Author: guillaume

TL;DR: You can now create and save custom configurations of the Threat Events dashboard, allowing you to instantly return to specific filtered views — such as industry-specific attacks or regional Sankey flows — without manual reconfiguration.

Why this matters

Threat intelligence is most effective when it is personalized. Previously, analysts had to manually re-apply complex filters (like combining specific industry datasets with geographic origins) every time they logged in. This update provides material value by:

• Analysts can now jump straight into “Known Ransomware Infrastructure” or “Retail Sector Targets” views with a single click, eliminating repetitive setup tasks
• Teams can ensure everyone is looking at the same data subsets by using standardized saved views, reducing the risk of missing critical patterns due to inconsistent filtering.

Cloudforce One subscribers can start saving their custom views now in Application Security > Threat Intelligence > Threat Events.

Cloudflare Tunnel is now available in the main Cloudflare Dashboard at Networking > Tunnels, bringing first-class Tunnel management to developers using Tunnel for securing origin servers.

This new experience provides everything you need to manage Tunnels for public applications, including:

• Full Tunnel lifecycle management: Create, configure, delete, and monitor all your Tunnels in one place.
• Native integrations: View Tunnels by name when configuring DNS records and Workers VPC — no more copy-pasting UUIDs.
• Real-time visibility: Monitor replicas and Tunnel health status directly in the dashboard.
• Routing map: Manage all ingress routes for your Tunnel, including public applications, private hostnames, private CIDRs, and Workers VPC services, from a single interactive interface.

Choose the right dashboard for your use case

Core Dashboard: Navigate to Networking > Tunnels to manage Tunnels for:

• Securing origin servers and public applications with CDN, WAF, Load Balancing, and DDoS protection
• Connecting Workers to private services via Workers VPC

Cloudflare One Dashboard: Navigate to Zero Trust > Networks > Connectors to manage Tunnels for:

• Securing your public applications with Zero Trust access policies
• Connecting users to private applications
• Building a private mesh network

Both dashboards provide complete Tunnel management capabilities — choose based on your primary workflow.

Get started

New to Tunnel? Learn how to get started with Cloudflare Tunnel or explore advanced use cases like securing SSH servers or running Tunnels in Kubernetes.

The @cloudflare/codemode package has been rewritten into a modular, runtime-agnostic SDK.

Code Mode enables LLMs to write and execute code that orchestrates your tools, instead of calling them one at a time. This can (and does) yield significant token savings, reduces context window pressure and improves overall model performance on a task.

The new Executor interface is runtime agnostic and comes with a prebuilt DynamicWorkerExecutor to run generated code in a Dynamic Worker Loader.

Breaking changes

• Removed experimental_codemode() and CodeModeProxy — the package no longer owns an LLM call or model choice
• New import path: createCodeTool() is now exported from @cloudflare/codemode/ai

New features

• createCodeTool() — Returns a standard AI SDK Tool to use in your AI agents.
• Executor interface — Minimal execute(code, fns) contract. Implement for any code sandboxing primitive or runtime.

DynamicWorkerExecutor

Runs code in a Dynamic Worker. It comes with the following features:

• Network isolation — fetch() and connect() blocked by default (globalOutbound: null) when using DynamicWorkerExecutor
• Console capture — console.log/warn/error captured and returned in ExecuteResult.logs
• Execution timeout — Configurable via timeout option (default 30s)

Usage

• JavaScript

  import { createCodeTool } from "@cloudflare/codemode/ai";
  import { DynamicWorkerExecutor } from "@cloudflare/codemode";
  import { streamText } from "ai";
  
  const executor = new DynamicWorkerExecutor({ loader: env.LOADER });
  const codemode = createCodeTool({ tools: myTools, executor });
  
  const result = streamText({
    model,
    tools: { codemode },
    messages,
  });

• TypeScript

  import { createCodeTool } from "@cloudflare/codemode/ai";
  import { DynamicWorkerExecutor } from "@cloudflare/codemode";
  import { streamText } from "ai";
  
  const executor = new DynamicWorkerExecutor({ loader: env.LOADER });
  const codemode = createCodeTool({ tools: myTools, executor });
  
  const result = streamText({
    model,
    tools: { codemode },
    messages,
  });

Wrangler configuration

• wrangler.jsonc

  {
    "worker_loaders": [{ "binding": "LOADER" }],
  }

• wrangler.toml

  [[worker_loaders]]
  binding = "LOADER"

See the Code Mode documentation for full API reference and examples.

Upgrade

npm i @cloudflare/codemode@latest

The @cloudflare/codemode package has been rewritten into a modular, runtime-agnostic SDK.

Code Mode enables LLMs to write and execute TypeScript that orchestrates your tools, instead of calling them one at a time. This can (and does) yield significant token savings, reduces context window pressure and improves overall model performance on a task.

The new Executor interface is runtime agnostic and comes with a prebuilt DynamicWorkerExecutor to run generated code in a Dynamic Worker Loader.

Breaking changes

• Removed experimental_codemode() and CodeModeProxy — the package no longer owns an LLM call or model choice
• New import path: createCodeTool() is now exported from @cloudflare/codemode/ai

New features

• createCodeTool() — Returns a standard AI SDK Tool to use in your AI agents.
• Executor interface — Minimal execute(code, fns) contract. Implement for any code sandboxing primitive or runtime.

DynamicWorkerExecutor

Runs code in a Dynamic Worker. It comes with the following features:

• Network isolation — fetch() and connect() blocked by default (globalOutbound: null) when using DynamicWorkerExecutor
• Console capture — console.log/warn/error captured and returned in ExecuteResult.logs
• Execution timeout — Configurable via timeout option (default 30s)

Usage

• JavaScript

  import { createCodeTool } from "@cloudflare/codemode/ai";
  import { DynamicWorkerExecutor } from "@cloudflare/codemode";
  import { streamText } from "ai";
  
  const executor = new DynamicWorkerExecutor({ loader: env.LOADER });
  const codemode = createCodeTool({ tools: myTools, executor });
  
  const result = streamText({
    model,
    tools: { codemode },
    messages,
  });

• TypeScript

  import { createCodeTool } from "@cloudflare/codemode/ai";
  import { DynamicWorkerExecutor } from "@cloudflare/codemode";
  import { streamText } from "ai";
  
  const executor = new DynamicWorkerExecutor({ loader: env.LOADER });
  const codemode = createCodeTool({ tools: myTools, executor });
  
  const result = streamText({
    model,
    tools: { codemode },
    messages,
  });

Wrangler configuration

• wrangler.jsonc

  {
    "worker_loaders": [{ "binding": "LOADER" }],
  }

• wrangler.toml

  [[worker_loaders]]
  binding = "LOADER"

See the Code Mode documentation for full API reference and examples.

Upgrade

npm i @cloudflare/codemode@latest

Cloudflare Tunnel is now available in the main Cloudflare Dashboard at Networking > Tunnels, bringing first-class Tunnel management to developers using Tunnel for securing origin servers.

This new experience provides everything you need to manage Tunnels for public applications, including:

• Full Tunnel lifecycle management: Create, configure, delete, and monitor all your Tunnels in one place.
• Native integrations: View Tunnels by name when configuring DNS records and Workers VPC — no more copy-pasting UUIDs.
• Real-time visibility: Monitor replicas and Tunnel health status directly in the dashboard.
• Routing map: Manage all ingress routes for your Tunnel, including public applications, private hostnames, private CIDRs, and Workers VPC services, from a single interactive interface.

Choose the right dashboard for your use case

Core Dashboard: Navigate to Networking > Tunnels to manage Tunnels for:

• Securing origin servers and public applications with CDN, WAF, Load Balancing, and DDoS protection
• Connecting Workers to private services via Workers VPC

Cloudflare One Dashboard: Navigate to Zero Trust > Networks > Connectors to manage Tunnels for:

• Securing your public applications with Zero Trust access policies
• Connecting users to private applications
• Building a private mesh network

Both dashboards provide complete Tunnel management capabilities — choose based on your primary workflow.

Get started

New to Tunnel? Learn how to get started with Cloudflare Tunnel or explore advanced use cases like securing SSH servers or running Tunnels in Kubernetes.

Cloudflare Tunnel is now available in the main Cloudflare Dashboard at Networking > Tunnels, bringing first-class Tunnel management to developers using Tunnel for securing origin servers.

This new experience provides everything you need to manage Tunnels for public applications, including:

• Full Tunnel lifecycle management: Create, configure, delete, and monitor all your Tunnels in one place.
• Native integrations: View Tunnels by name when configuring DNS records and Workers VPC — no more copy-pasting UUIDs.
• Real-time visibility: Monitor replicas and Tunnel health status directly in the dashboard.
• Routing map: Manage all ingress routes for your Tunnel, including public applications, private hostnames, private CIDRs, and Workers VPC services, from a single interactive interface.

Choose the right dashboard for your use case

Core Dashboard: Navigate to Networking > Tunnels to manage Tunnels for:

• Securing origin servers and public applications with CDN, WAF, Load Balancing, and DDoS protection
• Connecting Workers to private services via Workers VPC

Cloudflare One Dashboard: Navigate to Zero Trust > Networks > Connectors to manage Tunnels for:

• Securing your public applications with Zero Trust access policies
• Connecting users to private applications
• Building a private mesh network

Both dashboards provide complete Tunnel management capabilities — choose based on your primary workflow.

Get started

New to Tunnel? Learn how to get started with Cloudflare Tunnel or explore advanced use cases like securing SSH servers or running Tunnels in Kubernetes.

The @cloudflare/codemode package has been rewritten into a modular, runtime-agnostic SDK.

Code Mode enables LLMs to write and execute code that orchestrates your tools, instead of calling them one at a time. This can (and does) yield significant token savings, reduces context window pressure and improves overall model performance on a task.

The new Executor interface is runtime agnostic and comes with a prebuilt DynamicWorkerExecutor to run generated code in a Dynamic Worker Loader.

Breaking changes

• Removed experimental_codemode() and CodeModeProxy — the package no longer owns an LLM call or model choice
• New import path: createCodeTool() is now exported from @cloudflare/codemode/ai

New features

• createCodeTool() — Returns a standard AI SDK Tool to use in your AI agents.
• Executor interface — Minimal execute(code, fns) contract. Implement for any code sandboxing primitive or runtime.

DynamicWorkerExecutor

Runs code in a Dynamic Worker. It comes with the following features:

• Network isolation — fetch() and connect() blocked by default (globalOutbound: null) when using DynamicWorkerExecutor
• Console capture — console.log/warn/error captured and returned in ExecuteResult.logs
• Execution timeout — Configurable via timeout option (default 30s)

Usage

• JavaScript

  import { createCodeTool } from "@cloudflare/codemode/ai";
  import { DynamicWorkerExecutor } from "@cloudflare/codemode";
  import { streamText } from "ai";
  
  const executor = new DynamicWorkerExecutor({ loader: env.LOADER });
  const codemode = createCodeTool({ tools: myTools, executor });
  
  const result = streamText({
    model,
    tools: { codemode },
    messages,
  });

• TypeScript

  import { createCodeTool } from "@cloudflare/codemode/ai";
  import { DynamicWorkerExecutor } from "@cloudflare/codemode";
  import { streamText } from "ai";
  
  const executor = new DynamicWorkerExecutor({ loader: env.LOADER });
  const codemode = createCodeTool({ tools: myTools, executor });
  
  const result = streamText({
    model,
    tools: { codemode },
    messages,
  });

Wrangler configuration

• wrangler.jsonc

  {
    "worker_loaders": [{ "binding": "LOADER" }],
  }

• wrangler.toml

  [[worker_loaders]]
  binding = "LOADER"

See the Code Mode documentation for full API reference and examples.

Upgrade

npm i @cloudflare/codemode@latest

Cloudflare Tunnel is now available in the main Cloudflare Dashboard at Networking > Tunnels, bringing first-class Tunnel management to developers using Tunnel for securing origin servers.

This new experience provides everything you need to manage Tunnels for public applications, including:

• Full Tunnel lifecycle management: Create, configure, delete, and monitor all your Tunnels in one place.
• Native integrations: View Tunnels by name when configuring DNS records and Workers VPC — no more copy-pasting UUIDs.
• Real-time visibility: Monitor replicas and Tunnel health status directly in the dashboard.
• Routing map: Manage all ingress routes for your Tunnel, including public applications, private hostnames, private CIDRs, and Workers VPC services, from a single interactive interface.

Choose the right dashboard for your use case

Core Dashboard: Navigate to Networking > Tunnels to manage Tunnels for:

• Securing origin servers and public applications with CDN, WAF, Load Balancing, and DDoS protection
• Connecting Workers to private services via Workers VPC

Cloudflare One Dashboard: Navigate to Zero Trust > Networks > Connectors to manage Tunnels for:

• Securing your public applications with Zero Trust access policies
• Connecting users to private applications
• Building a private mesh network

Both dashboards provide complete Tunnel management capabilities — choose based on your primary workflow.

Get started

New to Tunnel? Learn how to get started with Cloudflare Tunnel or explore advanced use cases like securing SSH servers or running Tunnels in Kubernetes.

The @cloudflare/codemode package has been rewritten into a modular, runtime-agnostic SDK.

Code Mode enables LLMs to write and execute code that orchestrates your tools, instead of calling them one at a time. This can (and does) yield significant token savings, reduces context window pressure and improves overall model performance on a task.

The new Executor interface is runtime agnostic and comes with a prebuilt DynamicWorkerExecutor to run generated code in a Dynamic Worker Loader.

Breaking changes

• Removed experimental_codemode() and CodeModeProxy — the package no longer owns an LLM call or model choice
• New import path: createCodeTool() is now exported from @cloudflare/codemode/ai

New features

• createCodeTool() — Returns a standard AI SDK Tool to use in your AI agents.
• Executor interface — Minimal execute(code, fns) contract. Implement for any code sandboxing primitive or runtime.

DynamicWorkerExecutor

Runs code in a Dynamic Worker. It comes with the following features:

• Network isolation — fetch() and connect() blocked by default (globalOutbound: null) when using DynamicWorkerExecutor
• Console capture — console.log/warn/error captured and returned in ExecuteResult.logs
• Execution timeout — Configurable via timeout option (default 30s)

Usage

• JavaScript

  import { createCodeTool } from "@cloudflare/codemode/ai";
  import { DynamicWorkerExecutor } from "@cloudflare/codemode";
  import { streamText } from "ai";
  
  const executor = new DynamicWorkerExecutor({ loader: env.LOADER });
  const codemode = createCodeTool({ tools: myTools, executor });
  
  const result = streamText({
    model,
    tools: { codemode },
    messages,
  });

• TypeScript

  import { createCodeTool } from "@cloudflare/codemode/ai";
  import { DynamicWorkerExecutor } from "@cloudflare/codemode";
  import { streamText } from "ai";
  
  const executor = new DynamicWorkerExecutor({ loader: env.LOADER });
  const codemode = createCodeTool({ tools: myTools, executor });
  
  const result = streamText({
    model,
    tools: { codemode },
    messages,
  });

Wrangler configuration

• wrangler.jsonc

  {
    "worker_loaders": [{ "binding": "LOADER" }],
  }

• wrangler.toml

  [[worker_loaders]]
  binding = "LOADER"

See the Code Mode documentation for full API reference and examples.

Upgrade

npm i @cloudflare/codemode@latest

A new Allow clientless access setting makes it easier to enable access to private self-hosted applications without a device client.

Previously, to provide clientless access to a private hostname or IP, you had to create a separate bookmark application pointing to a prefixed Clientless Web Isolation URL (for example, https://<your-teamname>.cloudflareaccess.com/browser/https://10.0.0.1/). This bookmark was visible to all users in the App Launcher, regardless of whether they had access to the underlying application.

Now, you can manage clientless access directly within your private self-hosted application. When Allow clientless access is turned on, users who pass your Access application policies will see a tile in their App Launcher pointing to the prefixed URL. Users must have remote browser permissions to open the link.