CDN as a capability surface.
Five built-in vendor connectors, each with a typed binding shape, dedicated signed-URL builder, fail-closed binding validation, and canonical realized-provider-identity stamping. Eight-method canonical surface — validate / capabilities / plan / apply / invalidate / health / drift / describe — plus MaterializeAssetUrlAsync. No vendor SDK leaks past the connector boundary.
Real implementations. No stubs.
DirectLocal
Single-origin local baseline. Useful for development, on-prem, or projects without a CDN. Same canonical surface — your code does not branch on vendor.
CloudFront
AWS. RSA canned-policy signed URLs. Path / Prefix purge through the CloudFront API. Real key-pair-based signature; never a synthetic header.
Cloudflare
HMAC-SHA256 signed URLs. Path / Prefix / Tag-surrogate-key purge. Surrogate keys mean operators can purge by content category, not just by URL.
Azure Front Door
SAS-style HMAC signed URLs with se / sv / sig parameters. Path / Prefix purge. First-class residency awareness for compliance scenarios.
Fastly
Token-protected HMAC signed URLs. Path / Tag-surrogate-key purge. Service-version-incrementing apply — Vadyl bumps the active version, not the underlying config.
Adapter abstraction
Each vendor connector exposes I<Vendor>ApiAdapter for unit-test injection. The vendor SDK lives only inside the connector body — no SDK references leak to other layers.
Runtime origins
CDN behavior can target load-balanced Runtime Fabric endpoints. Distribution chooses the edge route; Runtime Fabric remains the authority for scale, health, drain, and service endpoints.
The same surface every UCSA connector implements.
Asset URLs through the canonical surface. Vendor-neutral.
Your handler asks for a signed URL for an entity-attached asset. Vadyl routes through the project's distribution binding, picks the right vendor, applies time-bounded signing, returns the URL. Same call across CloudFront, Cloudflare, Front Door, Fastly. No vendor switch in your code.
CDN edge in front. Runtime Fabric behind it.
Distribution can route selected paths to project runtime origins: public API ingress, webhook handlers, edge-adjacent handlers, or realtime gateways. The distribution binding owns cache behavior and edge routing. Runtime Fabric owns the load-balanced service, health, drain, autoscale, and endpoint identity. No split authority.
Real, not stubs
RSA · HMAC · SAS, per vendor
Cloudflare, Fastly
Azure Front Door
CDN without vendor lock-in.
Pick CloudFront for AWS workloads. Cloudflare for global purge. Front Door for residency. Fastly for surrogate-key purges. Switch by changing a binding.