--- title: Workers Changelog image: https://developers.cloudflare.com/cf-twitter-card.png --- [Skip to content](#%5Ftop) # Changelog New updates and improvements at Cloudflare. [ Subscribe to RSS ](https://developers.cloudflare.com/changelog/rss/index.xml) [ View RSS feeds ](https://developers.cloudflare.com/fundamentals/new-features/available-rss-feeds/) Workers ![hero image](https://developers.cloudflare.com/_astro/hero.CVYJHPAd_26AMqX.svg) May 16, 2025 1. ### [Durable Objects are now supported in Python Workers](https://developers.cloudflare.com/changelog/post/2025-05-14-python-worker-durable-object/) [ Workers ](https://developers.cloudflare.com/workers/)[ Durable Objects ](https://developers.cloudflare.com/durable-objects/) You can now create [Durable Objects](https://developers.cloudflare.com/durable-objects/) using[Python Workers](https://developers.cloudflare.com/workers/languages/python/). A Durable Object is a special kind of Cloudflare Worker which uniquely combines compute with storage, enabling stateful long-running applications which run close to your users. For more info see[here](https://developers.cloudflare.com/durable-objects/concepts/what-are-durable-objects/). You can define a Durable Object in Python in a similar way to JavaScript: Python ``` from workers import DurableObject, Response, WorkerEntrypoint from urllib.parse import urlparse class MyDurableObject(DurableObject): def __init__(self, ctx, env): self.ctx = ctx self.env = env def fetch(self, request): result = self.ctx.storage.sql.exec("SELECT 'Hello, World!' as greeting").one() return Response(result.greeting) class Default(WorkerEntrypoint): async def fetch(self, request): url = urlparse(request.url) id = env.MY_DURABLE_OBJECT.idFromName(url.path) stub = env.MY_DURABLE_OBJECT.get(id) greeting = await stub.fetch(request.url) return greeting ``` Define the Durable Object in your Wrangler configuration file: * [ wrangler.jsonc ](#tab-panel-284) * [ wrangler.toml ](#tab-panel-285) JSONC ``` { "durable_objects": { "bindings": [ { "name": "MY_DURABLE_OBJECT", "class_name": "MyDurableObject" } ] } } ``` TOML ``` [[durable_objects.bindings]] name = "MY_DURABLE_OBJECT" class_name = "MyDurableObject" ``` Then define the storage backend for your Durable Object: * [ wrangler.jsonc ](#tab-panel-286) * [ wrangler.toml ](#tab-panel-287) JSONC ``` { "migrations": [ { "tag": "v1", // Should be unique for each entry "new_sqlite_classes": [ // Array of new classes "MyDurableObject" ] } ] } ``` TOML ``` [[migrations]] tag = "v1" new_sqlite_classes = [ "MyDurableObject" ] ``` Then test your new Durable Object locally by running `wrangler dev`: ``` npx wrangler dev ``` Consult the [Durable Objects documentation](https://developers.cloudflare.com/durable-objects/) for more details. May 08, 2025 1. ### [Improved memory efficiency for WebAssembly Workers](https://developers.cloudflare.com/changelog/post/2025-05-08-finalization-registry/) [ Workers ](https://developers.cloudflare.com/workers/) [FinalizationRegistry ↗](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global%5FObjects/FinalizationRegistry) is now available in Workers. You can opt-in using the [enable\_weak\_ref](https://developers.cloudflare.com/workers/configuration/compatibility-flags/#enable-finalizationregistry-and-weakref) compatibility flag. This can reduce memory leaks when using WebAssembly-based Workers, which includes [Python Workers](https://developers.cloudflare.com/workers/languages/python/) and [Rust Workers](https://developers.cloudflare.com/workers/languages/rust/). The FinalizationRegistry works by enabling toolchains such as [Emscripten ↗](https://emscripten.org/) and [wasm-bindgen ↗](https://rustwasm.github.io/wasm-bindgen/) to automatically free WebAssembly heap allocations. If you are using WASM and seeing Exceeded Memory errors and cannot determine a cause using [memory profiling](https://developers.cloudflare.com/workers/observability/dev-tools/memory-usage/), you may want to enable the FinalizationRegistry. For more information refer to the [enable\_weak\_ref](https://developers.cloudflare.com/workers/configuration/compatibility-flags/#enable-finalizationregistry-and-weakref) compatibility flag documentation. Apr 24, 2025 1. ### [Cron triggers are now supported in Python Workers](https://developers.cloudflare.com/changelog/post/2025-04-22-python-worker-cron-triggers/) [ Workers ](https://developers.cloudflare.com/workers/) You can now create Python Workers which are executed via a cron trigger. This is similar to how it's done in JavaScript Workers, simply define a scheduled event listener in your Worker: Python ``` from workers import handler @handler async def on_scheduled(event, env, ctx): print("cron processed") ``` Define a cron trigger configuration in your Wrangler configuration file: * [ wrangler.jsonc ](#tab-panel-294) * [ wrangler.toml ](#tab-panel-295) JSONC ``` { "triggers": { // Schedule cron triggers: // - At every 3rd minute // - At 15:00 (UTC) on first day of the month // - At 23:59 (UTC) on the last weekday of the month "crons": [ "*/3 * * * *", "0 15 1 * *", "59 23 LW * *" ] } } ``` TOML ``` [triggers] crons = [ "*/3 * * * *", "0 15 1 * *", "59 23 LW * *" ] ``` Then test your new handler by using Wrangler with the `--test-scheduled` flag and making a request to `/cdn-cgi/handler/scheduled?cron=*+*+*+*+*`: Terminal window ``` npx wrangler dev --test-scheduled curl "http://localhost:8787/cdn-cgi/handler/scheduled?cron=*+*+*+*+*" ``` Consult the [Workers Cron Triggers page](https://developers.cloudflare.com/workers/configuration/cron-triggers/) for full details on cron triggers in Workers. Apr 15, 2025 1. ### [Fixed and documented Workers Routes and Secrets API](https://developers.cloudflare.com/changelog/post/2025-04-15-workers-api-fixes/) [ Workers ](https://developers.cloudflare.com/workers/)[ Workers for Platforms ](https://developers.cloudflare.com/cloudflare-for-platforms/workers-for-platforms/) #### Workers Routes API Previously, a request to the Workers [Create Route API](https://developers.cloudflare.com/api/resources/workers/subresources/routes/methods/create/) always returned `null` for "script" and an empty string for "pattern" even if the request was successful. Example request ``` curl https://api.cloudflare.com/client/v4/zones/$CF_ACCOUNT_ID/workers/routes \ -X PUT \ -H "Authorization: Bearer $CF_API_TOKEN" \ -H 'Content-Type: application/json' \ --data '{ "pattern": "example.com/*", "script": "hello-world-script" }' ``` Example bad response ``` { "result": { "id": "bf153a27ba2b464bb9f04dcf75de1ef9", "pattern": "", "script": null, "request_limit_fail_open": false }, "success": true, "errors": [], "messages": [] } ``` Now, it properly returns all values! Example good response ``` { "result": { "id": "bf153a27ba2b464bb9f04dcf75de1ef9", "pattern": "example.com/*", "script": "hello-world-script", "request_limit_fail_open": false }, "success": true, "errors": [], "messages": [] } ``` #### Workers Secrets API The [Workers](https://developers.cloudflare.com/api/resources/workers/subresources/scripts/subresources/secrets/) and [Workers for Platforms](https://developers.cloudflare.com/api/resources/workers%5Ffor%5Fplatforms/subresources/dispatch/subresources/namespaces/subresources/scripts/subresources/secrets/) secrets APIs are now properly documented in the Cloudflare OpenAPI docs. Previously, these endpoints were not publicly documented, leaving users confused on how to directly manage their secrets via the API. Now, you can find the proper endpoints in our public documentation, as well as in our API Library SDKs such as [cloudflare-typescript ↗](https://github.com/cloudflare/cloudflare-typescript) (>4.2.0) and [cloudflare-python ↗](https://github.com/cloudflare/cloudflare-python) (>4.1.0). Note the `cloudflare_workers_secret` and `cloudflare_workers_for_platforms_script_secret` [Terraform resources ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs) are being removed in a future release. This resource is not recommended for managing secrets. Users should instead use the: * [Secrets Store](https://developers.cloudflare.com/api/resources/secrets%5Fstore/) with the "Secrets Store Secret" binding on Workers and Workers for Platforms Script Upload * "Secret Text" Binding on [Workers Script Upload](https://developers.cloudflare.com/api/resources/workers/subresources/scripts/methods/update/) and [Workers for Platforms Script Upload](https://developers.cloudflare.com/api/resources/workers%5Ffor%5Fplatforms/subresources/dispatch/subresources/namespaces/subresources/scripts/methods/update/) * Workers (and WFP) Secrets API Apr 10, 2025 1. ### [D1 Read Replication Public Beta](https://developers.cloudflare.com/changelog/post/2025-04-10-d1-read-replication-beta/) [ D1 ](https://developers.cloudflare.com/d1/)[ Workers ](https://developers.cloudflare.com/workers/) D1 read replication is available in public beta to help lower average latency and increase overall throughput for read-heavy applications like e-commerce websites or content management tools. Workers can leverage read-only database copies, called read replicas, by using D1 [Sessions API](https://developers.cloudflare.com/d1/best-practices/read-replication). A session encapsulates all the queries from one logical session for your application. For example, a session may correspond to all queries coming from a particular web browser session. With Sessions API, D1 queries in a session are guaranteed to be [sequentially consistent](https://developers.cloudflare.com/d1/best-practices/read-replication/#replica-lag-and-consistency-model) to avoid data consistency pitfalls. D1 [bookmarks](https://developers.cloudflare.com/d1/reference/time-travel/#bookmarks) can be used from a previous session to ensure logical consistency between sessions. TypeScript ``` // retrieve bookmark from previous session stored in HTTP header const bookmark = request.headers.get("x-d1-bookmark") ?? "first-unconstrained"; const session = env.DB.withSession(bookmark); const result = await session .prepare(`SELECT * FROM Customers WHERE CompanyName = 'Bs Beverages'`) .run(); // store bookmark for a future session response.headers.set("x-d1-bookmark", session.getBookmark() ?? ""); ``` Read replicas are automatically created by Cloudflare (currently one in each supported [D1 region](https://developers.cloudflare.com/d1/best-practices/read-replication/#read-replica-locations)), are active/inactive based on query traffic, and are transparently routed to by Cloudflare at no additional cost. To checkout D1 read replication, deploy the following Worker code using Sessions API, which will prompt you to create a D1 database and enable read replication on said database. [![Deploy to Cloudflare](https://deploy.workers.cloudflare.com/button)](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/templates/tree/main/d1-starter-sessions-api) To learn more about how read replication was implemented, go to our [blog post ↗](https://blog.cloudflare.com/d1-read-replication-beta). Apr 10, 2025 1. ### [Cloudflare Pipelines now available in beta](https://developers.cloudflare.com/changelog/post/2025-04-10-launching-pipelines/) [ Pipelines ](https://developers.cloudflare.com/pipelines/)[ R2 ](https://developers.cloudflare.com/r2/)[ Workers ](https://developers.cloudflare.com/workers/) [Cloudflare Pipelines](https://developers.cloudflare.com/pipelines) is now available in beta, to all users with a [Workers Paid](https://developers.cloudflare.com/workers/platform/pricing) plan. Pipelines let you ingest high volumes of real time data, without managing the underlying infrastructure. A single pipeline can ingest up to 100 MB of data per second, via HTTP or from a [Worker](https://developers.cloudflare.com/workers). Ingested data is automatically batched, written to output files, and delivered to an [R2 bucket](https://developers.cloudflare.com/r2) in your account. You can use Pipelines to build a data lake of clickstream data, or to store events from a Worker. Create your first pipeline with a single command: Create a pipeline ``` $ npx wrangler@latest pipelines create my-clickstream-pipeline --r2-bucket my-bucket 🌀 Authorizing R2 bucket "my-bucket" 🌀 Creating pipeline named "my-clickstream-pipeline" ✅ Successfully created pipeline my-clickstream-pipeline Id: 0e00c5ff09b34d018152af98d06f5a1xvc Name: my-clickstream-pipeline Sources: HTTP: Endpoint: https://0e00c5ff09b34d018152af98d06f5a1xvc.pipelines.cloudflare.com/ Authentication: off Format: JSON Worker: Format: JSON Destination: Type: R2 Bucket: my-bucket Format: newline-delimited JSON Compression: GZIP Batch hints: Max bytes: 100 MB Max duration: 300 seconds Max records: 100,000 🎉 You can now send data to your pipeline! Send data to your pipeline's HTTP endpoint: curl "https://0e00c5ff09b34d018152af98d06f5a1xvc.pipelines.cloudflare.com/" -d '[{ ...JSON_DATA... }]' To send data to your pipeline from a Worker, add the following configuration to your config file: { "pipelines": [ { "pipeline": "my-clickstream-pipeline", "binding": "PIPELINE" } ] } ``` Head over to our [getting started guide](https://developers.cloudflare.com/pipelines/getting-started) for an in-depth tutorial to building with Pipelines. Apr 09, 2025 1. ### [Investigate your Workers with the Query Builder in the new Observability dashboard](https://developers.cloudflare.com/changelog/post/2025-04-09-qb-workers-logs-ga/) [ Workers ](https://developers.cloudflare.com/workers/) The [Workers Observability dashboard ↗](https://dash.cloudflare.com/?to=/:account/workers-and-pages/observability/) offers a single place to investigate and explore your [Workers Logs](https://developers.cloudflare.com/workers/observability/logs/workers-logs). The **Overview** tab shows logs from all your Workers in one place. The **Invocations** view groups logs together by invocation, which refers to the specific trigger that started the execution of the Worker (i.e. fetch). The **Events** view shows logs in the order they were produced, based on timestamp. Previously, you could only view logs for a single Worker. ![Workers Observability Overview Tab](https://developers.cloudflare.com/_astro/2025-04-09-workers-observability-overview.BKVvdscp_Z2bR5zE.webp) The **Investigate** tab presents a Query Builder, which helps you write structured queries to investigate and visualize your logs. The Query Builder can help answer questions such as: * Which paths are experiencing the most 5XX errors? * What is the wall time distribution by status code for my Worker? * What are the slowest requests, and where are they coming from? * Who are my top N users? ![Workers Observability Overview Tab](https://developers.cloudflare.com/_astro/2025-04-09-query-builder.CaW9IZza_ZBBKf9.webp) The Query Builder can use any field that you store in your logs as a key to visualize, filter, and group by. Use the Query Builder to quickly access your data, build visualizations, save queries, and share them with your team. #### Workers Logs is now Generally Available [Workers Logs](https://developers.cloudflare.com/workers/observability/logs/workers-logs) is now Generally Available. With a [small change](https://developers.cloudflare.com/workers/observability/logs/workers-logs/#enable-workers-logs) to your Wrangler configuration, Workers Logs ingests, indexes, and stores all logs emitted from your Workers for up to 7 days. We've introduced a number of changes during our beta period, including: * Dashboard enhancements with customizable fields as columns in the Logs view and support for invocation-based grouping * Performance improvements to ensure no adverse impact * Public [API endpoints ↗](https://developers.cloudflare.com/api/resources/workers/subresources/observability/) for broader consumption The API documents three endpoints: list the keys in the telemetry dataset, run a query, and list the unique values for a key. For more, visit our [REST API documentation ↗](https://developers.cloudflare.com/api/resources/workers/subresources/observability/). Visit the [docs](https://developers.cloudflare.com/workers/observability/query-builder) to learn more about the capabilities and methods exposed by the Query Builder. Start using Workers Logs and the Query Builder today by enabling observability for your Workers: * [ wrangler.jsonc ](#tab-panel-290) * [ wrangler.toml ](#tab-panel-291) JSONC ``` { "observability": { "enabled": true, "logs": { "invocation_logs": true, "head_sampling_rate": 1 // optional. default = 1. } } } ``` TOML ``` [observability] enabled = true [observability.logs] invocation_logs = true head_sampling_rate = 1 ``` Apr 09, 2025 1. ### [CPU time and Wall time now published for Workers Invocations](https://developers.cloudflare.com/changelog/post/2025-04-09-workers-timing/) [ Workers ](https://developers.cloudflare.com/workers/) You can now observe and investigate the CPU time and Wall time for every Workers Invocations. * For [Workers Logs](https://developers.cloudflare.com/workers/observability/logs/workers-logs), CPU time and Wall time are surfaced in the [Invocation Log](https://developers.cloudflare.com/workers/observability/logs/workers-logs/#invocation-logs).. * For [Tail Workers](https://developers.cloudflare.com/workers/observability/logs/tail-workers), CPU time and Wall time are surfaced at the top level of the [Workers Trace Events object](https://developers.cloudflare.com/logs/logpush/logpush-job/datasets/account/workers%5Ftrace%5Fevents). * For [Workers Logpush](https://developers.cloudflare.com/workers/observability/logs/logpush), CPU and Wall time are surfaced at the top level of the [Workers Trace Events object](https://developers.cloudflare.com/logs/logpush/logpush-job/datasets/account/workers%5Ftrace%5Fevents). All new jobs will have these new fields included by default. Existing jobs need to be updated to include CPU time and Wall time. You can use a Workers Logs filter to search for logs where Wall time exceeds 100ms. ![Workers Logs Wall Time Filter](https://developers.cloudflare.com/_astro/2025-04-09-wall-time-filter.CT-VQyTS_Z97Aoe.webp) You can also use the Workers Observability [Query Builder ↗](https://dash.cloudflare.com/?to=/:account/workers-and-pages/observability/investigate) to find the median CPU time and median Wall time for all of your Workers. ![Query Builder filter](https://developers.cloudflare.com/_astro/2025-04-09-query-builder.CaW9IZza_ZBBKf9.webp) Apr 08, 2025 1. ### [Deploy a Workers application in seconds with one-click](https://developers.cloudflare.com/changelog/post/2025-04-08-deploy-to-cloudflare-button/) [ Workers ](https://developers.cloudflare.com/workers/) You can now add a [Deploy to Cloudflare](https://developers.cloudflare.com/workers/platform/deploy-buttons/) button to the README of your Git repository containing a Workers application — making it simple for other developers to quickly set up and deploy your project! [![Deploy to Cloudflare](https://deploy.workers.cloudflare.com/button)](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/templates/tree/main/saas-admin-template) The Deploy to Cloudflare button: 1. **Creates a new Git repository on your GitHub/ GitLab account**: Cloudflare will automatically clone and create a new repository on your account, so you can continue developing. 2. **Automatically provisions resources the app needs**: If your repository requires Cloudflare primitives like a [Workers KV namespace](https://developers.cloudflare.com/kv/), a [D1 database](https://developers.cloudflare.com/d1/), or an [R2 bucket](https://developers.cloudflare.com/r2/), Cloudflare will automatically provision them on your account and bind them to your Worker upon deployment. 3. **Configures Workers Builds (CI/CD)**: Every new push to your production branch on your newly created repository will automatically build and deploy courtesy of [Workers Builds](https://developers.cloudflare.com/workers/ci-cd/builds/). 4. **Adds preview URLs to each pull request**: If you'd like to test your changes before deploying, you can push changes to a [non-production branch](https://developers.cloudflare.com/workers/ci-cd/builds/build-branches/#configure-non-production-branch-builds) and [preview URLs](https://developers.cloudflare.com/workers/configuration/previews/) will be generated and [posted back to GitHub as a comment](https://developers.cloudflare.com/workers/ci-cd/builds/git-integration/github-integration/#pull-request-comment). ![Import repo or choose template](https://developers.cloudflare.com/_astro/dtw-user-flow.zgS3Y8iK_Z1r8gDo.webp) To create a Deploy to Cloudflare button in your README, you can add the following snippet, including your Git repository URL: ``` [![Deploy to Cloudflare](https://deploy.workers.cloudflare.com/button)](https://deploy.workers.cloudflare.com/?url=) ``` Check out our [documentation](https://developers.cloudflare.com/workers/platform/deploy-buttons/) for more information on how to set up a deploy button for your application and best practices to ensure a successful deployment for other developers. Apr 08, 2025 1. ### [Full-stack frameworks are now Generally Available on Cloudflare Workers](https://developers.cloudflare.com/changelog/post/2025-04-08-fullstack-on-workers/) [ Workers ](https://developers.cloudflare.com/workers/)[ Workers for Platforms ](https://developers.cloudflare.com/cloudflare-for-platforms/workers-for-platforms/) ![Full-stack on Cloudflare Workers](https://developers.cloudflare.com/_astro/fullstack-on-workers.D7fotYu2_ZMwDKf.webp) The following full-stack frameworks now have Generally Available ("GA") adapters for Cloudflare Workers, and are ready for you to use in production: * [React Router v7 (Remix)](https://developers.cloudflare.com/workers/framework-guides/web-apps/react-router/) * [Astro](https://developers.cloudflare.com/workers/framework-guides/web-apps/astro/) * [Hono](https://developers.cloudflare.com/workers/framework-guides/web-apps/more-web-frameworks/hono/) * [Vue.js](https://developers.cloudflare.com/workers/framework-guides/web-apps/vue/) * [Nuxt](https://developers.cloudflare.com/workers/framework-guides/web-apps/more-web-frameworks/nuxt/) * [Svelte (SvelteKit)](https://developers.cloudflare.com/workers/framework-guides/web-apps/sveltekit/) * And [more](https://developers.cloudflare.com/workers/framework-guides/). The following frameworks are now in **beta**, with GA support coming very soon: * [Next.js](https://developers.cloudflare.com/workers/framework-guides/web-apps/nextjs/), supported through [@opennextjs/cloudflare ↗](https://opennext.js.org/cloudflare) is now `v1.0-beta`. * [Angular](https://developers.cloudflare.com/workers/framework-guides/web-apps/more-web-frameworks/angular/) * [SolidJS (SolidStart)](https://developers.cloudflare.com/workers/framework-guides/web-apps/more-web-frameworks/solid/) You can also build complete full-stack apps on Workers **without a framework**: * You can [“just use Vite" ↗](https://blog.cloudflare.com/introducing-the-cloudflare-vite-plugin) and React together, and build a back-end API in the same Worker. Follow our [React SPA with an API tutorial](https://developers.cloudflare.com/workers/vite-plugin/tutorial/) to learn how. **Get started building today with our [framework guides](https://developers.cloudflare.com/workers/framework-guides/)**, or read our [Developer Week 2025 blog post ↗](https://blog.cloudflare.com/full-stack-development-on-cloudflare-workers) about all the updates to building full-stack applications on Workers. Apr 08, 2025 1. ### [Improved support for Node.js Crypto and TLS APIs in Workers](https://developers.cloudflare.com/changelog/post/2025-04-08-nodejs-crypto-and-tls/) [ Workers ](https://developers.cloudflare.com/workers/) When using a Worker with the [nodejs\_compat](https://developers.cloudflare.com/workers/runtime-apis/nodejs/) compatibility flag enabled, the following Node.js APIs are now available: * [node:crypto](https://developers.cloudflare.com/workers/runtime-apis/nodejs/crypto/) * [node:tls](https://developers.cloudflare.com/workers/runtime-apis/nodejs/tls/) This make it easier to reuse existing Node.js code in Workers or use npm packages that depend on these APIs. #### node:crypto The full [node:crypto ↗](https://nodejs.org/api/crypto.html) API is now available in Workers. You can use it to verify and sign data: JavaScript ``` import { sign, verify } from "node:crypto"; const signature = sign("sha256", "-data to sign-", env.PRIVATE_KEY); const verified = verify("sha256", "-data to sign-", env.PUBLIC_KEY, signature); ``` Or, to encrypt and decrypt data: JavaScript ``` import { publicEncrypt, privateDecrypt } from "node:crypto"; const encrypted = publicEncrypt(env.PUBLIC_KEY, "some data"); const plaintext = privateDecrypt(env.PRIVATE_KEY, encrypted); ``` See the [node:crypto documentation](https://developers.cloudflare.com/workers/runtime-apis/nodejs/crypto/) for more information. #### node:tls The following APIs from `node:tls` are now available: * [connect ↗](https://nodejs.org/api/tls.html#tlsconnectoptions-callback) * [TLSSocket ↗](https://nodejs.org/api/tls.html#class-tlstlssocket) * [checkServerIdentity ↗](https://nodejs.org/api/tls.html#tlscheckserveridentityhostname-cert) * [createSecureContext ↗](https://nodejs.org/api/tls.html#tlscreatesecurecontextoptions) This enables secure connections over TLS (Transport Layer Security) to external services. JavaScript ``` import { connect } from "node:tls"; // ... in a request handler ... const connectionOptions = { key: env.KEY, cert: env.CERT }; const socket = connect(url, connectionOptions, () => { if (socket.authorized) { console.log("Connection authorized"); } }); socket.on("data", (data) => { console.log(data); }); socket.on("end", () => { console.log("server ends connection"); }); ``` See the [node:tls documentation](https://developers.cloudflare.com/workers/runtime-apis/nodejs/tls/) for more information. Apr 08, 2025 1. ### [The Cloudflare Vite plugin is now Generally Available](https://developers.cloudflare.com/changelog/post/2025-04-08-vite-plugin/) [ Workers ](https://developers.cloudflare.com/workers/) The [Cloudflare Vite plugin](https://developers.cloudflare.com/workers/vite-plugin/) has [reached v1.0 ↗](https://blog.cloudflare.com/introducing-the-cloudflare-vite-plugin) and is now Generally Available ("GA"). When you use `@cloudflare/vite-plugin`, you can use Vite's local development server and build tooling, while ensuring that while developing, your code runs in [workerd ↗](https://github.com/cloudflare/workerd), the open-source Workers runtime. This lets you get the best of both worlds for a full-stack app — you can use [Hot Module Replacement ↗](https://vite.dev/guide/features.html#hot-module-replacement) from Vite right alongside [Durable Objects](https://developers.cloudflare.com/durable-objects/) and other runtime APIs and bindings that are unique to Cloudflare Workers. `@cloudflare/vite-plugin` is made possible by the new [environment API ↗](https://vite.dev/guide/api-environment) in Vite, and was built [in partnership with the Vite team ↗](https://blog.cloudflare.com/introducing-the-cloudflare-vite-plugin). #### Framework support You can build any type of application with `@cloudflare/vite-plugin`, using any rendering mode, from single page applications (SPA) and static sites to server-side rendered (SSR) pages and API routes. [React Router v7 (Remix)](https://developers.cloudflare.com/workers/framework-guides/web-apps/react-router/) is the first full-stack framework to provide full support for Cloudflare Vite plugin, allowing you to use all parts of Cloudflare's developer platform, without additional build steps. You can also build complete full-stack apps on Workers **without a framework** — ["just use Vite" ↗](https://blog.cloudflare.com/introducing-the-cloudflare-vite-plugin) and React together, and build a back-end API in the same Worker. Follow our [React SPA with an API tutorial](https://developers.cloudflare.com/workers/vite-plugin/tutorial/) to learn how. #### Configuration If you're already using [Vite ↗](https://vite.dev/) in your build and development toolchain, you can start using our plugin with minimal changes to your `vite.config.ts`: vite.config.ts ``` import { defineConfig } from "vite"; import { cloudflare } from "@cloudflare/vite-plugin"; export default defineConfig({ plugins: [cloudflare()], }); ``` Take a look at the [documentation for our Cloudflare Vite plugin](https://developers.cloudflare.com/workers/vite-plugin/) for more information! Apr 07, 2025 1. ### [Build MCP servers with the Agents SDK](https://developers.cloudflare.com/changelog/post/2025-04-07-mcp-servers-agents-sdk-updates/) [ Agents ](https://developers.cloudflare.com/agents/)[ Workers ](https://developers.cloudflare.com/workers/) The Agents SDK now includes built-in support for building remote MCP (Model Context Protocol) servers directly as part of your Agent. This allows you to easily create and manage MCP servers, without the need for additional infrastructure or configuration. The SDK includes a new `MCPAgent` class that extends the `Agent` class and allows you to expose resources and tools over the MCP protocol, as well as authorization and authentication to enable remote MCP servers. * [ JavaScript ](#tab-panel-300) * [ TypeScript ](#tab-panel-301) JavaScript ``` export class MyMCP extends McpAgent { server = new McpServer({ name: "Demo", version: "1.0.0", }); async init() { this.server.resource(`counter`, `mcp://resource/counter`, (uri) => { // ... }); this.server.tool( "add", "Add two numbers together", { a: z.number(), b: z.number() }, async ({ a, b }) => { // ... }, ); } } ``` TypeScript ``` export class MyMCP extends McpAgent { server = new McpServer({ name: "Demo", version: "1.0.0", }); async init() { this.server.resource(`counter`, `mcp://resource/counter`, (uri) => { // ... }); this.server.tool( "add", "Add two numbers together", { a: z.number(), b: z.number() }, async ({ a, b }) => { // ... }, ); } } ``` See [the example ↗](https://github.com/cloudflare/agents/tree/main/examples/mcp) for the full code and as the basis for building your own MCP servers, and the [client example ↗](https://github.com/cloudflare/agents/tree/main/examples/mcp-client) for how to build an Agent that acts as an MCP client. To learn more, review the [announcement blog ↗](https://blog.cloudflare.com/building-ai-agents-with-mcp-authn-authz-and-durable-objects) as part of Developer Week 2025. #### Agents SDK updates We've made a number of improvements to the [Agents SDK](https://developers.cloudflare.com/agents/), including: * Support for building MCP servers with the new `MCPAgent` class. * The ability to export the current agent, request and WebSocket connection context using `import { context } from "agents"`, allowing you to minimize or avoid direct dependency injection when calling tools. * Fixed a bug that prevented query parameters from being sent to the Agent server from the `useAgent` React hook. * Automatically converting the `agent` name in `useAgent` or `useAgentChat` to kebab-case to ensure it matches the naming convention expected by [routeAgentRequest](https://developers.cloudflare.com/agents/api-reference/routing/). To install or update the Agents SDK, run `npm i agents@latest` in an existing project, or explore the `agents-starter` project: Terminal window ``` npm create cloudflare@latest -- --template cloudflare/agents-starter ``` See the full release notes and changelog [on the Agents SDK repository ↗](https://github.com/cloudflare/agents/blob/main/packages/agents/CHANGELOG.md) and Apr 07, 2025 1. ### [Durable Objects on Workers Free plan](https://developers.cloudflare.com/changelog/post/2025-04-07-durable-objects-free-tier/) [ Durable Objects ](https://developers.cloudflare.com/durable-objects/)[ Workers ](https://developers.cloudflare.com/workers/) Durable Objects can now be used with zero commitment on the [Workers Free plan](https://developers.cloudflare.com/workers/platform/pricing/) allowing you to build AI agents with [Agents SDK](https://developers.cloudflare.com/agents/), collaboration tools, and real-time applications like chat or multiplayer games. Durable Objects let you build stateful, serverless applications with millions of tiny coordination instances that run your application code alongside (in the same thread!) your durable storage. Each Durable Object can access its own SQLite database through a [Storage API](https://developers.cloudflare.com/durable-objects/best-practices/access-durable-objects-storage/). A Durable Object class is defined in a Worker script encapsulating the Durable Object's behavior when accessed from a Worker. To try the code below, click the button: [![Deploy to Cloudflare](https://deploy.workers.cloudflare.com/button)](https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/templates/tree/main/hello-world-do-template) JavaScript ``` import { DurableObject } from "cloudflare:workers"; // Durable Object export class MyDurableObject extends DurableObject { ... async sayHello(name) { return `Hello, ${name}!`; } } // Worker export default { async fetch(request, env) { // Every unique ID refers to an individual instance of the Durable Object class const id = env.MY_DURABLE_OBJECT.idFromName("foo"); // A stub is a client used to invoke methods on the Durable Object const stub = env.MY_DURABLE_OBJECT.get(id); // Methods on the Durable Object are invoked via the stub const response = await stub.sayHello("world"); return response; }, }; ``` Free plan [limits](https://developers.cloudflare.com/durable-objects/platform/pricing/) apply to Durable Objects compute and storage usage. Limits allow developers to build real-world applications, with every Worker request able to call a Durable Object on the free plan. For more information, checkout: * [Documentation](https://developers.cloudflare.com/durable-objects/concepts/what-are-durable-objects/) * [Zero-latency SQLite storage in every Durable Object blog ↗](https://blog.cloudflare.com/sqlite-in-durable-objects/) Apr 07, 2025 1. ### [SQLite in Durable Objects GA with 10GB storage per object](https://developers.cloudflare.com/changelog/post/2025-04-07-sqlite-in-durable-objects-ga/) [ Durable Objects ](https://developers.cloudflare.com/durable-objects/)[ Workers ](https://developers.cloudflare.com/workers/) SQLite in Durable Objects is now generally available (GA) with 10GB SQLite database per Durable Object. Since the [public beta ↗](https://blog.cloudflare.com/sqlite-in-durable-objects/) in September 2024, we've added feature parity and robustness for the SQLite storage backend compared to the preexisting key-value (KV) storage backend for Durable Objects. SQLite-backed Durable Objects are recommended for all new Durable Object classes, using `new_sqlite_classes` [Wrangler configuration](https://developers.cloudflare.com/durable-objects/best-practices/access-durable-objects-storage/#create-sqlite-backed-durable-object-class). Only SQLite-backed Durable Objects have access to Storage API's [SQL](https://developers.cloudflare.com/durable-objects/api/sqlite-storage-api/#sql-api) and [point-in-time recovery](https://developers.cloudflare.com/durable-objects/api/sqlite-storage-api/#pitr-point-in-time-recovery-api) methods, which provide relational data modeling, SQL querying, and better data management. JavaScript ``` export class MyDurableObject extends DurableObject { sql: SqlStorage constructor(ctx: DurableObjectState, env: Env) { super(ctx, env); this.sql = ctx.storage.sql; } async sayHello() { let result = this.sql .exec("SELECT 'Hello, World!' AS greeting") .one(); return result.greeting; } } ``` KV-backed Durable Objects remain for backwards compatibility, and a migration path from key-value storage to SQL storage for existing Durable Object classes will be offered in the future. For more details on SQLite storage, checkout [Zero-latency SQLite storage in every Durable Object blog ↗](https://blog.cloudflare.com/sqlite-in-durable-objects/). Apr 07, 2025 1. ### [Capture up to 256 KB of log events in each Workers Invocation](https://developers.cloudflare.com/changelog/post/2025-04-07-increase-trace-events-limit/) [ Workers ](https://developers.cloudflare.com/workers/) You can now capture a maximum of 256 KB of log events per Workers invocation, helping you gain better visibility into application behavior. All console.log() statements, exceptions, request metadata, and headers are automatically captured during the Worker invocation and emitted as [JSON object](https://developers.cloudflare.com/logs/logpush/logpush-job/datasets/account/workers%5Ftrace%5Fevents). [Workers Logs](https://developers.cloudflare.com/workers/observability/logs/workers-logs) deserializes this object before indexing the fields and storing them. You can also capture, transform, and export the JSON object in a[Tail Worker](https://developers.cloudflare.com/workers/observability/logs/tail-workers). 256 KB is a 2x increase from the previous 128 KB limit. After you exceed this limit, further context associated with the request will not be recorded in your logs. This limit is automatically applied to all Workers. Apr 07, 2025 1. ### [Workflows is now Generally Available](https://developers.cloudflare.com/changelog/post/2025-04-07-workflows-ga/) [ Workflows ](https://developers.cloudflare.com/workflows/)[ Workers ](https://developers.cloudflare.com/workers/) [Workflows](https://developers.cloudflare.com/workflows/) is now _Generally Available_ (or "GA"): in short, it's ready for production workloads. Alongside marking Workflows as GA, we've introduced a number of changes during the beta period, including: * A new `waitForEvent` API that allows a Workflow to wait for an event to occur before continuing execution. * Increased concurrency: you can [run up to 4,500 Workflow instances](https://developers.cloudflare.com/changelog/2025-02-25-workflows-concurrency-increased/) concurrently — and this will continue to grow. * Improved observability, including new CPU time metrics that allow you to better understand which Workflow instances are consuming the most resources and/or contributing to your bill. * Support for `vitest` for testing Workflows locally and in CI/CD pipelines. Workflows also supports the new [increased CPU limits](https://developers.cloudflare.com/changelog/2025-03-25-higher-cpu-limits/) that apply to Workers, allowing you to run more CPU-intensive tasks (up to 5 minutes of CPU time per instance), not including the time spent waiting on network calls, AI models, or other I/O bound tasks. #### Human-in-the-loop The new `step.waitForEvent` API allows a Workflow instance to wait on events and data, enabling human-in-the-the-loop interactions, such as approving or rejecting a request, directly handling webhooks from other systems, or pushing event data to a Workflow while it's running. Because Workflows are just code, you can conditionally execute code based on the result of a `waitForEvent` call, and/or call `waitForEvent` multiple times in a single Workflow based on what the Workflow needs. For example, if you wanted to implement a human-in-the-loop approval process, you could use `waitForEvent` to wait for a user to approve or reject a request, and then conditionally execute code based on the result. * [ JavaScript ](#tab-panel-298) * [ TypeScript ](#tab-panel-299) JavaScript ``` import { WorkflowEntrypoint, WorkflowStep, WorkflowEvent, } from "cloudflare:workers"; export class MyWorkflow extends WorkflowEntrypoint { async run(event, step) { // Other steps in your Workflow let stripeEvent = await step.waitForEvent( "receive invoice paid webhook from Stripe", { type: "stripe-webhook", timeout: "1 hour" }, ); // Rest of your Workflow } } ``` TypeScript ``` import { WorkflowEntrypoint, WorkflowStep, WorkflowEvent } from "cloudflare:workers"; export class MyWorkflow extends WorkflowEntrypoint { async run(event: WorkflowEvent, step: WorkflowStep) { // Other steps in your Workflow let stripeEvent = await step.waitForEvent("receive invoice paid webhook from Stripe", { type: "stripe-webhook", timeout: "1 hour" }) // Rest of your Workflow } } ``` You can then send a Workflow an event from an external service via HTTP or from within a Worker using the [Workers API](https://developers.cloudflare.com/workflows/build/workers-api/) for Workflows: * [ JavaScript ](#tab-panel-304) * [ TypeScript ](#tab-panel-305) JavaScript ``` export default { async fetch(req, env) { const instanceId = new URL(req.url).searchParams.get("instanceId"); const webhookPayload = await req.json(); let instance = await env.MY_WORKFLOW.get(instanceId); // Send our event, with `type` matching the event type defined in // our step.waitForEvent call await instance.sendEvent({ type: "stripe-webhook", payload: webhookPayload, }); return Response.json({ status: await instance.status(), }); }, }; ``` TypeScript ``` export default { async fetch(req: Request, env: Env) { const instanceId = new URL(req.url).searchParams.get("instanceId") const webhookPayload = await req.json() let instance = await env.MY_WORKFLOW.get(instanceId); // Send our event, with `type` matching the event type defined in // our step.waitForEvent call await instance.sendEvent({type: "stripe-webhook", payload: webhookPayload}) return Response.json({ status: await instance.status(), }); }, }; ``` Read the [GA announcement blog ↗](https://blog.cloudflare.com/workflows-is-now-generally-available/) to learn more about what landed as part of the Workflows GA. Mar 26, 2025 1. ### [Run Workers for up to 5 minutes of CPU-time](https://developers.cloudflare.com/changelog/post/2025-03-25-higher-cpu-limits/) [ Workers ](https://developers.cloudflare.com/workers/) You can now run a Worker for up to 5 minutes of CPU time for each request. Previously, each Workers request ran for a maximum of 30 seconds of CPU time — that is the time that a Worker is actually performing a task (we still allowed unlimited wall-clock time, in case you were waiting on slow resources). This meant that some compute-intensive tasks were impossible to do with a Worker. For instance, you might want to take the cryptographic hash of a large file from R2\. If this computation ran for over 30 seconds, the Worker request would have timed out. By default, Workers are still limited to 30 seconds of CPU time. This protects developers from incurring accidental cost due to buggy code. By changing the `cpu_ms` value in your Wrangler configuration, you can opt in to any value up to 300,000 (5 minutes). * [ wrangler.jsonc ](#tab-panel-292) * [ wrangler.toml ](#tab-panel-293) JSONC ``` { // ...rest of your configuration... "limits": { "cpu_ms": 300000, }, // ...rest of your configuration... } ``` TOML ``` [limits] cpu_ms = 300_000 ``` Note CPU time is the amount of time the CPU actually spends doing work during a given request. If a Worker's request makes a sub-request and waits for that request to come back before doing additional work, this time spent waiting **is not** counted towards CPU time. Worker requests could run for more than 30 seconds of total time prior to this change — only CPU time was limited. For more information on the updates limits, see the documentation on [Wrangler configuration for cpu\_ms](https://developers.cloudflare.com/workers/wrangler/configuration/#limits)and on [Workers CPU time limits](https://developers.cloudflare.com/workers/platform/limits/#cpu-time). For building long-running tasks on Cloudflare, we also recommend checking out [Workflows](https://developers.cloudflare.com/workflows/) and [Queues](https://developers.cloudflare.com/queues/). Mar 25, 2025 1. ### [Source Maps are Generally Available](https://developers.cloudflare.com/changelog/post/2025-03-25-gzip-source-maps/) [ Workers ](https://developers.cloudflare.com/workers/) Source maps are now Generally Available (GA). You can now be uploaded with a maximum gzipped size of 15 MB. Previously, the maximum size limit was 15 MB uncompressed. Source maps help map between the original source code and the transformed/minified code that gets deployed to production. By uploading your source map, you allow Cloudflare to map the stack trace from exceptions onto the original source code making it easier to debug. ![Stack Trace without Source Map remapping](https://developers.cloudflare.com/_astro/without-source-map.ByYR83oU_Z1q7wOD.webp) With **no source maps uploaded**: notice how all the Javascript has been minified to one file, so the stack trace is missing information on file name, shows incorrect line numbers, and incorrectly references `js` instead of `ts`. ![Stack Trace with Source Map remapping](https://developers.cloudflare.com/_astro/with-source-map.PipytmVe_2dYiLI.webp) With **source maps uploaded**: all methods reference the correct files and line numbers. Uploading source maps and stack trace remapping happens out of band from the Worker execution, so source maps do not affect upload speed, bundle size, or cold starts. The remapped stack traces are accessible through Tail Workers, Workers Logs, and Workers Logpush. To enable source maps, add the following to your[Pages Function's](https://developers.cloudflare.com/pages/functions/source-maps/) or [Worker's](https://developers.cloudflare.com/workers/observability/source-maps/) wrangler configuration: * [ wrangler.jsonc ](#tab-panel-288) * [ wrangler.toml ](#tab-panel-289) JSONC ``` { "upload_source_maps": true } ``` TOML ``` upload_source_maps = true ``` Mar 22, 2025 1. ### [New Managed WAF rule for Next.js CVE-2025-29927.](https://developers.cloudflare.com/changelog/post/2025-03-22-next-js-vulnerability-waf/) [ Workers ](https://developers.cloudflare.com/workers/)[ Pages ](https://developers.cloudflare.com/pages/)[ WAF ](https://developers.cloudflare.com/waf/) **Update: Mon Mar 24th, 11PM UTC**: Next.js has made further changes to address a smaller vulnerability introduced in the patches made to its middleware handling. Users should upgrade to Next.js versions `15.2.4`, `14.2.26`, `13.5.10` or `12.3.6`. **If you are unable to immediately upgrade or are running an older version of Next.js, you can enable the WAF rule described in this changelog as a mitigation**. **Update: Mon Mar 24th, 8PM UTC**: Next.js has now [backported the patch for this vulnerability ↗](https://github.com/advisories/GHSA-f82v-jwr5-mffw) to cover Next.js v12 and v13\. Users on those versions will need to patch to `13.5.9` and `12.3.5` (respectively) to mitigate the vulnerability. **Update: Sat Mar 22nd, 4PM UTC**: We have changed this WAF rule to opt-in only, as sites that use auth middleware with third-party auth vendors were observing failing requests. **We strongly recommend updating your version of Next.js (if eligible)** to the patched versions, as your app will otherwise be vulnerable to an authentication bypass attack regardless of auth provider. #### Enable the Managed Rule (strongly recommended) This rule is opt-in only for sites on the Pro plan or above in the [WAF managed ruleset](https://developers.cloudflare.com/waf/managed-rules/). To enable the rule: 1. Head to Security > WAF > Managed rules in the Cloudflare dashboard for the zone (website) you want to protect. 2. Click the three dots next to **Cloudflare Managed Ruleset** and choose **Edit** 3. Scroll down and choose **Browse Rules** 4. Search for **CVE-2025-29927** (ruleId: `34583778093748cc83ff7b38f472013e`) 5. Change the **Status** to **Enabled** and the **Action** to **Block**. You can optionally set the rule to Log, to validate potential impact before enabling it. Log will not block requests. 6. Click **Next** 7. Scroll down and choose **Save** This will enable the WAF rule and block requests with the `x-middleware-subrequest` header regardless of Next.js version. #### Create a WAF rule (manual) For users on the Free plan, or who want to define a more specific rule, you can create a [Custom WAF rule](https://developers.cloudflare.com/waf/custom-rules/create-dashboard/) to block requests with the `x-middleware-subrequest` header regardless of Next.js version. To create a custom rule: 1. Head to Security > WAF > Custom rules in the Cloudflare dashboard for the zone (website) you want to protect. 2. Give the rule a name - e.g. `next-js-CVE-2025-29927` 3. Set the matching parameters for the rule match any request where the `x-middleware-subrequest` header `exists` per the rule expression below. Terminal window ``` (len(http.request.headers["x-middleware-subrequest"]) > 0) ``` 1. Set the action to 'block'. If you want to observe the impact before blocking requests, set the action to 'log' (and edit the rule later). 2. **Deploy** the rule. ![Next.js CVE-2025-29927 WAF rule](https://developers.cloudflare.com/_astro/waf-rule-cve-2025-29927.0i0XiweZ_Z8mlyw.webp) #### Next.js CVE-2025-29927 We've made a WAF (Web Application Firewall) rule available to all sites on Cloudflare to protect against the [Next.js authentication bypass vulnerability ↗](https://github.com/advisories/GHSA-f82v-jwr5-mffw) (`CVE-2025-29927`) published on March 21st, 2025. **Note**: This rule is not enabled by default as it blocked requests across sites for specific authentication middleware. * This managed rule protects sites using Next.js on Workers and Pages, as well as sites using Cloudflare to protect Next.js applications hosted elsewhere. * This rule has been made available (but not enabled by default) to all sites as part of our [WAF Managed Ruleset](https://developers.cloudflare.com/waf/managed-rules/reference/cloudflare-managed-ruleset/) and blocks requests that attempt to bypass authentication in Next.js applications. * The vulnerability affects almost all Next.js versions, and has been fully patched in Next.js `14.2.26` and `15.2.4`. Earlier, interim releases did not fully patch this vulnerability. * **Users on older versions of Next.js (`11.1.4` to `13.5.6`) did not originally have a patch available**, but this the patch for this vulnerability and a subsequent additional patch have been backported to Next.js versions `12.3.6` and `13.5.10` as of Monday, March 24th. Users on Next.js v11 will need to deploy the stated workaround or enable the WAF rule. The managed WAF rule mitigates this by blocking _external_ user requests with the `x-middleware-subrequest` header regardless of Next.js version, but we recommend users using Next.js 14 and 15 upgrade to the patched versions of Next.js as an additional mitigation. Mar 22, 2025 1. ### [Smart Placement is smarter about running Workers and Pages Functions in the best locations](https://developers.cloudflare.com/changelog/post/2025-03-22-smart-placement-stablization/) [ Workers ](https://developers.cloudflare.com/workers/)[ Pages ](https://developers.cloudflare.com/pages/) [Smart Placement](https://developers.cloudflare.com/workers/configuration/placement/) is a unique Cloudflare feature that can make decisions to move your Worker to run in a more optimal location (such as closer to a database). Instead of always running in the default location (the one closest to where the request is received), Smart Placement uses certain “heuristics” (rules and thresholds) to decide if a different location might be faster or more efficient. Previously, if these heuristics weren't consistently met, your Worker would revert to running in the default location—even after it had been optimally placed. This meant that if your Worker received minimal traffic for a period of time, the system would reset to the default location, rather than remaining in the optimal one. Now, once Smart Placement has identified and assigned an optimal location, temporarily dropping below the heuristic thresholds will not force a return to default locations. For example in the previous algorithm, a drop in requests for a few days might return to default locations and heuristics would have to be met again. This was problematic for workloads that made requests to a geographically located resource every few days or longer. In this scenario, your Worker would never get placed optimally. This is no longer the case. Mar 18, 2025 1. ### [npm i agents](https://developers.cloudflare.com/changelog/post/2025-03-18-npm-i-agents/) [ Agents ](https://developers.cloudflare.com/agents/)[ Workers ](https://developers.cloudflare.com/workers/) ![npm i agents](https://developers.cloudflare.com/_astro/npm-i-agents.CXCpJ1-7.apng) #### `agents-sdk` \-> `agents` Updated 📝 **We've renamed the Agents package to `agents`**! If you've already been building with the Agents SDK, you can update your dependencies to use the new package name, and replace references to `agents-sdk` with `agents`: Terminal window ``` # Install the new package npm i agents ``` Terminal window ``` # Remove the old (deprecated) package npm uninstall agents-sdk # Find instances of the old package name in your codebase grep -r 'agents-sdk' . # Replace instances of the old package name with the new one # (or use find-replace in your editor) sed -i 's/agents-sdk/agents/g' $(grep -rl 'agents-sdk' .) ``` All future updates will be pushed to the new `agents` package, and the older package has been marked as deprecated. #### Agents SDK updates New We've added a number of big new features to the Agents SDK over the past few weeks, including: * You can now set `cors: true` when using `routeAgentRequest` to return permissive default CORS headers to Agent responses. * The regular client now syncs state on the agent (just like the React version). * `useAgentChat` bug fixes for passing headers/credentials, including properly clearing cache on unmount. * Experimental `/schedule` module with a prompt/schema for adding scheduling to your app (with evals!). * Changed the internal `zod` schema to be compatible with the limitations of Google's Gemini models by removing the discriminated union, allowing you to use Gemini models with the scheduling API. We've also fixed a number of bugs with state synchronization and the React hooks. * [ JavaScript ](#tab-panel-296) * [ TypeScript ](#tab-panel-297) JavaScript ``` // via https://github.com/cloudflare/agents/tree/main/examples/cross-domain export default { async fetch(request, env) { return ( // Set { cors: true } to enable CORS headers. (await routeAgentRequest(request, env, { cors: true })) || new Response("Not found", { status: 404 }) ); }, }; ``` TypeScript ``` // via https://github.com/cloudflare/agents/tree/main/examples/cross-domain export default { async fetch(request: Request, env: Env) { return ( // Set { cors: true } to enable CORS headers. (await routeAgentRequest(request, env, { cors: true })) || new Response("Not found", { status: 404 }) ); }, } satisfies ExportedHandler; ``` #### Call Agent methods from your client code New We've added a new [@unstable\_callable()](https://developers.cloudflare.com/agents/api-reference/agents-api/) decorator for defining methods that can be called directly from clients. This allows you call methods from within your client code: you can call methods (with arguments) and get native JavaScript objects back. * [ JavaScript ](#tab-panel-302) * [ TypeScript ](#tab-panel-303) JavaScript ``` // server.ts import { unstable_callable, Agent } from "agents"; export class Rpc extends Agent { // Use the decorator to define a callable method @unstable_callable({ description: "rpc test", }) async getHistory() { return this.sql`SELECT * FROM history ORDER BY created_at DESC LIMIT 10`; } } ``` TypeScript ``` // server.ts import { unstable_callable, Agent, type StreamingResponse } from "agents"; import type { Env } from "../server"; export class Rpc extends Agent { // Use the decorator to define a callable method @unstable_callable({ description: "rpc test", }) async getHistory() { return this.sql`SELECT * FROM history ORDER BY created_at DESC LIMIT 10`; } } ``` #### agents-starter Updated We've fixed a number of small bugs in the [agents-starter ↗](https://github.com/cloudflare/agents-starter) project — a real-time, chat-based example application with tool-calling & human-in-the-loop built using the Agents SDK. The starter has also been upgraded to use the latest [wrangler v4](https://developers.cloudflare.com/changelog/2025-03-13-wrangler-v4/) release. If you're new to Agents, you can install and run the `agents-starter` project in two commands: Terminal window ``` # Install it $ npm create cloudflare@latest agents-starter -- --template="cloudflare/agents-starter" # Run it $ npm run start ``` You can use the starter as a template for your own Agents projects: open up `src/server.ts` and `src/client.tsx` to see how the Agents SDK is used. #### More documentation Updated We've heard your feedback on the Agents SDK documentation, and we're shipping more API reference material and usage examples, including: * Expanded [API reference documentation](https://developers.cloudflare.com/agents/api-reference/), covering the methods and properties exposed by the Agents SDK, as well as more usage examples. * More [Client API](https://developers.cloudflare.com/agents/api-reference/agents-api/#client-api) documentation that documents `useAgent`, `useAgentChat` and the new `@unstable_callable` RPC decorator exposed by the SDK. * New documentation on how to [route requests to agents](https://developers.cloudflare.com/agents/api-reference/routing/) and (optionally) authenticate clients before they connect to your Agents. Note that the Agents SDK is continually growing: the type definitions included in the SDK will always include the latest APIs exposed by the `agents` package. If you're still wondering what Agents are, [read our blog on building AI Agents on Cloudflare ↗](https://blog.cloudflare.com/build-ai-agents-on-cloudflare/) and/or visit the [Agents documentation](https://developers.cloudflare.com/agents/) to learn more. Mar 17, 2025 1. ### [Import \`env\` to access bindings in your Worker's global scope](https://developers.cloudflare.com/changelog/post/2025-03-17-importable-env/) [ Workers ](https://developers.cloudflare.com/workers/) You can now access [bindings](https://developers.cloudflare.com/workers/runtime-apis/bindings/)from anywhere in your Worker by importing the `env` object from `cloudflare:workers`. Previously, `env` could only be accessed during a request. This meant that bindings could not be used in the top-level context of a Worker. Now, you can import `env` and access bindings such as [secrets](https://developers.cloudflare.com/workers/configuration/secrets/)or [environment variables](https://developers.cloudflare.com/workers/configuration/environment-variables/) in the initial setup for your Worker: JavaScript ``` import { env } from "cloudflare:workers"; import ApiClient from "example-api-client"; // API_KEY and LOG_LEVEL now usable in top-level scope const apiClient = ApiClient.new({ apiKey: env.API_KEY }); const LOG_LEVEL = env.LOG_LEVEL || "info"; export default { fetch(req) { // you can use apiClient or LOG_LEVEL, configured before any request is handled }, }; ``` Note Workers do not allow I/O from outside a request context. This means that even though `env` is accessible from the top-level scope, you will not be able to access every binding's methods. For instance, environment variables and secrets are accessible, and you are able to call `env.NAMESPACE.get` to get a [Durable Object stub](https://developers.cloudflare.com/durable-objects/api/stub/) in the top-level context. However, calling methods on the Durable Object stub, making [calls to a KV store](https://developers.cloudflare.com/kv/api/), and [calling to other Workers](https://developers.cloudflare.com/workers/runtime-apis/bindings/service-bindings) will not work. Additionally, `env` was normally accessed as a argument to a Worker's entrypoint handler, such as [fetch](https://developers.cloudflare.com/workers/runtime-apis/fetch/). This meant that if you needed to access a binding from a deeply nested function, you had to pass `env` as an argument through many functions to get it to the right spot. This could be cumbersome in complex codebases. Now, you can access the bindings from anywhere in your codebase without passing `env` as an argument: JavaScript ``` // helpers.js import { env } from "cloudflare:workers"; // env is *not* an argument to this function export async function getValue(key) { let prefix = env.KV_PREFIX; return await env.KV.get(`${prefix}-${key}`); } ``` For more information, see [documentation on accessing env](https://developers.cloudflare.com/workers/runtime-apis/bindings#how-to-access-env). Mar 17, 2025 1. ### [Retry Pages & Workers Builds Directly from GitHub](https://developers.cloudflare.com/changelog/post/2025-03-17-rerun-build/) [ Workers ](https://developers.cloudflare.com/workers/)[ Pages ](https://developers.cloudflare.com/pages/) You can now retry your Cloudflare Pages and Workers builds directly from GitHub. No need to switch to the Cloudflare Dashboard for a simple retry! Let\\u2019s say you push a commit, but your build fails due to a spurious error like a network timeout. Instead of going to the Cloudflare Dashboard to manually retry, you can now rerun the build with just a few clicks inside GitHub, keeping you inside your workflow. For Pages and Workers projects connected to a GitHub repository: 1. When a build fails, go to your GitHub repository or pull request 2. Select the failed Check Run for the build 3. Select "Details" on the Check Run 4. Select "Rerun" to trigger a retry build for that commit Learn more about [Pages Builds](https://developers.cloudflare.com/pages/configuration/git-integration/github-integration/) and [Workers Builds](https://developers.cloudflare.com/workers/ci-cd/builds/git-integration/github-integration/). Mar 13, 2025 1. ### [Use the latest JavaScript features with Wrangler CLI v4](https://developers.cloudflare.com/changelog/post/2025-03-13-wrangler-v4/) [ Workers ](https://developers.cloudflare.com/workers/) We've released the next major version of [Wrangler](https://developers.cloudflare.com/workers/wrangler/), the CLI for Cloudflare Workers — `wrangler@4.0.0`. Wrangler v4 is a major release focused on updates to underlying systems and dependencies, along with improvements to keep Wrangler commands consistent and clear. You can run the following command to install it in your projects: npm yarn pnpm bun ``` npm i wrangler@latest ``` ``` yarn add wrangler@latest ``` ``` pnpm add wrangler@latest ``` ``` bun add wrangler@latest ``` Unlike previous major versions of Wrangler, which were [foundational rewrites ↗](https://blog.cloudflare.com/wrangler-v2-beta/) and [rearchitectures ↗](https://blog.cloudflare.com/wrangler3/) — Version 4 of Wrangler includes a much smaller set of changes. If you use Wrangler today, your workflow is very unlikely to change. A [detailed migration guide](https://developers.cloudflare.com/workers/wrangler/migration/update-v3-to-v4) is available and if you find a bug or hit a roadblock when upgrading to Wrangler v4, [open an issue on the cloudflare/workers-sdk repository on GitHub ↗](https://github.com/cloudflare/workers-sdk/issues/new?template=bug-template.yaml). Going forward, we'll continue supporting Wrangler v3 with bug fixes and security updates until Q1 2026, and with critical security updates until Q1 2027, at which point it will be out of support. [Search all changelog entries](https://developers.cloudflare.com/search/?contentType=Changelog+entry)