AI Architect Academy

The Cloudflare cert question, answered honestly

Cloudflare AI certification: there isn't one — here's the blueprint we teach instead

Short answer

Cloudflare has no official AI or Workers developer certification (confirmed May 2026 — its formal certs are security-focused: App Security, Network Security, Zero Trust). Treat any "Cloudflare AI cert" claim with suspicion.

Because the platform is still worth mastering, we teach it against CAPA — a clearly-labelled, synthesized Academy credential whose full blueprint is published on this page: 5 weighted domains, 30 task statements each anchored on a live Cloudflare docs page, a pass bar of 720/1000, and a mandatory practical capstone. It is never marketed as an industry exam.

Why there's no cert — and why the skills still matter

Cloudflare's certification catalogue covers its security products, not its developer platform. Meanwhile the AI surface — the Agents SDK on Durable Objects, AI Gateway, AI Search, Vectorize, Workers AI — has become one of the most practical places to run production agents at the edge. The skills are real and hireable; the vendor badge simply doesn't exist yet.

Our answer is to mirror the rigor of the two confirmed anchors we also teach — Anthropic's CCA-F and the AWS GenAI Developer – Professional, both verified against their official exam guides — and apply the same structure to the real Cloudflare AI surface. If Cloudflare ever ships a real AI cert, we re-map to it.

The CAPA blueprint

Format: 60 scored multiple-choice questions (1 correct of 4), scaled 100–1000, pass 720 — plus a mandatory practical capstone, graded pass/fail against the six-criterion rubric below. Every task statement was verified against a live developers.cloudflare.com page on 7 Jul 2026.

Honesty, regression-locked
CAPA's weights are synthesized, not confirmed — there is no official exam to confirm them against. That flag (weightsConfirmed: false), the "Academy (synthesized)" provider label, and this disclaimer are locked by automated tests in our codebase: they cannot silently flip without an official Cloudflare exam to point at.

Domains and weights

DomainWeightTask statementsWhy this weight
D1 · Agentic runtime on Cloudflare28%7The Agents SDK on Durable Objects is the platform's core differentiator — a stateful agent is a globally-addressable, single-threaded DO with embedded SQLite and hibernation. Mirrors the primacy CCA-F gives agent design (27%).
D2 · AI Gateway & model operations22%6Every production model call routes through AI Gateway for routing, caching, cost governance, guardrails, and observability. Model ops, not model choice, is where architects spend their effort.
D3 · Retrieval & data20%6Grounding an agent on your own corpus (AI Search, Vectorize, the R2/D1 data plane) is table-stakes for a useful agent.
D4 · Edge app & deployment architecture15%5Bindings, wrangler environments, async processing, routing — the delivery substrate; prerequisite platform knowledge rather than the AI-specific core.
D5 · Security, isolation & governance15%6Zero Trust access, egress control, secrets, least-privilege bindings, residency, audit. Mirrors the dedicated safety/governance domains on both anchor exams.

The 30 task statements

Each statement names one competency and links the live Cloudflare doc it was verified against. Statements marked cover churny/beta products (Agents SDK, Sandbox, AI Search) and are re-verified on a schedule.

D1 — Agentic runtime on Cloudflare (28%)

IDStatementDocs
D1.T1 †Design a stateful agent on the Agents SDK, selecting the agent class and Durable Object placement so each unique agent name is its own globally-addressable, single-threaded instance.Agents · Durable Objects
D1.T2 †Persist and broadcast durable agent state with setState(), backed by the instance's embedded SQLite storage, and reason about per-instance isolation across connected clients.Agent state
D1.T3 †Configure the agent's WebSocket transport and hibernation so connections stay open while the Durable Object sleeps and wakes on the next request at no idle cost.WebSockets
D1.T4 †Design the control-plane split for a Claude-managed agent — model reasoning on Anthropic, code execution in a per-session Cloudflare Sandbox bounded by an egress policy.Sandbox
D1.T5 †Choose an execution substrate for an agent workload — a lightweight Workers isolate versus a stronger-isolation Sandbox/Container instance for arbitrary or untrusted code.Sandbox · Containers
D1.T6 †Schedule agent-initiated background work with schedule()/scheduleEvery() one-time, delayed, or cron callbacks backed by the Durable Object alarm.Scheduling
D1.T7 †Coordinate a multi-agent system by routing work to sub-agents, each with its own isolated SQLite state, while the top-level parent owns the physical alarm slot.Sub-agents

D2 — AI Gateway & model operations (22%)

IDStatementDocs
D2.T1Route model traffic through AI Gateway with Dynamic Routing for A/B testing and automatic fallback to a backup model or provider on error or latency.Dynamic Routing · Fallbacks
D2.T2Enable AI Gateway response caching to serve repeat prompts without re-billing the upstream provider, and reason about when caching interferes with a retrieval pipeline.Caching
D2.T3Govern model cost with AI Gateway spend limits — cost-based budgets that either block with a 429 or fall back to a cheaper model when the budget window is exceeded.Spend limits
D2.T4Configure AI Gateway Guardrails to screen prompts and responses, choosing flag versus block mode and handling the blocked-request behavior in the calling application.Guardrails
D2.T5Secure gateway access with an authenticated gateway token (cf-aig-authorization) and decide between Unified Billing and Bring-Your-Own-Keys for provider credentials.Authentication · BYOK
D2.T6Use AI Gateway analytics and logs to observe per-model cost, tokens, latency, and errors, and feed the request/response logs into an evaluation workflow.Analytics · Logging

D3 — Retrieval & data (20%)

IDStatementDocs
D3.T1 †Stand up an AI Search pipeline over an R2 source — embeddings, indexing, hybrid vector+BM25 retrieval, and grounded answer generation — without managing the infrastructure.AI Search · Hybrid search
D3.T2Design a Vectorize index with metadata and namespaces, creating any metadata index before the first upsert so that later metadata filters actually cover the vectors.Vectorize · Metadata filtering
D3.T3Choose an embedding model and chunking strategy within its token limit — e.g. bge-base-en-v1.5 truncates at 512 tokens — so passages embed without silent truncation.bge-base-en-v1.5 · Chunking
D3.T4Model R2 as the object/source data plane and D1 as the relational data plane for a retrieval application, accessed as least-privilege Worker bindings.R2 · D1
D3.T5 †Improve retrieval quality with optional query rewriting and a reranking model that re-scores the top results by semantic relevance before answer generation.Query rewriting · Reranking
D3.T6 †Keep an index fresh with continuous sync/re-indexing as the source changes, and trigger re-indexing when content is published or updated.Syncing

D4 — Edge app & deployment architecture (15%)

IDStatementDocs
D4.T1Wire Worker bindings (R2, D1, KV, Vectorize, AI) as least-privilege capabilities rather than open network access when composing an edge AI application.Bindings
D4.T2Configure and deploy a Worker with wrangler, using named environments to separate local, staging, and production configuration and secrets.Wrangler · Environments
D4.T3Design asynchronous and scheduled processing with Queues (producer/consumer + dead-letter queue), Cron Triggers, and Workflows for durable multi-step jobs.Queues · Workflows
D4.T4Design a multi-tenant isolation pattern (per-tenant instances, namespaces, or bindings) and observe the running app with Workers Logs / Logpush.Workers Logs
D4.T5Map routes and custom domains to a Worker and reason about edge caching behavior for its responses.Custom domains · Cache

D5 — Security, isolation & governance (15%)

IDStatementDocs
D5.T1Put Cloudflare Zero Trust Access in front of an AI application so requests are verified by default rather than trusted by network position.Access policies
D5.T2Apply an egress policy to a sandbox or agent — restrict reachable domains and inject credentials at the boundary rather than exposing secrets to the workload.Sandbox
D5.T3Manage secrets with Workers secrets rather than plaintext vars, keeping the local .dev.vars boundary separate from deployed secrets.Secrets
D5.T4Enforce least-privilege tool and binding design so an agent acts on data through scoped bindings instead of broad, open capabilities.Bindings
D5.T5Meet data residency requirements by pinning D1 and Durable Object storage to a jurisdiction (e.g. eu) and applying the Data Localization Suite.D1 location · Data Localization
D5.T6Govern the platform with audit logging and Guardrail policy — observing model traffic and content moderation decisions across the agent estate.Guardrails · Logs

The capstone rubric

The written questions check knowledge; the capstone checks you can ship. It is graded pass/fail against six gates — every one must pass:

  • 1 · Working agentic runtime. A stateful agent deployed on your own Cloudflare account, persisting state to embedded SQLite (Agents SDK + Durable Objects). Evidences D1.
  • 2 · Gateway-mediated model ops with cost controls. All model traffic through AI Gateway with a cost-modeled fallback and observable per-turn cost. Evidences D2.
  • 3 · Grounded retrieval over your own corpus. Answers come from your data via AI Search or Vectorize, not parametric memory alone. Evidences D3.
  • 4 · Production deployment with bindings and async processing. Deployed with wrangler, least-privilege bindings, at least one async/scheduled path. Evidences D4.
  • 5 · Security and isolation posture. Workers secrets, scoped bindings, bounded egress for the agent/sandbox. Evidences D5.
  • 6 · Operational readiness. An eval suite proving outcomes across runs, a one-page threat model, and a spend/budget guard. Evidences D2 + D5.

Frequently asked

Is there an official Cloudflare AI certification?

No. As of 2026, Cloudflare's formal certifications are security-focused (App Security, Network Security, Zero Trust). There is no AI or Workers developer certification. Any site claiming otherwise is selling something.

Is CAPA recognized by employers?

CAPA is an Academy credential, not an industry exam, and we say so on the credential itself. Its value is the published blueprint and the mandatory capstone: a deployed, evaluated agent on your own Cloudflare account is portfolio evidence an interviewer can inspect — which is what hiring for these roles actually screens on.

What happens if Cloudflare ships a real AI cert?

We re-map the track to it. That commitment is written into our planning docs, and the blueprint's honesty flags (synthesized weights, Academy provider label) are locked by automated tests so they cannot quietly drift into implying official status.

How were the 30 task statements built?

Top-down from the real Cloudflare AI surface — the Agents SDK, AI Gateway, AI Search, Vectorize, Workers, and Zero Trust docs — then each statement was verified against a live developers.cloudflare.com page, including an adversarial review pass that tried to refute each one against current docs. Statements on beta products are flagged and re-verified on a schedule.

Sources & provenance
  • Cloudflare — developers.cloudflare.com product documentation (Agents, Durable Objects, Sandbox, AI Gateway, AI Search, Vectorize, Workers, Zero Trust); every task statement above links its anchor page. Verified 7 Jul 2026.
  • Cloudflare — certification catalogue (security-focused; no official AI/Workers developer cert as of 2026).
  • Anthropic CCA-F and AWS AIP-C01 official exam guides — the confirmed anchors whose structure CAPA mirrors.

CAPA is a synthesized Academy credential. Its weights are internal design decisions, not vendor-confirmed facts, and are labelled as such everywhere they appear. Corrections: hello@aiarch.dev.

Learn the platform, ship the capstone.

Track E of the Academy teaches every domain above against live Cloudflare docs, and the capstone leaves you with a deployed, evaluated agent — the artifact interviews actually screen on.

Free sample — no signup · every claim cited · cancel anytime