The Skeptic Agent Was Right About Bedrock
In April I ran a multi-agent FedRAMP investigation on Cloudflare Workers primitives. One agent flagged an unresolved question about AWS Bedrock GovCloud authorization. Checking it changed the conclusion — and matters if you are planning a Workers AI remediation project.
- AGORA investigation AGI_efe6233b92854a49ab57 ran April 16, 2026. The Skeptic agent flagged AWS Bedrock GovCloud authorization as an unresolved question at 0.65 confidence.
- A same-day FedRAMP marketplace lookup confirmed Bedrock is authorized at Moderate (AWS US East/West) and High (AWS GovCloud) impact levels.
- The finding changed Workers AI from the hardest FedRAMP remediation of the three Cloudflare primitives to the simplest — one environment variable and an SSP update.
- Anthropic shipped ANTHROPIC_BEDROCK_SERVICE_TIER in Claude Code approximately ten days after the investigation ran.
- The research infrastructure behind this runs on a $250/month Anthropic plan, self-hosted servers, and local AI models. The thinking is mine. The system makes it faster.
The Skeptic Agent Was Right About Bedrock
If you are a federal IT contractor who has been told that Cloudflare Workers AI requires architectural elimination to achieve FedRAMP compliance, you may be planning a project that you do not need. The remediation is likely one environment variable and an SSP update. That is the finding. The rest of this post is how I got there.
April 16, I ran an AGORA investigation with a narrow seed: do Cloudflare Workers’ three stateful primitives have FedRAMP-authorized equivalents on AWS GovCloud? Durable Objects, Workers KV, Workers AI. Binary answers. The investigation ran five agents in parallel.
The Generator worked through each primitive and produced verdicts. Durable Objects: no authorized single-primitive equivalent, refactor required. Workers KV: DynamoDB Global Tables, conditional on a usage audit. Workers AI: architectural elimination via SageMaker origin-routing, highest business impact of the three.
The Skeptic read it and had one objection. The Generator had called Workers AI the hardest fix without checking whether AWS Bedrock was authorized in GovCloud. If it was, SageMaker origin-routing was not the answer. An API endpoint substitution was. The Skeptic assigned 0.65 confidence to that alternative and logged it as Open Question 4: unresolved, blocking, requires primary source lookup before the Workers AI verdict can stand.
The Consolidator scored the investigation 72/100 and flagged the Workers AI row as conditional on a question nobody had answered.
What the FedRAMP marketplace said
I checked it the same day. April 16.
Two packages, both with Bedrock in scope:
| Package | Impact Level | Bedrock in scope? |
|---|---|---|
| AWS US East/West (AGENCYAMAZONEW) | Moderate | Yes |
| AWS GovCloud (F1603047866) | High | Yes |
Bedrock appears under “Other Services” in both. Not a standalone FedRAMP entry, confirmed within the AWS package boundary, but confirmed. I registered the finding in the ADAM manifest as fp-rep-20260416-bedrock-fedramp that afternoon.
The Workers AI remediation path changed. Architectural elimination via SageMaker is a significant project. If your inference SLA tolerates 400ms latency, the Formalist’s threshold from the original investigation, the real remediation is one environment variable and an SSP update. Workers AI went from the most complex fix to the simplest.
The corrected matrix:
| Primitive | Remediation path |
|---|---|
| Durable Objects | Refactor to ECS Fargate + DynamoDB conditional writes |
| Workers KV | SSP revision if usage audit confirms DynamoDB equivalence |
| Workers AI | API endpoint substitution + SSP update |
Ten days later
Late April, Claude Code shipped ANTHROPIC_BEDROCK_SERVICE_TIER. Set it to default, flex, or priority and Claude Code sends the selection as the X-Amzn-Bedrock-Service-Tier header, routing inference through Bedrock at the corresponding cost and latency profile.
Anthropic’s roadmap was not influenced by an investigation running on my servers. What happened is that a structured adversarial research process, running on publicly available data, independently identified the same gap and reached the same strategic conclusion about ten days before the product shipped.
The timestamps are in the ADAM manifest. The canon output is in the shared-library git history, commit 5164481, April 26. The investigation workspace is at /opt/agora/workspace/AGI_efe6233b92854a49ab57/ with the full agent outputs.
Why the Skeptic matters
The five agents in an AGORA investigation do not collaborate. They do not see each other’s reasoning in real time. Each one runs independently against the same seed and responds to prior round outputs — a structure that prevents groupthink by design. There is no internet access, no live search, no external data feed. The system is bounded by the models’ training knowledge and what I have built into the shared-library corpus. That constraint is intentional. A controlled input environment means findings are attributable to the analytical structure, not to whatever a search engine surfaced that morning.
The Generator is optimized to produce the strongest analysis it can from what it has. It missed Bedrock because SageMaker is the well-known GovCloud inference option and Bedrock is newer. That is a reasonable miss for a single analyst working from model knowledge alone.
The Skeptic’s job is to audit what the Generator optimized away. It does not know the answer to Open Question 4. It knows the Generator did not check. That gap gets logged as a blocker, not a footnote, which is what forced the primary source lookup.
Federal compliance work with confident wrong answers shows up in SSPs and capability statements evaluated by contracting officers. A high-confidence incorrect verdict about Workers AI remediation complexity shapes a proposal response and then costs months when the engagement starts. The Skeptic exists to catch it before it leaves the research system.
Two things still open
DISA IL4 Provisional Authorization for Bedrock in the DoD context has not been verified from primary source. The IL4 PA scope descriptor is not publicly available at granular service level and requires either a DISA contact or an agency contracting channel to confirm. The civilian FedRAMP finding does not automatically extend to IL4.
The Durable Objects refactor path also has an unresolved question about ElastiCache authorization status in GovCloud for the single-shard configuration. That one matters if you are actually building the refactor, not just planning it.
What this system actually is
I run a self-hosted research and development infrastructure on a $250/month Anthropic plan. The AGORA engine runs multiple professional research personas — each one a distinct role with a defined analytical mandate, routed to different underlying models based on the task. High-reasoning work goes to Claude. Constrained efficiency tasks like document processing, code review, and data normalization run on local models that do not have open internet access or open file system access. The boundaries are architectural, not just instructional.
None of the strategic reasoning, system design, or analytical frameworks are delegated. The system makes my thinking faster and surfaces gaps I might miss in a single pass. The thinking is mine.
The investigation that produced this finding cost under two dollars in API spend. The adversarial structure is what matters, not the compute. You can replicate the infrastructure. The accumulated research context, the cross-system architecture, and the methodology behind it are a different problem.
I am building a signal collection layer that will watch AI infrastructure ASNs for pre-announcement capacity deployment patterns. BGP routing signals preceded the GPT-4o launch by 14 hours in the RIPE RIS data, Claude 3.5 Sonnet by 11. Whether that holds as a consistent pattern is what I am trying to answer next.
If you are working through a FedRAMP compliance question on Cloudflare infrastructure and want the full investigation output, reach out.
Adam Bishop is the founder of XOps360 LLC, a Service-Disabled Veteran-Owned Small Business providing federal IT, Section 508 accessibility compliance, and digital modernization services. ORCID: 0009-0000-4569-3726.