Vadyl
Platform

Distribution & CDN

CloudFront, Cloudflare, Azure Front Door, Fastly. Real signed URLs, real purge, real drift detection — one canonical contract.

Vadyl's distribution plane wraps CDN providers behind one eight-method canonical surface — validate binding, compute effective capabilities, plan realization, apply, invalidate, report health, detect drift, describe resource. Five vendor connectors ship out-of-the-box; custom CDN providers can be authored as capability-surface implementations.

Built-in providers

  • DirectLocal — single-origin baseline for development.
  • AWS CloudFront — RSA canned-policy signed URLs; path / prefix purge.
  • Cloudflare — HMAC-SHA256 signed URLs; path / prefix / tag (surrogate-key) purge.
  • Azure Front Door — SAS-style HMAC signed URLs; path / prefix purge; first-class residency.
  • Fastly — token-protected HMAC signed URLs; path / tag purge; service-version-incrementing apply.

Bind a CDN

bindings: {
  cdn: {
    type:       "cloudfront",
    distributionId: process.env.CF_DIST_ID,
    keyPairId:  process.env.CF_KEY_PAIR_ID,
    privateKey: secret.ref("CF_PRIVATE_KEY"),
    defaultCacheBehavior: { ttl: "1h" },
  },
},

Materialize a signed asset URL

const url = await ctx.distribution.signedAssetUrl({
  path:      "/uploads/user-123/avatar.png",
  expiresIn: "15m",
});
// → https://d12345.cloudfront.net/uploads/user-123/avatar.png?Expires=...&Signature=...&Key-Pair-Id=...

Each connector ships a real signed-URL builder against the provider's actual signing protocol — never a placeholder. Tested against real CDN endpoints in the connector test suite.

Purge

// Path purge
await ctx.distribution.invalidate({ paths: ["/uploads/user-123/*"] });

// Tag-based (Cloudflare, Fastly)
await ctx.distribution.invalidate({ tags: ["product:abc-123"] });

Runtime origins

Distribution can also front dynamic runtime surfaces: API ingress, webhook handlers, edge-adjacent handlers, or realtime gateways. The CDN behavior points at a canonical runtime origin resolved from Runtime Fabric. Distribution owns edge routing and cache behavior; Runtime Fabric owns the load-balanced service, autoscale, health, drain, and endpoint identity.

Capability matrix

Effective capabilities are computed per binding. Cloudflare and Fastly support tag-based purge; CloudFront and Azure don't. Application code that requests tag purge against a provider that can't do it fails closed at compile time, not at runtime.

Drift detection

Vadyl periodically queries the live CDN configuration and compares it to the canonical realization. Drift (operator changed something out-of-band) produces a typed diagnostic in the dashboard with a reconciliation action.

Health probes

ReportHealthAsync queries the provider's status endpoints and surfaces availability and recent error rates. Health feeds into the deployment ramp gates — a CDN with degraded health pauses dependent rollouts.

Switch providers

Move from CloudFront to Cloudflare: change the binding and let Vadyl's realization compiler reconcile. Existing signed URLs survive their TTL; new URLs sign with the new provider's protocol. Zero application code changes.

Previous
Observability
Next
Analytics fabric