Reference
Architecture
Kyew is an MCP server built on Cloudflare Workers with D1 database, KV storage, and Sandbox containers for isolated code execution.
System Overview
┌─────────────────────────────────────────────────────────────────┐
│ MCP Clients │
│ (Claude Code CLI / Desktop / ChatGPT) │
└─────────────────────────────────────────────────────────────────┘
│
│ MCP over HTTP
▼
┌─────────────────────────────────────────────────────────────────┐
│ Cloudflare Workers │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ Kyew Worker │ │
│ │ │ │
│ │ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌─────────┐ │ │
│ │ │ Auth │ │ Rate │ │ Quota │ │ Metrics │ │ │
│ │ │Middleware│ │ Limit │ │ Check │ │ Logger │ │ │
│ │ └────┬─────┘ └────┬─────┘ └────┬─────┘ └────┬────┘ │ │
│ │ └──────────────┴──────────────┴──────────────┘ │ │
│ │ │ │ │
│ │ ┌───────────────────────┴───────────────────────────┐ │ │
│ │ │ HTTP Handler │ │ │
│ │ │ (MCP Protocol Handler) │ │ │
│ │ └───────────────────────┬───────────────────────────┘ │ │
│ │ │ │ │
│ │ ┌──────────┬──────────┬┴──────────┬──────────┐ │ │
│ │ │ Memory │ Skill │ Inference │ Dynamic │ │ │
│ │ │ Module │ Module │ Module │ Tools │ │ │
│ │ └────┬─────┴────┬─────┴────┬──────┴────┬─────┘ │ │
│ └───────┴──────────┴──────────┴───────────┴──────────────┘ │
└──────────────────────────────────────────────────────────────────┘
│
┌─────────────────────┼─────────────────────┐
▼ ▼ ▼
┌──────────────┐ ┌──────────────┐ ┌──────────────────┐
│ Cloudflare │ │ Cloudflare │ │ Cloudflare │
│ D1 │ │ KV │ │ Sandbox │
│ (Database) │ │ (Cache) │ │ (Code Tools) │
└──────────────┘ └──────────────┘ └──────────────────┘
Components
Worker
The main Cloudflare Worker handles:
- HTTP request routing
- MCP protocol messages
- Authentication (OAuth, API keys)
- Rate limiting
- Request logging
Modules
Memory Module
- CRUD operations for memories
- Semantic search using embeddings
- Correction and supersession tracking
Skill Module
- Skill lifecycle management
- Version control
- Approval workflow
- Conflict detection
Inference Module
- Pattern detection algorithms
- Skill generation
- Context matching
- Suggestions
Dynamic Tools Module
- Custom tool management
- HTTP proxy execution
- Transform evaluation (JSONata)
- Code tool orchestration
Storage
D1 Database
Primary persistent storage for:
- Memories
- Skills and versions
- Custom tools
- Connections (encrypted)
- Agent tasks and messages
- Audit logs
KV Namespace
Fast key-value storage for:
- Rate limiting counters
- OAuth session tokens
- Metrics data
- Temporary cache
Sandbox Containers
Isolated VM execution for:
- Code tools (JavaScript/TypeScript)
- Custom user code
- Isolated from worker context
Data Model
Memories
CREATE TABLE memories (
id TEXT PRIMARY KEY,
user_id TEXT NOT NULL,
observation TEXT NOT NULL,
domain TEXT,
task_type TEXT,
tools_used TEXT, -- JSON array
outcome TEXT,
tags TEXT, -- JSON array
embedding BLOB,
superseded_by TEXT,
created TEXT,
updated TEXT
);
Skills
CREATE TABLE skills (
id TEXT PRIMARY KEY,
user_id TEXT NOT NULL,
name TEXT NOT NULL,
description TEXT,
domain TEXT, -- JSON array
instructions TEXT,
triggers TEXT, -- JSON array
templates TEXT, -- JSON array
source_memories TEXT, -- JSON array
status TEXT DEFAULT 'draft',
user_approved INTEGER DEFAULT 0,
version INTEGER DEFAULT 1,
embedding BLOB,
created TEXT,
updated TEXT
);
Custom Tools
CREATE TABLE custom_tools (
id TEXT PRIMARY KEY,
user_id TEXT NOT NULL,
name TEXT UNIQUE NOT NULL,
description TEXT,
input_schema TEXT, -- JSON
tool_type TEXT,
http_config TEXT, -- JSON
transform_config TEXT, -- JSON
chain_config TEXT, -- JSON
skill_config TEXT, -- JSON
code_config TEXT, -- JSON
status TEXT DEFAULT 'draft',
created TEXT,
updated TEXT
);
Authentication
OAuth Flow
1. Client requests /oauth/authorize
2. Redirect to Google OAuth
3. User authenticates with Google
4. Callback with auth code
5. Exchange code for tokens
6. Create session in KV
7. Return session token to client
Token Validation
Each request is validated:
- Check for MCP session header
- Validate JWT signature
- Check token expiration
- Extract user ID
- Proceed with request
Code Tool Execution
┌─────────────────────────────────────────┐
│ Kyew Worker │
│ │
│ 1. Receive tool call │
│ 2. Load code tool config │
│ 3. Create sandbox instance │
│ │ │
│ ▼ │
│ ┌────────────────────────────────────┐ │
│ │ Cloudflare Sandbox Container │ │
│ │ │ │
│ │ 4. Write user code to /handler.mjs│ │
│ │ 5. Write runner to /runner.mjs │ │
│ │ 6. Execute: node /runner.mjs │ │
│ │ 7. Capture stdout (JSON result) │ │
│ │ │ │
│ └────────────────────────────────────┘ │
│ │ │
│ 8. Parse result │
│ 9. Return to client │
└─────────────────────────────────────────┘
Multi-Tenancy
All data is scoped by user ID:
// Every storage operation includes user_id
await storage.createMemory({
user_id: userId, // From auth token
observation: "...",
// ...
});
// Queries automatically filter
const memories = await storage.getMemories({
user_id: userId // Only returns this user's data
});
Rate Limiting
Per-user limits using KV:
const key = `rate:${userId}:${minute}`;
const count = await kv.get(key) || 0;
if (count >= MAX_REQUESTS_PER_MINUTE) {
return new Response('Rate limited', { status: 429 });
}
await kv.put(key, count + 1, { expirationTtl: 60 });
Deployment
Infrastructure
- Worker:
memory-alphaon Cloudflare Workers - Database:
memory-alpha-dbon Cloudflare D1 - KV: Multiple namespaces for rate limiting, OAuth, metrics
- Containers: Sandbox for code tool execution
Configuration
# wrangler.toml
name = "memory-alpha"
main = "dist/worker.js"
compatibility_date = "2025-01-01"
[[d1_databases]]
binding = "DB"
database_name = "memory-alpha-db"
[[kv_namespaces]]
binding = "RATE_LIMIT_KV"
[[containers]]
class_name = "Sandbox"
image = "./Dockerfile"
instance_type = "lite"
Security
Data Protection
- TLS 1.3 in transit
- D1 encrypted at rest
- User-specific encryption for credentials
Isolation
- User data fully isolated
- Code tools run in VM sandbox
- No cross-user data access
Authentication
- Google OAuth 2.0
- JWT session tokens
- API key support for automation