RFC: WebSocket reverse-connection gateway (替代 Cloudflare Tunnel) #210

New Issue

Closed

opened 2026-05-12 05:30:22 +00:00 by xingyue · 0 comments

xingyue commented 2026-05-12 05:30:22 +00:00

Owner

Copy Link

Copy Source

Summary

用 WebSocket 反向连接替代 Cloudflare Tunnel，本地 serve 主动连接 Gateway，Gateway 通过已有 WS 通道下发请求。

Motivation

当前架构依赖 cloudflared tunnel 做 NAT 穿透：

Dashboard → Gateway (CF Worker) → Tunnel URL → 本地 serve

痛点：

• 依赖 cloudflared：需要安装、配置命名 tunnel 或临时 tunnel
• KV TTL heartbeat：agent 需要每分钟 POST 续注册，TTL 5min 过期就 530
• URL 漂移：临时 tunnel URL 变化 + heartbeat 覆盖命名 tunnel，导致 530
• 链路长且脆弱：Gateway → Tunnel → cloudflared → localhost，任何一环断都挂

Proposed Architecture

本地 serve ——WebSocket——→ Gateway (CF Worker + Durable Object)
Dashboard ——HTTP——→ Gateway ——通过已有 WS——→ 本地 serve

核心变化

1. 本地 serve 启动时，主动 WebSocket 连接到 wss://workflow-gateway.shazhou.workers.dev/ws/connect?name=sora&secret=xxx
2. Gateway 用 Durable Object 维持每个 agent 的 WS 连接状态
3. Dashboard 请求 /api/agents/sora/workflows 时，Gateway 通过 WS 下发请求，等待 agent 回复
4. 连接 = 注册，断开 = 离线。不需要 heartbeat、不需要 KV TTL

请求-响应协议

// Gateway → Agent (via WS)
type WsRequest = {
  id: string        // requestId (UUID)
  method: string    // "GET" | "POST" | ...
  path: string      // "/api/workflows"
  headers: Record<string, string>
  body: string | null
}

// Agent → Gateway (via WS)
type WsResponse = {
  id: string        // 对应的 requestId
  status: number
  headers: Record<string, string>
  body: string
}

连接管理

• Agent 断线自动重连（指数退避）
• Gateway 用 WebSocket ping/pong 检测连接存活
• Durable Object per-agent，持有 WS handle + 请求队列
• Dashboard 查询 endpoints 时，直接看 DO 里谁有活跃连接

Benefits

	现在 (Tunnel)	提议 (WS)
外部依赖	cloudflared	无
NAT 穿透	cloudflared 做	WebSocket 天然支持
注册机制	HTTP heartbeat + KV TTL	连接即注册
在线检测	lastHeartbeat 时间差	WS 连接是否存活
延迟	Gateway → Tunnel → cloudflared → localhost	Gateway → WS → localhost
可靠性	多环节，任一断都 530	单连接
流式传输	需要 SSE 穿透 tunnel	WS 原生双向流

Implementation Plan

Phase 1: Durable Object + WS 连接

• Gateway 加 Durable Object class AgentSocket
• /ws/connect 路由：验证 secret → upgrade to WS → 存储连接
• agent 端 WS 客户端 + 自动重连

Phase 2: 请求代理

• /api/agents/:agent/* 改为通过 WS 转发（替代 HTTP fetch）
• 请求超时处理（30s）
• /api/gateway/endpoints 改为查询 DO 连接状态

Phase 3: 清理

• 移除 KV ENDPOINTS binding
• 移除 startTunnel / startHeartbeat / registerWithGateway
• --tunnel-url / --no-tunnel 参数废弃
• cloudflared 不再是 serve 的依赖

Open Questions

1. Durable Object 计费：DO 按 wall-clock duration 计费，长连接的成本如何？需要评估
2. 多实例：同一个 agent name 多个 serve 实例连接时的行为？（后连覆盖前连 vs 拒绝）
3. 流式 thread 输出：是否在 Phase 2 就支持 WS 流式推送 thread 进度到 dashboard？
4. fallback：是否保留 HTTP 直连作为 fallback（内网场景）？

References

• Cloudflare Durable Objects + WebSocket: https://developers.cloudflare.com/durable-objects/api/websockets/
• 当前 Gateway 实现: packages/workflow-gateway/src/index.ts
• 当前 Tunnel 实现: packages/cli-workflow/src/commands/serve/tunnel.ts
• Dashboard 530 问题: tunnel URL 漂移 + KV TTL 过期

## Summary 用 WebSocket 反向连接替代 Cloudflare Tunnel，本地 serve 主动连接 Gateway，Gateway 通过已有 WS 通道下发请求。 ## Motivation 当前架构依赖 cloudflared tunnel 做 NAT 穿透： ``` Dashboard → Gateway (CF Worker) → Tunnel URL → 本地 serve ``` 痛点： - **依赖 cloudflared**：需要安装、配置命名 tunnel 或临时 tunnel - **KV TTL heartbeat**：agent 需要每分钟 POST 续注册，TTL 5min 过期就 530 - **URL 漂移**：临时 tunnel URL 变化 + heartbeat 覆盖命名 tunnel，导致 530 - **链路长且脆弱**：Gateway → Tunnel → cloudflared → localhost，任何一环断都挂 ## Proposed Architecture ``` 本地 serve ——WebSocket——→ Gateway (CF Worker + Durable Object) Dashboard ——HTTP——→ Gateway ——通过已有 WS——→ 本地 serve ``` ### 核心变化 1. **本地 serve 启动时**，主动 WebSocket 连接到 `wss://workflow-gateway.shazhou.workers.dev/ws/connect?name=sora&secret=xxx` 2. **Gateway 用 Durable Object** 维持每个 agent 的 WS 连接状态 3. **Dashboard 请求** `/api/agents/sora/workflows` 时，Gateway 通过 WS 下发请求，等待 agent 回复 4. **连接 = 注册**，断开 = 离线。不需要 heartbeat、不需要 KV TTL ### 请求-响应协议 ```typescript // Gateway → Agent (via WS) type WsRequest = { id: string // requestId (UUID) method: string // "GET" | "POST" | ... path: string // "/api/workflows" headers: Record<string, string> body: string | null } // Agent → Gateway (via WS) type WsResponse = { id: string // 对应的 requestId status: number headers: Record<string, string> body: string } ``` ### 连接管理 - Agent 断线自动重连（指数退避） - Gateway 用 WebSocket ping/pong 检测连接存活 - Durable Object per-agent，持有 WS handle + 请求队列 - Dashboard 查询 endpoints 时，直接看 DO 里谁有活跃连接 ## Benefits | | 现在 (Tunnel) | 提议 (WS) | |---|---|---| | 外部依赖 | cloudflared | 无 | | NAT 穿透 | cloudflared 做 | WebSocket 天然支持 | | 注册机制 | HTTP heartbeat + KV TTL | 连接即注册 | | 在线检测 | lastHeartbeat 时间差 | WS 连接是否存活 | | 延迟 | Gateway → Tunnel → cloudflared → localhost | Gateway → WS → localhost | | 可靠性 | 多环节，任一断都 530 | 单连接 | | 流式传输 | 需要 SSE 穿透 tunnel | WS 原生双向流 | ## Implementation Plan ### Phase 1: Durable Object + WS 连接 - Gateway 加 Durable Object class `AgentSocket` - `/ws/connect` 路由：验证 secret → upgrade to WS → 存储连接 - agent 端 WS 客户端 + 自动重连 ### Phase 2: 请求代理 - `/api/agents/:agent/*` 改为通过 WS 转发（替代 HTTP fetch） - 请求超时处理（30s） - `/api/gateway/endpoints` 改为查询 DO 连接状态 ### Phase 3: 清理 - 移除 KV `ENDPOINTS` binding - 移除 `startTunnel` / `startHeartbeat` / `registerWithGateway` - `--tunnel-url` / `--no-tunnel` 参数废弃 - cloudflared 不再是 serve 的依赖 ## Open Questions 1. **Durable Object 计费**：DO 按 wall-clock duration 计费，长连接的成本如何？需要评估 2. **多实例**：同一个 agent name 多个 serve 实例连接时的行为？（后连覆盖前连 vs 拒绝） 3. **流式 thread 输出**：是否在 Phase 2 就支持 WS 流式推送 thread 进度到 dashboard？ 4. **fallback**：是否保留 HTTP 直连作为 fallback（内网场景）？ ## References - Cloudflare Durable Objects + WebSocket: https://developers.cloudflare.com/durable-objects/api/websockets/ - 当前 Gateway 实现: `packages/workflow-gateway/src/index.ts` - 当前 Tunnel 实现: `packages/cli-workflow/src/commands/serve/tunnel.ts` - Dashboard 530 问题: tunnel URL 漂移 + KV TTL 过期

xingyue referenced this issue 2026-05-12 06:06:38 +00:00

Phase 1 Testing: Durable Object + WS 连接 (#210) #211

xingyue referenced this issue from a commit 2026-05-12 06:21:57 +00:00

feat: WebSocket reverse-connection gateway Phase 1 (#210)

xingyue referenced this issue 2026-05-12 06:22:10 +00:00

feat: WebSocket reverse-connection gateway Phase 1 (#210) #212

xingyue referenced this issue 2026-05-12 06:28:27 +00:00

Phase 2 Testing: WS 请求代理 (#210) #213

xingyue referenced this issue from a commit 2026-05-12 06:42:28 +00:00

feat: WS request proxy — Gateway proxies HTTP via WebSocket (#210 Phase 2)

xingyue referenced this issue 2026-05-12 06:42:45 +00:00

feat: WS request proxy — Phase 2 (#210) #214

xingyue referenced this issue from a commit 2026-05-13 03:05:13 +00:00

feat: WebSocket reverse-connection gateway Phase 1 (#210)

xingyue referenced this issue from a commit 2026-05-13 03:05:13 +00:00

feat: WebSocket reverse-connection gateway Phase 1 (#210)

xingyue referenced this issue from a commit 2026-05-13 03:05:13 +00:00

feat: WS request proxy — Gateway proxies HTTP via WebSocket (#210 Phase 2)

xiaomo referenced this issue from a commit 2026-05-13 03:06:30 +00:00

Merge pull request 'feat: WS request proxy — Phase 2 (#210)' (#214) from feat/210-ws-gateway-phase2 into main

xingyue closed this issue 2026-05-13 03:10:58 +00:00

xingyue referenced this issue 2026-05-13 14:59:57 +00:00

refactor(serve): remove tunnel + eliminate HTTP round-trip in gateway mode #245

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

chore/migrate-ocas

retrospect/fix-committer-tea

retrospect/solve-issue-fixes

fix/517-expand-skill

fix/574-silent-fail-handling

fix/573-unify-cas-store

fix/571-current-role

fix/567-trim-leading-whitespace

fix/566-adapter-json-stdout

fix/544-remove-legacy-frontmatter

fix/553-edge-prompt-empty

fix/557-step-show-json-escape

fix/559-thread-show-status

fix/561-thread-start-cwd-option

fix/558-thread-edge-location

fix/531-config-mask-apikey

fix/532-config-key-validation

fix/533-double-prefix

fix/551-hermes-bin-engines

fix/549-commit-scope

feat/541-skill-developer

feat/539-skill-author

feat/538-skill-user

feat/540-skill-actor

fix/ci-skip-integration-tests

fix/535-sqlite-fallback

fix/531-532-533

fix/528-refactor-apikey

fix/526-config-subcommand

fix/522-cancelled-thread-status

fix/523-bin-entry-point

fix/519-read-session-file

fix/enum-multi-exit-validation

fix/remove-chinese-cli-output

feat/424-setup-agent-discovery

fix/hermes-integration-test-import

fix/449-reduce-dashboard-complexity

refactor/512-rename-packages

chore/510-open-source-readiness

chore/solve-issue-portable

fix/489-step-timing

fix/506-semantic-validation

feat/502-oneOf-output-instruction

feat/499-phase2-discriminated-union

feat/499-dollar-status

fix/497-update-docs

feat/490-phase3-dashboard

feat/490-phase2-yaml-migration

feat/490-status-routing

fix/487-refactor-step-read

fix/484-step-read-command

fix/480-thread-read-quota

fix/481-cas-has-exit-code

fix/474-tea-pr-worktree-fix

fix/469-step-commands-completed-threads

fix/473-first-time-role-context

fix/471-thread-list-filters

fix/466-continuation-prompt-content

chore/cleanup-cli-docs

fix/463-http-methods

fix/464-worktree-isolation

fix/461-per-agent-session-cache

fix/459-xml-tag-isolation

fix/444-biome-complexity-warnings

fix/456-thread-step-background

fix/448-reduce-complexity

fix/445-reduce-setup-complexity

fix/446-reduce-thread-complexity

docs/sync-readme

fix/447-reduce-loop-complexity

fix/439-detail-merge-and-acp

fix/440-thread-read-prompt-dedup

fix/builtin-session-lifecycle

debug/439-raw-ndjson-dump

fix/428-multi-strategy-workflow-resolution

fix/yaml-no-alias

feat/428-workflow-resolution

feat/turn-jsonl-session

feat/426-builtin-session-resume

fix/builtin-agent-system-user-split

feat/422-claude-code-detail-enrichment

feat/builtin-agent

test/418-resume-e2e-repro

chore/update-cli-reference

fix/413-log-subcommands

feat/411-process-logger

feat/405-phase2-find-last-role-index

feat/405-edge-prompt-required

feat/402-edge-prompt-session-resume

feat/398-hermes-acp-client

fix/395-worktree-hygiene

feat/391-workflow-agent-claude-code

jshang/workflow-dashboard

fix/394-forbid-extra-frontmatter-fields

feat/335-setup-validate-model

fix/389-dynamic-format-instruction

fix/388-frontmatter-dynamic-fields

fix/385-revert-output-protocol

feat/384-agent-session-protocol

feat/remove-llm-extract

feat/cas-put-text

fix/380-hermes-quiet-flag

feat/373-thread-step-count

fix/fallback-transition-validation

feat/376-first-last-jsonata

refactor/374-meta-to-frontmatter

feat/370-solve-issue-workflow

feat/369-uwf-skill-cli

chore/ignore-legacy-biome

feat/365-project-local-workflows

refactor/364-rename-role-fields

feat/359-role-four-phase

chore/rename-uwf-to-workflow

chore/repo-restructure

feat/357-thread-read-content

feat/355-uwf-frontmatter

feat/351-phase3-prompt-focus

feat/351-phase2-adapter-frontmatter

feat/351-frontmatter-markdown-phase1

feat/349-thread-read

fix/348-session-id-stderr

fix/342-parse-session-id

fix/342-fork-simplify

feat/342-thread-steps-fork

refactor/simplify-agent-context

refactor/pass-store-via-context

feat/337-agent-detail-merkle

feat/cas-reindex

refactor/use-list-by-type

refactor/merge-cas-get-cat

refactor/remove-table-format

fix/328-table-vertical

user/jiayiyan/feat_office-agent-document-template-v2

feat/328-format-option

fix/319-cas-json-output

fix/319-validate-schema-only-inline

fix/319-schema-titles

feat/319-uwf-cas-builtin

user/jiayiyan/feat_office-agent-document-template

feat/309-uwf-stateless

feat/285-phase3-x-cas-ref

chore/remove-old-templates

feat/294-phase7-cli

private/json-cas-refactor

feat/294-phase5-react-layer

feat/294-phase4-engine-migration

feat/294-phase3-workflow-json

feat/294-jsonata-moderator

docs/architecture-cards

feat/285-phase2-remove-extractrefs

feat/285-cas-ref-annotation

chore/fix-biome-complexity-warnings

refactor/agent-fn-required-opt

chore/audit-exports-cleanup

chore/remove-symlink-dead-code

chore/no-external-bundle

feat/show-system-prompt

chore/205-env-example

chore/biome-fix-and-pre-push-hook

chore/remove-parentRequired-param

fix/265-flaky-thread-rm

feat/workflow-detail-layout

chore/252-remove-text-adapter

feat/261-adapter-migration

feat/252-agent-fn

feat/graph-interactions

fix/dashboard-graph-side-handles

fix/dashboard-graph-visual-247

fix/cursor-agent-runtime-extract

refactor/serve-remove-http-tunnel

chore/slim-role-output

feat/changesets-version-management

chore/bump-0.4.0

chore/merge-publish-scripts

chore/remove-link-all

feat/merge-publish-scripts

fix/auto-discover-publish

refactor/dashboard-custom-spine-layout

fix/cli-bin-path

fix/dashboard-elk-review-feedback

feat/dashboard-elk-layout

fix/skill-author-pitfalls

fix/publish-lockfile-regen

feat/210-ws-gateway-phase2

refactor/thread-detail-side-by-side-layout

feat/210-ws-gateway-phase1

feat/222-tools-smoke-test-phase3

feat/222-react-adapter-phase2

feat/222-adapter-fn-phase1

fix/219-review-followup

feat/216-setup-and-build-scripts

fix/206-bundle-build-register

feat/197-agent-observability

feat/198-dashboard-workflow-graph

feat/194-merkle-call-stack-phase2

refactor/200-moderator-table

feat/194-merkle-call-stack-phase1

feat/cursor-agent-workspace-extract

fix/191-dashboard-thread-sort

feat/187-end-node-llm-summary

refactor/185-remove-max-rounds

refactor/180-simplify-extract-fn

feat/177-gateway-route-reorg

feat/172-declarative-moderator-table

fix/170-thread-status-detection

feat/164-cf-worker-gateway

fix/161-162-cas-content-refs

feat/155-cas-thread-phase-5

feat/155-cas-thread-phase-4

feat/155-cas-thread-phase-3

feat/155-cas-thread-phase-2

feat/155-cas-thread-phase-1

chore/rename-dashboard-folder

refactor/143-split-packages

feat/139-thread-reactor

refactor/runtime-descriptor-boundary

fix/128-dashboard-enhancements

fix/130-sse-incremental

fix/120-serve-hardening

feat/131-dashboard-sse

refactor/thread-context-runtime

feat/118-serve-write-sse

feat/118-dashboard

refactor/121-split-workflow-runtime

feat/118-serve-api

chore/bump-0.2.0

feat/110-phase3-supervisor

chore/114-remove-deprecated

feat/110-phase2-migrate-extract

docs/package-readmes

feat/110-phase1-config-layer

chore/108-cli-module-discipline

chore/106-workflow-module-discipline

chore/cleanup-cas-thread-id

refactor/102-module-folders

refactor/97-phase4-cleanup

refactor/96-phase3-split-dispatch

refactor/95-phase2-control-merge

chore/remove-build-scripts

refactor/93-phase1-directory-restructure

feat/91-reviewer-prompt

docs/88-readme-architecture-cleanup

fix/85-usage-format

fix/83-cli-ux

feat/81-skill-topics

fix/75-nits

refactor/75-merge-roles-phase1

refactor/71-auto-gen-skill-doc

feat/63-workflow-storage-root

feat/69-help-skill

refactor/cli-noun-verb-grouping

feat/59-solve-issue-refactor

feat/37-live-command

feat/58-develop-workflow

feat/36-init-command

feat/44-react-extract

feat/43-extract-provider-config

feat/42-thread-root-node

feat/41-merkle-content-cas

feat/33-workflow-as-agent

feat/32-cas-gc

feat/31-refs-tracking

feat/30-global-cas

feat/28-preparer-role

fix/26-planner-cas-cli-prompt

test/19-validate-workflow-descriptor

feat/23-phase-title-in-planner-meta

fix/21-moderator-coder-transition

fix/review-feedback-and-typecheck

fix/type-errors-and-tsbuildinfo

No results found.

Labels

No items

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

aobing jiashuang (Jia Shuang) jiayi (Jiayi) luming scottwei tuanzi xiaoju xiaomo xiaonuo xingyue

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: uncaged/workflow#210