How it works
There are two ways to wire SMFS into a Cloudflare Container — pick the one that fits your architecture.Agent inside the container
The agent process runs inside the container with direct access to the SMFS mount. The entrypoint sets up the mount and starts the agent.Agent outside the container
The agent runs in a Cloudflare Worker and sends commands to the container over HTTP. The container exposes a simple exec endpoint.Prerequisites
- A Supermemory API key
- An Anthropic API key
- A Cloudflare account with Containers enabled (Workers Paid plan)
- Wrangler CLI
- The
@cloudflare/containerspackage:npm install @cloudflare/containers
Cloudflare Containers are implemented as container-enabled Durable Objects.
You declare a
Container subclass, bind it as a Durable Object, and
reference its image in the containers array. Worker secrets are not
automatically visible inside the container — you have to pass them through
envVars when starting the container (see below).Pattern A: Agent inside the container
SMFS and the Claude Agent SDK are baked into the container image. On startup, the entrypoint mounts memory and runs the agent.Dockerfile
Dockerfile
Entrypoint
entrypoint.sh
Agent code
agent.py
Worker
The Worker defines theContainer subclass and forwards Worker secrets into
the container via envVars:
worker.ts
Config
wrangler.jsonc
Pattern B: Agent outside the container
The agent logic lives in a Worker. The container just runs SMFS and exposes an HTTP endpoint for executing commands against the mount.Container (exec server)
The Dockerfile and entrypoint are nearly identical to Pattern A — the only differences are the Python deps (flask instead of claude-agent-sdk) and
the file we exec at the end.
Dockerfile
exec line — we run
gunicorn against the Flask app instead of python3 agent.py:
entrypoint.sh
server.py
We use gunicorn instead of
app.run(...) because Flask’s built-in dev
server isn’t meant for production traffic. If you’d rather just see it
work, you can replace the exec line with
exec python3 /app/server.py and add app.run(host="0.0.0.0", port=8080)
to server.py — but switch back to gunicorn before you ship.Worker (agent logic)
worker.ts
Config
wrangler.jsonc
Tips
- Use
--ephemeralfor container mounts — keeps the cache in memory only, but writes still push to Supermemory - Use
smfs grep 'query'for semantic search across all files - Worker secrets aren’t automatically visible inside the container. Pass each
one through the
envVarsfield on yourContainersubclass (see the Worker snippets above) - Use
containerFetchfrom within a Container class method (e.g., lifecycle hooks) to call the container’s own HTTP server. From the Worker, use the stub’s.fetch()method instead