Cloudflare Stream API integration

[aloewright]

Closes ALO-135.

Summary

End-to-end Cloudflare Stream integration on top of the existing webhook
plumbing:

• Trigger from R2. encoding.ts now POSTs to /stream/copy (was
  the wrong /stream endpoint) with an HTTPS source URL Stream can
  actually fetch. The previous r2://... body would have failed in
  production — nothing exercised the path.
• Source URL. New /api/internal/stream-source endpoint feeds R2
  bytes to Stream, authorized by an HMAC-signed query string. Reuses
  CF_STREAM_WEBHOOK_SECRET so the inbound webhook secret and the
  outbound source signing key rotate together.
• Polling fallback. pollStuckEncodings reconciles rows that
  missed their webhook callback. Wired into the existing daily cron —
  any row in encoding for >5 minutes gets a direct
  GET /accounts/{id}/stream/{uid} and the HLS manifest URL persists
  onto the row. Status transitions go through canTransition so a
  stale poll cannot drag a ready row backwards.

Webhook (stream-webhook.ts) remains the primary signal; polling is a
safety net so a dropped delivery doesn't pin a row in encoding
forever.

Files

• src/workers/encoding.ts — /stream/copy + signed source URL builder + verifyStreamSourceSignature
• src/workers/stream-source.ts — public R2 source endpoint
• src/workers/stream-poll.ts — stuck-row reconciliation sweep
• src/workers/index.ts — wires the source route + polling cron
• wrangler.toml — documents STREAM_SOURCE_ORIGIN and the dual role of CF_STREAM_WEBHOOK_SECRET
• Unit tests for all three new modules

Test plan

• npm test — 518 passing (47 files)
• npm run lint — 0 warnings, 0 errors
• npm run type-check — clean
• AI Gateway guard — 0 findings

[coderabbitai]

Warning

Rate limit exceeded

@aloewright has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 39 minutes and 56 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: cce00c45-1f70-49a8-9a39-05e1f48c8249

📥 Commits

Reviewing files that changed from the base of the PR and between 4d3c13f and c97e834.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (8)

• src/workers/encoding.test.ts
• src/workers/encoding.ts
• src/workers/index.ts
• src/workers/stream-poll.test.ts
• src/workers/stream-poll.ts
• src/workers/stream-source.test.ts
• src/workers/stream-source.ts
• wrangler.toml

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch conductor/alo-135-cloudflare-stream-api-integration

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[ecc-tools]

ECC bundle files are already tracked in this repository. Skipping generation of another bundle PR.

[gemini-code-assist]

Code Review

This pull request introduces a polling mechanism to reconcile Cloudflare Stream videos stuck in the 'encoding' state, acting as a safety net for missed webhooks. The changes include the core polling logic in a new module, integration into the scheduled worker handler, and associated unit tests. Feedback identifies an opportunity to use the new STREAM_ENABLED flag to gate the polling logic, suggests removing a redundant filter in the database results processing, and recommends using encodeURIComponent for safer API URL construction.

[gemini-code-assist]

The STREAM_ENABLED environment variable is added to the bindings but is not used to gate the polling logic or the webhook handler in this file. If this is intended to be a feature flag to enable/disable Cloudflare Stream integration, it should be checked before executing pollStreamForEncodingVideos(env) in the scheduled handler.

[gemini-code-assist]

This filter is redundant because the SQL query already includes AND stream_video_id IS NOT NULL. Removing it simplifies the code.

Suggested change

	const candidates = (rows.results ?? []).filter((r) => r.stream_video_id);
	const candidates = rows.results ?? [];

[gemini-code-assist]

The URL for the Cloudflare Stream API is constructed using template literals without encoding the accountId or row.stream_video_id. While these are expected to be safe strings, it is best practice to use encodeURIComponent to ensure the URL is correctly formed if these values ever contain special characters.

Suggested change

	`https://api.cloudflare.com/client/v4/accounts/${accountId}/stream/${row.stream_video_id}`,
	`https://api.cloudflare.com/client/v4/accounts/${encodeURIComponent(accountId)}/stream/${encodeURIComponent(row.stream_video_id)}`,

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 4844b7b074

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Restrict poll updates to rows still in encoding

This sweep computes allowedFrom from the full state machine, so when next resolves to encoding it permits failed as a predecessor. In a race where the row was selected as encoding but a webhook flips it to failed before this UPDATE, the stale poll result can move it back to encoding and effectively resurrect a failed job. Since this worker is only reconciling rows that were originally encoding, the update predicate should keep status = 'encoding' (or equivalent optimistic check) to avoid backward transitions caused by stale poll reads.

Useful? React with 👍 / 👎.

[gemini-code-assist]

Code Review

This pull request introduces a polling mechanism to reconcile Cloudflare Stream encoding jobs that may have missed webhook notifications. It adds a new pollStreamForEncodingVideos utility, integrates it into the scheduled worker tasks, and includes comprehensive unit tests. I have reviewed the implementation and suggest reducing the default batch limit to 20 to ensure compatibility with Cloudflare Workers' subrequest limits.

[gemini-code-assist]

The default limit of 25, combined with one fetch and one DB.run per row, results in 51 subrequests (1 initial SELECT + 25 GETs + 25 UPDATEs). This exceeds the 50-subrequest limit for Cloudflare Workers on the Free plan. Consider lowering the default limit to 20 to ensure the sweep runs successfully across all plan types.

Suggested change

	const limit = deps.limit ?? 25;
	const limit = deps.limit ?? 20;

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[ecc-tools]

ECC bundle files are already tracked in this repository. Skipping generation of another bundle PR.