Merge branch 'production' into marcio/pcx15594-mconn-self-serve

Author: marciocloudflare

package-lock.json

@@ -35,7 +35,7 @@
 		"@astrojs/starlight": "0.34.3",
 		"@astrojs/starlight-docsearch": "0.6.0",
 		"@astrojs/starlight-tailwind": "4.0.1",
-		"@cloudflare/vitest-pool-workers": "0.8.38",
+		"@cloudflare/vitest-pool-workers": "0.8.45",
 		"@cloudflare/workers-types": "4.20250620.0",
 		"@codingheads/sticky-header": "1.0.2",
 		"@expressive-code/plugin-collapsible-sections": "0.41.2",
@@ -54,7 +54,7 @@
 		"@types/react": "19.0.7",
 		"@types/react-dom": "19.0.4",
 		"@typescript-eslint/parser": "8.34.1",
-		"algoliasearch": "5.27.0",
+		"algoliasearch": "5.29.0",
 		"astro": "5.10.1",
 		"astro-breadcrumbs": "3.3.1",
 		"astro-icon": "1.1.5",
@@ -84,7 +84,7 @@
 		"mdast-util-from-markdown": "2.0.2",
 		"mdast-util-mdx": "3.0.0",
 		"mdast-util-mdx-expression": "2.0.1",
-		"mermaid": "11.6.0",
+		"mermaid": "11.7.0",
 		"micromark-extension-mdxjs": "3.0.0",
 		"nanostores": "1.0.1",
 		"node-html-parser": "7.0.1",

package.json

@@ -503,6 +503,7 @@
 /cloudflare-one/email-security/setup/pre-delivery-deployment/prerequisites/office365-email-security-mx/ /cloudflare-one/email-security/setup/pre-delivery-deployment/prerequisites/microsoft365-email-security-mx/ 301
 /cloudflare-one/email-security/setup/post-delivery-deployment/api/office365-api/ /cloudflare-one/email-security/setup/post-delivery-deployment/api/m365-api/ 301
 /cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/journaling-setup/office365-journaling/ /cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/journaling-setup/m365-journaling/ 301
+/cloudflare-one/email-security/setup/pre-delivery-deployment/prerequisites/microsoft365-email-security-mx/ /cloudflare-one/email-security/setup/pre-delivery-deployment/prerequisites/m365-email-security-mx/ 301
 
 # firewall
 /firewall/api/cf-lists/ /waf/tools/lists/lists-api/ 301

public/__redirects

@@ -0,0 +1,39 @@
+---
+title: Run AI-generated code on-demand with Code Sandboxes (new)
+description: You can start creating sandboxes today by installing our new Sandbox package.
+products:
+  - agents
+  - workers
+  - workflows
+date: 2025-06-25T15:00:00Z
+---
+
+AI is supercharging app development for everyone, but we need a safe way to run untrusted, LLM-written code. We’re introducing [Sandboxes](https://www.npmjs.com/package/@cloudflare/sandbox), which let your Worker run actual processes in a secure, container-based environment.
+
+```ts
+import { getSandbox } from "@cloudflare/sandbox";
+export { Sandbox } from "@cloudflare/sandbox";
+
+export default {
+  async fetch(request: Request, env: Env) {
+    const sandbox = getSandbox(env.Sandbox, "my-sandbox");
+    return sandbox.exec("ls", ["-la"]);
+  },
+};
+```
+
+### Methods
+
+- `exec(command: string, args: string[], options?: { stream?: boolean })`:Execute a command in the sandbox.
+- `gitCheckout(repoUrl: string, options: { branch?: string; targetDir?: string; stream?: boolean })`: Checkout a git repository in the sandbox.
+- `mkdir(path: string, options: { recursive?: boolean; stream?: boolean })`: Create a directory in the sandbox.
+- `writeFile(path: string, content: string, options: { encoding?: string; stream?: boolean })`: Write content to a file in the sandbox.
+- `readFile(path: string, options: { encoding?: string; stream?: boolean })`: Read content from a file in the sandbox.
+- `deleteFile(path: string, options?: { stream?: boolean })`: Delete a file from the sandbox.
+- `renameFile(oldPath: string, newPath: string, options?: { stream?: boolean })`: Rename a file in the sandbox.
+- `moveFile(sourcePath: string, destinationPath: string, options?: { stream?: boolean })`: Move a file from one location to another in the sandbox.
+- `ping()`: Ping the sandbox.
+
+Sandboxes are still experimental. We're using them to explore how isolated, container-like workloads might scale on Cloudflare — and to help define the developer experience around them.
+
+You can try it today from your Worker, with just a few lines of code. Let us know what you build.

src/assets/images/cloudflare-one/identity/github/github2.png

@@ -0,0 +1,7 @@
+---
+title: Improved non-English keyboard support
+description: Introduced support for non-English keyboard configurations in the remote browser, enhancing the global user experience.
+date: 2024-11-21
+---
+
+You can now type in languages that use diacritics (like á or ç) and character-based scripts (such as Chinese, Japanese, and Korean) directly within the remote browser. The isolated browser now properly recognizes non-English keyboard input, eliminating the need to copy and paste content from a local browser or device.

src/assets/images/cloudflare-one/identity/github/github4.png

@@ -8,25 +8,29 @@ Authoritative DNS analytics are now available on the **account level** via the [
 
 This allows users to query DNS analytics across multiple zones in their account, by using the `accounts` filter.
 
-Here is an example to retrieve all DNS queries across all zones in an account that resulted in an `NXDOMAIN` response over a given time frame. Please replace `a30f822fcd7c401984bf85d8f2a5111c` with your actual account ID.
+Here is an example to retrieve the most recent DNS queries across all zones in your account that resulted in an `NXDOMAIN` response over a given time frame. Please replace `a30f822fcd7c401984bf85d8f2a5111c` with your actual account ID.
 
 ```graphql graphql-api-explorer title="GraphQL example for account-level DNS analytics"
-query Viewer {
-    viewer {
-        accounts(filter: { accountTag: "a30f822fcd7c401984bf85d8f2a5111c" }) {
-            dnsAnalyticsAdaptive(
-                limit: 10
-                filter: { date_geq: "2025-06-16", responseCode: "NXDOMAIN", date_leq: "2025-06-18" }
-                orderBy: [datetime_DESC]
-            ) {
-                zoneTag
-                queryName
-                responseCode
-                queryType
-                datetime
-            }
-        }
-    }
+query GetLatestNXDOMAINResponses {
+	viewer {
+		accounts(filter: { accountTag: "a30f822fcd7c401984bf85d8f2a5111c" }) {
+			dnsAnalyticsAdaptive(
+				filter: { 
+					date_geq: "2025-06-16", 
+					date_leq: "2025-06-18",
+					responseCode: "NXDOMAIN"
+				}
+				limit: 10000
+				orderBy: [datetime_DESC]
+			) {
+				zoneTag
+				queryName
+				responseCode
+				queryType
+				datetime
+			}
+		}
+	}
 }
 ```
 

src/content/changelog/agents/2025-06-24-announcing-sandboxes.mdx

@@ -0,0 +1,82 @@
+---
+title: "@cloudflare/actors library - SDK for Durable Objects in beta"
+description: "@cloudflare/actors library with Durable Objects helpers and patterns."
+products:
+  - durable-objects
+  - workers
+date: 2025-06-25T06:00:00Z
+---
+
+The new [@cloudflare/actors](https://www.npmjs.com/package/@cloudflare/actors) library is now in beta!
+
+The `@cloudflare/actors` library is a new SDK for Durable Objects and provides a powerful set of abstractions for building real-time, interactive, and multiplayer applications on top of Durable Objects. With beta uasge and feedback, `@cloudflare/actors` will become the recommended way to build on Durable Objects and draws upon Cloudflare's experience building products/features on Durable Objects.
+
+The name "actors" originates from the [actor programming model](/durable-objects/what-are-durable-objects/#actor-programming-model), which closely ties to how Durable Objects are modelled.
+
+The `@cloudflare/actors` library includes:
+
+* Storage helpers for querying embeddeded, per-object SQLite storage
+* Storage helpers for managing SQL schema migrations
+* Alarm helpers for scheduling multiple alarms provided a date, delay in seconds, or cron expression
+* `Actor` class for using Durable Objects with a defined pattern
+* Durable Objects [Workers API](https://developers.cloudflare.com/durable-objects/api/base/) is always available for your application as needed
+
+Storage and alarm helper methods can be combined with [any Javascript class](https://github.com/cloudflare/actors?tab=readme-ov-file#storage--alarms-with-durableobject-class) that defines your Durable Object, i.e, ones that extend `DurableObject` including the `Actor` class.
+
+```js
+import { Storage } from "@cloudflare/actors/storage";
+
+export class ChatRoom extends DurableObject<Env> {
+    storage: Storage;
+    
+    constructor(ctx: DurableObjectState, env: Env) {
+        super(ctx, env)
+        this.storage = new Storage(ctx.storage);
+        this.storage.migrations = [{
+            idMonotonicInc: 1,
+            description: "Create users table",
+            sql: "CREATE TABLE IF NOT EXISTS users (id INTEGER PRIMARY KEY)"
+        }]
+    }
+    async fetch(request: Request): Promise<Response> {
+        // Run migrations before executing SQL query
+        await this.storage.runMigrations();
+
+        // Query with SQL template
+        let userId = new URL(request.url).searchParams.get("userId");
+        const query = this.storage.sql`SELECT * FROM users WHERE id = ${userId};`
+        return new Response(`${JSON.stringify(query)}`);
+    }
+}
+```
+
+`@cloudflare/actors` library introduces the `Actor` class pattern. `Actor` lets you access Durable Objects without writing the Worker that communicates with your Durable Object (the Worker is created for you). By default, requests are routed to a Durable Object named "default". 
+
+```js
+export class MyActor extends Actor<Env> {
+    async fetch(request: Request): Promise<Response> {
+        return new Response('Hello, World!')
+    }
+}
+
+export default handler(MyActor);
+```
+
+You can [route](/durable-objects/get-started/#3-instantiate-and-communicate-with-a-durable-object) to different Durable Objects by name within your `Actor` class using [`nameFromRequest`](https://github.com/cloudflare/actors?tab=readme-ov-file#actor-with-custom-name).
+
+```js
+export class MyActor extends Actor<Env> {
+    static nameFromRequest(request: Request): string {
+        let url = new URL(request.url);
+        return url.searchParams.get("userId") ?? "foo";
+    }
+
+    async fetch(request: Request): Promise<Response> {
+        return new Response(`Actor identifier (Durable Object name): ${this.identifier}`);
+    }
+}
+
+export default handler(MyActor);
+```
+
+For more examples, check out the library [README](https://github.com/cloudflare/actors?tab=readme-ov-file#getting-started). `@cloudflare/actors` library is a place for more helpers and built-in patterns, like retry handling and Websocket-based applications, to reduce development overhead for common Durable Objects functionality. Please share feedback and what more you would like to see on our [Discord channel](https://discord.com/channels/595317990191398933/773219443911819284).

src/content/changelog/browser-isolation/2024-11-21-non-english-keyboard.mdx

@@ -7,10 +7,28 @@ sidebar:
 
 import { Tabs, TabItem } from "~/components";
 
-The `/pdf` endpoint instructs the browser to render the webpage as a PDF document.
+The `/pdf` endpoint instructs the browser to generate a PDF of a webpage or custom HTML using Cloudflare's headless browser rendering service.
+
+## Endpoint
+
+```txt
+https://api.cloudflare.com/client/v4/accounts/<accountId>/browser-rendering/pdf
+```
+
+## Required fields
+You must provide either `url` or `html`:
+-  `url` (string)
+-  `html` (string)
+
+## Common use cases
+
+-  Capture a PDF of a webpage
+-  Generate PDFs, such as invoices, licenses, reports, and certificates, directly from HTML
 
 ## Basic usage
 
+### Convert a URL to PDF
+
 <Tabs syncKey="workersExamples"> <TabItem label="curl">
 
 Navigate to `https://example.com/` and inject custom CSS and an external stylesheet. Then return the rendered page as a PDF.
@@ -51,11 +69,35 @@ console.log(content);
 
 </TabItem> </Tabs>
 
+### Convert custom HTML to PDF
+
+If you have raw HTML you want to generate a PDF from, use the `html` option. You can still apply custom styles using the `addStyleTag` parameter.
+
+```bash
+curl -X POST https://api.cloudflare.com/client/v4/accounts/<acccountID>/browser-rendering/pdf \
+  -H 'Authorization: Bearer <apiToken>' \
+  -H 'Content-Type: application/json' \
+  -d '{
+  "html": "<html><body>Advanced Snapshot</body></html>",
+	"addStyleTag": [
+      { "content": "body { font-family: Arial; }" },
+      { "url": "https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css" }
+    ]
+}' \
+  --output "invoice.pdf"
+```
+
 ## Advanced usage
 
-Navigate to `https://example.com`, first setting an additional HTTP request header and configuring the page size (`viewport`). Then, wait until there are no more than 2 network connections for at least 500 ms, or until the maximum timeout of 4500 ms is reached, before considering the page loaded and returning the rendered PDF document.
+:::note[Looking for more parameters?]
+Visit the [Browser Rendering PDF API reference](/api/resources/browser_rendering/subresources/pdf/methods/create/) for all available parameters, such as setting HTTP credentials using `authenticate`, setting `cookies`, and customizing load behavior using `gotoOptions`.
+:::
+
+### Advanced page load with custom headers and viewport
 
-The `goToOptions` parameter exposes most of [Puppeteer'd API](https://pptr.dev/api/puppeteer.gotooptions).
+Navigate to `https://example.com`, setting additional HTTP headers and configuring the page size (viewport). The PDF generation will wait until there are no more than two network connections for at least 500 ms, or until the maximum timeout of 4500 ms is reached, before rendering.
+
+The `goToOptions` parameter exposes most of [Puppeteer's API](https://pptr.dev/api/puppeteer.gotooptions).
 
 ```bash
 curl -X POST 'https://api.cloudflare.com/client/v4/accounts/<accountId>/browser-rendering/pdf' \
@@ -78,9 +120,9 @@ curl -X POST 'https://api.cloudflare.com/client/v4/accounts/<accountId>/browser-
   --output "advanced-output.pdf"
 ```
 
-## Blocking images and styles when generating a PDF
+### Blocking images and styles when generating a PDF
 
-The options `rejectResourceTypes` and `rejectRequestPattern` can be used to block requests. The opposite can also be done, _only_ allow certain requests using `allowResourceTypes` and `allowRequestPattern`.
+The options `rejectResourceTypes` and `rejectRequestPattern` can be used to block requests during rendering. The opposite can also be done, _only_ allow certain requests using `allowResourceTypes` and `allowRequestPattern`.
 
 ```bash
 curl -X POST https://api.cloudflare.com/client/v4/accounts/<acccountID>/browser-rendering/pdf \
@@ -93,23 +135,3 @@ curl -X POST https://api.cloudflare.com/client/v4/accounts/<acccountID>/browser-
 }' \
   --output "cloudflare.pdf"
 ```
-
-## Generate PDF from custom HTML
-
-If you have HTML you'd like to generate a PDF from, the `html` option can be used. The option `addStyleTag` can be used to add custom styles.
-
-```bash
-curl -X POST https://api.cloudflare.com/client/v4/accounts/<acccountID>/browser-rendering/pdf \
-  -H 'Authorization: Bearer <apiToken>' \
-  -H 'Content-Type: application/json' \
-  -d '{
-  "html": "<html><body>Advanced Snapshot</body></html>",
-	"addStyleTag": [
-      { "content": "body { font-family: Arial; }" },
-      { "url": "https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css" }
-    ]
-}' \
-  --output "invoice.pdf"
-```
-
-Many more options exist, like setting HTTP credentials using `authenticate`, setting `cookies`, and using `gotoOptions` to control page load behaviour - check the endpoint [reference](/api/resources/browser_rendering/subresources/pdf/methods/create/) for all available parameters.