releases.shpreview
Cloudflare/Cloudflare Changelog

Cloudflare Changelog

Mon
Wed
Fri
JunJulAugSepOctNovDecJanFebMarAprMay
Less
More
Releases273Avg84/moVersionsv0.2.1 to v2026.5.1155
HighlightsAll Releases

Cron schedules attach to Workflow bindings in config

You can now attach cron schedules directly to a Workflow binding in wrangler.jsonc. Each scheduled run creates a new Workflow instance automatically, so you do not need to define a separate Worker with a scheduled handler just to trigger your Workflow on an interval.

For example, you can configure hourly, every-15-minute, or weekday schedules on the same Workflow:

<div><div><span>{</span></div></div><div><div><span>  </span><span>"</span><span>workflows</span><span>"</span><span>:</span><span> </span><span>[</span></div></div><div><div><span>    </span><span>{</span></div></div><div><div><span>      </span><span>"</span><span>name</span><span>"</span><span>:</span><span> </span><span>"my-scheduled-workflow"</span><span>,</span></div></div><div><div><span>      </span><span>"</span><span>binding</span><span>"</span><span>:</span><span> </span><span>"MY_WORKFLOW"</span><span>,</span></div></div><div><div><span>      </span><span>"</span><span>class_name</span><span>"</span><span>:</span><span> </span><span>"MyScheduledWorkflow"</span><span>,</span></div></div><div><div><span>      </span><span>"</span><span>schedules</span><span>"</span><span>:</span><span> </span><span>[</span><span>"0 * * * *"</span><span>,</span><span> </span><span>"*/15 * * * *"</span><span>,</span><span> </span><span>"0 9 * * MON-FRI"</span><span>]</span></div></div><div><div><span>    </span><span>}</span></div></div><div><div><span>  </span><span>]</span></div></div><div><div><span>}</span></div></div>

This makes it easier to build recurring jobs such as database backups, invoice generation, report aggregation, and cleanup tasks without wiring up a separate Cron Trigger entrypoint.

For more information, refer to Trigger Workflows.

Agent Skills; Telegram messengers; durable chat recovery hardened

v0.14.0

The latest release of the Agents SDK adds four new ways to build with @cloudflare/think: on-demand Agent Skills, chat messengers (starting with Telegram), declarative scheduled tasks, and durable reasoning steps inside Workflows. This release also significantly hardens durable chat recovery, so turns reliably ride through deploys, evictions, and stalled model streams in production.

Agent Skills (experimental)

Give an agent a catalog of on-demand instructions, resources, and scripts. A skill source adds a catalog to the system prompt, and the model activates a skill only when a task matches — so a large library of capabilities does not bloat every prompt.

  • JavaScript

    <div><div><span>import </span><span>{</span><span><span> </span><span>Think</span></span><span>,</span><span><span> </span><span>skills</span><span> </span></span><span>}</span><span> from </span><span>"@cloudflare/think"</span><span>;</span></div></div><div><div><span><span>import </span><span>bundledSkills</span><span> from </span></span><span>"agents:skills"</span><span>;</span></div></div><div><div>
</div></div><div><div><span>export</span><span> </span><span>class</span><span> </span><span>SkillsAgent</span><span> </span><span>extends</span><span> </span><span>Think</span><span> </span><span>{</span></div></div><div><div><span>  </span><span>getSkills</span><span>()</span><span> </span><span>{</span></div></div><div><div><span>    </span><span>return</span><span> [</span></div></div><div><div><span>      </span><span>bundledSkills</span><span>,</span></div></div><div><div><span><span>      </span></span><span>skills</span><span>.</span><span>r2</span><span>(</span><span>this</span><span>.</span><span>env</span><span>.</span><span>SKILLS_BUCKET</span><span>,</span><span> </span><span>{</span><span> prefix</span><span>:</span><span> </span><span>"skills/"</span><span> </span><span>}</span><span>)</span><span>,</span></div></div><div><div><span><span>    </span></span><span>]</span><span>;</span></div></div><div><div><span>  </span><span>}</span></div></div><div><div><span>}</span></div></div>

  • TypeScript

    <div><div><span>import </span><span>{</span><span><span> </span><span>Think</span></span><span>,</span><span><span> </span><span>skills</span><span> </span></span><span>}</span><span> from </span><span>"@cloudflare/think"</span><span>;</span></div></div><div><div><span><span>import </span><span>bundledSkills</span><span> from </span></span><span>"agents:skills"</span><span>;</span></div></div><div><div>
</div></div><div><div><span>export</span><span> </span><span>class</span><span> </span><span>SkillsAgent</span><span> </span><span>extends</span><span> </span><span>Think</span><span><</span><span>Env</span><span>></span><span> </span><span>{</span></div></div><div><div><span>  </span><span>getSkills</span><span>()</span><span> </span><span>{</span></div></div><div><div><span>    </span><span>return</span><span> [</span></div></div><div><div><span>      </span><span>bundledSkills</span><span>,</span></div></div><div><div><span><span>      </span></span><span>skills</span><span>.</span><span>r2</span><span>(</span><span>this</span><span>.</span><span>env</span><span>.</span><span>SKILLS_BUCKET</span><span>,</span><span> </span><span>{</span><span> prefix</span><span>:</span><span> </span><span>"skills/"</span><span> </span><span>}</span><span>)</span><span>,</span></div></div><div><div><span><span>    </span></span><span>]</span><span>;</span></div></div><div><div><span>  </span><span>}</span></div></div><div><div><span>}</span></div></div>

The agents:skills import bundles a local ./skills directory through the Agents Vite plugin (one directory per skill, each with a SKILL.md). Skills can also load from R2 or a manifest. When skills are available, Think exposes activate_skill, read_skill_resource, and an optional run_skill_script tool. Skill loading is resilient: a duplicate or failing source is skipped with a warning instead of breaking the agent.

Agent Skills are experimental, and script execution in particular is early. The API may change in a future release. We would love your feedback — tell us what you are building and what is missing in the Agents repository.

Messengers

Connect a Think agent directly to a chat platform. Think owns the webhook route, conversation routing, durable reply fiber, and streamed delivery back to the provider. Telegram ships as the first provider.

  • JavaScript

    <div><div><span>import </span><span>{</span><span><span> </span><span>Think</span><span> </span></span><span>}</span><span> from </span><span>"@cloudflare/think"</span><span>;</span></div></div><div><div><span>import </span><span>{</span></div></div><div><div><span><span>  </span></span><span>defineMessengers</span><span>,</span></div></div><div><div><span><span>  </span></span><span>ThinkMessengerStateAgent</span><span>,</span></div></div><div><div><span>}</span><span> from </span><span>"@cloudflare/think/messengers"</span><span>;</span></div></div><div><div><span><span>import </span><span>telegramMessenger</span><span> from </span></span><span>"@cloudflare/think/messengers/telegram"</span><span>;</span></div></div><div><div>
</div></div><div><div><span>export</span><span> </span><span>{</span><span> </span><span>ThinkMessengerStateAgent</span><span> </span><span>};</span></div></div><div><div>
</div></div><div><div><span>export</span><span> </span><span>class</span><span> </span><span>SupportAgent</span><span> </span><span>extends</span><span> </span><span>Think</span><span> </span><span>{</span></div></div><div><div><span>  </span><span>getMessengers</span><span>()</span><span> </span><span>{</span></div></div><div><div><span>    </span><span>return</span><span> </span><span>defineMessengers</span><span>(</span><span>{</span></div></div><div><div><span><span>      </span></span><span>telegram</span><span>:</span><span> </span><span>telegramMessenger</span><span>(</span><span>{</span></div></div><div><div><span><span>        </span></span><span>token</span><span>:</span><span> </span><span>this</span><span>.</span><span>env</span><span>.</span><span>TELEGRAM_BOT_TOKEN</span><span>,</span></div></div><div><div><span><span>        </span></span><span>userName</span><span>:</span><span> </span><span>"support_bot"</span><span>,</span></div></div><div><div><span><span>        </span></span><span>secretToken</span><span>:</span><span> </span><span>this</span><span>.</span><span>env</span><span>.</span><span>TELEGRAM_WEBHOOK_SECRET_TOKEN</span><span>,</span></div></div><div><div><span>      </span><span>}</span><span>)</span><span>,</span></div></div><div><div><span>    </span><span>}</span><span>)</span><span>;</span></div></div><div><div><span>  </span><span>}</span></div></div><div><div><span>}</span></div></div>

  • TypeScript

    <div><div><span>import </span><span>{</span><span><span> </span><span>Think</span><span> </span></span><span>}</span><span> from </span><span>"@cloudflare/think"</span><span>;</span></div></div><div><div><span>import </span><span>{</span></div></div><div><div><span><span>  </span></span><span>defineMessengers</span><span>,</span></div></div><div><div><span><span>  </span></span><span>ThinkMessengerStateAgent</span><span>,</span></div></div><div><div><span>}</span><span> from </span><span>"@cloudflare/think/messengers"</span><span>;</span></div></div><div><div><span><span>import </span><span>telegramMessenger</span><span> from </span></span><span>"@cloudflare/think/messengers/telegram"</span><span>;</span></div></div><div><div>
</div></div><div><div><span>export</span><span> </span><span>{</span><span> </span><span>ThinkMessengerStateAgent</span><span> </span><span>};</span></div></div><div><div>
</div></div><div><div><span>export</span><span> </span><span>class</span><span> </span><span>SupportAgent</span><span> </span><span>extends</span><span> </span><span>Think</span><span><</span><span>Env</span><span>></span><span> </span><span>{</span></div></div><div><div><span>  </span><span>getMessengers</span><span>()</span><span> </span><span>{</span></div></div><div><div><span>    </span><span>return</span><span> </span><span>defineMessengers</span><span>(</span><span>{</span></div></div><div><div><span><span>      </span></span><span>telegram</span><span>:</span><span> </span><span>telegramMessenger</span><span>(</span><span>{</span></div></div><div><div><span><span>        </span></span><span>token</span><span>:</span><span> </span><span>this</span><span>.</span><span>env</span><span>.</span><span>TELEGRAM_BOT_TOKEN</span><span>,</span></div></div><div><div><span><span>        </span></span><span>userName</span><span>:</span><span> </span><span>"support_bot"</span><span>,</span></div></div><div><div><span><span>        </span></span><span>secretToken</span><span>:</span><span> </span><span>this</span><span>.</span><span>env</span><span>.</span><span>TELEGRAM_WEBHOOK_SECRET_TOKEN</span><span>,</span></div></div><div><div><span>      </span><span>}</span><span>)</span><span>,</span></div></div><div><div><span>    </span><span>}</span><span>)</span><span>;</span></div></div><div><div><span>  </span><span>}</span></div></div><div><div><span>}</span></div></div>

Each Chat SDK thread maps to its own Think sub-agent by default, so group chats and direct messages do not share memory. Multiple bots, custom conversation routing, and custom providers are all supported.

Scheduled tasks

Declare recurring, timezone-aware prompts and handlers with a typed domain-specific language (DSL). Think reconciles the declarations on startup and re-arms the next occurrence after each run, backed by durable idempotent submissions.

  • JavaScript

    <div><div><span>import </span><span>{</span><span><span> </span><span>Think</span></span><span>,</span><span><span> </span><span>defineScheduledTasks</span><span> </span></span><span>}</span><span> from </span><span>"@cloudflare/think"</span><span>;</span></div></div><div><div>
</div></div><div><div><span>export</span><span> </span><span>class</span><span> </span><span>DigestAgent</span><span> </span><span>extends</span><span> </span><span>Think</span><span> </span><span>{</span></div></div><div><div><span>  </span><span>getScheduledTasks</span><span>()</span><span> </span><span>{</span></div></div><div><div><span>    </span><span>return</span><span> </span><span>defineScheduledTasks</span><span>(</span><span>{</span></div></div><div><div><span><span>      </span></span><span>weeklyCommitReport</span><span>:</span><span> </span><span>{</span></div></div><div><div><span><span>        </span></span><span>schedule</span><span>:</span><span> </span><span>"every week on monday at 09:00"</span><span>,</span></div></div><div><div><span><span>        </span></span><span>prompt</span><span>:</span></div></div><div><div><span>          </span><span>"Compile my GitHub commits for the last week and summarize them."</span><span>,</span></div></div><div><div><span>      </span><span>},</span></div></div><div><div><span><span>      </span></span><span>workout</span><span>:</span><span> </span><span>{</span></div></div><div><div><span><span>        </span></span><span>schedule</span><span>:</span><span> </span><span>"every day at 08:00 in Europe/London"</span><span>,</span></div></div><div><div><span><span>        </span></span><span>prompt</span><span>:</span><span> </span><span>"Start my workout."</span><span>,</span></div></div><div><div><span>      </span><span>},</span></div></div><div><div><span>    </span><span>}</span><span>)</span><span>;</span></div></div><div><div><span>  </span><span>}</span></div></div><div><div><span>}</span></div></div>

  • TypeScript

    <div><div><span>import </span><span>{</span><span><span> </span><span>Think</span></span><span>,</span><span><span> </span><span>defineScheduledTasks</span><span> </span></span><span>}</span><span> from </span><span>"@cloudflare/think"</span><span>;</span></div></div><div><div>
</div></div><div><div><span>export</span><span> </span><span>class</span><span> </span><span>DigestAgent</span><span> </span><span>extends</span><span> </span><span>Think</span><span><</span><span>Env</span><span>></span><span> </span><span>{</span></div></div><div><div><span>  </span><span>getScheduledTasks</span><span>()</span><span> </span><span>{</span></div></div><div><div><span>    </span><span>return</span><span> </span><span>defineScheduledTasks</span><span>(</span><span>{</span></div></div><div><div><span><span>      </span></span><span>weeklyCommitReport</span><span>:</span><span> </span><span>{</span></div></div><div><div><span><span>        </span></span><span>schedule</span><span>:</span><span> </span><span>"every week on monday at 09:00"</span><span>,</span></div></div><div><div><span><span>        </span></span><span>prompt</span><span>:</span></div></div><div><div><span>          </span><span>"Compile my GitHub commits for the last week and summarize them."</span><span>,</span></div></div><div><div><span>      </span><span>},</span></div></div><div><div><span><span>      </span></span><span>workout</span><span>:</span><span> </span><span>{</span></div></div><div><div><span><span>        </span></span><span>schedule</span><span>:</span><span> </span><span>"every day at 08:00 in Europe/London"</span><span>,</span></div></div><div><div><span><span>        </span></span><span>prompt</span><span>:</span><span> </span><span>"Start my workout."</span><span>,</span></div></div><div><div><span>      </span><span>},</span></div></div><div><div><span>    </span><span>}</span><span>)</span><span>;</span></div></div><div><div><span>  </span><span>}</span></div></div><div><div><span>}</span></div></div>
Think Workflows

Run a model-driven reasoning step inside a Cloudflare Workflow with ThinkWorkflow and step.prompt(), with durable typed structured output, long waits, and approval gates.

  • JavaScript

    <div><div><span>import </span><span>{</span><span><span> </span><span>z</span><span> </span></span><span>}</span><span> from </span><span>"zod"</span><span>;</span></div></div><div><div><span>import </span><span>{</span><span><span> </span><span>ThinkWorkflow</span><span> </span></span><span>}</span><span> from </span><span>"@cloudflare/think/workflows"</span><span>;</span></div></div><div><div>
</div></div><div><div><span>const</span><span> </span><span>draftSchema</span><span> </span><span>=</span><span> </span><span>z</span><span>.</span><span>object</span><span>(</span><span>{</span></div></div><div><div><span><span>  </span></span><span>title</span><span>:</span><span> </span><span>z</span><span>.</span><span>string</span><span>()</span><span>,</span></div></div><div><div><span><span>  </span></span><span>summary</span><span>:</span><span> </span><span>z</span><span>.</span><span>string</span><span>()</span><span>,</span></div></div><div><div><span><span>  </span></span><span>labels</span><span>:</span><span> </span><span>z</span><span>.</span><span>array</span><span>(</span><span>z</span><span>.</span><span>string</span><span>())</span><span>,</span></div></div><div><div><span>}</span><span>)</span><span>;</span></div></div><div><div>
</div></div><div><div><span>export</span><span> </span><span>class</span><span> </span><span>TriageWorkflow</span><span> </span><span>extends</span><span> </span><span>ThinkWorkflow</span><span> </span><span>{</span></div></div><div><div><span>  </span><span>async</span><span> </span><span>run</span><span>(</span><span>event</span><span>,</span><span> </span><span>step</span><span>)</span><span> </span><span>{</span></div></div><div><div><span>    </span><span>const</span><span> </span><span>draft</span><span> </span><span>=</span><span> </span><span>await</span><span> </span><span>step</span><span>.</span><span>prompt</span><span>(</span><span>"triage-issue"</span><span>,</span><span> </span><span>{</span></div></div><div><div><span><span>      </span></span><span>prompt</span><span>:</span><span> </span><span>`Triage issue #</span><span>${</span><span>event</span><span>.</span><span>payload</span><span>.</span><span>issueNumber</span><span>}</span><span>`</span><span>,</span></div></div><div><div><span><span>      </span></span><span>output</span><span>:</span><span> </span><span>draftSchema</span><span>,</span></div></div><div><div><span><span>      </span></span><span>timeout</span><span>:</span><span> </span><span>"3 days"</span><span>,</span></div></div><div><div><span>    </span><span>}</span><span>)</span><span>;</span></div></div><div><div>
</div></div><div><div><span>    </span><span>await</span><span> </span><span>step</span><span>.</span><span>do</span><span>(</span><span>"apply-labels"</span><span>,</span><span> </span><span>async</span><span> </span><span>()</span><span> </span><span>=></span><span> </span><span>{</span></div></div><div><div><span>      </span><span>await</span><span> </span><span>this</span><span>.</span><span>agent</span><span>.</span><span>applyLabels</span><span>(</span><span>draft</span><span>.</span><span>labels</span><span>)</span><span>;</span></div></div><div><div><span>    </span><span>}</span><span>)</span><span>;</span></div></div><div><div><span>  </span><span>}</span></div></div><div><div><span>}</span></div></div>

  • TypeScript

    <div><div><span>import </span><span>{</span><span><span> </span><span>z</span><span> </span></span><span>}</span><span> from </span><span>"zod"</span><span>;</span></div></div><div><div><span>import </span><span>{</span><span><span> </span><span>ThinkWorkflow</span><span> </span></span><span>}</span><span> from </span><span>"@cloudflare/think/workflows"</span><span>;</span></div></div><div><div><span>import type </span><span>{</span><span><span> </span><span>ThinkWorkflowStep</span><span> </span></span><span>}</span><span> from </span><span>"@cloudflare/think/workflows"</span><span>;</span></div></div><div><div><span>import type </span><span>{</span><span><span> </span><span>AgentWorkflowEvent</span><span> </span></span><span>}</span><span> from </span><span>"agents/workflows"</span><span>;</span></div></div><div><div>
</div></div><div><div><span>const</span><span> </span><span>draftSchema</span><span> </span><span>=</span><span> </span><span>z</span><span>.</span><span>object</span><span>(</span><span>{</span></div></div><div><div><span><span>  </span></span><span>title</span><span>:</span><span> </span><span>z</span><span>.</span><span>string</span><span>()</span><span>,</span></div></div><div><div><span><span>  </span></span><span>summary</span><span>:</span><span> </span><span>z</span><span>.</span><span>string</span><span>()</span><span>,</span></div></div><div><div><span><span>  </span></span><span>labels</span><span>:</span><span> </span><span>z</span><span>.</span><span>array</span><span>(</span><span>z</span><span>.</span><span>string</span><span>())</span><span>,</span></div></div><div><div><span>}</span><span>)</span><span>;</span></div></div><div><div>
</div></div><div><div><span>export</span><span> </span><span>class</span><span> </span><span>TriageWorkflow</span><span> </span><span>extends</span><span> </span><span>ThinkWorkflow</span><span><</span><span>TriageAgent</span><span>,</span><span> </span><span>Params</span><span>></span><span> </span><span>{</span></div></div><div><div><span>  </span><span>async</span><span> </span><span>run</span><span>(</span><span>event</span><span>:</span><span> </span><span>AgentWorkflowEvent</span><span><</span><span>Params</span><span>>,</span><span> </span><span>step</span><span>:</span><span> </span><span>ThinkWorkflowStep</span><span>)</span><span> </span><span>{</span></div></div><div><div><span>    </span><span>const</span><span> </span><span>draft</span><span> </span><span>=</span><span> </span><span>await</span><span> </span><span>step</span><span>.</span><span>prompt</span><span>(</span><span>"triage-issue"</span><span>,</span><span> </span><span>{</span></div></div><div><div><span><span>      </span></span><span>prompt</span><span>:</span><span> </span><span>`Triage issue #</span><span>${</span><span>event</span><span>.</span><span>payload</span><span>.</span><span>issueNumber</span><span>}</span><span>`</span><span>,</span></div></div><div><div><span><span>      </span></span><span>output</span><span>:</span><span> </span><span>draftSchema</span><span>,</span></div></div><div><div><span><span>      </span></span><span>timeout</span><span>:</span><span> </span><span>"3 days"</span><span>,</span></div></div><div><div><span>    </span><span>}</span><span>)</span><span>;</span></div></div><div><div>
</div></div><div><div><span>    </span><span>await</span><span> </span><span>step</span><span>.</span><span>do</span><span>(</span><span>"apply-labels"</span><span>,</span><span> </span><span>async</span><span> </span><span>()</span><span> </span><span>=></span><span> </span><span>{</span></div></div><div><div><span>      </span><span>await</span><span> </span><span>this</span><span>.</span><span>agent</span><span>.</span><span>applyLabels</span><span>(</span><span>draft</span><span>.</span><span>labels</span><span>)</span><span>;</span></div></div><div><div><span>    </span><span>}</span><span>)</span><span>;</span></div></div><div><div><span>  </span><span>}</span></div></div><div><div><span>}</span></div></div>
Production hardening for durable chat recovery

Durable chat turns have always been designed to survive a mid-turn deploy or Durable Object eviction. This release is a major hardening pass on that machinery for production.

  • Better recovery during deploys. Turns now ride through continuous deploys and evictions without losing completed work or re-running tools that already ran.
  • A live "recovering…" signal. useAgentChat exposes a new isRecovering flag, so a recovering turn shows progress instead of looking frozen. Most UIs render isStreaming || isRecovering as "busy".
  • Stalled streams recover. Set chatStreamStallTimeoutMs to route a hung provider stream into the same recovery path instead of leaving an infinite spinner.
  • Sub-agents re-attach. On parent recovery, an in-flight agentTool() child is re-attached to its result rather than abandoned and re-run, so long-running children no longer lose work under deploys.
MCP transport improvements
  • Resumable streams — In-flight tool calls over Server-Sent Events (SSE) survive a dropped connection. Clients reconnect with Last-Event-ID and replay anything they missed.
  • Readable server IDsaddMcpServer accepts an optional id, so tools surface as readable keys (for example tool_github_create_pull_request) instead of opaque connection IDs.
  • Better handling of concurrent requests — Overlapping JSON-RPC requests are now correctly correlated to their responses across the HTTP and RPC transports.
Other improvements
  • Compaction — A Session's tokenCounter now also drives the compaction boundary decision ("what to compress"), not just the fire/no-fire trigger.
  • @cloudflare/worker-bundler — Adds a virtualModules option to createWorker to provide in-memory module source during bundling.
  • Client-tool continuations — Parallel tool results now coalesce into a single continuation, immediate resume requests attach to the pending continuation, and server-side needsApproval continuations resume reliably after approval.
Upgrade

To update to the latest version:

<span>npm</span><span> i agents@latest @cloudflare/think@latest @cloudflare/ai-chat@latest</span>
<span>yarn</span><span> add agents@latest @cloudflare/think@latest @cloudflare/ai-chat@latest</span>
<span>pnpm</span><span> add agents@latest @cloudflare/think@latest @cloudflare/ai-chat@latest</span>
<span>bun</span><span> add agents@latest @cloudflare/think@latest @cloudflare/ai-chat@latest</span>

Refer to the Agents API reference and Chat agents documentation for more information.

macOS client gets redesigned UI; DNS search suffixes now supported

v2026.5.1155

A new Beta release for the macOS Cloudflare One Client is now available on the beta releases downloads page.

This release introduces the new Cloudflare One Client UI for macOS! You can expect a cleaner and more intuitive design as well as easier access to common actions and information. Here are some of the many things we have found our users appreciate:

  • Right click context menu to access the most common client actions quickly
  • Built-in captive portal login experience

Additional Changes and improvements

  • The client now applies DNS search suffixes configured in your device profile / network policy. Administrators can push a list of DNS search domains that the client appends to single-label queries, alongside any system-configured suffixes. See DNS search suffixes for details.
  • Administrators can now control which virtual networks (VNETs) are available to which users via WARP device profile settings in the Zero Trust dashboard. Previously, every VNET in the organization was visible to every device; you can now scope the VNET picker per profile so users only see the networks relevant to them. See VNET availability for details.
  • Added a local-file signal source for Emergency Disconnect. In addition to the existing HTTPS polling mechanism, administrators can now configure WARP to monitor for a file on disk; the presence of the file triggers an emergency disconnect even if both Cloudflare and your own infrastructure are unreachable. Either signal being asserted triggers disconnect; both must be cleared for normal operation to resume.
  • Added new warp-cli debug commands for interactive connection diagnosis. See Extra debug logging for details.
  • The local DNS proxy now supports DNSSEC passthrough. DNSSEC-signed responses are forwarded to the application intact (including DO/AD bits and RRSIG records), so applications that validate DNSSEC locally — including resolvers and the dig/drill tooling — work correctly through the client.
  • Added a new MDM format for organization-wide settings, including a cleaner way to configure the compliance environment (e.g. FedRAMP). The previous per-configuration approach still works, but the new format is now recommended. See the updated Cloudflare One MDM documentation for details.
  • Client Certificate device-posture checks now support template variables (e.g. ${serial_number}, ${device_uuid}) in the Subject Alternative Name field, matching what the documentation has always claimed. Previously only the Common Name field accepted variables, which broke posture rules that pinned identity to a SAN entry.
  • Fixed the in-client captive-portal browser rendering a blank "Success" page on some airline Wi-Fi networks (United inflight Wi-Fi was the reported case). The browser now reliably loads the airline's real portal page so users can complete sign-in from inside the client instead of having to open a separate browser.
  • Fixed an issue in proxy mode where hostnames containing underscores (e.g. ai_app.com) were rejected, breaking apps that depend on such hostnames (notably ChatGPT sandbox apps). The local proxy now accepts underscore-containing hostnames in CONNECT requests.

Known issues

  • Registration may hang at "Checking your organization configuration" due to IPC errors. A system reboot should resolve the error, allowing registration to proceed.
  • Split tunnel list configuration is not available in the new UI. Management of split tunnel entries is currently only possible via warp-cli tunnel ip and warp-cli tunnel host. UI support will be added in a future release.

New Windows UI; mandatory authentication blocks traffic until sign-in

v2026.5.1155

A new Beta release for the Windows Cloudflare One Client is now available on the beta releases downloads page.

This release introduces the new Cloudflare One Client UI for Windows! You can expect a cleaner and more intuitive design as well as easier access to common actions and information. Here are some of the many things we have found our users appreciate:

  • Right click context menu to access the most common client actions quickly
  • Built-in captive portal login experience

Additional Changes and improvements

  • The client now applies DNS search suffixes configured in your device profile / network policy. Administrators can push a list of DNS search domains that the client appends to single-label queries, alongside any system-configured suffixes. See DNS search suffixes for details.
  • Administrators can now control which virtual networks (VNETs) are available to which users via WARP device profile settings in the Zero Trust dashboard. Previously, every VNET in the organization was visible to every device; you can now scope the VNET picker per profile so users only see the networks relevant to them. See VNET availability for details.
  • Added mandatory authentication. When enabled via MDM, the Cloudflare One Client blocks all Internet traffic from the moment the machine boots until the user authenticates, closing the visibility gap on newly deployed devices and during re-authentication. See the announcement blog and documentation for details.
  • Added a local-file signal source for Emergency Disconnect. In addition to the existing HTTPS polling mechanism, administrators can now configure WARP to monitor for a file on disk; the presence of the file triggers an emergency disconnect even if both Cloudflare and your own infrastructure are unreachable. Either signal being asserted triggers disconnect; both must be cleared for normal operation to resume.
  • Added new warp-cli debug commands for interactive connection diagnosis. See Extra debug logging for details.
  • The local DNS proxy now supports DNSSEC passthrough. DNSSEC-signed responses are forwarded to the application intact (including DO/AD bits and RRSIG records), so applications that validate DNSSEC locally — including resolvers and the dig/drill tooling — work correctly through the client.
  • Added a new MDM format for organization-wide settings, including a cleaner way to configure the compliance environment (e.g. FedRAMP). The previous per-configuration approach still works, but the new format is now recommended. See the updated Cloudflare One MDM documentation for details.
  • Client Certificate device-posture checks now support template variables (e.g. ${serial_number}, ${device_uuid}) in the Subject Alternative Name field, matching what the documentation has always claimed. Previously only the Common Name field accepted variables, which broke posture rules that pinned identity to a SAN entry.
  • The UseWebView2 registry value (HKLM\SOFTWARE\Cloudflare\CloudflareWARP\UseWebView2 = y) is once again honored by the new GUI for authentication, so administrators who prefer the embedded WebView2 browser for sign-in can opt back in. This setting was effectively ignored in the previous release; the default browser was always used. This key is now also honored for re-authentications.
  • Fixed a crash in the authentication browser when navigating to a site that prompts for browser permissions (microphone, camera, notifications, etc.). The same fix had previously landed for the captive-portal browser; this extends it to the auth browser.
  • Fixed an issue in proxy mode where hostnames containing underscores (e.g. ai_app.com) were rejected, breaking apps that depend on such hostnames (notably ChatGPT sandbox apps). The local proxy now accepts underscore-containing hostnames in CONNECT requests.

Known issues

  • Registration authentication for devices via the integrated WebView2 browser is unavailable in this version as a temporary measure. As a result, the client will utilize the default browser on the device to complete the authentication process.
  • An error indicating that Microsoft Edge can't read and write to its data directory may be displayed during captive portal login; this error is benign and can be dismissed.
  • Registration may hang at "Checking your organization configuration" due to IPC errors. A system reboot should resolve the error, allowing registration to proceed.
  • Split tunnel list configuration is not available in the new UI. Management of Split Tunnel entries is currently only possible via warp-cli tunnel ip and warp-cli tunnel host. UI support will be added in a future release.
  • Windows ARM may prompt the user to close running applications while trying to install this version. Simply click “Ok” with the default highlighted option.
  • DNS resolution may be broken when the following conditions are all true:
    • The client is in Secure Web Gateway without DNS filtering (tunnel-only) mode.
    • A custom DNS server address is configured on the primary network adapter.
    • The custom DNS server address on the primary network adapter is changed while the client is connected.
      To work around this issue, please reconnect the client by selecting "disconnect" and then "connect" in the client user interface.

Security Insights scans enabled by default; frequency increased

Security Insights scans now run more often. Cloudflare scans Free accounts every 7 days, Pro and Business accounts every 3 days, and Enterprise accounts daily.

In addition, all accounts and zones now receive scans by default. You no longer need to enable scans before Cloudflare checks your account for misconfigurations, vulnerabilities, and other security risks.

Granular on-demand scans are now available on any plan. You can trigger an on-demand scan for any zone, insight, insight type from the Cloudflare dashboard in order to quickly re-check your security posture after remediating an issue.

To learn more, refer to the Security Insights documentation.

Sandbox services now shareable via quick or named tunnels

Sandboxes can expose a service running inside the container on a public preview URL through the sandbox.tunnels namespace. The SDK uses cloudflared inside the sandbox so you can share a running service without configuring exposePort() or a custom domain.

By default, sandbox.tunnels.get(port) creates a quick tunnel on a zero-config *.trycloudflare.com URL — no Cloudflare account, DNS record, or custom domain required. This is perfect for quick development and for .workers.dev deployments.

  • JavaScript

    <div><div><span>import </span><span>{</span><span><span> </span><span>getSandbox</span><span> </span></span><span>}</span><span> from </span><span>"@cloudflare/sandbox"</span><span>;</span></div></div><div><div>
</div></div><div><div><span>const</span><span> </span><span>sandbox</span><span> </span><span>=</span><span> </span><span>getSandbox</span><span>(</span><span>env</span><span>.</span><span>Sandbox</span><span>,</span><span> </span><span>"my-sandbox"</span><span>)</span><span>;</span></div></div><div><div><span>await</span><span> </span><span>sandbox</span><span>.</span><span>startProcess</span><span>(</span><span>"python -m http.server 8080"</span><span>)</span><span>;</span></div></div><div><div>
</div></div><div><div><span>const</span><span> </span><span>tunnel</span><span> </span><span>=</span><span> </span><span>await</span><span> </span><span>sandbox</span><span>.</span><span>tunnels</span><span>.</span><span>get</span><span>(</span><span>8080</span><span>)</span><span>;</span></div></div><div><div><span>console</span><span>.</span><span>log</span><span>(</span><span>tunnel</span><span>.</span><span>url</span><span>)</span><span>;</span><span> </span><span>// → https://random-words-here.trycloudflare.com</span></div></div>

  • TypeScript

    <div><div><span>import </span><span>{</span><span><span> </span><span>getSandbox</span><span> </span></span><span>}</span><span> from </span><span>"@cloudflare/sandbox"</span><span>;</span></div></div><div><div>
</div></div><div><div><span>const</span><span> </span><span>sandbox</span><span> </span><span>=</span><span> </span><span>getSandbox</span><span>(</span><span>env</span><span>.</span><span>Sandbox</span><span>,</span><span> </span><span>"my-sandbox"</span><span>)</span><span>;</span></div></div><div><div><span>await</span><span> </span><span>sandbox</span><span>.</span><span>startProcess</span><span>(</span><span>"python -m http.server 8080"</span><span>)</span><span>;</span></div></div><div><div>
</div></div><div><div><span>const</span><span> </span><span>tunnel</span><span> </span><span>=</span><span> </span><span>await</span><span> </span><span>sandbox</span><span>.</span><span>tunnels</span><span>.</span><span>get</span><span>(</span><span>8080</span><span>)</span><span>;</span></div></div><div><div><span>console</span><span>.</span><span>log</span><span>(</span><span>tunnel</span><span>.</span><span>url</span><span>)</span><span>;</span><span> </span><span>// → https://random-words-here.trycloudflare.com</span></div></div>
Named tunnels

For more control you can create a named tunnel through sandbox.tunnels.get(port, { name }). A named tunnel binds a hostname (<name>.<your-zone>) backed by a Cloudflare Tunnel and a CNAME record on your zone resulting in something like https://my-app-preview.example.com.

Unlike quick tunnels, which generate a new random URL each time, a named tunnel produces a persistent URL that survives container restarts. This makes named tunnels suitable for production use cases where you want control over the tunnel and it's origin.

  • JavaScript

    <div><div><span>const</span><span> </span><span>tunnel</span><span> </span><span>=</span><span> </span><span>await</span><span> </span><span>sandbox</span><span>.</span><span>tunnels</span><span>.</span><span>get</span><span>(</span><span>8080</span><span>,</span><span> </span><span>{</span><span> name</span><span>:</span><span> </span><span>"my-app-preview"</span><span> </span><span>}</span><span>)</span><span>;</span></div></div><div><div><span>console</span><span>.</span><span>log</span><span>(</span><span>tunnel</span><span>.</span><span>url</span><span>)</span><span>;</span><span> </span><span>// → https://my-app-preview.example.com</span></div></div>

  • TypeScript

    <div><div><span>const</span><span> </span><span>tunnel</span><span> </span><span>=</span><span> </span><span>await</span><span> </span><span>sandbox</span><span>.</span><span>tunnels</span><span>.</span><span>get</span><span>(</span><span>8080</span><span>,</span><span> </span><span>{</span><span> name</span><span>:</span><span> </span><span>"my-app-preview"</span><span> </span><span>}</span><span>)</span><span>;</span></div></div><div><div><span>console</span><span>.</span><span>log</span><span>(</span><span>tunnel</span><span>.</span><span>url</span><span>)</span><span>;</span><span> </span><span>// → https://my-app-preview.example.com</span></div></div>

Calling sandbox.destroy() tears down the Cloudflare Tunnel and the associated DNS record alongside the container, so you do not leave dangling tunnels or records behind.

Upgrade

To update to the latest version:

<span>npm</span><span> i @cloudflare/sandbox@latest</span>
<span>yarn</span><span> add @cloudflare/sandbox@latest</span>
<span>pnpm</span><span> add @cloudflare/sandbox@latest</span>
<span>bun</span><span> add @cloudflare/sandbox@latest</span>

For full API details, refer to the Sandbox tunnels reference.

Post-quantum TLS checker detects handshake bugs

The Radar post-quantum TLS support checker now also reports TLS bugs detected during the handshake test. When a scanned host exhibits compatibility issues, the results include details on the specific bugs detected, along with guidance on how to investigate and remediate each issue. The bugs section only appears for hosts where issues are found.

The following TLS bugs are detected:

  • Split ClientHello — The connection fails with a fragmented post-quantum ClientHello but succeeds with classical handshakes. Typically caused by middleboxes or firewalls that cannot reassemble split TLS messages.
  • HRR Failure — The server sends a HelloRetryRequest but fails to complete the handshake afterward.
  • Unknown Keyshare — The server cannot handle unknown key exchange algorithms and fails instead of responding with a HelloRetryRequest as required by the TLS 1.3 specification.

Bug detection data is available through the existing /post_quantum/tls/support endpoint.

Visit the Post-Quantum Encryption page to test a host.

WebSocket adapter auto-reconnects; media buffers on disconnect

Cloudflare Realtime SFU is a WebRTC Selective Forwarding Unit that runs on Cloudflare's global network, so you can route live audio, video, and data between WebRTC clients around the world without managing SFU infrastructure or regions.

When you use the WebSocket adapter to stream WebRTC media to a WebSocket endpoint, the adapter now auto-reconnects and buffers audio and video after brief endpoint disconnects or restarts.

Streaming WebRTC media to WebSocket endpoints

Many teams also use Realtime SFU as the media layer for backend applications, such as transcription, recording, note-taking, and agentic media-processing services. These systems often need to consume live WebRTC audio or video from the SFU in backend infrastructure, including Durable Objects, Workers, Containers, or external services, without running a WebRTC client themselves.

The WebSocket adapter bridges that gap by streaming WebRTC media from the SFU to a standard WebSocket endpoint as application-consumable payloads: PCM audio frames and JPEG video frames.

What changed

When you use the WebSocket adapter in Stream mode (egress) to send live audio or video from the SFU to your own WebSocket endpoint, the SFU now automatically reconnects after brief endpoint disconnects or restarts. This is especially helpful for long-running media pipelines where the WebSocket endpoint may briefly restart while a recording, transcription, or live analysis job is still in progress.

Previously, a brief disconnect from your WebSocket endpoint could close the adapter and require your application to recreate it before media could resume. Now, the SFU retries the same endpoint for up to 5 seconds with no API change required. If the endpoint comes back within that window, audio and video delivery resumes automatically.

The reconnect behavior also includes live-first media buffering, so brief interruptions reduce media loss without replaying stale video.

Reconnect behavior

During reconnect:

  • Audio uses a short bounded backlog to reduce audible loss. If the interruption lasts longer than the backlog can cover, older audio may be dropped.
  • Video resumes from the latest available JPEG frame instead of replaying stale frames.
  • Recovery is best effort and does not guarantee gapless or exactly-once delivery.

If the endpoint remains unavailable after the 5-second reconnect window, the adapter closes and must be recreated.

Learn more

R2 Data Catalog dashboard launched; guided setup wizard added

R2 Data Catalog is a managed Apache Iceberg data catalog built directly into your R2 bucket. It exposes a standard Iceberg REST catalog interface so you can connect query engines like Spark, Snowflake, DuckDB, and R2 SQL to your data in R2.

R2 Data Catalog now has a dedicated section in the Cloudflare dashboard, replacing the previous settings panel embedded in R2 bucket configuration. The new experience includes:

  • Catalog overview — View all your catalogs in one place with catalog request counts, bucket sizes, and table maintenance status at a glance.
  • Guided setup wizard — Create a catalog in three steps: choose or create an R2 bucket, configure table maintenance (compaction and snapshot expiration), and review. The wizard creates the bucket and generates a service credential automatically.
  • Settings management — A dedicated settings page for each catalog with sections for general configuration, table maintenance, service credentials, and disabling the catalog. You can now enable and configure snapshot expiration directly from the dashboard.
  • Built-in metrics — Five charts on each catalog's metrics tab: bytes compacted, files compacted, catalog requests, storage size, and snapshots expired.

To get started, go to R2 Data Catalog in the Cloudflare dashboard or refer to the getting started guide and manage catalogs documentation.

Wrangler containers ssh works as OpenSSH ProxyCommand

Wrangler supports using wrangler containers ssh as an OpenSSH ProxyCommand for Containers. This lets your local SSH client connect to a running Container through Wrangler.

<div><div><span>ssh</span><span> </span><span>-o</span><span> </span><span>ProxyCommand="wrangler containers ssh %h"</span><span> </span><span>cloudchamber@<INSTANCE_ID></span></div></div>

When standard input and output are piped, Wrangler forwards data to the SSH server in the Container. You can also pass --stdio to force this mode.

For more information, refer to the SSH documentation.

R2 Data Catalog pricing published

R2 Data Catalog is a managed Apache Iceberg data catalog built directly into R2 buckets, queryable by any Iceberg-compatible engine such as Spark, Snowflake, and DuckDB. R2 Data Catalog now has published pricing for catalog operations and table compaction, in addition to standard R2 storage and operations.

Billing is not yet enabled. We will provide at least 30 days notice before we start charging for R2 Data Catalog usage.

Pricing is based on two dimensions:

  • Catalog operations: $9.00 / million operations for metadata requests such as creating tables, reading table metadata, and updating table properties.
  • Compaction: $0.005 / GB processed and $2.00 / million objects processed. These charges only apply when automatic compaction is turned on for a table.

Both dimensions include a monthly free tier: 1 million catalog operations, 10 GB of compaction data processed, and 1 million compaction objects processed.

For full pricing details and billing examples, refer to R2 Data Catalog pricing.

Track recording creates separate files per participant

You can now record specific participant audio tracks in RealtimeKit with track recording. Track recording creates separate WebM files for each participant instead of a single composite recording, which is useful for post-processing, transcription, and regulated or content-sensitive workflows.

To record specific participants, pass user_ids when starting a track recording:

<div><div><span>curl</span><span> </span><span>--request</span><span> </span><span>POST</span><span> </span><span>\</span></div></div><div><div><span>  </span><span>--url</span><span> </span><span>https://api.cloudflare.com/client/v4/accounts/<account_id>/realtime/kit/<app_id>/recordings/track</span><span> </span><span>\</span></div></div><div><div><span>  </span><span>--header</span><span> </span><span>'Authorization: Bearer <api_token>'</span><span> </span><span>\</span></div></div><div><div><span>  </span><span>--header</span><span> </span><span>'Content-Type: application/json'</span><span> </span><span>\</span></div></div><div><div><span>  </span><span>--data</span><span> </span><span>'{</span></div></div><div><div><span><span>  </span></span><span>"meeting_id": "97440c6a-140b-40a9-9499-b23fd7a3868a",</span></div></div><div><div><span><span>  </span></span><span>"user_ids": ["user-123", "user-456"]</span></div></div><div><div><span>}'</span></div></div>

To pass user_ids for selective track recording, use the following minimum SDK versions:

  • Web Core: @cloudflare/realtimekit version 1.4.0 or later
  • Web UI Kit: @cloudflare/realtimekit-ui, @cloudflare/realtimekit-react-ui, or @cloudflare/realtimekit-angular-ui version 1.1.2 or later
  • Android Core or iOS Core: version 2.0.0 or later
  • Android UI Kit or iOS UI Kit: version 1.1.0 or later

RealtimeKit provides SDKs and UI components so that you can build your own meeting experience on Cloudflare's global WebRTC infrastructure. Teams today build products ranging from telehealth to education on RealtimeKit for global audiences. You can get started today with our Quickstart or take a look at our Cloudflare Meet repo as a reference.

Recipients now support display names

You can now send emails with display names on recipient addresses in addition to the existing from support. Pass an object with email and an optional name field for to, cc, bcc, replyTo, or from:

  • JavaScript

    <div><div><span>export</span><span> </span><span>default</span><span> </span><span>{</span></div></div><div><div><span>  </span><span>async</span><span> </span><span>fetch</span><span>(</span><span>request</span><span>,</span><span> </span><span>env</span><span>)</span><span> </span><span>{</span></div></div><div><div><span>    </span><span>const</span><span> </span><span>response</span><span> </span><span>=</span><span> </span><span>await</span><span> </span><span>env</span><span>.</span><span>EMAIL</span><span>.</span><span>send</span><span>(</span><span>{</span></div></div><div><div><span><span>      </span></span><span>from</span><span>:</span><span> </span><span>{</span><span> email</span><span>:</span><span> </span><span>"support@example.com"</span><span>,</span><span> name</span><span>:</span><span> </span><span>"Support Team"</span><span> </span><span>},</span></div></div><div><div><span><span>      </span></span><span>to</span><span>:</span><span> </span><span>{</span><span> email</span><span>:</span><span> </span><span>"jane@example.com"</span><span>,</span><span> name</span><span>:</span><span> </span><span>"Jane Doe"</span><span> </span><span>},</span></div></div><div><div><span><span>      </span></span><span>cc</span><span>:</span><span> [</span></div></div><div><div><span>        </span><span>"manager@company.com"</span><span>,</span></div></div><div><div><span>        </span><span>{</span><span> email</span><span>:</span><span> </span><span>"team@company.com"</span><span>,</span><span> name</span><span>:</span><span> </span><span>"Engineering Team"</span><span> </span><span>},</span></div></div><div><div><span><span>      </span></span><span>]</span><span>,</span></div></div><div><div><span><span>      </span></span><span>subject</span><span>:</span><span> </span><span>"Welcome!"</span><span>,</span></div></div><div><div><span><span>      </span></span><span>html</span><span>:</span><span> </span><span>"<h1>Thanks for joining!</h1>"</span><span>,</span></div></div><div><div><span><span>      </span></span><span>text</span><span>:</span><span> </span><span>"Thanks for joining!"</span><span>,</span></div></div><div><div><span>    </span><span>}</span><span>)</span><span>;</span></div></div><div><div>
</div></div><div><div><span>    </span><span>return</span><span> </span><span>Response</span><span>.</span><span>json</span><span>(</span><span>{</span><span> messageId</span><span>:</span><span> </span><span>response</span><span>.</span><span>messageId</span><span> </span><span>}</span><span>)</span><span>;</span></div></div><div><div><span>  </span><span>},</span></div></div><div><div><span>};</span></div></div>

  • TypeScript

    <div><div><span>export</span><span> </span><span>default</span><span> </span><span>{</span></div></div><div><div><span>  </span><span>async</span><span> </span><span>fetch</span><span>(</span><span>request</span><span>,</span><span> </span><span>env</span><span>)</span><span>:</span><span> </span><span>Promise</span><span><</span><span>Response</span><span>></span><span> </span><span>{</span></div></div><div><div><span>    </span><span>const</span><span> </span><span>response</span><span> </span><span>=</span><span> </span><span>await</span><span> </span><span>env</span><span>.</span><span>EMAIL</span><span>.</span><span>send</span><span>(</span><span>{</span></div></div><div><div><span><span>      </span></span><span>from</span><span>:</span><span> </span><span>{</span><span> email</span><span>:</span><span> </span><span>"support@example.com"</span><span>,</span><span> name</span><span>:</span><span> </span><span>"Support Team"</span><span> </span><span>},</span></div></div><div><div><span><span>      </span></span><span>to</span><span>:</span><span> </span><span>{</span><span> email</span><span>:</span><span> </span><span>"jane@example.com"</span><span>,</span><span> name</span><span>:</span><span> </span><span>"Jane Doe"</span><span> </span><span>},</span></div></div><div><div><span><span>      </span></span><span>cc</span><span>:</span><span> [</span></div></div><div><div><span>        </span><span>"manager@company.com"</span><span>,</span></div></div><div><div><span>        </span><span>{</span><span> email</span><span>:</span><span> </span><span>"team@company.com"</span><span>,</span><span> name</span><span>:</span><span> </span><span>"Engineering Team"</span><span> </span><span>},</span></div></div><div><div><span><span>      </span></span><span>]</span><span>,</span></div></div><div><div><span><span>      </span></span><span>subject</span><span>:</span><span> </span><span>"Welcome!"</span><span>,</span></div></div><div><div><span><span>      </span></span><span>html</span><span>:</span><span> </span><span>"<h1>Thanks for joining!</h1>"</span><span>,</span></div></div><div><div><span><span>      </span></span><span>text</span><span>:</span><span> </span><span>"Thanks for joining!"</span><span>,</span></div></div><div><div><span>    </span><span>}</span><span>)</span><span>;</span></div></div><div><div>
</div></div><div><div><span>    </span><span>return</span><span> </span><span>Response</span><span>.</span><span>json</span><span>(</span><span>{</span><span> messageId</span><span>:</span><span> </span><span>response</span><span>.</span><span>messageId</span><span> </span><span>}</span><span>)</span><span>;</span></div></div><div><div><span>  </span><span>},</span></div></div><div><div><span>}</span><span> </span><span>satisfies</span><span> </span><span>ExportedHandler</span><span><</span><span>Env</span><span>>;</span></div></div>

Plain strings remain fully supported for backward compatibility, and you can mix strings and named objects in the same array.

Refer to the Workers API and REST API documentation for full request examples.

R2 SQL pricing published; $2.50/TB scanned

R2 SQL is a serverless, distributed query engine that runs SQL against Apache Iceberg tables stored in R2 Data Catalog. R2 SQL now has published pricing based on a single dimension: the volume of compressed data scanned to execute your queries. At $2.50 / TB ($0.0025 / GB), R2 SQL is priced at half the cost of AWS Athena and less than half of Google BigQuery on-demand.

Billing is not yet enabled. We will provide at least 30 days notice before we start charging for R2 SQL usage.

Data scanned is measured on compressed bytes read from R2 object storage. This matches what you see in your R2 bucket — if a Parquet file is 100 MB on disk, scanning that file bills for 100 MB. Each query has a minimum billing increment of 10 MB.

Free plans include 1 GB / month and Paid plans include 10 GB / month. Standard R2 storage and operations and R2 Data Catalog charges apply separately.

For full pricing details and billing examples, refer to R2 SQL pricing.

Per-replica details and manual failover for HA nodes

The Cloudflare Mesh dashboard now shows per-replica details for high availability nodes. You can see which replica is active, view each replica's Mesh IP and connection details, and manually trigger failover — all from the node detail page.

What's new
  • Replica tabs on the node detail page — switch between replicas to see each one's Mesh IP, edge data center, origin IP, platform, version, and uptime.
  • Active/passive badges identify which replica is currently routing traffic.
  • Manual failover — promote a passive replica to active with a single click. The previous active replica switches to standby.
  • HA badge in the overview table identifies nodes running multiple replicas.
  • Active replica IP shown in the overview table — the dashboard now resolves which replica is active and displays the correct Mesh IP.
Manual failover

To manually promote a passive replica:

  1. In the Cloudflare dashboard, go to Networking > Mesh.
  2. Select an HA-enabled node.
  3. Select the passive replica tab.
  4. Select Promote to active and confirm.

Traffic reroutes to the promoted replica immediately. Refer to High availability for details on failover behavior.

Quick Actions accessible from Workers via quickAction() method

You can now call Browser Run Quick Actions directly from a Cloudflare Worker using the quickAction() method on the browser binding. This simplifies how Workers interact with Browser Run by removing the need for API tokens or external HTTP requests. Your Worker communicates with Browser Run directly over Cloudflare's network, resulting in simpler code and lower latency.

With the quickAction() method you can:

To get started, add a browser binding to your Wrangler configuration:

  • wrangler.jsonc

    <div><div><span>{</span></div></div><div><div><span>  </span><span>"</span><span>compatibility_date</span><span>"</span><span>:</span><span> </span><span>"2026-03-24"</span><span>,</span></div></div><div><div><span>  </span><span>"</span><span>browser</span><span>"</span><span>:</span><span> </span><span>{</span></div></div><div><div><span>    </span><span>"</span><span>binding</span><span>"</span><span>:</span><span> </span><span>"BROWSER"</span></div></div><div><div><span>  </span><span>}</span></div></div><div><div><span>}</span></div></div>

  • wrangler.toml

    <div><div><span>compatibility_date</span><span> </span><span>=</span><span> </span><span>"2026-03-24"</span></div></div><div><div>
</div></div><div><div><span>[</span><span>browser</span><span>]</span></div></div><div><div><span>binding</span><span> </span><span>=</span><span> </span><span>"BROWSER"</span></div></div>

Then call any Quick Action directly from your Worker. For example, to capture a screenshot:

  • JavaScript

    <div><div><span>const</span><span> </span><span>screenshot</span><span> </span><span>=</span><span> </span><span>await</span><span> </span><span>env</span><span>.</span><span>BROWSER</span><span>.</span><span>quickAction</span><span>(</span><span>"screenshot"</span><span>,</span><span> </span><span>{</span></div></div><div><div><span><span>  </span></span><span>url</span><span>:</span><span> </span><span>"https://www.cloudflare.com/"</span><span>,</span></div></div><div><div><span>}</span><span>)</span><span>;</span></div></div>

  • TypeScript

    <div><div><span>const</span><span> </span><span>screenshot</span><span> </span><span>=</span><span> </span><span>await</span><span> </span><span>env</span><span>.</span><span>BROWSER</span><span>.</span><span>quickAction</span><span>(</span><span>"screenshot"</span><span>,</span><span> </span><span>{</span></div></div><div><div><span><span>  </span></span><span>url</span><span>:</span><span> </span><span>"https://www.cloudflare.com/"</span><span>,</span></div></div><div><div><span>}</span><span>)</span><span>;</span></div></div>

The quickAction() method requires a compatibility date of 2026-03-24 or later.

For setup instructions and the full list of available actions, refer to Browser Run Quick Actions.

Pipelines pricing published; billing not yet enabled

Cloudflare Pipelines is a streaming data platform that ingests events, transforms them with SQL, and writes to R2 as JSON, Parquet, or Apache Iceberg tables. Pipelines now has published pricing based on two usage dimensions: the volume of data processed by SQL transforms and the volume of data delivered to sinks. Ingress into a Pipeline stream is free.

Billing is not yet enabled. We will provide at least 30 days notice before we start charging for Pipelines usage.

Pipelines pricing model is designed to charge per GB based on what you use:

  • Streams (ingress): Free, regardless of volume.
  • SQL transforms: $0.04 / GB for stateless transforms (filter, reshape, unnest, cast, compute).
  • Sinks: $0.03 / GB for JSON, $0.06 / GB for Parquet or Iceberg output.

Workers Free plans include 1 GB / month for each dimension. Workers Paid plans include 50 GB / month.

For full pricing details and billing examples, refer to Pipelines pricing.

Last Checked
2h ago
Tracking since Dec 18, 2025
.json·.md·.atom