Deploy a micro-app with Claude + ChatGPT copilots on Cloudflare Workers

Hook: You want low-latency copilots (Claude + ChatGPT) for a micro-app without a surprise bill or exposing API keys — and you want it fast. This guide shows a practical, production-oriented way to wire multiple LLM APIs as copilots into a Cloudflare Workers edge micro-app in 2026 — covering auth, request routing, rate limits, and cost control while leaning on free tiers and edge features.

Why run LLM copilots at the edge in 2026?

Edge-first deployment is no longer experimental. Late 2025 and early 2026 accelerated two trends that matter here: large CDNs and edge platforms (Cloudflare among them) are integrating deeper into the AI stack, and vendors are competing on latency and price. Cloudflare's January 2026 acquisition of Human Native signals marketplace and data-layer moves that will make edge AI workflows more viable for developers who care about cost, privacy, and user experience.

Running LLM calls through an edge micro-app gives you three practical advantages:

• Low latency: route and pre-process requests close to users.
• Security and control: keep API keys server-side, add short-lived tokens, and implement consistent policy at the edge.
• Cost containment: enforce rate limits, token budgets, caching, and fallbacks before requests hit costly LLM endpoints.

High-level architecture

Here's the minimal production architecture we'll implement:

• Client (SPA or native) — calls your Cloudflare Worker endpoints.
• Cloudflare Worker — routes requests to /copilot/chatgpt or /copilot/claude, enforces auth, rate limits, caching, and cost controls.
• Cloudflare KV or Durable Objects — store rate-limit counters, short-term caches, and small state.
• Cloudflare R2 (optional) — store embeddings or large artifacts for RAG workflows.
• LLM providers (OpenAI/ChatGPT API, Anthropic/Claude API) — upstream endpoints called by the Worker using worker-bound secrets; see augmented oversight for safety patterns.
• Telemetry / Alerts — observability and billing hooks for alarms.

Task routing: why two copilots?

Claude and ChatGPT often excel at complementary tasks. Claude has been widely adopted for long-context summarization and instruction-following with higher safety guardrails, while ChatGPT (OpenAI API) often leads on code generation and multi-step tool orchestration. In 2026, routing specific tasks to the model best suited for them reduces cost and increases quality. We'll show how to do that automatically at the edge; for governance and oversight patterns see augmented oversight.

Step-by-step: build the Worker router

We'll walk through a concrete implementation: a Cloudflare Worker that proxies calls to Claude or ChatGPT, enforces auth, rate limits per user, caches cheap responses, and falls back to a lower-cost model when budgets are exceeded.

1) Cloudflare setup and secrets

1. Create a Cloudflare account and a Workers service (using wrangler or the dashboard).
2. Add secrets (API keys) via wrangler or the dashboard. Example secret names: OPENAI_API_KEY and ANTHROPIC_API_KEY. Never embed keys in client code.
3. Provision a KV namespace (for rate limiting and small caches) and bind it to the Worker as RATE_KV. Optionally provision a Durable Object if you need strong consistency for per-user counters.

2) Authentication model

For micro-apps you typically have a lightweight auth layer that issues short-lived tokens or relies on a third-party SSO. Two practical patterns:

• JWT from your identity provider — verify the token in the Worker and extract user_id. Keep verification keys in a binding. (See also ECMAScript 2026 changes for runtime implications: ECMAScript 2026.)
• Signed short-lived edge tokens — issue a short-lived signed token from a secure server that the Worker validates to avoid full-blown session storage.

The Worker should never accept API keys from the client. Instead, the client sends an Authorization header with a JWT, Worker validates, then uses the server-side API keys to call LLMs.

3) Request routing and policy

Design simple, predictable endpoints:

• POST /copilot/chatgpt — code generation, tooling, developer prompts.
• POST /copilot/claude — summarization, long-form instruction, customer-facing text.
• POST /copilot/compose — orchestration: run summarization on Claude, then pass results to ChatGPT for action items.

4) Example Worker routing code (simplified)

// Worker entry (simplified)
addEventListener('fetch', event => {
  event.respondWith(handle(event.request))
})

async function handle(request) {
  const url = new URL(request.url)
  // Basic auth check
  const user = await validateJWT(request)
  if (!user) return new Response('Unauthorized', { status: 401 })

  if (url.pathname.startsWith('/copilot/chatgpt')) {
    return routeToOpenAI(request, user)
  }
  if (url.pathname.startsWith('/copilot/claude')) {
    return routeToClaude(request, user)
  }
  return new Response('Not found', { status: 404 })
}

That top-level split keeps logic simple and makes it easy to add per-route policy. For docs and visual runbooks you can keep the router and policies in a composable editor such as Compose.page.

5) Implementing rate limits and cost controls

At the edge you must prevent abusive bursts and accidental cost overruns. Implement these controls in this order:

• Per-user call limit — simple counter in KV with TTL.
• Token budget cap — track approximate tokens consumed per user and deny/soft-fallback when budget exceeded.
• Concurrent request limit — use Durable Objects or atomic counters to limit concurrency to upstream LLMs.
• Model fallback — when budget triggers, downgrade to a cheaper model or cached response.

Simple token-bucket using KV (conceptual): increment counter on request, set TTL to reset per minute/hour. If count exceeds threshold, block or return a 429 plus a suggested retry-after header. For broader cost strategies, align limits with platform-level guidance in cloud cost optimisation.

// Pseudocode for KV-based rate limiting
async function checkRateLimit(userId) {
  const key = `rl:${userId}`
  const v = await RATE_KV.get(key)
  const count = parseInt(v || '0')
  if (count > USER_LIMIT_PER_HOUR) return false
  await RATE_KV.put(key, String(count+1), { expirationTtl: 3600 })
  return true
}

6) Cost controls: token caps, fallbacks, and batching

Practical techniques to reduce spend:

• Cap max_tokens (or equivalent) on API calls and validate client-supplied overrides at the Worker.
• Use model-specific routing — route short queries to cheaper models and heavy summarization to Claude where it matters.
• Cache responses for idempotent prompts and common queries using KV. Cache hashes of prompt + config; this is similar to caching patterns in omnichannel transcription workflows where repeated lookups are common.
• Batch requests where possible (e.g., embed multiple short requests in a single call) to reduce per-request overhead.
• Enforce prompt length limits and pre-process or truncate long contexts on the Worker to avoid huge token bills.

Practical LLM call examples

Example: proxy a ChatGPT request while enforcing a 512-token cap.

async function routeToOpenAI(request, user) {
  if (!await checkRateLimit(user.id)) return new Response('Too many requests', { status: 429 })

  const body = await request.json()
  // enforce client cannot exceed token cap
  const maxTokens = Math.min(body.max_tokens || 512, 512)
  const payload = {
    model: body.model || 'gpt-4o-mini',
    messages: body.messages,
    max_tokens: maxTokens,
    temperature: body.temperature || 0.2
  }

  // optional cache lookup
  const key = `cache:openai:` + hash(JSON.stringify(payload))
  const cached = await RATE_KV.get(key)
  if (cached) return new Response(cached, { headers: { 'content-type': 'application/json' } })

  const resp = await fetch('https://api.openai.com/v1/chat/completions', {
    method: 'POST',
    headers: {
      'Authorization': `Bearer ${OPENAI_API_KEY}`,
      'Content-Type': 'application/json'
    },
    body: JSON.stringify(payload)
  })

  const text = await resp.text()
  // store small responses in KV
  await RATE_KV.put(key, text, { expirationTtl: 60*5 })
  return new Response(text, { headers: { 'content-type': 'application/json' } })
}

Do the same for Anthropic/Claude endpoints, using your bound secret. Adjust headers per provider. Consider governance and safety guidance from augmented oversight.

Observability and billing alarms

Detecting a runaway loop early saves money. Implement two observation layers:

1. Edge telemetry — log request rates, per-user token estimates, and responses. Use Cloudflare Logpush or custom webhooks to forward logs to your SIEM or a simple webhook that notifies Slack. Observability playbooks for microservices are helpful: Observability for Workflow Microservices.
2. Billing alerts — Push metrics to an aggregator (Cloudflare metrics or external) and create alerts when token consumption trends exceed a threshold.

Pro tip: emit a lightweight metric for every third-party LLM call (provider + model + estimated tokens) and run a nightly job to compute spend vs budget. If you hit 70% of a monthly budget, gracefully disable heavy features or automatically switch to cheaper models. See broader cost playbook tactics for automated degradation strategies.

Free-tier strategies (practical)

When you are prototyping or running small side projects, the goal is to keep everything inside free or low-cost tiers while validating product-market fit. Here are practical tactics that have worked for micro-app builders in 2026:

• Use Cloudflare's free Workers and Pages tier to host the micro-app frontend and edge proxy. It provides a generous free request quota for prototypes.
• Use provider trial credits — both OpenAI and Anthropic historically offer credits or free trials to new accounts. Use them to validate flows before adding sustained usage.
• Soft-rate limits for public builds — apply stricter caps for anonymous users, requiring authentication for heavier usage.
• Model mix: prefer cheaper, smaller models for most interactions; reserve expensive models for explicit premium actions.
• Cache aggressively: ephemeral caches in KV reduce calls for repetitive prompts (e.g., summarizing the same document multiple times).

Cost estimate formula (example):

• Monthly requests: R
• Average tokens per request: T
• Provider price per 1K tokens: P
• Estimated monthly cost = (R * T / 1000) * P

Compute this before adding features that multiply token usage (e.g., long RAG chains, heavy summarization, or streaming with high context windows).

Security best practices

• Never return provider error traces to the client — map to safe user-friendly errors instead.
• Use allowlists for outbound calls so the Worker only talks to known provider endpoints.
• Rotate API keys often and use short-lived tokens where the provider supports them.
• Sanitize prompt inputs to avoid prompt injection when you include client data or dynamic system prompts.

Advanced patterns and orchestration

Once the basics are in place, you can implement advanced copilot behaviors at the edge:

• Task-based routing: detect task intent (summarize vs. code) and route automatically to the best copilot.
• Chained copilots: use Claude to produce a cleaned summary and then call ChatGPT with that summary to extract structured action items.
• Streaming to clients: use streaming responses from the provider and pipe them through the Worker to the client with SSE or fetch streams for immediate UI feedback.
• RAG at the edge: perform embedding lookups (embedding provider calls) and do retrieval with a light-weight vector index. Cache embeddings in KV or R2 for cheaper repeated lookups; this pattern is common in transcription and localization flows (omnichannel transcription workflows).

Testing, local dev, and CI/CD

Test locally with Miniflare or wrangler dev. Create unit tests for the Worker logic — especially the rate limiter and auth verification — because you want reliability where billing is concerned.

• Use environment-specific secrets: point staging to provider sandbox or low-rate keys.
• Run synthetic load tests that simulate the worst-case token and request patterns.
• Automate deploys with GitHub Actions and use Cloudflare Routes for canary releases. For team docs and runbooks consider a visual editor like Compose.page.

Short case study: a micro-app that pairs Claude for summaries and ChatGPT for actions

Imagine a micro-app that helps a small team extract meeting notes and action items from transcripts. The pipeline:

1. Upload transcript (client uploads to R2 or sends to Worker).
2. Worker calls Claude for long-context summarization (strength: long-context handling and guardrails)
3. Worker calls ChatGPT to extract action items and code snippets for tasks, using the Claude summary as context.
4. Worker caches the Claude summary in KV for 24 hours and charges a protected endpoint when users request regeneration.

Outcomes: faster responses (edge routing), lower cost (Claude handles the long context more cheaply than many alternatives), and predictable billing because the Worker clips token sizes and caches summaries.

Future-proofing: trends to watch in 2026+

Expect three important shifts in 2026 that will affect how you build:

• Edge-hosted model runtimes: more CDNs will offer lightweight model hosting at the edge for small or quantized models — lowering latency and per-call costs for common tasks.
• Data marketplaces and provenance: Cloudflare's AI moves indicate growing integration between CDN-level data services and AI tooling — check policy and data provenance when you use third-party training data.
• Short-lived credentials: providers will continue to improve short-lived API keys and token exchange patterns to reduce key-exfiltration risk.

Focus principle: keep the heavy lifting behind the edge proxy. Enforce caps and cache aggressively at the edge — that single pattern prevents most surprises.

Actionable checklist (ready-to-run)

• Set up Cloudflare Worker + KV and bind secrets for OpenAI and Anthropic.
• Implement JWT validation in the Worker; deny if unauthorized.
• Add KV-based per-user rate limiter and a token-budget counter.
• Route tasks to the model best suited for them (summarize => Claude, code => ChatGPT).
• Cap max_tokens and implement model fallbacks and caching.
• Emit a metric for every LLM call (provider, model, tokens) and alarm at 70% of target spend.
• Test with Miniflare locally, then deploy behind Cloudflare Pages (if you have UI) or directly as an API route.

Final notes

In 2026 the intersection of edge computing and LLMs is moving fast. For micro-apps and side projects, the practical wins come from combining strict edge-side controls (auth, rate-limits, caching) with intelligent model routing (Claude vs ChatGPT) so you can optimize both quality and cost. The approach in this guide scales: start lean on free tiers, monitor usage closely, and then introduce stronger orchestration and canary rules when you need them.

Call to action: Try the template: deploy a Worker skeleton with routing, KV rate limiting, and a test-suite (link placeholder) — then iterate with a small dataset and provider trial credits. If you want a starter repo or a 30-minute walkthrough for your micro-app, sign up for the frees.cloud newsletter and reply with your use case — we’ll send the template and a cost-checklist tailored for your expected traffic.

Related Reading

• Field Playbook 2026: Running Micro‑Events with Edge Cloud — Kits, Connectivity & Conversions
• The Evolution of Cloud Cost Optimization in 2026: Intelligent Pricing and Consumption Models
• Advanced Strategy: Observability for Workflow Microservices — From Sequence Diagrams to Runtime Validation (2026 Playbook)
• Augmented Oversight: Collaborative Workflows for Supervised Systems at the Edge (2026 Playbook)
• Art Auctions for Bargain Hunters: How a Postcard-Sized Renaissance Drawing Reached $3.5M and What to Learn
• Leadership Moves: What Liberty’s New Retail MD Appointment Means for Luxury Accessory Buyers
• Heat and Hydration: How Hot‑Water Bottles Can Help (and Hurt) Your Skin After Treatments
• How Small Businesses Can Use Personal Budgeting Principles for Workforce Forecasting
• Use AI to Vet Local Pros: Combining Public Records, Reviews, and Automated Scoring