Cloudflare Release Notes

You can now scope Cloudflare permissions to individual Cloudflare Tunnel instances and Cloudflare Mesh nodes. Administrators can delegate access to specific Tunnels or Mesh nodes without granting account-wide control over private networking.

What is new

When you add a member or create a permission policy, the resource picker now lists Cloudflare Tunnel instances and Cloudflare Mesh nodes as scopable resource types. You can:

• Grant a read-only role on a single Cloudflare Tunnel instance to a support operator for log streaming and diagnostics — without exposing other Tunnels or destructive actions.
• Grant a write role on a specific Cloudflare Mesh node to an application team — without giving them access to the rest of your private network.
• Scope a single policy to one or many Tunnels and Mesh nodes at once.

How it works

Granular permissions are a parallel layer to existing account-level roles — they do not replace them.

Existing account-level roles continue to work. A member with Cloudflare Access or Cloudflare Zero Trust retains write access to every Tunnel and Mesh node in the account. This ensures backward compatibility for existing automation and tokens.

Granular permissions are additive. For any API request on a specific Tunnel or Mesh node, access is granted if the principal has either the account-level role or a granular permission for that resource.

Resource enumeration is authorization-aware. Listing endpoints (GET /accounts/{id}/cfd_tunnel, GET /accounts/{id}/warp_connector) return only the resources the principal has at least read access to.

Get started

Configure granular permissions for Cloudflare Tunnel.

Configure granular permissions for Cloudflare Tunnel and Cloudflare Mesh in Cloudflare One.

Review the resource-scoped roles on the Cloudflare role reference.

AI Gateway now uses the AI REST API on api.cloudflare.com. You can call any model — whether from OpenAI, Anthropic, Google, or hosted on Workers AI — through one unified API, using the same endpoints and authentication regardless of provider. Four endpoints are available:

• POST /ai/run — universal endpoint for all models and modalities
• POST /ai/v1/chat/completions — OpenAI SDK compatible
• POST /ai/v1/responses — OpenAI Responses API compatible
• POST /ai/v1/messages — Anthropic SDK compatible

curl -X POST "https://api.cloudflare.com/client/v4/accounts/$CLOUDFLARE_ACCOUNT_ID/ai/v1/chat/completions" \
--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
--header "Content-Type: application/json" \
--data '{
"model": "openai/gpt-5.5",
"messages": [{"role": "user", "content": "What is Cloudflare?"}]
}'

All AI Gateway features — logging, caching, rate limiting, and guardrails — are applied automatically. Third-party models are billed through Unified Billing, so you do not need to manage separate provider API keys.

Third-party model requests are routed through your account's default gateway, which is created automatically on first use. To route requests through a specific gateway, add the cf-aig-gateway-id header.

If you are already calling Workers AI models through the existing REST API, that path (/ai/run/@cf/{model}) continues to work. To call Workers AI models through AI Gateway, use the @cf/ model prefix (for example, @cf/moonshotai/kimi-k2.6) and include the cf-aig-gateway-id header to specify which gateway to route through.

For more details and examples, refer to the REST API documentation.

VPC Network bindings

You can now use VPC Network bindings with network_id: "cf1:network" to reach your full private network from Workers, including:

Cloudflare Mesh nodes and client devices

Subnet routes and hostname routes announced through Cloudflare Tunnel or Cloudflare Mesh

Destinations connected through Cloudflare WAN on-ramps — GRE, IPsec, and CNI

This means a single VPC Network binding can route Worker requests to private services regardless of how those services are connected to Cloudflare: through a Cloudflare Tunnel from a cloud VPC, a Mesh node on a private subnet, or a Cloudflare WAN on-ramp from your data center or branch site.

wrangler.jsonc

{
  "vpc_networks": [
    {
      "binding": "PRIVATE_NETWORK",
      "network_id": "cf1:network",
      "remote": true,
    },
  ],
}

wrangler.toml

[[vpc_networks]]
binding = "PRIVATE_NETWORK"
network_id = "cf1:network"
remote = true

At runtime, the URL you pass to fetch() determines the destination:

// Reach a service behind a Cloudflare WAN IPsec on-ramp
const response = await env.PRIVATE_NETWORK.fetch("http://10.50.0.100:8080/api");

Note

For destinations behind Cloudflare WAN on-ramps (GRE, IPsec, or CNI), your network must route the Cloudflare source IP range back through the on-ramp so reply traffic returns to Cloudflare. Without this route, stateful flows will fail. This is part of standard Cloudflare WAN onboarding.

For configuration options, refer to VPC Networks.

You can now scope Cloudflare permissions to individual Cloudflare Tunnel instances and Cloudflare Mesh nodes. Administrators can delegate access to specific Tunnels or Mesh nodes without granting account-wide control over private networking.

What is new

When you add a member or create a permission policy, the resource picker now lists Cloudflare Tunnel instances and Cloudflare Mesh nodes as scopable resource types. You can:

• Grant a read-only role on a single Cloudflare Tunnel instance to a support operator for log streaming and diagnostics — without exposing other Tunnels or destructive actions.
• Grant a write role on a specific Cloudflare Mesh node to an application team — without giving them access to the rest of your private network.
• Scope a single policy to one or many Tunnels and Mesh nodes at once.

How it works

Granular permissions are a parallel layer to existing account-level roles — they do not replace them.

Existing account-level roles continue to work. A member with Cloudflare Access or Cloudflare Zero Trust retains write access to every Tunnel and Mesh node in the account. This ensures backward compatibility for existing automation and tokens.

Granular permissions are additive. For any API request on a specific Tunnel or Mesh node, access is granted if the principal has either the account-level role or a granular permission for that resource.

Resource enumeration is authorization-aware. Listing endpoints (GET /accounts/{id}/cfd_tunnel, GET /accounts/{id}/warp_connector) return only the resources the principal has at least read access to.

Get started

Configure granular permissions for Cloudflare Tunnel.

Configure granular permissions for Cloudflare Tunnel and Cloudflare Mesh in Cloudflare One.

Review the resource-scoped roles on the Cloudflare role reference.

You can now scope Cloudflare permissions to individual Cloudflare Tunnel instances and Cloudflare Mesh nodes. Administrators can delegate access to specific Tunnels or Mesh nodes without granting account-wide control over private networking.

What is new

When you add a member or create a permission policy, the resource picker now lists Cloudflare Tunnel instances and Cloudflare Mesh nodes as scopable resource types. You can:

• Grant a read-only role on a single Cloudflare Tunnel instance to a support operator for log streaming and diagnostics — without exposing other Tunnels or destructive actions.
• Grant a write role on a specific Cloudflare Mesh node to an application team — without giving them access to the rest of your private network.
• Scope a single policy to one or many Tunnels and Mesh nodes at once.

How it works

Granular permissions are a parallel layer to existing account-level roles — they do not replace them.

• Existing account-level roles continue to work. A member with Cloudflare Access or Cloudflare Zero Trust retains write access to every Tunnel and Mesh node in the account. This ensures backward compatibility for existing automation and tokens.
• Granular permissions are additive. For any API request on a specific Tunnel or Mesh node, access is granted if the principal has either the account-level role or a granular permission for that resource.
• Resource enumeration is authorization-aware. Listing endpoints (GET /accounts/{id}/cfd_tunnel, GET /accounts/{id}/warp_connector) return only the resources the principal has at least read access to.

Get started

• Configure granular permissions for Cloudflare Tunnel.
• Configure granular permissions for Cloudflare Tunnel and Cloudflare Mesh in Cloudflare One.
• Review the resource-scoped roles on the Cloudflare role reference.

AI Gateway now uses the AI REST API on api.cloudflare.com. You can call any model — whether from OpenAI, Anthropic, Google, or hosted on Workers AI — through one unified API, using the same endpoints and authentication regardless of provider.

Four endpoints are available:

• POST /ai/run — universal endpoint for all models and modalities
• POST /ai/v1/chat/completions — OpenAI SDK compatible
• POST /ai/v1/responses — OpenAI Responses API compatible
• POST /ai/v1/messages — Anthropic SDK compatible

All AI Gateway features — logging, caching, rate limiting, and guardrails — are applied automatically. Third-party models are billed through Unified Billing, so you do not need to manage separate provider API keys.

Third-party model requests are routed through your account's default gateway, which is created automatically on first use. To route requests through a specific gateway, add the cf-aig-gateway-id header.

If you are already calling Workers AI models through the existing REST API, that path (/ai/run/@cf/{model}) continues to work. To call Workers AI models through AI Gateway, use the @cf/ model prefix (for example, @cf/moonshotai/kimi-k2.6) and include the cf-aig-gateway-id header to specify which gateway to route through.

For more details and examples, refer to the REST API documentation.

Radar now includes two new charts on the traffic page that provide deeper insights into the composition of HTTP traffic: a content type distribution chart and an API traffic share chart.

Content type distribution

The new Content type chart displays the distribution of HTTP response content types, grouped into high-level categories. A traffic type selector allows filtering by human, bot, or all traffic. The existing Bot vs. Human chart also gained a content type category filter, allowing users to see the bot/human split for specific content categories.

Content type categories:

• HTML — Web pages (text/html)
• Images — All image formats (image/*)
• JSON — JSON data and API responses (application/json, *+json)
• JavaScript — Scripts (application/javascript, text/javascript)
• CSS — Stylesheets (text/css)
• Plain Text — Unformatted text (text/plain)
• Fonts — Web fonts (font/, application/font-)
• XML — XML documents and feeds (text/xml, application/xml, application/rss+xml, application/atom+xml)
• YAML — Configuration files (text/yaml, application/yaml)
• Video — Video content and streaming (video/*, application/ogg, *mpegurl)
• Audio — Audio content (audio/*)
• Markdown — Markdown documents (text/markdown)
• Documents — PDFs, Office documents, ePub, CSV (application/pdf, application/msword, text/csv)
• Binary — Executables, archives, WebAssembly (application/octet-stream, application/zip, application/wasm)
• Serialization — Binary API formats (application/protobuf, application/grpc, application/msgpack)
• Other — All other content types

The CONTENT_TYPE dimension and contentType filter are available on the HTTP summary, timeseries groups, and timeseries endpoints.

API traffic share

The new API traffic chart shows the percentage of dynamic (non-cacheable) HTTP request traffic that is API-related. API traffic is identified by JSON or XML response content types (application/json, application/xml, text/xml) on HTTP requests that returned a 200 status code. A traffic type selector allows switching between human traffic, bot traffic, or all traffic.

The API_TRAFFIC dimension is available on the existing HTTP summary and timeseries groups endpoints. An apiTraffic filter (API or NON_API) can also be applied to HTTP timeseries requests to retrieve raw request counts for API-only or non-API traffic.

Visit the Radar traffic page to explore these new charts.

Radar now includes two new charts on the traffic page ↗ that provide deeper insights into the composition of HTTP traffic: a content type distribution chart and an API traffic share chart.

Content type distribution

The new Content type ↗ chart displays the distribution of HTTP response content types, grouped into high-level categories. A traffic type selector allows filtering by human, bot, or all traffic. The existing Bot vs. Human ↗ chart also gained a content type category filter, allowing users to see the bot/human split for specific content categories.

Content type categories:

• HTML — Web pages (text/html)
• Images — All image formats (image/*)
• JSON — JSON data and API responses (application/json, *+json)
• JavaScript — Scripts (application/javascript, text/javascript)
• CSS — Stylesheets (text/css)
• Plain Text — Unformatted text (text/plain)
• Fonts — Web fonts (font/, application/font-)
• XML — XML documents and feeds (text/xml, application/xml, application/rss+xml, application/atom+xml)
• YAML — Configuration files (text/yaml, application/yaml)
• Video — Video content and streaming (video/*, application/ogg, *mpegurl)
• Audio — Audio content (audio/*)
• Markdown — Markdown documents (text/markdown)
• Documents — PDFs, Office documents, ePub, CSV (application/pdf, application/msword, text/csv)
• Binary — Executables, archives, WebAssembly (application/octet-stream, application/zip, application/wasm)
• Serialization — Binary API formats (application/protobuf, application/grpc, application/msgpack)
• Other — All other content types

The CONTENT_TYPE dimension and contentType filter are available on the HTTP summary, timeseries groups, and timeseries endpoints.

API traffic share

The new API traffic ↗ chart shows the percentage of dynamic (non-cacheable) HTTP request traffic that is API-related. API traffic is identified by JSON or XML response content types (application/json, application/xml, text/xml) on HTTP requests that returned a 200 status code. A traffic type selector allows switching between human traffic, bot traffic, or all traffic.

The API_TRAFFIC dimension is available on the existing HTTP summary and timeseries groups endpoints. An apiTraffic filter (API or NON_API) can also be applied to HTTP timeseries requests to retrieve raw request counts for API-only or non-API traffic.

Visit the Radar traffic page ↗ to explore these new charts.

Cloudflare Access now supports using Cloudflare itself as an identity provider. If you publish an Access application and select Cloudflare as the login method, users can sign in with their existing Cloudflare account — no one-time PINs, no third-party IdP configuration, and no shared email inboxes. Authentication is backed by Cloudflare's own account security (including multi-factor authentication), making it both simpler to set up and more secure than OTP-based login for most use cases.

Cloudflare is now the default identity provider for all newly created Zero Trust accounts, replacing One-time PIN.

This also enables two new capabilities:

• Cloudflare Account Member selector — A new policy selector that matches users based on their membership in a Cloudflare account. You can target the current account or specify a different account ID for cross-account access scenarios.
• Restrict to account members — An identity provider configuration option that limits authentication to users who are members of your Cloudflare account.

To get started, add Cloudflare as an identity provider in your Zero Trust settings.

Cloudflare CASB now integrates with the Claude Compliance API. This enhancement gives security teams visibility into Claude usage patterns, admin activity, and compliance-relevant events across their organization.

The Claude Compliance API provides structured access to audit logs and administrative actions within Claude Enterprise and Claude Platform. Cloudflare CASB ingests this data to surface security findings that help organizations enhance their security posture and enforce AI governance.

Key capabilities

Starting today, security teams can scan for security findings across the following assets:

• Public projects — Projects set to public visibility
• Project attachment — Files and documents added to projects that violate DLP policies
• Chat files — User-uploaded and provider-generated files that violate DLP policies
• Chat messages — User prompts and provider responses that violate DLP policies
• Artifacts — Provider-generated documents and files that violate DLP policies

Learn more

This integration is available to all Cloudflare One customers. New Cloudflare customers can sign up and start with their first two integrations for free. Existing customers can enable the integration directly in the dashboard. The integration begins scanning immediately and surfaces findings in the dashboard within minutes.

You can now receive event notifications for Artifacts repository changes and consume them from a Worker to build commit-driven automation.

This allows you to:

• Run custom workflows when a repository is created or imported
• Kick off a build and deploy a change when an agent pushes to a repo
• Trigger a review agent on every push

Available events include:

• Account-level events (artifacts source) — repo.created, repo.deleted, repo.forked, repo.imported
• Repository-level events (artifacts.repo source) — pushed, cloned, fetched

To learn more, refer to Artifacts documentation.

You can now receive event notifications for Artifacts repository changes and consume them from a Worker to build commit-driven automation.

This allows you to:

• Run custom workflows when a repository is created or imported
• Kick off a build and deploy a change when an agent pushes to a repo
• Trigger a review agent on every push

Available events include:

• Account-level events (artifacts source) — repo.created, repo.deleted, repo.forked, repo.imported
• Repository-level events (artifacts.repo source) — pushed, cloned, fetched

To learn more, refer to Artifacts documentation.

Radar now includes an MRT Explorer tool in the Routing section. Route collectors like RIPE RIS and RouteViews publish MRT (Multi-Threaded Routing Toolkit) dump files containing BGP announcements, withdrawals, and route attributes. The new tool parses these files entirely in the browser — nothing gets uploaded.

Loading a file

Paste a URL to fetch an MRT file remotely, drag and drop one onto the page, or browse for a local file. Gzip and bzip2 compressed files are supported. A sample file is also available to get started right away.

Inspecting events

Once parsed, the tool lists every BGP event with its timestamp, prefix, AS path, OTC (Only to Customer), and community attributes.

Event details

Clicking on the "View details" action opens a modal with additional properties and the full event JSON.

Shareable URLs

When loading a file by URL, the query string captures the source so the link can be shared directly — the recipient's browser immediately fetches and parses the same file.

Try the MRT Explorer on Cloudflare Radar.

Loading a file

Radar now includes an MRT Explorer tool in the Routing section. Route collectors like RIPE RIS and RouteViews publish MRT (Multi-Threaded Routing Toolkit) dump files containing BGP announcements, withdrawals, and route attributes. The new tool parses these files entirely in the browser — nothing gets uploaded.

Paste a URL to fetch an MRT file remotely, drag and drop one onto the page, or browse for a local file. Gzip and bzip2 compressed files are supported. A sample file is also available to get started right away.

Inspecting events

Once parsed, the tool lists every BGP event with its timestamp, prefix, AS path, OTC (Only to Customer), and community attributes.

Event details

Clicking on the "View details" action opens a modal with additional properties and the full event JSON.

Shareable URLs

When loading a file by URL, the query string captures the source so the link can be shared directly — the recipient's browser immediately fetches and parses the same file.

Try the MRT Explorer on Cloudflare Radar.

You can now manage Artifacts namespaces, repos, and repo-scoped tokens directly from Wrangler CLI.

Available commands:

• wrangler artifacts namespaces list — List Artifacts namespaces in your account.
• wrangler artifacts namespaces get — Get metadata for a namespace.
• wrangler artifacts repos create — Create a repo in a namespace.
• wrangler artifacts repos list — List repos in a namespace.
• wrangler artifacts repos get — Get metadata for a repo.
• wrangler artifacts repos delete — Delete a repo.
• wrangler artifacts repos issue-token — Issue a repo-scoped token for Git access.

To get started, refer to the Wrangler Artifacts commands documentation.