Pulses

The Power of Pulses

Pulses are Vibecodr's serverless backend runtime on Cloudflare Workers for Platforms. This page documents the live capability surface today: what each binding does, who gets it, and practical usage patterns you can ship now.

WfP runtime Scoped KV Zero-gap secrets OAuth connections Pro D1 SQL
Open Pulse Operating Center Read Pulse how-to guides Compare plans

Capabilities

Current binding and capability surface

These are the capabilities currently available in PulseEnv. Example snippets use the enhanced handler style.

env.kv

Free, Creator, Pro

Scoped key-value storage for counters, caches, idempotency keys, and lightweight state between runs.

Backing: Cloudflare KV

Usage: Each key is automatically prefixed per pulse at runtime, so your code uses clean keys while storage stays isolated.

const count = Number((await env.kv.get("visits")) ?? "0");
await env.kv.put("visits", String(count + 1), { expirationTtl: 300 });
return { visits: count + 1 };

env.secrets

Creator, Pro

Call external APIs without exposing secret values in your pulse memory (zero-gap protection model).

Backing: Dispatch proxy + encrypted secret storage

Usage: Use env.secrets.get() + env.fetch() for natural code, or env.secrets.fetch() for explicit injection rules.

if (!env.secrets.has("OPENAI_API_KEY")) {
  return { error: "Configure OPENAI_API_KEY first" };
}

const token = env.secrets.get("OPENAI_API_KEY");
const response = await env.fetch("https://api.openai.com/v1/models", {
  headers: { Authorization: "Bearer " + token },
});
return await response.json();

env.connections

Free (1), Creator (3), Pro (unlimited)

Use OAuth-connected provider accounts without manually storing provider access tokens in your code.

Backing: OAuth connection tokens via dispatch

Usage: Get an opaque provider token handle and pass it through env.fetch().

const githubToken = env.connections.get("github");
const me = await env.fetch("https://api.github.com/user", {
  headers: {
    Authorization: "Bearer " + githubToken,
    "User-Agent": "vibecodr-pulse",
  },
});
return await me.json();

env.db / env.Pro_User_Binding

Pro only

Run SQL queries against your per-user D1 database for relational and transactional workflows.

Backing: Native Cloudflare D1 binding

Usage: The binding is added at deploy time when your pulse uses env.db and the owner is on Pro.

if (!env.db) {
  return { error: "This pulse needs Pro for env.db" };
}

await env.db.query(
  "CREATE TABLE IF NOT EXISTS Pulse_orders (id TEXT PRIMARY KEY, total_cents INTEGER)"
);
await env.db.query(
  "INSERT INTO Pulse_orders (id, total_cents) VALUES (?, ?)",
  [crypto.randomUUID(), 1999]
);
const { results } = await env.db.query("SELECT COUNT(*) AS total FROM Pulse_orders");
return results[0];

env.fetch

Free, Creator, Pro

Perform outbound HTTP requests with SSRF and infrastructure block protections.

Backing: Safe fetch wrapper + Outbound/dispatch policy checks

Usage: Use env.fetch for normal outbound calls; it is also token-aware for env.secrets/env.connections patterns.

const res = await env.fetch("https://api.weather.com/v1/forecast?city=SF");
if (!res.ok) {
  throw wrapAsVibeError(new Error("Upstream error: " + res.status), "proxy.storageFailed");
}
return await res.json();

env.env + env.log + env.waitUntil

Free, Creator, Pro

Access pulse identifiers/version, write request-scoped logs, and schedule non-blocking background work.

Backing: Runtime metadata + execution context

Usage: Use env.env for metadata, env.log for traceability, and env.waitUntil() for async follow-up after response.

env.log.info("pulse metadata", env.env);
env.waitUntil(env.kv.put("last-run-at", new Date().toISOString()));
return { pulseId: env.env.pulseId, version: env.env.version };

Plans

Plan matrix for cloud-backed pulse capabilities

Practical limits that shape backend architecture decisions per plan.

Plan Price Pulse slots Runs / month Runtime / run Subrequests / run Secrets Connections D1 SQL
Free $0 3 1,500 5s 5 0 1 No
Creator $9/mo 15 150,000 15s 25 25 3 No
Pro $39/mo 50 1,000,000 30s 50 200 Unlimited Yes (per-user D1)

Snapshot source: packages/shared/src/plans.ts. D1 binding: workers/api/src/lib/pulseDeployer.ts.

OAuth

Connection providers live today

Current first-class provider for env.connections:

github

Under the hood

How this maps to Cloudflare

Workers for Platforms

Pulses are bundled and deployed as tenant worker scripts in the dispatch namespace, then executed through the dispatch gateway.

KV + D1 bindings

KV is exposed through env.kv with scoped keys. Pro users receive native D1 via env.db.

Dispatch security

Secrets and OAuth tokens route through dispatch-backed enforcement, with allowlist and egress protections.

Resources

Cloudflare Workers guide How KV, Pro D1, and R2 workflows are exposed. Pulse Operating Center Create, test, and operate Pulses. Pulse how-to docs Step-by-step implementation guides. Social Runtime overview Distribution model for runnable experiences.

FAQ

Questions? We've got answers.

Does Free include pulse capabilities?

Yes. Free includes pulse execution, env.kv, protected fetch, and one OAuth connection. Secrets and D1 SQL are paid capabilities.

What is the difference between secrets and connections?

Secrets are key-value credentials you define, while connections are OAuth grants to first-class providers such as GitHub. Both use server-side token injection patterns.

When does env.db appear?

env.db is available for Pro users when pulse code uses env.db (or env.Pro_User_Binding), which triggers D1 provisioning and deploy-time binding injection.

Can pulse code read plaintext secret values?

No. The runtime is designed so your code receives opaque handles/tokens, and actual secret values are injected server-side during outbound requests.