Vibe Coding Consultant
← Back to Blog
AI Development12 min readJanuary 30, 2025

Cloudflare's AI Development Strategies: Lessons from Open-Sourced Prompts

Cloudflare recently open-sourced their OAuth provider development process, revealing their transparent approach to AI-assisted coding. Let's analyze their prompt strategies and extract actionable insights for systematic, production-ready development.

🎯 What Makes This Special?

Cloudflare took the unprecedented step of making their AI development process completely transparent. Their commit messages reveal the actual prompts they used with Claude, showing us exactly how a major tech company approaches AI-assisted development.

Key insight: This isn't just about prompt engineering—it's about systematic, iterative development that produces production-ready code through strategic AI collaboration.

The Cloudflare Development Flow: A Deep Analysis

Let's examine their actual commit messages to understand their development strategy:

📝 Cloudflare's Actual Commit Messages

"Have Claude write an OAuth provider implementation."

Initial broad directive

"Add storage schema by Claude."

Specific component focus

"Asked Claude to convert to WebCrypto."

Technology migration

"Ask Claude to hash the auth code and client secret as well."

Security enhancement

"Ask Claude to add doc comments."

Documentation improvement

"Ask Claude not to store clients_list and instead use KV's list()."

Performance optimization

"Ask Claude to eliminate the user_grants lists, too."

Data structure cleanup

"Asked Claude to convert the OAuthHelpers into a class."

Code organization

"Ask Claude to implement pagination for list interfaces."

Feature enhancement

"Ask Claude to allow the access token lookup and grant lookup to run in parallel."

Performance optimization

"Ask Claude to fix its bugs."

Quality assurance

Key Strategies Revealed

1. Iterative, Single-Focus Development

Cloudflare's approach is remarkably systematic. Each commit focuses on one specific improvement, creating a clear development trajectory:

🔄 The Iterative Pattern

  1. 1. Initial Implementation: "Have Claude write an OAuth provider implementation"
  2. 2. Foundation Building: "Add storage schema by Claude"
  3. 3. Security Hardening: "Ask Claude to hash the auth code and client secret"
  4. 4. Technology Migration: "Asked Claude to convert to WebCrypto"
  5. 5. Performance Optimization: "Ask Claude not to store clients_list"
  6. 6. Code Organization: "Asked Claude to convert the OAuthHelpers into a class"
  7. 7. Feature Enhancement: "Ask Claude to implement pagination"
  8. 8. Advanced Optimization: "Ask Claude to allow parallel processing"
  9. 9. Quality Assurance: "Ask Claude to fix its bugs"

2. Specific, Actionable Prompts

Notice how their prompts are incredibly specific and actionable. They don't say "make it better" or "optimize the code." Instead, they give precise instructions:

❌ Vague Prompts (Avoid These)

  • • "Make the code better"
  • • "Optimize performance"
  • • "Add security"
  • • "Improve the structure"
  • • "Fix bugs"

✅ Specific Prompts (Cloudflare's Style)

  • • "Convert to WebCrypto"
  • • "Hash the auth code and client secret"
  • • "Use KV's list() instead of storing clients_list"
  • • "Convert OAuthHelpers into a class"
  • • "Allow access token lookup and grant lookup to run in parallel"

3. Progressive Complexity Building

Cloudflare's development flow shows a clear progression from basic functionality to advanced optimization:

📈 Development Progression

1
Foundation:Basic OAuth implementation
2
Security:Hashing, WebCrypto migration
3
Performance:KV optimization, parallel processing
4
Organization:Class structure, documentation
5
Features:Pagination, advanced functionality
6
Quality:Bug fixes, final polish

The Cloudflare Prompt Engineering Framework

1. The "Ask Claude to [Specific Action]" Pattern

Cloudflare consistently uses the pattern "Ask Claude to [specific action]" which creates clear, actionable directives. This pattern has several advantages:

  • Clear ownership: Claude is explicitly tasked with the action
  • Specific scope: The action is well-defined and measurable
  • Atomic changes: Each prompt addresses one specific improvement
  • Trackable progress: Easy to see what was accomplished in each step

2. Technology-Specific Instructions

Notice how they specify exact technologies and approaches:

🔧 Technology-Specific Examples

  • "convert to WebCrypto" - Specific crypto library
  • "use KV's list()" - Specific Cloudflare API method
  • "convert into a class" - Specific code structure
  • "implement pagination" - Specific feature pattern

3. Performance-First Thinking

Cloudflare's prompts reveal a strong focus on performance optimization:

⚡ Performance Optimization Prompts

  • Data Structure Optimization: "Ask Claude not to store clients_list"
  • Parallel Processing: "Ask Claude to allow access token lookup and grant lookup to run in parallel"
  • API Efficiency: "Ask Claude to use KV's list() instead of storing clients_list"
  • Memory Management: "Ask Claude to eliminate the user_grants lists"

Actionable Strategies You Can Use

1. The Single-Focus Development Cycle

Adopt Cloudflare's approach of one improvement per AI interaction:

🔄 Your Development Cycle

  1. 1. Start with basic functionality
    • • "Implement basic [feature] with [specific requirements]"
  2. 2. Add security layer
    • • "Add [specific security measure] to [specific component]"
  3. 3. Optimize performance
    • • "Optimize [specific operation] by [specific method]"
  4. 4. Improve organization
    • • "Refactor [specific code] into [specific structure]"
  5. 5. Add advanced features
    • • "Implement [specific feature] with [specific requirements]"
  6. 6. Final quality pass
    • • "Review and fix any issues in [specific area]"

2. The Specific Action Prompt Template

Use Cloudflare's proven prompt structure:

📝 Cloudflare-Style Prompt Template

Ask Claude to [SPECIFIC_ACTION] [SPECIFIC_TARGET] [SPECIFIC_METHOD/CONTEXT]

Examples:
- "Ask Claude to convert the authentication module to use JWT tokens with 24-hour expiration"
- "Ask Claude to optimize the database queries by adding indexes on user_id and created_at columns"
- "Ask Claude to refactor the API handlers into a class-based structure with proper error handling"
- "Ask Claude to implement rate limiting for the login endpoint with 5 attempts per hour per IP"
- "Ask Claude to add comprehensive error logging to all database operations"

3. Progressive Complexity Strategy

Follow Cloudflare's approach of building complexity gradually:

🏗️ Foundation Phase

  • • Basic functionality
  • • Core data structures
  • • Essential features
  • • Basic error handling

🔒 Security Phase

  • • Authentication/authorization
  • • Input validation
  • • Data encryption
  • • Security headers

⚡ Performance Phase

  • • Database optimization
  • • Caching strategies
  • • Parallel processing
  • • Memory management

🎯 Polish Phase

  • • Code organization
  • • Documentation
  • • Advanced features
  • • Quality assurance

Advanced Insights from Cloudflare's Approach

1. The "Fix Its Bugs" Philosophy

One of the most interesting commits is "Ask Claude to fix its bugs." This reveals an important principle: AI-generated code isn't perfect, and you need to explicitly ask for quality improvements.

🐛 Quality Assurance Strategy

Don't assume AI-generated code is production-ready. Always include quality assurance prompts:

  • • "Ask Claude to review the code for potential bugs"
  • • "Ask Claude to add comprehensive error handling"
  • • "Ask Claude to optimize for edge cases"
  • • "Ask Claude to add input validation"
  • • "Ask Claude to review security vulnerabilities"

2. Parallel Processing Mindset

Cloudflare's prompt "Ask Claude to allow the access token lookup and grant lookup to run in parallel" shows they think about performance from the start. This is a key insight for production systems.

⚡ Performance-First Prompts

  • • "Ask Claude to implement parallel processing for [specific operations]"
  • • "Ask Claude to optimize database queries with proper indexing"
  • • "Ask Claude to implement caching for [specific data]"
  • • "Ask Claude to use async/await for all I/O operations"
  • • "Ask Claude to implement connection pooling for database access"

3. Technology Migration Strategy

The prompt "Asked Claude to convert to WebCrypto" shows how they handle technology migrations systematically. This is crucial for maintaining security and performance standards.

🔄 Migration Strategy

  1. Identify outdated technology: "Review current implementation for outdated libraries"
  2. Choose modern alternative: "Convert to [modern technology] for better security/performance"
  3. Implement systematically: "Ask Claude to convert [specific component] to [new technology]"
  4. Test thoroughly: "Ask Claude to add tests for the migrated functionality"
  5. Document changes: "Ask Claude to update documentation for the new implementation"

Implementing Cloudflare's Strategies

Your 30-Day Cloudflare Method Challenge

Ready to adopt Cloudflare's approach? Here's a practical implementation plan:

📅 Week 1: Foundation

  • Day 1-2: Implement basic functionality with specific prompts
  • Day 3-4: Add security layer with technology-specific instructions
  • Day 5-7: Optimize performance with parallel processing prompts

📅 Week 2: Organization

  • Day 8-10: Refactor code into proper class structures
  • Day 11-12: Add comprehensive documentation
  • Day 13-14: Implement advanced features with pagination

📅 Week 3-4: Quality & Polish

  • Day 15-17: Bug fixes and quality assurance
  • Day 18-21: Performance optimization and monitoring
  • Day 22-28: Final polish and production readiness

Key Takeaways

🎯 What Cloudflare Does Right

  • • Single-focus, iterative development
  • • Specific, actionable prompts
  • • Progressive complexity building
  • • Performance-first thinking
  • • Technology-specific instructions
  • • Explicit quality assurance
  • • Transparent development process

🚀 What You Should Adopt

  • • "Ask Claude to [specific action]" pattern
  • • One improvement per AI interaction
  • • Technology-specific migration prompts
  • • Parallel processing optimization
  • • Systematic quality assurance
  • • Progressive feature building
  • • Performance-first development

Conclusion

Cloudflare's open-sourced development process reveals a sophisticated approach to AI-assisted coding. Their systematic, iterative method produces production-ready code through strategic prompt engineering and progressive complexity building.

The key insight is that effective AI development isn't about writing perfect prompts—it's about creating a systematic workflow that builds quality incrementally. Each prompt has a specific purpose, each commit represents a measurable improvement, and the entire process is transparent and trackable.

By adopting Cloudflare's strategies—single-focus development, specific actionable prompts, and progressive complexity building—you can transform your AI-assisted development workflow into a systematic, production-ready process that consistently delivers high-quality results.

📝 Source Attribution

This analysis is based on Cloudflare's open-sourced commit history for their OAuth provider implementation.

Original source:Cloudflare Workers OAuth Provider - Commit History

This post analyzes the actual prompts and development strategies used by Cloudflare's engineering team, providing actionable insights for systematic AI-assisted development.