Skip to content

Changelog

New updates and improvements at Cloudflare.

All products
hero image
  1. Access now correctly preserves URL fragment characters (/, ?, =, &, ;) when redirecting users back to an application after login. Previously, these characters were encoded with encodeURIComponent, which mangled fragment-based routes used by single-page applications (SPAs).

    For example, an SPA URL like https://app.example.com/#/dashboard?tab=settings&view=advanced would previously redirect to a broken URL after login. This is now handled correctly.

    If your SPA users were experiencing broken navigation after authenticating through Access, this fix resolves the issue without any configuration changes.

  1. Access for Infrastructure now supports independent multi-factor authentication (MFA) for SSH connections using YubiKey PIV keys. This adds a hardware-backed second factor to SSH access, ensuring that a compromised device session alone is not sufficient to reach your servers.

    With per-application and per-policy configuration, you can enforce PIV key authentication for sensitive usernames (for example, root) while applying different requirements for other usernames. You can also set an MFA session duration to control how often users must re-authenticate.

    Enrollment

    Users enroll their YubiKey PIV key through the App Launcher. For enrollment instructions and SSH client setup, refer to Enroll a PIV key for infrastructure apps.

    Configuration

    For setup instructions, refer to Enforce MFA for infrastructure applications.

  1. Not all AI traffic is the same. Now, all customers — including those on the Free plan — can manage AI crawlers based on what they actually do on your site. Cloudflare groups AI traffic into three behaviors you can control independently: Search, Agent, and Training. This lets you keep the automated traffic that sends readers and revenue back to you, while blocking the traffic that only takes from your content.

    Each behavior maps to a real use case. Search covers crawlers that index your content so they can answer questions about it later, where you should expect referral traffic or other equitable compensation in return. Agent covers automated activity acting in real time on a person's behalf, such as chat fetch bots and browser-use agents. Training covers crawlers that take your content to train or fine-tune a model. For each preset you can choose to block on all pages, block only on pages that display ads, or choose not to block.

    The Configure AI bot traffic policies screen, where Search, Agent, and Training can each be set to allow, block, or block only on pages with ads

    Starting September 15, 2026, new domains onboarding to Cloudflare receive updated defaults: Bots classified as Training or as Agent are blocked on pages that display ads, while Search remains allowed. On that date, multi-purpose crawlers that combine Search and Training will be affected by the new defaults to block Training. All customers can opt out of the new defaults at any time before September 15.

  1. With Content Independence Day 2026, Enterprise Bot Management customers get two new tools that make bot traffic far easier to see and reason about: BotBase, a searchable directory of every bot Cloudflare tracks, and Attribution Business Insights, a dashboard that shows how much value each crawler sends back to your business.

    BotBase is Cloudflare's directory of all known bots and agents, available directly in the dashboard. It shows how Cloudflare classifies each bot by behavior — Search, Agent, Training, and other categories such as Transact, Data Collection, SEO, and Ads Verification — so you can understand why a given crawler is visiting you. You can search and filter the full catalogue, filter your own traffic down to a single bot to investigate its activity on your zone, and copy any bot's detection ID to target it precisely in Security rules. Every tracked bot in BotBase is also published in Cloudflare Radar's bots and agents directory.

    Attribution Business Insights is built for content owners and business decision-makers who want to know which bots help or harm their business, without reading rule syntax. The dashboard reports crawl-to-referral ratios both site-wide and per bot operator — comparing how often a company crawls your content against how many visitors it actually refers back — over the last 24 hours, 7 days, or 30 days. Each operator is labeled with Cloudflare's updated classification and an action status of Allowed, Blocked, or Partially blocked, giving stakeholders a shared, at-a-glance view of the AI traffic reaching your site.

    The Attribution Business Insights dashboard, showing bot traffic, content page requests, crawl-to-referral ratio, and a per-operator bot activity table
  1. Containers now support Google Artifact Registry images. After you configure credentials, you can use a fully qualified Google Artifact Registry image reference in your Wrangler configuration instead of first pushing the image to Cloudflare Registry.

    Provide the service account email with --gar-email and pipe the service account JSON key through stdin:

    Terminal window
    cat <PATH_TO_KEY> | npx wrangler containers registries configure <REGION>-docker.pkg.dev --gar-email=<SERVICE_ACCOUNT_EMAIL> --secret-name=<SECRET_NAME>
    JSONC
    {
    "$schema": "./node_modules/wrangler/config-schema.json",
    "containers": [
    {
    "image": "<REGION>-docker.pkg.dev/<PROJECT_ID>/<REPOSITORY>/<IMAGE>:<TAG>"
    }
    ]
    }

    Only *-docker.pkg.dev hosts are supported. To configure credentials, refer to Use private Google Artifact Registry images.

    For more information, refer to Image management.

  1. We have greatly improved the throughput of the Vectorize write-ahead log (WAL). As a result, we have significantly reduced the end-to-end latency for a vector change to become queryable: median latency has dropped from 2 minutes to under 30 seconds, and p99 latency from 5 minutes to under 2 minutes.

    Vectorize p99 WAL batch end-to-end latency improved

    This means inserts, upserts, and deletes are reflected in query results faster, improving the freshness of semantic search, recommendation, and retrieval-augmented generation (RAG) workloads. You do not need to change your code or configuration to benefit from this improvement.

    For more information, refer to the Vectorize documentation.

  1. This release adds targeted coverage for a path traversal flaw in Fortinet FortiSandbox (CVE-2026-39813) and transitions the Anomaly:Header:User-Agent - Fake Bing or MSN Bot rule action from Block to Disabled.

    Key Findings

    • CVE-2026-39813: A path traversal vulnerability in Fortinet FortiSandbox allows remote, unauthenticated attackers to read arbitrary files from the underlying filesystem due to insufficient validation of user-supplied input paths.
    RulesetRule IDLegacy Rule IDDescriptionPrevious ActionNew ActionComments
    Cloudflare Managed Ruleset N/AFortinet FortiSandbox - Path Traversal - CVE:CVE-2026-39813LogBlock

    This is a new detection.

    Cloudflare Managed Ruleset N/AAnomaly:Header:User-Agent - Fake Bing or MSN BotEnabledDisabled

    We are changing the action for this rule from BLOCK to Disabled

  1. Announcement DateRelease DateRelease BehaviorLegacy Rule IDRule IDDescriptionComments
  1. You can now assign granular, resource-scoped roles for Cloudflare Gateway firewall policies and Zero Trust lists. Administrators can delegate access to specific policy types or list management without granting account-wide or product-wide control.

    What is new

    When you add a member or create a permission policy, the following resource-scoped roles are now available:

    RoleDescription
    Zero Trust Gateway Firewall Policies AdminCan view and edit all Gateway firewall policies, including DNS, HTTP, and Network policies.
    Zero Trust Gateway DNS Policies AdminCan view and edit Gateway DNS policies.
    Zero Trust Gateway HTTP Policies AdminCan view and edit Gateway HTTP policies.
    Zero Trust Gateway Network Policies AdminCan view and edit Gateway Network policies.
    Zero Trust Gateway Egress Policies AdminCan view and edit Gateway Egress policies.
    Zero Trust Gateway Resolver Policies AdminCan view and edit Gateway Resolver policies.
    Zero Trust Gateway Policies AdminCan view and edit all Gateway policies.
    Zero Trust Gateway Policies ReadCan view all Gateway policies.
    Zero Trust Gateway Read OnlyCan view all Gateway resources.
    Zero Trust DNS Locations AdminCan view and edit DNS locations.
    Zero Trust Proxy Endpoints AdminCan view and edit Gateway Proxy Endpoints.
    Zero Trust Account Lists AdminCan view and edit all Gateway and Access lists.
    Zero Trust Account Lists ReadCan view all Gateway and Access lists.

    These roles allow you to:

    • Grant a network engineer write access to Network policies only, without exposing DNS or HTTP policy configuration.
    • Allow a security analyst to view all Gateway policies in read-only mode for auditing purposes.
    • Delegate list management to a team that maintains block and allow lists without giving them access to policy configuration.

    You can also now assign Resource-scoped roles. These roles are complementary to existing account-level roles, and allow you to grant access to a specific resource, like an individual Gateway policy or Cloudflare One list. Existing account-level roles continue to work. A member with the Cloudflare Gateway or Cloudflare Zero Trust role retains full access to all Gateway resources. This ensures backward compatibility for existing automation and API tokens.

    Get started

  1. Cloudflare Logpush now supports firewall events as an account-scoped dataset. Configure a single Logpush job at the account level to receive firewall events for every zone in the account, instead of creating and maintaining a separate job per zone.

    The dataset includes a new ZoneName field so you can identify which zone each event came from when consuming logs in your downstream pipeline.

    What's available

    • A new account-scoped firewall_events dataset, configurable via the Logpush API or the Cloudflare dashboard.
    • The same fields and filter expressions supported by the existing zone-scoped firewall events dataset, plus the new ZoneName field.
    • Support for all existing Logpush destinations.
  1. You can now monitor how much memory your Workers and Durable Objects consume across invocations with the new Memory Usage chart in the Workers Metrics tab, broken down by P50, P90, P99, and P999 percentiles.

    Memory usage chart showing P50, P90, P99, and P999 percentiles with deployment markers

    Memory usage measures the V8 isolate memory at the time of each invocation, subject to the 128 MB per-isolate limit — a single isolate can handle many concurrent requests and shares memory across them.

    Use the Memory Usage chart to:

    • Track memory trends — Spot gradual increases that may indicate a memory leak before they cause Exceeded Memory errors.
    • Correlate with deployments — Deployment markers on the chart help you identify whether a new version introduced a memory regression.
    • Right-size your Worker — Understand your baseline memory footprint and how much headroom you have before hitting the 128 MB limit.

    For Durable Objects, memory usage reflects the in-memory state an object holds (class properties, caches, active WebSocket connections), which persists across invocations until the object is hibernated or evicted. This state is not preserved across eviction, hibernation, or a crash, so persist anything important to storage.

    To view memory usage, open the Metrics tab for your Worker or Durable Object namespace. For Durable Objects, you can filter by DO ID or name to drill down into memory usage for a specific object. You can also query memory usage programmatically via the GraphQL Analytics API using the workersInvocationsAdaptive dataset — the quantiles.memoryUsageBytesP50 through quantiles.memoryUsageBytesP999 fields return percentile values in bytes.

    For local memory debugging, you can also profile memory with DevTools to take heap snapshots and identify specific objects causing high memory usage.

  1. A new GA release for the Windows Cloudflare One Client is now available on the stable releases downloads page.

    This release introduces multiple features from our previous beta release into stable release, including:

    • The client now applies DNS search suffixes configured in your device profile / network policy. Administrators can push a list of DNS search domains that the client appends to single-label queries, alongside any system-configured suffixes. See DNS search suffixes for details.
    • Added mandatory authentication. When enabled via MDM, the Cloudflare One Client blocks all Internet traffic from the moment the machine boots until the user authenticates, closing the visibility gap on newly deployed devices and during re-authentication. See the announcement blog and documentation for details.
    • Upgraded security of device registration to be hardware-backed. Registration tokens can now be generated in the TPM (with TPM 2.0+) whenever it is available to provide stronger protection against device impersonation. See Hardware-backed registration for details.
    • Added a local-file signal source for Emergency Disconnect. In addition to the existing HTTPS polling mechanism, administrators can now configure WARP to monitor for a file on disk; the presence of the file triggers an emergency disconnect even if both Cloudflare and your own infrastructure are unreachable. Either signal being asserted triggers disconnect; both must be cleared for normal operation to resume.
    • Added new warp-cli debug commands for interactive connection diagnosis. See Extra debug logging for details.
    • The local DNS proxy now supports DNSSEC passthrough. DNSSEC-signed responses are forwarded to the application intact (including DO/AD bits and RRSIG records), so applications that validate DNSSEC locally — including resolvers and the dig/drill tooling — work correctly through the client.
    • Added a new MDM format for organization-wide settings, including a cleaner way to configure the compliance environment (e.g. FedRAMP). The previous per-configuration approach still works, but the new format is now recommended. See the updated Cloudflare One MDM documentation for details.
    • Added support for dashboard-managed client version deployments. Administrators can now upgrade or downgrade the client version on enrolled devices directly from the Zero Trust dashboard. See Client version assignments for details.

    Additional Changes and improvements

    • Starting with 2026.6.822.0, the client unifies all API requests under the api.devices.cloudflare.com SNI, where previously both zero-trust-client.cloudflareclient.com and notifications.cloudflareclient.com were used. Review Cloudflare One Client with firewall to ensure systems that rely on SNI inspection do not block the API traffic. The behavior of previous client versions is unaffected.
    • Client Certificate device-posture checks now support template variables (e.g. ${serial_number}, ${device_uuid}) in the Subject Alternative Name field. Previously only the Common Name field accepted variables, which broke posture rules that pinned identity to a SAN entry.
    • Improved accessibility by using high contrast colors and more defined color boundaries when high contrast is enabled in Windows Accessibility settings.
    • Path MTU Discovery (PMTUD) is now enabled by default.
    • The UseWebView2 registry value (HKLM\SOFTWARE\Cloudflare\CloudflareWARP\UseWebView2 = y) is once again honored by the new GUI for authentication, so administrators who prefer the embedded WebView2 browser for sign-in can opt back in. This setting was effectively ignored in the previous release; the default browser was always used. This key is now also honored for re-authentications.
    • Fixed a crash in the authentication browser when navigating to a site that prompts for browser permissions (microphone, camera, notifications, etc.). The same fix had previously landed for the captive-portal browser; this extends it to the auth browser.
    • Fixed an issue in proxy mode where hostnames containing underscores (e.g. ai_app.com) were rejected, breaking apps that depend on such hostnames (notably ChatGPT sandbox apps). The local proxy now accepts underscore-containing hostnames in CONNECT requests.
    • Fixed an issue where DNS queries would fail after the connection was idle, requiring users to retry.
    • Fixed a high CPU issue when the device wakes from sleep.
    • Users can now register with team names in any case format without errors.
    • New UI fixes
      • Fixed an issue where users with invalid MDM configurations were returned to the onboarding screen after successful authentication.
      • Added a re-auth button and banner to the home screen so users don't miss it when their session expires.
      • Added clear error messaging when the Cloudflare certificate needs to be installed.
      • Brought back support for pausing the tunnel when connected to user-specified Wi-Fi networks for consumer users.
      • New client UI now surfaces Split tunnel configuration and Local Domain Fallback configuration.
      • Added ability to configure proxy mode for consumer users.
      • Added back the option to quit for consumer users.

    Known issues

    • An error indicating that Microsoft Edge can't read and write to its data directory may be displayed during captive portal login; this error is benign and can be dismissed.
    • In rare cases, a registration may hang at "Checking your organization configuration" due to IPC errors. A system reboot should resolve the error, allowing registration to proceed.
    • Windows ARM may prompt the user to close running applications while trying to install this version. Simply click "Ok" with the default highlighted option.
  1. A new GA release for the macOS Cloudflare One Client is now available on the stable releases downloads page.

    This release introduces multiple features from our previous beta release into stable release, including:

    • The client now applies DNS search suffixes configured in your device profile / network policy. Administrators can push a list of DNS search domains that the client appends to single-label queries, alongside any system-configured suffixes. See DNS search suffixes for details.
    • Upgraded security of device registration to be hardware-backed. Registration tokens can now be generated in the Secure Enclave whenever available to provide stronger protection against device impersonation. See Hardware-backed registration for details.
    • Added a local-file signal source for Emergency Disconnect. In addition to the existing HTTPS polling mechanism, administrators can now configure WARP to monitor for a file on disk; the presence of the file triggers an emergency disconnect even if both Cloudflare and your own infrastructure are unreachable. Either signal being asserted triggers disconnect; both must be cleared for normal operation to resume.
    • Added new warp-cli debug commands for interactive connection diagnosis. See Extra debug logging for details.
    • The local DNS proxy now supports DNSSEC passthrough. DNSSEC-signed responses are forwarded to the application intact (including DO/AD bits and RRSIG records), so applications that validate DNSSEC locally — including resolvers and the dig/drill tooling — work correctly through the client.
    • Added a new MDM format for organization-wide settings, including a cleaner way to configure the compliance environment (e.g. FedRAMP). The previous per-configuration approach still works, but the new format is now recommended. See the updated Cloudflare One MDM documentation for details.
    • Added support for dashboard-managed client version deployments. Administrators can now upgrade or downgrade the client version on enrolled devices directly from the Zero Trust dashboard. See Client version assignments for details.

    Additional Changes and improvements

    • Starting with 2026.6.822.0, the client unifies all API requests under the api.devices.cloudflare.com SNI, where previously both zero-trust-client.cloudflareclient.com and notifications.cloudflareclient.com were used. Review Cloudflare One Client with firewall to ensure systems that rely on SNI inspection do not block the API traffic. The behavior of previous client versions is unaffected.
    • Client Certificate device-posture checks now support template variables (e.g. ${serial_number}, ${device_uuid}) in the Subject Alternative Name field. Previously only the Common Name field accepted variables, which broke posture rules that pinned identity to a SAN entry.
    • Improved accessibility by using high contrast colors and more defined color boundaries when high contrast is enabled in the macOS Display settings.
    • Path MTU Discovery (PMTUD) is now enabled by default.
    • Fixed the in-client captive-portal browser rendering a blank "Success" page on some airline Wi-Fi networks. The browser now more consistently loads the airline's real portal page so users can complete sign-in from inside the client instead of having to open a separate browser.
    • Fixed an issue in proxy mode where hostnames containing underscores (e.g. ai_app.com) were rejected, breaking apps that depend on such hostnames (notably ChatGPT sandbox apps). The local proxy now accepts underscore-containing hostnames in CONNECT requests.
    • Fixed an issue where DNS queries would fail after the connection was idle, requiring users to retry.
    • Users can now register with team names in any case format without errors.
    • New UI fixes
      • Fixed an issue where users with invalid MDM configurations were returned to the onboarding screen after successful authentication.
      • Added a re-auth button and banner to the home screen so users don't miss it when their session expires.
      • Added clear error messaging when the Cloudflare certificate needs to be installed.
      • Brought back support for pausing the tunnel when connected to user-specified Wi-Fi networks for consumer users.
      • New client UI now surfaces Split tunnel configuration and Local Domain Fallback configuration.
      • Added ability to configure proxy mode for consumer users.
      • Added back the option to quit for consumer users.

    Known issues

    • Registration may hang at "Checking your organization configuration" due to IPC errors. A system reboot should resolve the error, allowing registration to proceed.
  1. A new GA release for the Linux Cloudflare One Client is now available on the stable releases downloads page.

    This release introduces multiple features from our previous beta release into stable release, including:

    • The client now applies DNS search suffixes configured in your device profile / network policy. Administrators can push a list of DNS search domains that the client appends to single-label queries, alongside any system-configured suffixes. See DNS search suffixes for details.
    • Upgraded security of device registration to be hardware-backed. Registration tokens can now be generated in the TPM (with TPM 2.0+) whenever it is available to provide stronger protection against device impersonation. See Hardware-backed registration for details.
    • Added a local-file signal source for Emergency Disconnect. In addition to the existing HTTPS polling mechanism, administrators can now configure WARP to monitor for a file on disk; the presence of the file triggers an emergency disconnect even if both Cloudflare and your own infrastructure are unreachable. Either signal being asserted triggers disconnect; both must be cleared for normal operation to resume.
    • Added new warp-cli debug commands for interactive connection diagnosis. See Extra debug logging for details.
    • The local DNS proxy now supports DNSSEC passthrough. DNSSEC-signed responses are forwarded to the application intact (including DO/AD bits and RRSIG records), so applications that validate DNSSEC locally — including resolvers and the dig/drill tooling — work correctly through the client.
    • Added a new MDM format for organization-wide settings, including a cleaner way to configure the compliance environment (e.g. FedRAMP). The previous per-configuration approach still works, but the new format is now recommended. See the updated Cloudflare One MDM documentation for details.

    Additional changes and improvements

    • Starting with 2026.6.822.0, the client unifies all API requests under the api.devices.cloudflare.com SNI, where previously both zero-trust-client.cloudflareclient.com and notifications.cloudflareclient.com were used. Review Cloudflare One Client with firewall to ensure systems that rely on SNI inspection do not block the API traffic. The behavior of previous client versions is unaffected.
    • Cloudflare Mesh functionality using the Cloudflare One Client is now supported on RHEL 9 and 10.
    • Cloudflare Mesh now supports hostname-based routing for Cloudflare Tunnel.
    • Client Certificate device-posture checks now support template variables (e.g. ${serial_number}, ${device_uuid}) in the Subject Alternative Name field. Previously only the Common Name field accepted variables, which broke posture rules that pinned identity to a SAN entry.
    • Improved accessibility by using high contrast colors and more defined color boundaries when high contrast is enabled in the system display settings.
    • Path MTU Discovery (PMTUD) is now enabled by default.
    • Fixed the in-client captive-portal browser rendering a blank "Success" page on some airline Wi-Fi networks. The browser now more consistently loads the airline's real portal page so users can complete sign-in from inside the client instead of having to open a separate browser.
    • Fixed an issue in proxy mode where hostnames containing underscores (e.g. ai_app.com) were rejected, breaking apps that depend on such hostnames (notably ChatGPT sandbox apps). The local proxy now accepts underscore-containing hostnames in CONNECT requests.
    • Fixed an issue where DNS queries would fail after the connection was idle, requiring users to retry.
    • Fixed an issue where some Debian releases experienced inaccurate version reporting for posture checks.
    • Users can now register with team names in any case format without errors.
    • New UI fixes
      • Fixed an issue where users with invalid MDM configurations were returned to the onboarding screen after successful authentication.
      • Added a re-auth button and banner to the home screen so users don't miss it when their session expires.
      • Added clear error messaging when the Cloudflare certificate needs to be installed.
      • Brought back support for pausing the tunnel when connected to user-specified Wi-Fi networks for consumer users.
      • New client UI now surfaces Split tunnel configuration and Local Domain Fallback configuration.
      • Added ability to configure proxy mode for consumer users.
      • Added back the option to quit for consumer users.

    For RHEL deployments, this release introduces a dependency on the Extra Packages for Enterprise Linux repository (EPEL). The EPEL repository provides packages that support the captive portal detection’s in-app browser authentication and system tray icon. See Getting started with EPEL for instructions on enabling EPEL.

    Known issues

    • Registration may hang at "Checking your organization configuration" due to IPC errors. A system reboot should resolve the error, allowing registration to proceed.
  1. The latest release of the Agents SDK makes it easier to run long work in the background, drive turns through one entry point, and keep chat agents working through deploys, evictions, and reconnects.

    This release adds first-class detached (background) sub-agent runs with live progress and durable milestones, a single runTurn turn-admission entry point, and a large round of recovery and reliability fixes that continue converging @cloudflare/think and @cloudflare/ai-chat onto one model.

    Background sub-agents with progress and milestones

    runAgentTool can now dispatch a sub-agent without blocking the calling turn. A detached run returns a handle immediately and is owned by a durable, eviction-surviving backbone instead of being abandoned when the dispatching turn ends.

    JavaScript
    class OrdersAgent extends Think {
    async startImport(input) {
    // Fire-and-forget, or wire a durable completion callback
    // (by method name, like schedule()):
    await this.runAgentTool(ImportAgent, {
    input,
    detached: { onFinish: "onImportDone", maxBudgetMs: 60 * 60 * 1000 },
    });
    }
    // result.status: "completed" | "error" | "aborted" | "interrupted"
    async onImportDone(run, result) {}
    }

    Highlights:

    • Durable, exactly-once-on-the-happy-path completion via a warm fast path plus a self-scheduling reconcile backbone that survives eviction and deploys.
    • Bounded. An absolute maxBudgetMs ceiling (default 24h) and cancelAgentTool(runId) keep abandoned runs from holding a concurrency slot forever.
    • detached: { notify: true } lets a finished background run inject a message back into the chat so the model reacts to the result — no hand-wired onFinish needed.

    Sub-agents can also report mid-run progress that rides their own turn stream back to the parent's connected clients:

    JavaScript
    // Inside the child sub-agent:
    await this.reportProgress({
    fraction: 0.6,
    phase: "deploying",
    message: "Generating menu page…",
    });

    Progress surfaces on AgentToolRunState.progress via useAgentToolEvents, so a background-runs tray can render a live bar without drilling in, and the latest snapshot is persisted for inspection after eviction. Naming a milestone promotes a signal to a durable, replayable row, and detached: { onMilestones } can surface a milestone as a synthetic chat message ("narrate" for a cheap status line, or "react" to drive a model turn).

    One entry point for turns: runTurn

    @cloudflare/think adds a public runTurn(options) facade that unifies turn admission behind a single mode:

    JavaScript
    await this.runTurn({ mode: "wait", messages }); // saveMessages / continueLastTurn
    await this.runTurn({ mode: "submit", messages }); // durable submitMessages
    await this.runTurn({ mode: "stream", messages }); // chat()

    stream mode accepts array and function inputs to match wait mode, and all entry points now route through a shared internal admission path that throws a clear error on nested blocking admissions that previously could deadlock.

    Recovery and reliability

    A large part of this release continues hardening recovery and converging @cloudflare/think and @cloudflare/ai-chat onto one model:

    • Stream stall watchdog. AIChatAgent can detect and recover from a hung model/transport stream via the opt-in chatStreamStallTimeoutMs watchdog. With chatRecovery enabled the stall routes into the same bounded-recovery machinery a deploy or eviction uses; otherwise it surfaces as a terminal stream error so the spinner clears.
    • Interrupted tool-call repair. AIChatAgent now repairs a transcript with a dead server-tool call before re-entering inference (parity with @cloudflare/think), so a recovered turn no longer fails with AI_MissingToolResultsError. An overridable repairInterruptedToolPart(part) hook lets apps customize the repaired shape.
    • Stuck status after reconnect. Fixed AI SDK status getting stuck when a reconnect races a turn that has been accepted but has not started streaming yet, so the UI now renders the in-flight turn instead of settling on ready.
    • Live "recovering…" on connect. AIChatAgent now replays the recovering status to a client that connects mid-recovery, so useAgentChat's isRecovering reflects in-progress recovery immediately instead of appearing frozen.
    • Terminal connection failures. The client stops reconnecting on terminal WebSocket close events and exposes them via connectionError / onConnectionError on AgentClient, useAgent, and useAgentChat.
    • Agent-tool child recovery. A healthy long-running sub-agent run is no longer abandoned as interrupted after a deploy (both @cloudflare/think and AIChatAgent).
    • Workflows from sub-agent facets. Agent Workflows can now start from sub-agent facets, with callbacks and Workflow RPC routed back to the originating facet.
    • Plus forward-progress crediting convergence, broadcast-first give-up ordering, an event-driven auto-continuation barrier, and structured row-size compaction in AIChatAgent.

    Other improvements

    • Shared chat React core. A new agents/chat/react entry exposes useAgentChat, transport helpers, and shared wire types, with syncMessagesToServer for server-authoritative transcript storage. @cloudflare/think/react and @cloudflare/ai-chat/react are now thin wrappers over it.
    • Optional ai peer. The root agents and @cloudflare/codemode runtimes no longer reference AI SDK types, so they bundle without ai / zod installed; AI-specific entry points still require the peer when imported. just-bash likewise moves to an optional peer used only by the skills bash runner.
    • Code Mode. The default DynamicWorkerExecutor timeout increases from 30s to 60s, executions now dispose the dynamically-loaded Worker and its RPC stub after each run (fixing a flaky isolate-shutdown assertion), connector imports are cleaned up, and the outer MCP tool-call context is passed to openApiMcpServer request callbacks.
    • Voice. Voice turns now support AI SDK fullStream responses (and warn when textStream is used).
    • MCP. McpAgent server-to-client requests can now be sent from callbacks that do not inherit the agent's async context, including callbacks reached through Worker Loader RPC.
    • Experimental: server actions and channels. This release lays groundwork for guarded server actions (action() / getActions() with a durable replay ledger and approvals) and a unified channels surface (configureChannels(), deliverNotice()). Both are experimental and their APIs may change, so we don't recommend depending on them yet.

    Upgrade

    To update to the latest version:

    npm i agents@latest @cloudflare/think@latest @cloudflare/ai-chat@latest @cloudflare/codemode@latest @cloudflare/voice@latest

    Refer to the Think documentation, Code Mode documentation, and Agents documentation for more information.

  1. You can now connect autonomous agents and bots to an MCP server portal using an Access service token. Service token sessions can reach upstream MCP servers through the portal without a browser-based OAuth flow.

    To set this up:

    • Add a Service Auth policy that matches your service token to the portal's Access application.
    • Add a Service Auth policy that matches the same token to each linked MCP server's Access application.
    • Turn Require user auth off (on_behalf: false) for each linked server so the portal uses the admin credential instead of a per-user OAuth grant.

    The bot connects with CF-Access-Client-Id and CF-Access-Client-Secret headers and sees the tools from every linked server it is authorized for. Servers that still require per-user OAuth are excluded from service token sessions because a service token cannot complete a per-user OAuth grant.

    For step-by-step setup, refer to Connect with a service token.

  1. Durable Objects now supports a us jurisdiction, letting you create Durable Objects that only run and store data within the United States. Use the us jurisdiction when you need to keep a Durable Object's compute and storage inside the United States to meet data residency requirements.

    Create a namespace restricted to the us jurisdiction the same way as any other jurisdiction:

    JavaScript
    // Worker
    export default {
    async fetch(request, env) {
    const usSubnamespace = env.MY_DURABLE_OBJECT.jurisdiction("us");
    const stub = usSubnamespace.getByName("general");
    return stub.fetch(request);
    },
    };

    Workers may still access Durable Objects constrained to the us jurisdiction from anywhere in the world. The jurisdiction constraint only controls where the Durable Object itself runs and persists data.

    For the full list of supported jurisdictions, refer to Data location — Restrict Durable Objects to a jurisdiction.

  1. You can now search API tokens by name, making it easier to find specific tokens across large token lists without manually paginating.

    What's new

    For more information, refer to Create an API token and Account API tokens.

  1. The @cloudflare/vitest-pool-workers package now includes evictDurableObject and evictAllDurableObjects test helpers, exported from cloudflare:test.

    These helpers let you test how a Durable Object behaves across evictions, simulating the production lifecycle where an idle Durable Object can be evicted from memory.

    For more context, refer to Lifecycle of a Durable Object.

    TypeScript
    import { evictDurableObject, evictAllDurableObjects } from "cloudflare:test";
    import { env } from "cloudflare:workers";
    const id = env.COUNTER.idFromName("my-counter");
    const stub = env.COUNTER.get(id);
    // Evict the Durable Object instance pointed to by a specific stub
    await evictDurableObject(stub);
    // Close WebSockets instead of hibernating them
    await evictDurableObject(stub, { webSockets: "close" });
    // Evict all currently-running Durable Objects in evictable namespaces
    await evictAllDurableObjects();

    These helpers are available in @cloudflare/vitest-pool-workers@0.16.20 and later.

    Learn more in the Test APIs reference and the Testing Durable Objects guide.

  1. A new Beta release for the macOS Cloudflare One Client is now available on the beta releases downloads page.

    This beta release introduces upgraded security of device registration to be hardware-backed. Registration tokens can now be generated in the Secure Enclave whenever available to provide stronger protection against device impersonation.

    Additional changes and improvements

    This release also introduces multiple fixes and improvements including:

    • Improved accessibility by using high contrast colors and more defined color boundaries when high contrast is enabled in the macOS Display settings.
    • Path MTU Discovery (PMTUD) is now enabled by default.
    • Fixed an issue where DNS queries would fail after the connection was idle, requiring users to retry.
    • Users can now register with team names in any case format without errors.
    • New UI fixes
      • Fixed an issue where users with invalid MDM configurations were returned to the onboarding screen after successful authentication.
      • Added a re-auth button and banner to the home screen so users don't miss it when their session expires.
      • Added clear error messaging when the Cloudflare certificate needs to be installed.
      • Brought back support for pausing the tunnel when connected to user-specified Wi-Fi networks for consumer users.
      • New client UI now surfaces Split tunnel configuration and Local Domain Fallback configuration.
      • Added ability to configure proxy mode for consumer users.
      • Added back the option to quit for consumer users.

    Known issues

    • Registration may hang at "Checking your organization configuration" due to IPC errors. A system reboot should resolve the error, allowing registration to proceed.
  1. AI Search now gives you more control over similarity cache freshness. Similarity cache helps reduce latency and inference cost by reusing responses for semantically similar queries.

    With these updates, you can choose how long responses are eligible for reuse and clear cached responses when they may be stale.

    Cache duration now defaults to 48 hours

    Previously, AI Search cached responses for a fixed duration of 30 days. Cached responses now use the instance's cache_ttl setting, and the default is 48 hours.

    You can set cache_ttl when creating or updating an instance to choose a cache duration from 10 minutes to 6 days.

    Use a shorter TTL when your source content changes frequently and freshness is more important. Use a longer TTL when your content is stable and you want more cache reuse.

    For example, set cache_ttl to 518400 to retain cached responses for 6 days:

    {
    "cache_ttl": 518400
    }

    Purge cached responses

    You can also purge all cached responses for an instance on demand. Purging cached responses does not delete indexed content or source files.

    It prevents AI Search from reusing previous cached responses, so subsequent similar queries generate fresh answers and repopulate the cache.

    Terminal window
    curl -X POST "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/ai-search/instances/$INSTANCE_NAME/purge_cache" \
    -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN"

    You can also purge cached responses from the instance settings page in the Cloudflare dashboard.

    Refer to similarity cache for the full list of supported cache_ttl values and more details about cache behavior.

  1. You can now, as an Organization Super Administrator, view organization-level audit logs in the Cloudflare dashboard, in addition to the existing API access.

    Organization audit logs help you monitor activity across your organization. You can see who performed an action, what changed, when it happened, how it was performed, and whether it succeeded or failed.

    You can filter and search logs by actor, action, result, resource, request details, and timestamp. Use these logs to troubleshoot changes, investigate unexpected access, and support security or compliance workflows.

    Organization audit logs in the Cloudflare dashboard

    If you are viewing account-level audit logs and the account belongs to an organization where you are an Organization Super Administrator, select View Organization Audit Logs to open the parent organization's audit logs.

    View Organization Audit Logs button

    To get started, go to Organizations, select your organization, then go to Manage Organization > Audit Logs.

    For more information, refer to the Audit Logs documentation.

  1. Cloudflare has updated Logpush datasets:

    New datasets

    • WebSocket Analytics: A new dataset with fields including BytesReceivedClient, BytesReceivedOrigin, BytesSentClient, BytesSentOrigin, ClientASN, ClientIP, ClientRequestHost, ClientRequestPath, ClientRequestUserAgent, ColoCode, ConnectionCloseReason, ConnectionCloseSource, ConnectionID, ConnectionTransportCloseCode, EdgeEndTimestamp, EdgeStartTimestamp, and RayID.

    Updated fields in existing datasets

    • Firewall events (added): ZoneName. The Firewall events dataset is now also available for account-scope Logpush, in addition to the existing zone scope.
    • Email Security Alerts (added): BCC, DKIMResult, DMARCPolicy, DMARCResult, and SPFResult.

    For the complete field definitions for each dataset, refer to Logpush datasets.

  1. Radar now plots your IPv4 and IPv6 locations on the IP page, shows the Cloudflare data centers serving your connection, and includes more detail about the autonomous system (AS) your primary IP belongs to.

    Your IP location on the map

    The map of your connection now shows:

    • IP location markers — The primary IP will show as a red marker. When both IP addresses do not geolocate to the same place, a second marker will appear in blue with a note explaining why IPv4 and IPv6 can resolve to different locations.
    • Cloudflare data center markers — Cloudflare data centers now show as orange dots on the map and the one you are connected to is highlighted.
    • Data center connectors — Each line connects your IP markers to their respective data centers.
    Map showing Cloudflare data centers and a marker representing the IP location with a line connected to a data center

    Due to the data policies of our geolocation provider, this detailed location is only available for your own IP. Other IP addresses keep the current country-level view.

    Extended AS information

    The AS card on the IP page now shows additional detail about the network an IP belongs to — including alternate names, the operator website, and an estimate of the AS user population — alongside the AS number and country.

    Visit the Cloudflare Radar IP page to explore more details about your IP.

  1. Workflows makes it easier to build reliable multi-step applications that can recover when downstream systems fail. Rollback handlers now receive the original step context via a ctx object for the step being rolled back. This includes ctx.step.name, ctx.step.count, ctx.attempt, and the step config with defaults applied.

    The step configuration includes the retry and timeout settings used for that step, so you can customize your step recovery logic according to those fields.

    TypeScript
    await step.do(
    "create charge",
    async () => {
    const charge = await createCharge();
    return { chargeId: charge.id };
    },
    {
    rollback: async ({ ctx, output, error }) => {
    // `output` is the value returned by the step being rolled back.
    const { chargeId } = output as { chargeId: string };
    await refundCharge(chargeId, {
    // `ctx` is the original step context, including step name, count, attempt, and config.
    reason: `${ctx.step.name}: ${error.message}`,
    });
    },
    rollbackConfig: {
    // `rollbackConfig` controls retries and timeout for the rollback handler.
    retries: { limit: 3, delay: "30 seconds", backoff: "linear" },
    timeout: "5 minutes",
    },
    },
    );

    Refer to rollback options to learn more.