TanStack AI version
0.1.8
Framework/Library version
@tanstack/ai-isolate-cloudflare@0.1.8
Describe the bug
The ai-isolate-cloudflare worker hardcodes env.UNSAFE_EVAL.eval(code). The unsafe_eval binding is workerd-internal and gated by Cloudflare for all customer accounts — there is no public entitlement and no path to enable it.
Result: the package is unusable in production and broken in wrangler dev on current Wrangler 4.x.
Reproduction
wrangler.toml per the README:
[[unsafe.bindings]]
name = "UNSAFE_EVAL"
type = "eval"
| Attempt |
Wrangler |
Result |
wrangler deploy |
4.87 |
binding UNSAFE_EVAL has an unknown type eval [code: 10021] |
wrangler dev (default = remote) |
4.87 |
binding mode remote, runtime returns UnsafeEvalNotAvailable |
wrangler dev --local |
3.114 |
Fatal: setsocketopt TCP_NODELAY crash |
Root cause
unsafe_eval was never publicly enrolled. The cloudflare.com/products/workers-unsafe-eval/ page is dead. Cloudflare's supported replacement is the worker_loader (Dynamic Workers) binding, GA-beta'd 2026-03-24.
Suggested fix
Swap the worker's eval call:
// before
const result = await env.UNSAFE_EVAL.eval(wrappedCode);
// after
const child = env.LOADER.load({
compatibilityDate: "2026-05-01",
mainModule: "main.js",
modules: { "main.js": wrapAsModule(wrappedCode) },
globalOutbound: null,
});
const resp = await child.getEntrypoint().fetch(new Request("https://sandbox.invalid/"));
const result = await resp.json();wrapAsModule wraps the existing IIFE in export default { fetch() { ... } }, returns JSON. ~40 LOC change in worker, driver/protocol untouched, public API unchanged. Requires Workers Paid plan (CF API rejects worker_loader on Free with code: 10195; same plan tier unsafe_eval would have required).
Validation
I have a working bun patch of 0.1.8 deployed against a real CF Worker (worker_loader binding accepted, e2e passing for HTTP tool-callback round-trip). PR incoming.
Refs
TanStack AI version
0.1.8
Framework/Library version
@tanstack/ai-isolate-cloudflare@0.1.8
Describe the bug
The
ai-isolate-cloudflareworker hardcodesenv.UNSAFE_EVAL.eval(code). Theunsafe_evalbinding is workerd-internal and gated by Cloudflare for all customer accounts — there is no public entitlement and no path to enable it.Result: the package is unusable in production and broken in
wrangler devon current Wrangler 4.x.Reproduction
wrangler.tomlper the README:wrangler deploybinding UNSAFE_EVAL has an unknown type eval [code: 10021]wrangler dev(default = remote)remote, runtime returnsUnsafeEvalNotAvailablewrangler dev --localFatal: setsocketopt TCP_NODELAYcrashRoot cause
unsafe_evalwas never publicly enrolled. Thecloudflare.com/products/workers-unsafe-eval/page is dead. Cloudflare's supported replacement is theworker_loader(Dynamic Workers) binding, GA-beta'd 2026-03-24.Suggested fix
Swap the worker's eval call:
wrapAsModulewraps the existing IIFE inexport default { fetch() { ... } }, returns JSON. ~40 LOC change in worker, driver/protocol untouched, public API unchanged. Requires Workers Paid plan (CF API rejectsworker_loaderon Free withcode: 10195; same plan tierunsafe_evalwould have required).Validation
I have a working
bun patchof 0.1.8 deployed against a real CF Worker (worker_loaderbinding accepted, e2e passing for HTTP tool-callback round-trip). PR incoming.Refs