Automatically monitors your account metrics via Cloudflare’s GraphQL API.
  • Circuit Breaker Pattern: A shared KV state that your other Workers check to instantly stop processing requests if limits are breached.
  • Discord Notifications: Instant alerts when a limit is reached or when the kill switch is engaged.

The Architecture

Instead of a complex external monitoring stack, Drifter leverages the power of the edge. It’s a lightweight Hono application that acts as both a monitor and a controller.

  1. Fetch: It queries the Cloudflare GraphQL API for usage metrics.
  2. Compare: It runs logic to see if you’ve crossed your custom thresholds.
  3. Update: If thresholds are breached, it updates a shared KV store (DISABLED = true).
  4. Alert: Finally, it dispatches a webhook alert to Discord.

Getting Started

Setting up Drifter involves configuring a dual-config system to keep your private IDs secure while allowing for easy updates.

1. Repository Setup

Copy the public template to create your local, gitignored configuration.

cp wrangler.toml wrangler.jsonc

2. Provisioning Resources

Create a KV Namespace to store the kill-switch state.

npx wrangler kv:namespace create DRIFTER_CONTROL

3. Securing Secrets

Upload your sensitive credentials to Cloudflare’s encrypted secret store:

npx wrangler secret put CLOUDFLARE_API_TOKEN
npx wrangler secret put DISCORD_WEBHOOK_URL

Implementing the Gatekeeper

To make the kill switch effective, your other Workers need to check the “Gatekeeper” state at the beginning of their execution.

export default {
  async fetch(request, env, ctx) {
    // Check if the guardian has tripped the kill switch
    const isDisabled = await env.DRIFTER_CONTROL.get("DISABLED");

    if (isDisabled === "true") {
      return new Response(
        "Service Temporarily Unavailable (Usage Limit Reached)",
        {
          status: 503,
          headers: { "Retry-After": "3600" },
        }
      );
    }

    // Your actual application logic goes here...
    return new Response("Hello World!");
  },
};

Deploy Your Guardian

Drifter is open-source and ready to protect your account. Check out the repository for full setup instructions and join the effort to make hobby projects safer for everyone.

View Drifter on GitHub →
Inspired by the excellent work and discussion in the "Automating Cloudflare Workers Kill Switch" blog post.