Changelog
New updates and improvements at Cloudflare.
@cf/moonshotai/kimi-k2.7-codeis now available on Workers AI. Kimi K2.7 Code is a code-optimized variant of the Kimi K2 family, built on a Mixture-of-Experts architecture with 1T total parameters and 32B active per token.K2.7 Code delivers meaningful gains over K2.6 on coding and agentic benchmarks:
- +21.8% on Kimi Code Bench v2
- +11.0% on Program Bench
- +31.5% on MLS Bench Lite
K2.7 Code uses 30% fewer reasoning tokens compared to K2.6, reducing overthinking and lowering inference cost for reasoning-heavy workloads.
- 262.1k token context window for retaining full conversation history, tool definitions, and codebases across long-running agent sessions
- Long-horizon coding with improved instruction following and higher end-to-end coding task success rates
- Vision inputs for processing images alongside text
- Thinking mode with configurable reasoning depth via
chat_template_kwargs.thinking - Multi-turn tool calling for building agents that invoke tools across multiple conversation turns
- Structured outputs with JSON schema support
If you are migrating from Kimi K2.6, note the following:
- K2.7 Code is optimized for coding tasks with improved benchmark performance and reasoning efficiency
- Cached input token pricing is $0.19 per M tokens (vs $0.16 for K2.6)
- API usage is identical — no parameter changes required
Use Kimi K2.7 Code through the Workers AI binding (
env.AI.run()), the REST API at/ai/run, or the OpenAI-compatible endpoint at/v1/chat/completions. You can also use AI Gateway with any of these endpoints.For more information, refer to the Kimi K2.7 Code model page and pricing.
Browser Run's
/snapshotendpoint now supports aformatsparameter that lets you return multiple page formats in a single API call. Previously,/snapshotreturned only HTML content and a screenshot. You can now also include Markdown and the accessibility tree in the same response.These formats are particularly useful for AI agent workflows:
- Markdown provides a token-efficient representation of page content that LLMs can process directly, without parsing HTML markup.
- The accessibility tree provides a structured representation of a page's elements, including roles, labels, and hierarchy, helping LLMs understand page structure and navigate its contents.
The following example returns a screenshot, Markdown, and the accessibility tree in one call:
Terminal window curl -X POST 'https://api.cloudflare.com/client/v4/accounts/<accountId>/browser-rendering/snapshot' \-H 'Authorization: Bearer <apiToken>' \-H 'Content-Type: application/json' \-d '{"url": "https://example.com/","formats": ["screenshot", "markdown", "accessibilityTree"]}'TypeScript import Cloudflare from "cloudflare";const client = new Cloudflare({apiToken: process.env["CLOUDFLARE_API_TOKEN"],});const snapshot = await client.browserRendering.snapshot.create({account_id: process.env["CLOUDFLARE_ACCOUNT_ID"],url: "https://example.com/",formats: ["screenshot", "markdown", "accessibilityTree"],});console.log(snapshot.markdown);console.log(snapshot.accessibilityTree);TypeScript interface Env {BROWSER: BrowserRun;}export default {async fetch(request, env): Promise<Response> {return await env.BROWSER.quickAction("snapshot", {url: "https://example.com/",formats: ["screenshot", "markdown", "accessibilityTree"],});},} satisfies ExportedHandler<Env>;You must request at least two formats. If you only need one, use the respective single-format endpoint such as
/screenshotor/markdown.Refer to the
/snapshotdocumentation for the full list of accepted values.

Customers can now view the number of Dynamic Workers invoked during their billing period from the Workers overview page in the Cloudflare dashboard.
This count reflects the number of Dynamic Workers that Cloudflare would bill for during the selected billing period. Dynamic Workers usage data only goes back to June 1, 2026.
You can also query this count through the GraphQL Analytics API by using
workersInvocationsByOwnerAndScriptGroupsand selectingdistinctDynamicWorkerCount:query getDynamicWorkersCount($accountTag: string!$filter: AccountWorkersInvocationsByOwnerAndScriptGroupsFilter_InputObject) {viewer {accounts(filter: { accountTag: $accountTag }) {workersInvocationsByOwnerAndScriptGroups(limit: 10000, filter: $filter) {uniq {distinctDynamicWorkerCount}}}}}Use variables to set the account and billing-period date range:
{"accountTag": "<ACCOUNT_ID>","filter": {"date_geq": "2026-06-01","date_leq": "2026-06-30"}}For more information, refer to Dynamic Workers pricing.
AI Search now supports namespace-level Wrangler commands, making it easier to manage namespaces from your terminal, scripts, and agent workflows.
The following commands are available:
Command Description wrangler ai-search namespace listList AI Search namespaces wrangler ai-search namespace createCreate a new AI Search namespace wrangler ai-search namespace getGet details for a namespace wrangler ai-search namespace updateUpdate a namespace description wrangler ai-search namespace deleteDelete an AI Search namespace Create a namespace for a new application or tenant directly from the CLI:
Terminal window wrangler ai-search namespace create docs-production --description "Production documentation search"List namespaces with pagination or filter by name or description:
Terminal window wrangler ai-search namespace list --search docs --page 1 --per-page 10Use
--jsonwithlist,create,get, andupdateto return structured output that automation and AI agents can parse directly.Instance-level commands also now support a
--namespaceflag, so you can interact with instances inside a specific namespace from the CLI:Terminal window wrangler ai-search list --namespace docs-productionFor full usage details, refer to the AI Search Wrangler commands documentation.
The Flagship API reference is now available. You can use the Cloudflare API to create and update apps, and to create, update, delete, and list feature flags without using the dashboard.
For example, create a new boolean flag with the API:
Terminal window curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/flagship/apps/$APP_ID/flags \-H "Content-Type: application/json" \-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \-d '{"key": "new-checkout","enabled": true,"default_variation": "off","variations": {"off": false,"on": true},"rules": []}'To create an API token, go to Account API Tokens ↗ in the Cloudflare dashboard and search for Flagship.
The API reference includes endpoints for Flagship apps, flags, changelog entries, and flag evaluation. Agents can also use the Flagship reference in the Cloudflare skill ↗ to create and manage Flagship resources.
Refer to the Flagship documentation to learn more about evaluating feature flags from your applications.
Use the Images binding to upload, list, retrieve, update, and delete images stored in Images directly from your Worker without managing API tokens or making HTTP requests.
The
env.IMAGES.hostednamespace supports the following storage and management operations:.upload(image, options)— Upload a new image to your account..list(options)— List images with pagination..image(imageId).details()— Get image metadata..image(imageId).bytes()— Stream the original image bytes..image(imageId).update(options)— Update metadata or access controls..image(imageId).delete()— Delete an image.
For example, you can upload an image from a request body and return its metadata:
TypeScript const image = await env.IMAGES.hosted.upload(request.body, {filename: "upload.jpg",metadata: { source: "worker" },});return Response.json(image);Or retrieve and serve the original bytes of a hosted image:
TypeScript const bytes = await env.IMAGES.hosted.image("IMAGE_ID").bytes();return new Response(bytes);For more information, refer to the Images binding.
Today we are announcing the deprecation of several features from the Sandbox SDK. The SDK has grown and matured substantially since it first launched. As agent workflows have developed, we have shipped many new features and experiments so developers can easily integrate secure, isolated code execution into their workflows.
We want the SDK to continue providing a stable foundation for agentic workflows while we iterate quickly on the codebase. These deprecated features have either been superseded by newer capabilities or seen low adoption. They will remain in the codebase until July 9, 2026, after which they will no longer be present in future Sandbox SDK versions.
In April 2026, we released the new RPC transport and deprecated the WebSocket transport. This setting governs how the sandbox container talks to the Workers ecosystem. The RPC transport removes the limitations of both the HTTP and WebSocket transports. As of June 9, 2026, it is the recommended default. HTTP and WebSocket transports will no longer be present in Sandbox SDK versions released after July 9, 2026.
To migrate before July 9, 2026, update the
SANDBOX_TRANSPORTvariable torpcor set thetransportoption when callinggetSandbox(). For more information, refer to the transport configuration documentation.The desktop feature landed as a technical demonstration of what can be done with the Sandbox SDK — controlling a full browser environment from within a sandbox. With Cloudflare Browser Run now available, this feature saw very little use. We have removed it in
0.10.2.We recently released support for Cloudflare Tunnel in the Sandbox SDK. This provides a robust API for exposing services running in your sandbox to the public internet. It fixes issues many were facing with local development and deployment to
workers.devdomains. To migrate fromexposePort()to tunnels, refer to the tunnels API documentation and the expose services guide.By default, the
exec()method in the Sandbox SDK maintains a default session across all calls, so acdin one call is honored in the next. This convenience helped developers writingexecstatements by hand, but confused agents and caused hard-to-trace bugs. As of0.10.3, we have introduced theenableDefaultSessionflag on thegetSandbox()interface to turn this off. Default sessions as a concept — and the flag — will be removed in an upcoming release.We recommend setting
enableDefaultSession: falsetoday and using thesandbox.createSession()API when you need the previous behavior.We are also consolidating all APIs that buffer data to support streaming by default. This includes
readFile,writeFile, andexec. The stream equivalents will be removed.We are exploring moving non-core features like the code interpreter, terminal, and git APIs into helpers. These features will retain their existing APIs, so migration should be simple.
If you use any of these features, refer to the 2026 deprecation migration guide. We also provide an agent skill to help with the migration.
For any questions, ask in the Cloudflare Developers Discord ↗.
You can now send emails through Cloudflare Email Service using authenticated SMTP submission on
smtp.mx.cloudflare.net:465. SMTP joins the REST API and the Workers binding as a third way to send transactional email — useful for existing applications that already speak SMTP and language-native SMTP libraries (Nodemailer,smtplib, PHPMailer, JavaMail).Setting Value Host smtp.mx.cloudflare.netPort 465(implicit TLS)AUTH PLAINorLOGINUsername api_tokenPassword A Cloudflare API token (account-owned or user-owned) with Email Sending: Edit Submissions enter the same delivery pipeline as the REST API and Workers binding: identical limits, automatic DKIM and ARC signing, and shared dashboard logs.
Send your first email with a single command:
Terminal window curl --ssl-reqd \--url "smtps://smtp.mx.cloudflare.net:465" \--user "api_token:<API_TOKEN>" \--mail-from "welcome@yourdomain.com" \--mail-rcpt "user@example.com" \--upload-file mail.txtRefer to the SMTP reference for authentication details, response codes, and language-specific examples.
R2 SQL now supports set operations (
UNION,INTERSECT,EXCEPT) andSELECT DISTINCT, expanding the range of analytical queries you can run directly on Apache Iceberg ↗ tables in R2 Data Catalog.Combine the results of multiple
SELECTstatements:UNION— returns all rows from both queries, removing duplicatesUNION ALL— returns all rows from both queries, including duplicatesINTERSECT— returns only rows that appear in both queriesEXCEPT— returns rows from the first query that do not appear in the second
-- Find zones that had either firewall blocks OR high-risk requestsSELECT zone_id FROM my_namespace.firewall_events WHERE action = 'block'UNIONSELECT zone_id FROM my_namespace.http_requests WHERE risk_score > 0.8-- Find zones with both firewall blocks AND high trafficSELECT zone_id FROM my_namespace.firewall_events WHERE action = 'block'INTERSECTSELECT zone_id FROM my_namespace.http_requestsGROUP BY zone_idHAVING COUNT(*) > 10000-- Find enterprise zones that have not been compactedSELECT zone_id FROM my_namespace.zones WHERE plan = 'enterprise'EXCEPTSELECT zone_id FROM my_namespace.compaction_historyEliminate duplicate rows from query results:
SELECT DISTINCT region, departmentFROM my_namespace.sales_dataWHERE total_amount > 1000ORDER BY region, departmentLIMIT 100For large datasets where approximate results are acceptable,
approx_distinct()remains a faster alternative for counting unique values.For the full syntax reference, refer to the SQL reference. For performance guidance, refer to Limitations and best practices.
RealtimeKit lets you build products where people meet over live audio and video — such as HealthTech, EdTech, proctoring, and other real-time platforms — on Cloudflare's global WebRTC infrastructure.
Post-meeting transcription is now Generally Available, so completed RealtimeKit meetings can automatically produce full transcript files after they end. Those transcripts can also power AI-generated summaries for meeting notes, review workflows, and follow-up tasks after the transcript is available.
Post-meeting transcription is a managed service powered by Workers AI using Whisper Large v3 Turbo. RealtimeKit handles transcription processing and can return transcript and summary files through webhooks or the REST API, so you do not need to run your own transcription infrastructure.
To generate a transcript after a meeting ends, set
transcribe_on_end: truewhen creating a meeting. To also generate an AI summary automatically after the transcript is available, setsummarize_on_end: true:Terminal window curl -X POST "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/realtime/kit/$APP_ID/meetings" \-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \-H "Content-Type: application/json" \-d '{"title": "Weekly product review","transcribe_on_end": true,"summarize_on_end": true,"ai_config": {"transcription": {"language": "en"},"summarization": {"word_limit": 500,"text_format": "markdown","summary_type": "team_meeting"}}}'When RealtimeKit finishes processing a meeting, it creates download URLs for the transcript and, if
summarize_on_endis set, the summary. You can receive those URLs automatically with webhooks, or fetch them later for a specific session with the REST API.To receive results as soon as they are ready, configure the
meeting.transcriptandmeeting.summarywebhook events:Terminal window curl -X POST "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/realtime/kit/$APP_ID/webhooks" \-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \-H "Content-Type: application/json" \-d '{"name": "AI results webhook","url": "https://example.com/webhook","events": ["meeting.transcript", "meeting.summary"],"enabled": true}'To fetch results later, call the transcript or summary endpoint for the session:
Terminal window curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/realtime/kit/$APP_ID/sessions/$SESSION_ID/transcript" \-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN"curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/realtime/kit/$APP_ID/sessions/$SESSION_ID/summary" \-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN"Use the Generate summary of transcripts for the session API only if
summarize_on_endwas not set and you want to generate a summary manually after the transcript is available:Terminal window curl -X POST "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/realtime/kit/$APP_ID/sessions/$SESSION_ID/summary" \-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN"Post-meeting transcription supports CSV, JSON, SRT, and VTT transcript outputs, automatic language detection and Whisper language codes. RealtimeKit also supports real-time transcription with Deepgram Nova-3 for live captions, in-meeting accessibility, and real-time note-taking.
Learn more in the RealtimeKit transcription docs and summary docs.
Workflows now supports saga-style rollbacks, allowing you to add compensating logic to each
step.do()in case of downstream failures. If the instance fails, the rollback handlers will execute in reversestep-startorder.This is useful for multi-step operations that touch external systems, such as inventory reservations, payment authorization, ticket creation, or infrastructure provisioning. Instead of writing all cleanup logic in a top-level
catch, you can keep each compensating action next to the step it undoes.Rollback handlers support their own retry and timeout configuration, and Workflows now exposes rollback outcomes in instance status responses. Workflows analytics also emits rollback lifecycle events, making it easier to distinguish a forward execution failure from a rollback failure when debugging production workflows.
JavaScript await step.do("provision resource",async () => {const resource = await provisionResource();return { resourceId: resource.id };},{rollback: async ({ output }) => {const { resourceId } = output;await deleteResource(resourceId);},rollbackConfig: {retries: { limit: 3, delay: "15 seconds", backoff: "linear" },timeout: "2 minutes",},},);TypeScript await step.do("provision resource",async () => {const resource = await provisionResource();return { resourceId: resource.id };},{rollback: async ({ output }) => {const { resourceId } = output as { resourceId: string };await deleteResource(resourceId);},rollbackConfig: {retries: { limit: 3, delay: "15 seconds", backoff: "linear" },timeout: "2 minutes",},},);Refer to rollback options to learn more.
AI Gateway now supports spend limits — cost-based budgets that track cumulative dollar spend and block requests when the budget is exceeded. Unlike rate limiting, which caps the number of requests, spend limits track actual cost based on token usage and model pricing.
You can scope limits by model, provider, or custom metadata dimensions. For example, give each user a $200/day budget, cap total gateway spend at $10,000/day, or limit a specific model to $50/day per user. Each rule uses a configurable time window with fixed or sliding enforcement.
Spend limits work with both Unified Billing and BYOK requests for models with known pricing.
For more details, refer to the Spend limits documentation.
Workers using a VPC Network binding with
network_id: "cf1:network"now egress to public Internet destinations through Cloudflare Gateway. This means your existing Zero Trust traffic policies — DNS, HTTP, Network, and egress — extend to traffic that originates from your Workers, the same way they do for WARP users today.-
Calls
env.EGRESS.fetch() - VPC binding
-
Bind via
cf1:network - Public Internet
Any public hostname or IP
What you get by default:
- Visibility. Worker egress shows up in Gateway DNS, HTTP, and Network logs alongside your other traffic, so you can audit what your Workers are calling and when.
- Enforcement. Any existing Gateway policy whose selectors match a Worker request will apply — including allow / block lists, DNS category filtering, and HTTP destination rules. If you have already blocked a category for your workforce, your Workers inherit that block.
JSONC {"vpc_networks": [{"binding": "EGRESS","network_id": "cf1:network","remote": true,},],}TOML [[vpc_networks]]binding = "EGRESS"network_id = "cf1:network"remote = trueJavaScript // Egress to a public destination — subject to your Gateway policies and loggedconst response = await env.EGRESS.fetch("https://api.example.com/data");TypeScript // Egress to a public destination — subject to your Gateway policies and loggedconst response = await env.EGRESS.fetch("https://api.example.com/data");For configuration options, refer to VPC Networks. For policy authoring, refer to Cloudflare Gateway traffic policies.
-
Pay-as-you-go customers can now view billable usage and create budget alerts directly from the product overview pages for Workers & Pages, D1, R2, Workers KV, Queues, Vectorize, Durable Objects, and Containers. A new sidebar widget shows current-period spend and the billing cycle date range, alongside a button to create a budget alert.
The widget pulls from the same data as the Billable Usage dashboard and aligns to your billing cycle (or the current day on Free plans), so the numbers match your invoice. Enterprise contract accounts are not yet supported.

Selecting Create budget alert opens the budget alert flow inline so you can set a dollar threshold in the same place you are reviewing usage. Budget alerts apply to your total account-level spend across all products, not just the product page you create them from.
For more information, refer to the Usage-based billing documentation.
The
pipelinefield inside thepipelinesbinding configuration in your Wrangler configuration file has been renamed tostream. The old field is deprecated but still accepted.Update your configuration to use
streamto avoid the deprecation warning.Before (deprecated):
JSONC {"$schema": "./node_modules/wrangler/config-schema.json","pipelines": [{"binding": "MY_PIPELINE","pipeline": "<STREAM_ID>"}]}TOML [[pipelines]]binding = "MY_PIPELINE"pipeline = "<STREAM_ID>"After:
JSONC {"$schema": "./node_modules/wrangler/config-schema.json","pipelines": [{"binding": "MY_PIPELINE","stream": "<STREAM_ID>"}]}TOML [[pipelines]]binding = "MY_PIPELINE"stream = "<STREAM_ID>"No other changes are required. The binding name, TypeScript types, and runtime API (
env.MY_PIPELINE.send(...)) remain the same.For more information on configuring pipeline bindings, refer to Writing to streams.
You can now create, update, or delete multiple secrets for your Worker in a single request using the bulk secrets endpoint.
- Include a secret with a value to create or update.
- Set a secret to
nullto delete. - Secrets not included in the request are left unchanged.
The following example creates
API_KEY, updates the already existingDB_PASSWORD, and deletesOLD_SECRET:{"secrets": {"API_KEY": { "type": "secret_text", "name": "API_KEY", "text": "my-api-key" },"DB_PASSWORD": { "type": "secret_text", "name": "DB_PASSWORD", "text": "my-db-password" },"OLD_SECRET": null}}You can do the same from the command line using
wrangler secret bulk:Terminal window npx wrangler secret bulk < secrets.jsonTo delete a key, set its value to
nullin the JSON file. Deletion is not supported with.envfiles.Each request supports up to 100 total operations (creates, updates, and deletes combined).
You can now attach cron schedules directly to a Workflow binding in
wrangler.jsonc. Each scheduled run creates a new Workflow instance automatically, so you do not need to define a separate Worker with ascheduledhandler just to trigger your Workflow on an interval.For example, you can configure hourly, every-15-minute, or weekday schedules on the same Workflow:
JSONC {"workflows": [{"name": "my-scheduled-workflow","binding": "MY_WORKFLOW","class_name": "MyScheduledWorkflow","schedules": ["0 * * * *", "*/15 * * * *", "0 9 * * MON-FRI"],},],}Cron workloads get all the same benefits of Workflows with built-in retries, multi-step durable execution, and configurable timeouts of Workflows.
TypeScript import {WorkflowEntrypoint,WorkflowEvent,WorkflowStep,} from "cloudflare:workers";// Runs automatically on each cron schedule defined for the MY_WORKFLOW binding in wrangler.jsonc.export class MyScheduledWorkflow extends WorkflowEntrypoint<Env> {async run(event: WorkflowEvent, step: WorkflowStep) {const data = await step.do("fetch source data", async () => {return await fetchSourceData();});// If this step fails, only this step is retried with the custom logic belowawait step.do("process and store results",{retries: { limit: 5, delay: "30 seconds", backoff: "exponential" },timeout: "10 minutes",},async () => {await processAndStore(data);},);}}This makes it easier to build recurring, scheduled jobs such as database backups, invoice generation, report aggregation, and cleanup tasks without wiring up a separate Cron Trigger entrypoint.
For more information, refer to Trigger Workflows.
Agents SDK v0.14.0: Agent Skills, messengers, scheduled tasks, Workflows, and hardened chat recovery
The latest release of the Agents SDK ↗ adds four new ways to build with
@cloudflare/think: on-demand Agent Skills, chat messengers (starting with Telegram), declarative scheduled tasks, and durable reasoning steps inside Workflows. This release also significantly hardens durable chat recovery, so turns reliably ride through deploys, evictions, and stalled model streams in production.Give an agent a catalog of on-demand instructions, resources, and scripts. A skill source adds a catalog to the system prompt, and the model activates a skill only when a task matches — so a large library of capabilities does not bloat every prompt.
JavaScript import { Think, skills } from "@cloudflare/think";import bundledSkills from "agents:skills";export class SkillsAgent extends Think {getSkills() {return [bundledSkills,skills.r2(this.env.SKILLS_BUCKET, { prefix: "skills/" }),];}}TypeScript import { Think, skills } from "@cloudflare/think";import bundledSkills from "agents:skills";export class SkillsAgent extends Think<Env> {getSkills() {return [bundledSkills,skills.r2(this.env.SKILLS_BUCKET, { prefix: "skills/" }),];}}The
agents:skillsimport bundles a local./skillsdirectory through the Agents Vite plugin (one directory per skill, each with aSKILL.md). Skills can also load from R2 or a manifest. When skills are available, Think exposesactivate_skill,read_skill_resource, and an optionalrun_skill_scripttool. Skill loading is resilient: a duplicate or failing source is skipped with a warning instead of breaking the agent.Agent Skills are experimental, and script execution in particular is early. The API may change in a future release. We would love your feedback — tell us what you are building and what is missing in the Agents repository ↗.
Connect a Think agent directly to a chat platform. Think owns the webhook route, conversation routing, durable reply fiber, and streamed delivery back to the provider. Telegram ships as the first provider.
JavaScript import { Think } from "@cloudflare/think";import {defineMessengers,ThinkMessengerStateAgent,} from "@cloudflare/think/messengers";import telegramMessenger from "@cloudflare/think/messengers/telegram";export { ThinkMessengerStateAgent };export class SupportAgent extends Think {getMessengers() {return defineMessengers({telegram: telegramMessenger({token: this.env.TELEGRAM_BOT_TOKEN,userName: "support_bot",secretToken: this.env.TELEGRAM_WEBHOOK_SECRET_TOKEN,}),});}}TypeScript import { Think } from "@cloudflare/think";import {defineMessengers,ThinkMessengerStateAgent,} from "@cloudflare/think/messengers";import telegramMessenger from "@cloudflare/think/messengers/telegram";export { ThinkMessengerStateAgent };export class SupportAgent extends Think<Env> {getMessengers() {return defineMessengers({telegram: telegramMessenger({token: this.env.TELEGRAM_BOT_TOKEN,userName: "support_bot",secretToken: this.env.TELEGRAM_WEBHOOK_SECRET_TOKEN,}),});}}Each Chat SDK thread maps to its own Think sub-agent by default, so group chats and direct messages do not share memory. Multiple bots, custom conversation routing, and custom providers are all supported.
Declare recurring, timezone-aware prompts and handlers with a typed domain-specific language (DSL). Think reconciles the declarations on startup and re-arms the next occurrence after each run, backed by durable idempotent submissions.
JavaScript import { Think, defineScheduledTasks } from "@cloudflare/think";export class DigestAgent extends Think {getScheduledTasks() {return defineScheduledTasks({weeklyCommitReport: {schedule: "every week on monday at 09:00",prompt:"Compile my GitHub commits for the last week and summarize them.",},workout: {schedule: "every day at 08:00 in Europe/London",prompt: "Start my workout.",},});}}TypeScript import { Think, defineScheduledTasks } from "@cloudflare/think";export class DigestAgent extends Think<Env> {getScheduledTasks() {return defineScheduledTasks({weeklyCommitReport: {schedule: "every week on monday at 09:00",prompt:"Compile my GitHub commits for the last week and summarize them.",},workout: {schedule: "every day at 08:00 in Europe/London",prompt: "Start my workout.",},});}}Run a model-driven reasoning step inside a Cloudflare Workflow with
ThinkWorkflowandstep.prompt(), with durable typed structured output, long waits, and approval gates.JavaScript import { z } from "zod";import { ThinkWorkflow } from "@cloudflare/think/workflows";const draftSchema = z.object({title: z.string(),summary: z.string(),labels: z.array(z.string()),});export class TriageWorkflow extends ThinkWorkflow {async run(event, step) {const draft = await step.prompt("triage-issue", {prompt: `Triage issue #${event.payload.issueNumber}`,output: draftSchema,timeout: "3 days",});await step.do("apply-labels", async () => {await this.agent.applyLabels(draft.labels);});}}TypeScript import { z } from "zod";import { ThinkWorkflow } from "@cloudflare/think/workflows";import type { ThinkWorkflowStep } from "@cloudflare/think/workflows";import type { AgentWorkflowEvent } from "agents/workflows";const draftSchema = z.object({title: z.string(),summary: z.string(),labels: z.array(z.string()),});export class TriageWorkflow extends ThinkWorkflow<TriageAgent, Params> {async run(event: AgentWorkflowEvent<Params>, step: ThinkWorkflowStep) {const draft = await step.prompt("triage-issue", {prompt: `Triage issue #${event.payload.issueNumber}`,output: draftSchema,timeout: "3 days",});await step.do("apply-labels", async () => {await this.agent.applyLabels(draft.labels);});}}Durable chat turns have always been designed to survive a mid-turn deploy or Durable Object eviction. This release is a major hardening pass on that machinery for production.
- Better recovery during deploys. Turns now ride through continuous deploys and evictions without losing completed work or re-running tools that already ran.
- A live "recovering…" signal.
useAgentChatexposes a newisRecoveringflag, so a recovering turn shows progress instead of looking frozen. Most UIs renderisStreaming || isRecoveringas "busy". - Stalled streams recover. Set
chatStreamStallTimeoutMsto route a hung provider stream into the same recovery path instead of leaving an infinite spinner. - Sub-agents re-attach. On parent recovery, an in-flight
agentTool()child is re-attached to its result rather than abandoned and re-run, so long-running children no longer lose work under deploys.
- Resumable streams — In-flight tool calls over Server-Sent Events (SSE) survive a dropped connection. Clients reconnect with
Last-Event-IDand replay anything they missed. - Readable server IDs —
addMcpServeraccepts an optionalid, so tools surface as readable keys (for exampletool_github_create_pull_request) instead of opaque connection IDs. - Better handling of concurrent requests — Overlapping JSON-RPC requests are now correctly correlated to their responses across the HTTP and RPC transports.
- Compaction — A
Session'stokenCounternow also drives the compaction boundary decision ("what to compress"), not just the fire/no-fire trigger. @cloudflare/worker-bundler— Adds avirtualModulesoption tocreateWorkerto provide in-memory module source during bundling.- Client-tool continuations — Parallel tool results now coalesce into a single continuation, immediate resume requests attach to the pending continuation, and server-side
needsApprovalcontinuations resume reliably after approval.
To update to the latest version:
npm i agents@latest @cloudflare/think@latest @cloudflare/ai-chat@latestyarn add agents@latest @cloudflare/think@latest @cloudflare/ai-chat@latestpnpm add agents@latest @cloudflare/think@latest @cloudflare/ai-chat@latestbun add agents@latest @cloudflare/think@latest @cloudflare/ai-chat@latestRefer to the Agents API reference and Chat agents documentation for more information.
Sandboxes can expose a service running inside the container on a public preview URL through the
sandbox.tunnelsnamespace. The SDK usescloudflaredinside the sandbox so you can share a running service without configuringexposePort()or a custom domain.By default,
sandbox.tunnels.get(port)creates a quick tunnel ↗ on a zero-config*.trycloudflare.comURL — no Cloudflare account, DNS record, or custom domain required. This is perfect for quick development and for.workers.devdeployments.JavaScript import { getSandbox } from "@cloudflare/sandbox";const sandbox = getSandbox(env.Sandbox, "my-sandbox");await sandbox.startProcess("python -m http.server 8080");const tunnel = await sandbox.tunnels.get(8080);console.log(tunnel.url); // → https://random-words-here.trycloudflare.comTypeScript import { getSandbox } from "@cloudflare/sandbox";const sandbox = getSandbox(env.Sandbox, "my-sandbox");await sandbox.startProcess("python -m http.server 8080");const tunnel = await sandbox.tunnels.get(8080);console.log(tunnel.url); // → https://random-words-here.trycloudflare.comFor more control you can create a named tunnel through
sandbox.tunnels.get(port, { name }). A named tunnel binds a hostname (<name>.<your-zone>) backed by a Cloudflare Tunnel and a CNAME record on your zone resulting in something like https://my-app-preview.example.com ↗.Unlike quick tunnels, which generate a new random URL each time, a named tunnel produces a persistent URL that survives container restarts. This makes named tunnels suitable for production use cases where you want control over the tunnel and it's origin.
JavaScript const tunnel = await sandbox.tunnels.get(8080, { name: "my-app-preview" });console.log(tunnel.url); // → https://my-app-preview.example.comTypeScript const tunnel = await sandbox.tunnels.get(8080, { name: "my-app-preview" });console.log(tunnel.url); // → https://my-app-preview.example.comCalling
sandbox.destroy()tears down the Cloudflare Tunnel and the associated DNS record alongside the container, so you do not leave dangling tunnels or records behind.To update to the latest version:
npm i @cloudflare/sandbox@latestyarn add @cloudflare/sandbox@latestpnpm add @cloudflare/sandbox@latestbun add @cloudflare/sandbox@latestFor full API details, refer to the Sandbox tunnels reference.
You can now point
wrangler d1 migrations applyat a nested migrations layout — such as the one produced by Drizzle ↗ (migrations/0001_init/migration.sql) — using the newmigrations_patternD1 binding config:JSONC {"d1_databases": [{"binding": "DB","database_name": "my-database","database_id": "<UUID>","migrations_dir": "migrations","migrations_pattern": "migrations/*/migration.sql",},],}migrations_patternis a glob (relative to your Wrangler config file) used to discover migration files. It defaults to${migrations_dir}/*.sql, so existing projects keep working unchanged. Each migration's name is recorded in the migrations table as a path relative tomigrations_dir.To learn more, visit D1's migrations documentation.
Cloudflare Realtime SFU is a WebRTC Selective Forwarding Unit that runs on Cloudflare's global network, so you can route live audio, video, and data between WebRTC clients around the world without managing SFU infrastructure or regions.
When you use the WebSocket adapter to stream WebRTC media to a WebSocket endpoint, the adapter now auto-reconnects and buffers audio and video after brief endpoint disconnects or restarts.
Many teams also use Realtime SFU as the media layer for backend applications, such as transcription, recording, note-taking, and agentic media-processing services. These systems often need to consume live WebRTC audio or video from the SFU in backend infrastructure, including Durable Objects, Workers, Containers, or external services, without running a WebRTC client themselves.
The WebSocket adapter bridges that gap by streaming WebRTC media from the SFU to a standard WebSocket endpoint as application-consumable payloads: PCM audio frames and JPEG video frames.
When you use the WebSocket adapter in Stream mode (egress) to send live audio or video from the SFU to your own WebSocket endpoint, the SFU now automatically reconnects after brief endpoint disconnects or restarts. This is especially helpful for long-running media pipelines where the WebSocket endpoint may briefly restart while a recording, transcription, or live analysis job is still in progress.
Previously, a brief disconnect from your WebSocket endpoint could close the adapter and require your application to recreate it before media could resume. Now, the SFU retries the same endpoint for up to 5 seconds with no API change required. If the endpoint comes back within that window, audio and video delivery resumes automatically.
The reconnect behavior also includes live-first media buffering, so brief interruptions reduce media loss without replaying stale video.
During reconnect:
- Audio uses a short bounded backlog to reduce audible loss. If the interruption lasts longer than the backlog can cover, older audio may be dropped.
- Video resumes from the latest available JPEG frame instead of replaying stale frames.
- Recovery is best effort and does not guarantee gapless or exactly-once delivery.
If the endpoint remains unavailable after the 5-second reconnect window, the adapter closes and must be recreated.
You can now call Browser Run Quick Actions directly from a Cloudflare Worker using the
quickAction()method on the browser binding. This simplifies how Workers interact with Browser Run by removing the need for API tokens or external HTTP requests. Your Worker communicates with Browser Run directly over Cloudflare's network, resulting in simpler code and lower latency.With the
quickAction()method you can:- Capture screenshots from URLs or HTML
- Generate PDFs with custom styling, headers, and footers
- Extract HTML content from fully rendered pages
- Convert pages to Markdown
- Extract structured JSON using AI
- Scrape elements with CSS selectors
- Get all links from a page
- Capture snapshots (HTML + screenshot in one request)
To get started, add a browser binding to your Wrangler configuration:
JSONC {"compatibility_date": "2026-03-24","browser": {"binding": "BROWSER"}}TOML compatibility_date = "2026-03-24"[browser]binding = "BROWSER"Then call any Quick Action directly from your Worker. For example, to capture a screenshot:
JavaScript const screenshot = await env.BROWSER.quickAction("screenshot", {url: "https://www.cloudflare.com/",});TypeScript const screenshot = await env.BROWSER.quickAction("screenshot", {url: "https://www.cloudflare.com/",});The
quickAction()method requires a compatibility date of2026-03-24or later.For setup instructions and the full list of available actions, refer to Browser Run Quick Actions.
Wrangler supports using
wrangler containers sshas an OpenSSHProxyCommandfor Containers. This lets your local SSH client connect to a running Container through Wrangler.Terminal window ssh -o ProxyCommand="wrangler containers ssh %h" cloudchamber@<INSTANCE_ID>When standard input and output are piped, Wrangler forwards data to the SSH server in the Container. You can also pass
--stdioto force this mode.For more information, refer to the SSH documentation.
You can now send emails with display names on recipient addresses in addition to the existing
fromsupport. Pass an object withemailand an optionalnamefield forto,cc,bcc,replyTo, orfrom:src/index.js export default {async fetch(request, env) {const response = await env.EMAIL.send({from: { email: "support@example.com", name: "Support Team" },to: { email: "jane@example.com", name: "Jane Doe" },cc: ["manager@company.com",{ email: "team@company.com", name: "Engineering Team" },],subject: "Welcome!",html: "<h1>Thanks for joining!</h1>",text: "Thanks for joining!",});return Response.json({ messageId: response.messageId });},};src/index.ts export default {async fetch(request, env): Promise<Response> {const response = await env.EMAIL.send({from: { email: "support@example.com", name: "Support Team" },to: { email: "jane@example.com", name: "Jane Doe" },cc: ["manager@company.com",{ email: "team@company.com", name: "Engineering Team" },],subject: "Welcome!",html: "<h1>Thanks for joining!</h1>",text: "Thanks for joining!",});return Response.json({ messageId: response.messageId });},} satisfies ExportedHandler<Env>;Plain strings remain fully supported for backward compatibility, and you can mix strings and named objects in the same array.
Refer to the Workers API and REST API documentation for full request examples.
Cloudflare Pipelines is a streaming data platform that ingests events, transforms them with SQL, and writes to R2 as JSON, Parquet, or Apache Iceberg ↗ tables. Pipelines now has published pricing based on two usage dimensions: the volume of data processed by SQL transforms and the volume of data delivered to sinks. Ingress into a Pipeline stream is free.
Billing is not yet enabled. We will provide at least 30 days notice before we start charging for Pipelines usage.
Pipelines pricing model is designed to charge per GB based on what you use:
- Streams (ingress): Free, regardless of volume.
- SQL transforms: $0.04 / GB for stateless transforms (filter, reshape, unnest, cast, compute).
- Sinks: $0.03 / GB for JSON, $0.06 / GB for Parquet or Iceberg output.
Workers Free plans include 1 GB / month for each dimension. Workers Paid plans include 50 GB / month.
For full pricing details and billing examples, refer to Pipelines pricing.