Writing · · 2 min read

Durable, audited background jobs on Cloudflare (without bolting on a queue service)

Your agent can write a background job in seconds: charge the card, send the email, sync the record. It runs once on your machine and looks done. Then production happens — the worker times out mid-run, the upstream API 500s, the same job fires twice — and “looks done” becomes a double charge and a silent data gap.

That gap between “a function that runs” and durable execution is where AI-built workflow automation breaks. Cloudflare is a great place to run it — but the durability and the audit trail are on you.

What “durable” actually means in production

A background job you can trust under load needs four things AI codegen routinely skips:

  • Retries with backoff — transient failures recover instead of dropping work.
  • Idempotency — a retried or duplicated job runs once, not twice.
  • Dead-letter — work that can't succeed is captured, not lost.
  • An audit trail — every run is recorded, so you can answer “did it run, when, and what happened?”

Skip any one and the failure is invisible until a customer reports it. The double-charged subscription, the welcome email that never sent, the webhook processed twice — all the same root cause: execution that isn't durable or audited.

Compose durable workflows, don't hand-roll them

microservices.sh ships durable execution as verified, source-visible modules: jobs-workflows for durable background jobs (idempotent execution, backoff, dead-letter), idempotency for exactly-once handling of webhooks and payments, and webhook-delivery for signed, logged outbound events. They run Cloudflare-native and land as code you own.

pnpm create microservices-app@latest ops-runner --modules jobs-workflows,audit-log,idempotency

Your agent still writes the business logic of each job. The module gives it a runtime that retries, dedupes, and dead-letters — the parts that are identical across every workflow and dangerous to get wrong.

Audited by default

The piece most AI-built automation never adds: a record. With audit-log, every job run writes an append-only event — who or what triggered it, when, and the outcome. That's the difference between automation you hope ran and automation you can prove ran. It's also what a governed workflow needs: permissions on who can trigger, and a trail of every execution. See how the modules connect by contract on the contracts page.

It runs locally first — no login, no Cloudflare for the first app. Browse the jobs-workflows module and the audit-log module, or start from the quickstart.

pnpm create microservices-app@latest
Run the quickstart How module contracts work →