Show HN: OpenWorkers – Self-hosted Cloudflare workers in Rust

Original Article ↗ Hacker News Discussion ↗

Feature Set & Compatibility

  • Implements a custom Rust + rusty_v8 runtime aiming for Cloudflare Workers API compatibility (fetch handler, Request/Response, KV-like, S3/R2-like storage, Postgres DB bindings).
  • Not yet implemented: Durable Objects, WebSockets, HTMLRewriter, cache API. Execution recording/replay for debugging is a near-term priority.
  • Supports WASM via V8 and multiple runtimes (including a Deno-based one), but WASM/Deno support is currently rough and not first-class.
  • Provides a full stack (runtime, dashboard, API, scheduler, logs, self-hosted bindings), versus Cloudflare’s open-source workerd which is “runtime only”.
  • Managed SaaS exists, but self-hosting is a primary target; k8s manifests, GitHub auto-deploy, wrangler-like CLI and config are on the roadmap.

Security & Sandboxing

  • Uses V8 isolates with CPU (default 100ms, configurable) and memory limits (128MB) for resource isolation. Workers share a process, similar to Cloudflare’s model.
  • Author explicitly de-scoped “untrusted code / secure multi-tenancy” after criticism; current positioning is “sandboxed, resource-limited execution for your own code”.
  • Multiple comments stress that robust multi-tenant isolation is extremely hard and requires ongoing security investment, formal processes, and very fast V8 patching.
  • Cloudflare’s own security model is cited as a gold standard (frequent V8 updates, additional sandboxing layers, runtime heuristics to isolate risky workloads).
  • Some see this as acceptable for trusted/self-hosted use, but not for running arbitrary third-party code; others highlight growing need to sandbox LLM-generated code anyway.

Self‑Hosting, Cost, and “Edge”

  • Many participants like the project as a vendor lock-in escape hatch and a way to get “Workers-style DX” on their own infra or cheap VPS.
  • Long subthread debates cloud vs self-hosting economics: claims range from modest savings to several‑x cheaper at scale; others note staff and operational costs can erase gains for small teams.
  • NAT pricing in major clouds is heavily criticized; some argue NAT is “effectively free” at small scale, others reply that at provider scale it’s a non-trivial, managed service.
  • Several argue that true “edge computing” requires global PoPs and smart routing, which self-hosted OpenWorkers cannot provide; others say most apps are fine with 1–10 locations and mainly want the programming model, not worldwide latency minimization.

Developer Experience & Use Cases

  • Some find Cloudflare’s DX less appealing than “plain Node in Docker”; others value the FaaS/event-driven abstraction and minimal boilerplate.
  • OpenWorkers is seen as particularly attractive for:
    • Compliance/data residency constraints.
    • AI agent workloads that exceed Cloudflare’s execution limits.
    • Internal tools where isolation is mostly about containing bugs and resource usage.
  • Future execution recording + replay (including AI-assisted debugging) is viewed as a compelling differentiator if implemented correctly (capturing side effects before they occur).