From c715315bbb0abbb7d458f22a96f7793e726c751a Mon Sep 17 00:00:00 2001 From: Pedro Sousa <680496+pedrosousa@users.noreply.github.com> Date: Wed, 10 Sep 2025 09:21:53 +0100 Subject: [PATCH 01/10] [WAF] Highlight lines in APIRequest calls (#25027) --- src/content/docs/waf/custom-rules/create-api.mdx | 3 +++ .../waf/managed-rules/payload-logging/configure-api.mdx | 2 +- .../reference/owasp-core-ruleset/configure-api.mdx | 6 ++++++ src/content/docs/waf/rate-limiting-rules/create-api.mdx | 7 +++++++ 4 files changed, 17 insertions(+), 1 deletion(-) diff --git a/src/content/docs/waf/custom-rules/create-api.mdx b/src/content/docs/waf/custom-rules/create-api.mdx index 6a99bf7b4e5fc6..f2ddb6f7d69b82 100644 --- a/src/content/docs/waf/custom-rules/create-api.mdx +++ b/src/content/docs/waf/custom-rules/create-api.mdx @@ -72,6 +72,9 @@ The new rule, which will be the last rule in the ruleset, includes the definitio }, }, }} + code={{ + mark: [{ range: "9-13" }], + }} roles={false} /> diff --git a/src/content/docs/waf/managed-rules/payload-logging/configure-api.mdx b/src/content/docs/waf/managed-rules/payload-logging/configure-api.mdx index 588cfd29a2503f..7dd27005a1a751 100644 --- a/src/content/docs/waf/managed-rules/payload-logging/configure-api.mdx +++ b/src/content/docs/waf/managed-rules/payload-logging/configure-api.mdx @@ -124,7 +124,7 @@ This example configures payload logging for the [Cloudflare Managed Ruleset](/wa expression: "true", }} code={{ - mark: [8, 9, 10], + mark: [{ range: "8-10" }], }} roles={false} /> diff --git a/src/content/docs/waf/managed-rules/reference/owasp-core-ruleset/configure-api.mdx b/src/content/docs/waf/managed-rules/reference/owasp-core-ruleset/configure-api.mdx index 26dd95a71e5c7d..339ede8a178dc0 100644 --- a/src/content/docs/waf/managed-rules/reference/owasp-core-ruleset/configure-api.mdx +++ b/src/content/docs/waf/managed-rules/reference/owasp-core-ruleset/configure-api.mdx @@ -138,6 +138,9 @@ This example sets the Cloudflare OWASP Core Ruleset's paranoia level for a zone expression: "true", enabled: true, }} + code={{ + mark: [{ range: "8-19" }], + }} roles={false} /> @@ -297,6 +300,9 @@ This example configures the managed ruleset score threshold and the performed ac expression: "true", enabled: true, }} + code={{ + mark: [{ range: "12-13" }], + }} roles={false} /> diff --git a/src/content/docs/waf/rate-limiting-rules/create-api.mdx b/src/content/docs/waf/rate-limiting-rules/create-api.mdx index 16b53d3adcbaf9..e767bf6dde94d0 100644 --- a/src/content/docs/waf/rate-limiting-rules/create-api.mdx +++ b/src/content/docs/waf/rate-limiting-rules/create-api.mdx @@ -91,6 +91,9 @@ The new rule defines a [custom response](/waf/rate-limiting-rules/create-zone-da mitigation_timeout: 600, }, }} + code={{ + mark: [{ range: "9-13" }], + }} roles={false} /> @@ -121,6 +124,7 @@ The new rule does not consider requests for cached assets when calculating the r requests_to_origin: true, }, }} + code={{ mark: [17] }} roles={false} /> @@ -152,6 +156,9 @@ The new rule is a complexity-based rate limiting rule that takes the `my-score` counting_expression: "", }, }} + code={{ + mark: [{ range: "13-14" }], + }} roles={false} /> From 8f5194a2b0a2987490a1e8e7dc7b02c562698f97 Mon Sep 17 00:00:00 2001 From: "Chris Draper (Cloudflare PM)" <115131024+cdraper-cloudflare@users.noreply.github.com> Date: Wed, 10 Sep 2025 04:51:17 -0400 Subject: [PATCH 02/10] New docs for Magic WAN custom IKE IDs plus changelog for custom IKE IDs and bidirectional health check update (#25047) * Write new doc on custom IKE IDs for IPsec in Magic WAN. Write changelog for custom IKE and health check updates. * Fix side bar ordering for other documents in the Magic WAN common settings page * Apply suggestions from code review --------- Co-authored-by: marciocloudflare <83226960+marciocloudflare@users.noreply.github.com> --- ...bidirectional-health-check-any-on-ramp.mdx | 13 +++++++++++ ...2025-09-08-custom-ike-id-ipsec-tunnels.mdx | 9 ++++++++ .../check-tunnel-health-dashboard.mdx | 10 +++++---- .../configure-magic-tunnel-health-alerts.mdx | 7 ++++-- .../common-settings/custom-ike-id-ipsec.mdx | 22 +++++++++++++++++++ .../common-settings/enable-magic-roles.mdx | 5 +++-- .../configuration/common-settings/index.mdx | 6 ++--- .../configuration/common-settings/sites.mdx | 21 ++++++++++++------ .../update-tunnel-health-checks-frequency.mdx | 9 ++++---- 9 files changed, 80 insertions(+), 22 deletions(-) create mode 100644 src/content/changelog/magic-wan/2025-09-05-bidirectional-health-check-any-on-ramp.mdx create mode 100644 src/content/changelog/magic-wan/2025-09-08-custom-ike-id-ipsec-tunnels.mdx create mode 100644 src/content/docs/magic-wan/configuration/common-settings/custom-ike-id-ipsec.mdx diff --git a/src/content/changelog/magic-wan/2025-09-05-bidirectional-health-check-any-on-ramp.mdx b/src/content/changelog/magic-wan/2025-09-05-bidirectional-health-check-any-on-ramp.mdx new file mode 100644 index 00000000000000..0e20042841c514 --- /dev/null +++ b/src/content/changelog/magic-wan/2025-09-05-bidirectional-health-check-any-on-ramp.mdx @@ -0,0 +1,13 @@ +--- +title: Bidirectional tunnel health checks are compatible with all Magic on-ramps +description: Bidirectional tunnel health check return packets are accepted by any Magic on-ramp +date: 2025-09-05 +--- + +All bidirectional tunnel health check return packets are accepted by any Magic on-ramp. + +Previously, when a Magic tunnel had a bidirectional health check configured, the bidirectional health check would pass when the return packets came back to Cloudflare over the same tunnel that was traversed by the forward packets. + +There are SD-WAN devices, like VeloCloud, that do not offer controls to steer traffic over one tunnel versus another in a high availability tunnel configuration. + +Now, when a Magic tunnel has a bidirectional health check configured, the bidirectional health check will pass when the return packet traverses over any tunnel in a high availability configuration. diff --git a/src/content/changelog/magic-wan/2025-09-08-custom-ike-id-ipsec-tunnels.mdx b/src/content/changelog/magic-wan/2025-09-08-custom-ike-id-ipsec-tunnels.mdx new file mode 100644 index 00000000000000..1478f469cd0fc7 --- /dev/null +++ b/src/content/changelog/magic-wan/2025-09-08-custom-ike-id-ipsec-tunnels.mdx @@ -0,0 +1,9 @@ +--- +title: Custom IKE ID for IPsec Tunnels +description: Customers can now set a custom IKE ID for their IPsec Tunnels +date: 2025-09-08 +--- + +Now, Magic WAN customers can configure a custom IKE ID for their IPsec tunnels. Customers that are using Magic WAN and a VeloCloud SD-WAN device together can utilize this new feature to create a high availability configuration. + +This feature is available via API only. Customers can read the Magic WAN documentation to learn more about the [Custom IKE ID feature and the API call to configure it](/magic-wan/configuration/common-settings/custom-ike-id-ipsec/). diff --git a/src/content/docs/magic-wan/configuration/common-settings/check-tunnel-health-dashboard.mdx b/src/content/docs/magic-wan/configuration/common-settings/check-tunnel-health-dashboard.mdx index cb1a347c946c4d..edbbdfbb77430c 100644 --- a/src/content/docs/magic-wan/configuration/common-settings/check-tunnel-health-dashboard.mdx +++ b/src/content/docs/magic-wan/configuration/common-settings/check-tunnel-health-dashboard.mdx @@ -2,7 +2,7 @@ pcx_content_type: how-to title: Check tunnel health in the dashboard sidebar: - order: 3 + order: 2 --- import { Render } from "~/components"; @@ -11,10 +11,12 @@ import { Render } from "~/components"; file="tunnel-health/check-tunnel-healthchecks-dash" product="networking-services" params={{ - dashInfo: "The dashboard shows the view of tunnel health as measured from each Cloudflare location where your traffic is likely to land.", + dashInfo: + "The dashboard shows the view of tunnel health as measured from each Cloudflare location where your traffic is likely to land.", productPath: "**Magic WAN** > **Network health**", graphQL: "/magic-wan/analytics/query-tunnel-health/", - notificationsPath: "[notifications wizard](/magic-wan/configuration/common-settings/configure-magic-tunnel-health-alerts/)" + notificationsPath: + "[notifications wizard](/magic-wan/configuration/common-settings/configure-magic-tunnel-health-alerts/)", }} /> @@ -22,7 +24,7 @@ import { Render } from "~/components"; file="tunnel-health/health-checks-compatible-cmb-eu" product="networking-services" params={{ - productName: "Magic WAN" + productName: "Magic WAN", }} /> diff --git a/src/content/docs/magic-wan/configuration/common-settings/configure-magic-tunnel-health-alerts.mdx b/src/content/docs/magic-wan/configuration/common-settings/configure-magic-tunnel-health-alerts.mdx index 210ebf0394e7bf..d85b11f5f9b056 100644 --- a/src/content/docs/magic-wan/configuration/common-settings/configure-magic-tunnel-health-alerts.mdx +++ b/src/content/docs/magic-wan/configuration/common-settings/configure-magic-tunnel-health-alerts.mdx @@ -3,6 +3,8 @@ pcx_content_type: how-to title: Configure Magic Tunnel health alerts head: [] description: Use the API to set up and configure Magic Tunnel health alerts +sidebar: + order: 4 --- import { Render } from "~/components"; @@ -13,8 +15,9 @@ import { Render } from "~/components"; params={{ magicWord: "Magic WAN", productName: "Magic WAN", - magicTunnelHealthCheckCalculation: "/magic-wan/reference/how-cloudflare-calculates-magic-tunnel-health-alerts/", + magicTunnelHealthCheckCalculation: + "/magic-wan/reference/how-cloudflare-calculates-magic-tunnel-health-alerts/", networkAnalyticsPath: "/magic-wan/analytics/network-analytics/", healthChecks: "/magic-wan/reference/tunnel-health-checks/", }} -/> \ No newline at end of file +/> diff --git a/src/content/docs/magic-wan/configuration/common-settings/custom-ike-id-ipsec.mdx b/src/content/docs/magic-wan/configuration/common-settings/custom-ike-id-ipsec.mdx new file mode 100644 index 00000000000000..d5327cba7d6188 --- /dev/null +++ b/src/content/docs/magic-wan/configuration/common-settings/custom-ike-id-ipsec.mdx @@ -0,0 +1,22 @@ +--- +pcx_content_type: how-to +title: Custom IKE ID for IPsec +sidebar: + order: 6 +--- + +Magic WAN customers can configure a custom IKE ID for their IPsec tunnels. Customers that are using Magic WAN and a VeloCloud SD-WAN device together should utilize this option to create a high availability configuration. + +:::note +This feature is only available via API. There are no configuration options for a custom IKE ID for an IPsec tunnel in the Cloudflare dashboard. +::: + +VeloCloud has a high availability mechanism that allows customers to specify one set of IKE parameters (like IKE ID) and multiple remote IPs. Customers create an IKE ID, and then assign the same custom IKE ID to their primary IPsec tunnel and their backup IPsec tunnel. FQDN is the only supported type for custom IKE IDs. + +Magic WAN customers can set a custom IKE ID for an IPsec tunnel using the following API call. Customers will need to fill in the appropriate values for <account_id>, <tunnel_id>, and the FQDN wildcard before running the API call. + +```txt +% cloudflared access curl +https://conduit-api.cfdata.org/accounts//ipsec_tunnels/ +-XPUT -d '{"custom_remote_identities": {"fqdn_id": "*..custom.ipsec.cloudflare.com"}}' +``` diff --git a/src/content/docs/magic-wan/configuration/common-settings/enable-magic-roles.mdx b/src/content/docs/magic-wan/configuration/common-settings/enable-magic-roles.mdx index 012e87864e7c9d..9f31f8cd7b784a 100644 --- a/src/content/docs/magic-wan/configuration/common-settings/enable-magic-roles.mdx +++ b/src/content/docs/magic-wan/configuration/common-settings/enable-magic-roles.mdx @@ -4,9 +4,10 @@ title: Enable Magic user roles head: [] description: You can determine which users have, or do not have, configuration edit access for Magic products. - +sidebar: + order: 5 --- -import { Render } from "~/components" +import { Render } from "~/components"; diff --git a/src/content/docs/magic-wan/configuration/common-settings/index.mdx b/src/content/docs/magic-wan/configuration/common-settings/index.mdx index 8fa730a9f2d4d4..c291ff2f82035c 100644 --- a/src/content/docs/magic-wan/configuration/common-settings/index.mdx +++ b/src/content/docs/magic-wan/configuration/common-settings/index.mdx @@ -1,13 +1,13 @@ --- title: Common settings pcx_content_type: navigation +head: [] sidebar: order: 4 - --- -import { DirectoryListing } from "~/components" +import { DirectoryListing } from "~/components"; -Review this section to learn about the settings shared between the Magic WAN Connector and the manual setup process for Magic WAN. +Review this section to learn about the common settings that apply to both the Magic WAN Connector setup process and the manual setup process for Magic WAN. diff --git a/src/content/docs/magic-wan/configuration/common-settings/sites.mdx b/src/content/docs/magic-wan/configuration/common-settings/sites.mdx index fc2e655aad8a86..1d11076519f9f6 100644 --- a/src/content/docs/magic-wan/configuration/common-settings/sites.mdx +++ b/src/content/docs/magic-wan/configuration/common-settings/sites.mdx @@ -2,12 +2,12 @@ title: Set up a site pcx_content_type: how-to sidebar: - order: 2 + order: 1 badge: text: Beta --- -import { Render } from "~/components" +import { Render } from "~/components"; Sites represent the local network of a data center, office, or other physical location, and combine all on-ramps available there. Sites also allow you to check, at a glance, the state of your on-ramps and set up health alert settings so that you get notified when there are issues with the site's on-ramps. @@ -24,9 +24,9 @@ To use a site, start by setting up your on-ramps. These can be [GRE or IPsec tun 7. Select **Continue**. 8. In **Define alert settings** you set up alerts to notify you when there are issues with your site's on-ramps. If you want to set up alerts later, select **Skip this for now** to complete your setup. Otherwise, continue reading. 9. In **Magic WAN Health Check Alert** > **Notification name**, enter a name for the site's alert. -9. Under **Alert settings**, choose how you want to be notified when there is an issue. You can add webhooks as well as email addresses. -10. In **Alert sensitivity level** define the threshold for Magic Tunnel health alerts to be fired. Refer to [How Cloudflare calculates Magic Tunnel health alerts](/magic-wan/reference/how-cloudflare-calculates-magic-tunnel-health-alerts/) for more information. -11. Select **Complete setup** to finish setting up your site. +10. Under **Alert settings**, choose how you want to be notified when there is an issue. You can add webhooks as well as email addresses. +11. In **Alert sensitivity level** define the threshold for Magic Tunnel health alerts to be fired. Refer to [How Cloudflare calculates Magic Tunnel health alerts](/magic-wan/reference/how-cloudflare-calculates-magic-tunnel-health-alerts/) for more information. +12. Select **Complete setup** to finish setting up your site. Your site is now set up. If you have other sites you need to set up, repeat the steps above. If you did not set up alerts, we strongly recommend that you do it. Otherwise you will not be notified when there is a problem with one of your on-ramps. @@ -34,7 +34,11 @@ Your site is now set up. If you have other sites you need to set up, repeat the ## Site analytics - + --- @@ -60,4 +64,7 @@ If you add geographic coordinates to your site, it will show up in the Network m ### Set thresholds for Magic WAN site health - \ No newline at end of file + diff --git a/src/content/docs/magic-wan/configuration/common-settings/update-tunnel-health-checks-frequency.mdx b/src/content/docs/magic-wan/configuration/common-settings/update-tunnel-health-checks-frequency.mdx index 2450021fd18c4b..84def14b656a4c 100644 --- a/src/content/docs/magic-wan/configuration/common-settings/update-tunnel-health-checks-frequency.mdx +++ b/src/content/docs/magic-wan/configuration/common-settings/update-tunnel-health-checks-frequency.mdx @@ -2,7 +2,7 @@ pcx_content_type: how-to title: Update tunnel health checks frequency sidebar: - order: 4 + order: 3 --- import { Render } from "~/components"; @@ -14,7 +14,8 @@ import { Render } from "~/components"; magicProduct: "Magic WAN", productName: "Magic WAN", healthChecksUrl: "/magic-wan/reference/tunnel-health-checks/", - addTunnelsPath: "/magic-wan/configuration/manually/how-to/configure-tunnel-endpoints/#add-tunnels" + addTunnelsPath: + "/magic-wan/configuration/manually/how-to/configure-tunnel-endpoints/#add-tunnels", }} /> @@ -22,6 +23,6 @@ import { Render } from "~/components"; file="tunnel-health/health-checks-compatible-cmb-eu" product="networking-services" params={{ - productName: "Magic WAN" + productName: "Magic WAN", }} -/> \ No newline at end of file +/> From 87ca0e1cabea4c08cce9b3ce99a38c74076d0bd6 Mon Sep 17 00:00:00 2001 From: Pedro Sousa <680496+pedrosousa@users.noreply.github.com> Date: Wed, 10 Sep 2025 09:58:51 +0100 Subject: [PATCH 03/10] [Network] Update incorrect IP location process (#25028) --- src/content/docs/network/ip-geolocation.mdx | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/content/docs/network/ip-geolocation.mdx b/src/content/docs/network/ip-geolocation.mdx index 3aab2edf1db50c..a26d65684c6edd 100644 --- a/src/content/docs/network/ip-geolocation.mdx +++ b/src/content/docs/network/ip-geolocation.mdx @@ -46,4 +46,6 @@ In order to use this data, you will need to then retrieve it from the [`CF-IPCou ## Report an incorrect IP location -If you find an IP address with a location that you believe is incorrect, report it to `ip-corrections@cloudflare.com` along with the correct information as applicable (country, state/province, city name, and ZIP code). +If you find an IP address with a location that you believe is incorrect, fill in the [data correction form](https://www.cloudflare.com/lp/ip-corrections/) with the relevant IP address range(s) along with the correct information as applicable (country, state/province, city name, and ZIP code). + +If the data is confirmed, Cloudflare will make the necessary changes, which should be reflected within 48 hours. From e4a88b248171593a08d388548ee947631faa319c Mon Sep 17 00:00:00 2001 From: marciocloudflare <83226960+marciocloudflare@users.noreply.github.com> Date: Wed, 10 Sep 2025 10:40:56 +0100 Subject: [PATCH 04/10] [MWAN] IKE ID patch (#25048) * refined text * refined command * refined text --- .../common-settings/custom-ike-id-ipsec.mdx | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/src/content/docs/magic-wan/configuration/common-settings/custom-ike-id-ipsec.mdx b/src/content/docs/magic-wan/configuration/common-settings/custom-ike-id-ipsec.mdx index d5327cba7d6188..e92bd80bdd00a8 100644 --- a/src/content/docs/magic-wan/configuration/common-settings/custom-ike-id-ipsec.mdx +++ b/src/content/docs/magic-wan/configuration/common-settings/custom-ike-id-ipsec.mdx @@ -5,6 +5,8 @@ sidebar: order: 6 --- +import { CURL } from "~/components"; + Magic WAN customers can configure a custom IKE ID for their IPsec tunnels. Customers that are using Magic WAN and a VeloCloud SD-WAN device together should utilize this option to create a high availability configuration. :::note @@ -13,10 +15,13 @@ This feature is only available via API. There are no configuration options for a VeloCloud has a high availability mechanism that allows customers to specify one set of IKE parameters (like IKE ID) and multiple remote IPs. Customers create an IKE ID, and then assign the same custom IKE ID to their primary IPsec tunnel and their backup IPsec tunnel. FQDN is the only supported type for custom IKE IDs. -Magic WAN customers can set a custom IKE ID for an IPsec tunnel using the following API call. Customers will need to fill in the appropriate values for <account_id>, <tunnel_id>, and the FQDN wildcard before running the API call. +Magic WAN customers can set a custom IKE ID for an IPsec tunnel using the following API call. Customers will need to fill in the appropriate values for ``, ``, and the FQDN wildcard before running the API call. -```txt -% cloudflared access curl -https://conduit-api.cfdata.org/accounts//ipsec_tunnels/ --XPUT -d '{"custom_remote_identities": {"fqdn_id": "*..custom.ipsec.cloudflare.com"}}' -``` +..custom.ipsec.cloudflare.com"} + }} +/> From 29e13a7997bfa92cbb42659a3e556eda2b6649e0 Mon Sep 17 00:00:00 2001 From: Pedro Sousa <680496+pedrosousa@users.noreply.github.com> Date: Wed, 10 Sep 2025 12:45:29 +0100 Subject: [PATCH 05/10] [Ruleset Engine, Rules] Clarify function usage (#25050) --- .../transform/url-rewrite/reference/fields-functions.mdx | 2 +- .../docs/ruleset-engine/rules-language/functions.mdx | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/content/docs/rules/transform/url-rewrite/reference/fields-functions.mdx b/src/content/docs/rules/transform/url-rewrite/reference/fields-functions.mdx index c5543fea5110a2..81ad81afefd2ae 100644 --- a/src/content/docs/rules/transform/url-rewrite/reference/fields-functions.mdx +++ b/src/content/docs/rules/transform/url-rewrite/reference/fields-functions.mdx @@ -28,4 +28,4 @@ A rewrite expression (that is, the expression that defines the dynamic URL rewri Refer to the [Fields reference](/ruleset-engine/rules-language/fields/reference/) for more information on these fields. -The [`concat()`](/ruleset-engine/rules-language/functions/#concat), [`regex_replace()`](/ruleset-engine/rules-language/functions/#regex_replace), and [`wildcard_replace()`](/ruleset-engine/rules-language/functions/#wildcard_replace) functions can appear only **once** in a rewrite expression. +The [`concat()`](/ruleset-engine/rules-language/functions/#concat), [`regex_replace()`](/ruleset-engine/rules-language/functions/#regex_replace), and [`wildcard_replace()`](/ruleset-engine/rules-language/functions/#wildcard_replace) functions can appear only once in a rewrite expression. Additionally, you cannot nest the `regex_replace()` and `wildcard_replace()` functions. diff --git a/src/content/docs/ruleset-engine/rules-language/functions.mdx b/src/content/docs/ruleset-engine/rules-language/functions.mdx index 5ad75b57b8499d..1186cd323bc695 100644 --- a/src/content/docs/ruleset-engine/rules-language/functions.mdx +++ b/src/content/docs/ruleset-engine/rules-language/functions.mdx @@ -249,8 +249,10 @@ Examples: Create capture groups by putting part of the regular expression in parentheses. Then, reference a capture group using `${}` in the replacement string, where `` is the number of the capture group. +You can only use the `regex_replace()` function once in an expression, and you cannot nest it with the [`wildcard_replace()`](/ruleset-engine/rules-language/functions/#wildcard_replace) function. + :::note -You can only use the `regex_replace()` function in rewrite expressions of [Transform Rules](/rules/transform/) and target URL expressions of [dynamic URL redirects](/rules/url-forwarding/single-redirects/). +Currently, the `regex_replace()` function is only available in rewrite expressions of [Transform Rules](/rules/transform/) and target URL expressions of [dynamic URL redirects](/rules/url-forwarding/single-redirects/). ::: ### `remove_bytes` @@ -423,6 +425,8 @@ To perform case-sensitive wildcard matching, set the `flags` parameter to `"s"`. This function uses lazy matching, that is, it tries to match each `*` metacharacter with the shortest possible string. +You can only use the `wildcard_replace()` function once in an expression, and you cannot nest it with the [`regex_replace()`](/ruleset-engine/rules-language/functions/#regex_replace) function. + Examples: - If the full URI is `https://apps.example.com/calendar/admin?expand=true`,
From 5914460be8b5819464ddb45fee5218dfca5c7c33 Mon Sep 17 00:00:00 2001 From: Kody Jackson Date: Wed, 10 Sep 2025 07:25:16 -0500 Subject: [PATCH 06/10] Default code block title -- PCX-16857 (#25044) * [Chore] Add default language title if none set * update to be generic * Update src/plugins/expressive-code/default-titles.js Co-authored-by: Kian --------- Co-authored-by: Kian --- src/content/docs/1.1.1.1/troubleshooting.mdx | 3 +-- src/plugins/expressive-code/default-titles.js | 15 +++++++++++++++ 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/src/content/docs/1.1.1.1/troubleshooting.mdx b/src/content/docs/1.1.1.1/troubleshooting.mdx index 34405246ec0db1..5ef3d926802637 100644 --- a/src/content/docs/1.1.1.1/troubleshooting.mdx +++ b/src/content/docs/1.1.1.1/troubleshooting.mdx @@ -8,10 +8,9 @@ head: - tag: title content: Troubleshooting DNS Resolver slug: 1.1.1.1/troubleshooting - --- -import { Render } from "~/components" +import { Render } from "~/components"; This guide will help you diagnose and resolve common issues with Cloudflare's DNS Resolver. Before proceeding with manual troubleshooting steps, you can [verify your connection](/1.1.1.1/check/) to automatically gather relevant information. diff --git a/src/plugins/expressive-code/default-titles.js b/src/plugins/expressive-code/default-titles.js index 8f37f74ba94688..1e463167c6c50b 100644 --- a/src/plugins/expressive-code/default-titles.js +++ b/src/plugins/expressive-code/default-titles.js @@ -10,6 +10,21 @@ export default () => { context.codeBlock.props.title ??= "PowerShell"; break; } + case "javascript": + case "js": { + context.codeBlock.props.title ??= "JavaScript"; + break; + } + case "py": + case "python": { + context.codeBlock.props.title ??= "Python"; + break; + } + case "typescript": + case "ts": { + context.codeBlock.props.title ??= "TypeScript"; + break; + } default: { return; } From 39a4fc89213770e470be5551f552af669920e799 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro <62246989+RebeccaTamachiro@users.noreply.github.com> Date: Wed, 10 Sep 2025 14:06:59 +0100 Subject: [PATCH 07/10] [SSL] Remove auto switch to HTTP callout (#25022) --- .../changing-dcv-method/methods/delegated-dcv.mdx | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/src/content/docs/ssl/edge-certificates/changing-dcv-method/methods/delegated-dcv.mdx b/src/content/docs/ssl/edge-certificates/changing-dcv-method/methods/delegated-dcv.mdx index 1cdbb596dcf607..68df716025aad2 100644 --- a/src/content/docs/ssl/edge-certificates/changing-dcv-method/methods/delegated-dcv.mdx +++ b/src/content/docs/ssl/edge-certificates/changing-dcv-method/methods/delegated-dcv.mdx @@ -100,20 +100,9 @@ _acme-challenge.example.com. 3600 IN CNAME example.com. Date: Wed, 10 Sep 2025 14:42:34 +0100 Subject: [PATCH 08/10] Add release notes for Agents SDK + AI SDK v5 update (#24889) * Add release notes for Agents SDK + AI SDK v5 update * update to include workers-ai-provider v2.0.0 * some fixes * Update 2025-09-03-agents-sdk-beta-v5.mdx * Change release date for Agents SDK v5 update Updated release date from 2025-09-09 to 2025-09-10. --------- Co-authored-by: Sunil Pai --- .../agents/2025-09-03-agents-sdk-beta-v5.mdx | 268 ++++++++++++++++++ 1 file changed, 268 insertions(+) create mode 100644 src/content/changelog/agents/2025-09-03-agents-sdk-beta-v5.mdx diff --git a/src/content/changelog/agents/2025-09-03-agents-sdk-beta-v5.mdx b/src/content/changelog/agents/2025-09-03-agents-sdk-beta-v5.mdx new file mode 100644 index 00000000000000..97c8323f3f59e9 --- /dev/null +++ b/src/content/changelog/agents/2025-09-03-agents-sdk-beta-v5.mdx @@ -0,0 +1,268 @@ +--- +title: Agents SDK v0.1.0 and workers-ai-provider v2.0.0 with AI SDK v5 support +description: The latest release updates the Agents SDK with full AI SDK v5 compatibility, updated workers-ai-provider v2.0.0 with enhanced streaming and tool support, seamless legacy message migration, tool confirmation detection, and React hooks for building production-ready AI chat interfaces. +products: + - agents + - workers +date: 2025-09-10 +--- + +We've shipped a new release for the [Agents SDK](https://github.com/cloudflare/agents) bringing full compatibility with [AI SDK v5](https://ai-sdk.dev/docs/introduction) and introducing automatic message migration that handles all legacy formats transparently. + +This release includes improved streaming and tool support, tool confirmation detection (for "human in the loop" systems), enhanced React hooks with automatic tool resolution, improved error handling for streaming responses, and seamless migration utilities that work behind the scenes. + +This makes it ideal for building production AI chat interfaces with Cloudflare Workers AI models, agent workflows, human-in-the-loop systems, or any application requiring reliable message handling across SDK versions — all while maintaining backward compatibility. + +Additionally, we've updated workers-ai-provider v2.0.0, the official provider for Cloudflare Workers AI models, to be compatible with AI SDK v5. + +#### useAgentChat(options) + +Creates a new chat interface with enhanced v5 capabilities. + +```ts +// Basic chat setup +const { messages, sendMessage, addToolResult } = useAgentChat({ + agent, + experimental_automaticToolResolution: true, + tools, +}); + +// With custom tool confirmation +const chat = useAgentChat({ + agent, + experimental_automaticToolResolution: true, + toolsRequiringConfirmation: ["dangerousOperation"], +}); +``` + +#### Automatic Tool Resolution + +Tools are automatically categorized based on their configuration: + +```ts +const tools = { + // Auto-executes (has execute function) + getLocalTime: { + description: "Get current local time", + inputSchema: z.object({}), + execute: async () => new Date().toLocaleString(), + }, + + // Requires confirmation (no execute function) + deleteFile: { + description: "Delete a file from the system", + inputSchema: z.object({ + filename: z.string(), + }), + }, + + // Server-executed (no client confirmation) + analyzeData: { + description: "Analyze dataset on server", + inputSchema: z.object({ data: z.array(z.number()) }), + serverExecuted: true, + }, +} satisfies Record; +``` + +#### Message Handling + +Send messages using the new v5 format with parts array: + +```ts +// Text message +sendMessage({ + role: "user", + parts: [{ type: "text", text: "Hello, assistant!" }], +}); + +// Multi-part message with file +sendMessage({ + role: "user", + parts: [ + { type: "text", text: "Analyze this image:" }, + { type: "image", image: imageData }, + ], +}); +``` + +#### Tool Confirmation Detection + +Simplified logic for detecting pending tool confirmations: + +```ts +const pendingToolCallConfirmation = messages.some((m) => + m.parts?.some( + (part) => isToolUIPart(part) && part.state === "input-available", + ), +); + +// Handle tool confirmation +if (pendingToolCallConfirmation) { + await addToolResult({ + toolCallId: part.toolCallId, + tool: getToolName(part), + output: "User approved the action", + }); +} +``` + +### Automatic Message Migration + +Seamlessly handle legacy message formats without code changes. + +```ts +// All these formats are automatically converted: + +// Legacy v4 string content +const legacyMessage = { + role: "user", + content: "Hello world", +}; + +// Legacy v4 with tool calls +const legacyWithTools = { + role: "assistant", + content: "", + toolInvocations: [ + { + toolCallId: "123", + toolName: "weather", + args: { city: "SF" }, + state: "result", + result: "Sunny, 72°F", + }, + ], +}; + +// Automatically becomes v5 format: +// { +// role: "assistant", +// parts: [{ +// type: "tool-call", +// toolCallId: "123", +// toolName: "weather", +// args: { city: "SF" }, +// state: "result", +// result: "Sunny, 72°F" +// }] +// } +``` + +### Tool Definition Updates + +Migrate tool definitions to use the new `inputSchema` property. + +```ts +// Before (AI SDK v4) +const tools = { + weather: { + description: "Get weather information", + parameters: z.object({ + city: z.string(), + }), + execute: async (args) => { + return await getWeather(args.city); + }, + }, +}; + +// After (AI SDK v5) +const tools = { + weather: { + description: "Get weather information", + inputSchema: z.object({ + city: z.string(), + }), + execute: async (args) => { + return await getWeather(args.city); + }, + }, +}; +``` + +### Cloudflare Workers AI Integration + +Seamless integration with Cloudflare Workers AI models through the updated workers-ai-provider v2.0.0. + +#### Model Setup with Workers AI + +Use Cloudflare Workers AI models directly in your agent workflows: + +```ts +import { createWorkersAI } from "workers-ai-provider"; +import { useAgentChat } from "agents/ai-react"; + +// Create Workers AI model (v2.0.0 - same API, enhanced v5 internals) +const model = createWorkersAI({ + binding: env.AI, +})("@cf/meta/llama-3.2-3b-instruct"); +``` + +#### Enhanced File and Image Support + +Workers AI models now support v5 file handling with automatic conversion: + +```ts +// Send images and files to Workers AI models +sendMessage({ + role: "user", + parts: [ + { type: "text", text: "Analyze this image:" }, + { + type: "file", + data: imageBuffer, + mediaType: "image/jpeg", + }, + ], +}); + +// Workers AI provider automatically converts to proper format +``` + +#### Streaming with Workers AI + +Enhanced streaming support with automatic warning detection: + +```ts +// Streaming with Workers AI models +const result = await streamText({ + model: createWorkersAI({ binding: env.AI })("@cf/meta/llama-3.2-3b-instruct"), + messages, + onChunk: (chunk) => { + // Enhanced streaming with warning handling + console.log(chunk); + }, +}); +``` + +### Import Updates + +Update your imports to use the new v5 types: + +```ts +// Before (AI SDK v4) +import type { Message } from "ai"; +import { useChat } from "ai/react"; + +// After (AI SDK v5) +import type { UIMessage } from "ai"; +// or alias for compatibility +import type { UIMessage as Message } from "ai"; +import { useChat } from "@ai-sdk/react"; +``` + +## Resources + +- [Migration Guide](https://github.com/cloudflare/agents/blob/main/docs/migration-to-ai-sdk-v5.md) - Comprehensive migration documentation +- [AI SDK v5 Documentation](https://ai-sdk.dev/docs/migration-guides/migration-guide-5-0) - Official AI SDK migration guide +- [An Example PR showing the migration from AI SDK v4 to v5](https://github.com/cloudflare/agents-starter/pull/105) +- [GitHub Issues](https://github.com/cloudflare/agents/issues) - Report bugs or request features + +## Feedback Welcome + +We'd love your feedback! We're particularly interested in feedback on: + +- **Migration experience** - How smooth was the upgrade process? +- **Tool confirmation workflow** - Does the new automatic detection work as expected? +- **Message format handling** - Any edge cases with legacy message conversion? From 3a46f90ffd450dc1189fdb47c89f0304edd28587 Mon Sep 17 00:00:00 2001 From: stechedo <42300227+stechedo@users.noreply.github.com> Date: Wed, 10 Sep 2025 09:44:09 -0400 Subject: [PATCH 09/10] Update advertise-prefixes.mdx (#25053) Adding information on redundant Route Reflectors (PCX-19135) --- src/content/docs/magic-transit/how-to/advertise-prefixes.mdx | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/content/docs/magic-transit/how-to/advertise-prefixes.mdx b/src/content/docs/magic-transit/how-to/advertise-prefixes.mdx index 85acc277a47930..02f23d395c21d5 100644 --- a/src/content/docs/magic-transit/how-to/advertise-prefixes.mdx +++ b/src/content/docs/magic-transit/how-to/advertise-prefixes.mdx @@ -150,6 +150,8 @@ Optionally, you can use BGP to control the advertisement status of your prefix Prefixes can be advertised from Cloudflare's network in a supported on-demand method such as BGP Control, or dynamically via the UI, API, or [Magic Network Monitoring](/magic-transit/magic-network-monitoring/). During the onboarding of your on-demand prefixes, please specify whether you want BGP-controlled advertisement or dynamic advertisement (via dashboard/API/Magic Network Monitoring). +Our network architecture utilizes multiple, redundant Route Reflectors, ensuring that the failure of any single reflector does not impact overall network resiliency or traffic forwarding. For maximum resiliency, we recommend peering with all three of Cloudflare's redundant Route Reflectors, as this architecture ensures the failure of any single reflector does not impact overall network availability or traffic forwarding. + To begin using BGP control, contact your account team with the following information: - BGP endpoint IP addresses @@ -251,4 +253,4 @@ neighbor 173.245.63.66 { neighbor 141.101.67.22 { description "CF RR#3 CDG"; } -``` \ No newline at end of file +``` From 5515aceb97b0378a0c61419447c3471132ffeee1 Mon Sep 17 00:00:00 2001 From: marciocloudflare <83226960+marciocloudflare@users.noreply.github.com> Date: Wed, 10 Sep 2025 14:47:46 +0100 Subject: [PATCH 10/10] [MWAN] Two tunnels per WAN (#25054) * added 2 tunnel info * partial wan 2 tunnels * added 2 tunnels partial * 2 tunnel partial and refined text --- .../configuration/connector/reference.mdx | 8 ++++--- .../mconn/configure-connectors.mdx | 22 ++++++++++--------- .../mconn/wan-two-tunnels.mdx | 5 +++++ 3 files changed, 22 insertions(+), 13 deletions(-) create mode 100644 src/content/partials/networking-services/mconn/wan-two-tunnels.mdx diff --git a/src/content/docs/magic-wan/configuration/connector/reference.mdx b/src/content/docs/magic-wan/configuration/connector/reference.mdx index 1c005cb64dc8f4..4c76ea862d890c 100644 --- a/src/content/docs/magic-wan/configuration/connector/reference.mdx +++ b/src/content/docs/magic-wan/configuration/connector/reference.mdx @@ -6,7 +6,7 @@ sidebar: --- -import { GlossaryTooltip } from "~/components" +import { GlossaryTooltip, Render } from "~/components" Magic WAN Connector software is certified for use on the [Dell Networking Virtual Edge Platform](https://www.dell.com/support/home/en-us/product-support/product/dell-emc-networking-vep1445-vep1485/docs). It can be purchased with software pre-installed through our partner network for plug-and-play connectivity to Cloudflare One. @@ -79,7 +79,9 @@ When a failover occurs, traffic is moved to the new active node. It could take u ## WAN settings -This is where you add and configure your WAN connections. Each configured WAN will create one IPsec tunnel. +This is where you add and configure your WAN connections. Each configured WAN will create one IPsec tunnel, unless you have more than one anycast IP configured in your account. + + When you have multiple WANs you can attribute different priorities to each one. Lower values mean a higher priority. This translates in Connector routing traffic through the higher priority WANs or, more precisely, over the IPsec tunnels established over that interface. On the other hand, if you configure multiple WANs of equal priority, traffic will be distributed over those links through [(Equal-Cost Multi-Path) ECMP routing](/magic-wan/reference/traffic-steering/#equal-cost-multi-path-routing). @@ -91,7 +93,7 @@ For high-capacity use cases, multiple tunnels can be established with equal prio ### Configure multiple tunnels in the same WAN profile -If you need to configure multiple tunnels for the same WAN profile, [set up multiple WAN connections](/magic-wan/configuration/connector/configure-hardware-connector/#create-a-wan). Each WAN is assigned one IPsec tunnel. +If you do not have more than one anycast IP configured in your account, and you need to configure multiple tunnels for the same WAN profile, [set up multiple WAN connections](/magic-wan/configuration/connector/configure-hardware-connector/#create-a-wan). Each WAN is assigned one IPsec tunnel. ### WAN settings diff --git a/src/content/partials/networking-services/mconn/configure-connectors.mdx b/src/content/partials/networking-services/mconn/configure-connectors.mdx index 2dd5c346b6a503..88f882edbc72e6 100644 --- a/src/content/partials/networking-services/mconn/configure-connectors.mdx +++ b/src/content/partials/networking-services/mconn/configure-connectors.mdx @@ -11,16 +11,16 @@ params: --- import { - AnchorHeading, - Aside, - Card, - Code, - GlossaryTooltip, - Markdown, - Render, - Tabs, - TabItem, - DashButton, + AnchorHeading, + Aside, + Card, + Code, + GlossaryTooltip, + Markdown, + Render, + Tabs, + TabItem, + DashButton, } from "~/components"; { props.magicWord === "virtual" && ( @@ -333,6 +333,8 @@ To add a Connector on-ramp: + + 1. In **WAN configuration**, select **Create**. You can create one or more [wide area networks (WANs)](https://www.cloudflare.com/learning/network-layer/what-is-a-wan/). Configuring multiple WANs will create multiple IPsec tunnels (one IPsec tunnel per WAN port). This allows the Connector to load balance traffic over WANs of equal priority. It also allows Connector to failover between circuits according to their health. Refer to [WAN settings](/magic-wan/configuration/connector/reference/#wan-settings) for more details. :::note This is not the same as a high availability (HA) configuration. HA configurations need two Connectors to work. Refer to [About high availability configurations](#about-high-availability-configurations) for more information. diff --git a/src/content/partials/networking-services/mconn/wan-two-tunnels.mdx b/src/content/partials/networking-services/mconn/wan-two-tunnels.mdx new file mode 100644 index 00000000000000..8b699a9a3fac30 --- /dev/null +++ b/src/content/partials/networking-services/mconn/wan-two-tunnels.mdx @@ -0,0 +1,5 @@ +--- +{} +--- + +When you have more than one anycast IP configured in your account (set up during your Magic WAN onboarding), Connector will automatically create at most two tunnels per WAN port. This improves reliability and performance, and requires no additional configuration on your part. \ No newline at end of file