Skip to main content
Mount a Supermemory container inside a Cloudflare Container so your agent can read and write memory using standard filesystem commands.

How it works

There are two ways to wire SMFS into a Cloudflare Container — pick the one that fits your architecture.

Agent inside the container

The agent process runs inside the container with direct access to the SMFS mount. The entrypoint sets up the mount and starts the agent.

Agent outside the container

The agent runs in a Cloudflare Worker and sends commands to the container over HTTP. The container exposes a simple exec endpoint.

Prerequisites

Cloudflare Containers are implemented as container-enabled Durable Objects. You declare a Container subclass, bind it as a Durable Object, and reference its image in the containers array. Worker secrets are not automatically visible inside the container — you have to pass them through envVars when starting the container (see below).

Pattern A: Agent inside the container

SMFS and the Claude Agent SDK are baked into the container image. On startup, the entrypoint mounts memory and runs the agent.

Dockerfile

Dockerfile

Entrypoint

entrypoint.sh

Agent code

agent.py

Worker

The Worker defines the Container subclass and forwards Worker secrets into the container via envVars:
worker.ts

Config

wrangler.jsonc

Pattern B: Agent outside the container

The agent logic lives in a Worker. The container just runs SMFS and exposes an HTTP endpoint for executing commands against the mount.
The /exec endpoint below runs arbitrary shell commands inside the container. Only call it from your Worker — never expose it publicly, and never pass user input straight into command without validation. Cloudflare Containers are addressable only through their Worker by default, so this is safe as long as you don’t add a public route that proxies to /exec.

Container (exec server)

The Dockerfile and entrypoint are nearly identical to Pattern A — the only differences are the Python deps (flask instead of claude-agent-sdk) and the file we exec at the end.
Dockerfile
The entrypoint differs from Pattern A only in the final exec line — we run gunicorn against the Flask app instead of python3 agent.py:
entrypoint.sh
server.py
We use gunicorn instead of app.run(...) because Flask’s built-in dev server isn’t meant for production traffic. If you’d rather just see it work, you can replace the exec line with exec python3 /app/server.py and add app.run(host="0.0.0.0", port=8080) to server.py — but switch back to gunicorn before you ship.

Worker (agent logic)

worker.ts

Config

wrangler.jsonc

Tips

  • Use --ephemeral for container mounts — keeps the cache in memory only, but writes still push to Supermemory
  • Use smfs grep 'query' for semantic search across all files
  • Worker secrets aren’t automatically visible inside the container. Pass each one through the envVars field on your Container subclass (see the Worker snippets above)
  • Use containerFetch from within a Container class method (e.g., lifecycle hooks) to call the container’s own HTTP server. From the Worker, use the stub’s .fetch() method instead