@astrale-os/adapter-cloudflare 0.1.8 → 0.1.9

package/dist/index.d.ts

@@ -1,6 +1,6 @@
 /**
  * `@astrale-os/adapter-cloudflare` — deploy an Astrale domain as a standalone
- * Cloudflare Worker.
+ * Cloudflare Worker on YOUR OWN Cloudflare account.
  *
  *   import { cloudflare } from '@astrale-os/adapter-cloudflare'
  *
@@ -11,8 +11,11 @@
  *
  * `dev` runs `wrangler dev` locally; an env with no `route` ships to
  * `*.workers.dev`; an env with a `route` ships to that custom domain.
+ *
+ * Prefer a managed deploy (no Cloudflare account)? Use
+ * `@astrale-os/adapter-astrale`, which builds the same bundle via this package's
+ * `/build` toolkit and ships it through the Astrale platform.
  */
-export { astrale } from './astrale';
 export { cloudflare } from './cloudflare';
-export type { AstraleParams, CloudflareParams } from './params';
+export type { CloudflareParams } from './params';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AACnC,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AACzC,YAAY,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AACzC,YAAY,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAA"}

package/dist/index.js

@@ -1,6 +1,6 @@
 /**
  * `@astrale-os/adapter-cloudflare` — deploy an Astrale domain as a standalone
- * Cloudflare Worker.
+ * Cloudflare Worker on YOUR OWN Cloudflare account.
  *
  *   import { cloudflare } from '@astrale-os/adapter-cloudflare'
  *
@@ -11,7 +11,10 @@
  *
  * `dev` runs `wrangler dev` locally; an env with no `route` ships to
  * `*.workers.dev`; an env with a `route` ships to that custom domain.
+ *
+ * Prefer a managed deploy (no Cloudflare account)? Use
+ * `@astrale-os/adapter-astrale`, which builds the same bundle via this package's
+ * `/build` toolkit and ships it through the Astrale platform.
  */
-export { astrale } from './astrale';
 export { cloudflare } from './cloudflare';
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AACnC,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA"}

package/dist/params.d.ts

@@ -55,37 +55,37 @@ export interface CloudflareParams {
      * worker-entry codegen and aren't supported through this field yet.
      */
     wrangler?: Record<string, unknown>;
-}
-/** Params for the Astrale-managed adapter (`astrale(envs)`). */
-export interface AstraleParams {
     /**
-     * Target instance slug the domain installs onto (e.g. `'bryan-e2e5'`).
-     * Required for `deploy` (managed publish + install); ignored by `watch`
-     * (local dev) — so dev-only envs may omit it.
-     */
-    instance?: string;
-    /** Catalog package name. Default: the origin's first DNS label. */
-    name?: string;
-    /** Admin kernel URL the publish calls target. Default the platform admin. */
-    adminUrl?: string;
-    /** Routing region of the `.svc` service URL. Default `'eu'`. */
-    region?: string;
-    /** CLI identity (`--as`) for the publish calls. Default: the CLI's active identity. */
-    identity?: string;
-    /** Gitignored secrets file. `watch`: injected into local wrangler dev. `deploy`: shipped on the install call and applied to the managed service env (encrypted at rest platform-side; platform keys win precedence). */
-    secrets?: string;
-    /** Local dev port for `wrangler dev`. Default 8787. */
-    port?: number;
-    /**
-     * Public URL the dev server is reached through (tunnel / sandbox preview /
-     * reverse proxy), e.g. `'https://my-box.preview.dev'`. Sets BOTH effects an
-     * off-localhost dev needs: wrangler binds 0.0.0.0 (reachable from outside)
-     * and `WORKER_URL` is pinned to this URL so the worker's per-request-Host
-     * identity (`iss`) doesn't drift to the proxy's internal hostname.
-     * Usually injected by `pnpm dev --host <url>` rather than written here.
+     * Route subrequests to platform INSTANCE hostnames through a service binding
+     * instead of the public edge. A Cloudflare Worker can't fetch a same-zone
+     * hostname served by another Worker — Cloudflare 522s it — so without this the
+     * worker can't fetch an instance kernel's JWKS to verify an inbound credential
+     * from that instance, and every cross-instance call (install hooks, the GUI's
+     * delegated calls, authed views) fails with `2002 Credential verification
+     * failed`. Point it at a router Worker that reaches those hosts internally
+     * (Astrale: `admin-router`).
+     *
+     * Wires BOTH halves the SDK needs: the `<binding>` service binding in the
+     * generated wrangler config, and a `routeSubrequest` predicate in the worker
+     * entry that diverts matching hosts through it.
+     *
+     * ON BY DEFAULT (targets `admin-router`) so every adapter-deployed worker can
+     * verify cross-instance credentials out of the box. Pass `false` to disable
+     * (a domain that never talks to another instance, or an account without a
+     * router), or an object to override the target / binding name / host match.
+     *
+     *   router: false                      // opt out
+     *   router: { service: 'my-router' }   // override target
      */
-    host?: string;
-    /** Extra plain vars for local `watch`. */
-    vars?: Record<string, string>;
+    router?: false | {
+        /** Router Worker the binding targets. Default `'admin-router'`. */
+        service?: string;
+        /** Service-binding name the worker reads. Default `'ROUTER'`. */
+        binding?: string;
+        /** Host suffix that marks an instance host. Default `'.astrale.ai'`. */
+        hostSuffix?: string;
+        /** Min dot-separated label count for an instance host. Default `4` (`<slug>.<region>.astrale.ai`). */
+        minLabels?: number;
+    };
 }
 //# sourceMappingURL=params.d.ts.map

package/dist/params.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"params.d.ts","sourceRoot":"","sources":["../src/params.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,gBAAgB;IAC/B;;;;OAIG;IACH,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,6EAA6E;IAC7E,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,uDAAuD;IACvD,IAAI,CAAC,EAAE,MAAM,CAAA;IACb;;;;;;;OAOG;IACH,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,yEAAyE;IACzE,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,2EAA2E;IAC3E,MAAM,CAAC,EAAE,OAAO,CAAA;IAChB,8DAA8D;IAC9D,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC7B;;;;;;;;;;;;;;;;;OAiBG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CACnC;AAED,gEAAgE;AAChE,MAAM,WAAW,aAAa;IAC5B;;;;OAIG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,mEAAmE;IACnE,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,6EAA6E;IAC7E,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,gEAAgE;IAChE,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,uFAAuF;IACvF,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,wNAAwN;IACxN,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,uDAAuD;IACvD,IAAI,CAAC,EAAE,MAAM,CAAA;IACb;;;;;;;OAOG;IACH,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,0CAA0C;IAC1C,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CAC9B"}
+{"version":3,"file":"params.d.ts","sourceRoot":"","sources":["../src/params.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,gBAAgB;IAC/B;;;;OAIG;IACH,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,6EAA6E;IAC7E,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,uDAAuD;IACvD,IAAI,CAAC,EAAE,MAAM,CAAA;IACb;;;;;;;OAOG;IACH,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,yEAAyE;IACzE,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,2EAA2E;IAC3E,MAAM,CAAC,EAAE,OAAO,CAAA;IAChB,8DAA8D;IAC9D,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC7B;;;;;;;;;;;;;;;;;OAiBG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAClC;;;;;;;;;;;;;;;;;;;;;OAqBG;IACH,MAAM,CAAC,EACH,KAAK,GACL;QACE,mEAAmE;QACnE,OAAO,CAAC,EAAE,MAAM,CAAA;QAChB,iEAAiE;QACjE,OAAO,CAAC,EAAE,MAAM,CAAA;QAChB,wEAAwE;QACxE,UAAU,CAAC,EAAE,MAAM,CAAA;QACnB,sGAAsG;QACtG,SAAS,CAAC,EAAE,MAAM,CAAA;KACnB,CAAA;CACN"}

package/dist/parse-output.d.ts

@@ -10,7 +10,7 @@
  * The fallback (when no explicit "Ready on" line) only accepts a localhost URL
  * on the EXPECTED port — wrangler may print unrelated localhost URLs (e.g. an
  * inspector/devtools endpoint on a different port) before readiness, and taking
- * one of those would point `astrale instance install <url>` at a dead endpoint.
+ * one of those would point `astrale domain install <url>` at a dead endpoint.
  */
 export declare function parseDevReadyUrl(text: string, port: number): string | undefined;
 /**

package/dist/parse-output.js

@@ -12,7 +12,7 @@ const WORKERS_DEV_RE = /(https:\/\/[^\s]+\.workers\.dev)/i;
  * The fallback (when no explicit "Ready on" line) only accepts a localhost URL
  * on the EXPECTED port — wrangler may print unrelated localhost URLs (e.g. an
  * inspector/devtools endpoint on a different port) before readiness, and taking
- * one of those would point `astrale instance install <url>` at a dead endpoint.
+ * one of those would point `astrale domain install <url>` at a dead endpoint.
  */
 export function parseDevReadyUrl(text, port) {
     const ready = READY_RE.exec(text);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@astrale-os/adapter-cloudflare",
-  "version": "0.1.8",
+  "version": "0.1.9",
   "description": "Deploy an Astrale domain as a standalone Cloudflare Worker",
   "keywords": [
     "adapter",
@@ -24,11 +24,15 @@
       "types": "./dist/index.d.ts",
       "import": "./dist/index.js"
     },
+    "./build": {
+      "types": "./dist/build.d.ts",
+      "import": "./dist/build.js"
+    },
     "./package.json": "./package.json"
   },
   "dependencies": {
     "jose": "^6.1.3",
-    "@astrale-os/devkit": "^0.1.6"
+    "@astrale-os/sdk": "^0.1.7"
   },
   "devDependencies": {
     "@astrale-os/ox": ">=0.1.0 <1.0.0",

package/src/assets-pack.ts

@@ -1,5 +1,5 @@
 /**
- * Pack a built client SPA (`dist-client/`) into the host box's asset-archive
+ * Pack a built client SPA (the `CLIENT_DIST_DIR` build) into the host box's asset-archive
  * format: `gzip(JSON [{ path, contentBase64 }])` — the exact shape
  * `downloadAssets` on the box consumes (kernel/host workerd service layout).
  */

package/src/build.ts

@@ -0,0 +1,15 @@
+/**
+ * `@astrale-os/adapter-cloudflare/build` — the shared Cloudflare-Workers build
+ * toolkit, exposed for sibling deploy adapters (e.g.
+ * `@astrale-os/adapter-astrale`).
+ *
+ * This is the "compile a `defineDomain` into a Cloudflare Workers bundle + run
+ * local dev" surface that every Cloudflare-Workers deploy strategy shares,
+ * regardless of WHERE the bundle ultimately ships. It is NOT part of the public
+ * adapter API (`@astrale-os/adapter-cloudflare`) — it's the seam two adapters
+ * build on so the codegen/bundling/dev logic lives in exactly one place.
+ */
+
+export { logTo, prepare } from './cloudflare'
+export { buildClient, CLIENT_DIST_DIR } from './client'
+export { runWranglerBundle, runWranglerDev } from './wrangler-cli'

package/src/client.ts

@@ -8,6 +8,16 @@ import { spawn } from 'node:child_process'
 import { existsSync } from 'node:fs'
 import { join } from 'node:path'
 
+/**
+ * Where the adapter expects the built client SPA to land, relative to the
+ * project root. This is a contract: the domain's Vite config MUST emit here
+ * (`build.outDir`), and the wrangler `assets.directory` binding + the managed
+ * deploy's asset reader both look here. Dot-prefixed so the build output sorts
+ * out of the way with the other generated dirs (`.astrale`) instead of
+ * polluting the middle of the project listing.
+ */
+export const CLIENT_DIST_DIR = '.dist'
+
 export async function buildClient(
   clientDir: string,
   projectDir: string,
@@ -19,7 +29,7 @@ export async function buildClient(
   ].find((p) => existsSync(p))
   if (!viteBin) {
     // The project has a client/ but its deps aren't installed — wrangler would
-    // otherwise fail cryptically on the missing dist-client assets dir. Fail
+    // otherwise fail cryptically on the missing built-assets dir. Fail
     // loud with the fix (the client is a workspace package — one install covers it).
     throw new Error(
       `client build: vite not found in ${clientDir}. Run \`pnpm install\` at the project root ` +

package/src/cloudflare.ts

@@ -5,13 +5,13 @@
  * config (the dev never sees a `wrangler.jsonc`), builds the optional client
  * SPA, and shells out to `wrangler`. `watch` → `wrangler dev` (local URL);
  * `deploy` → `wrangler deploy` (workers.dev or a custom-domain URL); secrets →
- * `wrangler secret bulk`. Both `watch` and `deploy` return the URL the devkit
- * prints and `astrale instance install <url>` consumes.
+ * `wrangler secret bulk`. Both `watch` and `deploy` return the URL the CLI
+ * prints and `astrale domain install <url>` consumes.
  */
 
-import type { DeployCtx, DomainAdapter, WatchCtx } from '@astrale-os/devkit'
+import type { DeployCtx, DomainAdapter, WatchCtx } from '@astrale-os/sdk'
 
-import { defineAdapter, hasStarModule } from '@astrale-os/devkit'
+import { defineAdapter } from '@astrale-os/sdk'
 import { mkdir, rename, writeFile } from 'node:fs/promises'
 import { join } from 'node:path'
 
@@ -83,7 +83,7 @@ export function cloudflare(
         })
       }
       // A first deploy on a fresh `*.workers.dev` host can take ~30-60s to
-      // propagate; an `astrale instance install <url>` issued right away would
+      // propagate; an `astrale domain install <url>` issued right away would
       // 404 (Cloudflare 1042). Block until the URL actually serves so the
       // install line we print is immediately actionable.
       await waitUntilLive(url, logTo())
@@ -108,23 +108,35 @@ export async function prepare(
   await ensureIdentity(astraleDir, ctx.domain.origin)
 
   const name = workerName(params, ctx.domain.origin)
-  // Shared ★-files probe: must agree with the codegen's `import { views } from
-  // '../views'` resolution (folder index OR sibling file) — a folder-only
-  // existsSync would deploy a worker whose graph silently lacks a sibling-file
-  // module the diagnostic spec includes.
-  const hasViews = hasStarModule(ctx.projectDir, 'views')
-  const hasFunctions = hasStarModule(ctx.projectDir, 'functions')
-  const hasClient = Boolean(ctx.clientDir)
+  // Instance-router service binding (on by default → admin-router): lets the
+  // worker reach other instances' hosts internally, so a cross-instance JWKS
+  // fetch doesn't 522. Resolved once, fed to BOTH codegens below.
+  const router = resolveRouter(params.router)
+  // Two distinct client signals: the WORKER's `/ui` hook is present whenever the
+  // domain declares a client (`ctx.domain.hasClient`) — including managed
+  // deploys, which ship the built assets separately and pass no `clientDir`; the
+  // wrangler `assets.directory` binding is wired only when there's a local dir to
+  // point at (`ctx.clientDir` — direct Cloudflare deploys + local dev).
+  const servesClient = ctx.domain.hasClient
+  const bundleAssets = Boolean(ctx.clientDir)
 
   await writeFileAtomic(
     join(astraleDir, 'worker.gen.ts'),
+    // Everything else — schema/methods/deps/views/functions/requires/postInstall —
+    // rides the `...domain` spread the generated entry imports from `../domain`;
+    // the only remaining build-time signal is whether to wire the /ui asset hook.
     generateWorkerEntry({
       origin: ctx.domain.origin,
-      ...(ctx.domain.postInstall ? { postInstall: ctx.domain.postInstall } : {}),
-      requires: ctx.domain.requires,
-      hasViews,
-      hasFunctions,
-      hasClient,
+      hasClient: servesClient,
+      ...(router
+        ? {
+            router: {
+              binding: router.binding,
+              hostSuffix: router.hostSuffix,
+              minLabels: router.minLabels,
+            },
+          }
+        : {}),
     }),
   )
 
@@ -154,8 +166,12 @@ export async function prepare(
   const baseConfig = {
     workerName: name,
     ...(mode === 'deploy' && params.route ? { route: params.route } : {}),
-    hasClient,
+    hasClient: bundleAssets,
     vars,
+    // Router service binding flows into BOTH the SELF and SELF-less fallback
+    // configs — the first-deploy two-pass must keep it. `admin-router` already
+    // exists, so unlike SELF it always resolves (no first-deploy chicken-egg).
+    ...(router ? { router: { binding: router.binding, service: router.service } } : {}),
     // Escape hatch: extra bindings (KV/R2/D1/queues/…) deep-merged on top. Same
     // overlay in dev and deploy — it's infra, not env-specific plumbing — and it
     // flows into both the SELF and the SELF-less fallback config below.
@@ -254,6 +270,25 @@ export function workerName(params: CloudflareParams, origin: string): string {
     .replace(/^-+|-+$/g, '')
 }
 
+/**
+ * Resolve the instance-router config. ON by default (targets `admin-router`) so
+ * every adapter-deployed worker can reach other instances' hosts internally and
+ * verify cross-instance credentials without a 522; `false` disables it. The
+ * returned shape carries every value the worker- and wrangler-codegen need.
+ */
+export function resolveRouter(
+  ir: CloudflareParams['router'],
+): { binding: string; service: string; hostSuffix: string; minLabels: number } | undefined {
+  if (ir === false) return undefined
+  const cfg = ir ?? {}
+  return {
+    binding: cfg.binding ?? 'ROUTER',
+    service: cfg.service ?? 'admin-router',
+    hostSuffix: cfg.hostSuffix ?? '.astrale.ai',
+    minLabels: cfg.minLabels ?? 4,
+  }
+}
+
 export function logTo(): (line: string) => void {
   return (line: string) => process.stderr.write(`\x1b[2m  ${line}\x1b[0m\n`)
 }

package/src/codegen/worker.ts

@@ -1,8 +1,20 @@
 /**
  * Codegen for the Cloudflare Worker entry (`.astrale/worker.gen.ts`).
  *
- * The dev writes only schema/methods/views/functions; this generates the
- * `export default { fetch }` plumbing the adapter owns. Key properties:
+ * The dev wires the domain ONCE in a worker-safe `domain.ts`
+ * (`export const domain = defineDomain({ schema, methods, deps, views,
+ * functions, client })`) and binds it to an adapter in `astrale.config.ts`
+ * (`deploy(domain, cloudflare({ … }))`). This generates the
+ * `export default { fetch }` plumbing the adapter owns by importing that single
+ * `domain` and SPREADING it into `domainWorkerEntry` — so the author's folder
+ * layout is irrelevant (any internal organization works as long as `domain.ts`
+ * re-exports the wired definition) and the node-only deploy adapter, which lives
+ * in `astrale.config.ts`, never enters this worker bundle.
+ *
+ * Everything the entry needs — schema/methods/deps/views/functions/requires/
+ * postInstall — rides on the spread; the only build-time signal left is whether
+ * the domain serves a client SPA (`hasClient`), which gates the `/ui` asset hook
+ * and its import. Key properties:
  *
  *  • Per-request `url` = the live serving origin (`scheme://host`). It is passed
  *    only to `createRemoteServer({ url })`; the SDK stamps every
@@ -22,49 +34,83 @@
 
 export interface WorkerCodegenOptions {
   origin: string
-  postInstall?: string
-  requires: readonly string[]
-  hasViews: boolean
-  hasFunctions: boolean
   hasClient: boolean
+  /**
+   * When set, the worker routes subrequests to platform INSTANCE hostnames
+   * through `<binding>` (a service binding to a router Worker) instead of the
+   * public edge — a same-zone Worker→Worker public fetch 522s, which otherwise
+   * blocks fetching an instance kernel's JWKS to verify a cross-instance
+   * credential.
+   */
+  router?: { binding: string; hostSuffix: string; minLabels: number }
 }
 
 export function generateWorkerEntry(opts: WorkerCodegenOptions): string {
-  const optionalImports = [
-    opts.hasViews ? `import { views } from '../views'` : `const views = undefined`,
-    opts.hasFunctions ? `import { functions } from '../functions'` : `const functions = undefined`,
-  ].join('\n')
+  // The asset-serving hook is a library helper (`assets`), not inlined string
+  // logic — imported only when the domain declares a `client` binding.
+  const serverImport = opts.hasClient
+    ? `import { assets, domainWorkerEntry } from '@astrale-os/sdk/server'`
+    : `import { domainWorkerEntry } from '@astrale-os/sdk/server'`
+
+  const clientHook = opts.hasClient
+    ? `
+  // Client assets under /ui/* — served from the ASSETS binding (or proxied to
+  // Vite in dev via VIEW_DEV_URL). The matching/stripping logic lives in the SDK helper.
+  before: assets({ binding: (env) => env.ASSETS, devProxy: (env) => env.VIEW_DEV_URL }),`
+    : ''
 
-  const postInstallLine =
-    opts.postInstall !== undefined
-      ? `const POST_INSTALL = ${JSON.stringify(opts.postInstall)}`
-      : `const POST_INSTALL = undefined`
+  const router = opts.router
+  // Service binding for instance-host subrequest routing (Env field + helper +
+  // routeSubrequest), wired only when the adapter's `router` is set.
+  const routerEnvField = router
+    ? `
+  ${router.binding}?: { fetch(request: Request): Promise<Response> }`
+    : ''
+  const routerHelper = router
+    ? `
+// A platform INSTANCE hostname (e.g. <slug>.<region>${router.hostSuffix}) is served
+// by a router Worker on the SAME zone — a direct Worker→Worker public fetch 522s.
+// Route those subrequests (e.g. fetching an instance kernel's JWKS to verify a
+// cross-instance credential) through the ${router.binding} service binding instead.
+function isInstanceHost(host) {
+  return host.endsWith('${router.hostSuffix}') && host.split('.').length >= ${router.minLabels}
+}
+`
+    : ''
+  const routerHook = router
+    ? `
+  // Divert instance-host subrequests through ${router.binding} (CF 522s a same-zone
+  // Worker→Worker public fetch). No-op when the binding is absent.
+  routeSubrequest: (url, env) => (env.${router.binding} && isInstanceHost(url.hostname) ? env.${router.binding} : null),`
+    : ''
 
   return `// AUTO-GENERATED by @astrale-os/adapter-cloudflare — do not edit.
-// Regenerated on every \`astrale-domain dev|deploy\`. Edit schema/methods/views
-// instead. (origin: ${opts.origin})
-import { defineRemoteDomain } from '@astrale-os/sdk'
-import { createWorkerEntry } from '@astrale-os/sdk/server'
+// Regenerated on every \`astrale-domain dev|deploy\`. Edit your domain.ts (the
+// wired \`defineDomain\`) and astrale.config.ts (the \`deploy(domain, …)\`).
+// (origin: ${opts.origin})
+${serverImport}
 
-import { schema } from '../schema'
-import { methods } from '../methods'
-${optionalImports}
+// The worker-safe domain definition — schema/methods/deps/views/functions plus
+// origin/requires/postInstall — wired by the author in domain.ts. Spreading it
+// keeps this entry layout-agnostic; the deploy adapter stays in astrale.config.ts.
+import { domain } from '../domain'
 import { PRIVATE_JWK } from './identity'
 
-const REQUIRES = ${JSON.stringify(opts.requires)}
-${postInstallLine}
-
 interface Env {
   WORKER_URL?: string
   ASSETS?: { fetch(request: Request): Promise<Response> }
   SELF?: { fetch(request: Request): Promise<Response> }
-  VIEW_DEV_URL?: string
+  VIEW_DEV_URL?: string${routerEnvField}
   [key: string]: unknown
 }
-
-// All the shared worker plumbing — JWKS self-fetch shim, SELF-binding routing,
-// per-URL app cache, canonical iss resolution — lives in createWorkerEntry.
-export default createWorkerEntry<Env>({
+${routerHelper}
+// \`domainWorkerEntry\` folds the runtime-domain compile + server build + the
+// shared worker plumbing (JWKS self-resolution, SELF-binding routing, per-URL
+// app cache, canonical iss resolution) into one declaration. \`deps\` (when the
+// domain declares one) rides the spread and runs per cold isolate / serving URL.
+export default domainWorkerEntry<Env>()({
+  ...domain,
+  privateKey: PRIVATE_JWK,
   // The worker's serving URL = its identity (iss). Prefer the adapter-injected
   // WORKER_URL (pins one canonical host for routed deploys, so iss stays stable
   // even when also reachable via *.workers.dev); fall back to the per-request
@@ -73,36 +119,7 @@ export default createWorkerEntry<Env>({
   // upgrades the fallback origin via X-Forwarded-Proto, so iss = the public
   // https URL, not the raw http one workerd sees.
   resolveUrl: (env, requestOrigin) => env.WORKER_URL ?? requestOrigin,
-  selfBinding: (env) => env.SELF,
-  build: (url, env) => {
-    const domain = defineRemoteDomain()({
-      schema,
-      methods,
-      ...(views ? { views } : {}),
-      ...(functions ? { remoteFunctions: functions } : {}),
-    })
-    return {
-      domain,
-      deps: env,
-      url,
-      privateKey: PRIVATE_JWK,
-      ...(POST_INSTALL ? { postInstall: POST_INSTALL } : {}),
-      ...(REQUIRES.length ? { requires: REQUIRES } : {}),
-    }
-  },
-  // SPA under /ui/* (views with a client renderer).
-  before: (env, url, request) => {
-    if (env.ASSETS && (url.pathname === '/ui' || url.pathname.startsWith('/ui/'))) {
-      if (env.VIEW_DEV_URL) {
-        const devBase = env.VIEW_DEV_URL.replace(/\\/$/, '')
-        return fetch(new Request(\`\${devBase}\${url.pathname}\${url.search}\`, request))
-      }
-      const stripped = url.pathname.replace(/^\\/ui\\/?/, '/')
-      const rewritten = new URL(stripped + url.search, url.origin)
-      return env.ASSETS.fetch(new Request(rewritten, request))
-    }
-    return undefined
-  },
+  selfBinding: (env) => env.SELF,${routerHook}${clientHook}
 })
 `
 }

package/src/codegen/wrangler.ts

@@ -3,8 +3,8 @@
  * `wrangler.jsonc` that used to be hand-copied into every domain — now an
  * internal adapter detail the dev never sees.
  *
- * `main` is `./worker.gen.ts` (same dir). `assets.directory` is `../dist-client`
- * (the project's Vite build). A `SELF` service binding enables autobinding
+ * `main` is `./worker.gen.ts` (same dir). `assets.directory` points at the
+ * project's Vite build (`CLIENT_DIST_DIR`). A `SELF` service binding enables autobinding
  * (a handler calling back into its own domain). Custom-domain deploys attach a
  * `custom_domain` route; otherwise the Worker ships to `*.workers.dev`.
  *
@@ -12,6 +12,7 @@
  * (extra bindings: KV, R2, D1, queues, …) — see `mergeUserConfig`.
  */
 
+import { CLIENT_DIST_DIR } from '../client'
 import { deepMergeConfig } from './merge'
 
 export interface WranglerCodegenOptions {
@@ -24,6 +25,12 @@ export interface WranglerCodegenOptions {
   vars?: Record<string, string>
   /** Add the SELF service binding (autobinding). */
   selfBinding: boolean
+  /**
+   * Add a service binding to a router Worker for instance-host subrequest
+   * routing (see `CloudflareParams.router`). Pairs with the worker
+   * entry's `routeSubrequest`.
+   */
+  router?: { binding: string; service: string }
   /**
    * Raw wrangler config to deep-merge over the generated base — the escape
    * hatch for extra bindings (KV, R2, D1, queues, service bindings, extra
@@ -52,16 +59,19 @@ export function generateWranglerConfig(opts: WranglerCodegenOptions): string {
 
   if (opts.hasClient) {
     config.assets = {
-      directory: '../dist-client',
+      directory: `../${CLIENT_DIST_DIR}`,
       binding: 'ASSETS',
       not_found_handling: 'single-page-application',
       run_worker_first: true,
     }
   }
 
-  if (opts.selfBinding) {
-    config.services = [{ binding: 'SELF', service: opts.workerName }]
+  const services: Array<{ binding: string; service: string }> = []
+  if (opts.selfBinding) services.push({ binding: 'SELF', service: opts.workerName })
+  if (opts.router) {
+    services.push({ binding: opts.router.binding, service: opts.router.service })
   }
+  if (services.length > 0) config.services = services
 
   if (opts.vars && Object.keys(opts.vars).length > 0) {
     config.vars = opts.vars

package/src/index.ts

@@ -1,6 +1,6 @@
 /**
  * `@astrale-os/adapter-cloudflare` — deploy an Astrale domain as a standalone
- * Cloudflare Worker.
+ * Cloudflare Worker on YOUR OWN Cloudflare account.
  *
  *   import { cloudflare } from '@astrale-os/adapter-cloudflare'
  *
@@ -11,8 +11,11 @@
  *
  * `dev` runs `wrangler dev` locally; an env with no `route` ships to
  * `*.workers.dev`; an env with a `route` ships to that custom domain.
+ *
+ * Prefer a managed deploy (no Cloudflare account)? Use
+ * `@astrale-os/adapter-astrale`, which builds the same bundle via this package's
+ * `/build` toolkit and ships it through the Astrale platform.
  */
 
-export { astrale } from './astrale'
 export { cloudflare } from './cloudflare'
-export type { AstraleParams, CloudflareParams } from './params'
+export type { CloudflareParams } from './params'