Merge branch 'production' into kathayl-patch-24

Author: ToriLindsay

.github/CODEOWNERS

@@ -29,6 +29,11 @@
 /src/content/release-notes/vectorize.yaml @elithrar @mchenco @sejoker @cloudflare/pcx-technical-writing
 /src/content/docs/ai-search/ @rita3ko @irvinebroque @aninibread @cloudflare/pcx-technical-writing
 
+# AI Crawl Control
+/src/content/docs/ai-crawl-control/ @cloudflare/pcx-technical-writing @CameronWhiteside
+/src/content/changelog/ai-crawl-control/ @cloudflare/pcx-technical-writing @CameronWhiteside
+/src/content/partials/ai-crawl-control/ @cloudflare/pcx-technical-writing @CameronWhiteside
+
 # Analytics & Logs
 
 /src/content/docs/analytics/ @jimhawkridge @soheiokamoto @angelampcosta @cloudflare/pcx-technical-writing
@@ -58,13 +63,13 @@
 /src/content/docs/cloudflare-one/ @ranbel @cloudflare/pcx-technical-writing
 /src/content/docs/cloudflare-one/applications/ @kennyj42 @ranbel @cloudflare/pcx-technical-writing
 /src/content/docs/cloudflare-one/identity/ @kennyj42 @ranbel @cloudflare/pcx-technical-writing
-/src/content/docs/cloudflare-one/policies/access/ @kennyj42 @ranbel @cloudflare/pcx-technical-writing
-/src/content/docs/cloudflare-one/connections/connect-devices/ @ranbel @cloudflare/pcx-technical-writing
-/src/content/docs/cloudflare-one/connections/connect-networks/ @nikitacano @ranbel @cloudflare/pcx-technical-writing
+/src/content/docs/cloudflare-one/access-controls/ @kennyj42 @ranbel @cloudflare/pcx-technical-writing
+/src/content/docs/cloudflare-one/team-and-resources/devices/ @ranbel @cloudflare/pcx-technical-writing
+/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/ @nikitacano @ranbel @cloudflare/pcx-technical-writing
 /src/content/docs/cloudflare-one/applications/casb/ @maxvp @cloudflare/pcx-technical-writing
-/src/content/docs/cloudflare-one/policies/gateway/ @maxvp @cloudflare/pcx-technical-writing
-/src/content/docs/cloudflare-one/policies/browser-isolation/ @maxvp @ranbel @cloudflare/pcx-technical-writing
-/src/content/docs/cloudflare-one/policies/data-loss-prevention/ @maxvp @cloudflare/pcx-technical-writing
+/src/content/docs/cloudflare-one/traffic-policies/ @maxvp @cloudflare/pcx-technical-writing
+/src/content/docs/cloudflare-one/remote-browser-isolation/ @deadlypants1973 @cloudflare/pcx-technical-writing
+/src/content/docs/cloudflare-one/data-loss-prevention/ @maxvp @cloudflare/pcx-technical-writing
 /src/content/docs/cloudflare-one/insights/dex/ @deadlypants1973 @cloudflare/pcx-technical-writing
 /src/content/docs/email-security/ @Maddy-Cloudflare @cloudflare/pcx-technical-writing
 
@@ -138,7 +143,7 @@
 /src/content/docs/workers/observability/ @irvinebroque @mikenomitch @rohinlohe @kodster28 @cloudflare/pcx-technical-writing
 /src/content/docs/workers/static-assets @irvinebroque @GregBrimble @WalshyDev @kodster28 @cloudflare/deploy-config @cloudflare/pcx-technical-writing
 /src/content/docs/workflows/ @elithrar @celso @cloudflare/pcx-technical-writing
-/src/content/docs/sandbox/ @whoiskatrin @ghostwriternr @cloudflare/pcx-technical-writing @ai-agents
+/src/content/docs/sandbox/ @whoiskatrin @ghostwriternr @cloudflare/pcx-technical-writing @cloudflare/ai-agents
 
 # DDoS Protection
 

public/__redirects

@@ -2318,7 +2318,7 @@
 /changelog-next/* /changelog/:splat 301
 /browser-rendering/quick-actions-rest-api/* /browser-rendering/rest-api/:splat 301
 /*/sitemap.xml /sitemap-index.xml 301
-/access/configuring-identity-providers/* /cloudflare-one/identity/idp-integration/:splat 301
+/access/configuring-identity-providers/* /cloudflare-one/integrations/identity-providers/:splat 301
 /api-security/* /api-shield/:splat 301
 /api-shield/products/* /api-shield/security/:splat 301
 /distributed-web/* /web3/:splat 301
@@ -2380,6 +2380,18 @@
 /cloudflare-one/policies/data-loss-prevention/configuration-guides/* /cloudflare-one/policies/data-loss-prevention/dlp-policies/common-policies/ 301
 /cloudflare-one/policies/data-loss-prevention/datasets/* /cloudflare-one/policies/data-loss-prevention/detection-entries/:splat 301
 
+# Cloudflare One nav revamp
+/cloudflare-one/connections/ /cloudflare-one/ 301
+/cloudflare-one/connections/connect-devices/* /cloudflare-one/team-and-resources/devices/:splat 301
+/cloudflare-one/connections/connect-networks/* /cloudflare-one/networks/connectors/cloudflare-tunnel/:splat 301
+/cloudflare-one/policies/gateway/* /cloudflare-one/traffic-policies/:splat 301
+/cloudflare-one/policies/browser-isolation/* /cloudflare-one/remote-browser-isolation/:splat 301
+/cloudflare-one/policies/data-loss-prevention/* /cloudflare-one/data-loss-prevention/:splat 301
+/cloudflare-one/policies/access/* /cloudflare-one/access-controls/policies/:splat 301
+/cloudflare-one/identity/one-time-pin/ /cloudflare-one/integrations/identity-providers/one-time-pin/ 301
+/cloudflare-one/identity/idp-integration/* /cloudflare-one/integrations/identity-providers/:splat 301
+/cloudflare-one/identity/devices/service-providers/* /cloudflare-one/integrations/service-providers/:splat 301
+
 # Learning paths
 
 /learning-paths/modules/get-started/onboarding/* /learning-paths/get-started-free/onboarding/:splat 301

src/assets/images/gateway/gateway-dns-scheduled-policies-ui.gif

@@ -10,6 +10,7 @@ import qwen from "../../assets/images/workers-ai/qwen.svg";
 import blackforestlabs from "../../assets/images/workers-ai/blackforestlabs.svg";
 import deepgram from "../../assets/images/workers-ai/deepgram.svg";
 import leonardo from "../../assets/images/workers-ai/leonardo.svg";
+import ibm from "../../assets/images/workers-ai/ibm.svg";
 
 export const authorData: Record<string, { name: string; logo: string }> = {
 	openai: {
@@ -64,4 +65,8 @@ export const authorData: Record<string, { name: string; logo: string }> = {
 		name: "Leonardo",
 		logo: leonardo.src,
 	},
+	"ibm-granite": {
+		name: "IBM",
+		logo: ibm.src,
+	},
 };

src/assets/images/workers-ai/ibm.svg

@@ -8,7 +8,7 @@ products:
 
 Organizations can now eliminate long-lived credentials from their SSH setup and enable strong multi-factor authentication for SSH access, similar to other Access applications, all while generating access and command logs.
 
-SSH with [Access for Infrastructure](/cloudflare-one/applications/non-http/infrastructure-apps/) uses short-lived SSH certificates from Cloudflare, eliminating SSH key management and reducing the security risks associated with lost or stolen keys. It also leverages a common deployment model for Cloudflare One customers: [WARP-to-Tunnel](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-warp-to-tunnel/).
+SSH with [Access for Infrastructure](/cloudflare-one/applications/non-http/infrastructure-apps/) uses short-lived SSH certificates from Cloudflare, eliminating SSH key management and reducing the security risks associated with lost or stolen keys. It also leverages a common deployment model for Cloudflare One customers: [WARP-to-Tunnel](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/ssh/ssh-warp-to-tunnel/).
 
 SSH with Access for Infrastructure enables you to:
 
@@ -18,4 +18,4 @@ SSH with Access for Infrastructure enables you to:
 
 ![Example of an infrastructure Access application](~/assets/images/changelog/access/infrastructure-app.png)
 
-To get started, refer to [SSH with Access for Infrastructure](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/).
+To get started, refer to [SSH with Access for Infrastructure](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/ssh/ssh-infrastructure-access/).

src/components/models/data.ts

@@ -6,6 +6,6 @@ products:
   - access
 ---
 
-The [Access bulk policy tester](/cloudflare-one/policies/access/policy-management/#test-all-policies-in-an-application) is now available in the Cloudflare Zero Trust dashboard. The bulk policy tester allows you to simulate Access policies against your entire user base before and after deploying any changes. The policy tester will simulate the configured policy against each user's last seen identity and device posture (if applicable).
+The [Access bulk policy tester](/cloudflare-one/access-controls/policies/policy-management/#test-all-policies-in-an-application) is now available in the Cloudflare Zero Trust dashboard. The bulk policy tester allows you to simulate Access policies against your entire user base before and after deploying any changes. The policy tester will simulate the configured policy against each user's last seen identity and device posture (if applicable).
 
 ![Example policy tester](~/assets/images/changelog/access/example-policy-tester.png)

src/content/changelog/access/2024-10-01-ssh-with-access-for-infrastructure.mdx

@@ -6,7 +6,7 @@ products:
   - access
 ---
 
-[Browser-based RDP](/cloudflare-one/connections/connect-networks/use-cases/rdp/rdp-browser/) with [Cloudflare Access](/cloudflare-one/policies/access/) is now available in open beta for all Cloudflare customers. It enables secure, remote Windows server access without VPNs or RDP clients.
+[Browser-based RDP](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/rdp/rdp-browser/) with [Cloudflare Access](/cloudflare-one/access-controls/policies/) is now available in open beta for all Cloudflare customers. It enables secure, remote Windows server access without VPNs or RDP clients.
 
 With browser-based RDP, you can:
 
@@ -17,4 +17,4 @@ With browser-based RDP, you can:
 
 ![Example of a browsed-based RDP Access application](~/assets/images/changelog/access/browser-based-rdp-access-app.png)
 
-To get started, see [Connect to RDP in a browser](/cloudflare-one/connections/connect-networks/use-cases/rdp/rdp-browser/).
+To get started, see [Connect to RDP in a browser](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/rdp/rdp-browser/).

src/content/changelog/access/2025-04-21-Access-Bulk-Policy-Tester.mdx

@@ -6,4 +6,4 @@ products:
   - access
 ---
 
-[SSH with Cloudflare Access for Infrastructure](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/) now supports SFTP. It is compatible with SFTP clients, such as Cyberduck.
+[SSH with Cloudflare Access for Infrastructure](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/ssh/ssh-infrastructure-access/) now supports SFTP. It is compatible with SFTP clients, such as Cyberduck.

src/content/changelog/access/2025-07-01-browser-based-rdp-open-beta.mdx

@@ -6,7 +6,7 @@ products:
   - access
 ---
 
-You can now control who within your organization has access to internal MCP servers, by putting internal MCP servers behind [Cloudflare Access](/cloudflare-one/policies/access/).
+You can now control who within your organization has access to internal MCP servers, by putting internal MCP servers behind [Cloudflare Access](/cloudflare-one/access-controls/policies/).
 
 [Self-hosted applications](/cloudflare-one/applications/configure-apps/mcp-servers/linked-apps/) in Cloudflare Access now support OAuth for MCP server authentication. This allows Cloudflare to delegate access from any self-hosted application to an MCP server via OAuth. The OAuth access token authorizes the MCP server to make requests to your self-hosted applications on behalf of the authorized user, using that user's specific permissions and scopes.