# Example Wrangler config for the gated Claude BFF Worker. name = "claude-bff-example" main = "worker.ts" compatibility_date = "2026-06-01" # Public, non-secret configuration: [vars] # --- StoreKit entitlement gate (active when both are set) --- # Comma-separated bundle IDs your app(s) ship under. ALLOWED_BUNDLE_IDS = "com.example.app" # Optional: restrict to specific product IDs. Empty = accept any product. ALLOWED_PRODUCT_IDS = "" # Hex SHA-256 of the DER-encoded "Apple Root CA - G3" certificate. # Obtain and verify from https://www.apple.com/certificateauthority/ APPLE_ROOT_CA_SHA256 = "PUT_THE_PINNED_FINGERPRINT_HERE" # --- App Attest authenticity gate (active when both are set) --- # Leave blank to run StoreKit only. Set both to require a genuine app instance. APP_ATTEST_TEAM_ID = "" APP_ATTEST_BUNDLE_ID = "" # The "Apple App Attestation Root CA" certificate (PEM or base64 DER). The # attestation chain omits its root, so the verifier needs the certificate # itself. Obtain and verify from https://www.apple.com/certificateauthority/ APP_ATTEST_ROOT_CA = "" # --- Spend controls (each optional; set to bound what entitled callers spend) --- # Comma-separated allowlist of model IDs the proxy will forward. ALLOWED_MODELS = "claude-opus-4-8" # Upper bound on max_tokens per request. MAX_TOKENS_LIMIT = "4096" # Tokens each caller may request per UTC day (max_tokens, debited upfront). DAILY_TOKEN_BUDGET = "200000" # --- Proxy configuration --- # Opt in to each upstream path the app may reach. Default is the Messages API. ALLOWED_UPSTREAM_PATHS = "/v1/messages" # Anthropic API version header. ANTHROPIC_VERSION = "2023-06-01" # --- Durable Object bindings --- # One TokenBudget instance per caller identity. [[durable_objects.bindings]] name = "TOKEN_BUDGET" class_name = "TokenBudget" # One AttestKey instance per App Attest keyId (public key + counter). [[durable_objects.bindings]] name = "ATTEST_KEYS" class_name = "AttestKey" # One AttestChallenge instance per issued registration challenge. [[durable_objects.bindings]] name = "ATTEST_CHALLENGES" class_name = "AttestChallenge" # One RevocationRecord instance per originalTransactionId. [[durable_objects.bindings]] name = "REVOCATIONS" class_name = "RevocationRecord" [[migrations]] tag = "v1" new_sqlite_classes = ["TokenBudget", "AttestKey", "AttestChallenge", "RevocationRecord"] # Secret, never commit this; set it out of band: # wrangler secret put ANTHROPIC_API_KEY