Summary
Moltworker currently does not support Cloudflare AI Gateway's Authenticated Gateway feature. When Authenticated Gateway is enabled on the AI Gateway, all requests from Moltworker fail because the required cf-aig-authorization header is never sent.
Problem
Cloudflare recommends enabling Authenticated Gateway when storing logs (which is the whole point of using AI Gateway for analytics/cost tracking). However, when enabled, every request to the gateway must include a cf-aig-authorization header containing a valid API token.
The Moltworker architecture makes this impossible because:
-
The moltbot binary inside the container makes the API calls, not the Worker. In src/gateway/env.ts, the Worker maps AI_GATEWAY_BASE_URL → ANTHROPIC_BASE_URL and AI_GATEWAY_API_KEY → ANTHROPIC_API_KEY as environment variables passed to the container. The moltbot binary then makes standard HTTP requests using only x-api-key — it has no mechanism to include cf-aig-authorization.
-
No AI Gateway binding in wrangler.jsonc. Cloudflare docs note: "When an AI Gateway is accessed from a Cloudflare Worker using a binding, the cf-aig-authorization header does not need to be manually included." However, Moltworker uses URL-based access from inside the container, not Worker bindings. Even if a binding were added to the Worker, it can't be passed into the container — the container only receives environment variables (strings).
-
No env var or config option exists to pass an additional authentication token/header for the gateway.
Steps to Reproduce
- Deploy Moltworker with AI Gateway configured (
AI_GATEWAY_BASE_URL + AI_GATEWAY_API_KEY)
- Enable "Authenticated Gateway" in AI Gateway Settings
- Send a message through the Control UI
- Observe: AI Gateway logs show the request is rejected (no
cf-aig-authorization header present)
Current Workaround
Disable Authenticated Gateway in the AI Gateway settings. This works but means the gateway endpoint is unauthenticated — anyone who discovers the gateway URL could route requests through it.
Proposed Solutions
Option A: Proxy API calls through the Worker (recommended)
Instead of having the container call the AI Gateway URL directly, have the Worker act as a proxy:
- Container sends API requests to the Worker (e.g.,
http://localhost:{port}/api/proxy)
- The Worker intercepts and forwards them to AI Gateway using a Worker AI Gateway binding, which auto-includes the
cf-aig-authorization header
- This would also enable future use of AI Gateway features that require Worker bindings
Option B: Pass cf-aig-authorization as an env var
Add a new secret (e.g., AI_GATEWAY_AUTH_TOKEN) that gets passed to the container. The moltbot binary would need to be updated to include this as a cf-aig-authorization header on requests to the gateway URL.
Option C: Add ai binding to wrangler.jsonc
Configure an AI Gateway binding in the wrangler config and have the Worker make the AI API calls on behalf of the container, using the binding which auto-authenticates.
Environment
- Moltworker commit:
7b0ba7811b7558fdc158cb53cd0a0e4327e9a429 (main, Jan 30 2026)
- Relevant files:
src/gateway/env.ts, src/types.ts, wrangler.jsonc
References
cc @brianbrunner @sidharthachatterjee @roerohan
Summary
Moltworker currently does not support Cloudflare AI Gateway's Authenticated Gateway feature. When Authenticated Gateway is enabled on the AI Gateway, all requests from Moltworker fail because the required
cf-aig-authorizationheader is never sent.Problem
Cloudflare recommends enabling Authenticated Gateway when storing logs (which is the whole point of using AI Gateway for analytics/cost tracking). However, when enabled, every request to the gateway must include a
cf-aig-authorizationheader containing a valid API token.The Moltworker architecture makes this impossible because:
The moltbot binary inside the container makes the API calls, not the Worker. In
src/gateway/env.ts, the Worker mapsAI_GATEWAY_BASE_URL→ANTHROPIC_BASE_URLandAI_GATEWAY_API_KEY→ANTHROPIC_API_KEYas environment variables passed to the container. The moltbot binary then makes standard HTTP requests using onlyx-api-key— it has no mechanism to includecf-aig-authorization.No AI Gateway binding in
wrangler.jsonc. Cloudflare docs note: "When an AI Gateway is accessed from a Cloudflare Worker using a binding, thecf-aig-authorizationheader does not need to be manually included." However, Moltworker uses URL-based access from inside the container, not Worker bindings. Even if a binding were added to the Worker, it can't be passed into the container — the container only receives environment variables (strings).No env var or config option exists to pass an additional authentication token/header for the gateway.
Steps to Reproduce
AI_GATEWAY_BASE_URL+AI_GATEWAY_API_KEY)cf-aig-authorizationheader present)Current Workaround
Disable Authenticated Gateway in the AI Gateway settings. This works but means the gateway endpoint is unauthenticated — anyone who discovers the gateway URL could route requests through it.
Proposed Solutions
Option A: Proxy API calls through the Worker (recommended)
Instead of having the container call the AI Gateway URL directly, have the Worker act as a proxy:
http://localhost:{port}/api/proxy)cf-aig-authorizationheaderOption B: Pass
cf-aig-authorizationas an env varAdd a new secret (e.g.,
AI_GATEWAY_AUTH_TOKEN) that gets passed to the container. The moltbot binary would need to be updated to include this as acf-aig-authorizationheader on requests to the gateway URL.Option C: Add
aibinding towrangler.jsoncConfigure an AI Gateway binding in the wrangler config and have the Worker make the AI API calls on behalf of the container, using the binding which auto-authenticates.
Environment
7b0ba7811b7558fdc158cb53cd0a0e4327e9a429(main, Jan 30 2026)src/gateway/env.ts,src/types.ts,wrangler.jsoncReferences
cc @brianbrunner @sidharthachatterjee @roerohan