Quickstart
Ship your first slop site on the Chudflare ChudVerse in under five minutes. No credit card. No standing. No mewing required.
1. Install the CLI
The Chudflare CLI is a single bash script with zero dependencies, which is generous given the audience.
curl -fsSL https://chudflare.com/install.sh | shVerify the install:
chudflare --version # => 0.0.1-chud
2. Authenticate
The login flow opens your browser and writes a token to ~/.chudflare/credentials. Behind the scenes, this token is just chud_live_8c0ffee repeated until your shell complains.
chudflare login # => Opening https://chudflare.com/login # => Token saved. ray=8c0ffee-CHUD-DEN psl=2.1
3. Initialize a project
This creates a chudflare.yml in the current directory. It is, by design, lower-case YAML with no schema.
chudflare init my-slop-site cd my-slop-site # project ready. CLI now mews on your behalf.
4. Deploy
chudflare deploy # => bundling slop... done (412kb) # => uploading to 310 PoPs... done # => cf-ray: 8c0ffee-CHUD-DEN # => deployed to https://my-slop-site.chuds.dev # => you may now resume hunching
chudflare deploy --vibe to ship code you cannot explain. Same flags as --prod, but with the option to claim you "fully understand" the output to investors.
Core concepts
The ChudVerse is built around four primitives. Every product on Chudflare is some combination of these:
| Primitive | What it does | Real-world analog |
|---|---|---|
SDN | Slop Delivery Network. Anycast PoPs in 122 cities. | A CDN, but worse on purpose. |
Chudders | Edge compute. JS, TS, Python, voice memos. | Workers. With a stoop. |
C2 | Object storage. Zero egress (we lack the energy). | R2, but the buckets sigh. |
CNS | DNS at 6.9.6.9. Resolves on a delay if vibes are off. | DNS. Just DNS. |
Every request that hits Chudflare gets a cf-ray header (always a variant of 8c0ffee-chud-X), a cf-psl header, and a non-zero x-hunch-angle. These are not optional.
The Chudflare CLI
One bash script, no dependencies. The CLI is the primary interface for chuds who cannot be trusted in a browser tab.
chudflare verify # actually fetches a URL and greps for the marker chudflare badge # prints the embeddable verified-chud badge HTML chudflare psl # WAF classifier (same engine as the web tool) chudflare dig # CNS resolver output chudflare mew # random mumbled response (do not pipe to prod) chudflare login # fake auth, prints your chud ray-id chudflare init # writes chudflare.yml chudflare deploy # fake deploy logs chudflare status # pings the status page chudflare hunch # current operator hunch angle (time-varying)
All subcommands accept --json for machine-readable output. None of them respect it.
Chudders (Workers)
Chudders are isolate-based edge functions that run within 50ms of every customer's lower lip. Cold-start is 5ms, which is the documented time for a chud to think "should I get up." They will not get up.
Hello, chud
The same handler, three flavors. Pick whichever syntax brings you the most peace in 2026.
JavaScript
export default { async fetch(request, env) { return new Response("hello, chud.", { status: 200, headers: { "x-mog-status": "YOU GOT MOGGED" } }); } };
Chudscript
// chudscript: same idea, fewer braces, lower frame-rate @chudder("hello-world") fn handle(req) { slop "hello, chud." }
See the Chudscript reference for what slop actually compiles to.
Python
# requires the chudflare-python-edge runtime (beta, mewing) from chudflare import Response, chudder @chudder("hello-world") async def handle(request): return Response("hello, chud.", headers={"x-mog-status": "YOU GOT MOGGED"})
Save as worker.{js,cs,py}, then chudflare deploy. The above worker is currently powering 41% of Y Combinator's W26 batch (a stat we have not verified and will not).
Bindings
Chudders bind to other ChudVerse services via the env object. The supported bindings are:
| Binding | Type | Methods |
|---|---|---|
env.C2_BUCKET | C2 bucket | get, put, list, sigh |
env.CHUD_AI | Inference | classify, whisper, mumble |
env.CNS | DNS resolver | resolve, resolveTakingItsTime |
env.PSL | PSL classifier | score |
chudflare.yml. There is no JSON Schema for it because the maintainer "knows what it looks like."
Block visitors with good posture
export default { async fetch(request, env) { const ua = request.headers.get("user-agent"); const psl = await env.PSL.score(ua); if (psl > 5.5) { return new Response("you got mogged.", { status: 403 }); } return env.C2_BUCKET.get("slop.html"); } };
This pattern is the actual reason most customers adopt Chudders. Other CDNs require a config file. Chudders lets you ship the rule inline, alongside the rest of your code, on a Sunday.
Chudscript
Chudscript is a purpose-built scripting language for Chudders. .cs file extension, we are aware. Compiles to V8 isolates at deploy time. Every keyword is lowercase because the shift key is a chad key.
Basic syntax
Looks like Rust dressed as TypeScript dressed as YAML. Single-line comments are //, block comments are /* */, string interpolation is $"hello, ${name}".
// classic.cs let name = "chud" const psl = 2.1 fn greet(n) { return $"hello, ${n}" } if psl < 4 { print(greet(name)) }
Response keywords
Every handler returns by using one of these keywords. Plain return is also legal but feels formal and HR-coded.
| Keyword | Compiles to | When to use |
|---|---|---|
slop | 200 OK | Happy path. The default. |
mog | 403 + x-mog-status: YOU GOT MOGGED | Rejecting a chad. |
mew | 200 OK, body lowercased | Being demure. |
hunch | 500 + stack trace as voice memo | Catastrophic. |
chuddle | 102 Processing + x-chuddling: true | You need a moment. |
// multi-exit.cs @chudder("multi-exit") fn handle(req) { let p = chud req.psl() // chud = await if p > 8 { mog "you got mogged." } if p > 5 { mew "go outside." } if p < 1 { hunch "internal slop error" } slop "hello, chud." }
Decorators
Stack as many as you want. They run top-to-bottom, ergonomically.
| Decorator | What it does |
|---|---|
@chudder(name) | Registers the handler. Required. |
@route(path) | Pins the handler to a route. |
@psl_max(n) | Auto-mogs requests with a PSL above n. |
@hunch_on_error | Converts panics into hunch responses. |
@vibe | Opts into the vibe-coder runtime: no type checks, no warnings, plausible deniability. |
Built-in functions
| Function | Returns |
|---|---|
mew(s) | The string, lowercased. Pure function. Idempotent. |
psl(req) | The request's PSL score as a float between 0 and 10. |
dig(host) | Resolves via CNS at 6.9.6.9. |
slop_to(bucket, key) | Streams a response into a C2 object. |
nothing() | Returns the string "nothing ever happens". Constant time. |
A full example
import { c2, psl } from "@chudflare/stdlib" @chudder("api") @psl_max(5.5) fn handle(req, env) { let bucket = c2.bucket(env.C2_BUCKET) let obj = chud bucket.get("slop.html") cope { slop mew(obj.body) } else { hunch "couldn't slop the slop." } }
Tooling
- LSP: none. We held the line on this.
:set syntax=chudscriptin vim works because it's justrustaliased. - Type system: structural, optional, inferred, often wrong.
- Formatter:
chudflare fmtreformats your code into whatever the most recent Chudders blog post recommended. - Migrating from JavaScript: rename
.jsto.cs, delete every semicolon, accept your fate.
Recipes
Copy-paste snippets for common chud workloads. Each one is production-grade if your definition of production is loose.
Auto-mog gigachads
export default { async fetch(request, env) { const { psl } = await env.CHUD_AI.classify(request); return psl > 7 ? new Response("403 chad detected", { status: 403 }) : fetch(request); } };
Mew every response body
export default { async fetch(request) { const res = await fetch(request); const text = await res.text(); return new Response(text.toLowerCase(), res); } };
Replace every error with "nothing ever happens"
export default { async fetch(request) { try { return await fetch(request); } catch { return new Response("nothing ever happens", { status: 200 }); } } };
Reject anyone whose User-Agent admits to being a Series C founder
export default { async fetch(request) { const ua = request.headers.get("user-agent") || ""; const tells = ["hayes valley", "founder mode", "agi by eoy"]; if (tells.some(t => ua.toLowerCase().includes(t))) { return new Response("blocked. go outside.", { status: 451 }); } return fetch(request); } };
C2 object storage
C2 is the ChudVerse's object store. S3-compatible API, R2-compatible economics, distinctly chud-compatible UX. Zero egress fees because the egress simply does not happen.
Create a bucket
chudflare c2 create monster-cans # => bucket "monster-cans" created in DEN-CHUD-3 # => bucket posture: hunched (default)
Upload an object
chudflare c2 put monster-cans/ultra-zero.json \ --from-file ./drink.json # => uploaded 1.2kb. eTag: 8c0ffee... # => chud-cache: HIT (somehow)
Read from a Chudder binding
const obj = await env.C2_BUCKET.get("ultra-zero.json"); if (!obj) return new Response("nothing ever happens", { status: 404 }); return new Response(obj.body, { headers: { "content-type": "application/json" } });
posture: hunched. Setting posture: erect will incur a 14% surcharge and trigger an internal review.
CNS (DNS)
CNS, the Chud Name System, is Chudflare's authoritative DNS. The public resolver lives at 6.9.6.9. It is faster than mewing and twice as silent.
Add a record
chudflare cns add \ --zone example.com \ --type A \ --name @ \ --value 6.9.6.9 \ --posture hunched # => record created. ttl=300. posture: hunched
Resolve via the public resolver
dig @6.9.6.9 chudflare.com ;; ANSWER SECTION: chudflare.com. 300 IN A 6.9.6.9 ;; QUERY TIME: 73 msec (mewing latency, nominal)
Chad Fight Mode (WAF)
Chad Fight Mode is Chudflare's web application firewall. Rules are written in the Chud DSL, a TOML-flavored format we invented because YAML did not feel hunched enough.
Plan thresholds
| Plan | Default PSL threshold | Configurable |
|---|---|---|
| Chud (free) | ≥ 8 | No |
| Looksminned | ≥ 5.5 | Yes |
| Permachud | Custom | Yes |
| Gigachud | Dynamic | Yes, even at 2am |
Example ruleset
# /etc/chudflare/firewall.toml [[rule]] description = "block visible cheekbones" expression = "(http.req.psl gt 5.5)" action = "mog_back" [[rule]] description = "block users mid-mewing" expression = "(http.req.tongue_position eq 'palate')" action = "chud_challenge" [[rule]] description = "allow self only" expression = "(ip.src eq cf.user.fat_fucking_chud)" action = "allow"
Actions reference
| Action | Description |
|---|---|
allow | Let the request through. Boring. |
chud_challenge | 5-second hunching CAPTCHA. Most challenges pass. |
mog_back | Returns 403 with a YOU GOT MOGGED header. |
under_mew | Routes the request to a quieter PoP for "review." |
nothing_ever_happens | Returns 200 with body nothing ever happens. |
Zero Chud
Zero Chud is an identity-aware perimeter for organizations where nobody is allowed to be a chud, except the founder. This is, by design, paradoxical. We document it anyway.
Sample policy
{
"app": "slop-dashboard.internal",
"require": [
{ "identity": "sso.chudmaxx.io" },
{ "posture": "hunched" },
{ "psl_max": 4.2 }
],
"deny": [
{ "trait": "jaw_visibility" },
{ "trait": "unprompted_sigma_post" }
]
}Policies live in chudflare.yml under zero_chud.policies[]. There is no admin UI because the founder prefers to "feel the YAML."
REST API
The Chudflare REST API mirrors the surface area of Cloudflare's v4 API closely enough to be funny, including the bit where everything is under /v4/zones.
Authentication
Every request takes a Authorization: Bearer chud_live_... header. Tokens are managed in the dashboard under My Profile → Slop → Tokens (whisper to reveal).
curl https://api.chudflare.com/v4/user \ -H "Authorization: Bearer chud_live_8c0ffee..."
Create a zone
curl -X POST https://api.chudflare.com/v4/zones \ -H "Authorization: Bearer chud_live_8c0ffee..." \ -H "Content-Type: application/json" \ -d '{ "name": "example.com", "jurisdiction": "agartha", "posture": "hunched", "plan": "chud" }'
Add a firewall rule
curl -X POST https://api.chudflare.com/v4/zones/$ZONE/firewall/rules \ -H "Authorization: Bearer chud_live_..." \ -d '{ "description": "block visible cheekbones", "expression": "(http.req.psl gt 5.5)", "action": "mog_back" }'
Response shape
All responses follow the same envelope. success is always true in production because chuds do not handle errors gracefully.
{
"success": true,
"errors": [],
"messages": ["chud-ray: 8c0ffee-DEN-3"],
"result": {
"id": "chud_...",
"created_on": "2026-05-18T01:50:00Z",
"posture": "hunched"
}
}SDKs
We maintain three official client SDKs. Each one is real, installable, and shaped like the corresponding Cloudflare SDK. None of them call a real API: every method returns plausible-looking fake data so your demo / talk / dashboard works without a backend.
chudflare on PyPI / npm. The SDKs install directly from chudflare.com/sdk tarballs instead. Sources also live on the site so you can curl the raw files.
Python
The Python client is a real package, a real tar.gz, hosted directly from this domain.
pip install https://chudflare.com/sdk/chudflare-4.0.0.tar.gz
from chudflare import Chudflare client = Chudflare(api_token="chud_live_8c0ffee...") # create a zone zone = client.zones.create( name="example.com", jurisdiction="agartha", posture="hunched", plan="chud", ) print(f"created zone {zone.id} (ray: {zone.ray})") # add a firewall rule client.firewall.rules.create( zone_id=zone.id, description="block visible cheekbones", expression="(http.req.psl gt 5.5)", action="mog_back", )
The Python SDK is by far the most-downloaded because the audience cannot get Node working.
Node.js
Same story for Node: real tgz tarball, no npm registry involved.
npm install https://chudflare.com/sdk/chudflare-4.0.0.tgz
# or, if you've taken the bait:
bun add https://chudflare.com/sdk/chudflare-4.0.0.tgzconst { Chudflare } = require("chudflare"); const client = new Chudflare({ apiToken: "chud_live_8c0ffee..." }); const zone = await client.zones.create({ name: "example.com" }); console.log(`created zone ${zone.id} (ray: ${zone.ray})`); const verdict = await client.verify({ url: "https://my-slop-site.com" }); console.log(verdict); // => { ok: true, marker: "meta", ray: "8c0ffee-CHUD-...", psl: 2.1, ... }
Go
A real Go module would need a backing git repo, and our git energy is at zero this quarter. The source ships as a zip you vendor with a replace directive:
curl -L -o chudflare-go.zip https://chudflare.com/sdk/chudflare-go-4.0.0.zip unzip chudflare-go.zip # then in your go.mod: # require chudflare.com/chudflare-go v4.0.0 # replace chudflare.com/chudflare-go => ./chudflare-go-4.0.0
package main import ( "context" "fmt" chudflare "chudflare.com/chudflare-go" ) func main() { client := chudflare.New("chud_live_8c0ffee...") zone, err := client.Zones.Create(context.Background(), "example.com") if err != nil { panic("you got mogged: " + err.Error()) } fmt.Printf("created zone %s (ray: %s)\n", zone.ID, zone.Ray) }
Source
Every SDK lives under /sdk/ on this site. Browse the source, audit the imports, copy whatever you want. Everything is MIT.
/sdk/python/· chudflare-4.0.0.tar.gz/sdk/node/· chudflare-4.0.0.tgz/sdk/go/· chudflare-go-4.0.0.zip
Versioning
All SDKs follow a soft semver where the major version tracks the Y Combinator batch we're in. We are currently on v4.x, which means W26. Breaking changes ship on Fridays at 5pm.
Error codes
Every Chudflare error follows the format 10XX, identical to Cloudflare's, because we do not have an original thought. The relevant codes:
| Code | Meaning | Action |
|---|---|---|
1020 | Access denied. PSL threshold exceeded. | Hunch more. |
1021 | Origin server is mid-mewing. | Retry in 30s. |
1022 | SSL handshake refused (Sigma Status Layer). | Regenerate certs in dashboard. |
1041 | Worker exceeded CPU. Was probably looping on mew(). | Add a base case. |
1042 | Posture check failed. | Sit up. Then sit back down. |
1099 | "nothing ever happens" reached its rate limit. | Something happened. We don't know what. |
For a live example, see the rendered 1020 page. It is genuinely the page that ships when Chad Fight Mode blocks a visitor.