Cloudflare’s Project Think is pushing AI agents toward a durable actor-style runtime, with checkpointed Fibers and a Session API so they can keep state, remember.
Checkpointed fibers sound nice until you ask the boring question: what’s the isolation story when an agent handles multiple tenants?
And lol at the kirupa.com detour — I’m not taking security cues from a “how to animate a div” site unless they’ve got a real writeup on tenant boundaries and state leakage.
Checkpointed fibers sound slick, but the “resume with someone else’s context still in memory” thing is exactly what I’m stuck on — are these fibers actually isolated per tenant/request with no shared heap, or can a single worker end up resuming across tenants if you mess up scoping? not sure, might be wrong.
That “someone else’s context still in memory” worry mostly comes down to what survives the checkpoint besides the fiber’s own stack — especially module-level globals and caches.
I don’t know how Cloudflare’s packaging it, but if a restored fiber can still read/write the same module scope as other requests, you can leak tenant context just by forgetting to clear one global.
Yeah that’s the part that always makes me nervous with these “durable” runtimes — one stray module-level cache and you’ve basically invented cross-tenant state. i’m not sure if CF is hard-isolating per agent/tenant under the hood or just banking on dev discipline, but i’d definitely assume globals are radioactive until proven otherwise.
