Merge branch 'production' into tori/frameworks-IA-revamp

Author: kodster28

src/assets/images/changelog/load-balancing/account-load-balancing-ui.png

@@ -75,26 +75,34 @@ const hideTitle = Astro.locals.starlightRoute.hideTitle;
 const hideBreadcrumbs = Astro.locals.starlightRoute.hideBreadcrumbs;
 ---
 
-{
-	!hideBreadcrumbs && (
-		<Breadcrumbs {...breadcrumbProps}>
-			<svg
-				slot="separator"
-				xmlns="http://www.w3.org/2000/svg"
-				width="24"
-				height="24"
-				viewBox="0 0 24 24"
-				fill="none"
-				stroke="currentColor"
-				stroke-width="2"
-				stroke-linecap="round"
-				stroke-linejoin="round"
-			>
-				<polyline points="9 18 15 12 9 6" />
-			</svg>
-		</Breadcrumbs>
-	)
-}
+<div class="flex items-center justify-between">
+	{
+		!hideBreadcrumbs && (
+			<Breadcrumbs {...breadcrumbProps}>
+				<svg
+					slot="separator"
+					xmlns="http://www.w3.org/2000/svg"
+					width="24"
+					height="24"
+					viewBox="0 0 24 24"
+					fill="none"
+					stroke="currentColor"
+					stroke-width="2"
+					stroke-linecap="round"
+					stroke-linejoin="round"
+				>
+					<polyline points="9 18 15 12 9 6" />
+				</svg>
+			</Breadcrumbs>
+		)
+	}
+
+	{
+		frontmatter.template !== "splash" && (
+			<CopyPageButton client:idle />
+		)
+	}
+</div>
 
 {!hideTitle && <Default />}
 
@@ -124,14 +132,6 @@ const hideBreadcrumbs = Astro.locals.starlightRoute.hideBreadcrumbs;
 	)
 }
 
-{
-	frontmatter.template !== "splash" && (
-		<div class="flex items-center justify-end">
-			<CopyPageButton client:idle />
-		</div>
-	)
-}
-
 <style>
 	:root {
 		--color-link-breadcrumbs: var(--sl-color-text-accent);

src/assets/images/changelog/load-balancing/private-load-balancer.png

@@ -14,7 +14,7 @@ import OpenAI from "openai";
 const client = new OpenAI({
   apiKey: "YOUR_PROVIDER_API_KEY", // Provider API key
   baseURL:
-    "https://gateway.ai.cloudflare.com/v1/{account_id}/{gateway_id}/compat/chat/completions",
+    "https://gateway.ai.cloudflare.com/v1/{account_id}/{gateway_id}/compat",
 });
 
 const response = await client.chat.completions.create({

src/components/overrides/PageTitle.astro

@@ -0,0 +1,31 @@
+---
+title: New Account-Level Load Balancing UI and Private Load Balancers
+description: You can now manage all of your load balancers in one place with the new Load Balancing UI.
+date: 2025-06-04
+---
+
+We've made two large changes to load balancing:
+- Redesigned the user interface, now centralized at the **account level**.
+- Introduced [**Private Load Balancers**](/load-balancing/private-network/) to the UI, enabling you to manage traffic for all of your external and internal applications in a single spot.
+
+This update streamlines how you manage load balancers across multiple zones and extends robust traffic management to your private network infrastructure.
+
+![Load Balancing UI](~/assets/images/changelog/load-balancing/account-load-balancing-ui.png)
+
+**Key Enhancements:**
+
+- **Account-Level UI Consolidation:**
+
+  - **Unified Management:** Say goodbye to navigating individual zones for load balancing tasks. You can now view, configure, and monitor all your load balancers across every zone in your account from a single, intuitive interface at the account level.
+
+  - **Improved Efficiency:** This centralized approach provides a more streamlined workflow, making it faster and easier to manage both your public-facing and internal traffic distribution.
+
+- **Private Network Load Balancing:**
+
+  - **Secure Internal Application Access:** Create [**Private Load Balancers**](/load-balancing/private-network/) to distribute traffic to applications hosted within your private network, ensuring they are not exposed to the public Internet.
+
+  - **WARP & Magic WAN Integration:** Effortlessly direct internal traffic from users connected via Cloudflare WARP or through your Magic WAN infrastructure to the appropriate internal endpoint pools.
+
+  - **Enhanced Security for Internal Resources:** Combine reliable Load Balancing with Zero Trust access controls to ensure your internal services are both performant and only accessible by verified users.
+
+![Private Load Balancers](~/assets/images/changelog/load-balancing/private-load-balancer.png)

src/content/changelog/ai-gateway/2025-06-03-aig-openai-compatible-endpoint.mdx

@@ -13,20 +13,21 @@ When you build MCP Servers on Cloudflare, you extend the [`McpAgent` class](http
 
 ```ts title="src/index.ts"
 import { McpAgent } from "agents/mcp";
-import { DurableMCP } from "@cloudflare/model-context-protocol";
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { z } from "zod";
 
 export class MyMCP extends McpAgent {
-	server = new McpServer({ name: "Demo", version: "1.0.0" });
-
-	async init() {
-		this.server.tool(
-			"add",
-			{ a: z.number(), b: z.number() },
-			async ({ a, b }) => ({
-				content: [{ type: "text", text: String(a + b) }],
-			}),
-		);
-	}
+  server = new McpServer({ name: "Demo", version: "1.0.0" });
+
+  async init() {
+    this.server.tool(
+      "add",
+      { a: z.number(), b: z.number() },
+      async ({ a, b }) => ({
+        content: [{ type: "text", text: String(a + b) }],
+      }),
+    );
+  }
 }
 ```
 
@@ -48,6 +49,19 @@ You can use the APIs below in order to do so.
 #### Hibernation Support
 `McpAgent` instances automatically support [WebSockets Hibernation](/durable-objects/best-practices/websockets/#websocket-hibernation-api), allowing stateful MCP servers to sleep during inactive periods while preserving their state. This means your agents only consume compute resources when actively processing requests, optimizing costs while maintaining the full context and conversation history.
 
+Hibernation is enabled by default and requires no additional configuration.
+
+#### Authentication & Authorization
+
+The McpAgent class provides seamless integration with the [OAuth Provider Library](https://github.com/cloudflare/workers-oauth-provider) for [authentication and authorization](/agents/model-context-protocol/authorization/). 
+
+When a user authenticates to your MCP server, their identity information and tokens are made available through the `props` parameter, allowing you to:
+
+- access user-specific data
+- check user permissions before performing operations
+- customize responses based on user attributes
+- use authentication tokens to make requests to external services on behalf of the user
+
 ### State synchronization APIs
 
 The `McpAgent` class makes the following subset of methods from the [Agents SDK](/agents/api-reference/agents-api/) available:

src/content/changelog/load-balancing/2025-06-04-account-load-balancing-ui.mdx

@@ -33,8 +33,8 @@ Specify the model using `{provider}/{model}` format. For example:
 import OpenAI from "openai";
 const client = new OpenAI({
 	apiKey: "YOUR_PROVIDER_API_KEY", // Provider API key
-	baseURL:
-		"https://gateway.ai.cloudflare.com/v1/{account_id}/{gateway_id}/compat/chat/completions",
+  // NOTE: the OpenAI client automatically adds /chat/completions to the end of the URL, you should not add it yourself.
+	baseURL: "https://gateway.ai.cloudflare.com/v1/{account_id}/{gateway_id}/compat",
 });
 
 const response = await client.chat.completions.create({

src/content/docs/agents/model-context-protocol/mcp-agent-api.mdx

@@ -6,7 +6,7 @@ sidebar:
 head:
   - tag: title
     content: Deprecation notice for SSL for SaaS - Version 1
-
+chatbot_deprioritize: true
 ---
 
 The first version of SSL for SaaS will be deprecated on September 1, 2021.
@@ -59,7 +59,7 @@ SSL for SaaS v2 is functionally equivalent to SSL for SaaS v1, but removes the r
 
 :::note
 
-SSL for SaaS v2 is now called Cloudflare for SaaS. 
+SSL for SaaS v2 is now called Cloudflare for SaaS.
 :::
 
 ## What happens during the migration?

src/content/docs/ai-gateway/chat-completion.mdx

@@ -11,20 +11,28 @@ head:
 
 import { Render } from "~/components"
 
-The exact method for certificate renewal depends on whether that hostname is proxying traffic through Cloudflare and whether it is a wildcard certificate.
+The exact method for certificate renewal depends on whether that hostname is active[^1] and whether it is a wildcard certificate.
 
 Custom hostnames certificates have a 90-day validity period and are available for renewal 30 days before their expiration.
 
 ## Non-wildcard hostnames
 
-If you are using a non-wildcard hostname and proxying traffic through Cloudflare, Cloudflare will try to perform DCV automatically on the hostname’s behalf by serving the [HTTP token](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/http/).
+If you are using a non-wildcard hostname and the hostname is active, Cloudflare will try to perform DCV automatically on the hostname's behalf by serving the [HTTP token](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/http/).
 
-If the custom hostname is not proxying traffic through Cloudflare, then the custom hostname domain owner will need to add the TXT or HTTP DCV token for the new certificate to validate and issue. As the SaaS provider, you will be responsible for sharing this token with the custom hostname domain owner.
+If the custom hostname is not active, then the custom hostname domain owner will need to add the TXT or HTTP DCV token for the new certificate to validate and issue. As the SaaS provider, you will be responsible for sharing this token with the custom hostname domain owner.
 
 ## Wildcard hostnames
 
-<Render file="txt-validation_preamble" /> <br/>
+With wildcard hostnames, you cannot use HTTP. In this case, you will have to use TXT DCV tokens.
 
-<Render file="update-dcv-method" /> <br/>
+<Render file="txt-validation_preamble" />
+
+<Render file="update-dcv-method" />
 
 After this step, follow the normal steps for [TXT validation](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/txt/).
+
+:::note
+To allow Cloudflare to auto-renew all future certificate orders, consider [DCV delegation](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/delegated-dcv/).
+:::
+
+[^1]: Meaning Cloudflare could verify your customer's ownership of the hostname and the [hostname status](/cloudflare-for-platforms/cloudflare-for-saas/domain-support/hostname-validation/validation-status/) is active.

src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/reference/versioning.mdx

@@ -17,21 +17,6 @@ DCV Delegation requires your customers to place a one-time record at their autho
 
 ***
 
-## When to use
-
-### HTTP DCV
-
-<Render file="http-dcv-situation" />
-
-### TXT DCV
-
-<Render file="txt-dcv-situation" /> <br/>
-
-* [DCV Delegation](#setup) (generally recommended)
-* [Manual](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/txt/)
-
-***
-
 ## Setup
 
 To set up Delegated DCV: